ChangeLog   [plain text]


2017-01-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r210328.

    2017-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>

            Disable smooth playhead animation for main content media in the Touch Bar
            https://bugs.webkit.org/show_bug.cgi?id=166715
            <rdar://problem/29870673>

            Reviewed by Eric Carlson.

            Passing in a non-zero playback rate to WebPlaybackControlsManager's timing property causes unintended effects
            further down the stack. Please see the Radar for more details.

            * platform/mac/WebPlaybackSessionInterfaceMac.mm:
            (WebCore::WebPlaybackSessionInterfaceMac::updatePlaybackControlsManagerTiming):

2017-01-05  Babak Shafiei  <bshafiei@apple.com>

        Roll out r210328.

2017-01-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r210372.

    2017-01-05  Chris Dumez  <cdumez@apple.com>

            Turn preferLowPowerWebGLRendering setting on by default
            https://bugs.webkit.org/show_bug.cgi?id=166737
            <rdar://problem/29870033>

            Reviewed by Dean Jackson.

            Temporarily turn preferLowPowerWebGLRendering setting on by default until
            we deal better with WebGL content in background tabs.

            * page/Settings.in:

2017-01-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r210328.

    2017-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>

            Disable smooth playhead animation for main content media in the Touch Bar
            https://bugs.webkit.org/show_bug.cgi?id=166715
            <rdar://problem/29870673>

            Reviewed by Eric Carlson.

            Passing in a non-zero playback rate to WebPlaybackControlsManager's timing property causes unintended effects
            further down the stack. Please see the Radar for more details.

            * platform/mac/WebPlaybackSessionInterfaceMac.mm:
            (WebCore::WebPlaybackSessionInterfaceMac::updatePlaybackControlsManagerTiming):

2017-01-04  Babak Shafiei  <bshafiei@apple.com>

        Build fix for r210288.

2017-01-04  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for r210288.

    2016-12-22  Brent Fulgham  <bfulgham@apple.com>

            Correct DOMWindow handling during FrameLoader::clear
            https://bugs.webkit.org/show_bug.cgi?id=166357
            <rdar://problem/29741862>

            Reviewed by Andy Estes.

            Make sure that we always clean up the DOM window when clearing Window properties, even if the document will
            remain in the page cache. Since 'clearWindowShell' is only used in FrameLoader, divide it's beahvior into
            two steps:
        
            1. Rename 'clearWindowShell' to 'clearWIndowShellsNotMatchingDOMWindow' to better describe its function.
            Switch to a modern C++ loop. Do not switch to the new DOMWindow here, but detach and clear existing
            DOMWindow connections.

            2. Add a new method 'setDOMWindowForWindowShell'. Complete switch to the new DOMWindow.

            This change allows us to disconnect the old DOMWindow, perform the 'setDocument(nullptr)' operation, and then
            connect to the new Window without leaving the loader in an inconsistent state.

            * loader/bindings/js/ScriptController.cpp:
            (WebCore::clearWindowShellsNotMatchingDOMWindow): Renamed from 'clearWindowShell'
            (WebCore::setDOMWindowForWindowShell): Added.
            * loader/bindings/js/ScriptController.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::clear): Revise to use the new two-step DOMWindow switch logic.

2017-01-04  Babak Shafiei  <bshafiei@apple.com>

        Merge r210273.

    2017-01-04  Tim Horton  <timothy_horton@apple.com>

            Provide a setting for clients to always prefer low-power WebGL
            https://bugs.webkit.org/show_bug.cgi?id=166675
            <rdar://problem/29834093>

            Reviewed by Dan Bernstein.

            No new tests; as noted in r204664, we don't know how to reliably test
            automatic graphics switching. One could use the manual test introduced
            in that commit; after this commit, with the setting switched on, on a
            dual-GPU machine that is actively using integrated graphics, that test
            should return the same result for both contexts.

            * page/Settings.in:
            Add a setting to prefer low-power WebGL.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create):
            If said setting is enabled, set preferLowPowerToHighPerformance.

2017-01-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r210112.

    2016-12-22  Daniel Bates  <dabates@apple.com>

            Bypass pop-up blocker from cross-origin or sandboxed frame
            https://bugs.webkit.org/show_bug.cgi?id=166290
            <rdar://problem/29742039>

            Reviewed by Darin Adler.

            Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html
                   fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html
                   fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html

            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the
            target frame to navigate with respect to the active document just as we do in WebCore::createWindow().

2017-01-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r210122.

    2016-12-22  Brent Fulgham  <bfulgham@apple.com>

            Nested calls to setDocument can omit firing 'unload' events
            https://bugs.webkit.org/show_bug.cgi?id=166422
            <rdar://problem/29763012>

            Reviewed by Alex Christensen.

            Test: fast/loader/nested-document-handling.html

            Only allow a single document change to be taking place during a given runloop cycle.

            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::executeIfJavaScriptURL): Block script changing the document
            when we are in the middle of changing the document.
            * page/Frame.cpp:
            (WebCore::Frame::setDocument): Keep track of document change state.
            * page/Frame.h:

2017-01-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r210120.

    2016-12-22  Zalan Bujtas  <zalan@apple.com>

            Do not destroy the RenderNamedFlowFragment as leftover anonymous block.
            https://bugs.webkit.org/show_bug.cgi?id=166436
            rdar://problem/29772233

            Reviewed by Simon Fraser.

            When as the result of certain style change, the generated anonymous block is not needed anymore, we
            move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated
            block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc. 

            Test: fast/regions/flow-fragment-as-anonymous-block-crash.html

            * rendering/RenderObject.h:
            (WebCore::RenderObject::isAnonymousBlock):

2016-12-19  Babak Shafiei  <bshafiei@apple.com>

        Build fix for rdar://problem/29737358.

2016-12-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r209990.

    2016-12-18  Brent Fulgham  <bfulgham@apple.com>

            Side effects while restting form elements
            https://bugs.webkit.org/show_bug.cgi?id=165959
            <rdar://problem/29705967>

            Reviewed by Anders Carlsson.

            JavaScript logic can run while resetting FormElement objects. This can
            lead to unintended side-effets and other unwanted behavior. We should
            protect these elements during the reset.

            Test: fast/html/form-mutate.html

            * html/HTMLFormElement.cpp:
            (WebCore::HTMLFormElement::HTMLFormElement): Switch to C++11 initialization.
            (WebCore::HTMLFormElement::reset): Protect elements until the reset
            operation is finished.
            (WebCore::HTMLFormElement::resetAssociatedFormControlElements): Added to share
            code with 'resumeFromDocument'.
            (WebCore::HTMLFormElement::resumeFromDocument): Protect elements until the
            reset operation is finished.

2016-12-16  Jason Marcell  <jmarcell@apple.com>

        Merge r209926. rdar://problem/29706846

    2016-12-16  Zalan Bujtas  <zalan@apple.com>

            Defer certain accessibility callbacks until after layout is finished.
            https://bugs.webkit.org/show_bug.cgi?id=165861
            rdar://problem/29646301

            Reviewed by Chris Fleizach.

            Currently with certain AXObjectCache callbacks, we can end up in a layout while the render tree is being mutated.
            This patch ensures that such callbacks are deferred until after tree mutation/layout is finished.

            Test: accessibility/accessibility-crash-with-dynamic-inline-content.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::remove):
            (WebCore::AXObjectCache::performDeferredIsIgnoredChange):
            (WebCore::AXObjectCache::insertDeferredIsIgnoredChange):
            * accessibility/AXObjectCache.h:
            * page/FrameView.cpp:
            (WebCore::FrameView::performPostLayoutTasks):
            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::deleteLines):
            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlockFlow::createAndAppendRootInlineBox):

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Merge r204664.

    2016-08-19  Dean Jackson  <dino@apple.com>

            Implement preferLowPowerToHighPerformance for WebGL
            https://bugs.webkit.org/show_bug.cgi?id=161017
            <rdar://problem/26819135>

            Reviewed by Myles Maxfield.

            Implement preferLowPowerToHighPerformance on macOS by
            passing the correct CGL attribute when creating the
            pixel format.

            * bindings/js/JSHTMLCanvasElementCustom.cpp:
            (WebCore::get3DContextAttributes):
            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::setPixelFormat):
            (WebCore::GraphicsContext3D::GraphicsContext3D):

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Merge r204618.

    2016-08-18  Dean Jackson  <dino@apple.com>

            Support passing preferLowPowerToHighPerformance and failIfMajorPerformanceCaveat
            https://bugs.webkit.org/show_bug.cgi?id=160982
            <rdar://problem/27915946>

            Reviewed by Simon Fraser.

            Update WebGLContextAttributes to be compliant with the specification,
            by adding preferLowPowerToHighPerformance and failIfMajorPerformanceCaveat.
            They are not implemented yet, so asking the created context what
            values it used should give the default.

            Test: fast/canvas/webgl/context-creation-attributes.html

            * html/canvas/WebGLContextAttributes.cpp:
            (WebCore::WebGLContextAttributes::preferLowPowerToHighPerformance):
            (WebCore::WebGLContextAttributes::setPreferLowPowerToHighPerformance):
            (WebCore::WebGLContextAttributes::failIfMajorPerformanceCaveat):
            (WebCore::WebGLContextAttributes::setFailIfMajorPerformanceCaveat):
            * html/canvas/WebGLContextAttributes.h:
            * html/canvas/WebGLContextAttributes.idl:
            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create): Deleted.
            * platform/graphics/GraphicsContext3D.h:
            (WebCore::GraphicsContext3D::Attributes::Attributes): Deleted.

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Roll out r204664.

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Merge r204664.

    2016-08-19  Dean Jackson  <dino@apple.com>

            Implement preferLowPowerToHighPerformance for WebGL
            https://bugs.webkit.org/show_bug.cgi?id=161017
            <rdar://problem/26819135>

            Reviewed by Myles Maxfield.

            Implement preferLowPowerToHighPerformance on macOS by
            passing the correct CGL attribute when creating the
            pixel format.

            * bindings/js/JSHTMLCanvasElementCustom.cpp:
            (WebCore::get3DContextAttributes):
            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::setPixelFormat):
            (WebCore::GraphicsContext3D::GraphicsContext3D):

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Merge r209819.

    2016-12-14  Alex Christensen  <achristensen@webkit.org>

            REGRESSION (r209776): [ios-simulator] LayoutTest http/tests/xmlhttprequest/on-network-timeout-error-during-preflight.html is timing out
            https://bugs.webkit.org/show_bug.cgi?id=165836

            Reviewed by Brady Eidson.

            * loader/CrossOriginAccessControl.cpp:
            (WebCore::createAccessControlPreflightRequest):
            Use the platform default timeout for CORS preflight requests.

2016-12-15  Babak Shafiei  <bshafiei@apple.com>

        Merge r209776.

    2016-12-13  Alex Christensen  <achristensen@webkit.org>

            Restore NSURLRequest's default time interval to match behavior before NSURLSession adoption
            https://bugs.webkit.org/show_bug.cgi?id=165821
            <rdar://problem/28492939>

            Reviewed by Brady Eidson.

            Before adopting NSURLSession, iOS used CFURLConnection, not NSURLConnection.
            iOS used to have a default timeout of INT_MAX and it now has a default timeout of 0, which means use the 
            default NSURLRequest timeout, which is 60 seconds.  This is not enough for some slow mobile networks,
            so we want to match behavior of our CFURLConnection code here.

            * platform/network/ResourceRequestBase.cpp:
            Use INT_MAX as the default timeout of requests on iOS.

2016-12-07  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r209462. rdar://problem/29556990

    2016-12-06  Geoffrey Garen  <ggaren@apple.com>

            performance.now() should truncate to 100us
            https://bugs.webkit.org/show_bug.cgi?id=165503
            <rdar://problem/29544531>

            Reviewed by Mark Lam.

            * page/Performance.cpp:
            (WebCore::Performance::reduceTimeResolution):

2016-12-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r209145. rdar://problem/29404231

    2016-11-30  Brent Fulgham  <bfulgham@apple.com>

            Use 'childOfType' template when retrieving Shadow DOM elements
            https://bugs.webkit.org/show_bug.cgi?id=165145
            <rdar://problem/29331830>

            Reviewed by Antti Koivisto.

            Tests: fast/shadow-dom/color-input-element-shadow-manipulation.html
                   fast/shadow-dom/file-input-element-shadow-manipulation.html
                   fast/shadow-dom/keygen-shadow-manipulation.html
                   fast/shadow-dom/media-shadow-manipulation.html
                   fast/shadow-dom/range-input-element-shadow-manipulation.html
                   fast/shadow-dom/textarea-shadow-manipulation.html

            Switch to using 'childOfType' when retrieving Shadow DOM elements, rather
            than relying on expected element positions, as these can be changed by
            JavaScript.

            Drive by fix: Make more use of is<> and downcast<> templates rather than blindly casting.

            * dom/Element.h:
            (WebCore::Element::isUploadButton): Added.
            (WebCore::Element::isSliderContainerElement): Added.
            * html/ColorInputType.cpp:
            (WebCore::ColorInputType::shadowColorSwatch): Use 'childOfType' rather than assuming
            the first child is the one we want.
            * html/FileInputType.cpp:
            (isType): Added.
            (WebCore::FileInputType::disabledAttributeChanged): Use 'childOfType' rather than assuming
            the first child is the one we want.
            (WebCore::FileInputType::multipleAttributeChanged): Ditto.
            * html/HTMLKeygenElement.cpp:
            (WebCore::HTMLKeygenElement::shadowSelect): Ditto.
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::mediaControls): Ditto.
            (WebCore::HTMLMediaElement::hasMediaControls): Ditto.
            * html/HTMLTextAreaElement.cpp:
            (WebCore::HTMLTextAreaElement::innerTextElement): Ditto.
            * html/RangeInputType.cpp:
            (WebCore::RangeInputType::sliderTrackElement): Ditto.
            * html/shadow/SliderThumbElement.h:
            (isType): Added.
            * svg/SVGUseElement.cpp:
            (WebCore::SVGUseElement::targetClone): Use 'childOfType' rather than assuming
            the first child is the one we want.

2016-12-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208745. rdar://problem/29277336

    2016-11-14  Brent Fulgham  <bfulgham@apple.com>

            Correct handling of changing input type
            https://bugs.webkit.org/show_bug.cgi?id=164759
            <rdar://problem/29211174>

            Reviewed by Darin Adler.

            Test: fast/forms/search-cancel-button-change-input.html

            It is possible for JavaScript to change the type property of an input field. WebKit
            needs to gracefully handle this case.

            Add a type traits specialization so we can properly downcast InputType elements.
            Use this to only call search functions on actual search input types.

            * html/HTMLInputElement.cpp:
            (WebCore::HTMLInputElement::onSearch): Only perform search functions if the
            input type is actually a search field.
            * html/InputType.h: Add type traits specialization for 'downcast' template.
            * html/SearchInputType.h: Ditto.

2016-12-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208825. rdar://problem/29277338

    2016-11-16  Brent Fulgham  <bfulgham@apple.com>

            Clear track client when removing a track
            https://bugs.webkit.org/show_bug.cgi?id=164842
            <rdar://problem/29213621>

            Reviewed by Eric Carlson.

            Call 'clearClient' when removing a track from an HTMLMediaElement.

            Test: media/track/audio-track-add-remove.html
                  media/track/video-track-add-remove.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::removeAudioTrack): Call 'clearClient'
            (WebCore::HTMLMediaElement::removeVideoTrack): Ditto.

2016-12-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208629. rdar://problem/29277337

    2016-11-11  Brent Fulgham  <bfulgham@apple.com>

            Unreviewed build fix after r208628

            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneDeserializer::readTerminal): Cast pointer arithmetic to
            uint32_t to avoid warning.

2016-12-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208628. rdar://problem/29277337

    2016-11-11  Brent Fulgham  <bfulgham@apple.com>

            Neutered ArrayBuffers are not properly serialized
            https://bugs.webkit.org/show_bug.cgi?id=164647
            <rdar://problem/29213490>

            Reviewed by David Kilzer.

            Correct binding logic to handle ImageBuffers being deserialized from neutered ArrayBuffers.

            Test: fast/canvas/neutered-imagedata.html

            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneDeserializer::readTerminal):

2016-11-28  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r209045. rdar://problem/29404778

    2016-11-28  Beth Dakin  <bdakin@apple.com>

            Blacklist Netflix for TouchBar support
            https://bugs.webkit.org/show_bug.cgi?id=165104
            -and corresponding-
            rdar://problem/29404778

            Reviewed by Tim Horton.

            This patch moves the algorithm to
            bestMediaElementForShowingPlaybackControlsManager() so that Now Playing can also
            use it.
            * html/HTMLMediaElement.cpp:
            (WebCore::needsPlaybackControlsManagerQuirk):
            (WebCore::HTMLMediaElement::bestMediaElementForShowingPlaybackControlsManager):
            (WebCore::HTMLMediaElement::updatePlaybackControlsManager):

2016-11-28  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r209013. rdar://problem/29404778

    2016-11-28  Beth Dakin  <bdakin@apple.com>

            Blacklist Netflix for TouchBar support
            https://bugs.webkit.org/show_bug.cgi?id=165104
            -and corresponding-
            rdar://problem/29404778

            Reviewed by Darin Adler.

            * html/HTMLMediaElement.cpp:
            (WebCore::needsPlaybackControlsManagerQuirk):
            (WebCore::HTMLMediaElement::updatePlaybackControlsManager):

2016-11-14  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208691. rdar://problem/29250304

    2016-11-14  David Kilzer  <ddkilzer@apple.com>

            Bug 164702: WebContent crash due to checked unsigned overflow in WebCore: WebCore::RenderLayerCompositor::requiresCompositingLayer const + 1104
            <https://webkit.org/b/164702>
            <rdar://problem/29236368>

            Reviewed by Darin Adler.

            Test: inspector/layers/layers-compositing-reasons.html

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::requiresCompositingForCanvas):
            Don't composite if the canvas area overflows.

2016-11-14  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208655. rdar://problem/29250302

    2016-11-12  Wenson Hsieh  <wenson_hsieh@apple.com>

            The main content heuristic should be robust when handling large media elements
            https://bugs.webkit.org/show_bug.cgi?id=164676
            <rdar://problem/29211503>

            Reviewed by Eric Carlson.

            Handles integer overflow gracefully when performing the main content check for very large media elements. If the
            heuristic comes across such an element, it will now bail early and reject the video as main content. Also adds a
            new API test: VideoControlsManager.VideoControlsManagerPageWithEnormousVideo.

            * html/MediaElementSession.cpp:
            (WebCore::isElementRectMostlyInMainFrame):

2016-11-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208392. rdar://problem/28409526

    2016-11-03  Anders Carlsson  <andersca@apple.com>

            Add new 'other' Apple Pay button style
            https://bugs.webkit.org/show_bug.cgi?id=164384
            rdar://problem/28302528

            Reviewed by Dean Jackson.

            * DerivedSources.make:
            * WebCorePrefix.h:
            Add extension points.

            * css/CSSPrimitiveValueMappings.h:
            (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
            Add ApplePayButtonType::Other.

            (WebCore::CSSPrimitiveValue::operator ApplePayButtonType):
            Add CSSValueOther.

            * css/CSSValueKeywords.in:
            Add other.

            * css/parser/CSSParser.cpp:
            (WebCore::isValidKeywordPropertyAndValue):
            Add CSSValueOther.

            * css/parser/CSSParserFastPaths.cpp:
            (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
            Add CSSValueOther.

            * rendering/RenderThemeCocoa.mm:
            (WebCore::toPKPaymentButtonType):
            Handle ApplePayButtonType::Other.

            * rendering/style/RenderStyleConstants.h:
            Add ApplePayButtonType::Other.

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208328. rdar://problem/29084886

    2016-11-03  Dan Bernstein  <mitz@apple.com>

            REGRESSION (r206247): Painting milestones can be delayed until the next layer flush
            https://bugs.webkit.org/show_bug.cgi?id=164340
            <rdar://problem/29074344>

            Reviewed by Tim Horton.

            To give WebKit a chance to deliver the painting milestones to its client after the commit,
            we must tell it about them before or during the commit. To that end, we should not defer
            the call to firePaintRelatedMilestonesIfNeeded until after the commit.

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::RenderLayerCompositor): Removed
              m_paintRelatedMilestonesTimer initializer.
            (WebCore::RenderLayerCompositor::didPaintBacking): Call
              FrameView::firePaintRelatedMilestonesIfNeeded directly from here.
            (WebCore::RenderLayerCompositor::paintRelatedMilestonesTimerFired): Deleted.
            * rendering/RenderLayerCompositor.h:

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208319. rdar://problem/29084077

    2016-11-02  Simon Fraser  <simon.fraser@apple.com>

            Followup after r208314.

            The style created for reflections contains transforms and a mask, so needs to get explicit
            z-index on it. This doesn't change rendering, since this layer has no children.

            Fixes assertions in various reflection tests.

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::calculateClipRects):

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208314. rdar://problem/29084077

    2016-11-02  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r208025) GraphicsContext state stack assertions loading webkit.org
            https://bugs.webkit.org/show_bug.cgi?id=164350
            rdar://problem/29053414

            Reviewed by Dean Jackson.

            After r208025 it as possible for KeyframeAnimation::animate() to produce a RenderStyle
            with a non-1 opacity, but without the explicit z-index that triggers stacking context.
            This confused the RenderLayer paintWithTransparency code, triggering mismsatched GraphicsContext
            save/restores.

            This occurred when the runningOrFillingForwards state was mis-computed. keyframeAnim->animate()
            can spit out a new style when in the StartWaitTimer sometimes, so "!keyframeAnim->waitingToStart() && !keyframeAnim->postActive()"
            gave the wrong answser.

            Rather than depend on the super-confusing animation state, use a bool out param from animate() to say
            when it actually produced a new style, and when true, do the setZIndex(0).

            Test: animations/stacking-during-opacity-animation.html

            * page/animation/AnimationBase.h:
            * page/animation/CSSPropertyAnimation.cpp:
            (WebCore::CSSPropertyAnimation::blendProperties): Log after blending so the log shows the blended style.
            * page/animation/CompositeAnimation.cpp:
            (WebCore::CompositeAnimation::animate):
            * page/animation/ImplicitAnimation.cpp:
            (WebCore::ImplicitAnimation::animate):
            * page/animation/ImplicitAnimation.h:
            * page/animation/KeyframeAnimation.cpp:
            (WebCore::KeyframeAnimation::animate):
            * page/animation/KeyframeAnimation.h:
            * platform/graphics/GraphicsContext.cpp:
            (WebCore::GraphicsContext::restore):
            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayer::drawLayerContents): No functional change, but created scope for the
            GraphicsContext so that it didn't outlive the CGContextRestoreGState(context).
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::beginTransparencyLayers): New assertion that catches the problem earlier.

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208307. rdar://problem/29078457

    2016-11-02  David Kilzer  <ddkilzer@apple.com>

            Bug 164333: Add logging for "WebKit encountered an internal error" messages due to Network process crashes
            <https://webkit.org/b/164333>
            <rdar://problem/29072727>

            Reviewed by Alex Christensen.

            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::networkProcessCrashedKey):
            - Add implementation for new key method.
            * page/DiagnosticLoggingKeys.h:
            (WebCore::DiagnosticLoggingKeys::networkProcessCrashedKey):
            - Add declaration for new key method.

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208286. rdar://problem/28634857

    2016-11-02  David Kilzer  <ddkilzer@apple.com>

            Add logging for "WebKit encountered an internal error" messages
            <https://webkit.org/b/164272>
            <rdar://problem/28546064>

            Reviewed by Alex Christensen.

            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::internalErrorKey):
            (WebCore::DiagnosticLoggingKeys::invalidSessionIDKey):
            (WebCore::DiagnosticLoggingKeys::createSharedBufferFailedKey):
            (WebCore::DiagnosticLoggingKeys::synchronousMessageFailedKey):
            - Add implementations for new key methods.

            * page/DiagnosticLoggingKeys.h:
            (WebCore::DiagnosticLoggingKeys::internalErrorKey):
            (WebCore::DiagnosticLoggingKeys::invalidSessionIDKey):
            (WebCore::DiagnosticLoggingKeys::createSharedBufferFailedKey):
            (WebCore::DiagnosticLoggingKeys::synchronousMessageFailedKey):
            - Add declarations for new key methods.

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208101. rdar://problem/29053206

    2016-10-29  Youenn Fablet  <youenn@apple.com>

            REGRESSION (Safari 10 / r189445): WKWebView and WebView no longer allow async XMLHttpRequest timeout to exceed 60 seconds
            https://bugs.webkit.org/show_bug.cgi?id=163814
            <rdar://problem/28917420>

            Reviewed by Darin Adler.

            Tests: http/tests/xmlhttprequest/resetting-timeout-to-zero.html
                   http/tests/xmlhttprequest/timeout-greater-than-default-network-timeout.html

            * xml/XMLHttpRequest.cpp:
            (WebCore::XMLHttpRequest::setTimeout): If the XHR timeout is active, resetting the timeout to zero should lead to using the default network timeout.
            Since it is difficult to update the timeout once the request is sent, we mimic the default network timeout with a 60 seconds XHR timeout.
            (WebCore::XMLHttpRequest::createRequest): Setting network timeout to infinity if the XHR timeout is active.

2016-11-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208025. rdar://problem/28216240

    2016-10-27  Simon Fraser  <simon.fraser@apple.com>

            If an animation's keyframes affect stacking context properties, create stacking context while the animation is running
            https://bugs.webkit.org/show_bug.cgi?id=164094

            Reviewed by Dean Jackson.

            The CSS animations spec <https://drafts.csswg.org/css-animations-1/> now makes it
            clear that a keyframe animation animating properties which can affect stacking context
            should establish stacking context while it's running, or filling-forwards. This is part
            of the "the user agent must act as if the will-change property...includes all the properties
            animated by the animation" clause.

            Implement by having CompositeAnimation::animate() track whether running animations should
            create stacking context, replacing existing code in AnimationController::updateAnimations()
            which only looked at opacity and transform. Transitions are also checked to see if they need
            to trigger stacking context.

            This allows for the removal of a 0.9999 hack when blending opacity.

            Tests: animations/stacking-context-fill-forwards.html
                   animations/stacking-context-not-fill-forwards.html
                   animations/stacking-context-unchanged-while-running.html

            * page/animation/AnimationController.cpp:
            (WebCore::AnimationController::updateAnimations):
            * page/animation/CSSPropertyAnimation.cpp:
            * page/animation/CompositeAnimation.cpp:
            (WebCore::CompositeAnimation::animate):
            * page/animation/KeyframeAnimation.cpp:
            (WebCore::KeyframeAnimation::KeyframeAnimation):
            (WebCore::KeyframeAnimation::computeStackingContextImpact):
            (WebCore::KeyframeAnimation::animate):
            * page/animation/KeyframeAnimation.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::currentTransform):
            * rendering/style/WillChangeData.cpp:
            (WebCore::WillChangeData::propertyCreatesStackingContext):
            (WebCore::propertyCreatesStackingContext): Deleted.
            * rendering/style/WillChangeData.h:

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r208167. rdar://problem/28216240

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r208255. rdar://problem/28962886

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r208173. rdar://problem/28962886

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208175. rdar://problem/29032335

    2016-10-31  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix for the build fix; AVStreamDataParser not defined on iOS.

            * platform/spi/mac/AVFoundationSPI.h:

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208171. rdar://problem/29032335

    2016-10-31  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix after r208151; outputMIMECodecParameterForInputMIMECodecParameter not
            defined pre-Sierra.

            * platform/spi/mac/AVFoundationSPI.h:

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208161. rdar://problem/29032335

    2016-10-31  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix after r208151; _setPreventsSleepDuringVideoPlayback: only defined in non-simulator SDKs.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):
            * platform/spi/mac/AVFoundationSPI.h:

2016-11-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206637. rdar://problem/28718754

    2016-09-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Unreviewed, fix 32-bit build.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::decodedSizeChanged):

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208151. rdar://problem/29032335

    2016-10-31  Jer Noble  <jer.noble@apple.com>

            Opt-out of AVPlayer automatic sleep disabling
            https://bugs.webkit.org/show_bug.cgi?id=163983

            Reviewed by Eric Carlson.

            In addition to the DisplaySleepDisabler, notify the MediaPlayerPrivateAVFoundationObjC object whether
            it should disable display sleep.  Provide all the necessary boilerplate to allow the media player private
            to query the HTMLMediaPlayer so that the correct value can be set on AVPlayer upon creation.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::updateSleepDisabling):
            * html/HTMLMediaElement.h:
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::setShouldDisableSleep):
            (WebCore::MediaPlayer::shouldDisableSleep):
            * platform/graphics/MediaPlayer.h:
            (WebCore::MediaPlayerClient::mediaPlayerShouldDisableSleep):
            * platform/graphics/MediaPlayerPrivate.h:
            (WebCore::MediaPlayerPrivateInterface::setShouldDisableSleep):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
            (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):

            Drive-by fix: Re-organize the contents of AVFoundationSPI.h so that there's a single top-level
            #if USE(APPLE_INTERNAL_SDK) statement, rather than that conditional being sprinkled about the
            file.

            * platform/spi/mac/AVFoundationSPI.h:

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208168. rdar://problem/28962886

    2016-10-28  Brent Fulgham  <bfulgham@apple.com>

            Do a better job of protecting Frame objects in the context of JavaScript calls
            https://bugs.webkit.org/show_bug.cgi?id=164163
            <rdar://problem/28955249>

            Reviewed by Darin Adler.

            * editing/AlternativeTextController.cpp:
            (WebCore::AlternativeTextController::respondToUnappliedSpellCorrection): Protected the Frame.
            * editing/Editor.cpp:
            (WebCore::Editor::setTextAsChildOfElement): Ditto.
            * editing/EditorCommand.cpp:
            (WebCore::executeSwapWithMark): Ditto.
            * editing/TypingCommand.cpp:
            (WebCore::TypingCommand::deleteKeyPressed): Ditto.
            (WebCore::TypingCommand::forwardDeleteKeyPressed): Ditto.
            * editing/mac/EditorMac.mm:
            (WebCore::Editor::replaceNodeFromPasteboard): Ditto.
            * page/ContextMenuController.cpp:
            (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
            * page/DOMSelection.cpp:
            (WebCore::DOMSelection::collapse): Ditto.
            (WebCore::DOMSelection::collapseToEnd): Ditto.
            (WebCore::DOMSelection::collapseToStart): Ditto.
            (WebCore::DOMSelection::setBaseAndExtent): Ditto.
            (WebCore::DOMSelection::setPosition): Ditto.
            (WebCore::DOMSelection::modify): Ditto.
            (WebCore::DOMSelection::extend): Ditto.
            (WebCore::DOMSelection::addRange): Ditto.
            (WebCore::DOMSelection::deleteFromDocument): Ditto.
            * page/DragController.cpp:
            (WebCore::setSelectionToDragCaret): Ditto.
            (WebCore::DragController::startDrag): Ditto.
            * page/Frame.cpp:
            (WebCore::Frame::checkOverflowScroll): Ditto.
            * page/TextIndicator.cpp:
            (WebCore::TextIndicator::createWithRange): Ditto.

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208025. rdar://problem/28216240

    2016-10-27  Simon Fraser  <simon.fraser@apple.com>

            If an animation's keyframes affect stacking context properties, create stacking context while the animation is running
            https://bugs.webkit.org/show_bug.cgi?id=164094

            Reviewed by Dean Jackson.

            The CSS animations spec <https://drafts.csswg.org/css-animations-1/> now makes it
            clear that a keyframe animation animating properties which can affect stacking context
            should establish stacking context while it's running, or filling-forwards. This is part
            of the "the user agent must act as if the will-change property...includes all the properties
            animated by the animation" clause.

            Implement by having CompositeAnimation::animate() track whether running animations should
            create stacking context, replacing existing code in AnimationController::updateAnimations()
            which only looked at opacity and transform. Transitions are also checked to see if they need
            to trigger stacking context.

            This allows for the removal of a 0.9999 hack when blending opacity.

            Tests: animations/stacking-context-fill-forwards.html
                   animations/stacking-context-not-fill-forwards.html
                   animations/stacking-context-unchanged-while-running.html

            * page/animation/AnimationController.cpp:
            (WebCore::AnimationController::updateAnimations):
            * page/animation/CSSPropertyAnimation.cpp:
            * page/animation/CompositeAnimation.cpp:
            (WebCore::CompositeAnimation::animate):
            * page/animation/KeyframeAnimation.cpp:
            (WebCore::KeyframeAnimation::KeyframeAnimation):
            (WebCore::KeyframeAnimation::computeStackingContextImpact):
            (WebCore::KeyframeAnimation::animate):
            * page/animation/KeyframeAnimation.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::currentTransform):
            * rendering/style/WillChangeData.cpp:
            (WebCore::WillChangeData::propertyCreatesStackingContext):
            (WebCore::propertyCreatesStackingContext): Deleted.
            * rendering/style/WillChangeData.h:

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r208003. rdar://problem/28811878

    2016-10-27  Brent Fulgham  <bfulgham@apple.com>

            Prevent hit tests from being performed on an invalid render tree
            https://bugs.webkit.org/show_bug.cgi?id=163877
            <rdar://problem/28675761>

            Reviewed by Simon Fraser.

            Changeset r200971 added code to ensure that layout is up-to-date before hit testing, but did
            so only for the main frame. It was still possible to enter cross-frame hit testing with a
            subframe needing style recalc. In that situation, the subframe's updateLayout() would get
            called, which could trigger a compositing change that marked the parent frame as needing style
            recalc. A subsequent layout on the parent frame (for example by hit testing traversing into
            a second subframe) could then mutate the parent frame's layer tree while hit testing was
            traversing it.

            This patch modifies the hit test logic to ensure that a recursive layout is performed so that
            we always perform hit tests on a clean set of frames. It also adds some assertions to warn
            us if we encounter this invalid state.

            Tested by fast/layers/prevent-hit-test-during-layout.html.

            * dom/Document.cpp:
            (WebCore::Document::scheduleStyleRecalc): Assert that we are not hit testing
            during style recalculation.
            * page/EventHandler.cpp:
            (WebCore::EventHandler::hitTestResultAtPoint): Ensure that we have a clean render tree
            when hit testing.
            * page/FrameView.cpp:
            (WebCore::FrameView::setNeedsLayout): Assert that we are not in the process of hit testing
            when we schedule a layout.
            * rendering/RenderView.cpp:
            (WebCore::RenderView::hitTest): Mark RenderView as in an active hit test.
            * rendering/RenderView.h:

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206635 and r206637. rdar://problem/28718754

    2016-10-28  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Change the MemoryCache and CachedResource adjustSize functions to take a long argument
            https://bugs.webkit.org/show_bug.cgi?id=162708

            Reviewed by Brent Fulgham.

            Because the MemoryCache stores the size of the cached memory in unsigned,
            two problems my happen when reporting a change in the size of the memory:

            1. Signed integer overflow -- which can happen because MemoryCache::adjustSize()
               takes a signed integer argument. If the allocated or the freed memory size is
               larger than the maximum of a signed integer, an overflow will happen.
               For the image caching code, this can be seen where the unsigned decodedSize
               is casted to an integer before passing it to ImageObserver::decodedSizeChanged().

            2. Unsigned integer overflow -- which can happen if the new allocated memory
               size plus the currentSize exceeds the maximum of unsigned.
               This can be seen in MemoryCache::adjustSize() where we add delta to m_liveSize
               or m_deadSize without checking whether this addition will overflow or not. We
               do not assert for overflow although we assert for underflow.

            The fix for these two problems can be the following:

            1. Make all the adjustSize functions all the way till MemoryCache::adjustSize()
               take a signed long integer argument.

            2. Do not create a NativeImagePtr for an ImageFrame if its frameBytes plus the
               ImageFrameCache::decodedSize() will exceed the maximum of an unsigned integer.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::decodedSizeChanged): Change the argument to be long. No overflow will happen when casting the argument from unsigned to long.
            * loader/cache/CachedImage.h:
            * loader/cache/CachedResource.cpp:
            (WebCore::CachedResource::setDecodedSize): Use long integer casting when calling MemoryCache::adjustSize().
            (WebCore::CachedResource::setEncodedSize): Ditto.
            * loader/cache/MemoryCache.cpp:
            (WebCore::MemoryCache::MemoryCache): Add as static assert to ensure sizeof(long long) can hold any unsigned or its negation.
            (WebCore::MemoryCache::revalidationSucceeded): Use long integer casting when calling MemoryCache::adjustSize().
            (WebCore::MemoryCache::remove): Ditto.
            (WebCore::MemoryCache::adjustSize): Change the function argument to long integer. No overflow will happen when casting the argument from unsigned to long.
            * loader/cache/MemoryCache.h:
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::destroyMetadataAndNotify): Use long long casting when calling ImageObserver::decodedSizeChanged().
            (WebCore::BitmapImage::cacheFrame): Do not create the NativeImage if adding its frameByes to the MemoryCache will cause numerical overflow.
            (WebCore::BitmapImage::didDecodeProperties): Use long long casting.
            (WebCore::BitmapImage::frameImageAtIndex): Use long long casting when calling ImageObserver::decodedSizeChanged().
            * platform/graphics/ImageObserver.h:
            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::decodedSizeChanged): Use long long casting when calling ImageObserver::decodedSizeChanged().

2016-10-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206802. rdar://problem/28409525

    2016-10-28  Said Abou-Hallawa  <sabouhallawa@apple.com>

            The dragged image should be the current frame only of the animated image
            https://bugs.webkit.org/show_bug.cgi?id=162109

            Instead of creating an NSImage with all the frames for the dragImage,
            create an NSImage with the current frame only.

            * bindings/objc/DOM.mm:
            (-[DOMElement image]): Call the Image function with its new name.
            (-[DOMElement _imageTIFFRepresentation]): Ditto.
            * dom/DataTransferMac.mm:
            (WebCore::DataTransfer::createDragImage): Call snapshotNSImage() to create the dragImage.
            * editing/cocoa/HTMLConverter.mm:
            (fileWrapperForElement):  Call the Image function with its new name.
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::framesNativeImages): Added.
            * platform/graphics/BitmapImage.h:
            * platform/graphics/Image.h:
            (WebCore::Image::framesNativeImages): Added.
            (WebCore::Image::nsImage): Rename getNSImage() to nsImage().
            (WebCore::Image::snapshotNSImage): Returns the NSImage of the current frame.
            (WebCore::Image::tiffRepresentation): Rename getTIFFRepresentation() to tiffRepresentation().
            (WebCore::Image::getNSImage): Deleted.
            (WebCore::Image::getTIFFRepresentation): Deleted.
            * platform/graphics/mac/ImageMac.mm:
            (WebCore::BitmapImage::tiffRepresentation): Rename getTIFFRepresentation() to tiffRepresentation().
            (WebCore::BitmapImage::nsImage): Rename getNSImage() to nsImage().
            (WebCore::BitmapImage::snapshotNSImage): Returns the NSImage of the current frame.
            (WebCore::BitmapImage::getTIFFRepresentation): Deleted.
            (WebCore::BitmapImage::getNSImage): Deleted.
            * platform/mac/CursorMac.mm:
            (WebCore::createCustomCursor): Call snapshotNSImage() since the cursor does not animate anyway.
            * platform/mac/DragImageMac.mm:
            (WebCore::createDragImageFromImage): Use snapshotNSImage() for the dragImage.
            * platform/mac/PasteboardMac.mm:
            (WebCore::Pasteboard::write): Call the Image function with its new name.

2016-10-27  Daniel Bates  <dabates@apple.com>

        Merge r207848. rdar://problem/28216276

    2016-10-25  Daniel Bates  <dabates@apple.com>

            REGRESSION (r178265): XSS Auditor fails to block document.write() of incomplete tag
            https://bugs.webkit.org/show_bug.cgi?id=163978
            <rdar://problem/25962131>

            Reviewed by Darin Adler.

            During the tokenization process of an HTML tag the start and end positions of each of its
            attributes is tracked so that the XSS Auditor can request a snippet around a suspected
            injected attribute. We need to take care to consider document.write() boundaries when
            tracking the start and end positions of each HTML tag and attribute so that the XSS Auditor
            receives the correct snippet. Following r178265 we no longer consider document.write()
            boundaries when tracking the start and end positions of attributes. So, the substring
            represented by the start and end positions of an attribute may correspond to some other
            attribute in the tag. Therefore the XSS Auditor may fail to block an injection because the
            snippet it requested may not be the snippet that it intended to request.

            Tests: http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror.html
                   http/tests/security/xssAuditor/dom-write-location-open-img-onerror.html
                   http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror.html

            * html/parser/HTMLSourceTracker.cpp:
            (WebCore::HTMLSourceTracker::startToken): Set the attribute base offset to be the token
            start position.
            (WebCore::HTMLSourceTracker::source): Use the specified attribute start position as-is. We no
            longer adjust it here because it was adjusted with respect to the attribute base offset, which
            takes into account document.write() boundaries.
            * html/parser/HTMLToken.h:
            (WebCore::HTMLToken::setAttributeBaseOffset): Added.
            (WebCore::HTMLToken::beginAttribute): Subtract attribute base offset from the specified offset.
            (WebCore::HTMLToken::endAttribute): Ditto.
            * html/parser/HTMLTokenizer.h:
            (WebCore::HTMLTokenizer::setTokenAttributeBaseOffset): Added.

2016-10-27  David Kilzer  <ddkilzer@apple.com>

        Fix merge r207708. rdar://problem/28962914

        * html/MediaElementSession.cpp:
        (WebCore::isElementRectMostlyInMainFrame): Call unsafeGet().
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::calculateMaximumSubsamplingLevel): Call unsafeGet().
        * platform/graphics/IntRect.h:
        (WebCore::IntRect::area): Replace non-template area() method with template version.
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createRasterShape): Call unsafeGet().

2016-10-27  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207930. rdar://problem/28811881

    2016-10-26  Zalan Bujtas  <zalan@apple.com>

            Ignore out-of-flow siblings when searching for a spanner candidate.
            https://bugs.webkit.org/show_bug.cgi?id=164042.
            <rdar://problem/28758456>

            Reviewed by Simon Fraser.

            While searching for the spanner candidates in a flow thread, we have to take into account
            whether renderers are in- or out-of-flow.
            What it means is that while traversing the renderer tree to find the the candidate
            renderer (next sibling/ancestor's next child in pre-order traversal), we have to check if the candidate
            is in the same layout context too.

            Test: fast/multicol/crash-when-spanner-candidate-is-out-of-flow.html

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::spannerPlacehoderCandidate):
            (WebCore::RenderMultiColumnFlowThread::processPossibleSpannerDescendant):

2016-10-26  David Kilzer  <ddkilzer@apple.com>

        Merge r207708. rdar://problem/28962914

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::BitmapImage):
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::frameBytesAtIndex):
        - Add calls to unsafeGet() that don't exist in trunk.

    2016-10-21  David Kilzer  <ddkilzer@apple.com>

        Bug 163762: IntSize::area() should used checked arithmetic
        <https://webkit.org/b/163762>

        Reviewed by Darin Adler.

        No new tests since no change in nominal behavior.

        * platform/graphics/IntSize.h:
        (WebCore::IntSize::area): Change to return a
        Checked<unsigned, T> value. Use WTF:: namespace to avoid
        including another header.

        * platform/graphics/IntRect.h:
        (WebCore::IntRect::area): Ditto.

        The remaining changes are to use the Checked<unsigned> return
        value of IntSize::area() and IntRect::area() correctly in
        context, in addition to items noted below.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::isTopLevelFullPagePlugin):
        Declare contentWidth and contentHeight as float values to
        prevent overflow when computing the area, and to make the
        inequality comparison in the return statement uses the same type
        for both sides.
        * html/ImageData.cpp:
        (WebCore::ImageData::ImageData):
        * html/MediaElementSession.cpp:
        (WebCore::isElementRectMostlyInMainFrame):
        * platform/graphics/ImageBackingStore.h:
        (WebCore::ImageBackingStore::setSize): Restructure logic to
        compute area only once.
        (WebCore::ImageBackingStore::clear):
        * platform/graphics/ImageFrame.h:
        (WebCore::ImageFrame::frameBytes):
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::maximumSubsamplingLevel):
        * platform/graphics/ca/LayerPool.cpp:
        (WebCore::LayerPool::backingStoreBytesForSize):
        * platform/graphics/cg/ImageDecoderCG.cpp:
        (WebCore::ImageDecoder::frameBytesAtIndex):
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::platformApplySoftware):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::asUnmultipliedImage):
        (WebCore::FilterEffect::asPremultipliedImage):
        (WebCore::FilterEffect::copyUnmultipliedImage):
        (WebCore::FilterEffect::copyPremultipliedImage):
        (WebCore::FilterEffect::createUnmultipliedImageResult):
        (WebCore::FilterEffect::createPremultipliedImageResult):
        * platform/graphics/win/ImageBufferDataDirect2D.cpp:
        (WebCore::ImageBufferData::getData): Update overflow check,
        rename local variable to numBytes, and compute numBytes once.
        * platform/graphics/win/ImageDecoderDirect2D.cpp:
        (WebCore::ImageDecoder::frameBytesAtIndex):
        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::frameBytesAtIndex):
        * platform/ios/LegacyTileLayerPool.mm:
        (WebCore::LegacyTileLayerPool::bytesBackingLayerWithPixelSize):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForCanvas):
        * rendering/shapes/Shape.cpp:
        (WebCore::Shape::createRasterShape):

2016-10-26  David Kilzer  <ddkilzer@apple.com>

        Merge r207560. rdar://problem/28962914

    2016-10-19  David Kilzer  <ddkilzer@apple.com>

        Bug 163670: Refine assertions in WebCore::ImageData constructors
        <https://webkit.org/b/163670>
        <rdar://problem/27497338>

        Reviewed by Brent Fulgham.

        No new tests because there is no change in nominal behavior.

        * html/ImageData.cpp:
        (WebCore::ImageData::ImageData(const IntSize&)): Change to use
        ASSERT() since the worst-case scenario here is a nullptr deref.
        Switch to IntSize::area() to compute the area.
        (WebCore::ImageData::ImageData(const IntSize&, Ref<Uint8ClampedArray>&&)):
        Add ASSERT() identical to the previous constructor, and change
        ASSERT_WITH_SECURITY_IMPLICATION() to only fire when m_data is
        not nullptr and the length check fails.  Switch to
        IntSize::area() to compute the area.

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207523. rdar://problem/28718748

    2016-10-19  Jer Noble  <jer.noble@apple.com>

            [Mac][MSE] Movies with a 'mehd' box have a zero-duration
            https://bugs.webkit.org/show_bug.cgi?id=163641

            Reviewed by Darin Adler.

            Test: media/media-source/media-source-init-segment-duration.html

            The canonical (ISO/IEC 14496-12:2012) way to signal the duration of a fragmented media file is to add a
            'mehd' box to the 'mvex' container box specifying the duration of the fragment. Support this through the
            AVAsset -overallDurationHint property.

            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):
            * platform/spi/mac/AVFoundationSPI.h:

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207547. rdar://problem/28810755

    2016-10-19  Zalan Bujtas  <zalan@apple.com>

            Use anonymous table row for new child at RenderTableRow::addChild() if available.
            https://bugs.webkit.org/show_bug.cgi?id=163651
            <rdar://problem/28705022>

            Reviewed by David Hyatt.

            We should try to prevent the continuation siblings from getting separated and inserted into
            wrapper renderers. It makes finding these continuation siblings difficult.
            This patch adds a checks for anonymous table rows so that we could find a closer common ancestor of
            beforeChild/new child.

            Test: fast/table/crash-when-table-has-continuation-and-content-inserted.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::showRenderObject): Add continuation information.
            * rendering/RenderTableRow.cpp:
            (WebCore::RenderTableRow::addChild):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207804. rdar://problem/28849628

    2016-10-24  Zalan Bujtas  <zalan@apple.com>

            Do not update selection rect on dirty lineboxes.
            https://bugs.webkit.org/show_bug.cgi?id=163862
            <rdar://problem/28813156>

            Reviewed by Simon Fraser.

            In certain cases RenderBlock::updateFirstLetter() triggers
            unwanted render tree mutation while the caller assumes intact renderers.
            This patch ensures that no renderers gets destroyed while computing the preferred widths
            when we are outside of layout context.

            Test: fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::computePreferredLogicalWidths):
            (WebCore::RenderBlock::updateFirstLetter):
            * rendering/RenderBlock.h:
            * rendering/RenderListItem.cpp:
            (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):
            * rendering/RenderRubyRun.cpp:
            (WebCore::RenderRubyRun::updateFirstLetter):
            * rendering/RenderRubyRun.h:
            * rendering/RenderTable.cpp:
            (WebCore::RenderTable::updateFirstLetter):
            * rendering/RenderTable.h:
            * rendering/svg/RenderSVGText.cpp:
            (WebCore::RenderSVGText::updateFirstLetter):
            * rendering/svg/RenderSVGText.h:

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207692. rdar://problem/28810751

    2016-10-20  Dean Jackson  <dino@apple.com>

            SVG should not paint selection within a mask
            https://bugs.webkit.org/show_bug.cgi?id=163772
            <rdar://problem/28705129>

            Reviewed by Simon Fraser.

            When masking content, we shouldn't paint the text
            selection as we are rendering into the masking
            offscreen buffer.

            Test: svg/masking/mask-should-not-paint-selection.html

            * rendering/PaintPhase.h: Add a new behavior - PaintBehaviorSkipSelectionHighlight.
            * rendering/svg/SVGInlineTextBox.cpp:
            (WebCore::SVGInlineTextBox::paint): Don't update the selectionStyle if
            PaintBehaviorSkipSelectionHighlight is true.
            * rendering/svg/SVGRenderingContext.cpp:
            (WebCore::SVGRenderingContext::renderSubtreeToImageBuffer): Add PaintBehaviorSkipSelectionHighlight
            to the PaintInfo.

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207683. rdar://problem/28849627

    2016-10-21  Zalan Bujtas  <zalan@apple.com>

            Do not mutate the render tree while collecting selection repaint rects.
            https://bugs.webkit.org/show_bug.cgi?id=163800
            <rdar://problem/28806886>

            Reviewed by David Hyatt.

            RenderListItem not only mutates the tree while in layout but it also uses
            the old descendant context to find the insertion point.
            This patch strictly ensures that we only do it while in layout and never
            in other cases such as collecting repaint rects.
            This gets redundant when webkit.org/b/163789 is fixed.

            Test: fast/lists/crash-when-list-marker-is-moved-during-selection.html

            * rendering/RenderListItem.cpp:
            (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207661. rdar://problem/28857478

    2016-10-21  Jer Noble  <jer.noble@apple.com>

            CRASH in SourceBuffer::sourceBufferPrivateDidReceiveSample + 2169
            https://bugs.webkit.org/show_bug.cgi?id=163735

            Reviewed by Eric Carlson.

            Test: media/media-source/media-source-sample-wrong-track-id.html

            When SourceBuffer receives a sample in sourceBufferPrivateDidReceiveSample() containing
            a trackID not previously seen in an initialization segment, it creates a default TrackBuffer
            object to contain that track's samples. One of the fields in TrackBuffer, description, is
            normally filled out when an initialization segment is received, but with this default
            TrackBuffer, it's still null when it's checked later in sourceBufferPrivateDidReceiveSample().

            Rather than adding a null-check on trackBuffer.description, drop any sample that has a
            trackID which was not present during a previous initialization segment.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207631. rdar://problem/28810750

    2016-10-20  Zalan Bujtas  <zalan@apple.com>

            Stop searching for first-letter containers at multi-column boundary.
            https://bugs.webkit.org/show_bug.cgi?id=163739
            <rdar://problem/28810750>

            We should not cross the multi-column boundary while searching for the first-letter container.
            While moving first-letter renderers to a multi-column parent, it could result in finding the wrong
            container and end up adding a new wrapper under the original container (from where we are moving the renderers).

            Reviewed by David Hyatt.

            Test: fast/css-generated-content/first-letter-move-to-multicolumn-crash.html

            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::moveChildrenTo):
            * rendering/RenderTextFragment.cpp:
            (WebCore::RenderTextFragment::blockForAccompanyingFirstLetter):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207477. rdar://problem/28810756

    2016-10-18  Brent Fulgham  <bfulgham@apple.com>

            Correct Document::removeAllEventListeners
            https://bugs.webkit.org/show_bug.cgi?id=163558
            <rdar://problem/28716840>

            Reviewed by Chris Dumez.

            Tested by fast/dom/node-move-to-new-document-crash-main.html.

            * dom/Document.cpp:
            (WebCore::Document::removeAllEventListeners): Clear out the wheel and
            touch event targets when clearing all data.

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207221. rdar://problem/28894492

    2016-10-12  Brent Fulgham  <bfulgham@apple.com>

            [WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
            https://bugs.webkit.org/show_bug.cgi?id=163149
            <rdar://problem/28629774>

            Reviewed by Dean Jackson.

            Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::validateVertexAttributes):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206190. rdar://problem/28744102

    2016-09-20  Nan Wang  <n_wang@apple.com>

            AX: AppleVisUser: VO can't navigate web dialogs iOS10
            https://bugs.webkit.org/show_bug.cgi?id=162322

            Reviewed by Chris Fleizach.

            When using VoiceOver to navigate a web dialog's children, we were setting focus
            onto the focusable parent in accessibilityElementDidBecomeFocused. When the focusable
            parent is the dialog, it will cause the VO cursor jumping back and forward. Fixed it
            by not setting focus on web dialogs in such case.

            Test: accessibility/ios-simulator/dialog-did-become-focused.html

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]):

2016-10-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206102. rdar://problem/28744106

    2016-09-19  Nan Wang  <n_wang@apple.com>

            AX: Add accessibility support for details element on iOS
            https://bugs.webkit.org/show_bug.cgi?id=162041

            Reviewed by Chris Fleizach.

            The details and summary elements are poorly supported on iOS.
            Two major issues:
                1. Assistive technologies taking focus onto details/summary elements will cause unexpected behavior.
                2. VoiceOver is not speaking the expanded status of the details element.
            Fixed them by not setting focus onto elements inside details and exposing the details element's expanded
            status to its summary's accessible children.

            Test: accessibility/ios-simulator/detail-summary-ios.html

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (matchedParent):
            (-[WebAccessibilityObjectWrapper _accessibilityListAncestor]):
            (-[WebAccessibilityObjectWrapper _accessibilityLandmarkAncestor]):
            (-[WebAccessibilityObjectWrapper _accessibilityTableAncestor]):
            (-[WebAccessibilityObjectWrapper _accessibilityFieldsetAncestor]):
            (-[WebAccessibilityObjectWrapper tableCellParent]):
            (-[WebAccessibilityObjectWrapper tableParent]):
            (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]):
            (-[WebAccessibilityObjectWrapper convertRectToScreenSpace:]):
            (-[WebAccessibilityObjectWrapper detailParentForSummaryObject:]):
            (-[WebAccessibilityObjectWrapper detailParentForObject:]):
            (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]):
            (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):
            (-[WebAccessibilityObjectWrapper accessibilityIsExpanded]):

2016-10-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r204472. rdar://problem/28544885

    2016-08-15  Keith Rollin  <krollin@apple.com>

            Rename LOG_ALWAYS
            https://bugs.webkit.org/show_bug.cgi?id=160768

            Rename LOG_ALWAYS and friends, given that the first parameter to it is
            a boolean expression that determines whether or not logging should be
            performed.

            Reviewed by Chris Dumez.

            No new tests. No new functionality is added. Only some macro names
            have been changed.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::prepareForLoadStart):
            (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
            * platform/MemoryPressureHandler.cpp:
            (WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):
            * platform/graphics/cocoa/IOSurface.mm:
            (WebCore::IOSurface::IOSurface):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207220. rdar://problem/28811939

    2016-10-12  Wenson Hsieh  <wenson_hsieh@apple.com>

            Now playing media sessions are always cleared for the active foreground tab
            https://bugs.webkit.org/show_bug.cgi?id=163310
            <rdar://problem/28573301>

            Reviewed by Jer Noble.

            Currently, we clear out Now Playing info whenever we set the visibility of Now Playing controls to Never. This
            is incorrect, as the Now Playing session needs to still be active (just not visible) in this state. Instead, we
            should not be taking the active/foregrounded-ness of a media session for Now Playing into account in
            MediaElementSession::canShowControlsManager so that even if a media session is in the active/foreground tab, we
            will update the Now Playing session with the latest info. However, when setting the visibility, we now check
            and see if the session allows Now Playing visibility, and set the Now Playing visibility to Always or Never
            depending on the answer.

            Tweaked existing unit tests in NowPlayingControlsTests.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):
            (WebCore::MediaElementSession::allowsNowPlayingControlsVisibility):
            (WebCore::MediaElementSession::pageAllowsNowPlayingControls): Deleted.
            * html/MediaElementSession.h:
            * platform/audio/PlatformMediaSession.h:
            (WebCore::PlatformMediaSession::allowsNowPlayingControlsVisibility):
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206771. rdar://problem/28811939

    2016-10-04  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls are displayed in the incorrect state momentarily after switching between tabs playing media
            https://bugs.webkit.org/show_bug.cgi?id=162766
            <rdar://problem/28533523>

            Reviewed by Jer Noble.

            When showing Now Playing controls for a media session, we should first set up the Now Playing info and
            playback state before telling MediaRemote to make the session visible. This is WebKit work in ensuring that
            when switching Now Playing sessions by switching tabs, we do not first display an invalid Now Playing state
            before updating to the expected state.

            Adds 2 new WebKit API tests in NowPlayingControlsTests: NowPlayingControlsHideAfterShowingClearsInfo and
            NowPlayingControlsClearInfoAfterSessionIsNoLongerValid.

            * platform/audio/PlatformMediaSessionManager.h:
            (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingTitle):
            (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingDuration):
            (WebCore::PlatformMediaSessionManager::lastUpdatedNowPlayingElapsedTime):
            (WebCore::PlatformMediaSessionManager::hasActiveNowPlayingSession): Deleted.
            * platform/audio/mac/MediaSessionManagerMac.h:
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207486. rdar://problem/28409742

    2016-10-18  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION (r201471): Keyboard remains visible when swiping back on twitter.com
            https://bugs.webkit.org/show_bug.cgi?id=163581
            <rdar://problem/27739558>

            Reviewed by Simon Fraser.

            The bug was caused by Chrome::elementDidBlur not getting called, which resulted in
            StopAssistingNode not getting sent to the UI process.

            Test: fast/forms/ios/hide-keyboard-on-node-removal.html

            * dom/Document.cpp:
            (WebCore::Document::setFocusedElement): Restore the behavior prior to r201471 by calling
            Chrome::elementDidBlur explicitly.
            * html/HTMLTextFormControlElement.cpp:
            (WebCore::HTMLTextFormControlElement::dispatchBlurEvent): Added a comment about ordering.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207275. rdar://problem/28810752

    2016-10-12  Zalan Bujtas  <zalan@apple.com>

            RenderRubyRun should not mark child renderers dirty at the end of layout.
            https://bugs.webkit.org/show_bug.cgi?id=163359
            <rdar://problem/28711840>

            Reviewed by David Hyatt.

            The current layout logic does not support marking renderers dirty for subsequent layouts.
            Layout needs to exit with a clean tree.
            Should relayoutChild be insufficient, we could also mark the base/text dirty for the justified content.

            Test: fast/ruby/rubyrun-has-bad-child.html

            * rendering/RenderBlockLineLayout.cpp:
            (WebCore::RenderBlockFlow::updateRubyForJustifiedText):
            * rendering/RenderRubyRun.cpp:
            (WebCore::RenderRubyRun::layout):
            (WebCore::RenderRubyRun::layoutBlock):
            * rendering/RenderRubyRun.h:

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207274. rdar://problem/28849629

    2016-10-12  Simon Fraser  <simon.fraser@apple.com>

            Crash when using megaplan.ru
            https://bugs.webkit.org/show_bug.cgi?id=163276
            rdar://problem/28446672

            Reviewed by Sam Weinig.

            Make sure we allocate enough space in the vector of CGPoints that we use for path building.

            Test: css3/masking/large-clip-path.html

            * platform/graphics/cg/PathCG.cpp:
            (WebCore::Path::polygonPathFromPoints):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207159. rdar://problem/28857481

    2016-10-11  Daniel Bates  <dabates@apple.com>

            [iOS] REGRESSION (r197953): User gesture required to load video in iOS 9-built apps
            https://bugs.webkit.org/show_bug.cgi?id=163244
            <rdar://problem/27250015>

            Reviewed by Jer Noble.

            Adds a new setting to toggle requiring a user gesture to load a video (enabled by default).
            Disable this setting for apps built against iOS 9 or earlier.

            Tests: media/loadedmetadata-fires-without-user-gesture-when-setRequiresUserGestureToLoadVideo-false.html
                   media/require-user-gesture-to-load-video.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement): Only require a user gesture to load a video
            when Settings::requiresUserGestureToLoadVideo() is true.
            * page/Settings.cpp: Enable setting requiresUserGestureToLoadVideo by default.
            * page/Settings.in: Add setting, requiresUserGestureToLoadVideo.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206712. rdar://problem/28216065

    2016-10-01  Simon Fraser  <simon.fraser@apple.com>

            Bad cast when CSS position programmatically changed from -webkit-sticky to fixed
            https://bugs.webkit.org/show_bug.cgi?id=160826

            Reviewed by Zalan Bujtas.

            If a scrolling state tree node changed type (e.g. from sticky to fixed), we'd fail
            to recreate the node so keep a node with the wrong type.

            Fix by destroying the node and making a new one with a new ID in this case. The
            new ID is necessary to ensure that the scrolling tree is updated.

            Test: fast/scrolling/sticky-to-fixed.html

            * page/scrolling/ScrollingStateTree.cpp:
            (WebCore::ScrollingStateTree::nodeTypeAndParentMatch):
            (WebCore::ScrollingStateTree::attachNode):
            (WebCore::ScrollingStateTree::stateNodeForID):
            * page/scrolling/ScrollingStateTree.h:

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206706. rdar://problem/28635081

    2016-09-30  David Kilzer  <ddkilzer@apple.com>

            REGRESSION (r203424): WebCore::ImageBuffer::createCompatibleBuffer() in ImageBufferCG.cpp over-releases CGColorSpaceRef objects
            <https://webkit.org/b/162823>
            <rdar://problem/27723268>

            Reviewed by Joseph Pecoraro.

            Code is covered by existing tests, but no crashes have been
            observed in practice.  May require running one test multiple
            times to reproduce.

            * platform/graphics/cg/ImageBufferCG.cpp:
            (WebCore::ImageBuffer::createCompatibleBuffer): Don't use
            adoptCF() when the function doesn't return a +1 retained
            CGColorSpaceRef.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206074. rdar://problem/28216061

    2016-09-17  David Kilzer  <ddkilzer@apple.com>

            MainThreadBridge needs an isolatedCopy() of SecurityOrigin
            <https://webkit.org/b/162116>
            <rdar://problem/27525870>

            Reviewed by Carlos Garcia Campos.

            Covered by existing tests.

            * loader/WorkerThreadableLoader.cpp:
            (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
            Make an isolatedCopy() of SecurityOrigin here since that's the
            correct idiom to use when the object is passed from a worker
            thread back to the main thread.  Fix suggested by Daniel Bates.

2016-10-20  Babak Shafiei  <bshafiei@apple.com>

        Build fix. rdar://problem/28883727

        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse):

2016-10-20  Daniel Bates  <dabates@apple.com>

        Merge r206809. rdar://problem/28718761

    2016-10-05  Daniel Bates  <dabates@apple.com>

            Do not follow redirects when sending violation report
            https://bugs.webkit.org/show_bug.cgi?id=162520
            <rdar://problem/27957639>

            Reviewed by Alex Christensen.

            Do not follow redirects when sending a Content Security Policy or XSS Auditor violation report
            as redirects can be used to forward report details to a third-party.

            This changes makes WebKit more closely conform to the reporting requirements in section Reporting
            of the Content Security Level 2 standard: <https://w3c.github.io/webappsec-csp/2/#violation-reports>
            (Editor's Draft, 25 April 2016).

            Tests: http/tests/security/contentSecurityPolicy/report-blocked-uri-and-do-not-follow-redirect-when-sending-report.php
                   http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html
                   http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html

            * loader/LoaderStrategy.h: Modified createPingHandle() to take a boolean, shouldFollowRedirects,
            whether to follow redirect responses for a ping request.
            * loader/PingLoader.cpp:
            (WebCore::PingLoader::loadImage): Pass ShouldFollowRedirects::Yes to PingLoader::startPingLoad to
            keep our current behavior.
            (WebCore::PingLoader::sendPing): Ditto. Note our current behavior of following redirects matches
            the behavior described in the section "Hyperlink auditing" of the HTML standard:
            <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing> (23 September 2016).
            (WebCore::PingLoader::sendViolationReport): Pass ShouldFollowRedirects::No to PingLoader::startPingLoad
            so that we do not follow redirects when sending a violation report.
            (WebCore::PingLoader::startPingLoad): Modified to take argument shouldFollowRedirects whether to
            follow redirect responses for a ping request.
            * loader/PingLoader.h:
            * platform/network/PingHandle.h: Add boolean m_shouldFollowRedirects. I grouped this boolean with
            the existing boolean, m_shouldUseCredentialStorage, as opposed to appending to the end of the class
            definition to avoid increasing object size as clang will coalesces the two bools into a single
            machine word. Override ResourceHandleClient::willSendRequest() and ResourceHandleClient::willSendRequestAsync()
            to follow a redirect, if applicable. 

2016-10-20  Matthew Hanson  <matthew_hanson>

        Merge r206217. rdar://problem/28811877

    2016-09-21  Daniel Bates  <dabates@apple.com>

            REGRESSION (r201090): Setting style.webkitTextSizeAdjust does not change text change on iPad
            https://bugs.webkit.org/show_bug.cgi?id=162227
            <rdar://problem/27201529>

            Reviewed by Simon Fraser.

            The CSS property -webkit-text-size-adjust should be respected on all iOS devices. Following
            r201090 we respect it only on iPhone and in iPhone-apps run on iPad.

            Tests: fast/text-autosizing/ios/ipad/programmatic-text-size-adjust.html
                   fast/text-autosizing/ios/ipad/text-size-adjust-inline-style.html
                   fast/text-autosizing/ios/programmatic-text-size-adjust.html
                   fast/text-autosizing/ios/text-size-adjust-inline-style.html
                   fast/text-autosizing/text-size-adjust-inline-style.html

            * css/parser/CSSParser.cpp:
            (WebCore::isValidKeywordPropertyAndValue): Remove unused code to validate -webkit-text-size-adjust.
            This code is never used because -webkit-text-size-adjust is a value property (since it accepts a
            <percentage> as a value and CSSParserFastPaths::isKeywordPropertyID(CSSPropertyWebkitTextSizeAdjust)
            returns false). That is, it is not a keyword property.
            (WebCore::CSSParser::parseValue): Always enable the -webkit-text-size-adjust CSS property when
            building for iOS regardless of whether Settings:textAutosizingEnabled() is enabled.

2016-10-20  Matthew Hanson  <matthew_hanson>

        Merge r206881. rdar://problem/28721519

    2016-10-06  Anders Carlsson  <andersca@apple.com>

            Crash when ApplePaySession.completeMerchantValidation is not passed a dictionary
            https://bugs.webkit.org/show_bug.cgi?id=163074
            rdar://problem/27824842

            Reviewed by Tim Horton.

            Raise a type error on a null initializer object.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::ApplePaySession::completeMerchantValidation):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r204637. rdar://problem/28216256

    2016-08-16  Simon Fraser  <simon.fraser@apple.com>

            Rename didLayout(LayoutMilestones) to didReachLayoutMilestone(), and related WK2 functions
            https://bugs.webkit.org/show_bug.cgi?id=160923

            Reviewed by Tim Horton.

            didLayout(LayoutMilestones) -> didReachLayoutMilestone(LayoutMilestones)
            dispatchDidLayout(LayoutMilestones) -> dispatchDidReachLayoutMilestone(LayoutMilestones)

            * dom/Document.cpp:
            (WebCore::Document::setVisualUpdatesAllowed):
            * loader/EmptyClients.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::didReachLayoutMilestone):
            (WebCore::FrameLoader::didLayout): Deleted.
            * loader/FrameLoader.h:
            * loader/FrameLoaderClient.h:
            * page/FrameView.cpp:
            (WebCore::FrameView::fireLayoutRelatedMilestonesIfNeeded):
            (WebCore::FrameView::firePaintRelatedMilestonesIfNeeded):
            * page/LayoutMilestones.h: Formatting
            * page/Page.cpp:
            (WebCore::Page::addRelevantRepaintedObject):

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207157. rdar://problem/28857500

    2016-10-11  Daniel Bates  <dabates@apple.com>

            [iOS] Sandbox QuickLook previews
            https://bugs.webkit.org/show_bug.cgi?id=163240
            <rdar://problem/25961633>

            Fix bad merge following r207151.

            * platform/network/cf/ResourceResponse.h: Define m_isQuickLook.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r207155. rdar://problem/28857500

    2016-10-11  Daniel Bates  <dabates@apple.com>

            [iOS] Sandbox QuickLook previews
            https://bugs.webkit.org/show_bug.cgi?id=163240
            <rdar://problem/25961633>

            Reviewed by Brent Fulgham.

            Use a unique origin for- and limit the capabilities of- QuickLook previews.

            Tests: http/tests/quicklook/at-import-stylesheet-blocked.html
                   http/tests/quicklook/base-url-blocked.html
                   http/tests/quicklook/cross-origin-iframe-blocked.html
                   http/tests/quicklook/csp-header-ignored.html
                   http/tests/quicklook/document-domain-is-empty-string.html
                   http/tests/quicklook/external-stylesheet-blocked.html
                   http/tests/quicklook/hide-referer-on-navigation.html
                   http/tests/quicklook/submit-form-blocked.html
                   http/tests/quicklook/top-navigation-blocked.html

            * dom/Document.cpp:
            (WebCore::Document::processHttpEquiv): Call ContentSecurityPolicy::didReceiveHeader().
            (WebCore::Document::processReferrerPolicy): Do not process referrer policy for QuickLook previews.
            (WebCore::Document::initSecurityContext): Apply sandbox for QuickLook previews.
            (WebCore::Document::shouldEnforceQuickLookSandbox): Added.
            (WebCore::Document::applyQuickLookSandbox): Added.
            * dom/Document.h:
            * page/csp/ContentSecurityPolicy.h: Change accessibility of didReceiveHeader() from private to public.
            (WebCore::ContentSecurityPolicy::processHTTPEquiv): Deleted.
            * platform/network/cf/ResourceResponse.h:
            (WebCore::ResourceResponse::isQuickLook): Added.
            (WebCore::ResourceResponse::setIsQuickLook): Added.
            * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
            (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse): Modified to mark
            resource response as a QuickLook preview, if appropriate. Also remove the name of the first argument
            and the need to use UNUSED_PARAM(connection) as we no longer make use of the first argument
            following r207151.
            * platform/network/ios/QuickLook.mm:
            (-[WebResourceLoaderQuickLookDelegate _sendDidReceiveResponseIfNecessary]): Ditto.
            * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
            (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]): Ditto. Fix style nits,
            including renaming the function argument "r" to "resource" to better describe its purpose.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206132. rdar://problem/28634856

    2016-09-19  Anders Carlsson  <andersca@apple.com>

            Suppress JavaScript prompts early on in certain cases
            https://bugs.webkit.org/show_bug.cgi?id=162243
            rdar://problem/27661602

            Reviewed by Geoffrey Garen.

            Export symbols needed by WebKit2.

            * loader/FrameLoader.h:
            * loader/FrameLoaderStateMachine.h:

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205326. rdar://problem/28476952

    2016-09-01  Ricky Mondello  <rmondello@apple.com>

            YouTube Flash plug-in replacement facility should not insert showinfo=0 into iframe URLs
            https://bugs.webkit.org/show_bug.cgi?id=161478
            <rdar://problem/28050847>

            Reviewed by Eric Carlson.

            * Modules/plugins/YouTubePluginReplacement.cpp:
            (WebCore::YouTubePluginReplacement::youTubeURLFromAbsoluteURL): Stop adding the query parameter.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205306. rdar://problem/28476952

    2016-09-01  Ricky Mondello  <rmondello@apple.com>

            YouTube Flash plug-in replacement facility should more gracefully handle malformed queries
            https://bugs.webkit.org/show_bug.cgi?id=161476
            <rdar://problem/28050847>

            Reviewed by Eric Carlson.

            Some YouTube Flash embeds use '&' instead of '?' to start the query portion of the URL. Before this patch,
            our implementation discards all parts of the path after the '&', which could drop important query information
            like the start time for the video. This patch treats anything after that '&' as a "malformed query" and uses
            it as the query to restore to the transformed URL if there was no actual query in the original URL.

            * Modules/plugins/YouTubePluginReplacement.cpp:
            (WebCore::processAndCreateYouTubeURL): Add an out-parameter for the path after the first ampersand.
            (WebCore::YouTubePluginReplacement::youTubeURLFromAbsoluteURL): If the input URL had no query, append
                the possibly malformed one found after the first ampersand to the replacement URL.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205274. rdar://problem/28476952

    2016-08-31  Ricky Mondello  <rmondello@apple.com>

            Enable the YouTube Flash plug-in replacement behavior on all Cocoa ports
            https://bugs.webkit.org/show_bug.cgi?id=161453
            <rdar://problem/28050847>

            Reviewed by Eric Carlson.

            Now that we have some tests for the URL transformation logic (r205212) and the ability to enable the YouTube
            Flash plug-in replacement behavior independently from the QuickTime plug-in replacement behavior (r205214 and
            r205271), enable the YouTube Flash plug-in replacement behavior for Cocoa ports. We can and will continue to
            improve it.

            * page/Settings.cpp: Enable the feature for PLATFORM(COCOA), rather than just PLATFORM(IOS).

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205271. rdar://problem/28476952

    2016-08-31  Ricky Mondello  <rmondello@apple.com>

            Break pluginReplacementEnabled into youTubeFlashPluginReplacementEnabled and quickTimePluginReplacementEnabled
            https://bugs.webkit.org/show_bug.cgi?id=161424
            <rdar://problem/28050847>

            Reviewed by Dean Jackson.

            Replace the single pluginReplacementEnabled setting with individual settings for the YouTube Flash plug-in
            behavior and the QuickTime plug-in behavior. Unless otherwise noted, this change copies the existing plumbing
            for pluginReplacementEnabled and renames it twice. The default values for these settings remain the same.

            * Modules/plugins/PluginReplacement.h:
            (WebCore::ReplacementPlugin::ReplacementPlugin): Augment the constructor.
            (WebCore::ReplacementPlugin::isEnabledBySettings): Added.
            * Modules/plugins/QuickTimePluginReplacement.h: Declare a static member function.
            * Modules/plugins/QuickTimePluginReplacement.mm:
            (WebCore::QuickTimePluginReplacement::registerPluginReplacement): Properly create a ReplacementPlugin instance.
            (WebCore::QuickTimePluginReplacement::isEnabledBySettings): Added.
            * Modules/plugins/YouTubePluginReplacement.cpp:
            (WebCore::YouTubePluginReplacement::registerPluginReplacement): Properly create a ReplacementPlugin instance.
            (WebCore::YouTubePluginReplacement::isEnabledBySettings): Added.
            * Modules/plugins/YouTubePluginReplacement.h: Declare a static member function.
            * html/HTMLPlugInElement.cpp:
            (WebCore::HTMLPlugInElement::requestObject): Ask the ReplacementPlugin whether it's enabled, rather than assume
                all plug-in replacement is guarded by a single run-time setting.
            * page/Settings.cpp: Declare values for defaults for both settings.
            * page/Settings.in: Declare two settings.
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup): Handle both settings.
            (WebCore::InternalSettings::Backup::restoreTo): Ditto.
            (WebCore::InternalSettings::setQuickTimePluginReplacementEnabled): Added.
            (WebCore::InternalSettings::setYouTubeFlashPluginReplacementEnabled): Added.
            (WebCore::InternalSettings::setPluginReplacementEnabled): Deleted.
            * testing/InternalSettings.h: Duplicate and rename.
            * testing/InternalSettings.idl: Ditto.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205214. rdar://problem/28476952

    2016-08-30  Ricky Mondello  <rmondello@apple.com>

            "pluginReplacementEnabled" should be a Setting, not a RuntimeEnabledFeature
            https://bugs.webkit.org/show_bug.cgi?id=161416
            <rdar://problem/28050847>

            Reviewed by Simon Fraser.

            Mostly mechanical. Tested by running LayoutTests/plugins/quicktime-plugin-replacement.html and manually toggling
            defaultPluginReplacementEnabled and observing a behavior change.

            * bindings/generic/RuntimeEnabledFeatures.cpp:
            (WebCore::RuntimeEnabledFeatures::reset): Purged of the pluginReplacementEnabled setting.
            * bindings/generic/RuntimeEnabledFeatures.h:
            (WebCore::RuntimeEnabledFeatures::setPluginReplacementEnabled): Deleted.
            (WebCore::RuntimeEnabledFeatures::pluginReplacementEnabled): Deleted.
            * html/HTMLPlugInElement.cpp:
            (WebCore::HTMLPlugInElement::requestObject): Use the setting.
            * page/Settings.cpp: Supply different values for iOS and other platforms, matching the RuntimeEnabledFeature values,
                enabled for iOS and disabled otherwise.
            * page/Settings.in: Declare the setting.
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup): Use the setting.
            (WebCore::InternalSettings::Backup::restoreTo): Ditto.
            (WebCore::InternalSettings::setPluginReplacementEnabled): Ditto.
            * testing/InternalSettings.h: Can now throw an exception, like other Settings-backed members.
            * testing/InternalSettings.idl: Declare this as possibly throwing an exception.

2016-10-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205212. rdar://problem/28476952

    2016-08-30  Ricky Mondello  <rmondello@apple.com>

            YouTubePluginReplacementTest's URL transformation logic should have tests
            https://bugs.webkit.org/show_bug.cgi?id=161406
            <rdar://problem/28050847>

            Reviewed by Eric Carlson.

            Refactor most of YouTubePluginReplacement::youTubeURL into a static method that can be used by TestWebKitAPI.

            * Modules/plugins/YouTubePluginReplacement.cpp:
            (WebCore::YouTubePluginReplacement::youTubeURL): Now implemented in terms of youTubeURLFromAbsoluteURL.
            (WebCore::YouTubePluginReplacement::youTubeURLFromAbsoluteURL): Absorbs most of youTubeURL.
            * Modules/plugins/YouTubePluginReplacement.h: Declare a public method, for the benefit of testing.
            * WebCore.xcodeproj/project.pbxproj: Make some heads private for TestWebKitAPI's benefit.

2016-08-25  Brent Fulgham  <bfulgham@apple.com>

        Merge r205163. rdar://problem/28216249

    2016-08-29  Brent Fulgham  <bfulgham@apple.com>

            Avoid holding GlyphData in MathOperator
            https://bugs.webkit.org/show_bug.cgi?id=161256
            <rdar://problem/28033400>

            Reviewed by Myles C. Maxfield.

            Do not cache GlyphData in MathOperator elements, because the fonts referenced in the
            GlyphData may be purged during low-memory conditions. Instead, we should store either
            the relevant CodePoint, or the fallback Glyph (for the current system font).

            Added an initialization function for GlyphAssemblyData, since unions containing structs
            do not properly call constructors, resulting in garbage font/glyph content.

            No new tests. Changes are covered by existing MathML test suite.

            * rendering/mathml/MathOperator.cpp:
            (WebCore::MathOperator::GlyphAssemblyData::initialize): Added.
            (WebCore::MathOperator::MathOperator): Initialize m_assembly/m_variant.
            (WebCore::MathOperator::setSizeVariant): Only store the glyph, not the font.
            (WebCore::glyphDataForCodePointOrFallbackGlyph): Added helper function.
            (WebCore::MathOperator::setGlyphAssembly): Do not rely on stored GlyphData.
            (WebCore::MathOperator::calculateGlyphAssemblyFallback): Remove unneeded argument. Check
            if a fallback glyph is being used and remember for later.
            (WebCore::MathOperator::calculateStretchyData): Do not rely on stored GlyphData.
            (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Ditto.
            (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Ditto.
            (WebCore::MathOperator::paintVerticalGlyphAssembly): Ditto.
            (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
            (WebCore::MathOperator::paint): Ditto.
            * rendering/mathml/MathOperator.h:
            (WebCore::MathOperator::GlyphAssemblyData::hasExtension): Added.
            (WebCore::MathOperator::GlyphAssemblyData::hasMiddle): Added.
            (WebCore::MathOperator::MathOperator): Deleted.

2016-08-25  Brent Fulgham  <bfulgham@apple.com>

        Merge r205031. rdar://problem/28216249

    2016-08-25  Brent Fulgham  <bfulgham@apple.com>

            Crash when getting font bounding rect
            https://bugs.webkit.org/show_bug.cgi?id=161202
            <rdar://problem/27986981>

            Reviewed by Myles C. Maxfield.

            We should never store GlyphData objects for later use, because they contain raw pointers to Font elements
            contained in caches, and those font caches get periodically purged.

            Instead, we should hold onto the ‘key’ representing the GlyphData, and simply ask the system for the
            GlyphData the next time it is needed.

            Tested by existing MathML tests under ASAN and GuardMalloc.

            * rendering/mathml/RenderMathMLToken.cpp:
            (WebCore::RenderMathMLToken::RenderMathMLToken): Clean up constructors.
            (WebCore::RenderMathMLToken::computePreferredLogicalWidths): Use keys to get correct GlyphData when needed.
            (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
            (WebCore::RenderMathMLToken::firstLineBaseline): Ditto.
            (WebCore::RenderMathMLToken::layoutBlock): Ditto.
            (WebCore::RenderMathMLToken::paint): Ditto.
            (WebCore::RenderMathMLToken::paintChildren): Ditto.
            * rendering/mathml/RenderMathMLToken.h:

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206975. rdar://problem/28545012

    2016-10-07  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION(r165103): labels list doesn't get invalidated when other lists are invalidated at document level
            https://bugs.webkit.org/show_bug.cgi?id=163145

            Reviewed by Darin Adler.

            The bug was caused by Document::invalidateNodeListAndCollectionCaches removing all node lists regardless
            of whether they have been invalidated or not.

            Fixed the bug by removing only those node lists that got invalidated via LiveNodeList::invalidateCache.

            Test: fast/dom/NodeList/form-labels-length.html

            * dom/Document.cpp:
            (WebCore::Document::Document):
            (WebCore::Document::unregisterNodeListForInvalidation): Removed the conditional which allowed removal to
            happen while m_listsInvalidatedAtDocument is empty inside invalidateNodeListAndCollectionCaches.
            * dom/Document.h:
            * dom/Node.cpp:
            (WebCore::Document::invalidateNodeListAndCollectionCaches): Just remove the node lists being invalidated via
            LiveNodeList's invalidateCache, which calls unregisterNodeListForInvalidation, instead of removing them all.
            We make a copy of the list of node lists into a local vector because mutating HashMap while iterating over it
            is not a safe operation.

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r206280. rdar://problem/28476953

    2016-09-22  Brady Eidson  <beidson@apple.com>

            IDBIndex.openCursor() matches indices on multiple object stores.
            <rdar://problem/28434463> and https://bugs.webkit.org/show_bug.cgi?id=158833

            Reviewed by Alex Christensen.

            Tests: storage/indexeddb/modern/multiple-objectstore-index-cursor-collision-private.html
                   storage/indexeddb/modern/multiple-objectstore-index-cursor-collision.html

            * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
            (WebCore::IDBServer::buildIndexStatement): Need to include the object store id in the statement for
              index cursors, otherwise there will be collisions amongst multiple object stores that happen to
              share primary keys.
            (WebCore::IDBServer::SQLiteIDBCursor::bindArguments):

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205861. rdar://problem/28409523

    2016-09-12  Zalan Bujtas  <zalan@apple.com>

            Input type object and the associated render can go out of sync.
            https://bugs.webkit.org/show_bug.cgi?id=161871
            <rdar://problem/28178094>

            Reviewed by Antti Koivisto.

            Bail out when we've got a mismatched renderer.

            Test: fast/forms/assert-on-input-type-change.html

            * html/ImageInputType.cpp:
            (WebCore::ImageInputType::altAttributeChanged):

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205786. rdar://problem/28476956

    2016-09-10  Chris Dumez  <cdumez@apple.com>

            It is possible for Document::m_frame pointer to become stale
            https://bugs.webkit.org/show_bug.cgi?id=161812
            <rdar://problem/27745023>

            Reviewed by Ryosuke Niwa.

            Document::m_frame is supposed to get cleared by Document::prepareForDestruction().
            The Frame destructor calls Frame::setView(nullptr) which is supposed to call the
            prepareForDestruction() on the Frame's associated document. However,
            Frame::setView(nullptr) was calling prepareForDestruction() only if
            Document::inPageCache() returned true. This is because, we allow Documents to
            stay alive in the PageCache even though they don't have a frame.

            The issue is that Document::m_inPageCache flag was set to true right before
            firing the pagehide event, so technically before really entering PageCache.
            Therefore, we can run into problems if a Frame gets destroyed by a pagehide
            EventHandler because ~Frame() will not call Document::prepareForDestruction()
            due to Document::m_inPageCache being true. After the frame is destroyed,
            Document::m_frame becomes stale and any action on the document will likely
            lead to crashes (such as the one in the layout test and the radar which
            happens when trying to unregister event listeners from the document).

            The solution adopted in this patch is to replace the m_inPageCache boolean
            with a m_pageCacheState enumeration that has 3 states:
            - NotInPageCache
            - AboutToEnterPageCache
            - InPageCache

            Frame::setView() / Frame::setDocument() were then updated to call
            Document::prepareForDestruction() on the associated document whenever
            the document's pageCacheState is not InPageCache. This means that we
            will now call Document::prepareForDestruction() when the document is
            being detached from its frame while firing the pagehide event.

            Note that I tried to keep this patch minimal. Therefore, I kept
            the Document::inPageCache() getter for now. I plan to switch all its
            calls sites to the new Document::pageCacheState() getter in a follow-up
            patch so that we can finally drop the confusing Document::inPageCache().

            Test: fast/history/pagehide-remove-iframe-crash.html

            * dom/Document.cpp:
            (WebCore::Document::Document):
            (WebCore::Document::~Document):
            (WebCore::Document::createRenderTree):
            (WebCore::Document::destroyRenderTree):
            (WebCore::Document::setFocusedElement):
            (WebCore::Document::setPageCacheState):
            (WebCore::Document::topDocument):
            * dom/Document.h:
            (WebCore::Document::pageCacheState):
            (WebCore::Document::inPageCache):
            * history/CachedFrame.cpp:
            (WebCore::CachedFrame::destroy):
            * history/PageCache.cpp:
            (WebCore::setPageCacheState):
            (WebCore::PageCache::addIfCacheable):
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::stopAllLoaders):
            (WebCore::FrameLoader::open):
            * loader/HistoryController.cpp:
            (WebCore::HistoryController::invalidateCurrentItemCachedPage):
            * page/Frame.cpp:
            (WebCore::Frame::setView):

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205197. rdar://problem/28481424

    2016-08-30  Brent Fulgham  <bfulgham@apple.com>

            Use of uninitialised memory in TransformationMatrx::blend4()
            https://bugs.webkit.org/show_bug.cgi?id=134621
            <rdar://problem/27337539>

            Reviewed by Dean Jackson.

            Change is based on the Blink change (patch by <alancutter@chromium.org>):
            <https://src.chromium.org/viewvc/blink?revision=177453&view=revision>

            TransformationMatrix::blend() was attempting to blend between non-invertable
            matricies. This resulted in garbage stack variables being used.
            This patch ensures that blend() will fall back to a 50% step interpolation
            when one of the sides are not invertable.

            Tested by new TransformationMatrix test in TestWebKitAPI.

            * platform/graphics/transforms/TransformationMatrix.cpp:
            (WebCore::TransformationMatrix::blend2): Properly handle failure in the
            decompose method calls.
            (WebCore::TransformationMatrix::blend4): Ditto.

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r205190. rdar://problem/28545010

    2016-08-30  Youenn Fablet  <youenn@apple.com>

            [Fetch API] Blob not found URL should result in a network error
            https://bugs.webkit.org/show_bug.cgi?id=161381

            Reviewed by Sam Weinig.

            Covered by rebased and updated tests.

            Raising a network error if no blob can be found from the URL.
            It is no longer notified by a 404 response.

            Updated FileReaderLoader to generate the correct exception.

            Made some clean-up in the code, in particular adding an enum class for BlobResourceHandle errors.

            * fileapi/FileReaderLoader.cpp:
            (WebCore::FileReaderLoader::didFail):
            (WebCore::FileReaderLoader::toErrorCode):
            (WebCore::FileReaderLoader::httpStatusCodeToErrorCode):
            * fileapi/FileReaderLoader.h:
            * platform/network/BlobResourceHandle.cpp:
            (WebCore::BlobResourceHandle::loadResourceSynchronously):
            (WebCore::BlobResourceHandle::doStart):
            (WebCore::BlobResourceHandle::didGetSize):
            (WebCore::BlobResourceHandle::readSync):
            (WebCore::BlobResourceHandle::readFileSync):
            (WebCore::BlobResourceHandle::readAsync):
            (WebCore::BlobResourceHandle::didOpen):
            (WebCore::BlobResourceHandle::didRead):
            (WebCore::BlobResourceHandle::failed):
            (WebCore::BlobResourceHandle::notifyResponse):
            (WebCore::BlobResourceHandle::notifyResponseOnError):
            (WebCore::BlobResourceHandle::notifyFail):
            * platform/network/BlobResourceHandle.h:

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r204631. rdar://problem/28481427

    2016-08-19  Chris Dumez  <cdumez@apple.com>

            DumpRenderTree crashed in com.apple.WebCore: WebCore::DOMWindow::resetDOMWindowProperties + 607
            https://bugs.webkit.org/show_bug.cgi?id=160983
            <rdar://problem/26768524>

            Reviewed by Brent Fulgham.

            Update DOMWindow::frameDestroyed() to ref the window object as the crash
            traces seem to indicate it can get destroyed during the execution of this
            method. Also update the code in the ~Frame destructor to not iterate over
            the list of FrameDestructionObservers because observers remove themselves
            from the list when they get destroyed.

            No new tests, do not know how to reproduce.

            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::frameDestroyed):
            * page/Frame.cpp:
            (WebCore::Frame::~Frame):

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r204266. rdar://problem/28216261

    2016-08-08  John Wilander  <wilander@apple.com>

            Popups opened from a sandboxed iframe should themselves be sandboxed
            https://bugs.webkit.org/show_bug.cgi?id=134850
            <rdar://problem/27375388>

            Reviewed by Brent Fulgham.

            Test: http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
                Now copies the opener's frame loader effective sandbox flags to the
                new frame loader.

2016-10-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r203903. rdar://problem/28476961

    2016-07-28  Dean Jackson  <dino@apple.com>

            color-gamut media query returns incorrect results
            https://bugs.webkit.org/show_bug.cgi?id=160166
            <rdar://problem/27537577>

            Reviewed by Darin Adler.

            While I was unable to reproduce the originator's issue,
            we communicated via email and it might have been related
            to a customized color space calibration on an external
            display.

            Anyway, I took this opportunity to update to use the
            more appropriate API for detection on macOS Sierra.

            Covered by the existing fast/media/mq-color-gamut.html test.

            * platform/mac/PlatformScreenMac.mm:
            (WebCore::screenSupportsExtendedColor): Use NSScreen canRepresentDisplayGamut.

2016-10-11  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r203792. rdar://problem/28476951

    2016-07-27  Jeremy Jones  <jeremyj@apple.com>

            Fullscreen video zoom button does not work after rotating when aspect ratio matches display.
            https://bugs.webkit.org/show_bug.cgi?id=160263
            rdar://problem/27368872

            Reviewed by Eric Carlson.

            When video and display aspect ratio match, and rotating from landscape to protrait, the transform used in layout
            will be Identity. This means checking the transform for identity is an insufficient test to see if the bounds
            need to be resolved.

            Instead, always attempt to resolve the bounds and do a more accurate test while doing so.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (-[WebAVPlayerLayer layoutSublayers]):
            (-[WebAVPlayerLayer resolveBounds]):

2016-10-11  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r203611. rdar://problem/28476958

    2016-07-22  Daniel Bates  <dabates@apple.com>

            CSP: object-src and plugin-types directives are not respected for plugin replacements
            https://bugs.webkit.org/show_bug.cgi?id=159761
            <rdar://problem/27365724>

            Reviewed by Brent Fulgham.

            Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
            load with a plugin replacement.

            Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
                   security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
                   security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
                   security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
                   security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
                   security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
                   security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
                   security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html

            * html/HTMLPlugInImageElement.cpp:
            (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
            (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
            are allowed to load such content.
            * html/HTMLPlugInImageElement.h:
            * loader/SubframeLoader.cpp:
            (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
            earlier in HTMLPlugInImageElement::requestObject().
            (WebCore::SubframeLoader::requestPlugin): Ditto.
            (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
            to HTMLPlugInImageElement::allowedToLoadPluginContent().
            (WebCore::SubframeLoader::requestObject): Deleted.
            * loader/SubframeLoader.h:
            * page/csp/ContentSecurityPolicy.cpp:
            (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
            function to a const function since these functions do not modify |this|.
            * page/csp/ContentSecurityPolicy.h:

2016-10-11  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r203522. rdar://problem/28476959

    2016-07-21  Daniel Bates  <dabates@apple.com>

            REGRESSION: Plugin replaced YouTube Flash videos always have the same width
            https://bugs.webkit.org/show_bug.cgi?id=159998
            <rdar://problem/27462285>

            Reviewed by Simon Fraser.

            Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
            element would always have the same width regardless of value of the width attribute.

            For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
            for the default renderer of an HTML embed element. The root of this shadow DOM subtree
            is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
            In particular, we set inline display and position to "inline-block" and "relative", respectively,
            and set an invalid height and width (we specify a font weight value instead of a CSS length value
            - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
            in a debug build). These styles never worked as intended and we ultimately created an inline
            renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
            to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
            renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
            single element.

            * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
            header RenderBlockFlow.h. Also update copyright in license block.
            (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
            never worked as intended.
            (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
            renderer for us so that we layout as a block, non-replaced element.
            * html/shadow/YouTubeEmbedShadowElement.h:

2016-10-11  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r203383. rdar://problem/28216264

    2016-07-18  Brent Fulgham  <bfulgham@apple.com>

            Don't associate form-associated elements with forms in other trees.
            https://bugs.webkit.org/show_bug.cgi?id=119451
            <rdar://problem/27382946>

            Change is based on the Blink change (patch by <adamk@chromium.org>):
            <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

            Reviewed by Chris Dumez.

            Prevent elements from being associated with forms that are not part of the same home subtree.
            This brings us in line with the WhatWG HTML specification as of September, 2013.

            Tests: fast/forms/image-disconnected-during-parse.html
                   fast/forms/input-disconnected-during-parse.html

            * dom/Element.h:
            (WebCore::Node::rootElement): Added.
            * html/FormAssociatedElement.cpp:
            (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
            is not part of the same tree, remove the association.
            * html/HTMLImageElement.cpp:
            (WebCore::HTMLImageElement::insertedInto): Ditto.

2016-10-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r205657. rdar://problem/28216268

    2016-09-08  Myles C. Maxfield  <mmaxfield@apple.com>

            Support new emoji group candidates
            https://bugs.webkit.org/show_bug.cgi?id=161664
            <rdar://problem/24802695>
            <rdar://problem/27666433>

            Reviewed by Simon Fraser.

            Support more emoji group candidates. This includes joining groups into a single glyph, as
            well as atomic deletions of the entire group when the backspace key is pressed.

            Tests: editing/deleting/delete-emoji.html:
                   fast/text/emoji-num-glyphs.html:

            * platform/text/CharacterProperties.h:
            (WebCore::isEmojiGroupCandidate):

2016-09-30  Babak Shafiei  <bshafiei@apple.com>

        Merge follow up fix for rdar://problem/28567557.

    2016-09-30  Anders Carlsson  <andersca@apple.com>

            Follow up for <rdar://problem/28567561> Add CSS -webkit-appearance property for Apple Pay buttons

            Reviewed by Dan Bernstein.

            * css/CSSParser.cpp:
            (WebCore::isKeywordPropertyID):
            Add CSSPropertyApplePayButtonStyle and CSSPropertyApplePayButtonType.

            * rendering/RenderThemeCocoa.mm:
            (WebCore::RenderThemeCocoa::paintApplePayButton):
            Make sure to reinitialize the text matrix.

2016-09-30  Babak Shafiei  <bshafiei@apple.com>

        Merge r206181. rdar://problem/28408526

    2016-09-20  Anders Carlsson  <andersca@apple.com>

            Remove "in-store" from "-apple-pay-button-type"
            https://bugs.webkit.org/show_bug.cgi?id=162321
            rdar://problem/28394581

            Reviewed by Beth Dakin.

            * css/CSSPrimitiveValueMappings.h:
            (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
            (WebCore::CSSPrimitiveValue::operator ApplePayButtonType):
            * css/CSSValueKeywords.in:
            * css/parser/CSSParser.cpp:
            (WebCore::isValidKeywordPropertyAndValue):
            * css/parser/CSSParserFastPaths.cpp:
            (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
            * rendering/RenderThemeCocoa.mm:
            (WebCore::toPKPaymentButtonType):
            * rendering/style/RenderStyleConstants.h:

2016-09-30  Babak Shafiei  <bshafiei@apple.com>

        Merge r205992. rdar://problem/28567557

    2016-09-15  Anders Carlsson  <andersca@apple.com>

            Fix build.

            * platform/spi/cocoa/PassKitSPI.h:

2016-09-30  Babak Shafiei  <bshafiei@apple.com>

        Merge r205980. rdar://problem/28567557

    2016-09-14  Anders Carlsson  <andersca@apple.com>

            Add CSS -webkit-appearance property for Apple Pay buttons
            https://bugs.webkit.org/show_bug.cgi?id=161986

            Reviewed by Dean Jackson.

            Add a new -webkit-appearance property, "-apple-pay-button".
            Also, add two properties, "-apple-pay-button-type" and "-apple-pay-button-style".

            * WebCore.xcodeproj/project.pbxproj:
            Add RenderThemeCocoa.h and RenderThemeCocoa.mm.

            * css/CSSComputedStyleDeclaration.cpp:
            (WebCore::ComputedStyleExtractor::propertyValue):
            Handle CSSPropertyApplePayButtonStyle and CSSPropertyApplePayButtonType.

            * css/CSSPrimitiveValueMappings.h:
            (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
            (WebCore::CSSPrimitiveValue::operator ApplePayButtonStyle):
            (WebCore::CSSPrimitiveValue::operator ApplePayButtonType):
            Add ApplePayButtonStyle and ApplePayButtonType conversion routines.

            * css/CSSPropertyNames.in:
            Add -apple-pay-button-style and -apple-pay-button-type.

            * css/CSSValueKeywords.in:
            Add CSS values.

            * css/parser/CSSParser.cpp:
            (WebCore::isValidKeywordPropertyAndValue):
            Handle CSSPropertyApplePayButtonStyle and CSSPropertyApplePayButtonType.

            * css/parser/CSSParserFastPaths.cpp:
            (WebCore::CSSParserFastPaths::isKeywordPropertyID):
            Handle CSSPropertyApplePayButtonStyle and CSSPropertyApplePayButtonType.

            (WebCore::isAppleLegacyCSSPropertyKeyword):
            New function that returns whether the CSS property should be rewritten to -webkit-.
            We want to rewrite -apple- but not -apple-pay-.

            (WebCore::cssPropertyID):
            Use the newly added isAppleLegacyCSSPropertyKeyword.

            (WebCore::isAppleLegacyCSSValueKeyword):
            Check for "-apple-pay-" in addition to "-apple-system-".

            * platform/ThemeTypes.h:
            Add ApplePayButtonPart.

            * platform/spi/cocoa/PassKitSPI.h:
            Add PKDrawApplePayButton declaration.

            * rendering/RenderTheme.cpp:
            (WebCore::RenderTheme::adjustStyle):
            Handle ApplePayButtonPart.

            (WebCore::RenderTheme::paint):
            Handle ApplePayButtonPart.

            * rendering/RenderTheme.h:
            (WebCore::RenderTheme::adjustApplePayButtonStyle):
            (WebCore::RenderTheme::paintApplePayButton):
            Add new functions.

            * rendering/RenderThemeCocoa.h: Added.
            * rendering/RenderThemeCocoa.mm: Added.
            (WebCore::RenderThemeCocoa::adjustApplePayButtonStyle):
            Adjust the minimum width and minimum height accordingly.

            (WebCore::toPKPaymentButtonStyle):
            (WebCore::toPKPaymentButtonType):
            Helper functions that convert our WebCore types to PK types.

            (WebCore::RenderThemeCocoa::paintApplePayButton):
            Call PKDrawApplePayButton.

            * rendering/RenderThemeIOS.h:
            * rendering/RenderThemeMac.h:
            Inherit from RenderThemeCocoa.

            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::applePayButtonStyle):
            (WebCore::RenderStyle::applePayButtonType):
            (WebCore::RenderStyle::setApplePayButtonStyle):
            (WebCore::RenderStyle::setApplePayButtonType):
            (WebCore::RenderStyle::initialApplePayButtonStyle):
            (WebCore::RenderStyle::initialApplePayButtonType):
            * rendering/style/RenderStyleConstants.h:
            * rendering/style/StyleRareInheritedData.cpp:
            (WebCore::StyleRareInheritedData::StyleRareInheritedData):
            (WebCore::StyleRareInheritedData::operator==):
            * rendering/style/StyleRareInheritedData.h:
            Add new style members for the button style and button type properties.

2016-09-29  Babak Shafiei  <bshafiei@apple.com>

        Merge r206556. rdar://problem/28524440

    2016-09-28  Jer Noble  <jer.noble@apple.com>

            CRASH at WebCore::CDMSessionAVStreamSession::update + 950
            https://bugs.webkit.org/show_bug.cgi?id=162701

            Reviewed by Beth Dakin.

            If the SourceBuffer backing a <video> element is removed before CDMSessionAVStreamSession::update() gets
            a chance to run, the protectedSourceBuffer will be null. Just bail early and indicate an error.

            * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
            (WebCore::CDMSessionAVStreamSession::update):

2016-09-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r206551. rdar://problem/28526639

    2016-09-28  Wenson Hsieh  <wenson_hsieh@apple.com>

            Some media tests are crashing due to soft-linking failures
            https://bugs.webkit.org/show_bug.cgi?id=162698

            Reviewed by Jer Noble.

            We should be handling soft-linking failures for MRMediaRemoteSetNowPlayingVisibility gracefully. Guards these
            calls with canLoad_MediaRemote_MRMediaRemoteSetParentApplication and also use the
            SOFT_LINK_FUNCTION_MAY_FAIL_FOR_HEADER macro when soft linking.

            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
            * platform/mac/MediaRemoteSoftLink.cpp:
            * platform/mac/MediaRemoteSoftLink.h:

2016-09-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r206527. rdar://problem/28499358

    2016-09-27  Wenson Hsieh  <wenson_hsieh@apple.com>

            Adopt MediaRemote SPI to achieve desired Now Playing behavior
            https://bugs.webkit.org/show_bug.cgi?id=162658
            <rdar://problem/28499358>

            Reviewed by Jer Noble.

            Restores the changes previously rolled out in r206444, and adopts new MediaRemote SPI to achieve the desired
            behavior for media in background tabs without breaking other features.

            Introduces 2 new unit tests in NowPlayingControlsTests.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::pageAllowsNowPlayingControls):
            * page/Page.cpp:
            (WebCore::Page::setViewState):
            * platform/audio/PlatformMediaSessionManager.h:
            (WebCore::PlatformMediaSessionManager::hasActiveNowPlayingSession):
            * platform/audio/mac/MediaSessionManagerMac.h:
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
            * platform/mac/MediaRemoteSoftLink.cpp:
            * platform/mac/MediaRemoteSoftLink.h:
            * platform/spi/mac/MediaRemoteSPI.h:

2016-09-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r206520. rdar://problem/28412512

    2016-09-28  Jer Noble  <jer.noble@apple.com>

            PiP shows incorrect state of play button.
            https://bugs.webkit.org/show_bug.cgi?id=162652

            Reviewed by Eric Carlson.

            After getting a new WebPlaybackSessionModel, the first thing WebVideoFullscreenInterfaceMac
            should do is query for it's playbackRate() and isPlaying() properties.

            * platform/mac/WebVideoFullscreenInterfaceMac.mm:
            (WebCore::WebVideoFullscreenInterfaceMac::WebVideoFullscreenInterfaceMac):

2016-09-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r206518. rdar://problem/28505032

    2016-09-28  Jer Noble  <jer.noble@apple.com>

            [MSE][Mac] In SourceBufferPrivateAVFObjC::abort(), support reseting parser to the last appended initialization segment.
            https://bugs.webkit.org/show_bug.cgi?id=135164

            Reviewed by Eric Carlson.

            Test: media/media-source/media-source-abort-resets-parser.html

            Use the -[AVStreamDataParser appendStreamData:withFlags:] to implement "resetting" the parser. In this case,
            the parser isn't explicitly reset during resetParserState(), but rather a flag is set so that the next append
            signals a data discontinuity, and the parser is reset at that point.

            Because a previous append operation may be in-flight during this abort(), care must be taken to invalidate any
            operations which may have already started on a background thread. So SourceBufferPrivateAVFObjC will use a
            separate WeakPtrFactory for its append operations, will invalidate any outstanding WeakPtrs during an abort(),
            and will block until the previous append() operation completes.

            This will require the WebAVStreamDataParserListener object to occasionally have it's WeakPtr pointing back to the
            SourceBufferPrivateAVFObjC to be reset after an abort(), so make that ivar an @property. Rather than passing a
            RetainPtr to itself in all the callbacks it handles, the WebAVStreamDataParserListener can just pass in a copy
            of its own WeakPtr (which may be invalidated during an abort()).

            Break the distinct operations of "abort()" and "resetParserState()" into their own methods in SourceBufferPrivate
            and all its subclasses.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::resetParserState):
            (WebCore::SourceBuffer::abortIfUpdating):
            * platform/graphics/SourceBufferPrivate.h:
            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]):
            (-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]):
            (-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]):
            (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
            (-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]):
            (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]):
            (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
            (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
            (WebCore::SourceBufferPrivateAVFObjC::append):
            (WebCore::SourceBufferPrivateAVFObjC::abort):
            (WebCore::SourceBufferPrivateAVFObjC::resetParserState):
            (-[WebAVStreamDataParserListener initWithParser:parent:]): Deleted.
            * platform/graphics/gstreamer/SourceBufferPrivateGStreamer.cpp:
            (WebCore::SourceBufferPrivateGStreamer::resetParserState):
            * platform/graphics/gstreamer/SourceBufferPrivateGStreamer.h:
            * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
            (WebCore::MockSourceBufferPrivate::resetParserState):
            * platform/mock/mediasource/MockSourceBufferPrivate.h:
            * platform/spi/mac/AVFoundationSPI.h:

2016-09-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r206234. rdar://problem/28503781

    2016-09-21  Per Arne Vollan  <pvollan@apple.com>

            [Win] Null pointer crash under WebCore::CACFLayerTreeHost::create().
            https://bugs.webkit.org/show_bug.cgi?id=162266
            <rdar://problem/28345073>

            Reviewed by Brent Fulgham.

            Add null pointer check.

            * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
            (WebCore::CACFLayerTreeHost::create):

2016-09-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r206454. rdar://problem/28484193

    2016-09-27  Wenson Hsieh  <wenson_hsieh@apple.com>

            Related videos on YouTube (and YouTube playlists) cause media controls to disappear
            https://bugs.webkit.org/show_bug.cgi?id=162621
            <rdar://problem/28484193>

            Reviewed by Jer Noble.

            Tweaks the main content media heuristic for better Now Playing behavior on YouTube by making the following
            changes:
            - Remove the strict requirement for audio to be actively playing for the session to be able to show
              controls for the purpose of Now Playing, making it the same as our policy for the controls manager.
            - Make playback requirement restrictions apply only for the controls manager. Videos that do not
              autoplay will still have the correct behavior with respect to Now Playing, since we will bail in the
              hasEverNotifiedAboutPlaying() check.
            - Only consider the main content heuristic as preventing media controls from showing up for the purposes
              of the controls manager. Now Playing should instead account for this by preferring elements large
              enough for main content after collecting all of the candidate sessions.

            * html/HTMLMediaElement.cpp:
            (WebCore::mediaElementSessionInfoForSession):
            (WebCore::preferMediaControlsForCandidateSessionOverOtherCandidateSession):
            (WebCore::HTMLMediaElement::updatePlayState):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::sessionWillBeginPlayback):

2016-09-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r206444. rdar://problem/28496755

    2016-09-27  Wenson Hsieh  <wenson_hsieh@apple.com>

            Some Now Playing behavior is broken after r206315
            https://bugs.webkit.org/show_bug.cgi?id=162625
            <rdar://problem/28496755>

            Reviewed by Jer Noble.

            Reverts the part of our heuristic that disables Now Playing in active tabs in the main window.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::pageAllowsNowPlayingControls):
            * page/Page.cpp:
            (WebCore::Page::setViewState):

2016-09-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r206415. rdar://problem/28484047

    2016-09-26  Wenson Hsieh  <wenson_hsieh@apple.com>

            If you play a youtube video from now playing after it finished in Safari, controls disappear
            https://bugs.webkit.org/show_bug.cgi?id=162589
            <rdar://problem/28484047>

            Reviewed by Jer Noble.

            Tweaks the main content heuristic slightly to remove the "mostly in mainframe" requirement in the case of Now
            Playing. This was added in the case of the controls manager as an additional way to identify video elements that
            should not show controls, since we relax audio and video constraints for showing videos in the controls manager,
            so that a video element is prevented from showing controls on grounds of lacking audio only if it has never had
            audio before. In the case of Now Playing, we have stricter requirements for videos, which must have audio, which
            makes the mainframe heuristic not necessary.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):

2016-09-27  Babak Shafiei  <bshafiei@apple.com>

        Merge r206399. rdar://problem/28457219

    2016-09-26  Wenson Hsieh  <wenson_hsieh@apple.com>

            Seeking video doesn't update seek position
            https://bugs.webkit.org/show_bug.cgi?id=162575
            <rdar://problem/28457219>

            Reviewed by Jer Noble.

            On ToT, seeking in a video causes the playhead to stutter, and does not actually update media remote's seek
            position. This is partly due to how we do not update media remote with new information when beginning to respond
            to remote seek commands, so media remote continues to think that a playing video is still playing despite the
            user attempting to seek through it.

            To fix this, we introduce timer-based guards around remote seek commands, such that a seek "gesture" begins when
            we receive the first seek command and ends when no seek command has been received in a set amount of time (this
            is 0.5 seconds, which is approximately what other clients around the platform use).

            Also, when responding to a remote seek, perform the seek with no tolerance. This prevents the playhead from
            stuttering at the end of a seek from the final requested destination of the seek to the last actually seeked
            time in the video.

            When beginning to seek, we must pause the media. Through existing mechanisms, this causes the media session
            manager to update its Now Playing information, which informs media remote that we are no longer playing and
            prevents us from stuttering. However, when ending a seek, we must also trigger an additional update to again
            refresh media remote's view of the current time. This prevents a flicker when playing media after seeking.

            Unit tests to be added in a follow-up due to time constraints.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
            (WebCore::HTMLMediaElement::handleSeekToPlaybackPosition):
            (WebCore::HTMLMediaElement::seekToPlaybackPositionEndedTimerFired):
            (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
            * html/HTMLMediaElement.h:
            * platform/audio/PlatformMediaSessionManager.h:
            (WebCore::PlatformMediaSessionManager::scheduleUpdateNowPlayingInfo):
            (WebCore::PlatformMediaSessionManager::sessionDidEndRemoteScrubbing):
            (WebCore::PlatformMediaSessionManager::sessions): Deleted.
            * platform/audio/mac/MediaSessionManagerMac.h:
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary):
            (WebCore::MediaSessionManagerMac::scheduleUpdateNowPlayingInfo):
            (WebCore::MediaSessionManagerMac::sessionDidEndRemoteScrubbing):
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

2016-09-26  Babak Shafiei  <bshafiei@apple.com>

        Merge r206375. rdar://problem/28484393

    2016-09-26  Per Arne Vollan  <pvollan@apple.com>

            [Win][Debug] Compile fix.
            https://bugs.webkit.org/show_bug.cgi?id=162550

            Reviewed by Alex Christensen.

            Windows headers need the FragmentForwardIterator '==' operator in debug mode.

            * rendering/SimpleLineLayout.cpp:
            (WebCore::SimpleLineLayout::FragmentForwardIterator::operator==):

2016-09-26  Babak Shafiei  <bshafiei@apple.com>

        Merge r206241. rdar://problem/28450514

2016-09-26  Babak Shafiei  <bshafiei@apple.com>

        Merge r206238. rdar://problem/28450514

    2016-09-21  Anders Carlsson  <andersca@apple.com>

            support openPaymentSetup API on ApplePaySession object
            https://bugs.webkit.org/show_bug.cgi?id=162357
            rdar://problem/26776939

            Reviewed by Tim Horton.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::ApplePaySession::openPaymentSetup):
            Perform security checks and then call into the PaymentCoordiantor. In its completion handler, we resolve the promise.

            * Modules/applepay/ApplePaySession.h:
            Add new members.

            * Modules/applepay/ApplePaySession.idl:
            Add openPaymentSetup declaration.

            * Modules/applepay/PaymentCoordinator.cpp:
            (WebCore::PaymentCoordinator::openPaymentSetup):
            Call through to the clients.

            * Modules/applepay/PaymentCoordinator.h:
            * Modules/applepay/PaymentCoordinatorClient.h:
            Add new members.

            * loader/EmptyClients.cpp:
            Add new stub.

            * platform/spi/cocoa/PassKitSPI.h:
            Add SPI declaration.

2016-09-26  Babak Shafiei  <bshafiei@apple.com>

        Merge r206350. rdar://problem/28115680

    2016-09-23  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls playhead does not animate smoothly while playing
            https://bugs.webkit.org/show_bug.cgi?id=162399
            <rdar://problem/28115680>

            Reviewed by Beth Dakin.

            The media controls playhead currently does not animate smoothly during playback because we don't specify a
            playback rate when updating the WebPlaybackControlsManager's timing value. However, simply setting this timing
            value to the current playback rate (as known to the UI process) results in the UI process receiving multiple
            updates from the web process where the current time is equal (or even less than) the time at which media began
            to play, which results in the playhead seeking backwards to the start time multiple times when playing or
            resuming media.

            To address this, in WebCore, we inform the playback session model of the media time when playback begins (i.e.
            a `playing` or `play` event is fired). This message precedes both the "rate changed" and "current time changed"
            messages.

            Unit tests to be added in a future patch.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::notifyAboutPlaying):
            (WebCore::HTMLMediaElement::setReadyState):
            (WebCore::HTMLMediaElement::playInternal):
            * html/HTMLMediaElement.h:
            (WebCore::HTMLMediaElement::playbackStartedTime):
            * platform/cocoa/WebPlaybackSessionModel.h:
            (WebCore::WebPlaybackSessionModelClient::playbackStartedTimeChanged):
            (WebCore::WebPlaybackSessionModelClient::bufferedTimeChanged): Deleted.
            * platform/cocoa/WebPlaybackSessionModelMediaElement.h:
            * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
            (WebPlaybackSessionModelMediaElement::updateForEventName):
            (WebPlaybackSessionModelMediaElement::playbackStartedTime):
            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            * platform/mac/WebPlaybackSessionInterfaceMac.h:
            * platform/mac/WebPlaybackSessionInterfaceMac.mm:
            (WebCore::WebPlaybackSessionInterfaceMac::currentTimeChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::rateChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::beginScrubbing):
            (WebCore::WebPlaybackSessionInterfaceMac::endScrubbing):
            (WebCore::WebPlaybackSessionInterfaceMac::updatePlaybackControlsManagerTiming):

2016-09-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r206322. rdar://problem/28435352

    2016-09-23  Jer Noble  <jer.noble@apple.com>

            Allow Seeking from the now playing controls
            https://bugs.webkit.org/show_bug.cgi?id=162498

            Reviewed by Beth Dakin.

            We already have a handler for seek commands, we just need to register that handler
            with MediaRemote.

            * platform/mac/RemoteCommandListenerMac.mm:
            (WebCore::RemoteCommandListenerMac::updateSupportedCommands):

2016-09-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r204082. rdar://problem/27547583

    2016-08-03  Eric Carlson  <eric.carlson@apple.com>

            [Mac][iOS] Adopt MediaRemote "seek to playback position"
            https://bugs.webkit.org/show_bug.cgi?id=160405
            <rdar://problem/27547583>

            Reviewed by Dean Jackson.

            * platform/ios/RemoteCommandListenerIOS.mm:
            (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS): Fix a typo.

2016-09-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r203982. rdar://problem/27547583

    2016-08-01  Eric Carlson  <eric.carlson@apple.com>

            [Mac][iOS] Adopt MediaRemote "seek to playback position"
            https://bugs.webkit.org/show_bug.cgi?id=160405
            <rdar://problem/27547583>

            Reviewed by Dean Jackson.

            Test: media/remote-control-command-seek.html

            * Modules/webaudio/AudioContext.h: Update for didReceiveRemoteControlCommand argument change.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand): Support SeekToPlaybackPositionCommand.
            Drive by fix, support Stop command.
            (WebCore::HTMLMediaElement::supportsSeeking): New.
            * html/HTMLMediaElement.h:

            * platform/RemoteCommandListener.h:
            (WebCore::RemoteCommandListenerClient::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::RemoteCommandListenerClient::supportsSeeking): New.
            (WebCore::RemoteCommandListener::updateSupportedCommands): Ditto.
            (WebCore::RemoteCommandListener::client): Ditto.

            * platform/audio/PlatformMediaSession.cpp:
            (WebCore::PlatformMediaSession::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::PlatformMediaSession::supportsSeeking): New, pass through to client.
            * platform/audio/PlatformMediaSession.h:

            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::setCurrentSession): Tell remote command listener to
            update supported commands.
            (WebCore::PlatformMediaSessionManager::currentSession): Make const.
            (WebCore::PlatformMediaSessionManager::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::PlatformMediaSessionManager::supportsSeeking): New, pass through to session.
            * platform/audio/PlatformMediaSessionManager.h:

            * platform/ios/RemoteCommandListenerIOS.h:
            (WebCore::RemoteCommandListenerIOS::createWeakPtr):
            * platform/ios/RemoteCommandListenerIOS.mm:
            (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS): Support changePlaybackPositionCommand.
            (WebCore::RemoteCommandListenerIOS::~RemoteCommandListenerIOS): Remove seekToTime target.
            (WebCore::RemoteCommandListenerIOS::updateSupportedCommands): Update changePlaybackPositionCommand.

            * platform/mac/MediaRemoteSoftLink.cpp:
            * platform/mac/MediaRemoteSoftLink.h:

            * platform/mac/RemoteCommandListenerMac.h:
            * platform/mac/RemoteCommandListenerMac.mm:
            (WebCore::RemoteCommandListenerMac::updateSupportedCommands): New, split out of constructor.
            (WebCore::RemoteCommandListenerMac::RemoteCommandListenerMac): Split setup logic out into
            updateSupportedCommands. Support MRMediaRemoteCommandSeekToPlaybackPosition. Don't assert when
            receiving an unsupported command, it happens. Return error when a command isn't supported or
            fails.

            * testing/Internals.cpp:
            (WebCore::Internals::postRemoteControlCommand): Add command argument parameter. Support
            seektoplaybackposition.
            * testing/Internals.h:
            * testing/Internals.idl:

2016-09-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r206315. rdar://problem/28430615

    2016-09-23  Wenson Hsieh  <wenson_hsieh@apple.com>

            MediaSessionManagerMac::nowPlayingEligibleSession() needs to honor the main content heuristic
            https://bugs.webkit.org/show_bug.cgi?id=162480
            <rdar://problem/28430615>

            Reviewed by Jer Noble.

            Changes the implementation of nowPlayingEligibleSession to use bestMediaElementForShowingPlaybackControlsManager
            and also early return nullptr if the current tab the web process is hosted in is the active tab, and the window
            it is hosted in is the main window. This information is derived from the viewState flags in the Page of each
            tab -- whenever the (visible && active) state changes, the Page tells the global media session manager to update
            its Now Playing info. Then, when each MediaElementSession tries to determine whether it can show playback
            controls for the purposes of Now Playing, each session consults its page's visible and active state. If a page
            is both visible and active, no Now Playing controls are allowed for that media session.

            Also adds some slight adjustments to MediaSessionManagerMac::updateNowPlayingInfo, so we reset the title, rate
            and duration of the current active session when clearing out the now playing info. Likewise, when vending an
            active video, if the video information matches that of the current session, we mark m_nowPlayingActive anyways.
            These tweaks prevent us from getting in a bad state when switching between a tab with media and one without.

            Unit tests to come in a future patch.

            * html/HTMLMediaElement.cpp:
            (WebCore::mediaElementSessionInfoForSession):
            (WebCore::mediaSessionMayBeConfusedWithMainContent):
            (WebCore::HTMLMediaElement::bestMediaElementForShowingPlaybackControlsManager):
            (WebCore::HTMLMediaElement::updatePlaybackControlsManager):
            (WebCore::bestMediaSessionForShowingPlaybackControlsManager): Deleted.
            * html/HTMLMediaElement.h:
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):
            (WebCore::MediaElementSession::pageAllowsNowPlayingControls):
            * html/MediaElementSession.h:
            * page/Page.cpp:
            (WebCore::Page::setViewState):
            (WebCore::Page::isVisibleAndActive):
            * page/Page.h:
            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary):
            * platform/audio/PlatformMediaSessionManager.h:
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary):
            (WebCore::MediaSessionManagerMac::nowPlayingEligibleSession):
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

2016-09-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r206272. rdar://problem/28339129

    2016-09-22  Jer Noble  <jer.noble@apple.com>

            Fullscreen controls inoperative in WebKitLegacy web views
            https://bugs.webkit.org/show_bug.cgi?id=162374

            Reviewed by Eric Carlson.

            After r205365, the WebPlaybackSessionInterfaceAVKit was now created after the
            WebPlaybackSessionModel which fed it data, so it no longer received the burst of data upon
            creation. Instead, it should have always asked the model for its cached data as soon as it
            was connected to set up its inital state.

            * platform/ios/WebPlaybackSessionInterfaceAVKit.mm:
            (WebCore::WebPlaybackSessionInterfaceAVKit::WebPlaybackSessionInterfaceAVKit):

2016-09-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r206193. rdar://problem/28376161

    2016-09-20  Jer Noble  <jer.noble@apple.com>

            Adopt MRMediaRemoteSetParentApplication.
            https://bugs.webkit.org/show_bug.cgi?id=162259
            <rdar://problem/28376161>

            Reviewed by Anders Carlsson.

            Allow MediaSessionManagerMac to retrieve the correct parent application identifier
            from a PlatformMediaSession so that it can pass that identifier through to MediaRemote
            via MRMediaRemoteSetParentApplication.

            * Modules/webaudio/AudioContext.cpp:
            (WebCore::AudioContext::sourceApplicationIdentifier):
            * Modules/webaudio/AudioContext.h:
            * platform/audio/PlatformMediaSession.cpp:
            (WebCore::PlatformMediaSession::sourceApplicationIdentifier):
            * platform/audio/PlatformMediaSession.h:
            (WebCore::PlatformMediaSession::resetPlaybackSessionState): Deleted.
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
            * platform/mac/MediaRemoteSoftLink.cpp:
            * platform/mac/MediaRemoteSoftLink.h:


2016-09-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r206027. rdar://problem/28366812

    2016-09-16  Per Arne Vollan  <pvollan@apple.com>

            [Win] Compile fix.
            https://bugs.webkit.org/show_bug.cgi?id=162059

            Reviewed by Alex Christensen.

            If an include file exists in two places in the include paths, we can end up including the file twice,
            since #pragma once will not protect us against this.

            * PlatformWin.cmake: Put WebCore forwarding folder first in include list.

2016-09-16  Babak Shafiei  <bshafiei@apple.com>

        Merge r206006. rdar://problem/27991573

    2016-09-15  Brady Eidson  <beidson@apple.com>

            WKWebView.hasOnlySecureContent always returns "YES" after going back to a CachedPage (even if it has http resources).
            <rdar://problem/27681261> and https://bugs.webkit.org/show_bug.cgi?id=162043

            Reviewed by Brent Fulgham.

            No new tests (Not possible with current testing infrastructure).

            This adds the infrastructure for WebCore to track whether or not a CachedFrame had insecure content at the time
            it was cached, and then to report that back to the client when a CachedPage is restored.

            Since "has insecure content" is currently only tracked in the WK2 UI process, that is the only client of this code.

            * history/CachedFrame.cpp:
            (WebCore::CachedFrame::setHasInsecureContent):
            * history/CachedFrame.h:
            (WebCore::CachedFrame::hasInsecureContent):

            * loader/EmptyClients.h:

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::receivedFirstData):
            (WebCore::FrameLoader::commitProvisionalLoad):
            (WebCore::FrameLoader::dispatchDidCommitLoad):
            * loader/FrameLoader.h:

            * loader/FrameLoaderClient.h:

            * loader/FrameLoaderTypes.h:

2016-09-14  Babak Shafiei  <bshafiei@apple.com>

        Merge r205938. rdar://problem/28227805

    2016-09-14  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls behave strangely when changing media sources
            https://bugs.webkit.org/show_bug.cgi?id=161914
            <rdar://problem/28227805>

            Reviewed by Tim Horton.

            Addresses media controls flickering while changing the source of a media element. To accomplish this, we make
            the following changes to the media controls main content heuristic:

            - Prevent elements that are not mostly within the mainframe rect (or elements with empty rects) from showing
              media controls. Many websites that rely on same document navigation will move videos offscreen when navigating
              to a section of their site that does not play media. Without this check, we would not know to hide a video
              element on certain popular websites that use this technique, since the video has been interacted with in the
              past.

            - Rather than check whether a media element currently has video/audio sources, check whether it has ever had
              audio. Many websites will use the same media element across different videos and change only the source, and
              we should not prevent a media element from having media controls on grounds of having no audio or video in
              this case.

            - Rather than add user gesture and playback behavior restrictions before dispatching an ended event, add only
              the gesture restriction immediately, and add the playback restriction after waiting for a grace period only if
              the user has not interacted with the video since ending, and the video is not currently playing or about to
              play. This gives the user a chance to interact with the controls when a video ends, but also allows the page
              to load or begin playing a new video with the same media element without thrashing media control state.

            Adds 3 new API tests.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
            (WebCore::HTMLMediaElement::~HTMLMediaElement):
            (WebCore::HTMLMediaElement::mediaPlayerActiveSourceBuffersChanged):
            (WebCore::HTMLMediaElement::seekWithTolerance):
            (WebCore::HTMLMediaElement::beginScrubbing):
            (WebCore::HTMLMediaElement::addBehaviorRestrictionsOnEndIfNecessary):
            (WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged):
            (WebCore::HTMLMediaElement::playbackControlsManagerBehaviorRestrictionsTimerFired):
            * html/HTMLMediaElement.h:
            (WebCore::HTMLMediaElement::hasEverHadAudio):
            (WebCore::HTMLMediaElement::hasEverHadVideo):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):
            (WebCore::isElementRectMostlyInMainFrame):
            * platform/graphics/MediaPlayer.h:
            (WebCore::MediaPlayerClient::mediaPlayerActiveSourceBuffersChanged):
            * platform/graphics/MediaPlayerPrivate.h:
            (WebCore::MediaPlayerPrivateInterface::notifyActiveSourceBuffersChanged):
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::notifyActiveSourceBuffersChanged):
            * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
            (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):
            (WebCore::MediaSourcePrivateAVFObjC::sourceBufferPrivateDidChangeActiveState):

2016-09-14  Babak Shafiei  <bshafiei@apple.com>

        Merge r205870. rdar://problem/28225774

    2016-09-13  Tim Horton  <timothy_horton@apple.com>

            Undoing a candidate insertion results in the replaced text being selected
            https://bugs.webkit.org/show_bug.cgi?id=161894
            <rdar://problem/28225774>

            Reviewed by Simon Fraser.

            Test: editing/mac/spelling/accept-candidate-undo-does-not-select.html

            * WebCore.xcodeproj/project.pbxproj:
            * editing/ReplaceRangeWithTextCommand.cpp: Added.
            (WebCore::ReplaceRangeWithTextCommand::ReplaceRangeWithTextCommand):
            (WebCore::ReplaceRangeWithTextCommand::doApply):
            * editing/ReplaceRangeWithTextCommand.h: Added.
            (WebCore::ReplaceRangeWithTextCommand::create):
            Add a editor command that replaces a range with the given text.

            * editing/Editor.cpp:
            (WebCore::Editor::rangeForTextCheckingResult):
            (WebCore::Editor::handleAcceptedCandidate):
            (WebCore::Editor::selectTextCheckingResult): Deleted.
            * editing/Editor.h:
            Make use of the new editor command to do candidate insertion as a single
            composite operation, so that it is undone as a unit. Otherwise, undo ends up
            undoing the insertion, but not the selection, and we are left with the old
            text, selected, which is undesirable.

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r205788. rdar://problem/28245097

    2016-09-11  Tim Horton  <timothy_horton@apple.com>

            Candidates that don't end in spaces shouldn't have spaces arbitrarily appended to them
            https://bugs.webkit.org/show_bug.cgi?id=161846
            <rdar://problem/28245097>

            Reviewed by Beth Dakin.

            Tests: editing/mac/spelling/accept-candidate-without-adding-space.html,
                   editing/mac/spelling/accept-candidate-allows-autocorrect-on-next-word.html

            * editing/Editor.cpp:
            (WebCore::Editor::handleAcceptedCandidate):
            Stop appending a space just because the candidate doesn't end in a space.
            There are languages where that doesn't make sense, and the platform
            guarantees that candidates will always have spaces if they need them.

            Also, adjust the way we compute the AcceptedCandidate document marker range.
            There were two problems with the existing code: it expanded outward from
            the post-insertion cursor in *both* directions, instead of just backwards,
            and it used the length of the replaced text, not the length of the newly
            inserted text (more of the confusion mentioned in r205765).

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r205154. rdar://problem/28233330

    2016-08-29  Chris Dumez  <cdumez@apple.com>

            Regression(r204923): It should be possible to set 'Location.href' cross origin
            https://bugs.webkit.org/show_bug.cgi?id=161343
            <rdar://problem/28063361>

            Reviewed by Ryosuke Niwa.

            It should be possible to set 'Location.href' cross origin:
            - https://html.spec.whatwg.org/#crossoriginproperties-(-o-)

            Firefox and Chrome allow this but we throw a SecurityError.

            We already allow setting crossOrigin.window.location which is equivalent.

            No new tests, updated existing test.

            * bindings/js/JSLocationCustom.cpp:
            (WebCore::JSLocation::putDelegate):
            Refactor the [Put] delegate so that it does not log a security error
            when setting 'href' attribute, given that setting it works as expected.
            This fixes a bug in shipping Safari where setting 'href' would work but
            log an error message anyway.

            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateImplementation):
            Add support for [DoNotCheckSecurityOnSetter] IDL extended attribute,
            in addition to the already supported [DoNotCheckSecurity] and
            [DoNotCheckSecurityOnGetter].

            * page/Location.idl:
            Use [DoNotCheckSecurityOnSetter] on 'href' attribute as it can be
            set cross-origin. This fixes the regression introduced in r204923.

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r204943. rdar://problem/28233330

    2016-08-24  Ryan Haddad  <ryanhaddad@apple.com>

            Rebaseline bindings tests after r204923.

            Unreviewed test gardening.

            * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
            (WebCore::jsTestActiveDOMObjectExcitingAttr):
            (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r204923. rdar://problem/28233330

    2016-08-24  Chris Dumez  <cdumez@apple.com>

            It should not be possible to access Location attributes cross origin
            https://bugs.webkit.org/show_bug.cgi?id=161125
            <rdar://problem/27982472>

            Reviewed by Brent Fulgham.

            It should not be possible to access Location attributes cross origin:
            - https://html.spec.whatwg.org/#crossoriginproperties-(-o-)

            We allow access to replace() as per the specification and consistently
            with Firefox. The specification seems to indicate we should allow access
            to 'href' but Firefox does not and we previously did not so I am not
            allowing it in this patch.

            Test: http/tests/security/location-cross-origin.html

            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateImplementation):
            * page/Location.idl:

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r205784. rdar://problem/28230123

    2016-09-10  Wenson Hsieh  <wenson_hsieh@apple.com>

            Apple.com keynote does not display media controls
            https://bugs.webkit.org/show_bug.cgi?id=161833
            <rdar://problem/28230123>

            Reviewed by Tim Horton.

            Tweaks the main content check so that we can distinguish between main content for the purposes of determining
            autoplay policy vs. main content for the purposes of showing media controls. Namely, we make the latter less
            restrictive than the former in terms of the maximum aspect ratio a video can have to be considered the right
            size for main content.

            New unit test in TestWebKitAPI.

            * html/HTMLMediaElement.cpp:
            (WebCore::mediaElementSessionInfoForSession):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):
            (WebCore::MediaElementSession::isLargeEnoughForMainContent):
            (WebCore::MediaElementSession::wantsToObserveViewportVisibilityForMediaControls):
            (WebCore::isMainContentForPurposesOfAutoplay):
            (WebCore::isElementLargeEnoughForMainContent):
            (WebCore::MediaElementSession::updateIsMainContent):
            (WebCore::isMainContent): Deleted.
            * html/MediaElementSession.h:

2016-09-12  Babak Shafiei  <bshafiei@apple.com>

        Merge r205765. rdar://problem/28033492

    2016-09-09  Tim Horton  <timothy_horton@apple.com>

            Text replacement candidates don't always overwrite the entire original string
            https://bugs.webkit.org/show_bug.cgi?id=161779
            <rdar://problem/28033492>

            Reviewed by Simon Fraser.

            New test: editing/mac/spelling/accept-candidate-replacing-multiple-words.html.

            * editing/Editor.cpp:
            (WebCore::Editor::contextRangeForCandidateRequest):
            Factor contextRangeForCandidateRequest out of the WebKits, into Editor.
            This just expands to paragraph boundaries from the cursor.

            (WebCore::Editor::selectTextCheckingResult):
            Add selectTextCheckingResult, which, given a TextCheckingResult,
            selects the range represented by the result's location and length, which
            indicate the portion of the context string that the result refers to.
            In the case of accepting a candidate, we want to select that range
            so that our insertion will overwrite it.

            (WebCore::Editor::handleAcceptedCandidate):
            Make use of selectTextCheckingResult instead of just assuming that we want
            to replace the word to the left of the insertion point.

            (WebCore::Editor::stringForCandidateRequest): Deleted.
            * editing/Editor.h:

            * testing/Internals.cpp:
            (WebCore::Internals::handleAcceptedCandidate):
            * testing/Internals.h:
            * testing/Internals.idl:
            Internals' handleAcceptedCandidate assumed (wrongly) that the length
            of a TextCheckerResult was the length of the candidate, when really it is
            the length of the text that the candidate would replace. Adjust this,
            and expose the replacement range to JavaScript, so we can test this.

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r204456. rdar://problem/27860536

    2016-08-14  Daniel Bates  <dabates@apple.com>

            Fix compiler errors when building iOS WebKit using the iOS 10 beta SDK
            https://bugs.webkit.org/show_bug.cgi?id=160725

            Reviewed by Sam Weinig.

            * platform/cocoa/ThemeCocoa.mm: Unconditionally include header dlfcn.h as it
            exists in both the public iOS 9.3 SDK and iOS 10 beta SDK.
            * platform/spi/cocoa/CoreTextSPI.h: Add SPI declarations for constants that were
            used in r204107.
            * platform/spi/cocoa/PassKitSPI.h: Remove unnecessary #import statements when
            building with the Apple Internal SDK. Include header PassKit/PassKit.h when
            building for iOS.
            * platform/spi/cocoa/QuartzCoreSPI.h: No need to define CLayer.contentsFormat
            when building with the iOS 10 beta SDK as it is now part of the public API.

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r203381. rdar://problem/27860536

    2016-07-18  Anders Carlsson  <andersca@apple.com>

            WebKit nightly fails to build on macOS Sierra
            https://bugs.webkit.org/show_bug.cgi?id=159902
            rdar://problem/27365672

            Reviewed by Tim Horton.

            * Modules/applepay/cocoa/PaymentCocoa.mm:
            * Modules/applepay/cocoa/PaymentContactCocoa.mm:
            * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
            * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
            Use new PassKitSPI header.

            * WebCore.xcodeproj/project.pbxproj:
            Add new PassKitSPI header.

            * icu/unicode/ucurr.h: Added.
            Add ucurr.h from ICU.

            * platform/spi/cocoa/PassKitSPI.h: Added.
            Add new PassKitSPI header.

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r204107. rdar://problem/27860536

    2016-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] SF-Heavy is not accessible from web content
            https://bugs.webkit.org/show_bug.cgi?id=160522
            <rdar://problem/27685273>

            Reviewed by Simon Fraser.

            The mappings we were using from CSS font-weight to CoreText font weight were inaccurate.
            Instead, these new mappings should be used.

            Test: fast/text/system-font-weight.html

            * platform/graphics/ios/FontCacheIOS.mm:
            (WebCore::systemFontModificationAttributes):

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r205381. rdar://problem/27806012

    2016-09-02  Beth Dakin  <bdakin@apple.com>

            Need to updateEditorState if an element change edit-ability without changing
            selection
            https://bugs.webkit.org/show_bug.cgi?id=161546
            -and corresponding-
            rdar://problem/27806012

            Reviewed by Ryosuke Niwa.

            Call into the client in case edited state needs to be updated.
            * editing/FrameSelection.cpp:
            (WebCore::FrameSelection::updateAppearanceAfterLayout):
            * loader/EmptyClients.h:
            * page/EditorClient.h:

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r205365. rdar://problem/28020157

    2016-07-08  Jer Noble  <jer.noble@apple.com>

            Refactor WebPlaybackSessionModelMediaElement to be client based.
            https://bugs.webkit.org/show_bug.cgi?id=159580

            Reviewed by Eric Carlson.

            Add client callback interfaces to both WebPlaybackSessionModel and WebVideoFullscreenModel, where each object
            can have multiple clients, and so the object will both store current values and also notify those clients
            when the values change. After this change, there is no need to have the models know about their associated
            interfaces explicitly.

            * platform/cocoa/WebPlaybackSessionInterface.h:
            * platform/cocoa/WebPlaybackSessionModel.h:
            (WebCore::WebPlaybackSessionModelClient::~WebPlaybackSessionModelClient):
            (WebCore::WebPlaybackSessionModelClient::durationChanged):
            (WebCore::WebPlaybackSessionModelClient::currentTimeChanged):
            (WebCore::WebPlaybackSessionModelClient::bufferedTimeChanged):
            (WebCore::WebPlaybackSessionModelClient::rateChanged):
            (WebCore::WebPlaybackSessionModelClient::seekableRangesChanged):
            (WebCore::WebPlaybackSessionModelClient::canPlayFastReverseChanged):
            (WebCore::WebPlaybackSessionModelClient::audioMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionModelClient::legibleMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionModelClient::externalPlaybackChanged):
            (WebCore::WebPlaybackSessionModelClient::wirelessVideoPlaybackDisabledChanged):
            * platform/cocoa/WebPlaybackSessionModelMediaElement.h:
            * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
            (WebPlaybackSessionModelMediaElement::setMediaElement):
            (WebPlaybackSessionModelMediaElement::updateForEventName):
            (WebPlaybackSessionModelMediaElement::addClient):
            (WebPlaybackSessionModelMediaElement::removeClient):
            (WebPlaybackSessionModelMediaElement::updateLegibleOptions):
            (WebPlaybackSessionModelMediaElement::observedEventNames):
            (WebPlaybackSessionModelMediaElement::eventNameAll):
            (WebPlaybackSessionModelMediaElement::audioMediaSelectionOptions):
            (WebPlaybackSessionModelMediaElement::audioMediaSelectedIndex):
            (WebPlaybackSessionModelMediaElement::legibleMediaSelectedIndex):
            (WebPlaybackSessionModelMediaElement::externalPlaybackEnabled):
            (WebPlaybackSessionModelMediaElement::externalPlaybackTargetType):
            (WebPlaybackSessionModelMediaElement::externalPlaybackLocalizedDeviceName):
            (WebPlaybackSessionModelMediaElement::wirelessVideoPlaybackDisabled):
            (WebPlaybackSessionModelMediaElement::setWebPlaybackSessionInterface): Deleted.
            * platform/cocoa/WebVideoFullscreenInterface.h:
            * platform/cocoa/WebVideoFullscreenModel.h:
            (WebCore::WebVideoFullscreenModelClient::~WebVideoFullscreenModelClient):
            * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
            (WebCore::WebVideoFullscreenModelVideoElement::create):
            (WebCore::WebVideoFullscreenModelVideoElement::playbackSessionModel): Deleted.
            * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
            (WebVideoFullscreenModelVideoElement::WebVideoFullscreenModelVideoElement):
            (WebVideoFullscreenModelVideoElement::setVideoElement):
            (WebVideoFullscreenModelVideoElement::updateForEventName):
            (WebVideoFullscreenModelVideoElement::addClient):
            (WebVideoFullscreenModelVideoElement::removeClient):
            (WebVideoFullscreenModelVideoElement::setHasVideo):
            (WebVideoFullscreenModelVideoElement::setVideoDimensions):
            (WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Deleted.
            * platform/ios/WebAVPlayerController.h:
            * platform/ios/WebAVPlayerController.mm:
            (-[WebAVPlayerController resetState]): Deleted.
            * platform/ios/WebPlaybackSessionInterfaceAVKit.h:
            (WebCore::WebPlaybackSessionInterfaceAVKitClient::~WebPlaybackSessionInterfaceAVKitClient): Deleted.
            * platform/ios/WebPlaybackSessionInterfaceAVKit.mm:
            (WebCore::WebPlaybackSessionInterfaceAVKit::WebPlaybackSessionInterfaceAVKit):
            (WebCore::WebPlaybackSessionInterfaceAVKit::~WebPlaybackSessionInterfaceAVKit):
            (WebCore::WebPlaybackSessionInterfaceAVKit::resetMediaState):
            (WebCore::WebPlaybackSessionInterfaceAVKit::durationChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::currentTimeChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::bufferedTimeChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::rateChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::seekableRangesChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::canPlayFastReverseChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::audioMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::legibleMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::externalPlaybackChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::wirelessVideoPlaybackDisabledChanged):
            (WebCore::WebPlaybackSessionInterfaceAVKit::invalidate):
            (WebCore::WebPlaybackSessionInterfaceAVKit::setWebPlaybackSessionModel): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setDuration): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setCurrentTime): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setBufferedTime): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setRate): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setSeekableRanges): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setCanPlayFastReverse): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setAudioMediaSelectionOptions): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setLegibleMediaSelectionOptions): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setExternalPlayback): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::setWirelessVideoPlaybackDisabled): Deleted.
            (WebCore::WebPlaybackSessionInterfaceAVKit::wirelessVideoPlaybackDisabled): Deleted.
            * platform/ios/WebVideoFullscreenControllerAVKit.mm:
            (WebVideoFullscreenControllerContext::didSetupFullscreen):
            (WebVideoFullscreenControllerContext::didExitFullscreen):
            (WebVideoFullscreenControllerContext::didCleanupFullscreen):
            (WebVideoFullscreenControllerContext::durationChanged):
            (WebVideoFullscreenControllerContext::currentTimeChanged):
            (WebVideoFullscreenControllerContext::bufferedTimeChanged):
            (WebVideoFullscreenControllerContext::rateChanged):
            (WebVideoFullscreenControllerContext::hasVideoChanged):
            (WebVideoFullscreenControllerContext::videoDimensionsChanged):
            (WebVideoFullscreenControllerContext::seekableRangesChanged):
            (WebVideoFullscreenControllerContext::canPlayFastReverseChanged):
            (WebVideoFullscreenControllerContext::audioMediaSelectionOptionsChanged):
            (WebVideoFullscreenControllerContext::legibleMediaSelectionOptionsChanged):
            (WebVideoFullscreenControllerContext::externalPlaybackChanged):
            (WebVideoFullscreenControllerContext::wirelessVideoPlaybackDisabledChanged):
            (WebVideoFullscreenControllerContext::addClient):
            (WebVideoFullscreenControllerContext::removeClient):
            (WebVideoFullscreenControllerContext::requestFullscreenMode):
            (WebVideoFullscreenControllerContext::setVideoLayerFrame):
            (WebVideoFullscreenControllerContext::setVideoLayerGravity):
            (WebVideoFullscreenControllerContext::fullscreenModeChanged):
            (WebVideoFullscreenControllerContext::isVisible):
            (WebVideoFullscreenControllerContext::hasVideo):
            (WebVideoFullscreenControllerContext::videoDimensions):
            (WebVideoFullscreenControllerContext::play):
            (WebVideoFullscreenControllerContext::pause):
            (WebVideoFullscreenControllerContext::togglePlayState):
            (WebVideoFullscreenControllerContext::beginScrubbing):
            (WebVideoFullscreenControllerContext::endScrubbing):
            (WebVideoFullscreenControllerContext::seekToTime):
            (WebVideoFullscreenControllerContext::fastSeek):
            (WebVideoFullscreenControllerContext::beginScanningForward):
            (WebVideoFullscreenControllerContext::beginScanningBackward):
            (WebVideoFullscreenControllerContext::endScanning):
            (WebVideoFullscreenControllerContext::selectAudioMediaOption):
            (WebVideoFullscreenControllerContext::selectLegibleMediaOption):
            (WebVideoFullscreenControllerContext::duration):
            (WebVideoFullscreenControllerContext::currentTime):
            (WebVideoFullscreenControllerContext::bufferedTime):
            (WebVideoFullscreenControllerContext::isPlaying):
            (WebVideoFullscreenControllerContext::playbackRate):
            (WebVideoFullscreenControllerContext::seekableRanges):
            (WebVideoFullscreenControllerContext::canPlayFastReverse):
            (WebVideoFullscreenControllerContext::audioMediaSelectionOptions):
            (WebVideoFullscreenControllerContext::audioMediaSelectedIndex):
            (WebVideoFullscreenControllerContext::legibleMediaSelectionOptions):
            (WebVideoFullscreenControllerContext::legibleMediaSelectedIndex):
            (WebVideoFullscreenControllerContext::externalPlaybackEnabled):
            (WebVideoFullscreenControllerContext::externalPlaybackTargetType):
            (WebVideoFullscreenControllerContext::externalPlaybackLocalizedDeviceName):
            (WebVideoFullscreenControllerContext::wirelessVideoPlaybackDisabled):
            (WebVideoFullscreenControllerContext::setUpFullscreen):
            (WebVideoFullscreenControllerContext::exitFullscreen):
            (WebVideoFullscreenControllerContext::requestHideAndExitFullscreen):
            (WebVideoFullscreenControllerContext::resetMediaState): Deleted.
            (WebVideoFullscreenControllerContext::setDuration): Deleted.
            (WebVideoFullscreenControllerContext::setCurrentTime): Deleted.
            (WebVideoFullscreenControllerContext::setBufferedTime): Deleted.
            (WebVideoFullscreenControllerContext::setRate): Deleted.
            (WebVideoFullscreenControllerContext::setVideoDimensions): Deleted.
            (WebVideoFullscreenControllerContext::setSeekableRanges): Deleted.
            (WebVideoFullscreenControllerContext::setCanPlayFastReverse): Deleted.
            (WebVideoFullscreenControllerContext::setAudioMediaSelectionOptions): Deleted.
            (WebVideoFullscreenControllerContext::setLegibleMediaSelectionOptions): Deleted.
            (WebVideoFullscreenControllerContext::setExternalPlayback): Deleted.
            (WebVideoFullscreenControllerContext::setWirelessVideoPlaybackDisabled): Deleted.
            (WebVideoFullscreenSessionModel::play): Deleted.
            (WebVideoFullscreenSessionModel::pause): Deleted.
            (WebVideoFullscreenSessionModel::togglePlayState): Deleted.
            (WebVideoFullscreenSessionModel::beginScrubbing): Deleted.
            (WebVideoFullscreenSessionModel::endScrubbing): Deleted.
            (WebVideoFullscreenSessionModel::seekToTime): Deleted.
            (WebVideoFullscreenSessionModel::fastSeek): Deleted.
            (WebVideoFullscreenSessionModel::beginScanningForward): Deleted.
            (WebVideoFullscreenSessionModel::beginScanningBackward): Deleted.
            (WebVideoFullscreenSessionModel::endScanning): Deleted.
            (WebVideoFullscreenSessionModel::selectAudioMediaOption): Deleted.
            (WebVideoFullscreenSessionModel::selectLegibleMediaOption): Deleted.
            * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::~WebVideoFullscreenInterfaceAVKit):
            (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenModel):
            (WebVideoFullscreenInterfaceAVKit::setWebVideoFullscreenChangeObserver):
            (WebVideoFullscreenInterfaceAVKit::hasVideoChanged):
            (WebVideoFullscreenInterfaceAVKit::videoDimensionsChanged):
            (WebVideoFullscreenInterfaceAVKit::externalPlaybackChanged):
            (WebVideoFullscreenInterfaceAVKit::resetMediaState): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setDuration): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setCurrentTime): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setBufferedTime): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setRate): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setVideoDimensions): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setSeekableRanges): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setCanPlayFastReverse): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setAudioMediaSelectionOptions): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setLegibleMediaSelectionOptions): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setExternalPlayback): Deleted.
            (WebVideoFullscreenInterfaceAVKit::externalPlaybackEnabledChanged): Deleted.
            (WebVideoFullscreenInterfaceAVKit::setWirelessVideoPlaybackDisabled): Deleted.
            (WebVideoFullscreenInterfaceAVKit::wirelessVideoPlaybackDisabled): Deleted.
            * platform/mac/WebPlaybackSessionInterfaceMac.h:
            (WebCore::WebPlaybackSessionInterfaceMacClient::~WebPlaybackSessionInterfaceMacClient): Deleted.
            * platform/mac/WebPlaybackSessionInterfaceMac.mm:
            (WebCore::WebPlaybackSessionInterfaceMac::create):
            (WebCore::WebPlaybackSessionInterfaceMac::WebPlaybackSessionInterfaceMac):
            (WebCore::WebPlaybackSessionInterfaceMac::~WebPlaybackSessionInterfaceMac):
            (WebCore::WebPlaybackSessionInterfaceMac::durationChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::currentTimeChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::rateChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::seekableRangesChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::audioMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::legibleMediaSelectionOptionsChanged):
            (WebCore::WebPlaybackSessionInterfaceMac::invalidate):
            (WebCore::WebPlaybackSessionInterfaceMac::setWebPlaybackSessionModel): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setClient): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setDuration): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setCurrentTime): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setRate): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setSeekableRanges): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setAudioMediaSelectionOptions): Deleted.
            (WebCore::WebPlaybackSessionInterfaceMac::setLegibleMediaSelectionOptions): Deleted.
            * platform/mac/WebVideoFullscreenInterfaceMac.h:
            * platform/mac/WebVideoFullscreenInterfaceMac.mm:
            (WebCore::WebVideoFullscreenInterfaceMac::WebVideoFullscreenInterfaceMac):
            (WebCore::WebVideoFullscreenInterfaceMac::~WebVideoFullscreenInterfaceMac):
            (WebCore::WebVideoFullscreenInterfaceMac::setWebVideoFullscreenModel):
            (WebCore::WebVideoFullscreenInterfaceMac::externalPlaybackChanged):
            (WebCore::WebVideoFullscreenInterfaceMac::hasVideoChanged):
            (WebCore::WebVideoFullscreenInterfaceMac::videoDimensionsChanged):
            (WebCore::WebVideoFullscreenInterfaceMac::setDuration): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setCurrentTime): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setRate): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setSeekableRanges): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Deleted.
            (WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions): Deleted.

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r205246. rdar://problem/28162589

    2016-08-31  Antti Koivisto  <antti@apple.com>

            REGRESSION (r201701): Unable to copy from CodeMirror editor version used in Jenkins install website
            https://bugs.webkit.org/show_bug.cgi?id=161386
            <rdar://problem/27590077>

            Reviewed by Dan Bernstein.

            This CodeMirror version uses a hidden <textarea> to implement copy/paste. The textarea has width:1px; border-width:1px.
            Jenkins page has also has a stylesheet that contains * { box-sizing:border-box } and as a result the textarea content
            width gets computed as 0. With r201701 we use content size instead of box size for clipping and the textarea content is
            (correctly) considered invisible.

            Add a quirk that allows this to continue working.

            Test: editing/text-iterator/hidden-textarea-selection-quirk.html

            * editing/TextIterator.cpp:
            (WebCore::fullyClipsContents):

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r205417. rdar://problem/28018438

    2016-09-03  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls behave strangely when videos mute from within a playing handler
            https://bugs.webkit.org/show_bug.cgi?id=161559
            <rdar://problem/28018438>

            Reviewed by Darin Adler.

            Defer showing media controls until after the media element has fired its onplaying handler. This handles cases
            where videos that autoplay may initially meet the criteria for main content, but once the video begins to play,
            the page may change the media in some way (e.g. muting) that makes the video no longer main content. This causes
            media controls to flicker in and out.

            These changes are covered by existing unit tests, which have been refactored to check media controller state
            after all autoplaying videos have begun playing. Also adds an additional unit test.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::notifyAboutPlaying):
            (WebCore::HTMLMediaElement::hasEverNotifiedAboutPlaying):
            * html/HTMLMediaElement.h:
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canShowControlsManager):

2016-09-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r205412. rdar://problem/28014919

    2016-09-03  Wenson Hsieh  <wenson_hsieh@apple.com>

            Refactor the heuristic for showing media controls to take all media sessions into account
            https://bugs.webkit.org/show_bug.cgi?id=161503
            <rdar://problem/28033783>

            Reviewed by Darin Adler.

            Currently, when selecting a media session to show playback controls for, we grab the first media session that
            passes our heuristic. Using this method, we are unable to take additional factors into account, such as whether
            another media session's element is scrolled in view, or if another media session has been interacted with more
            recently. To address this, we make the following changes:

                1.  Consider the list of all MediaElementSessions.

                2.  Select only the MediaElementSessions capable of showing media controls and sort the list by a special
                    heuristic that takes visibility and time of last user interaction into account. The first element on
                    this list is the strongest candidate for main content.

                3.  If this strongest candidate is visible in the viewport, or it is playing with audio, we return this
                    as the chosen candidate. Otherwise, we return this session only if no other non-candidate video could be
                    confused as the main content (i.e. the non-candidate video is not only visible in the viewport, but also
                    large enough to be considered main content).

            Using this new method of determining the video to show controls for, we retain previous behavior for pages with
            a single video. On pages with multiple videos, the above logic ensures that if the current controlled video is
            paused, scrolled out of view, and then a new video is scrolled into view, we will either hide media controls to
            avoid confusion if that video could be confused for main content (using the mechanism in step 3), or we
            hook up the media controls to the new video if it satisfies main content (using the mechanism in step 2).

            This patch also adds 6 new TestWebKitAPI unit tests.

            * html/HTMLMediaElement.cpp:
            (WebCore::mediaElementSessionInfoForSession):
            (WebCore::preferMediaControlsForCandidateSessionOverOtherCandidateSession):
            (WebCore::mediaSessionMayBeConfusedWithMainContent):
            (WebCore::bestMediaSessionForShowingPlaybackControlsManager):
            (WebCore::HTMLMediaElement::didAttachRenderers):
            (WebCore::HTMLMediaElement::layoutSizeChanged):
            (WebCore::HTMLMediaElement::isVisibleInViewportChanged):
            (WebCore::HTMLMediaElement::resetPlaybackSessionState):
            (WebCore::HTMLMediaElement::isVisibleInViewport):
            (WebCore::HTMLMediaElement::updatePlaybackControlsManager):
            * html/HTMLMediaElement.h:
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::removeBehaviorRestriction):
            (WebCore::MediaElementSession::canShowControlsManager):
            (WebCore::MediaElementSession::isLargeEnoughForMainContent):
            (WebCore::MediaElementSession::mostRecentUserInteractionTime):
            (WebCore::MediaElementSession::wantsToObserveViewportVisibilityForMediaControls):
            (WebCore::MediaElementSession::wantsToObserveViewportVisibilityForAutoplay):
            (WebCore::MediaElementSession::resetPlaybackSessionState):
            (WebCore::MediaElementSession::canControlControlsManager): Deleted.
            * html/MediaElementSession.h:
            * platform/audio/PlatformMediaSession.h:
            (WebCore::PlatformMediaSession::resetPlaybackSessionState):
            (WebCore::PlatformMediaSession::canControlControlsManager): Deleted.
            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::currentSessionsMatching):
            (WebCore::PlatformMediaSessionManager::currentSessionMatching): Deleted.
            * platform/audio/PlatformMediaSessionManager.h:
            * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
            (WebPlaybackSessionModelMediaElement::setMediaElement):

2016-08-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r205193. rdar://problem/27529052

    2016-08-30  Wenson Hsieh  <wenson_hsieh@apple.com>

            Fix a typo introduced in r205184.
            https://bugs.webkit.org/show_bug.cgi?id=161380

            Reviewed by Tim Horton.

            Fixes a typo in an accessibility string: "Exit fullscreen" => "Exit Fullscreen"

            * platform/LocalizedStrings.cpp:
            (WebCore::exitFullScreenButtonAccessibilityTitle):

2016-08-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r205184. rdar://problem/27529052

    2016-08-30  Wenson Hsieh  <wenson_hsieh@apple.com>

            Exit fullscreen button in fullscreen media playback needs an accessibility string
            https://bugs.webkit.org/show_bug.cgi?id=161380

            Reviewed by Beth Dakin.

            Adds an accessibility string for the exit fullscreen button.

            * English.lproj/Localizable.strings:
            * platform/LocalizedStrings.cpp:
            (WebCore::exitFullScreenButtonAccessibilityTitle):
            * platform/LocalizedStrings.h:

2016-08-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r205044. rdar://problem/27933564

    2016-08-26  Beth Dakin  <bdakin@apple.com>

            charactersAroundPosition can be wrong because it crosses editing boundaries
            https://bugs.webkit.org/show_bug.cgi?id=161215
            -and corresponding-
            rdar://problem/27933564

            Reviewed by Ryosuke Niwa.

            charactersAroundPosition() should not cross editing boundaries. This patch fixes
            that by making nextCharacterBoundaryInDirection() take an
            EditingBoundaryCrossingRule parameter to pass onto VisiblePosition::next() and
            VisiblePosition::previous().

            * editing/VisibleUnits.cpp:
            (WebCore::nextCharacterBoundaryInDirection):
            (WebCore::positionOfNextBoundaryOfGranularity):
            (WebCore::charactersAroundPosition):

2016-08-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r204989. rdar://problem/28015116

    2016-08-25  Wenson Hsieh  <wenson_hsieh@apple.com>

            Dragging against the end of the inline media scrubber causes the media scrubber to hide
            https://bugs.webkit.org/show_bug.cgi?id=161207

            Reviewed by Eric Carlson.

            Previously, we would re-enable behavior restrictions when firing an ended event. However, if the ended event is
            caused by the user seeking to the end of the video, the media controls would be taken away from under the user.
            To prevent this, we don't add the relevant behavior restrictions upon media ended if media was seeking before
            firing the event.

            Tweaked an existing WebKit API test to cover this change.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
            (WebCore::HTMLMediaElement::addBehaviorRestrictionsOnEndIfNecessary):
            * html/HTMLMediaElement.h:
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canControlControlsManager):

2016-08-30  Babak Shafiei  <bshafiei@apple.com>

        Merge r204983. rdar://problem/27952772

    2016-08-25  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION (r203378): [iOS] The PDF image is rendered stretched if a sub image of it is cached first
            https://bugs.webkit.org/show_bug.cgi?id=160617

            Reviewed by Tim Horton.

            When caching only a sub-image of the PDF ensure the source rectangle starts
            at the top-left of the cached sub-image rectangle. When drawing the cached
            sub-image to the destination context ensure the destination rectangle is the
            sub-image rectangle so no stretching or shrinking happens.

            Test: fast/images/cached-clipped-pdf.html

            * page/Settings.cpp:
            (WebCore::Settings::Settings):
            (WebCore::Settings::setCachedPDFImageEnabled): Deleted.
            * page/Settings.h:
            (WebCore::Settings::isCachedPDFImageEnabled): Deleted.
            * page/Settings.in:
            Change the boolean setting CachedPDFImageEnabled to be enum property and
            rename it PDFImageCachingPolicy. Allow the "PDFImageCachingBelowMemoryLimit"
            option to be available on a;; platforms. The "PDFImageCachingClipBoundsOnly"
            option is added for testing purpose. If forces recaching the PDF with each
            draw and it sets the cached image rectangle to the clipping rectangle.

            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::setPdfImageCachingPolicy): Take an enum instead of boolean.
            (WebCore::cachedImageRect):
            (WebCore::PDFDocumentImage::decodedSizeChanged): Enable PDFImageCachingBelowMemoryLimit
            on all platforms.
            (WebCore::PDFDocumentImage::updateCachedImageIfNeeded): Fix the source rectangle
            when caching a sub-image of the PDF.
            (WebCore::PDFDocumentImage::draw): Fix the destination rectangle when drawing
            a sub-image to the destination context.
            (WebCore::PDFDocumentImage::setCachedPDFImageEnabled): Deleted.
            * platform/graphics/cg/PDFDocumentImage.h:

            * rendering/RenderImage.cpp:
            (WebCore::RenderImage::paintIntoRect):

            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup):
            (WebCore::InternalSettings::Backup::restoreTo):
            (WebCore::InternalSettings::setPDFImageCachingPolicy):
            (WebCore::InternalSettings::setCachedPDFImageEnabled): Deleted.
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:
            Change the internal setting CachedPDFImageEnabled to PDFImageCachingPolicy.

2016-08-30  Babak Shafiei  <bshafiei@apple.com>

        Merge r203542. rdar://problem/27991570

    2016-07-21  John Wilander  <wilander@apple.com>

            Block mixed content synchronous XHR
            https://bugs.webkit.org/show_bug.cgi?id=105462
            <rdar://problem/13666424>

            Reviewed by Brent Fulgham.

            Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::loadRequest):

2016-08-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r204521. rdar://problem/27075526

    2016-08-16  Brent Fulgham  <bfulgham@apple.com>

            Upgrade-Insecure-Request state is improperly retained between navigations
            https://bugs.webkit.org/show_bug.cgi?id=160905
            <rdar://problem/27075526>

            Reviewed by Andy Estes.

            Correct the handling of Upgrade-Insecure-Request state to match the specification, so that
            performing top-level navigation to sites that do not have the Upgrade-Insecure-Request header
            does not automatically upgrade insecure loads. The same loads performed in an iframe should
            be upgraded.

            The iframe case was already handled in our tests, but a new test is added that models the top-level
            navigation and confirms that an upgrade is not performed.

            Tests: http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-uir-on-navigation.html

            * dom/Document.cpp:
            (WebCore::Document::initContentSecurityPolicy): Properly inherit Upgrade-Insecure-Request state for children
            of existing frames.
            * loader/DocumentWriter.cpp:
            (WebCore::DocumentWriter::begin): Retain the history of upgraded resources (per the specification) so that
            we continue to upgrade resources that were upgraded during earlier navigations. Note that we do NOT want to
            retain the state of the Upgrade-Insecure-Requests header itself.
            * page/csp/ContentSecurityPolicy.cpp:
            (WebCore::ContentSecurityPolicy::copyStateFrom): Update to use new helper function.
            (WebCore::ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom): New helper function.
            * page/csp/ContentSecurityPolicy.h:

2016-08-23  Babak Shafiei  <bshafiei@apple.com>

        Merge r204610. rdar://problem/27750446

    2016-08-18  Beth Dakin  <bdakin@apple.com>

            Update the accessibility titles for list insertion
            https://bugs.webkit.org/show_bug.cgi?id=160972
            -and corresponding-
            rdar://problem/27750446

            Reviewed by Chris Fleizach.

            Update accessibility titles based on feedback.
            * English.lproj/Localizable.strings:
            * platform/LocalizedStrings.cpp:
            (WebCore::insertListTypeNone):
            (WebCore::insertListTypeBulleted):
            (WebCore::insertListTypeBulletedAccessibilityTitle):
            (WebCore::insertListTypeNumbered):
            (WebCore::insertListTypeNumberedAccessibilityTitle):
            (WebCore::insertListTypeNoneAccessibilityTitle): Deleted.
            * platform/LocalizedStrings.h:

2016-08-17  Babak Shafiei  <bshafiei@apple.com>

        Merge r204587. rdar://problem/27807479

    2016-08-17  Anders Carlsson  <andersca@apple.com>

            Add support for additional networks
            https://bugs.webkit.org/show_bug.cgi?id=160951
            rdar://problem/27807479

            Reviewed by Sam Weinig.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::createSupportedNetworks):
            (WebCore::createPaymentRequest):
            (WebCore::ApplePaySession::create):
            * Modules/applepay/PaymentRequest.cpp:
            (WebCore::isAdditionalValidSupportedNetwork):
            (WebCore::PaymentRequest::isValidSupportedNetwork):
            * Modules/applepay/PaymentRequest.h:
            (WebCore::PaymentRequest::supportedNetworks):
            (WebCore::PaymentRequest::setSupportedNetworks):
            * Modules/applepay/PaymentRequestValidator.cpp:
            (WebCore::PaymentRequestValidator::validateSupportedNetworks):
            * Modules/applepay/PaymentRequestValidator.h:

2016-08-09  Babak Shafiei  <bshafiei@apple.com>

        Merge r204274. rdar://problem/27688892

    2016-08-08  Jeremy Jones  <jeremyj@apple.com>

            Clear fullscreen mode state after exiting fullscreen mode to keep state in sync.
            https://bugs.webkit.org/show_bug.cgi?id=160668

            Reviewed by Jon Lee.

            When exiting fullscreen while in auto picture in picture mode, fullscreen mode gets
            out of sync, causing exit fullscreen to fail. This change updates the state
            to keep it correct.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::exitFullscreen):

2016-08-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r204210. rdar://problem/27592694

    2016-08-05  Jeremy Jones  <jeremyj@apple.com>

            revert r202466 r202546 this causes regressions in media loading with temporary redirects.
            https://bugs.webkit.org/show_bug.cgi?id=160613

            Reviewed by Jon Lee.

            No new tests. Skipping two tests.

            This reverts a change that attempted to fix temporary redirects with media loading.
            The change introduced problems. Reverting this to require media stack to properly
            handle redirects.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
            (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
            * platform/network/cocoa/WebCoreNSURLSession.h:
            * platform/network/cocoa/WebCoreNSURLSession.mm:
            (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
            (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]): Deleted.
            (-[WebCoreNSURLSession dataTaskWithRequest:]): Deleted.
            (-[WebCoreNSURLSession dataTaskWithURL:]): Deleted.
            (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Deleted.
            (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.

2016-08-05  Babak Shafiei  <bshafiei@apple.com>

        Rollout r204169. rdar://problem/27592694

2016-08-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r204159. rdar://problem/27669831

    2016-08-04  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] Some videos in iBooks erroneously go fullscreen
            https://bugs.webkit.org/show_bug.cgi?id=160582
            <rdar://problem/27669831>

            Reviewed by Jon Lee.

            No new tests because we can't currently mock the iBooks application bundle ID.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):

2016-08-05  Babak Shafiei  <bshafiei@apple.com>

        Merge r204128. rdar://problem/27592694

    2016-08-04  Jeremy Jones  <jeremyj@apple.com>

            Temporary redirected m3u8 streaming stopped working.
            https://bugs.webkit.org/show_bug.cgi?id=160472
            rdar://problem/27592694

            Reviewed by Alex Christensen.

            Test: http/tests/media/hls/hls-redirect.html

            The change for https://trac.webkit.org/changeset/202466 hides knowledge of the temporary redirected URL from
            WebCoreNSURLSession clients. MPEG playlists (e.g. .m3u8) can contain paths relative to the redirected URL.

            This change exposes the redirected URL for MPEG playlists.

            * platform/MIMETypeRegistry.cpp:
            (WebCore::initializeMPEGPlaylistMIMETypes): Added.
            (WebCore::initializeMIMETypeRegistry):
            (WebCore::MIMETypeRegistry::isMPEGPlaylistMIMEType): Added.
            * platform/MIMETypeRegistry.h:
            * platform/network/cocoa/WebCoreNSURLSession.mm:
            (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Add MPEG playlist condition.
            (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Add MPEG playlist condition.

2016-08-04  Babak Shafiei  <bshafiei@apple.com>

        Rollout r204132. rdar://problem/27685273

2016-08-04  Babak Shafiei  <bshafiei@apple.com>

        Merge r204107. rdar://problem/27685273

    2016-08-03  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] SF-Heavy is not accessible from web content
            https://bugs.webkit.org/show_bug.cgi?id=160522
            <rdar://problem/27685273>

            Reviewed by Simon Fraser.

            The mappings we were using from CSS font-weight to CoreText font weight were inaccurate.
            Instead, these new mappings should be used.

            Test: fast/text/system-font-weight.html

            * platform/graphics/ios/FontCacheIOS.mm:
            (WebCore::systemFontModificationAttributes):

2016-08-04  Babak Shafiei  <bshafiei@apple.com>

        Merge r204100. rdar://problem/27310475

    2016-08-03  Eric Carlson  <eric.carlson@apple.com>

            [Mac] Work around AVPlayer setMuted bug
            https://bugs.webkit.org/show_bug.cgi?id=160519
            <rdar://problem/27310475>

            Reviewed by Dean Jackson.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: Only override
            supportsMuting on iOS.

2016-08-03  Babak Shafiei  <bshafiei@apple.com>

        Rollout r204068. rdar://problem/27547583

2016-08-03  Babak Shafiei  <bshafiei@apple.com>

        Rollout r204086. rdar://problem/27547583

2016-08-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r204089. rdar://problem/27313234

    2016-08-03  Eric Carlson  <eric.carlson@apple.com>

            Cleanup HTMLMediaElement track lists.
            https://bugs.webkit.org/show_bug.cgi?id=160470

            Reviewed by Brent Fulgham.

            * html/track/AudioTrack.cpp:
            (WebCore::AudioTrack::willRemove): Remove unnecessary ASSERT and NULL check.

            * html/track/TextTrackList.cpp:
            (TextTrackList::~TextTrackList): Call clearElement so media element and client pointers are
            cleared.

2016-08-03  Babak Shafiei  <bshafiei@apple.com>

        Merge r204082. rdar://problem/27547583

    2016-08-03  Eric Carlson  <eric.carlson@apple.com>

            [Mac][iOS] Adopt MediaRemote "seek to playback position"
            https://bugs.webkit.org/show_bug.cgi?id=160405
            <rdar://problem/27547583>

            Reviewed by Dean Jackson.

            * platform/ios/RemoteCommandListenerIOS.mm:
            (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS): Fix a typo.

2016-08-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r204050. rdar://problem/27313234

    2016-08-02  Eric Carlson  <eric.carlson@apple.com>

            Cleanup HTMLMediaElement track lists.
            https://bugs.webkit.org/show_bug.cgi?id=160470

            Reviewed by David Kilzer.

            Test: media/range-extract-contents-crash.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::~HTMLMediaElement):

            * html/track/AudioTrack.cpp:
            (WebCore::AudioTrack::willRemove): ASSERT if media element is NULL.

            * html/track/TextTrackList.cpp:
            (TextTrackList::clearElement): Clear track media element pointers and client.
            * html/track/TextTrackList.h:

            * html/track/TrackListBase.cpp:
            (TrackListBase::~TrackListBase): Call clearElement.
            (TrackListBase::clearElement): Clear track media element pointers and client.
            * html/track/TrackListBase.h:

2016-08-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r204062. rdar://problem/27592936

    2016-08-02  Nan Wang  <n_wang@apple.com>

            AX: Simulated touch events are not working on iOS
            https://bugs.webkit.org/show_bug.cgi?id=160395
            <rdar://problem/27633597>

            Reviewed by Chris Fleizach.

            We should mark the simulated touch as a potential tap otherwise it won't
            be handled on iOS. Also, we need to dispatch both touch start and touch end
            to mimic the real touch events. Last, added a has event listeners check,
            because iOS is dispatching mouse click events for elements without touch event
            listeners.

            Test: accessibility/ios-simulator/press-fires-touch-events.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::press):
            (WebCore::AccessibilityObject::dispatchTouchEvent):
            * page/ios/EventHandlerIOS.mm:
            (WebCore::EventHandler::dispatchSimulatedTouchEvent):
            * platform/ios/PlatformEventFactoryIOS.mm:
            (WebCore::PlatformTouchEventBuilder::PlatformTouchEventBuilder):

2016-08-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r203955. rdar://problem/27629346

    2016-07-31  Nan Wang  <n_wang@apple.com>

            AX: Add a check for touch event listener on iOS accessibility object
            https://bugs.webkit.org/show_bug.cgi?id=160388

            Reviewed by Chris Fleizach.

            dispatchTouchEvent() is not working correctly within AXPress() sometimes. Need to
            investigate it more in the future. Now, adding a check for the touch event listener
            on the object's node so that iOS can handle dispatching the touch event instead.

            Test: accessibility/ios-simulator/has-touch-event-listener.html

            * accessibility/AccessibilityObject.h:
            * accessibility/ios/AccessibilityObjectIOS.mm:
            (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
            (WebCore::AccessibilityObject::hasTouchEventListener):
            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (appendStringToResult):
            (-[WebAccessibilityObjectWrapper _accessibilityHasTouchEventListener]):
            (-[WebAccessibilityObjectWrapper _accessibilityValueIsAutofilled]):

2016-08-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r203984. rdar://problem/27409854

    2016-08-01  Eric Carlson  <eric.carlson@apple.com>

            [iOS] A video element that does not pause after exiting from fullscreen should be allowed to continue playing inline
            https://bugs.webkit.org/show_bug.cgi?id=160416
            <rdar://problem/27409854>

            Reviewed by Alex Christensen.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::exitFullscreen): If playback normally requires fullscreen but the
            element was not paused when exiting from fullscreen, set the 'playsinline' attribute so we won't
            force fullscreen if playback is paused and resumes, and set the 'controls' attribute so the
            user can control playback.

2016-08-02  Babak Shafiei  <bshafiei@apple.com>

        Merge r203982. rdar://problem/27547583

    2016-08-01  Eric Carlson  <eric.carlson@apple.com>

            [Mac][iOS] Adopt MediaRemote "seek to playback position"
            https://bugs.webkit.org/show_bug.cgi?id=160405
            <rdar://problem/27547583>

            Reviewed by Dean Jackson.

            Test: media/remote-control-command-seek.html

            * Modules/webaudio/AudioContext.h: Update for didReceiveRemoteControlCommand argument change.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand): Support SeekToPlaybackPositionCommand.
            Drive by fix, support Stop command.
            (WebCore::HTMLMediaElement::supportsSeeking): New.
            * html/HTMLMediaElement.h:

            * platform/RemoteCommandListener.h:
            (WebCore::RemoteCommandListenerClient::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::RemoteCommandListenerClient::supportsSeeking): New.
            (WebCore::RemoteCommandListener::updateSupportedCommands): Ditto.
            (WebCore::RemoteCommandListener::client): Ditto.

            * platform/audio/PlatformMediaSession.cpp:
            (WebCore::PlatformMediaSession::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::PlatformMediaSession::supportsSeeking): New, pass through to client.
            * platform/audio/PlatformMediaSession.h:

            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::setCurrentSession): Tell remote command listener to
            update supported commands.
            (WebCore::PlatformMediaSessionManager::currentSession): Make const.
            (WebCore::PlatformMediaSessionManager::didReceiveRemoteControlCommand): Add command argument.
            (WebCore::PlatformMediaSessionManager::supportsSeeking): New, pass through to session.
            * platform/audio/PlatformMediaSessionManager.h:

            * platform/ios/RemoteCommandListenerIOS.h:
            (WebCore::RemoteCommandListenerIOS::createWeakPtr):
            * platform/ios/RemoteCommandListenerIOS.mm:
            (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS): Support changePlaybackPositionCommand.
            (WebCore::RemoteCommandListenerIOS::~RemoteCommandListenerIOS): Remove seekToTime target.
            (WebCore::RemoteCommandListenerIOS::updateSupportedCommands): Update changePlaybackPositionCommand.

            * platform/mac/MediaRemoteSoftLink.cpp:
            * platform/mac/MediaRemoteSoftLink.h:

            * platform/mac/RemoteCommandListenerMac.h:
            * platform/mac/RemoteCommandListenerMac.mm:
            (WebCore::RemoteCommandListenerMac::updateSupportedCommands): New, split out of constructor.
            (WebCore::RemoteCommandListenerMac::RemoteCommandListenerMac): Split setup logic out into
            updateSupportedCommands. Support MRMediaRemoteCommandSeekToPlaybackPosition. Don't assert when
            receiving an unsupported command, it happens. Return error when a command isn't supported or
            fails.

            * testing/Internals.cpp:
            (WebCore::Internals::postRemoteControlCommand): Add command argument parameter. Support
            seektoplaybackposition.
            * testing/Internals.h:
            * testing/Internals.idl:

2016-08-01  Babak Shafiei  <bshafiei@apple.com>

        Merge r203985. rdar://problem/26310261

    2016-08-01  Antti Koivisto  <antti@apple.com>

            REGRESSION(r198943): drop-down menu navigation on fiddlevideo.com doesn't appear on iOS, works on OS X
            https://bugs.webkit.org/show_bug.cgi?id=160406
            rdar://problem/26310261

            Reviewed by Simon Fraser.

            On iOS we generate synthetic mouse events from taps. Click event is generated on tap only if the move event
            doesn't produce visible changes to the document. This is important to make certain types of drop down menus
            work.

            The information on mutations is passed via WKContentObservation side channel which is updated from varous parts
            of the code. Newly visible elements are detected CheckForVisibilityChangeOnRecalcStyle during style resolution.
            This got broken by the style refactoring because it assumes that renderer is mutated along with style computation.
            However mutation is now a separate step performed by RenderTreeUpdater.

            Fix by moving CheckForVisibilityChange to RenderTreeUpdater.

            Test: fast/content-observation/click-event-suppression-on-content-change.html

            * style/RenderTreeUpdater.cpp:
            (WebCore::RenderTreeUpdater::Parent::Parent):
            (WebCore::RenderTreeUpdater::updateElementRenderer):
            (WebCore::RenderTreeUpdater::tearDownRenderer):
            (WebCore::elementImplicitVisibility):
            (WebCore::CheckForVisibilityChange::CheckForVisibilityChange):
            (WebCore::CheckForVisibilityChange::~CheckForVisibilityChange):
            * style/StyleTreeResolver.cpp:
            (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
            (WebCore::Style::TreeResolver::pushParent):
            (WebCore::Style::TreeResolver::resolveComposedTree):
            (WebCore::Style::elementImplicitVisibility): Deleted.
            (WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::CheckForVisibilityChangeOnRecalcStyle): Deleted.
            (WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::~CheckForVisibilityChangeOnRecalcStyle): Deleted.

2016-08-01  Babak Shafiei  <bshafiei@apple.com>

        Roll out r203799.

2016-08-01  Babak Shafiei  <bshafiei@apple.com>

        Merge r203976. rdar://problem/27580049

    2016-08-01  Antti Koivisto  <antti@apple.com>

            REGRESSION (r196383): Drop down CSS menus not working on cnet.com, apmex.com
            https://bugs.webkit.org/show_bug.cgi?id=160390

            Reviewed by Simon Fraser.

            The case here is that we have a rule like

                .enableHover:hover .child { ... }

            and the "enableHover" class is added dynamically. The class change invalidation optimization code would figure out
            that nothing needs to be invalidated as the class change doesn't make the rule match (since :hover doesn't match).

            However for event driven hover to actually work the hover element needs to have its childrenAffectedByHover bit set.
            This bits is set when the selector match is attempted, whether it actually matches or not. Since we optimized away
            the style invalidation we never set the bit either.

            Fix by treating :hover as always matching (==ignored) when collecting rules for invalidation optimization purposes.
            Dynamic pseudo elements are already treated this way for similar reasons.

            Test: fast/selectors/hover-invalidation-descendant-dynamic.html

            * css/SelectorChecker.cpp:
            (WebCore::SelectorChecker::checkOne):

                Match always in CollectingRulesIgnoringVirtualPseudoElements mode (now slightly misnamed).

                This mode is used for optimization purposes in StyleInvalidationAnalysis (which we care about here) and
                StyleSharingResolver. The change is fine for both.

            * cssjit/SelectorCompiler.cpp:
            (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):

                Same change for the slow path selector checker.

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203931. rdar://problem/27317407

    2016-07-29  Daniel Bates  <dabates@apple.com>

            Crash under HTMLMediaElement::{resolve, reject}PendingPlayPromises() when playback is interrupted
            https://bugs.webkit.org/show_bug.cgi?id=160366
            <rdar://problem/27317407>

            Reviewed by Eric Carlson.

            Fixes a crash/assertion failure in DeferredWrapper::{resolve, rejectWithValue}() caused by a Promise
            being settled twice. In particular, if a system interruption occurs when media.play() is invoked
            the returned Promise may ultimately be settled twice upon cessation of the interruption.

            A Promise can be settled (resolved) exactly once. When a system interruption occurs media
            playback is paused and resumes on cessation of the interruption. Currently we also immediately
            reject the Promise p retuned by media.play() if the interruption occurs during its invocation.
            So, when we resume playback on cessation of an interruption we try to resolve p again. But a
            Promise can only be resolved once and hence we violate the assertions that p has both a valid
            reference to a JSPromiseDeferred object and a reference to the global object of the page.

            Tests: media/non-existent-video-playback-interrupted.html
                   media/video-playback-interrupted.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::play): Modified to reject the Promise and return immediately if
            playInternal() returns false.
            (WebCore::HTMLMediaElement::playInternal): Treat an interruption as success and return true
            so that HTMLMediaElement::play() adds the Promise to the end of the list of pending promises.
            We treat an interruption as a success because we will resume playback (assuming the media
            can be loaded and is well-formed) upon cessation of the interruption and therefore can either
            fulfill or reject the Promise object returned by media.play().

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203928. rdar://problem/27179484

    2016-07-29  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls are not displayed for some autoplaying videos at certain browser dimensions
            https://bugs.webkit.org/show_bug.cgi?id=160360
            <rdar://problem/27179484>

            Reviewed by Myles C. Maxfield.

            Previously, if a video's aspect ratio fell outside of the range [0.5, 1.8], we would
            not consider it main content and would subsequently not show media controls for it.
            This meant that on many websites that scale video dimensions to match the mainframe,
            if the mainframe is too wide (e.g. full bounds on a widescreen display) we would not
            consider the video to be main content. To fix this, we only consider aspect ratio to
            be a requirement if the video does not already take up most of the space in the
            mainframe.

            Covered by two new TestWebKitAPI unit tests.

            * html/MediaElementSession.cpp:
            (WebCore::isElementLargeRelativeToMainFrame):
            (WebCore::isElementLargeEnoughForMainContent):

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203924. rdar://problem/27355214

    2016-07-29  Zalan Bujtas  <zalan@apple.com>

            Do not set negative rate on AVSampleBufferRenderSynchronizer.
            https://bugs.webkit.org/show_bug.cgi?id=160326
            <rdar://problem/27355214>

            Reviewed by Eric Carlson.

            Test: http/tests/media/media-source/mediasource-play-then-seek-back-with-remote-control.html

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setRateDouble):

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203916. rdar://problem/27594995

    2016-07-29  Myles C. Maxfield  <mmaxfield@apple.com>

            Backspace key removes only the rainbow from the rainbow flag
            https://bugs.webkit.org/show_bug.cgi?id=160349
            <rdar://problem/27594995>

            Reviewed by Dean Jackson.

            In r203330 I added support for new emoji group candidates. I accidentally
            missed one of the new emoji code points.

            Test: editing/deleting/delete-emoji.html

            * platform/text/CharacterProperties.h:
            (WebCore::isEmojiGroupCandidate):

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203913. rdar://problem/27558003

    2016-07-29  Nan Wang  <n_wang@apple.com>

            AX: Media controls accessibility improvement
            https://bugs.webkit.org/show_bug.cgi?id=160223
            <rdar://problem/27558003>

            Reviewed by Eric Carlson.

            Changes in this patch:
            1. Added a change observer for volume slider so that it will handle accessibility
               increment/decrement functions correctly.
            2. Update the timer div's aria-label when time changes.
            3. Added a keydown handler for left/right arrow adjusting the timeline, so that the
               value increment/decrement in a reasonable way.
            4. Changed the mute button's role to checkbox since it only has on/off states.

            Test: media/media-controls-accessibility.html

            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.createControls):
            (Controller.prototype.updatePictureInPictureButton):
            (Controller.prototype.timelineStepFromVideoDuration):
            (Controller.prototype.incrementTimelineValue):
            (Controller.prototype.decrementTimelineValue):
            (Controller.prototype.showInlinePlaybackPlaceholderWhenSafe):
            (Controller.prototype.handleTimelineMouseUp):
            (Controller.prototype.handleTimelineKeyDown):
            (Controller.prototype.handleMuteButtonClicked):
            (Controller.prototype.handleMinButtonClicked):
            (Controller.prototype.handleMaxButtonClicked):
            (Controller.prototype.updateVideoVolume):
            (Controller.prototype.handleVolumeSliderInput):
            (Controller.prototype.handleVolumeSliderChange):
            (Controller.prototype.handleVolumeSliderMouseDown):
            (Controller.prototype.updateTime):
            (Controller.prototype.updateControlsWhileScrubbing):
            (Controller.prototype.updateVolume):

2016-07-31  Babak Shafiei  <bshafiei@apple.com>

        Merge r203799. rdar://problem/27556788

    2016-07-27  Eric Carlson  <eric.carlson@apple.com>

            Captions do not render in PiP window when element is hidden
            https://bugs.webkit.org/show_bug.cgi?id=160265
            <rdar://problem/27556788>

            Reviewed by Simon Fraser.

            * html/shadow/MediaControlElements.cpp:
            (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage): Pass new flag so
            caption layers are always rendered.

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::paintLayerContents): Paint non-visible layers when PaintLayerIgnoreVisibility
            flag is set.
            * rendering/RenderLayer.h: Define PaintLayerIgnoreVisibility.

2016-07-29  Babak Shafiei  <bshafiei@apple.com>

        Merge r203904. rdar://problem/27610935

    2016-07-29  Eric Carlson  <eric.carlson@apple.com>

            Change internal AVCaptureDeviceType typedef name
            https://bugs.webkit.org/show_bug.cgi?id=160345
            <rdar://problem/27610935>

            Reviewed by Dean Jackson.

            * platform/mediastream/mac/AVAudioCaptureSource.mm:
            (WebCore::AVAudioCaptureSource::create): AVCaptureDeviceType -> AVCaptureDeviceTypedef
            (WebCore::AVAudioCaptureSource::AVAudioCaptureSource): Ditto.

            * platform/mediastream/mac/AVCaptureDeviceManager.mm:
            (WebCore::AVCaptureDeviceManager::captureDeviceList): Ditto.
            (WebCore::shouldConsiderDeviceInDeviceList): Ditto.
            (WebCore::AVCaptureDeviceManager::refreshCaptureDeviceList): Ditto.
            (WebCore::AVCaptureDeviceManager::createMediaSourceForCaptureDeviceWithConstraints): Ditto.
            (WebCore::AVCaptureDeviceManager::deviceConnected): Ditto.
            (WebCore::AVCaptureDeviceManager::deviceDisconnected): Ditto.
            (-[WebCoreAVCaptureDeviceManagerObserver deviceDisconnected:]): Ditto.

            * platform/mediastream/mac/AVMediaCaptureSource.mm:
            (WebCore::globaVideoCaptureSerialQueue): Ditto.
            (WebCore::AVMediaCaptureSource::AVMediaCaptureSource): Ditto.

            * platform/mediastream/mac/AVVideoCaptureSource.mm:
            (WebCore::AVVideoCaptureSource::create): Ditto.
            (WebCore::AVVideoCaptureSource::AVVideoCaptureSource): Ditto.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203825. rdar://problem/27578447

    2016-07-28  Dean Jackson  <dino@apple.com>

            REGRESSION (r202880): Default controls pip glyph inverted
            https://bugs.webkit.org/show_bug.cgi?id=160304
            <rdar://problem/27578447>

            Reviewed by Eric Carlson.

            I accidentally committed the "Exit Picture-in-picture" glyph
            for the "Enter Picture-in-picture" buttons :(

            * Modules/mediacontrols/mediaControlsApple.css:
            (video::-webkit-media-controls-panel .picture-in-picture-button):
            Use the correct artwork.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203789. rdar://problem/27574519

    2016-07-27  Anders Carlsson  <andersca@apple.com>

            Stop accepting the deprecated "requiredShippingAddressFields" and "requiredBillingAddressFields" properties
            https://bugs.webkit.org/show_bug.cgi?id=160264
            rdar://problem/27574519

            Reviewed by Simon Fraser.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::createPaymentRequest):
            (WebCore::isValidPaymentRequestPropertyName):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203801. rdar://problem/26102954

    2016-07-27  Beth Dakin  <bdakin@apple.com>

            Add localizable strings for inserting list types
            https://bugs.webkit.org/show_bug.cgi?id=160233
            -and corresponding-
            rdar://problem/26102954

            Reviewed by Dan Bernstein.

            * English.lproj/Localizable.strings:
            * platform/LocalizedStrings.cpp:
            (WebCore::insertListTypeNone):
            (WebCore::insertListTypeNoneAccessibilityTitle):
            (WebCore::insertListTypeBulleted):
            (WebCore::insertListTypeBulletedAccessibilityTitle):
            (WebCore::insertListTypeNumbered):
            (WebCore::insertListTypeNumberedAccessibilityTitle):
            * platform/LocalizedStrings.h:

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203764. rdar://problem/27434423

    2016-07-26  Myles C. Maxfield  <mmaxfield@apple.com>

            [iOS] SF-Heavy is inaccessible by web content
            https://bugs.webkit.org/show_bug.cgi?id=160186
            <rdar://problem/27434423>

            Reviewed by Dean Jackson.

            Once we create the system font, we need to modify it with the appropriate weight.
            This is because the CoreText API we use to get the system font on iOS does not
            let us choose the exact weight we want.

            Test: fast/text/system-font-weight.html

            * platform/graphics/ios/FontCacheIOS.mm:
            (WebCore::baseSystemFontDescriptor):
            (WebCore::systemFontModificationAttributes):
            (WebCore::systemFontDescriptor):
            (WebCore::platformFontWithFamilySpecialCase):
            * platform/spi/cocoa/CoreTextSPI.h:

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203775. rdar://problem/23325160

    2016-07-27  Carlos Garcia Campos  <cgarcia@igalia.com>

            [Soup] Test http/tests/xmlhttprequest/auth-reject-protection-space.html fails since added in r203743
            https://bugs.webkit.org/show_bug.cgi?id=160235

            Reviewed by Michael Catanzaro.

            It times out in release and crashes in debug due to an ASSERT_NOT_REACHED(). The soup backend doesn't really
            support rejecting the protection space and continuing with the next one, but we can at least continue with the
            request without crendential to make the test pass.

            * platform/network/soup/ResourceHandleSoup.cpp:
            (WebCore::ResourceHandle::receivedChallengeRejection):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203743. rdar://problem/23325160

    2016-07-26  David Kilzer <ddkilzer@apple.com>

            Networking process crash due to missing -[WebCoreAuthenticationClientAsChallengeSender performDefaultHandlingForAuthenticationChallenge:] implementation
            https://bugs.webkit.org/show_bug.cgi?id=156947
            <rdar://problem/23325160>

            Reviewed by Alex Christensen.

            Test: http/tests/xmlhttprequest/auth-reject-protection-space.html

            * platform/network/mac/AuthenticationMac.mm:
            (-[WebCoreAuthenticationClientAsChallengeSender performDefaultHandlingForAuthenticationChallenge:]): Added.
            (-[WebCoreAuthenticationClientAsChallengeSender rejectProtectionSpaceAndContinueWithChallenge:]): Added.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203855. rdar://problem/27557968

    2016-07-28  Myles C. Maxfield  <mmaxfield@apple.com>

            Remove deprecated SPI for video inline / fullscreen controls
            https://bugs.webkit.org/show_bug.cgi?id=160318

            Reviewed by Tim Horton.

            r203752 deprecated the SPI allowsInlineMediaPlaybackWithPlaysInlineAttribute
            and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute (in favor of
            inlineMediaPlaybackRequiresPlaysInlineAttribute). This patch removes the
            deprecated SPI symbols.

            No new tests because there is no behavior change.

            * page/Settings.cpp:
            * page/Settings.in:
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup): Deleted.
            (WebCore::InternalSettings::Backup::restoreTo): Deleted.
            (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute): Deleted.
            (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute): Deleted.
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203752. rdar://problem/27557968

    2016-07-26  Myles C. Maxfield  <mmaxfield@apple.com>

            [iPhone] Playing a video on tudou.com plays only sound, no video
            https://bugs.webkit.org/show_bug.cgi?id=160178
            <rdar://problem/27535468>

            Reviewed by Eric Carlson and Dan Bernstein.

            This patch re-implements r203520 in a much simpler way which doesn't involve a new SPI.
            The biggest problem with r203520 is that it make it impossible for a WKWebView to match
            MobileSafari's behavior. Instead of adding this new SPI, a simple version check should
            be used to keep old apps working.

            The new behavior is characterized by the following table:

                                                 |                iOS                 |      Non-iOS
            =============================================================================================
            requiresPlayInlineAttribute == true  | Old app: honor -webkit-playsinline | honor playsinline
                                                 | New app: honor playsinline         | honor playsinline
            ---------------------------------------------------------------------------------------------
            requiresPlayInlineAttribute == false | Always inline                      | Always inline

            Specifically, this patch reverts r203545 which is the commit which actually removes
            the old SPI. As soon as Safari is migrated back to this old SPI, I'll remove the two
            new SPIs added in r203520.

            Tests: media/video-playsinline.html
                   media/video-webkit-playsinline.html

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
            * page/Settings.cpp:
            * page/Settings.in:
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup):
            (WebCore::InternalSettings::Backup::restoreTo):
            (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute):
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203746. rdar://problem/27527151

    2016-07-26  Anders Carlsson  <andersca@apple.com>

            onpaymentauthorized callback not received when authorizing for a second time
            https://bugs.webkit.org/show_bug.cgi?id=160218
            rdar://problem/27527151

            Reviewed by Tim Horton.

            Only null out the active session if the status is a final state status.

            * Modules/applepay/PaymentCoordinator.cpp:
            (WebCore::PaymentCoordinator::completePaymentSession):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203737. rdar://problem/21090897

    2016-07-26  Eric Carlson  <eric.carlson@apple.com>

            Occasional crash in WebCore::RenderVTTCue::initializeLayoutParameters
            https://bugs.webkit.org/show_bug.cgi?id=160208

            Reviewed by Darin Adler.

            * rendering/RenderVTTCue.cpp:
            (WebCore::RenderVTTCue::initializeLayoutParameters): Return when firstChild is NULL so a
            release build will not crash.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203711. rdar://problem/27279453

    2016-07-25  Nan Wang  <n_wang@apple.com>

            AX: Expose autoFillButtonType to accessibility
            https://bugs.webkit.org/show_bug.cgi?id=160179

            Reviewed by Chris Fleizach.

            Added a new attribute on Mac to expose the auto-fill button type.

            Changes are covered in modified test.

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::isValueAutofillAvailable):
            (WebCore::AccessibilityObject::valueAutofillButtonType):
            (WebCore::AccessibilityObject::isValueAutofilled):
            * accessibility/AccessibilityObject.h:
            (WebCore::AccessibilityObject::passwordFieldValue):
            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203706. rdar://problem/27457941

    2016-07-25  Jeremy Jones  <jeremyj@apple.com>

            Set MediaRemote playback state based on MediaSession playback state.
            https://bugs.webkit.org/show_bug.cgi?id=160177

            Reviewed by Eric Carlson.

            Use playback session state to update media remote playback state instead of
            unconditionally setting it to playing.

            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203698. rdar://problem/26986673

    2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls should not be displayed for a video until it starts playing
            https://bugs.webkit.org/show_bug.cgi?id=160092
            <rdar://problem/26986673>

            Reviewed by Beth Dakin.

            For videos that have never played back yet, we should not show media controls. To ensure this
            behavior, we ensure that the playback behavior restriction is set upon creating the media
            element. This restriction is then removed when the media element begins to play.

            Added two new WebKit API tests.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203695. rdar://problem/27010112

    2016-07-25  Brady Eidson  <beidson@apple.com>

            Allow LocalStorage by default for file URLs.
            https://bugs.webkit.org/show_bug.cgi?id=160169

            Reviewed by Brent Fulgham.

            Test: storage/domstorage/localstorage/file-can-access.html

            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::canAccessStorage): Remove the m_universalAccess check for local URLs.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203694. rdar://problem/27220338

    2016-07-25  Nan Wang  <n_wang@apple.com>

            AX: AccessibilityRenderObject is adding duplicated children when CSS first-letter is being used.
            https://bugs.webkit.org/show_bug.cgi?id=160155

            Reviewed by Chris Fleizach.

            We were adding the same text node twice if CSS first-letter selector was being used. Added a
            check for the inline continuation so that we only add it once.

            Test: accessibility/mac/css-first-letter-children.html

            * accessibility/AccessibilityRenderObject.cpp:
            (WebCore::firstChildConsideringContinuation):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203690. rdar://problem/26668526

    2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls on apple.com don't disappear when movie finishes playing
            https://bugs.webkit.org/show_bug.cgi?id=160068
            <rdar://problem/26668526>

            Reviewed by Darin Adler.

            When a video ends, it should cause media controls to hide. While current logic
            mostly accounts for this, it does not account for programmatic seeks causing
            the video to lose its 'ended' status before querying for whether or not to
            show media controls.

            Three new API tests: large-video-seek-after-ending.html
            large-video-hides-controls-after-seek-to-end.html
            large-video-seek-to-beginning-and-play-after-ending.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
            (WebCore::HTMLMediaElement::setPlaying):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canControlControlsManager):
            * html/MediaElementSession.h:

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203683. rdar://problem/27525634

    2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>

            REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
            https://bugs.webkit.org/show_bug.cgi?id=160163

            Reviewed by Michael Catanzaro.

            Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
            the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
            needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
            receive a Node not an Element.

            * editing/markup.cpp:
            (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203669. rdar://problem/27285070

    2016-07-24  Nan Wang  <n_wang@apple.com>

            AX: Video Controls: Volume cannot be adjusted using VO.
            https://bugs.webkit.org/show_bug.cgi?id=160107

            Reviewed by Dean Jackson.

            The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
            Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
            is spoken in percentage.

            Test: accessibility/mac/video-volume-slider-accessibility.html

            * Modules/mediacontrols/mediaControlsApple.js:
            (Controller.prototype.createControls):
            (Controller.prototype.handleVolumeSliderInput):
            (Controller.prototype.updateVolume):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203667. rdar://problem/27506489

    2016-07-24  David Kilzer  <ddkilzer@apple.com>

            REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
            <https://webkit.org/b/160111>
            <rdar://problem/27506489>

            Reviewed by Chris Dumez.

            Test: mathml/mpadded-crash.html

            * mathml/MathMLElement.cpp:
            (WebCore::skipLeadingAndTrailingWhitespace): Change to take
            StringView parameter instead of String to avoid creating a
            temporary String that's released on return.

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203631. rdar://problem/24606557

    2016-07-22  Zalan Bujtas  <zalan@apple.com>

            Handle cases when IOSurface initialization fails.
            https://bugs.webkit.org/show_bug.cgi?id=160006
            <rdar://problem/27495102>

            Reviewed by Tim Horton and Simon Fraser.

            This is an additional fix to r203514 to check if IOSurface initialization was successful.

            Unable to test.

            * platform/graphics/cg/ImageBufferCG.cpp:
            (WebCore::ImageBuffer::ImageBuffer):
            * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
            * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.
            (WebCore::IOSurface::create):
            (WebCore::IOSurface::createFromImage):
            (WebCore::IOSurface::IOSurface):
            (WebCore::IOSurface::convertToFormat):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203629. rdar://problem/27438936

    2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls should be displayed for media in media documents
            https://bugs.webkit.org/show_bug.cgi?id=160104
            <rdar://problem/27438936>

            Reviewed by Myles C. Maxfield.

            Make videos that would otherwise not have been large enough or have the right
            aspect ratio cause media controls to appear. This is because media elements in
            a media document are implied to be main content.

            Added a new API test.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::canControlControlsManager):

2016-07-28  Babak Shafiei  <bshafiei@apple.com>

        Merge r203622. rdar://problem/27495748

    2016-07-22  Brady Eidson  <beidson@apple.com>

            Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
            https://bugs.webkit.org/show_bug.cgi?id=160089

            Reviewed by Darin Adler.

            Tested by API test IndexedDB.StoreBlobThenDelete.

            Blob filenames exist in the IDB directory with the name "[0-9]+.blob".

            That is, one or more digits, followed by ".blob".

            So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.

            * Modules/indexeddb/server/IDBServer.cpp:
            (WebCore::IDBServer::removeAllDatabasesForOriginPath):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203626. rdar://problem/27453479

    2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>

            All dancers with bunny ears are female
            https://bugs.webkit.org/show_bug.cgi?id=160102
            <rdar://problem/27453479>

            Reviewed by Simon Fraser.

            In r203330 I added support for new emoji group candidates. I accidentally
            missed one of the new emoji code points.

            Tests: editing/deleting/delete-emoji.html:
                   fast/text/emoji-gender-2-9.html:
                   fast/text/emoji-gender-9.html:
                   fast/text/emoji-gender-fe0f-9.html:

            * platform/text/CharacterProperties.h:
            (WebCore::isEmojiGroupCandidate):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203606. rdar://problem/27430450

    2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

            [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
            https://bugs.webkit.org/show_bug.cgi?id=159933

            Reviewed by Simon Fraser.

            We need to use the scaled size when deciding whether to cache the PDF image
            or not. This is because ImageBuffer takes the display resolution into account
            which gives higher resolution for the image when zooming.

            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203378. rdar://problem/25876032

    2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>

            [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
            https://bugs.webkit.org/show_bug.cgi?id=158715

            Reviewed by Dean Jackson.

            Test: fast/images/displaced-non-cached-pdf.html

            For iOS, we need to ensure the size of the cached PDF images will not
            exceed some limit. Also we should be caching only a sub image of the PDF
            if caching the whole image will exceed the memory limit.

            * page/Settings.cpp:
            (WebCore::Settings::Settings):
            (WebCore::Settings::setCachedPDFImageEnabled):
            * page/Settings.h:
            (WebCore::Settings::isCachedPDFImageEnabled):
                Add an option to disable caching the PDF images.

            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
                Allow the caller of draw() to disable caching the PDF images.

            (WebCore::PDFDocumentImage::cacheParametersMatch):
                Match the context dirty rectangle with the cached image rectangle.

            (WebCore::transformContextForPainting):
                When preparing the context for drawing the PDF, take the location
                of the destination rectangle into account. We do not need to scale
                the location of the source rectangle because we scale the size of
                the rectangle but we don't scale the whole coordinate system.

            (WebCore::cachedImageRect):
                Calculate the rectangle of the cached image such that it does not
                exceed the limit. Start from the center of the dirty rectangle and
                then expand around it.

            (WebCore::PDFDocumentImage::decodedSizeChanged):
                In addition to notifying the ImageObserver, it keeps track of the size
                of all the cached PDF images.

            (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
                Ensure the size of all the cached images does not exceed the limit

            (WebCore::PDFDocumentImage::destroyDecodedData):
            * platform/graphics/cg/PDFDocumentImage.h:

            * rendering/RenderImage.cpp:
            (WebCore::RenderImage::paintIntoRect):
                Pass the option to disable caching the PDF images to PDFDocumentImage.

            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup):
            (WebCore::InternalSettings::Backup::restoreTo):
            (WebCore::InternalSettings::setCachedPDFImageEnabled):
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:
                Add an internal option to disable caching the PDF images.

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203548. rdar://problem/27474031

    2016-07-21  Darin Adler  <darin@apple.com>

            Remove unneeded content attribute name "playsinline"
            https://bugs.webkit.org/show_bug.cgi?id=160069

            Reviewed by Chris Dumez.

            * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
            attribute since it is the same as the name that the code generator will generate.

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203511. rdar://problem/27474031

    2016-07-21  Chris Dumez  <cdumez@apple.com>

            playsInline IDL attribute has the wrong casing
            https://bugs.webkit.org/show_bug.cgi?id=160029
            <rdar://problem/27474031>

            Reviewed by Jon Lee.

            Fix case from video.playsinline to video.playsInline in order to match
            the specification:
            - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline

            It still reflects the "playsinline" content attribute though, as per
            the specification:
            - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline

            No new tests, updated existing test.

            * html/HTMLVideoElement.idl:

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203545. rdar://problem/26964090

    2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>

            Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
            https://bugs.webkit.org/show_bug.cgi?id=160066

            Reviewed by Dean Jackson.

            r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
            allowsInlineMediaPlaybackWithPlaysInlineAttribute and
            allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
            inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
            to the public. Therefore, it can be removed safely.

            No new tests because there is no behavior change.

            * page/Settings.cpp:
            * page/Settings.in:
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup): Deleted.
            (WebCore::InternalSettings::Backup::restoreTo): Deleted.
            (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203520. rdar://problem/26964090

    2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>

            [iPhone] Playing a video on tudou.com plays only sound, no video
            https://bugs.webkit.org/show_bug.cgi?id=159967
            <rdar://problem/26964090>

            Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.

            WebKit recently starting honoring the playsinline and webkit-playsinline
            attribute on iPhones. However, because these attributes previously did
            nothing, some sites (such as Todou) were setting them on their content
            and expecting that they are not honored. In this specific case, the
            video is absolutely positioned to be 1 pixel x 1 pixel.

            Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
            property on their WKWebView, which would honor the webkit-playsinline
            attribute. Safari on iPhones didn't do this.

            In order to not break these existing apps, it's important that the
            allowsInlineMediaPlayback preference still allows webkit-playsinline
            videos to play inline in apps using WKWebView. However, in Safari, these
            videos should play fullscreen. (Todou videos have webkit-playsinline
            but not playsinline.)

            Therefore, in Safari, videos with playsinline should be inline, but
            videos with webkit-playsinline should be fullscreen. In apps using
            WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
            playsinline should be inline, and videos with webkit-playsinline should
            also be inline. Videos on iPad and Mac should all be inline by default.

            We can create some truth tables for the cases which need to be covered:

            All apps on Mac / iPad:
            Presence of playsinline | Presence of webkit-playsinline | Result
            ========================|================================|===========
            Not present             | Not present                    | Inline
            Present                 | Not present                    | Inline
            Not Present             | Present                        | Inline
            Present                 | Present                        | Inline

            Safari on iPhone:
            Presence of playsinline | Presence of webkit-playsinline | Result
            ========================|================================|===========
            Not present             | Not present                    | Fullscreen
            Present                 | Not present                    | Inline
            Not Present             | Present                        | Fullscreen
            Present                 | Present                        | Inline

            App on iPhone which sets allowsInlineMediaPlayback:
            Presence of playsinline | Presence of webkit-playsinline | Result
            ========================|================================|===========
            Not present             | Not present                    | Fullscreen
            Present                 | Not present                    | Inline
            Not Present             | Present                        | Inline
            Present                 | Present                        | Inline

            The way to distinguish Safari from another app is to create an SPI
            boolean preference which Safari can set. This is already how the
            iPhone and iPad are differentiated using the requiresPlayInlineAttribute
            which Safari sets but other apps don't. However, this preference is
            no longer sufficient because Safari should now be discriminating
            between the playsinline and webkit-playsinline attributes. Therefore,
            this preference should be extended to two boolean preferences, which
            this patch adds:

            allowsInlineMediaPlaybackWithPlaysInlineAttribute
            allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute

            Safari on iPhone will set
            allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
            and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
            false. Other apps on iPhone will get their defaults values (because they
            are SPI) which means they will both be true. On iPad and Mac, apps will
            use the defaults values where both are false.

            This patch adds support for these two preferences, but does not remove
            the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
            I will remove the exising preference as soon as I update Safari to migrate
            off of it.

            Test: media/video-playsinline.html

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
            * page/Settings.cpp:
            * page/Settings.in:
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup):
            (WebCore::InternalSettings::Backup::restoreTo):
            (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
            (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
            * testing/InternalSettings.h:
            * testing/InternalSettings.idl:

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203473. rdar://problem/27180657

    2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>

            Pausing autoplayed media should not remove all restrictions for that media element
            https://bugs.webkit.org/show_bug.cgi?id=159988

            Reviewed by Jon Lee.

            Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
            autoplaying video to just affect the hiding or showing of the media controller. This
            prevents pages from using Javascript to start playing autoplaying videos that have
            been paused by the user.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::pause):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203464. rdar://problem/27180657

    2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>

            Media controls don't appear when pausing a small autoplaying video
            https://bugs.webkit.org/show_bug.cgi?id=159972
            <rdar://problem/27180657>

            Reviewed by Beth Dakin.

            When pausing an autoplaying video, remove behavior restrictions for the
            initial user gesture and show media controls.

            New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::pause):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203392. rdar://problem/27056844

    2016-07-18  Alex Christensen  <achristensen@webkit.org>

            webbookmarksd needs to use the same AppCache directory as MobileSafari
            https://bugs.webkit.org/show_bug.cgi?id=159912

            Reviewed by Alexey Proskuryakov.

            No new tests.  This only changes behavior for webbookmarksd.

            * platform/RuntimeApplicationChecks.h:
            * platform/RuntimeApplicationChecks.mm:
            (WebCore::IOSApplication::isWebBookmarksD): Added.

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203543. rdar://problem/27429465

    2016-07-21  Dean Jackson  <dino@apple.com>

            REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
            https://bugs.webkit.org/show_bug.cgi?id=159981
            <rdar://problem/27429465>

            Reviewed by Myles Maxfield.

            The change to propagate color spaces through ImageBuffers created an
            alternate version of createCompatibleBuffer. This version accidentally
            attempted to take the display resolution (i.e. hidpi) into account
            when creating the buffer, which meant it was being applied twice.

            The fix is simply to remove that logic. The caller of the method
            will take the resolution into account, the same way they did
            with the old createCompatibleBuffer method.

            Test: fast/hidpi/pdf-image-scaled.html

            * platform/graphics/cg/ImageBufferCG.cpp:
            (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
            a resolution - just use the value of 1.0.

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203538. rdar://problem/27462960

    2016-07-21  Nan Wang  <n_wang@apple.com>

            AX: aria-label not being used correctly in accessible name calculation of heading
            https://bugs.webkit.org/show_bug.cgi?id=160009

            Reviewed by Chris Fleizach.

            Actually we are exposing the correct information for heading objects. On macOS,
            VoiceOver should handle the logic that picks the right information to speak.
            On iOS, VoiceOver is speaking the static text child instead of the heading object.
            So we should set the accessibilityLabel of the static text based on the parent's
            alternate label.

            Test: accessibility/ios-simulator/heading-with-aria-label.html

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203518. rdar://problem/21400186

    2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>

            Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
            https://bugs.webkit.org/show_bug.cgi?id=160011

            Reviewed by Chris Dumez.

            Add a null pointer check for renderer() call.

            Unfortunately no new tests since we don't have a reproduction.

            * editing/DeleteSelectionCommand.cpp:
            (WebCore::DeleteSelectionCommand::doApply):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203514. rdar://problem/27208636

    2016-07-21  Zalan Bujtas  <zalan@apple.com>

            Do not keep invalid IOSurface in ImageBufferData.
            https://bugs.webkit.org/show_bug.cgi?id=160005
            <rdar://problem/27208636>

            Reviewed by Simon Fraser.

            When we fail to initialize the IOSurface for the accelerated context, we switch over to
            the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
            the graphics context is in accelerated mode, we need to reset it when the initialization fails.

            Unable to create a test case.

            * platform/graphics/cg/ImageBufferCG.cpp:
            (WebCore::ImageBuffer::ImageBuffer):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203482. rdar://problem/27442806

    2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>

            iOS: Cannot paste images in RTF content
            https://bugs.webkit.org/show_bug.cgi?id=159964
            <rdar://problem/27442806>

            Reviewed by Enrica Casucci.

            The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
            Worked around this bug by disabling image loading while parsing the document fragment.

            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::createFragmentAndAddResources):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203450. rdar://problem/21439264

    2016-07-20  Chris Dumez  <cdumez@apple.com>

            PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
            https://bugs.webkit.org/show_bug.cgi?id=159962
            <rdar://problem/21439264>

            Reviewed by David Kilzer.

            PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
            is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
            call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
            However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
            other. It is therefore possible for a PostResolutionCallbackDisabler object to get
            destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
            ResourceLoadSuspender object is alive.

            This leads to hard to investigate crashes where we end up re-entering WebKit and killing
            the style resolver.

            This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
            There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
            is better because it manages a resolutionNestingDepth counter internally to make sure
            it only calls LoaderStrategy::resumePendingRequests() once all
            PostResolutionCallbackDisabler instances are destroyed.

            No new tests, there is no easy way to reproduce the crashes.

            * dom/Document.cpp:
            (WebCore::Document::styleForElementIgnoringPendingStylesheets):
            * loader/LoaderStrategy.cpp:
            (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
            (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
            * loader/LoaderStrategy.h:

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203425. rdar://problem/27488703

    2016-07-19  Zalan Bujtas  <zalan@apple.com>

            REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
            https://bugs.webkit.org/show_bug.cgi?id=159952

            Reviewed by Simon Fraser.

            Update ASSERTs to reflect new functionality, that is, now we can end up in a state
            where the container (RenderView) of one of the dirty subtrees is dirty.
            See r203415.

            Covered by editing/pasteboard/drag-drop-input-in-svg.svg

            * page/FrameView.cpp:
            (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203424. rdar://problem/27391012

    2016-07-19  Dean Jackson  <dino@apple.com>

            REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
            https://bugs.webkit.org/show_bug.cgi?id=159948
            <rdar://problem/27391012>

            Reviewed by Simon Fraser.

            There is an iOS bug (<rdar://problem/27416744>) that is causing us
            to not always get a color space on CGContextRefs. Investigation of this
            exposed some optimizations we can take when we are creating ImageBuffers.
            In particular, if we have a bitmap context or an IOSurfaceContext we
            can simply copy their color space using API. Otherwise we stick with
            the existing CGContextCopyDeviceColorSpace.

            Lastly, if for some reason we are unable to copy the device color space,
            we should fall back to sRGB.

            * platform/graphics/cg/ImageBufferCG.cpp:
            (WebCore::ImageBuffer::createCompatibleBuffer):
            * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.


2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203415. rdar://problem/27409483

    2016-07-19  Zalan Bujtas  <zalan@apple.com>

            theguardian.co.uk crossword puzzles are sometimes not displaying text
            https://bugs.webkit.org/show_bug.cgi?id=159924
            <rdar://problem/27409483>

            Reviewed by Simon Fraser.

            This patch fixes the case when
            - 2 disjoint subtrees are dirty
            - RenderView is also dirty.
            and we end up not laying out one of the 2 subtrees.

            In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
            we already have a pending full layout which means that any previous subtree layouts have already been
            converted to full layouts.
            However this assumption is incorrect. RenderView can get dirty without checking if there's
            already a pending subtree layout.
            One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
            so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
            However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
            The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
            This patch implements the second option.

            Test: fast/misc/subtree-layouts.html

            * page/FrameView.cpp:
            (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203414. rdar://problem/26756701

    2016-07-19  Anders Carlsson  <andersca@apple.com>

            Some payment authorization status values should keep the sheet active
            https://bugs.webkit.org/show_bug.cgi?id=159936
            rdar://problem/26756701

            Reviewed by Tim Horton.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::ApplePaySession::completePayment):
            Keep the sheet active if the status isn't a final state status.

            * Modules/applepay/PaymentAuthorizationStatus.h:
            (WebCore::isFinalStateStatus):
            Add a new helper function that returns whether a given payment authorization status is "final",
            meaning that once that status has been passed to completePayment, the session is finished.

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203412. rdar://problem/26898984

    2016-07-19  Nan Wang  <n_wang@apple.com>

            AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
            https://bugs.webkit.org/show_bug.cgi?id=159910

            Reviewed by Chris Fleizach.

            We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
            option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
            fixed a word navigation issue based on that.

            Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::traverseToOffsetInRange):
            (WebCore::AXObjectCache::rangeForNodeContents):
            (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
            (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
            (WebCore::AXObjectCache::rightWordRange):
            (WebCore::AXObjectCache::previousBoundary):
            * accessibility/AXObjectCache.h:
            (WebCore::AXObjectCache::isNodeInUse):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203409. rdar://problem/27182267

    2016-07-19  Simon Fraser  <simon.fraser@apple.com>

            Bubbles appear split for a brief moment in Messages
            https://bugs.webkit.org/show_bug.cgi?id=159915
            rdar://problem/27182267

            Reviewed by David Hyatt.

            RenderView::repaintRootContents() had a long-standing bug in WebView when the
            view is scrolled. repaint() uses visualOverflowRect() but, for the
            RenderView, the visualOverflowRect() is the initial containing block
            which is anchored at 0,0. When the view is scrolled it's clipped out and
            calls to repaintRootContents() have no effect.

            Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
            will clip it to the view if necessary.

            Test: fast/repaint/scrolled-view-full-repaint.html

            * rendering/RenderView.cpp:
            (WebCore::RenderView::repaintRootContents):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203388. rdar://problem/25740804

    2016-07-18  Jeremy Jones  <jeremyj@apple.com>

            If previous media session interruptions were prevented, still allow subsequent interruptions to try.
            https://bugs.webkit.org/show_bug.cgi?id=157553
            rdar://problem/25740804

            Reviewed by Eric Carlson.

            Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html

            When suspending under lock on iOS, there is first a resign active event, then a
            suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
            suspend under lock to interrupt playback.

            Currently if there are nested interruptions only the first one is acted upon.

            This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
            previous interruptions were ignored.

            This test is for iPad only, so it must be run manually.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
            * platform/audio/PlatformMediaSession.cpp:
            (WebCore::PlatformMediaSession::beginInterruption):
            * testing/Internals.cpp:
            (WebCore::Internals::beginMediaSessionInterruption):

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203380. rdar://problem/27391725

    2016-07-18  Dean Jackson  <dino@apple.com>

            REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
            https://bugs.webkit.org/show_bug.cgi?id=159906
            <rdar://problem/27391725>

            Reviewed by Simon Fraser.

            The fix for webkit.org/b/157569 in r200769 broke AMP pages.
            The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.

            Revert them both until we have better testing.

            * css/CSSParser.cpp:
            (WebCore::CSSParser::addPropertyWithPrefixingVariant):
            (WebCore::CSSParser::parseValue):
            (WebCore::CSSParser::parseAnimationShorthand):
            (WebCore::CSSParser::parseTransitionShorthand): Deleted.
            * css/CSSPropertyNames.in:
            * css/PropertySetCSSStyleDeclaration.cpp:
            (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
            (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
            (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
            (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
            * css/StyleProperties.cpp:
            (WebCore::MutableStyleProperties::removeShorthandProperty):
            (WebCore::MutableStyleProperties::removeProperty):
            (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
            (WebCore::MutableStyleProperties::setProperty):
            (WebCore::getIndexInShorthandVectorForPrefixingVariant):
            (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
            (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
            (WebCore::StyleProperties::asText): Deleted.
            * css/StyleProperties.h:

2016-07-22  Babak Shafiei  <bshafiei@apple.com>

        Merge r203362. rdar://problem/27371624

    2016-07-18  Eric Carlson  <eric.carlson@apple.com>

            [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
            https://bugs.webkit.org/show_bug.cgi?id=159812
            <rdar://problem/27371624>

            Reviewed by Jon Lee.

            No new tests, it isn't possible to test this with our current testing infrastructure.

            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
            been an HDCP error.
            (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.

2016-07-19  Babak Shafiei  <bshafiei@apple.com>

        Merge r203404.

    2016-07-19  Dan Bernstein  <mitz@apple.com>

            <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'

            * bindings/js/JSDOMGlobalObject.cpp:
            (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.

2016-07-18  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for rdar://problem/27360961.

    2016-06-23  Dean Jackson  <dino@apple.com>

            Disable some features on safari-602-branch.
            <rdar://problem/27360961>

            * Configurations/FeatureDefines.xcconfig:

2016-07-18  Youenn Fablet  <youenn@apple.com>

        [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
        https://bugs.webkit.org/show_bug.cgi?id=159870

        Reviewed by Xabier Rodriguez-Calvar.

        Covered by rebased test.

        * Modules/streams/StreamInternals.js:
        (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.

2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>

        Windows buildfix after r203338
        https://bugs.webkit.org/show_bug.cgi?id=159875

        Unreviewed buildfix.

        * dom/UserGestureIndicator.h:
        (WebCore::UserGestureToken::addDestructionObserver):

2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        MemoryPressureHandler doesn't work if cgroups aren't present in Linux
        https://bugs.webkit.org/show_bug.cgi?id=155255

        Reviewed by Sergio Villar Senin.

        Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
        available.

        * platform/MemoryPressureHandler.h:
        * platform/linux/MemoryPressureHandlerLinux.cpp:

2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
        https://bugs.webkit.org/show_bug.cgi?id=159701

        Reviewed by Alex Christensen.

        No new tests, no behavior changes.

        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/encryptedmedia/MediaKeys.h:
        * Modules/quota/DOMWindowQuota.cpp:
        * Modules/quota/StorageErrorCallback.cpp:
        (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
        * Modules/quota/StorageErrorCallback.h:
        * Modules/quota/StorageInfo.h:
        * Modules/quota/StorageQuota.h:
        * Modules/speech/DOMWindowSpeechSynthesis.cpp:
        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::getVoices):
        (WebCore::SpeechSynthesis::startSpeakingImmediately):
        (WebCore::SpeechSynthesis::speak):
        (WebCore::SpeechSynthesis::cancel):
        (WebCore::SpeechSynthesis::handleSpeakingCompleted):
        (WebCore::SpeechSynthesis::boundaryEventOccurred):
        (WebCore::SpeechSynthesis::didStartSpeaking):
        (WebCore::SpeechSynthesis::didPauseSpeaking):
        (WebCore::SpeechSynthesis::didResumeSpeaking):
        (WebCore::SpeechSynthesis::didFinishSpeaking):
        (WebCore::SpeechSynthesis::speakingErrorOccurred):
        * Modules/speech/SpeechSynthesis.h:
        * Modules/speech/SpeechSynthesisEvent.h:
        * Modules/speech/SpeechSynthesisUtterance.h:
        * Modules/speech/SpeechSynthesisVoice.cpp:
        (WebCore::SpeechSynthesisVoice::create):
        (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
        * Modules/speech/SpeechSynthesisVoice.h:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
        (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
        (WebCore::PlatformSpeechSynthesizerMock::speak):
        (WebCore::PlatformSpeechSynthesizerMock::cancel):
        (WebCore::PlatformSpeechSynthesizerMock::pause):
        (WebCore::PlatformSpeechSynthesizerMock::resume):

2016-07-16  Sam Weinig  <sam@webkit.org>

        [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
        <rdar://problem/26554137>
        https://bugs.webkit.org/show_bug.cgi?id=159856

        Reviewed by Dan Bernstein.

        - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
        - Makes UserGestureIndicator track UserGestureToken.
        - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
          to represent the different initial states.
        - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
          postMessage, and ScheduledNavigation) rather than just a boolean.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::increment):
        (WebCore::AccessibilityNodeObject::decrement):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::press):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::executeScriptInWorld):
        (WebCore::ScriptController::executeScript):
        Update for new UserGestureIndicator interface.

        * dom/UserGestureIndicator.cpp:
        (WebCore::currentToken):
        (WebCore::UserGestureToken::~UserGestureToken):
        (WebCore::UserGestureIndicator::UserGestureIndicator):
        (WebCore::UserGestureIndicator::~UserGestureIndicator):
        (WebCore::UserGestureIndicator::currentUserGesture):
        (WebCore::UserGestureIndicator::processingUserGesture):
        (WebCore::UserGestureIndicator::processingUserGestureForMedia):
        (WebCore::isDefinite): Deleted.
        * dom/UserGestureIndicator.h:
        (WebCore::UserGestureToken::create):
        (WebCore::UserGestureToken::state):
        (WebCore::UserGestureToken::processingUserGesture):
        (WebCore::UserGestureToken::processingUserGestureForMedia):
        (WebCore::UserGestureToken::addDestructionObserver):
        (WebCore::UserGestureToken::UserGestureToken):
        Add UserGestureToken and track the current one explicitly.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorFrontendHost.cpp:
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        Update for new UserGestureIndicator interface.

        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction):
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::userGestureToken):
        (WebCore::NavigationAction::processingUserGesture):
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::~ScheduledNavigation):
        (WebCore::ScheduledNavigation::lockBackForwardList):
        (WebCore::ScheduledNavigation::wasDuringLoad):
        (WebCore::ScheduledNavigation::isLocationChange):
        (WebCore::ScheduledNavigation::userGestureToForward):
        (WebCore::ScheduledNavigation::clearUserGesture):
        (WebCore::NavigationScheduler::mustLockBackForwardList):
        (WebCore::NavigationScheduler::scheduleFormSubmission):
        (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
        * page/DOMTimer.cpp:
        (WebCore::shouldForwardUserGesture):
        (WebCore::userGestureTokenToForward):
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::fired):
        * page/DOMTimer.h:
        * page/DOMWindow.cpp:
        (WebCore::PostMessageTimer::PostMessageTimer):
        Store the active UserGestureToken rather than just a bit.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMousePressEvent):
        (WebCore::EventHandler::handleMouseDoubleClickEvent):
        (WebCore::EventHandler::handleMouseReleaseEvent):
        (WebCore::EventHandler::keyEvent):
        (WebCore::EventHandler::handleTouchEvent):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::toggleMediaFullscreenState):
        (WebCore::HitTestResult::enterFullscreenForVideo):
        (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
        Update for new UserGestureIndicator interface.

2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>

        Rename fastHasAttribute to hasAttributeWithoutSynchronization
        https://bugs.webkit.org/show_bug.cgi?id=159864

        Reviewed by Chris Dumez.

        Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.

        * accessibility/AccessibilityListBoxOption.cpp:
        (WebCore::AccessibilityListBoxOption::isEnabled):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::hasAttribute):
        (WebCore::AccessibilityObject::getAttribute):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * bindings/scripts/CodeGenerator.pm:
        (GetterExpression):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjReflectedBooleanAttr):
        (WebCore::jsTestObjReflectedCustomBooleanAttr):
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj reflectedBooleanAttr]):
        (-[DOMTestObj setReflectedBooleanAttr:]):
        (-[DOMTestObj reflectedCustomBooleanAttr]):
        (-[DOMTestObj setReflectedCustomBooleanAttr:]):
        * dom/Document.cpp:
        (WebCore::Document::hasManifest):
        (WebCore::Document::doctype):
        * dom/Element.h:
        (WebCore::Node::parentElement):
        (WebCore::Element::hasAttributeWithoutSynchronization):
        (WebCore::Element::fastHasAttribute): Deleted.
        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
        * editing/markup.cpp:
        (WebCore::createMarkupInternal):
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::shouldShowSuggestions):
        * html/FileInputType.cpp:
        (WebCore::FileInputType::handleDOMActivateEvent):
        (WebCore::FileInputType::receiveDroppedFiles):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::didMoveToNewDocument):
        (WebCore::FormAssociatedElement::insertedInto):
        (WebCore::FormAssociatedElement::removedFrom):
        (WebCore::FormAssociatedElement::formAttributeChanged):
        * html/FormController.cpp:
        (WebCore::ownerFormForState):
        * html/GenericCachedHTMLCollection.cpp:
        (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::draggable):
        (WebCore::HTMLAnchorElement::href):
        (WebCore::HTMLAnchorElement::sendPings):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::rendererIsNeeded):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::collectStyleForPresentationAttribute):
        (WebCore::elementAffectsDirectionality):
        (WebCore::setHasDirAutoFlagRecursively):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::rendererIsNeeded):
        * html/HTMLFieldSetElement.cpp:
        (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
        (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
        (WebCore::HTMLFieldSetElement::disabledStateChanged):
        (WebCore::HTMLFieldSetElement::childrenChanged):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::formNoValidate):
        (WebCore::HTMLFormControlElement::formAction):
        (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
        (WebCore::shouldAutofocus):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::formElementIndex):
        (WebCore::HTMLFormElement::noValidate):
        * html/HTMLFrameElement.cpp:
        (WebCore::HTMLFrameElement::noResize):
        (WebCore::HTMLFrameElement::didAttachRenderers):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute):
        (WebCore::HTMLFrameElementBase::location):
        * html/HTMLHRElement.cpp:
        (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::isServerMap):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::finishParsingChildren):
        (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
        (WebCore::HTMLInputElement::isActivatedSubmit):
        (WebCore::HTMLInputElement::reset):
        (WebCore::HTMLInputElement::multiple):
        (WebCore::HTMLInputElement::setSize):
        (WebCore::HTMLInputElement::shouldUseMediaCapture):
        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::minimumDelay):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::insertedInto):
        (WebCore::HTMLMediaElement::selectMediaResource):
        (WebCore::HTMLMediaElement::loadResource):
        (WebCore::HTMLMediaElement::autoplay):
        (WebCore::HTMLMediaElement::preload):
        (WebCore::HTMLMediaElement::loop):
        (WebCore::HTMLMediaElement::setLoop):
        (WebCore::HTMLMediaElement::controls):
        (WebCore::HTMLMediaElement::setControls):
        (WebCore::HTMLMediaElement::muted):
        (WebCore::HTMLMediaElement::setMuted):
        (WebCore::HTMLMediaElement::selectNextSourceChild):
        (WebCore::HTMLMediaElement::sourceWasAdded):
        (WebCore::HTMLMediaElement::mediaSessionTitle):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute):
        * html/HTMLOptGroupElement.cpp:
        (WebCore::HTMLOptGroupElement::isDisabledFormControl):
        (WebCore::HTMLOptGroupElement::isFocusable):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
        (WebCore::HTMLOptionElement::text):
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::isDeterminate):
        (WebCore::HTMLProgressElement::didElementStateChange):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::async):
        (WebCore::HTMLScriptElement::setCrossOrigin):
        (WebCore::HTMLScriptElement::asyncAttributeValue):
        (WebCore::HTMLScriptElement::deferAttributeValue):
        (WebCore::HTMLScriptElement::hasSourceAttribute):
        (WebCore::HTMLScriptElement::dispatchLoadEvent):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::reset):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::isDefault):
        (WebCore::HTMLTrackElement::ensureTrack):
        (WebCore::HTMLTrackElement::loadTimerFired):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
        (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
        (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
        * html/SearchInputType.cpp:
        (WebCore::SearchInputType::searchEventsShouldBeDispatched):
        (WebCore::SearchInputType::didSetValueByUserEdit):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForNode):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
        (WebCore::FrameLoader::findFrameForNavigation):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::notifyFinished):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::computePreferredLogicalWidths):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        * rendering/svg/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
        * svg/SVGAnimateMotionElement.cpp:
        (WebCore::SVGAnimateMotionElement::updateAnimationPath):
        * svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::startedActiveInterval):
        (WebCore::SVGAnimationElement::updateAnimation):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::insertedInto):

2016-07-17  Brady Eidson  <beidson@apple.com>

        Exceptions logged to the JS console should use toString().
        https://bugs.webkit.org/show_bug.cgi?id=159855

        Reviewed by Darin Adler.

        No new tests (No change in behavior).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):

        * dom/DOMCoreException.h:
        (WebCore::DOMCoreException::DOMCoreException):

        * dom/ExceptionBase.cpp:
        (WebCore::ExceptionBase::ExceptionBase):
        (WebCore::ExceptionBase::toString):
        (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
        * dom/ExceptionBase.h:
        (WebCore::ExceptionBase::description): Deleted.

        * svg/SVGException.h:

        * xml/XPathException.h:
        (WebCore::XPathException::XPathException):

2016-07-17  Brady Eidson  <beidson@apple.com>

        Update DOMCoreException to use the description in toString().
        https://bugs.webkit.org/show_bug.cgi?id=159857

        Reviewed by Darin Adler.

        No new tests (Covered by changes to existing tests).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::createDOMException):

        * dom/DOMCoreException.h:
        (WebCore::DOMCoreException::DOMCoreException):
        (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.

2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>

        Support new emoji group candidates
        https://bugs.webkit.org/show_bug.cgi?id=159755
        <rdar://problem/27325521>

        Reviewed by Dean Jackson.

        There are a few code points which should be able to be joined (with ZWJ) to
        either U+2640 or U+2642 to change the gender of the emoji. These patterns
        should also work with an additional 0xFE0F variation selector. This patch
        adds these new patterns to our existing emoji group candidate infrastructure.

        Tests: fast/text/emoji-gender-2-3.html
               fast/text/emoji-gender-2-4.html
               fast/text/emoji-gender-2-5.html
               fast/text/emoji-gender-2-6.html
               fast/text/emoji-gender-2-7.html
               fast/text/emoji-gender-2-8.html
               fast/text/emoji-gender-2-9.html
               fast/text/emoji-gender-2.html
               fast/text/emoji-gender-3.html
               fast/text/emoji-gender-4.html
               fast/text/emoji-gender-5.html
               fast/text/emoji-gender-6.html
               fast/text/emoji-gender-7.html
               fast/text/emoji-gender-8.html
               fast/text/emoji-gender-9.html
               fast/text/emoji-gender-fe0f-3.html
               fast/text/emoji-gender-fe0f-4.html
               fast/text/emoji-gender-fe0f-5.html
               fast/text/emoji-gender-fe0f-6.html
               fast/text/emoji-gender-fe0f-7.html
               fast/text/emoji-gender-fe0f-8.html
               fast/text/emoji-gender-fe0f-9.html
               fast/text/emoji-gender.html
               fast/text/emoji-num-glyphs.html
               fast/text/emoji-single-parent-family-2.html
               fast/text/emoji-single-parent-family.html

        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::characterRangeCodePath):
        * platform/text/CharacterProperties.h:
        (WebCore::isEmojiGroupCandidate):

2016-07-16  Brady Eidson  <beidson@apple.com>

        Update SVGException to use the description in toString().
        https://bugs.webkit.org/show_bug.cgi?id=159847

        Reviewed by Darin Adler.

        No new tests (Covered by changes to existing tests).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException): use consoleErrorMessage for now.

        * dom/ExceptionBase.cpp:
        (WebCore::ExceptionBase::consoleErrorMessage):
        * dom/ExceptionBase.h:

        * svg/SVGException.h:

2016-07-16  Chris Dumez  <cdumez@apple.com>

        Use fastHasAttribute() when possible
        https://bugs.webkit.org/show_bug.cgi?id=159838

        Reviewed by Ryosuke Niwa.

        Use fastHasAttribute() when possible, for performance.

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
        * editing/markup.cpp:
        (WebCore::createMarkupInternal):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::draggable):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):

2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>

        Rename fastGetAttribute to attributeWithoutSynchronization
        https://bugs.webkit.org/show_bug.cgi?id=159852

        Reviewed by Darin Adler.

        Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::findAriaModalNodes):
        (WebCore::nodeHasRole):
        (WebCore::AXObjectCache::handleLiveRegionCreated):
        (WebCore::AXObjectCache::handleMenuItemSelected):
        (WebCore::AXObjectCache::handleAriaModalChange):
        (WebCore::isNodeAriaVisible):
        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::siblingWithAriaRole):
        (WebCore::AccessibilityNodeObject::titleElementText):
        (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
        (WebCore::AccessibilityNodeObject::hierarchicalLevel):
        (WebCore::AccessibilityNodeObject::stringValue):
        (WebCore::accessibleNameForNode):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
        (WebCore::AccessibilityObject::getAttribute):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::stringValue):
        (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
        * accessibility/AccessibilitySVGElement.cpp:
        (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
        (WebCore::AccessibilitySVGElement::accessibilityDescription):
        * bindings/objc/DOM.mm:
        (-[DOMHTMLLinkElement _mediaQueryMatches]):
        * bindings/scripts/CodeGenerator.pm:
        (GetterExpression):
        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjReflectedStringAttr):
        * dom/AuthorStyleSheets.cpp:
        (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
        * dom/Document.cpp:
        (WebCore::Document::buildAccessKeyMap):
        (WebCore::Document::processBaseElement):
        * dom/DocumentOrderedMap.cpp:
        (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
        * dom/Element.cpp:
        (WebCore::Element::imageSourceURL):
        (WebCore::Element::rendererIsNeeded):
        (WebCore::Element::insertedInto):
        (WebCore::Element::removedFrom):
        (WebCore::Element::pseudo):
        (WebCore::Element::setPseudo):
        (WebCore::Element::spellcheckAttributeState):
        (WebCore::Element::canContainRangeEndPoint):
        (WebCore::Element::completeURLsInAttributeValue):
        * dom/Element.h:
        (WebCore::Element::fastHasAttribute):
        (WebCore::Element::attributeWithoutSynchronization):
        (WebCore::Element::fastGetAttribute): Deleted.
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::createSheet):
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestScript):
        (WebCore::ScriptElement::executeScript):
        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromSlotAttribute):
        (WebCore::SlotAssignment::SlotAssignment):
        (WebCore::recursivelyFireSlotChangeEvent):
        (WebCore::SlotAssignment::didChangeSlot):
        (WebCore::SlotAssignment::hostChildElementDidChange):
        (WebCore::SlotAssignment::assignedNodesForSlot):
        (WebCore::SlotAssignment::resolveAllSlotElements):
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::labelElementForId):
        * dom/VisitedLinkState.cpp:
        (WebCore::linkAttribute):
        * editing/ApplyStyleCommand.cpp:
        (WebCore::isLegacyAppleStyleSpan):
        (WebCore::hasNoAttributeOrOnlyStyleAttribute):
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::isInterchangeNewlineNode):
        (WebCore::isInterchangeConvertedSpaceSpan):
        (WebCore::positionAvoidingPrecedingNodes):
        (WebCore::isMailPasteAsQuotationNode):
        (WebCore::isHeaderElement):
        (WebCore::isInlineNodeWithStyle):
        * editing/TextIterator.cpp:
        (WebCore::isRendererReplacedElement):
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::isDataDetectorLink):
        (WebCore::DataDetection::requiresExtendedContext):
        (WebCore::DataDetection::dataDetectorIdentifier):
        (WebCore::DataDetection::shouldCancelDefaultAction):
        (WebCore::removeResultLinksFromAnchor):
        (WebCore::searchForLinkRemovingExistingDDLinks):
        * editing/gtk/EditorGtk.cpp:
        (WebCore::elementURL):
        * editing/htmlediting.cpp:
        (WebCore::isTabSpanNode):
        (WebCore::isTabSpanTextNode):
        (WebCore::isMailBlockquote):
        (WebCore::caretMinOffset):
        * editing/markup.cpp:
        (WebCore::createFragmentFromMarkup):
        * html/Autofill.cpp:
        (WebCore::AutofillData::createFromHTMLFormControlElement):
        * html/BaseTextInputType.cpp:
        (WebCore::BaseTextInputType::patternMismatch):
        * html/DateInputType.cpp:
        (WebCore::DateInputType::createStepRange):
        * html/DateTimeInputType.cpp:
        (WebCore::DateTimeInputType::createStepRange):
        * html/DateTimeLocalInputType.cpp:
        (WebCore::DateTimeLocalInputType::createStepRange):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::findAssociatedForm):
        (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
        (WebCore::FormAssociatedElement::formAttributeTargetChanged):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::draggable):
        (WebCore::HTMLAnchorElement::href):
        (WebCore::HTMLAnchorElement::setHref):
        (WebCore::HTMLAnchorElement::target):
        (WebCore::HTMLAnchorElement::origin):
        (WebCore::HTMLAnchorElement::sendPings):
        (WebCore::HTMLAnchorElement::handleClick):
        * html/HTMLAnchorElement.h:
        (WebCore::HTMLAnchorElement::visitedLinkHash):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::updateWidget):
        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::target):
        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::attachmentTitle):
        (WebCore::HTMLAttachmentElement::attachmentType):
        * html/HTMLBaseElement.cpp:
        (WebCore::HTMLBaseElement::target):
        (WebCore::HTMLBaseElement::href):
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::value):
        (WebCore::HTMLButtonElement::computeWillValidate):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::reset):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::bgColor):
        (WebCore::HTMLDocument::setBgColor):
        (WebCore::HTMLDocument::fgColor):
        (WebCore::HTMLDocument::setFgColor):
        (WebCore::HTMLDocument::alinkColor):
        (WebCore::HTMLDocument::setAlinkColor):
        (WebCore::HTMLDocument::linkColor):
        (WebCore::HTMLDocument::setLinkColor):
        (WebCore::HTMLDocument::vlinkColor):
        (WebCore::HTMLDocument::setVlinkColor):
        * html/HTMLElement.cpp:
        (WebCore::contentEditableType):
        (WebCore::HTMLElement::collectStyleForPresentationAttribute):
        (WebCore::HTMLElement::dir):
        (WebCore::HTMLElement::setDir):
        (WebCore::HTMLElement::draggable):
        (WebCore::HTMLElement::setDraggable):
        (WebCore::HTMLElement::title):
        (WebCore::HTMLElement::tabIndex):
        (WebCore::HTMLElement::translateAttributeMode):
        (WebCore::HTMLElement::hasDirectionAuto):
        (WebCore::HTMLElement::directionality):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::imageSourceURL):
        (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::formEnctype):
        (WebCore::HTMLFormControlElement::formMethod):
        (WebCore::HTMLFormControlElement::formAction):
        (WebCore::HTMLFormControlElement::autocorrect):
        (WebCore::HTMLFormControlElement::autocapitalizeType):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::autocorrect):
        (WebCore::HTMLFormElement::autocapitalizeType):
        (WebCore::HTMLFormElement::autocapitalize):
        (WebCore::HTMLFormElement::action):
        (WebCore::HTMLFormElement::setAction):
        (WebCore::HTMLFormElement::target):
        (WebCore::HTMLFormElement::wasUserSubmitted):
        (WebCore::HTMLFormElement::shouldAutocomplete):
        (WebCore::HTMLFormElement::finishParsingChildren):
        (WebCore::HTMLFormElement::autocomplete):
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::location):
        (WebCore::HTMLFrameElementBase::setLocation):
        * html/HTMLHtmlElement.cpp:
        (WebCore::HTMLHtmlElement::insertedByParser):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::imageSourceURL):
        (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        (WebCore::HTMLImageElement::selectImageSource):
        (WebCore::HTMLImageElement::altText):
        (WebCore::HTMLImageElement::createElementRenderer):
        (WebCore::HTMLImageElement::width):
        (WebCore::HTMLImageElement::height):
        (WebCore::HTMLImageElement::alt):
        (WebCore::HTMLImageElement::draggable):
        (WebCore::HTMLImageElement::setHeight):
        (WebCore::HTMLImageElement::src):
        (WebCore::HTMLImageElement::setSrc):
        (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
        (WebCore::HTMLImageElement::didMoveToNewDocument):
        (WebCore::HTMLImageElement::isServerMap):
        (WebCore::HTMLImageElement::crossOrigin):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateType):
        (WebCore::HTMLInputElement::initializeInputType):
        (WebCore::HTMLInputElement::altText):
        (WebCore::HTMLInputElement::value):
        (WebCore::HTMLInputElement::defaultValue):
        (WebCore::HTMLInputElement::setDefaultValue):
        (WebCore::HTMLInputElement::acceptMIMETypes):
        (WebCore::HTMLInputElement::acceptFileExtensions):
        (WebCore::HTMLInputElement::accept):
        (WebCore::HTMLInputElement::alt):
        (WebCore::HTMLInputElement::effectiveMaxLength):
        (WebCore::HTMLInputElement::src):
        (WebCore::HTMLInputElement::setAutoFilled):
        (WebCore::HTMLInputElement::dataList):
        (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
        * html/HTMLKeygenElement.cpp:
        (WebCore::HTMLKeygenElement::isKeytypeRSA):
        (WebCore::HTMLKeygenElement::appendFormData):
        * html/HTMLLIElement.cpp:
        (WebCore::HTMLLIElement::didAttachRenderers):
        (WebCore::HTMLLIElement::parseValue):
        * html/HTMLLabelElement.cpp:
        (WebCore::HTMLLabelElement::control):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::crossOrigin):
        (WebCore::HTMLLinkElement::process):
        (WebCore::HTMLLinkElement::href):
        (WebCore::HTMLLinkElement::rel):
        (WebCore::HTMLLinkElement::target):
        (WebCore::HTMLLinkElement::type):
        (WebCore::HTMLLinkElement::iconType):
        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::scrollAmount):
        (WebCore::HTMLMarqueeElement::setScrollAmount):
        (WebCore::HTMLMarqueeElement::scrollDelay):
        (WebCore::HTMLMarqueeElement::setScrollDelay):
        (WebCore::HTMLMarqueeElement::loop):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::insertedInto):
        (WebCore::HTMLMediaElement::crossOrigin):
        (WebCore::HTMLMediaElement::networkState):
        (WebCore::HTMLMediaElement::mediaSessionTitle):
        (WebCore::HTMLMediaElement::doesHaveAttribute):
        * html/HTMLMetaElement.cpp:
        (WebCore::HTMLMetaElement::process):
        (WebCore::HTMLMetaElement::content):
        (WebCore::HTMLMetaElement::httpEquiv):
        (WebCore::HTMLMetaElement::name):
        * html/HTMLMeterElement.cpp:
        (WebCore::HTMLMeterElement::min):
        (WebCore::HTMLMeterElement::setMin):
        (WebCore::HTMLMeterElement::max):
        (WebCore::HTMLMeterElement::setMax):
        (WebCore::HTMLMeterElement::value):
        (WebCore::HTMLMeterElement::low):
        (WebCore::HTMLMeterElement::high):
        (WebCore::HTMLMeterElement::optimum):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
        (WebCore::HTMLObjectElement::hasValidClassId):
        (WebCore::HTMLObjectElement::imageSourceURL):
        (WebCore::HTMLObjectElement::renderFallbackContent):
        (WebCore::HTMLObjectElement::containsJavaApplet):
        (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
        * html/HTMLOptGroupElement.cpp:
        (WebCore::HTMLOptGroupElement::groupLabelText):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::value):
        (WebCore::HTMLOptionElement::label):
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::value):
        (WebCore::HTMLParamElement::isURLParameter):
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::value):
        (WebCore::HTMLProgressElement::max):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::crossOrigin):
        (WebCore::HTMLScriptElement::src):
        (WebCore::HTMLScriptElement::sourceAttributeValue):
        (WebCore::HTMLScriptElement::charsetAttributeValue):
        (WebCore::HTMLScriptElement::typeAttributeValue):
        (WebCore::HTMLScriptElement::languageAttributeValue):
        (WebCore::HTMLScriptElement::forAttributeValue):
        (WebCore::HTMLScriptElement::eventAttributeValue):
        (WebCore::HTMLScriptElement::asyncAttributeValue):
        * html/HTMLSlotElement.cpp:
        (WebCore::HTMLSlotElement::insertedInto):
        (WebCore::HTMLSlotElement::removedFrom):
        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::media):
        (WebCore::HTMLSourceElement::setMedia):
        (WebCore::HTMLSourceElement::type):
        (WebCore::HTMLSourceElement::setType):
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::colSpanForBindings):
        (WebCore::HTMLTableCellElement::rowSpan):
        (WebCore::HTMLTableCellElement::rowSpanForBindings):
        (WebCore::HTMLTableCellElement::cellIndex):
        (WebCore::HTMLTableCellElement::abbr):
        (WebCore::HTMLTableCellElement::axis):
        (WebCore::HTMLTableCellElement::setColSpanForBindings):
        (WebCore::HTMLTableCellElement::headers):
        (WebCore::HTMLTableCellElement::setRowSpanForBindings):
        (WebCore::HTMLTableCellElement::scope):
        (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
        (WebCore::HTMLTableCellElement::cellAbove):
        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::width):
        * html/HTMLTableElement.cpp:
        (WebCore::HTMLTableElement::rules):
        (WebCore::HTMLTableElement::summary):
        (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
        * html/HTMLTableSectionElement.cpp:
        (WebCore::HTMLTableSectionElement::align):
        (WebCore::HTMLTableSectionElement::setAlign):
        (WebCore::HTMLTableSectionElement::ch):
        (WebCore::HTMLTableSectionElement::setCh):
        (WebCore::HTMLTableSectionElement::chOff):
        (WebCore::HTMLTableSectionElement::setChOff):
        (WebCore::HTMLTableSectionElement::vAlign):
        (WebCore::HTMLTableSectionElement::setVAlign):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::appendFormData):
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
        (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
        (WebCore::HTMLTextFormControlElement::directionForFormData):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::srclang):
        (WebCore::HTMLTrackElement::label):
        (WebCore::HTMLTrackElement::isDefault):
        (WebCore::HTMLTrackElement::ensureTrack):
        (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::parseAttribute):
        (WebCore::HTMLVideoElement::imageSourceURL):
        * html/ImageInputType.cpp:
        (WebCore::ImageInputType::height):
        (WebCore::ImageInputType::width):
        * html/InputType.cpp:
        (WebCore::InputType::applyStep):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
        * html/MonthInputType.cpp:
        (WebCore::MonthInputType::createStepRange):
        * html/NumberInputType.cpp:
        (WebCore::NumberInputType::createStepRange):
        (WebCore::NumberInputType::sizeShouldIncludeDecoration):
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::createStepRange):
        (WebCore::RangeInputType::handleKeydownEvent):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::appendFormData):
        (WebCore::TextFieldInputType::updateAutoFillButton):
        * html/TimeInputType.cpp:
        (WebCore::TimeInputType::createStepRange):
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::updateValidationMessage):
        * html/WeekInputType.cpp:
        (WebCore::WeekInputType::createStepRange):
        * html/track/WebVTTElement.cpp:
        (WebCore::WebVTTElement::createEquivalentHTMLElement):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::buildObjectForFrame):
        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::create):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::defaultSubstituteDataForURL):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::colSpan):
        (WebCore::MathMLElement::rowSpan):
        (WebCore::MathMLElement::childShouldCreateRenderer):
        (WebCore::MathMLElement::defaultEventHandler):
        (WebCore::MathMLElement::cachedMathMLLength):
        * mathml/MathMLFractionElement.cpp:
        (WebCore::MathMLFractionElement::lineThickness):
        (WebCore::MathMLFractionElement::cachedFractionAlignment):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
        (WebCore::MathMLSelectElement::getSelectedActionChild):
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
        (WebCore::MathMLSelectElement::defaultEventHandler):
        (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
        (WebCore::MathMLSelectElement::toggle):
        * page/EventHandler.cpp:
        (WebCore::findDropZone):
        * page/Frame.cpp:
        (WebCore::Frame::matchLabelsAgainstElement):
        * page/PageSerializer.cpp:
        (WebCore::PageSerializer::serializeFrame):
        * platform/win/PasteboardWin.cpp:
        (WebCore::Pasteboard::writeImageToDataObject):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::altDisplayString):
        * rendering/RenderDetailsMarker.cpp:
        (WebCore::RenderDetailsMarker::isOpen):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageMap):
        (WebCore::RenderImage::nodeAtPoint):
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::itemAccessibilityText):
        (RenderMenuList::itemToolTip):
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::autosaveName):
        * rendering/RenderThemeIOS.mm:
        (WebCore::getAttachmentProgress):
        (WebCore::AttachmentInfo::AttachmentInfo):
        * rendering/RenderThemeMac.mm:
        (WebCore::AttachmentLayout::layOutSubtitle):
        (WebCore::RenderThemeMac::paintAttachment):
        * rendering/mathml/MathMLStyle.cpp:
        (WebCore::MathMLStyle::resolveMathMLStyle):
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::updateFromElement):
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
        (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
        (WebCore::RenderMathMLOperator::setOperatorProperties):
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::hasAccent):
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):
        (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::title):
        (WebCore::SVGAElement::defaultEventHandler):
        * svg/SVGAltGlyphElement.cpp:
        (WebCore::SVGAltGlyphElement::glyphRef):
        (WebCore::SVGAltGlyphElement::setFormat):
        (WebCore::SVGAltGlyphElement::format):
        (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
        * svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::toValue):
        (WebCore::SVGAnimationElement::byValue):
        (WebCore::SVGAnimationElement::fromValue):
        (WebCore::SVGAnimationElement::isAdditive):
        (WebCore::SVGAnimationElement::isAccumulated):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::xmlbase):
        (WebCore::SVGElement::setXmlbase):
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::unitsPerEm):
        (WebCore::SVGFontFaceElement::xHeight):
        (WebCore::SVGFontFaceElement::capHeight):
        (WebCore::SVGFontFaceElement::horizontalOriginX):
        (WebCore::SVGFontFaceElement::horizontalOriginY):
        (WebCore::SVGFontFaceElement::horizontalAdvanceX):
        (WebCore::SVGFontFaceElement::verticalOriginX):
        (WebCore::SVGFontFaceElement::verticalOriginY):
        (WebCore::SVGFontFaceElement::verticalAdvanceY):
        (WebCore::SVGFontFaceElement::ascent):
        (WebCore::SVGFontFaceElement::descent):
        * svg/SVGFontFaceNameElement.cpp:
        (WebCore::SVGFontFaceNameElement::srcValue):
        * svg/SVGFontFaceUriElement.cpp:
        (WebCore::SVGFontFaceUriElement::srcValue):
        * svg/SVGGlyphRefElement.cpp:
        (WebCore::SVGGlyphRefElement::glyphRef):
        (WebCore::SVGGlyphRefElement::setGlyphRef):
        * svg/SVGHKernElement.cpp:
        (WebCore::SVGHKernElement::buildHorizontalKerningPair):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::contentScriptType):
        (WebCore::SVGSVGElement::contentStyleType):
        * svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::media):
        (WebCore::SVGStyleElement::title):
        (WebCore::SVGStyleElement::setTitle):
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendOS2Table):
        (WebCore::SVGToOTFFontConverter::appendCFFTable):
        (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
        (WebCore::SVGToOTFFontConverter::appendVORGTable):
        (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
        * svg/SVGVKernElement.cpp:
        (WebCore::SVGVKernElement::buildVerticalKerningPair):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::insertedInto):
        (WebCore::SVGSMILElement::parseAttribute):
        (WebCore::SVGSMILElement::svgAttributeChanged):
        (WebCore::SVGSMILElement::restart):
        (WebCore::SVGSMILElement::fill):
        (WebCore::SVGSMILElement::dur):
        (WebCore::SVGSMILElement::repeatDur):
        (WebCore::SVGSMILElement::repeatCount):
        (WebCore::SVGSMILElement::maxValue):
        (WebCore::SVGSMILElement::minValue):

2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
        https://bugs.webkit.org/show_bug.cgi?id=159809

        Reviewed by Brady Eidson.

        In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
        removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
        the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
        secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
        deleted in the main thread in case the protector contains the last reference.

2016-07-15  Chris Dumez  <cdumez@apple.com>

        Use emptyString() / nullAtom when possible
        https://bugs.webkit.org/show_bug.cgi?id=159850

        Reviewed by Ryosuke Niwa.

        Use emptyString() / nullAtom when possible, for performance.

        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::channelCountMode):
        (WebCore::AudioNode::channelInterpretation):
        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::tracker):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::WebSocket):
        (WebCore::WebSocket::didConnect):
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::subprotocol):
        (WebCore::WebSocketChannel::extensions):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsPressAction):
        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
        * css/CSSPropertySourceData.cpp:
        (WebCore::CSSPropertySourceData::CSSPropertySourceData):
        * css/PageRuleCollector.cpp:
        (WebCore::PageRuleCollector::pageName):
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
        * dom/DocumentMarkerController.cpp:
        (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
        * dom/Element.cpp:
        (WebCore::Element::setPrefix):
        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
        (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNodeAttribute):
        (WebCore::CompositeEditCommand::moveParagraphs):
        * editing/InsertTextCommand.cpp:
        (WebCore::InsertTextCommand::positionInsideTextNode):
        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::deleteSelection):
        (WebCore::TypingCommand::deleteKeyPressed):
        (WebCore::TypingCommand::forwardDeleteKeyPressed):
        (WebCore::TypingCommand::insertLineBreak):
        (WebCore::TypingCommand::insertParagraphSeparator):
        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::styleForSelectionStart):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::stringSelectionForPasteboard):
        (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::FileReaderLoader):
        * html/FileInputType.cpp:
        (WebCore::FileInputType::appendFormData):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
        * html/HTMLOutputElement.cpp:
        (WebCore::HTMLOutputElement::HTMLOutputElement):
        * html/SearchInputType.cpp:
        (WebCore::SearchInputType::handleKeydownEvent):
        * html/TextFieldInputType.cpp:
        (WebCore::autoFillButtonTypeToAccessibilityLabel):
        * html/canvas/WebGLDebugShaders.cpp:
        (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
        (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
        * html/canvas/WebGLShader.cpp:
        (WebCore::WebGLShader::WebGLShader):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlStatusDisplayElement::update):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::captionMenuOffItem):
        (WebCore::TextTrack::captionMenuAutomaticItem):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        * html/track/VTTRegion.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::toErrorString):
        (WebCore::InspectorDOMAgent::resolveNode):
        (WebCore::InspectorDOMAgent::documentURLString):
        (WebCore::documentBaseURLString):
        * inspector/InspectorDOMDebuggerAgent.cpp:
        (WebCore::domTypeName):
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::localizedStringsURL):
        * inspector/InspectorHistory.cpp:
        (WebCore::InspectorHistory::Action::mergeId):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::reload):
        (WebCore::InspectorPageAgent::frameId):
        (WebCore::InspectorPageAgent::loaderId):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheet::ruleSelector):
        * loader/EmptyClients.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::referrer):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::clearFailedLoadURL):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didReceiveResponse):
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::setName):
        (WebCore::FrameTree::clearName):
        * page/Location.cpp:
        (WebCore::Location::port):
        * platform/network/ProtectionSpaceBase.cpp:
        (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::handleElementAttributes):

2016-07-15  Simon Fraser  <simon.fraser@apple.com>

        Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
        https://bugs.webkit.org/show_bug.cgi?id=159824
        rdar://problem/27376305

        Reviewed by Brian Burg.

        InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
        reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
        used window.devicePixelRatio which was always 1.

        Fix by setting the deviceScaleFactor on the m_overlayPage.

        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::overlayPage):

2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
        https://bugs.webkit.org/show_bug.cgi?id=159842

        Reviewed by Jon Lee.

        <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
        This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
        <rdar://problem/27325521>.

        * platform/text/mac/TextBoundaries.mm:
        (WebCore::findNextWordFromIndex):

2016-07-15  Brady Eidson  <beidson@apple.com>

        Update XPathException to use the description in toString().
        https://bugs.webkit.org/show_bug.cgi?id=159848

        Reviewed by Alex Christensen.

        No new tests (Covered by changes to existing tests).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::createDOMException):
        * xml/XPathException.h:
        (WebCore::XPathException::XPathException):

2016-07-15  Brady Eidson  <beidson@apple.com>

        Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
        https://bugs.webkit.org/show_bug.cgi?id=159839

        Reviewed by Alex Christensen.

        No new tests (Covered by changes to existing tests).

        This is the first step towards extended exception messages for all exception types.

        * dom/ExceptionBase.cpp:
        (WebCore::ExceptionBase::ExceptionBase):
        (WebCore::ExceptionBase::toString):
        * dom/ExceptionBase.h:

2016-07-15  Geoffrey Garen  <ggaren@apple.com>

        Added a makeRef<T> helper
        https://bugs.webkit.org/show_bug.cgi?id=159835

        Reviewed by Andreas Kling.

        Anders told me to!

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::putOrAddOnServer):
        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::deleteDatabase):
        (WebCore::InProcessIDBServer::didDeleteDatabase):
        (WebCore::InProcessIDBServer::openDatabase):
        (WebCore::InProcessIDBServer::didOpenDatabase):
        (WebCore::InProcessIDBServer::didAbortTransaction):
        (WebCore::InProcessIDBServer::didCommitTransaction):
        (WebCore::InProcessIDBServer::didCreateObjectStore):
        (WebCore::InProcessIDBServer::didDeleteObjectStore):
        (WebCore::InProcessIDBServer::didClearObjectStore):
        (WebCore::InProcessIDBServer::didCreateIndex):
        (WebCore::InProcessIDBServer::didDeleteIndex):
        (WebCore::InProcessIDBServer::didPutOrAdd):
        (WebCore::InProcessIDBServer::didGetRecord):
        (WebCore::InProcessIDBServer::didGetCount):
        (WebCore::InProcessIDBServer::didDeleteRecord):
        (WebCore::InProcessIDBServer::didOpenCursor):
        (WebCore::InProcessIDBServer::didIterateCursor):
        (WebCore::InProcessIDBServer::abortTransaction):
        (WebCore::InProcessIDBServer::commitTransaction):
        (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
        (WebCore::InProcessIDBServer::createObjectStore):
        (WebCore::InProcessIDBServer::deleteObjectStore):
        (WebCore::InProcessIDBServer::clearObjectStore):
        (WebCore::InProcessIDBServer::createIndex):
        (WebCore::InProcessIDBServer::deleteIndex):
        (WebCore::InProcessIDBServer::putOrAdd):
        (WebCore::InProcessIDBServer::getRecord):
        (WebCore::InProcessIDBServer::getCount):
        (WebCore::InProcessIDBServer::deleteRecord):
        (WebCore::InProcessIDBServer::openCursor):
        (WebCore::InProcessIDBServer::iterateCursor):
        (WebCore::InProcessIDBServer::establishTransaction):
        (WebCore::InProcessIDBServer::fireVersionChangeEvent):
        (WebCore::InProcessIDBServer::didStartTransaction):
        (WebCore::InProcessIDBServer::didCloseFromServer):
        (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
        (WebCore::InProcessIDBServer::databaseConnectionClosed):
        (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
        (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
        (WebCore::InProcessIDBServer::openDBRequestCancelled):
        (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
        (WebCore::InProcessIDBServer::getAllDatabaseNames):
        (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::constraintsValidated):
        (WebCore::UserMediaRequest::userMediaAccessGranted):
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::scheduleNodeDeletion):
        (WebCore::AudioContext::isPlayingAudioDidChange):
        (WebCore::AudioContext::suspend):
        (WebCore::AudioContext::resume):
        (WebCore::AudioContext::close):
        (WebCore::AudioContext::suspendPlayback):
        (WebCore::AudioContext::mayResumePlayback):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::jsFunction):
        * dom/Node.cpp:
        (WebCore::Node::setTextContent):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::layoutSizeChanged):
        * inspector/CommandLineAPIHost.cpp:
        (WebCore::CommandLineAPIHost::wrapper):
        * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
        (WebCore::AudioSourceProviderAVFObjC::prepare):
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::invalidate):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::invalidate):
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setExternalPlayback):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::start):
        (WebCore::BlobResourceHandle::notifyFinish):
        * platform/network/SocketStreamHandleBase.cpp:
        (WebCore::SocketStreamHandleBase::disconnect):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::didReceiveHeader):

2016-07-15  Chris Dumez  <cdumez@apple.com>

        Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
        https://bugs.webkit.org/show_bug.cgi?id=159793

        Reviewed by Ryosuke Niwa.

        Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.

        * Modules/plugins/YouTubePluginReplacement.cpp:
        (WebCore::YouTubePluginReplacement::installReplacement):
        * dom/Element.h:
        (WebCore::Element::setIdAttribute):
        * editing/ApplyStyleCommand.cpp:
        (WebCore::hasNoAttributeOrOnlyStyleAttribute):
        (WebCore::createFontElement):
        (WebCore::ApplyStyleCommand::applyInlineStyleChange):
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
        * editing/Editor.cpp:
        (WebCore::Editor::setBaseWritingDirection):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::isMailPasteAsQuotationNode):
        (WebCore::isInlineNodeWithStyle):
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::detectContentInRange):
        * editing/htmlediting.cpp:
        (WebCore::createTabSpanElement):
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
        (WebCore::Editor::WebContentReader::readURL):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readURL):
        * editing/markup.cpp:
        (WebCore::createFragmentFromText):
        * html/BaseButtonInputType.cpp:
        (WebCore::BaseButtonInputType::setValue):
        * html/BaseCheckableInputType.cpp:
        (WebCore::BaseCheckableInputType::setValue):
        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::appendEntry):
        (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
        (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
        (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::href):
        (WebCore::HTMLAnchorElement::setHref):
        (WebCore::HTMLAnchorElement::target):
        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::target):
        * html/HTMLBaseElement.cpp:
        (WebCore::HTMLBaseElement::setHref):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::setType):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
        (WebCore::HTMLDetailsElement::toggleOpen):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::setBgColor):
        (WebCore::HTMLDocument::setFgColor):
        (WebCore::HTMLDocument::setAlinkColor):
        (WebCore::HTMLDocument::setLinkColor):
        (WebCore::HTMLDocument::setVlinkColor):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::setDir):
        (WebCore::HTMLElement::setContentEditable):
        (WebCore::HTMLElement::setDraggable):
        (WebCore::HTMLElement::setSpellcheck):
        (WebCore::HTMLElement::setTranslate):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::setFormEnctype):
        (WebCore::HTMLFormControlElement::setFormMethod):
        (WebCore::HTMLFormControlElement::setAutocorrect):
        (WebCore::HTMLFormControlElement::setAutocapitalize):
        (WebCore::HTMLFormControlElement::setAutocomplete):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::setAutocorrect):
        (WebCore::HTMLFormElement::setAutocapitalize):
        (WebCore::HTMLFormElement::setAction):
        (WebCore::HTMLFormElement::setEnctype):
        (WebCore::HTMLFormElement::setMethod):
        (WebCore::HTMLFormElement::target):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::width):
        (WebCore::HTMLImageElement::height):
        (WebCore::HTMLImageElement::setSrc):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setType):
        (WebCore::HTMLInputElement::updateType):
        (WebCore::HTMLInputElement::altText):
        (WebCore::HTMLInputElement::setDefaultValue):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::href):
        (WebCore::HTMLLinkElement::target):
        (WebCore::HTMLLinkElement::type):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setSrc):
        (WebCore::HTMLMediaElement::setPreload):
        * html/HTMLMeterElement.cpp:
        (WebCore::HTMLMeterElement::min):
        (WebCore::HTMLMeterElement::setMin):
        (WebCore::HTMLMeterElement::max):
        (WebCore::HTMLMeterElement::setMax):
        (WebCore::HTMLMeterElement::value):
        (WebCore::HTMLMeterElement::setValue):
        (WebCore::HTMLMeterElement::low):
        (WebCore::HTMLMeterElement::setLow):
        (WebCore::HTMLMeterElement::high):
        (WebCore::HTMLMeterElement::setHigh):
        (WebCore::HTMLMeterElement::optimum):
        (WebCore::HTMLMeterElement::setOptimum):
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::containsJavaApplet):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        (WebCore::HTMLOptionElement::setValue):
        (WebCore::HTMLOptionElement::setLabel):
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::setValue):
        (WebCore::HTMLProgressElement::setMax):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::typeAttributeValue):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setMultiple):
        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::setSrc):
        (WebCore::HTMLSourceElement::media):
        (WebCore::HTMLSourceElement::setMedia):
        (WebCore::HTMLSourceElement::type):
        (WebCore::HTMLSourceElement::setType):
        * html/HTMLTableSectionElement.cpp:
        (WebCore::HTMLTableSectionElement::setAlign):
        (WebCore::HTMLTableSectionElement::setCh):
        (WebCore::HTMLTableSectionElement::chOff):
        (WebCore::HTMLTableSectionElement::setChOff):
        (WebCore::HTMLTableSectionElement::setVAlign):
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::imageSourceURL):
        * html/HiddenInputType.cpp:
        (WebCore::HiddenInputType::restoreFormControlState):
        (WebCore::HiddenInputType::setValue):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        (WebCore::MediaDocument::replaceMediaElementTimerFired):
        * html/PluginDocument.cpp:
        (WebCore::PluginDocumentParser::createDocumentStructure):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::createAutoFillButton):
        (WebCore::TextFieldInputType::updateAutoFillButton):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlClosedCaptionsContainerElement::create):
        (WebCore::MediaControlTimelineElement::create):
        (WebCore::MediaControlPanelVolumeSliderElement::create):
        (WebCore::MediaControlFullscreenVolumeSliderElement::create):
        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::ImageControlsButtonElementMac::tryCreate):
        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::ImageControlsRootElement::tryCreate):
        * html/track/WebVTTElement.cpp:
        (WebCore::WebVTTElement::createEquivalentHTMLElement):
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::buildObjectForFrame):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::toggle):
        * page/PageSerializer.cpp:
        (WebCore::PageSerializer::serializeFrame):
        * rendering/RenderDetailsMarker.cpp:
        (WebCore::RenderDetailsMarker::isOpen):
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::updateFromElement):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::setXmlbase):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::setContentScriptType):
        (WebCore::SVGSVGElement::setContentStyleType):
        * svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::setMedia):
        (WebCore::SVGStyleElement::setTitle):

2016-07-15  Chris Dumez  <cdumez@apple.com>

        Modernize StaticNodeList / StaticElementList
        https://bugs.webkit.org/show_bug.cgi?id=159831

        Reviewed by Ryosuke Niwa.

        Modernize StaticNodeList / StaticElementList. Pass vector to adopt
        as an rvalue reference instead of a non-const reference.

        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::namedItems):
        * dom/ChildListMutationScope.cpp:
        (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
        * dom/MutationRecord.cpp:
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::queryAll):
        * dom/StaticNodeList.h:
        * dom/WebKitNamedFlow.cpp:
        (WebCore::WebKitNamedFlow::getRegionsByContent):
        (WebCore::WebKitNamedFlow::getRegions):
        (WebCore::WebKitNamedFlow::getContent):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
        * testing/Internals.cpp:
        (WebCore::Internals::nodesFromRect):

2016-07-15  Brent Fulgham  <bfulgham@apple.com>

        Block insecure script running in a data: frame when the top-level page is HTTPS
        https://bugs.webkit.org/show_bug.cgi?id=125806
        <rdar://problem/27331825>

        Reviewed by Brady Eidson.

        Fix based on a Blink change (patch by <tsepez@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>

        Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
        before allowing insecure scripts to be used.        

2016-07-15  Chris Dumez  <cdumez@apple.com>

        Let the compiler generate QualifiedName copy constructor and assignment operator
        https://bugs.webkit.org/show_bug.cgi?id=159826

        Reviewed by Alex Christensen.

        Let the compiler generate QualifiedName copy constructor and assignment operator
        as our custom implementation does nothing special. This also makes QualifiedName
        movable as the compiler is now able to generate the move constructor / assignment
        operator as well.

        * dom/QualifiedName.h:
        (WebCore::QualifiedName::QualifiedName): Deleted.
        (WebCore::QualifiedName::operator=): Deleted.

2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>

        ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
        https://bugs.webkit.org/show_bug.cgi?id=159825

        Patch introduces a (private) method to ScrollView
        to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.

        Reviewed by Simon Fraser.

        No new tests needed.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setHasScrollbarInternal):
        (WebCore::ScrollView::setHasHorizontalScrollbar):
        (WebCore::ScrollView::setHasVerticalScrollbar):
        * platform/ScrollView.h:

2016-07-15  Frederic Wang  <fwang@igalia.com>

        MathOperator: Improve alignment for vertical size variant
        https://bugs.webkit.org/show_bug.cgi?id=158866

        Reviewed by Brent Fulgham.

        The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
        In the latter case, the assembly is adjusted to match the stretch ascent and descent
        requested by the callers. But in the former case the glyph ascent and descent are used
        instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
        callers do the vertical alignment they want. This improves the rendering of fences with some
        math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.

        Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html

        * rendering/mathml/MathOperator.cpp:
        (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
        function with only the targetSize as a parameter.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
        (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
        the shift necessary to align the baseline of the MathOperator instance with the one of the
        RenderMathMLOperator.
        (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
        * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
        of the radical with the overbar so we do not need to adjust baseline alignment here.

2016-07-15  Brady Eidson  <beidson@apple.com>

        WebKit should prevent push/replace state with username in URL.
        <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818

        Reviewed by Brent Fulgham.

        Test: http/tests/security/history-username-password.html

        * page/History.cpp:
        (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.

2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r203266.

        This change caused editing/deleting/delete-emoji.html to time
        out on El Capitan, crash under GuardMalloc

        Reverted changeset:

        "Support new emoji group candidates"
        https://bugs.webkit.org/show_bug.cgi?id=159755
        http://trac.webkit.org/changeset/203266

2016-07-15  Frederic Wang  <fwang@igalia.com>

        Move parsing of mfrac attributes into a MathMLFractionElement class
        https://bugs.webkit.org/show_bug.cgi?id=159624

        Reviewed by Brent Fulgham.

        We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
        minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
        the members in updateLayoutParameters are actually only used in layoutBlock and could be
        removed in a follow-up patch. We also improve the resolution of negative line thickness value
        since the MathML recommendation says it should be rounded up to the nearest valid
        value (which is zero) instead of ignoring the attribute and using the line thickness.

        No new tests, already covered by existing tests.

        * CMakeLists.txt: Add MathMLFractionElement.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Ditto.
        * mathml/MathMLFractionElement.cpp: Added.
        (WebCore::MathMLFractionElement::MathMLFractionElement):
        (WebCore::MathMLFractionElement::create):
        (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
        parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
        or fallback to the general parseMathMLLength for MathML lengths.
        (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
        parsing it again if it is dirty.
        (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
        (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
        (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
        (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
        * mathml/MathMLFractionElement.h: Added.
        * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
        (WebCore::MathMLInlineContainerElement::createElementRenderer):
        * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
        layout parameters, replacing updateFromElement. We no longer parse and store the alignment
        values here. We also change the resolution of negative values.
        (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
        (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
        updateFromElement. The numerator and denominator alignments are resolved here.
        (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
        attribute is now handled in MathMLFractionElement.
        (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
        handled in MathMLFractionElement.
        (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
        * rendering/mathml/RenderMathMLFraction.h: Update declarations.

2016-07-15  Frederic Wang  <fwang@igalia.com>

        Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
        https://bugs.webkit.org/show_bug.cgi?id=159783

        Reviewed by Brent Fulgham.

        GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
        index is nonzero. This behavior is not expected by the MathML code and we have had crashes
        in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
        GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.

        No new tests, this only makes null pointer checks stronger.

        * rendering/mathml/MathOperator.cpp:
        (WebCore::boundsForGlyph):
        (WebCore::advanceWidthForGlyph):
        (WebCore::MathOperator::getBaseGlyph):
        (WebCore::MathOperator::setSizeVariant):
        (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
        (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
        (WebCore::MathOperator::paintVerticalGlyphAssembly):
        (WebCore::MathOperator::paintHorizontalGlyphAssembly):
        (WebCore::MathOperator::paint):
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
        (WebCore::RenderMathMLToken::firstLineBaseline):
        (WebCore::RenderMathMLToken::layoutBlock):
        (WebCore::RenderMathMLToken::paint):
        (WebCore::RenderMathMLToken::paintChildren):

2016-07-15  Frederic Wang  <fwang@igalia.com>

        Add DejaVu Math TeX Gyre to the list of math fonts.
        https://bugs.webkit.org/show_bug.cgi?id=159805

        Reviewed by Brent Fulgham.

        DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
        likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
        list of font-families in mathml.css in order to increase the chance to find a math font.

        No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.

        * css/mathml.css:
        (math):

2016-07-15  Eric Carlson  <eric.carlson@apple.com>

        [MSE] Increase the SourceBuffer "fudge factor"
        https://bugs.webkit.org/show_bug.cgi?id=159813
        <rdar://problem/27372033>

        Reviewed by Jon Lee.
        
        Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
        math, and the error accumulation results in small gaps in the media timeline. r202641
        increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
        out that at least one large provider has a significant amount of content encoded with
        up to two 24fps frames.

        No new tests, updated media/media-source/media-source-small-gap.html.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.

2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>

        Add final keyword to WebCore/svg classes
        https://bugs.webkit.org/show_bug.cgi?id=159802

        Reviewed by Youenn Fablet.

        Updated classes in the WebCore/svg directory to be marked as final where appropriate.

        * svg/SVGException.h:
        * svg/SVGLengthList.h:
        * svg/SVGMatrix.h:
        * svg/SVGNumberList.h:
        * svg/SVGPaint.h:
        * svg/SVGPathBuilder.h:
        * svg/SVGPathByteStreamBuilder.h:
        * svg/SVGPathByteStreamSource.h:
        * svg/SVGPathSegArcAbs.h:
        * svg/SVGPathSegArcRel.h:
        * svg/SVGPathSegClosePath.h:
        * svg/SVGPathSegCurvetoCubicAbs.h:
        * svg/SVGPathSegCurvetoCubicRel.h:
        * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
        * svg/SVGPathSegCurvetoCubicSmoothRel.h:
        * svg/SVGPathSegCurvetoQuadraticAbs.h:
        * svg/SVGPathSegCurvetoQuadraticRel.h:
        * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
        * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
        * svg/SVGPathSegLinetoAbs.h:
        * svg/SVGPathSegLinetoHorizontalAbs.h:
        * svg/SVGPathSegLinetoHorizontalRel.h:
        * svg/SVGPathSegLinetoRel.h:
        * svg/SVGPathSegLinetoVerticalAbs.h:
        * svg/SVGPathSegLinetoVerticalRel.h:
        * svg/SVGPathSegListBuilder.h:
        * svg/SVGPathSegListSource.h:
        * svg/SVGPathSegMovetoAbs.h:
        * svg/SVGPathSegMovetoRel.h:
        * svg/SVGPathStringSource.h:
        * svg/SVGPathTraversalStateBuilder.h:
        * svg/SVGPointList.h:
        * svg/SVGRenderingIntent.h:
        * svg/SVGStringList.h:
        * svg/SVGTRefElement.cpp:
        * svg/SVGToOTFFontConversion.cpp:
        * svg/SVGTransformList.h:
        * svg/SVGUnitTypes.h:
        * svg/SVGViewSpec.h:
        * svg/SVGZoomEvent.h:
        * svg/animation/SMILTimeContainer.h:
        * svg/animation/SVGSMILElement.cpp:
        * svg/graphics/filters/SVGFEImage.h:
        * svg/graphics/filters/SVGFilter.h:
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        * svg/properties/SVGAnimatedPropertyTearOff.h:
        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
        * svg/properties/SVGMatrixTearOff.h:
        * svg/properties/SVGPathSegListPropertyTearOff.h:
        * svg/properties/SVGStaticListPropertyTearOff.h:
        * svg/properties/SVGStaticPropertyTearOff.h:
        * svg/properties/SVGTransformListPropertyTearOff.h:

2016-07-15  Per Arne Vollan  <pvollan@apple.com>

        Uninitialized variable in DIBPixelData can cause a dangerous memory write
        https://bugs.webkit.org/show_bug.cgi?id=159414

        Reviewed by Brent Fulgham.

        Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
        fails to do so, because the bitmap handle is invalid.

        Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp

        * platform/graphics/win/DIBPixelData.cpp:
        (WebCore::DIBPixelData::initialize): Initialize local variable.
        (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
        * platform/graphics/win/DIBPixelData.h: Link fix.

2016-07-14  Yoav Weiss  <yoav@yoav.ws>

        Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
        https://bugs.webkit.org/show_bug.cgi?id=159666

        Reviewed by Michael Catanzaro.

        Tests:
            fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html

        * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
        * css/CSSParser.cpp:
        (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
        * css/CSSParser.h:

2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>

        [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
        https://bugs.webkit.org/show_bug.cgi?id=158252

        Reviewed by Myles C. Maxfield.

        When the 'dir' attribute changes either on body or on the document
        element level, the associated FrameView does not trigger an update on
        the frame level vertical scrollbar.

        Patch adds a 'hook' so that RenderBox::styleDidChange can call in
        order to get the document level scrollbar placed properly in the next
        layout.

        Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
              fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
              fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html

        * page/FrameView.cpp:
        (WebCore::FrameView::topContentDirectionDidChange):
        * page/FrameView.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):

2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>

        Support new emoji group candidates
        https://bugs.webkit.org/show_bug.cgi?id=159755
        <rdar://problem/27325521>

        Reviewed by Dean Jackson.

        There are a few code points which should be able to be joined (with ZWJ) to
        either U+2640 or U+2642 to change the gender of the emoji. These patterns
        should also work with an additional 0xFE0F variation selector. This patch
        adds these new patterns to our existing emoji group candidate infrastructure.

        Tests: fast/text/emoji-gender-2-3.html
               fast/text/emoji-gender-2-4.html
               fast/text/emoji-gender-2-5.html
               fast/text/emoji-gender-2-6.html
               fast/text/emoji-gender-2-7.html
               fast/text/emoji-gender-2-8.html
               fast/text/emoji-gender-2-9.html
               fast/text/emoji-gender-2.html
               fast/text/emoji-gender-3.html
               fast/text/emoji-gender-4.html
               fast/text/emoji-gender-5.html
               fast/text/emoji-gender-6.html
               fast/text/emoji-gender-7.html
               fast/text/emoji-gender-8.html
               fast/text/emoji-gender-9.html
               fast/text/emoji-gender-fe0f-3.html
               fast/text/emoji-gender-fe0f-4.html
               fast/text/emoji-gender-fe0f-5.html
               fast/text/emoji-gender-fe0f-6.html
               fast/text/emoji-gender-fe0f-7.html
               fast/text/emoji-gender-fe0f-8.html
               fast/text/emoji-gender-fe0f-9.html
               fast/text/emoji-gender.html
               fast/text/emoji-num-glyphs.html
               fast/text/emoji-single-parent-family-2.html
               fast/text/emoji-single-parent-family.html

        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::characterRangeCodePath):
        * platform/text/CharacterProperties.h:
        (WebCore::isEmojiGroupCandidate):

2016-07-14  Dean Jackson  <dino@apple.com>

        CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
        https://bugs.webkit.org/show_bug.cgi?id=159799
        <rdar://problem/27346959>

        Reviewed by Myles Maxfield.

        Speculative fix for this crash, which seems to happen when asking for the Node's
        renderer(). From the incoming crash logs, it is triggered by mutations on
        a <picture> or <img> element, which would require choosing a new source,
        and causing some media queries to evaluate.

        The only place in MediaQueryEvaluator that has anything to do with
        renderers is when gathering up some style information to pass to the
        actual evaluation function. I put a guard against a missing documentElement
        in there.

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
        null.

2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>

        Update HTML*Element class override methods in final classes
        https://bugs.webkit.org/show_bug.cgi?id=159456

        Reviewed by Youenn Fablet.

        Update HTML*Element classes so that overriden methods in final classes are marked final.
        Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.

        * html/HTMLAppletElement.h:
        * html/HTMLAreaElement.h:
        * html/HTMLAttachmentElement.h:
        * html/HTMLAudioElement.h:
        * html/HTMLBRElement.h:
        * html/HTMLBaseElement.h:
        * html/HTMLBodyElement.h:
        * html/HTMLButtonElement.h:
        * html/HTMLCanvasElement.h:
        * html/HTMLDataElement.h:
        * html/HTMLDetailsElement.h:
        * html/HTMLDivElement.h:
        * html/HTMLEmbedElement.h:
        * html/HTMLFieldSetElement.h:
        * html/HTMLFontElement.h:
        * html/HTMLFormElement.h:
        * html/HTMLFrameSetElement.h:
        * html/HTMLHRElement.h:
        * html/HTMLHtmlElement.h:
        * html/HTMLKeygenElement.h:
        * html/HTMLLIElement.h:
        * html/HTMLLabelElement.h:
        * html/HTMLLegendElement.h:
        * html/HTMLLinkElement.h:
        * html/HTMLMapElement.h:
        * html/HTMLMarqueeElement.h:
        * html/HTMLMetaElement.h:
        * html/HTMLMeterElement.h:
        * html/HTMLModElement.h:
        * html/HTMLOListElement.h:
        * html/HTMLObjectElement.h:
        * html/HTMLOptGroupElement.h:
        * html/HTMLOptionElement.h:
        * html/HTMLOutputElement.h:
        * html/HTMLParagraphElement.h:
        * html/HTMLParamElement.h:
        * html/HTMLPreElement.h:
        * html/HTMLProgressElement.h:
        * html/HTMLQuoteElement.h:
        * html/HTMLScriptElement.h:
        * html/HTMLSourceElement.h:
        * html/HTMLStyleElement.h:
        * html/HTMLSummaryElement.h:
        * html/HTMLTableCaptionElement.h:
        * html/HTMLTableColElement.h:
        * html/HTMLTableElement.h:
        * html/HTMLTableSectionElement.h:
        * html/HTMLTemplateElement.h:
        * html/HTMLTextAreaElement.h:
        * html/HTMLTitleElement.h:
        * html/HTMLUListElement.h:
        * html/HTMLUnknownElement.h:
        * html/HTMLVideoElement.h:
        * html/HTMLWBRElement.h:

2016-07-14  Chris Dumez  <cdumez@apple.com>

        Modernize GlyphMetricsMap
        https://bugs.webkit.org/show_bug.cgi?id=159788

        Reviewed by Darin Adler.

        Modernize GlyphMetricsMap a bit.

        * platform/graphics/GlyphMetricsMap.h:
        - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
          to having a std::unique_ptr data member.
        - Drop GlyphMetricsMap default constructor and let the compiler generate it
          instead. This required using inline initialization for m_filledPrimaryPage.

        (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
        - Make m_metrics data member private as it does not need to be public.
        - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
          as it does not need to be public.
        - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
          takes only 1 parameter.

        (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
        - Use HashMap::ensure() to make the code a bit nicer.

2016-07-14  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
        https://bugs.webkit.org/show_bug.cgi?id=159798
        rdar://problem/27362717

        Reviewed by Tim Horton.

        In out-of-visible tiled layers, we always allocated the top-left tile, wasting
        memory and causing ugliness when scrolling that layer into view. This happened
        because getTileIndexRangeForRect() had no way to express the fact that no tiles
        should be created.

        Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
        return value.

        Test: compositing/tiling/offscreen-tiled-layer.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
        * platform/graphics/ca/TileGrid.cpp:
        (WebCore::TileGrid::setNeedsDisplayInRect):
        (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
        (WebCore::TileGrid::getTileIndexRangeForRect):
        (WebCore::TileGrid::revalidateTiles):
        (WebCore::TileGrid::ensureTilesForRect):
        (WebCore::TileGrid::extent):
        * platform/graphics/ca/TileGrid.h:

2016-07-14  John Wilander  <wilander@apple.com>

        Remove credentials in URL when accessed through location.href
        https://bugs.webkit.org/show_bug.cgi?id=139562
        <rdar://problem/27331164>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/location-href-clears-username-password.html

        The reason for this change is to not allow scripts on the page to
        exfiltrate username and password from the URL.

        * page/Location.cpp:
        (WebCore::Location::href):
            Now checks if there is a username or password in the URL. If so,
            it copies the URL and removes the username and password.

2016-07-14  Javier Fernandez  <jfernandez@igalia.com>

        [css-grid] Handle min-content/max-content with orthogonal flows
        https://bugs.webkit.org/show_bug.cgi?id=159294

        Reviewed by Darin Adler.

        Currently there is no support for orthogonal flows in many aspects of the
        Grid Layout logic.

        The Grid sizing algorithm should be adapted to this scenario, hence this
        patch focus on the min-content and max-content functions, used to resolve
        content based track sizes.

        There are still issues related to alignment and sizes using percentages,
        but they will be addressed in different patches.

        Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
               fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
               fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
               fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
               fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeLogicalWidthInRegion):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridSizingData::advanceNextState):
        (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
        (WebCore::RenderGrid::computeTrackSizesForDirection):
        (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
        (WebCore::RenderGrid::layoutBlock):
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
        (WebCore::hasOverrideContainingBlockContentSizeForChild):
        (WebCore::overrideContainingBlockContentSizeForChild):
        (WebCore::setOverrideContainingBlockContentSizeForChild):
        (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
        (WebCore::RenderGrid::gridTrackSize):
        (WebCore::RenderGrid::isOrthogonalChild): Added.
        (WebCore::RenderGrid::logicalHeightForChild):
        (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
        (WebCore::RenderGrid::minSizeForChild):
        (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
        (WebCore::RenderGrid::minContentForChild):
        (WebCore::RenderGrid::maxContentForChild):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::layoutPositionedObject):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::columnAxisPositionForChild):
        (WebCore::RenderGrid::rowAxisPositionForChild):
        (WebCore::RenderGrid::findChildLogicalPosition):
        * rendering/RenderGrid.h:
        (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
        (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
        (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
        (WebCore::RenderGrid::logicalHeightForChild):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):



2016-07-14  Chris Dumez  <cdumez@apple.com>

        Use emptyString() instead of "" when possible
        https://bugs.webkit.org/show_bug.cgi?id=159789

        Reviewed by Alex Christensen.

        Use emptyString() instead of "" when possible to reduce String allocations.

        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::performOpenAndVerify):
        * css/CSSSelector.h:
        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::removeProperty):
        (WebCore::MutableStyleProperties::removeCustomProperty):
        * editing/TextCheckingHelper.cpp:
        (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
        (WebCore::TextCheckingHelper::findFirstBadGrammar):
        * editing/TypingCommand.h:
        (WebCore::TypingCommand::create):
        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::cleanup):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::fillMediaListChain):
        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::parse):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::load):
        * platform/gtk/DataObjectGtk.h:
        (WebCore::DataObjectGtk::clearURIList):
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
        * platform/network/curl/ResourceHandleManager.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::layerTreeAsText):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::updateContent):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::noneDashboardRegions):
        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::SVGTextMetrics):
        * xml/XPathParser.cpp:
        (WebCore::XPath::Parser::lexString):

2016-07-14  Brent Fulgham  <bfulgham@apple.com>

        editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
        https://bugs.webkit.org/show_bug.cgi?id=142969
        <rdar://problem/27331095>

        Reviewed by Alex Christensen.

        Fix based on a Blink change (patch by <rouslan@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>

        Test: editing/spelling/copy-paste-crash.html
              editing/spelling/spellcheck-async.html

        * editing/SpellChecker.cpp:
        (WebCore::SpellCheckRequest::didSucceed):
        (WebCore::SpellCheckRequest::didCancel):

2016-07-14  Zalan Bujtas  <zalan@apple.com>

        ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
        https://bugs.webkit.org/show_bug.cgi?id=159784

        Reviewed by Simon Fraser.

        No change in functionality.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::ImageBuffer):

2016-07-14  Alex Christensen  <achristensen@webkit.org>

        Use SocketProvider to create SocketStreamHandles
        https://bugs.webkit.org/show_bug.cgi?id=159774

        Reviewed by Brady Eidson.

        No new tests.  No change in behaviour.
        
        In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
        instead of a SocketStreamHandle, which is the class I want to make into an interface
        and proxy the web traffic over to the NetworkProcess.

        * CMakeLists.txt:
        * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
        (WebCore::ThreadableWebSocketChannel::create):
        I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
        * Modules/websockets/ThreadableWebSocketChannel.h:
        (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect):
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::WebSocketChannel):
        (WebCore::WebSocketChannel::connect):
        * Modules/websockets/WebSocketChannel.h:
        (WebCore::WebSocketChannel::create):
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
        (WebCore::WorkerThreadableWebSocketChannel::resume):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        (WebCore::WorkerThreadableWebSocketChannel::create):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::overlayPage):
        * loader/EmptyClients.cpp:
        (WebCore::EmptyEditorClient::registerRedoStep):
        (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
        * loader/EmptyClients.h:
        * page/SocketProvider.cpp: Added.
        (WebCore::SocketProvider::createSocketStreamHandle):
        * page/SocketProvider.h:
        (WebCore::SocketProvider::~SocketProvider): Deleted.
        * platform/network/cf/SocketStreamHandle.h:
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::dataChanged):

2016-07-14  Brady Eidson  <beidson@apple.com>

        "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
        https://bugs.webkit.org/show_bug.cgi?id=158741

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests in some configurations)

        - Check if a database hard delete is complete in more places.
        - Asynchronously clear out the hard close protector instead of synchronously.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
        (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.

        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):

        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):

2016-07-13  Brent Fulgham  <bfulgham@apple.com>

        CSSStyleSheet members should clear their owner node when destroyed
        https://bugs.webkit.org/show_bug.cgi?id=117470

        Reviewed by Chris Dumez.

        Make sure that CSSStyleSheet members are detached from their owner node when
        the owning object is destroyed.

        I audited other CSSStyleSheet uses, and found one other place where the owner node was not
        being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
        handle the node ownership properly.

        Fix based on a Blink change (patch by <haraken@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>

        Also includes a follow-up fix (patch by <haraken@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>

        No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.

        * contentextensions/ContentExtensionStyleSheet.cpp:
        (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
        * contentextensions/ContentExtensionStyleSheet.h:
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
        (WebCore::authorStyleSheetsForElement):

2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !ENABLE(WEB_SOCKETS) build after r202930
        https://bugs.webkit.org/show_bug.cgi?id=159768

        Reviewed by Alex Christensen.

        * loader/EmptyClients.cpp:
        * loader/EmptyClients.h:
        * page/SocketProvider.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::WorkerThread):

2016-07-14  Youenn Fablet  <youenn@apple.com>

        DOMIterators should be assigned a correct prototype
        https://bugs.webkit.org/show_bug.cgi?id=159115

        Reviewed by Chris Dumez.

        Default iterator object internal prototype property is the Iterator prototype as defined in
        http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
        Linking DOMIterator prototype to IteratorPrototype.
        This allows adding @@iterator property to the result of entries, keys and values methods.
        This in turns allow doing for-of loops on them.

        Covered by updated test.

        * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
        * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.

2016-07-14  Youenn Fablet  <youenn@apple.com>

        Remove support for value iterators from JSDOMIterator
        https://bugs.webkit.org/show_bug.cgi?id=159293

        Reviewed by Chris Dumez.

        Value iterators are now handled without using DOMIterator.
        Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
        entries and forEach implementation should be made compliant with set-like.
        This means that item value should be passed instead of an index in entries iterator and forEach callback.

        Covered by updated test.

        * bindings/js/JSDOMIterator.h:
        (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
        (WebCore::appendForEachArguments): Pass set item as second parameter.
        (WebCore::iteratorForEach): Remove index handling.

2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !ENABLE(MATHML) build after r201739
        https://bugs.webkit.org/show_bug.cgi?id=159767

        Reviewed by Alex Christensen.

        * dom/Document.cpp:
        (WebCore::Document::validateCustomElementName):

2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !ENABLE(CSS_IMAGE_SET) build
        https://bugs.webkit.org/show_bug.cgi?id=159766

        Reviewed by Alex Christensen.

        * css/CSSParser.cpp:

2016-07-14  Frederic Wang  <fred.wang@free.fr>

        Cleanup of MathML headers
        https://bugs.webkit.org/show_bug.cgi?id=159336

        Reviewed by Alex Christensen.

        We do some cleanup in MathML headers:
        - Use #pragma once
        - Use final for class that are not extended.
        - Use final instead of override for virtual members that are not overridden by derived classes.
        - Try and reduce the visibility of function members to private or protected as appropriate.
        - Remove useless #include
        - Remove useless class or friendship declaration
        - Remove unused functions

        No new tests, behavior is unchanged.

        * mathml/MathMLElement.h:
        * mathml/MathMLInlineContainerElement.h:
        * mathml/MathMLMathElement.h:
        * mathml/MathMLMencloseElement.h:
        * mathml/MathMLOperatorDictionary.h:
        * mathml/MathMLPaddedElement.h:
        * mathml/MathMLSelectElement.h:
        * mathml/MathMLSpaceElement.h:
        * mathml/MathMLTextElement.h:
        * rendering/mathml/MathOperator.h:
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLFenced.h:
        * rendering/mathml/RenderMathMLFraction.h:
        * rendering/mathml/RenderMathMLMath.h:
        * rendering/mathml/RenderMathMLMenclose.h:
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
        * rendering/mathml/RenderMathMLRow.h:
        * rendering/mathml/RenderMathMLScripts.h:
        * rendering/mathml/RenderMathMLSpace.h:
        * rendering/mathml/RenderMathMLToken.h:
        * rendering/mathml/RenderMathMLUnderOver.h:

2016-07-14  Alex Christensen  <achristensen@webkit.org>

        Pass SessionID to WebSocketHandle constructor
        https://bugs.webkit.org/show_bug.cgi?id=159772

        Reviewed by Brady Eidson.

        No new tests.  No change in behavior.

        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::connect):
        * platform/network/cf/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        * platform/network/cf/SocketStreamHandleCFNet.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        * platform/network/curl/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        * platform/network/soup/SocketStreamHandle.h:

2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
        https://bugs.webkit.org/show_bug.cgi?id=159346

        Reviewed by Antonio Gomes.

        This is a follow up of r203216 to fix wrong use of Optional values.

        * platform/linux/MemoryPressureHandlerLinux.cpp:

2016-07-14  Youenn Fablet  <youenn@apple.com>

        DOM value iterable interfaces should use Array prototype methods
        https://bugs.webkit.org/show_bug.cgi?id=159296

        Reviewed by Chris Dumez and Mark Lam.

        Test: fast/dom/NodeList/nodelist-iterable.html
        Also covered by updated layout test and binding tests.

        For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
        [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
        [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
        [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
        [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
        [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.

        This change applies only to NodeList at the moment.
        Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.

        * CMakeLists.txt:
        * ForwardingHeaders/builtins/BuiltinNames.h: Added.
        * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
        * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMIterator.cpp: Added.
        (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
        * bindings/js/JSDOMIterator.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
        (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
        (GenerateImplementationIterableFunctions):
        * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
        * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
        * bindings/scripts/test/JS/JSTestIterable.h: Added.
        * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
        * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
        * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
        * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
        * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
        Array prototype methods should not be copied.
        * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
        Array prototype methods should be copied.

2016-07-14  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Request and Response url getter should use URL serialization
        https://bugs.webkit.org/show_bug.cgi?id=159705

        Reviewed by Alex Christensen.

        Tests: fetch/fetch-url-serialization.html
               imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
               imported/w3c/web-platform-tests/fetch/api/basic/response-url.html

        Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
        Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
        information in the URL itself.

        Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
        Tests do not check for URLs with username and password as Request constructor throws with such URLs.

        * Modules/fetch/FetchRequest.cpp:
        (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
        * Modules/fetch/FetchResponse.h:
        * platform/URL.cpp:
        (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
        (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
        * platform/URL.h:
        (WebCore::URL::hasUser): Helper getter.
        (WebCore::URL::hasPassword): Ditto.
        (WebCore::URL::hasQuery): Ditto.
        (WebCore::URL::hasFragment): Ditto.

2016-07-14  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Const-ify track sizing algorithm
        https://bugs.webkit.org/show_bug.cgi?id=159716

        Reviewed by Carlos Garcia Campos.

        All the methods used to run the track sizing algorithm should not
        modify the state of LayoutGrid. We can safely const-ify all of them
        and remove the ugly const_cast in computeIntrinsicLogicalWidths().

        No new tests needed as there is no change in behavior.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::logicalHeightForChild):
        (WebCore::RenderGrid::minSizeForChild):
        (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
        (WebCore::RenderGrid::minContentForChild):
        (WebCore::RenderGrid::maxContentForChild):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
        (WebCore::RenderGrid::distributeSpaceToTracks):
        * rendering/RenderGrid.h:

2016-07-14  Jer Noble  <jer.noble@apple.com>

        REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
        https://bugs.webkit.org/show_bug.cgi?id=159533

        Reviewed by Eric Carlson.

        Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
        results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
        changes.

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::mainContentCheckTimerFired):
        (WebCore::MediaElementSession::updateIsMainContent):

2016-07-13  Alex Christensen  <achristensen@webkit.org>

        Modernize WebSocket handle
        https://bugs.webkit.org/show_bug.cgi?id=159750

        Reviewed by Brady Eidson.

        No new tests.  No change in behavior.
        This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
        and makes our use of SocketStreamHandleClient a reference instead of a pointer.

        * Modules/websockets/ThreadableWebSocketChannel.h:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::send):
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::connect):
        * platform/network/SocketStreamHandleBase.cpp:
        (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
        (WebCore::SocketStreamHandleBase::send):
        (WebCore::SocketStreamHandleBase::disconnect):
        (WebCore::SocketStreamHandleBase::sendPendingData):
        (WebCore::SocketStreamHandleBase::setClient): Deleted.
        * platform/network/SocketStreamHandleBase.h:
        (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
        (WebCore::SocketStreamHandleBase::bufferedAmount):
        (WebCore::SocketStreamHandleBase::client):
        * platform/network/cf/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        * platform/network/cf/SocketStreamHandleCFNet.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::addCONNECTCredentials):
        (WebCore::SocketStreamHandle::copyCFStreamDescription):
        (WebCore::SocketStreamHandle::readStreamCallback):
        (WebCore::SocketStreamHandle::writeStreamCallback):
        (WebCore::SocketStreamHandle::reportErrorToClient):
        (WebCore::SocketStreamHandle::~SocketStreamHandle):
        (WebCore::SocketStreamHandle::platformClose):
        (WebCore::SocketStreamHandle::port):
        * platform/network/curl/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        * platform/network/curl/SocketStreamHandleCurl.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::platformClose):
        (WebCore::SocketStreamHandle::readData):
        (WebCore::SocketStreamHandle::didReceiveData):
        (WebCore::SocketStreamHandle::didOpenSocket):
        (WebCore::SocketStreamHandle::createCopy):
        * platform/network/soup/SocketStreamHandle.h:
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::~SocketStreamHandle):
        (WebCore::SocketStreamHandle::connected):
        (WebCore::SocketStreamHandle::connectedCallback):
        (WebCore::SocketStreamHandle::readBytes):
        (WebCore::SocketStreamHandle::didFail):
        (WebCore::SocketStreamHandle::writeReady):
        (WebCore::SocketStreamHandle::platformClose):
        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):

2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
        https://bugs.webkit.org/show_bug.cgi?id=159346

        Reviewed by Antonio Gomes.

        The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
        a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
        so we could use that when GLib is available and keep the current implementation as a fallback.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::m_holdOffTimer): Use a RunLoop timer.
        * platform/MemoryPressureHandler.h:
        * platform/linux/MemoryPressureHandlerLinux.cpp:
        (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
        (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
        (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
        to do the polling.
        (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.

2016-07-13  Benjamin Poulain  <benjamin@webkit.org>

        [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
        https://bugs.webkit.org/show_bug.cgi?id=159746
        rdar://problem/26156169

        Reviewed by Andreas Kling.

        The generator generateElementIsNthChild() requires 6 registers in style resolution
        to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.

        We were only reserving 5, which is a problem is the sixth is taken by the backtracking
        register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
        that you cannot possibly run out of them in CSS JIT.

        I generalized the x86_64 path to all architectures.
        I did not limit this case to style resolution because the extra register is irrelevant
        in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
        with :nth-child in a backtracking chain.

        This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.

2016-07-13  Chris Dumez  <cdumez@apple.com>

        Drop unnecessary check from ContainerNode::removeChild()
        https://bugs.webkit.org/show_bug.cgi?id=159747

        Reviewed by Andreas Kling.

        Drop unnecessary check from ContainerNode::removeChild() to make sure that
        the parent of the node being removed is |this|. We already do this check
        a few lines above. The only thing that happens in between is the ref'ing
        of the node, which does not cause any JS execution.

        This check was introduced in r55783 because there used to be a call to
        document()->removeFocusedNodeOfSubtree(child.get());
        between the two checks. However, this call has been removed since then
        and the extra parentNode() check was left in.

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::removeChild): Deleted.

2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
        https://bugs.webkit.org/show_bug.cgi?id=159686

        Reviewed by Chris Dumez.

        The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
        of a file input, and FileInputType not receiving the event to open the file picker.

        Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
        was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617

        Test: fast/forms/file/open-file-panel.html

        * dom/Event.cpp:
        (WebCore::Event::composed):

2016-07-13  Antti Koivisto  <antti@apple.com>

        v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
        https://bugs.webkit.org/show_bug.cgi?id=159722

        Reviewed by Andreas Kling.

        We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):

        0   WebCore::StyleResolver::~StyleResolver
        3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
        4   WebCore::Document::styleResolverChanged
        5   WebKit::WebPage::viewportConfigurationChanged()
        6   WebKit::WebPage::mainFrameDidLayout()
        9   WebCore::FrameLoader::checkCompleted
        13  WebCore::ResourceLoader::cancel
        19  WebKit::WebLoaderStrategy::loadResource
        24  WebCore::Style::loadPendingImage
        27  WebCore::StyleResolver::pseudoStyleForElement
        29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
        33  WebCore::Document::recalcStyle

        This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
        and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.

        No test, don't know how to make one. This is very timing and engine state dependent.

        * dom/AuthorStyleSheets.cpp:
        (WebCore::AuthorStyleSheets::updateActiveStyleSheets):

        We have an existing check here that prevents destruction of the style resolver when we are in the middle of
        a style resolution. However the old inStyleRecalc() bit no longer covers the render tree update phase. Pseudo
        elements are resolved during render tree update.

        Fix by adding a check for inRenderTreeUpdate() bit too.

        This just fixes a regression. A proper fix would be to gather all resources during style resolution
        and trigger the loads afterwards.

2016-07-13  Frederic Wang  <fred.wang@free.fr>

        Remove padding and margin around the <math> element
        https://bugs.webkit.org/show_bug.cgi?id=157989

        Reviewed by Brent Fulgham.

        No new tests, already covered by existing tests.

        * css/mathml.css:
        (math): Remove padding.
        (math[display="block"]): Remove margin.

2016-07-13  Enrica Casucci  <enrica@apple.com>

        Update supported platforms in xcconfig files to match the sdk names.
        https://bugs.webkit.org/show_bug.cgi?id=159728

        Reviewed by Tim Horton.

        * Configurations/Base.xcconfig:

2016-07-13  Anders Carlsson  <andersca@apple.com>

        "requiredShippingAddressFields" has been deprecated error thrown when using "requiredBillingAddressFields"
        https://bugs.webkit.org/show_bug.cgi?id=159729
        rdar://problem/27314974

        Reviewed by Tim Horton.

        Fix a paste-o.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::createPaymentRequest):

2016-07-13  Brent Fulgham  <bfulgham@apple.com>

        [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
        https://bugs.webkit.org/show_bug.cgi?id=159680
        <rdar://problem/22102028>

        Reviewed by Zalan Bujtas.

        WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
        on the WebThread.

        Test: http/tests/ssl/mixedContent/insecure-websocket.html

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
        the WebThread.

2016-07-13  Frederic Wang  <fwang@igalia.com>

        The display property of many MathML elements can not be overriden by page authors
        https://bugs.webkit.org/show_bug.cgi?id=139403

        The mathml.css user agent stylesheet currently forces most MathML elements to render with
        'display: block'. We remove the !important keyword so that users can override the display
        property, for example to hide elements with 'display: none'. This is consistent with the
        behavior for SVG or HTML elements.

        Reviewed by Brent Fulgham.

        Test: imported/mathml-in-html5/mathml/relations/css-styling/display-1.html

        * css/mathml.css:
        (math):
        (math[display="block"]):
        (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts, mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle, menclose, semantics, mpadded, maction):
        (mtd > *):

2016-07-13  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Response should not become disturbed on the ReadableStream creation
        https://bugs.webkit.org/show_bug.cgi?id=159714

        Reviewed by Alex Christensen.

        Covered by rebased test and existing tests.

        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::stop): Making the response disturbed if cancelled.
        * Modules/fetch/FetchResponseSource.cpp:
        (WebCore::FetchResponseSource::firstReadCallback): Start enqueueing as soon as first read is made.
        (WebCore::FetchResponseSource::doStart): Keep the start promise unresolved so that pull is not called.
        FetchResponse is a push source.
        * Modules/fetch/FetchResponseSource.h:
        * Modules/streams/ReadableStreamInternals.js:
        (readFromReadableStreamReader): Calling @firstReadCallback.
        * Modules/streams/ReadableStreamSource.h:
        (WebCore::ReadableStreamSource::firstReadCallback): Default implementation (does nothing).
        * Modules/streams/ReadableStreamSource.idl: Adding firstReadCallback private method.
        * bindings/js/WebCoreBuiltinNames.h: Adding @firstReadCallback.

2016-07-13  Philippe Normand  <pnormand@igalia.com>

        [GStreamer][GL] crash within triggerRepaint
        https://bugs.webkit.org/show_bug.cgi?id=159552

        Reviewed by Xabier Rodriguez-Calvar.

        Revert the un-needed changes introduced in r203056 and use the
        MainThreadNotifier without redundant checks.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr): Deleted.

2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GObject DOM bindings API breaks after r203047-

        webkit_dom_document_set_title() and webkit_dom_html_title_element_set_text() now can raise exceptions. 

        * bindings/gobject/WebKitDOMDeprecated.cpp:
        (webkit_dom_document_set_title):
        (webkit_dom_html_title_element_set_text):
        * bindings/gobject/WebKitDOMDeprecated.h:
        * bindings/gobject/WebKitDOMDeprecated.symbols:
        * bindings/gobject/webkitdom.symbols:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateProperty):
        (FunctionUsedToNotRaiseException):

2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] Remove toCoordinatedGraphicsLayer and use downcast instead
        https://bugs.webkit.org/show_bug.cgi?id=159469

        Reviewed by Michael Catanzaro.

        * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateViewportConstrainedNode):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
        (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::isCoordinatedGraphicsLayer):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::toCoordinatedLayerID):
        (WebCore::CoordinatedGraphicsLayer::setShouldUpdateVisibleRect):
        (WebCore::CoordinatedGraphicsLayer::removeFromParent):
        (WebCore::CoordinatedGraphicsLayer::setMaskLayer):
        (WebCore::CoordinatedGraphicsLayer::flushCompositingState):
        (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers):
        (WebCore::CoordinatedGraphicsLayer::findFirstDescendantWithContentsRecursively):
        (WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers):
        (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
        (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHasActiveTransformAnimation):
        (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHaveNonAffineTransforms):
        (WebCore::toCoordinatedGraphicsLayer): Deleted.
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

2016-07-12  Youenn Fablet  <youenn@apple.com>

        [Fetch API] isRedirected should be conveyed in workers
        https://bugs.webkit.org/show_bug.cgi?id=159676

        Reviewed by Alex Christensen.

        Passing isRedirected value between threads.
        Rebasing corresponding worker test, even though it is currently skipped (due to crashing flakiness).

        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::crossThreadData):
        (WebCore::ResourceResponseBase::fromCrossThreadData):
        * platform/network/ResourceResponseBase.h:

2016-07-12  Eric Carlson  <eric.carlson@apple.com>

        REGRESSION (r202509): media controls controls enabled AirPlay placeholder is shown
        https://bugs.webkit.org/show_bug.cgi?id=159685
        <rdar://problem/27198899>

        Reviewed by Dean Jackson.

        Test: media/controls/airplay-controls.html

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.shouldShowControls): Split some of the logic out of shouldHaveControls.
        (Controller.prototype.shouldHaveControls): Having controls != showing controls.
        (Controller.prototype.updateControls): Call shouldShowControls, not shouldHaveControls.
        (Controller.prototype.updateWirelessPlaybackStatus): Add 'appletv' to the class when active.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus): Call ensureMediaControlsShadowRoot
        in case the controls haven't been created yet.

2016-07-12  Frederic Wang  <fwang@igalia.com>

        Move parsing of mpadded attributes to a MathMLPaddedElement class
        https://bugs.webkit.org/show_bug.cgi?id=159620

        Reviewed by Brent Fulgham.

        No new tests, behavior is unchanged.

        * CMakeLists.txt: Add MathMLPaddedElement files.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Ditto.
        * mathml/MathMLInlineContainerElement.cpp: Remove handling of mpadded.
        * mathml/MathMLPaddedElement.cpp: Added.
        (WebCore::MathMLPaddedElement::MathMLPaddedElement):
        (WebCore::MathMLPaddedElement::create):
        (WebCore::MathMLPaddedElement::width): Expose width attribute as a MathMLLength until mpadded
        pseudo-units are supported.
        (WebCore::MathMLPaddedElement::height): Ditto.
        (WebCore::MathMLPaddedElement::depth): Ditto
        (WebCore::MathMLPaddedElement::lspace): Ditto.
        (WebCore::MathMLPaddedElement::voffset): Ditto.
        (WebCore::MathMLPaddedElement::parseAttribute): Make length attribute dirty.
        (WebCore::MathMLPaddedElement::createElementRenderer): Moved code from MathMLInlineContainerElement.
        * mathml/MathMLPaddedElement.h: Added.
        * mathml/mathtags.in: Map mapdded to MathMLPaddedElement.
        * rendering/mathml/RenderMathMLPadded.cpp:
        (WebCore::RenderMathMLPadded::resolveWidth): Helper function to resolve width.
        (WebCore::RenderMathMLPadded::resolveAttributes): Helper function to resolve all attributes.
        (WebCore::RenderMathMLPadded::computePreferredLogicalWidths): Use resolveWidth.
        (WebCore::RenderMathMLPadded::layoutBlock): Use resolveAttributes.
        * rendering/mathml/RenderMathMLPadded.h: Add new helper functions to access attributes from
        the MathMLPaddedElement class.

2016-07-12  Andreas Kling  <akling@apple.com>

        [Cocoa] Simulated memory warning doesn't trigger libcache purge.
        <https://webkit.org/b/159688>

        Reviewed by Chris Dumez.

        Since simulated memory warnings will have the "is under memory pressure" flag set,
        we were skipping the libcache purge call.

        Add a separate flag that tracks whether we're under simulated pressure, and always
        prod libcache in that case.

        * platform/MemoryPressureHandler.h:
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        (WebCore::MemoryPressureHandler::install):

2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Purge PassRefPtr in Modules/webdatabase
        https://bugs.webkit.org/show_bug.cgi?id=159255

        Reviewed by Benjamin Poulain.

        As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.

        Additionally unnecessary spaces and tabs are removed too.

        * Modules/webdatabase/ChangeVersionWrapper.cpp:
        * Modules/webdatabase/DOMWindowWebDatabase.h:
        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::Database):
        (WebCore::Database::~Database):
        (WebCore::Database::scheduleTransaction):
        (WebCore::Database::runTransaction):
        * Modules/webdatabase/Database.h:
        * Modules/webdatabase/DatabaseAuthorizer.cpp:
        (WebCore::DatabaseAuthorizer::allowRead):
        * Modules/webdatabase/DatabaseManager.cpp:
        (WebCore::DatabaseManager::openDatabase):
        (WebCore::DatabaseManager::fullPathForDatabase):
        (WebCore::DatabaseManager::detailsForNameAndOrigin):
        * Modules/webdatabase/DatabaseManager.h:
        * Modules/webdatabase/DatabaseTask.cpp:
        (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
        * Modules/webdatabase/SQLResultSetRowList.h:
        * Modules/webdatabase/SQLStatement.cpp:
        (WebCore::SQLStatement::SQLStatement):
        (WebCore::SQLStatement::sqlError):
        (WebCore::SQLStatement::sqlResultSet):
        * Modules/webdatabase/SQLStatement.h:
        * Modules/webdatabase/SQLTransaction.h:
        * Modules/webdatabase/SQLTransactionBackend.cpp:
        (WebCore::SQLTransactionBackend::create):
        (WebCore::SQLTransactionBackend::SQLTransactionBackend):
        (WebCore::SQLTransactionBackend::transactionError):
        * Modules/webdatabase/SQLTransactionBackend.h:

2016-07-11  Dean Jackson  <dino@apple.com>

        REGRESSION (202694): Audio and Video playback controls: Cannot find a position slider to adjust playback position using VO.
        https://bugs.webkit.org/show_bug.cgi?id=159661
        <rdar://problem/27285135>

        Reviewed by Eric Carlson.

        The change in r202694 caused MediaDocuments to not always
        show their scrubber. The fix is to reduce the minimum amount
        of size needed to show the scrubber.

        Test: media/controls/default-size-should-show-scrubber.html

        * Modules/mediacontrols/mediaControlsApple.js: 80 pixels is enough
        to show the scrubber.

2016-07-12  Frederic Wang  <fwang@igalia.com>

        Move MathMLOperatorDictionary from rendering to DOM
        https://bugs.webkit.org/show_bug.cgi?id=159619

        Reviewed by Brent Fulgham.

        No new tests, behavior is unchanged.

        * CMakeLists.txt: Use the new location of MathMLOperatorDictionary files.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLAllInOne.cpp: Add MathMLOperatorDictionary.cpp
        * mathml/MathMLOperatorDictionary.cpp: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.cpp.
        * mathml/MathMLOperatorDictionary.h: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.h.

2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Remove ENABLE_CSS3_TEXT_LINE_BREAK flag
        https://bugs.webkit.org/show_bug.cgi?id=159671

        Reviewed by Csaba Osztrogonác.

        ENABLE_CSS3_TEXT_LINE_BREAK feature was implemented without guards.
        https://bugs.webkit.org/show_bug.cgi?id=89235

        So this guard can be removed in build scripts.

        * Configurations/FeatureDefines.xcconfig:

2016-07-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r203059.
        https://bugs.webkit.org/show_bug.cgi?id=159673

        B and R channels now swapped on desktop GL builds (Requested
        by philn on #webkit).

        Reverted changeset:

        "Red and blue colors are swapped in video rendered through
        WebGL when GSTREAMER_GL is enabled"
        https://bugs.webkit.org/show_bug.cgi?id=159621
        http://trac.webkit.org/changeset/203059

2016-07-12  Yoav Weiss  <yoav@yoav.ws>

        js/dom/global-constructors-attributes.html is flaky: ResourceTiming runtime feature leaks between tests
        https://bugs.webkit.org/show_bug.cgi?id=158902

        Reviewed by Benjamin Poulain.

        Adds a new reset() mechanism to RuntimeEnabledFeatures so that they could be brought back to the initial state.
        This reset() is then called from DumpRenderTree and WebKitTestRunner.

        No new tests but hopefully current tests will be less flaky.

        * bindings/generic/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
        (WebCore::RuntimeEnabledFeatures::reset):
        * bindings/generic/RuntimeEnabledFeatures.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): reset RuntimeEnabledFeatures.

2016-07-11  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Purge PassRefPtr in platform/efl and platform/mac 
        https://bugs.webkit.org/show_bug.cgi?id=159548

        Reviewed by Alex Christensen.

        Remove all use of PassRefPtr and clean up unnecessary tabs and spaces.
        WebKit2 codes are also changed because of setBufferForType()'s modification.

        No new tests, no behavior changes.

        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/PlatformSpeechSynthesizer.h:
        * platform/SerializedPlatformRepresentation.h:
        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
        (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
        * platform/efl/PlatformSpeechSynthesisProviderEfl.h:
        * platform/efl/PlatformSpeechSynthesizerEfl.cpp:
        (WebCore::PlatformSpeechSynthesizer::speak):
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::setBufferForType):
        * platform/ios/PlatformSpeechSynthesizerIOS.mm:
        (SOFT_LINK_CONSTANT):
        (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
        (-[WebSpeechSynthesisWrapper mapSpeechRateToPlatformRate:]):
        (-[WebSpeechSynthesisWrapper speakUtterance:]):
        (-[WebSpeechSynthesisWrapper pause]):
        (-[WebSpeechSynthesisWrapper resume]):
        (-[WebSpeechSynthesisWrapper cancel]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didStartSpeechUtterance:]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeechUtterance:]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didPauseSpeechUtterance:]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didContinueSpeechUtterance:]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didCancelSpeechUtterance:]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:willSpeakRangeOfSpeechString:utterance:]):
        (WebCore::PlatformSpeechSynthesizer::speak):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::write):
        * platform/mac/PlatformPasteboardMac.mm:
        (WebCore::PlatformPasteboard::getTypes):
        (WebCore::PlatformPasteboard::getPathnamesForType):
        (WebCore::PlatformPasteboard::color):
        (WebCore::PlatformPasteboard::copy):
        (WebCore::PlatformPasteboard::setBufferForType):
        (WebCore::PlatformPasteboard::setPathnamesForType):
        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
        (-[WebSpeechSynthesisWrapper speakUtterance:]):
        (-[WebSpeechSynthesisWrapper pause]):
        (-[WebSpeechSynthesisWrapper resume]):
        (-[WebSpeechSynthesisWrapper cancel]):
        (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeaking:]):
        (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
        (WebCore::PlatformSpeechSynthesizer::speak):
        * platform/mac/SerializedPlatformRepresentationMac.h:
        * platform/mac/SerializedPlatformRepresentationMac.mm:
        (WebCore::SerializedPlatformRepresentationMac::data):
        (WebCore::jsValueWithValueInContext):
        * platform/mock/PlatformSpeechSynthesizerMock.cpp:
        (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
        (WebCore::PlatformSpeechSynthesizerMock::speak):
        (WebCore::PlatformSpeechSynthesizerMock::cancel):
        * platform/mock/PlatformSpeechSynthesizerMock.h:

2016-07-11  Frederic Wang  <fwang@igalia.org>

        Move parsing of mspace attributes to a MathMLSpaceElement class
        https://bugs.webkit.org/show_bug.cgi?id=156795

        Reviewed by Brent Fulgham.

        No new tests, already covered by existing tests.

        * CMakeLists.txt: Add MathMLSpaceElement to the build system.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::cachedMathMLLength): Helper function to returned the cached parsed
        value of a MathML length and parsing the corresponding attribute value if the cache is dirty.
        * mathml/MathMLElement.h: Add a dirty boolean to MathML Length structure. Declare cachedMathMLLength.
        * mathml/MathMLSpaceElement.cpp: New class for the <mspace> element.
        (WebCore::MathMLSpaceElement::MathMLSpaceElement):
        (WebCore::MathMLSpaceElement::create):
        (WebCore::MathMLSpaceElement::parseAttribute): Make width, height, depth attributes dirty.
        (WebCore::MathMLSpaceElement::createElementRenderer):
        * mathml/MathMLSpaceElement.h: New class for the <mspace> element.
        We define MathML lengths for width, height and depth attributes are on the class and expose
        with the corresponding helper functions via memoization.
        * mathml/MathMLTextElement.cpp: Remove handling of mspace from this class.
        (WebCore::MathMLTextElement::createElementRenderer):
        * mathml/mathtags.in: Change the interface for mspace to use the new class.
        * rendering/mathml/RenderMathMLSpace.cpp: Do not store width/height/depth values on the
        renderer and instead just use the corresponding MathML lengths on the element class.
        (WebCore::RenderMathMLSpace::RenderMathMLSpace): Use MathMLSpaceElement and remove member
        initialization.
        (WebCore::RenderMathMLSpace::computePreferredLogicalWidths): Use spaceWidth().
        (WebCore::RenderMathMLSpace::spaceWidth): Helper function to resolve the width attribute value.
        (WebCore::RenderMathMLSpace::getSpaceHeightAndDepth): Ditto for height and depth.
        (WebCore::RenderMathMLSpace::layoutBlock): Use the helper functions to get the mspace metrics.
        (WebCore::RenderMathMLSpace::firstLineBaseline): Ditto.
        (WebCore::RenderMathMLSpace::updateFromElement): Deleted.
        (WebCore::RenderMathMLSpace::styleDidChange): Deleted.
        * rendering/mathml/RenderMathMLSpace.h: Use MathMLSpaceElement, replace members with helper
        functions and and make element() usable from a const instance.

2016-07-11  Frederic Wang  <fwang@igalia.org>

        Create a MathMLLength struct to handle the parsing of MathML length.
        https://bugs.webkit.org/show_bug.cgi?id=156792

        Reviewed by Brent Fulgham.

        We introduce a structure for MathML lengths that will be used in the future to store the
        parsed values in the MathElement class. We also rewrite the parsing function for MathML
        lengths in order to improve efficiency and code reuse. This function is moved into the
        MathElement class and only the conversion to LayoutUnit remains in the renderer classes.

        No new tests, already covered by existing tests.

        * mathml/MathMLElement.cpp:
        (WebCore::parseNamedSpace): Helper function to parse a named space.
        (WebCore::MathMLElement::parseMathMLLength): Parsing function for MathML lengths.
        * mathml/MathMLElement.h: Declare new function and structure to handle MathML lengths.
        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::toUserUnits): Helper function to resolve a MathML length.
        (WebCore::parseMathMLLength): Remove the old parsing code and just use MathMLElement::parseMathMLLength and toUserUnits instead.
        (WebCore::parseMathMLNamedSpace): Deleted.
        * rendering/mathml/RenderMathMLBlock.h: Remove unused function.

2016-07-11  Frederic Wang  <fwang@igalia.com>

        Add support for @href attribute in MathML
        https://bugs.webkit.org/show_bug.cgi?id=85733

        Reviewed by Brent Fulgham.

        We add support for the href attribute from MathML 3 but ignore the deprecated XLink version.
        We also use the code from HTMLAnchorElement SVGAElement to make MathMLElement with a href
        attribute behave as a link.
        Finally, we adjust mathml.css based on rules from the html and svg user agent stylesheets.

        Tests: mathml/mathml-in-html5/href-click-1.html
               mathml/mathml-in-html5/href-click-2.html
               mathml/presentation/href-enter.html
               mathml/presentation/href-style.html
               mathml/presentation/maction-toggle-href.html
               mathml/presentation/semantics-href.html

        * css/mathml.css:
        (:any-link): Set color and mouse cursor of links.
        (:any-link:active): Set color of active links.
        (:focus): Set outline of focused links.
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::parseAttribute): Parse the href attribute.
        (WebCore::MathMLElement::willRespondToMouseClickEvents): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::defaultEventHandler): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::canStartSelection): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::isFocusable): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::isKeyboardFocusable): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::isMouseFocusable): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::isURLAttribute): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::supportsFocus): Based on HTMLAnchorElement/SVGAElement.
        (WebCore::MathMLElement::tabIndex): Based on HTMLAnchorElement/SVGAElement.
        * mathml/MathMLElement.h: Define new members.
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::willRespondToMouseClickEvents): We also verify whether
        the parent class will respond.
        * mathml/mathattrs.in: Add href attribute.

2016-07-11  Sam Weinig  <sam@webkit.org>

        Speech Synthesis: getting list of voices no longer works
        <rdar://problem/22954120>
        https://bugs.webkit.org/show_bug.cgi?id=159656

        Reviewed by Tim Horton.

        * platform/PlatformSpeechSynthesizer.h:
        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        Default initialize m_voiceListIsInitialized to false so it is
        initialized on both Mac and iOS. Remove the explicit initialization
        from the Mac.

2016-07-11  Simon Fraser  <simon.fraser@apple.com>

        <rdar://problem/27285599> REGRESSION: Assertion under CertificateInfo::trust() every time I focus a text field

        Reviewed by Sam Weinig.

        The assertion added to CertificateInfo::trust() in r203040 is wrong, and is triggered when
        focusing a form field via calls to -[WKWebProcessPlugInFrame _serverTrust], so remove it.

        * platform/network/cf/CertificateInfo.h:
        (WebCore::CertificateInfo::trust):

2016-07-11  Simon Fraser  <simon.fraser@apple.com>

        Deleting in a text input inside an iframe causes the page to scroll incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=159654
        rdar://problem/26805722

        Reviewed by Zalan Bujtas.

        Editor::revealSelectionAfterEditingOperation() needs the same iOS-specific reveal
        behavior as was added for typing in r202295.

        Test: fast/forms/ios/delete-in-input-in-iframe.html

        * editing/Editor.cpp:
        (WebCore::Editor::revealSelectionAfterEditingOperation):

2016-07-11  Andy Estes  <aestes@apple.com>

        Fix indentation in FrameLoaderTypes.h
        https://bugs.webkit.org/show_bug.cgi?id=159650

        Reviewed by Brady Eidson.

        * loader/FrameLoaderTypes.h:

2016-07-11  Myles C. Maxfield  <mmaxfield@apple.com>

        Honor the second argument to FontFaceSet.load and FontFaceSet.check
        https://bugs.webkit.org/show_bug.cgi?id=159607
        <rdar://problem/27284902>

        Reviewed by Zalan Bujtas.

        This second argument is used in conjunction with the unicode-range CSS property, so that
        loading from a FontFaceSet only loads the fonts which actually match the characters given.
        Previously, we hadn't implemented proper support for this unicode-range property, but now
        that we have implemented it, we should honor this second argument.

        Test: fast/text/unicode-range-javascript.html

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::rangesMatchCodePoint):
        * css/CSSFontFace.h:
        * css/CSSFontFaceSet.cpp:
        (WebCore::codePointsFromString):
        (WebCore::CSSFontFaceSet::matchingFaces):

2016-07-11  Zalan Bujtas  <zalan@apple.com>

        Unable to edit fields or drag to select text in Dashboard widgets.
        https://bugs.webkit.org/show_bug.cgi?id=159647
        <rdar://problem/26941698>

        Reviewed by Brent Fulgham.

        RenderObject::computeAbsoluteRepaintRect's first paramenter is no longer in/out. Use the return
        value to set the clip on the dashboard region.

        Not testable.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::addAnnotatedRegions):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::addAnnotatedRegions):

2016-07-11  Chris Dumez  <cdumez@apple.com>

        Potential null dereference under DocumentLoader::mainReceivedError()
        https://bugs.webkit.org/show_bug.cgi?id=159640
        <rdar://problem/27283372>

        Reviewed by Brady Eidson.

        Move frameLoader() null check a bit earlier in DocumentLoader::mainReceivedError()
        as it was dereferenced before the check.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::mainReceivedError):

2016-07-11  Enrica Casucci  <enrica@apple.com>

        Add synthetic click origin to WKNavigationAction.
        https://bugs.webkit.org/show_bug.cgi?id=159584
        rdar://problem/25610422

        Reviewed by Tim Horton.

        Adding plumbing code to pass synthetic click type
        through WebCore.

        * dom/Element.cpp:
        (WebCore::Element::dispatchMouseEvent):
        (WebCore::Element::dispatchMouseForceWillBegin):
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::create):
        (WebCore::MouseEvent::MouseEvent):
        (WebCore::MouseEvent::initMouseEvent):
        (WebCore::MouseEvent::cloneFor):
        * dom/MouseEvent.h:
        (WebCore::MouseEvent::createForBindings):
        (WebCore::MouseEvent::button):
        (WebCore::MouseEvent::syntheticClickType):
        (WebCore::MouseEvent::buttonDown):
        (WebCore::MouseEvent::setRelatedTarget):
        * dom/SimulatedClick.cpp:
        * dom/WheelEvent.cpp:
        (WebCore::WheelEvent::WheelEvent):
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::showContextMenuAt):
        * page/DragController.cpp:
        (WebCore::createMouseEvent):
        (WebCore::DragController::DragController):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent):
        (WebCore::EventHandler::sendContextMenuEventForKey):
        (WebCore::EventHandler::fakeMouseMoveEventTimerFired):
        * platform/PlatformMouseEvent.h:
        (WebCore::PlatformMouseEvent::PlatformMouseEvent):
        (WebCore::PlatformMouseEvent::clickCount):
        (WebCore::PlatformMouseEvent::modifierFlags):
        (WebCore::PlatformMouseEvent::force):
        (WebCore::PlatformMouseEvent::syntheticClickType):
        * replay/SerializationMethods.cpp:
        (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):

2016-07-11  Anders Carlsson  <andersca@apple.com>

        Able to open multiple payment sheets in Safari at the same time
        https://bugs.webkit.org/show_bug.cgi?id=159637
        rdar://problem/26411339

        Reviewed by Beth Dakin.

        Fold PaymentCoordinator::showPaymentUI into PaymentCoordinator::beginPaymentSession and
        change the return value of the latter member function to a bool to indicate whether the
        payment UI could be shown (or whether it's already showing).

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::begin):
        Check the return value of beginPaymentSession.

        * Modules/applepay/PaymentCoordinator.cpp:
        (WebCore::PaymentCoordinator::beginPaymentSession):
        This now takes a payment session and returns a boolean.
        (WebCore::PaymentCoordinator::showPaymentUI): Deleted.

        * Modules/applepay/PaymentCoordinator.h:
        * Modules/applepay/PaymentCoordinatorClient.h:
        * loader/EmptyClients.cpp:
        The showPaymentUI client function now returns a bool.

2016-07-11  Nan Wang  <n_wang@apple.com>

        AX: Crash when backspacing in number field with spin button
        https://bugs.webkit.org/show_bug.cgi?id=157830

        Reviewed by Chris Fleizach.

        It's possible to access spin button parts after they've been detached from their parent, which can lead to crashes.
        This adds in a number of redundant safeguards to prevent this and other cases in the future.

        Test: accessibility/spinbutton-crash.html

        * accessibility/AccessibilitySpinButton.cpp:
        (WebCore::AccessibilitySpinButton::incrementButton):
        (WebCore::AccessibilitySpinButton::decrementButton):
        (WebCore::AccessibilitySpinButton::addChildren):

2016-07-11  Chris Dumez  <cdumez@apple.com>

        Possible null dereference under EventHandler::dispatchMouseEvent()
        https://bugs.webkit.org/show_bug.cgi?id=159632
        <rdar://problem/27247619>

        Reviewed by Andreas Kling.

        FrameSelection::toNormalizedRange() can return null even when FrameSelection::isRange()
        returns true so add a null check.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchMouseEvent):

2016-07-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r203064.
        https://bugs.webkit.org/show_bug.cgi?id=159642

        This change causes LayoutTest crashes on WK1 ASan (Requested
        by ryanhaddad on #webkit).

        Reverted changeset:

        "Use refs for ResourceLoaders"
        https://bugs.webkit.org/show_bug.cgi?id=159592
        http://trac.webkit.org/changeset/203064

2016-07-11  Brent Fulgham  <bfulgham@apple.com>

        [WebGL] Check for existing buffer exists for enabled vertex array attributes before permitting glDrawArrays to execute
        https://bugs.webkit.org/show_bug.cgi?id=159590
        <rdar://problem/26865535>

        Reviewed by Dean Jackson.

        Test: fast/canvas/webgl/webgl-drawarrays-crash-2.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If enabled array buffer attributes exist,
        ensure that an array buffer has been bound.

2016-07-11  Nan Wang  <n_wang@apple.com>

        AX: WKWebView should have API to prevent pinch-to-zoom always being allowed
        https://bugs.webkit.org/show_bug.cgi?id=158364

        Reviewed by Anders Carlsson.

        Removed the internals settings for viewport force always user scalable.

        Changes are covered in modified tests.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::Internals):
        (WebCore::Internals::composedTreeAsText):
        (WebCore::Internals::setLinkPreloadSupport):
        (WebCore::Internals::setViewportForceAlwaysUserScalable): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2016-07-11  Frederic Wang  <fwang@igalia.com>

        Use parameters from the OpenType MATH table for <munderover>
        https://bugs.webkit.org/show_bug.cgi?id=155756

        Reviewed by Brent Fulgham.

        We follow the description from the MathML in HTML5 implementation
        to improve the layout of <munderover> using some constants from the MATH table.

        Tests: imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-1.html
               imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-2.html
               imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-3.html
               imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-4.html
               mathml/presentation/attributes-accent-accentunder-dynamic.html

        * mathml/mathattrs.in: Add accentunder attribute.
        * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::hasAccent): Helper function to determine whether
        the over/under script should be treated as an accent.
        (WebCore::RenderMathMLUnderOver::getVerticalParameters): Helper function to read
        some vertical parameters from the MATH table.
        (WebCore::RenderMathMLUnderOver::layoutBlock): Take into account the new vertical
        parameters for the layout of <munderover>.
        * rendering/mathml/RenderMathMLUnderOver.h: Define new helper functions.

2016-07-11  Frederic Wang  <fwang@igalia.com>

        Use Stack* parameters from the OpenType MATH table
        https://bugs.webkit.org/show_bug.cgi?id=155714

        Reviewed by Brent Fulgham.

        Test: mathml/mathml-in-html5/frac-parameters-2.html

        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::updateFromElement): Set the stack parameters when
        the line thickness is zero.
        (WebCore::RenderMathMLFraction::layoutBlock): Correctly set the <mfrac> ascent and
        the denominator vertical offset when the line thickness is zero.
        (WebCore::RenderMathMLFraction::paint): Early return when we actually do not need to
        paint any fraction bar.
        * rendering/mathml/RenderMathMLFraction.h: Define an isStack helper function and define
        members corresponding to stack parameters.

2016-07-11  Frederic Wang  <fwang@igalia.com>

        Add support for mathvariants that cannot be emulated via CSS.
        https://bugs.webkit.org/show_bug.cgi?id=108778

        Reviewed by Brent Fulgham.

        Tests: mathml/mathml-in-html5/mathvariant-transforms-1.html
               mathml/mathml-in-html5/mathvariant-transforms-2.html
               mathml/presentation/mathvariant-inheritance.html
               mathml/presentation/mathvariant-tokens.html

        We remove the old code to emulate partial mathvariant support via CSS and add support
        for all mathvariant values using the technique used for implicit italic on <mi> element.
        We also rely on the MathMLStyle class introduced earlier to support custome MathML style
        and manage inheritance of mathvariant values.
        The function that tries and converts one base character into a transformed mathvariant
        character is based on similar code from Gecko:
        http://hg.mozilla.org/mozilla-central/file/tip/layout/generic/MathMLTextRunFactory.cpp
        Note that we only support transform on token elements with a single character, which
        should cover the most important use cases.

        * css/mathml.css: Remove the CSS rules to emulate some mathvariant values.
        (math[mathvariant="normal"], mstyle[mathvariant="normal"], mo[mathvariant="normal"], mn[mathvariant="normal"], mi[mathvariant="normal"], mtext[mathvariant="normal"], mspace[mathvariant="normal"], ms[mathvariant="normal"]): Deleted.
        (math[mathvariant="bold"], mstyle[mathvariant="bold"], mo[mathvariant="bold"], mn[mathvariant="bold"], mi[mathvariant="bold"], mtext[mathvariant="bold"], mspace[mathvariant="bold"], ms[mathvariant="bold"]): Deleted.
        (math[mathvariant="italic"], mstyle[mathvariant="italic"], mo[mathvariant="italic"], mn[mathvariant="italic"], mi[mathvariant="italic"], mtext[mathvariant="italic"], mspace[mathvariant="italic"], ms[mathvariant="italic"]): Deleted.
        (math[mathvariant="bold-italic"], mstyle[mathvariant="bold-italic"], mo[mathvariant="bold-italic"], mn[mathvariant="bold-italic"], mi[mathvariant="bold-italic"], mtext[mathvariant="bold-italic"], mspace[mathvariant="bold-italic"], ms[mathvariant="bold-italic"]): Deleted.
        * mathml/MathMLInlineContainerElement.cpp: We resolve mathml style when mathvariant changes.
        (WebCore::MathMLInlineContainerElement::parseAttribute):
        * mathml/MathMLMathElement.cpp: ditto.
        (WebCore::MathMLMathElement::parseAttribute):
        * mathml/MathMLTextElement.cpp: ditto.
        (WebCore::MathMLTextElement::parseAttribute):
        * rendering/mathml/MathMLStyle.cpp: Add mathvariant property to the MathML style.
        (WebCore::MathMLStyle::MathMLStyle): Init mathvariant to none.
        (WebCore::MathMLStyle::getMathMLStyle): Helper function to retrieve the MathML style on a renderer.
        (WebCore::MathMLStyle::updateStyleIfNeeded): Take into account change of mathvariant.
        (WebCore::MathMLStyle::parseMathVariant): Helper function to parse a mathvariant attribute.
        (WebCore::MathMLStyle::resolveMathMLStyle): Take into account mathvariant value: it is None
        by default, inherited and can be modified via an attribute on <math>, <mstyle> or token
        elements. We also refactor a bit to share logic between displaystyle and mathvariant.
        (WebCore::MathMLStyle::setDisplayStyle): Deleted.
        * rendering/mathml/MathMLStyle.h: Add mathvariant members and update declarations.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::updateTokenContent): Call the function from the parent class
        to consider mathvariant on <mo>.
        * rendering/mathml/RenderMathMLToken.cpp:
        We implement a mathVariant function to transform a base character into its transformed mathvariant:
        - There are some regularity that allows to perform this via simple linear transforms.
        - However, there are also many exceptions and we rely on some sorted MathVariantMapping
        tables to handle these cases.
        (WebCore::ExtractKey): Helper function to perform binary searches on MathVariant tables.
        (WebCore::MathVariantMappingSearch): ditto.
        (WebCore::mathVariant): New function to perform mathvariant transforms.
        (WebCore::RenderMathMLToken::updateMathVariantGlyph): Use the mathVariant function to
        perform all transformations, not just the italic one.
        (WebCore::transformToItalic): Deleted. Replaced with the more general mathVariant function.

2016-07-11  Jeremy Jones  <jeremyj@apple.com>

        Pause small video elements when returning to inline.
        https://bugs.webkit.org/show_bug.cgi?id=159535

        Reviewed by Jer Noble.

        Will add a test in a later commit.

        When exiting fullscreen, don't allow playback to continue inline if video is too small.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::isVideoTooSmallForInlinePlayback): Added.
        (WebCore::HTMLMediaElement::exitFullscreen): Pause if video is too small.
        * html/HTMLMediaElement.h:

2016-07-11  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>

        toNative functions in JSDOMBinding.h should take an ExecState reference instead of pointer
        https://bugs.webkit.org/show_bug.cgi?id=159298

        Reviewed by Youenn Fablet.

        Pass ExecState by reference instead of pointer.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::idbKeyPathFromValue):
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::constructJSBlob):
        * bindings/js/JSDOMBinding.h: Pass ExecState by reference instead of pointer.
        (WebCore::toJSSequence):
        (WebCore::NativeValueTraits<String>::nativeValue):
        (WebCore::NativeValueTraits<unsigned>::nativeValue):
        (WebCore::NativeValueTraits<float>::nativeValue):
        (WebCore::NativeValueTraits<double>::nativeValue):
        (WebCore::toNativeArray):
        (WebCore::toNativeArguments):
        * bindings/js/JSDOMConvert.h:
        (WebCore::Converter<Vector<T>>::convert):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::convertValue):
        * bindings/js/JSFileCustom.cpp:
        (WebCore::constructJSFile):
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::fillMessagePortArray):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateParametersCheck):
        (JSValueToNative):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArray):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArrayIsEmpty):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
        (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
        (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence):
        (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence2):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
        (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
        (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
        (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::constructJSTestOverloadedConstructors5):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsPrototypeFunctionFunc):
        (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
        (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):

2016-07-08  Alex Christensen  <achristensen@webkit.org>

        Use refs for ResourceLoaders
        https://bugs.webkit.org/show_bug.cgi?id=159592

        Reviewed by Chris Dumez.

        No new tests.  No change in behavior except a fixed memory leak in WebKit1.

        * loader/LoaderStrategy.h:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::finishNetworkLoad):
        (WebCore::ResourceLoader::setDefersLoading):
        (WebCore::ResourceLoader::frameLoader):
        (WebCore::ResourceLoader::willSwitchToSubstituteResource):
        (WebCore::ResourceLoader::willSendRequestInternal):

2016-07-11  Fujii Hironori  <Hironori.Fujii@sony.com>

        Using dpi unit in sizes attribute raises SIGSEGV
        https://bugs.webkit.org/show_bug.cgi?id=159412

        Reviewed by Darin Adler.

        CSSParser::sourceSize returns a invalid CSSParser::SourceSize
        whose length is a null value for a dpi unit value.  Because
        CSSParserValue::createCSSValue returns null for a dpi value.

        Tests:
            fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
            imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::sourceSize): Create a CSSPrimitiveValue of
        CSS_UNKNOWN if CSSParserValue::createCSSValue returns null.

2016-07-11  Olivier Blin  <olivier.blin@softathome.com>

        Red and blue colors are swapped in video rendered through WebGL when GSTREAMER_GL is enabled
        https://bugs.webkit.org/show_bug.cgi?id=159621

        Reviewed by Philippe Normand.

        When a video is rendered through WebGL, and GSTREAMER_GL is enabled, red and blue colors are swapped.
        This occurs for example with the following videos:
        http://www.scirra.com/labs/bugs/webglvideo/
        http://www.dailymotion.com/embed/video/x4jiicp?autoplay=1

        This is because ImageGStreamerCairo expects video frames in either
        BGRA or ARGB, while when GSTREAMER_GL is enabled,
        createVideoSinkGL() forces a RGBA format.

        Without GSTREAMER_GL, the rendering is fine since
        VideoSinkGStreamer uses either BGRA or ARGB.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):

2016-07-11  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] remove WEBKIT_DEBUG support
        https://bugs.webkit.org/show_bug.cgi?id=159553

        Reviewed by Xabier Rodriguez-Calvar.

        Remove the *_MEDIA_MESSAGE macros specific to the GStreamer
        platform code and replace them with standard GST_DEBUG macros. In
        Debug builds the WEBKIT_DEBUG=Media logs now only contain logs
        related with the cross-platform Media element code. If GStreamer
        logs are needed, the GST_DEBUG=webkit*:5 environment variable can
        be used.

        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfSample):
        (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfStreamChanged):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setAudioStreamProperties):
        (WebCore::MediaPlayerPrivateGStreamer::load):
        (WebCore::MediaPlayerPrivateGStreamer::commitLoad):
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
        (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
        (WebCore::MediaPlayerPrivateGStreamer::play):
        (WebCore::MediaPlayerPrivateGStreamer::pause):
        (WebCore::MediaPlayerPrivateGStreamer::duration):
        (WebCore::MediaPlayerPrivateGStreamer::seek):
        (WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate):
        (WebCore::MediaPlayerPrivateGStreamer::paused):
        (WebCore::MediaPlayerPrivateGStreamer::newTextSample):
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
        (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable):
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded):
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress):
        (WebCore::MediaPlayerPrivateGStreamer::totalBytes):
        (WebCore::MediaPlayerPrivateGStreamer::asyncStateChangeDone):
        (WebCore::MediaPlayerPrivateGStreamer::updateStates):
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
        (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering):
        (WebCore::MediaPlayerPrivateGStreamer::createAudioSink):
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
        (WebCore::MediaPlayerPrivateGStreamerBase::setVolume):
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
        (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
        (WebCore::MediaPlayerPrivateGStreamerOwr::play):
        (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
        (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
        (WebCore::MediaPlayerPrivateGStreamerOwr::load):
        (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
        (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
        (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackMutedChanged):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackSettingsChanged):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::getLanguageCode):
        (WebCore::TrackPrivateBaseGStreamer::getTag):

2016-07-11  Eric Carlson  <eric.carlson@apple.com>

        Add a test for media control dropoff
        https://bugs.webkit.org/show_bug.cgi?id=151287
        <rdar://problem/23544666>

        Reviewed by Antoine Quint.

        Test: media/controls/inline-elements-dropoff-order.html

        * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setAllowsAirPlayForMediaPlayback): Renamed from setWirelessPlaybackDisabled.
        (WebCore::InternalSettings::setWirelessPlaybackDisabled): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:


2016-07-11  Philippe Normand  <pnormand@igalia.com>

        [GStreamer][GL] crash within triggerRepaint
        https://bugs.webkit.org/show_bug.cgi?id=159552

        Reviewed by Xabier Rodriguez-Calvar.

        Ensure the sizeChanged notification is emitted from the main
        thread. When GStreamer-GL rendering is enabled the appsink draw
        callbacks are fired in a non-main thread.

        The WeakPtr support was moved to the player base class so that it
        can be used there as well as in the MediaPlayerPrivateGStreamer
        sub-class.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):

2016-07-10  Chris Dumez  <cdumez@apple.com>

        Setting document.title reuses <title>'s textnode child
        https://bugs.webkit.org/show_bug.cgi?id=28864
        <rdar://problem/7186473>

        Reviewed by Benjamin Poulain.

        Setting document.title should be equivalent to setting the 'textContent'
        IDL attribute of the <title> element:
        - https://html.spec.whatwg.org/multipage/dom.html#document.title

        In particular, this means we should always create a new Text node and
        replace all the <title>'s children with this new Node, as per:
        - https://dom.spec.whatwg.org/#dom-node-textcontent

        Previously, WebKit would in some cases reuse the existing <title>'s
        Text node and merely update its data.

        Firefox and Chrome behave as per the specification so this aligns our
        behavior with other major browsers as well.

        Test: fast/dom/title-setter-new-text-node.html

        * dom/Document.cpp:
        (WebCore::Document::setTitle):
        - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
          as per the specification.
        - Take an ExceptionCode parameter and pass it to Node::setTextContent()
          as it may throw.

        * dom/Document.h:
        * dom/Document.idl:

        * html/HTMLTitleElement.cpp:
        (WebCore::HTMLTitleElement::setText):
        Update implementation of HTMLTitleElement::setText() to call
        setTextContent() as per the specification:
        - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text

        * html/HTMLTitleElement.h:
        * html/HTMLTitleElement.idl:

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::finishedParsing):

        * svg/SVGTitleElement.cpp:
        * svg/SVGTitleElement.h:
        Drop setText() setter which was duplicated from HTMLTitleElement::setText()
        now that Document::setTitle() calls SVGTitleElement::setTextContent()
        instead.

2016-07-10  Zalan Bujtas  <zalan@apple.com>

        Fix LogicalSelectionOffsetCaches to work with detached render tree.
        https://bugs.webkit.org/show_bug.cgi?id=159605
        <rdar://problem/27248845>

        Reviewed by Brent Fulgham.

        When the renderer that is being destroyed is on a selection boundary,
        we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
        are getting reset. In order to do that, we call clearSelection() on the RenderView.
        One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
        LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
        LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
        it can also handle renderers that are no longer part of the render tree.

        Test: fast/text/selection-on-a-detached-tree.html

        * rendering/LogicalSelectionOffsetCaches.h:
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::logicalLeftSelectionOffset):
        (WebCore::RenderBlock::logicalRightSelectionOffset):

2016-07-10  Chris Dumez  <cdumez@apple.com>

        adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
        https://bugs.webkit.org/show_bug.cgi?id=159555
        <rdar://problem/27252541>

        Reviewed by Benjamin Poulain.

        Follow-up on r203018 which was incomplete. We need to update ElementData's
        m_classNames / m_idForStyleResolution when the source document is in strict
        mode and the destination document is in quirks mode as well.

        Test: fast/dom/Document/adoptNode-quirks-mismatch2.html

        * dom/Element.cpp:
        (WebCore::Element::didMoveToNewDocument):

2016-07-10  Sam Weinig  <sam@webkit.org>

        Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
        https://bugs.webkit.org/show_bug.cgi?id=159610

        Reviewed by Dan Bernstein.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::characterRangeCodePath):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::advanceByCombiningCharacterSequence):
        Update for rename.

        * platform/text/CharacterProperties.h:
        (WebCore::isEmojiGroupCandidate):
        (WebCore::isEmojiFitzpatrickModifier):
        (WebCore::isVariationSelector):
        Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
        explaining what the characters these predicate act on to demystify them a bit.

        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffsetForBackwardDeletion):
        Update for rename and rename a related variable.

2016-07-10  Alex Christensen  <achristensen@webkit.org>

        Fix client certificate authentication after r200463
        https://bugs.webkit.org/show_bug.cgi?id=159574
        <rdar://problem/26931006>

        Reviewed by Sam Weinig.

        No new tests.  We really need a test for this

        * platform/network/cf/CertificateInfo.h:
        (WebCore::CertificateInfo::CertificateInfo):
        (WebCore::CertificateInfo::trust):
        Make sure we only get the trust for Trust type CertificateInfos.  
        If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.

2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Fix Windows build after r203038

        Unreviewed.

        * platform/text/TextAllInOne.cpp:

2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Move breaking iterator code to WTF
        https://bugs.webkit.org/show_bug.cgi?id=159594

        Reviewed by Alex Christensen.

        This is in preparation for giving StringView a GraphemeClusters iterator.
        Such an interator needs to be implemented on top of our breaking iterator
        code.

        No new tests because there is no behavior change.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/CharacterData.cpp:
        * editing/TextCheckingHelper.cpp:
        * editing/TextIterator.cpp:
        * editing/VisibleUnits.cpp:
        * html/HTMLInputElement.cpp:
        * html/HTMLTextAreaElement.cpp:
        * html/InputType.cpp:
        * html/TextFieldInputType.cpp:
        * html/TextInputType.cpp:
        * platform/LocalizedStrings.cpp:
        * platform/graphics/StringTruncator.cpp:
        * platform/graphics/cg/ColorCG.cpp:
        (WTF::RetainPtr<CGColorRef>>::createValueForKey):
        (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
        * platform/graphics/mac/ComplexTextController.cpp:
        * platform/text/LineBreakIteratorPoolICU.h:
        (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
        (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
        (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
        (WebCore::LineBreakIteratorPool::take): Deleted.
        (WebCore::LineBreakIteratorPool::put): Deleted.
        * platform/text/TextBoundaries.cpp:
        * platform/text/TextBreakIterator.cpp:
        (WebCore::initializeIterator): Deleted.
        (WebCore::initializeIteratorWithRules): Deleted.
        (WebCore::setTextForIterator): Deleted.
        (WebCore::setContextAwareTextForIterator): Deleted.
        (WebCore::wordBreakIterator): Deleted.
        (WebCore::sentenceBreakIterator): Deleted.
        (WebCore::cursorMovementIterator): Deleted.
        (WebCore::acquireLineBreakIterator): Deleted.
        (WebCore::releaseLineBreakIterator): Deleted.
        (WebCore::mapLineIteratorModeToRules): Deleted.
        (WebCore::isCJKLocale): Deleted.
        (WebCore::openLineBreakIterator): Deleted.
        (WebCore::closeLineBreakIterator): Deleted.
        (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
        (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
        (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
        (WebCore::textBreakFirst): Deleted.
        (WebCore::textBreakLast): Deleted.
        (WebCore::textBreakNext): Deleted.
        (WebCore::textBreakPrevious): Deleted.
        (WebCore::textBreakPreceding): Deleted.
        (WebCore::textBreakFollowing): Deleted.
        (WebCore::textBreakCurrent): Deleted.
        (WebCore::isTextBreak): Deleted.
        (WebCore::isWordTextBreak): Deleted.
        (WebCore::numGraphemeClusters): Deleted.
        (WebCore::numCharactersInGraphemeClusters): Deleted.
        * platform/text/TextBreakIterator.h:
        (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
        (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
        (WebCore::LazyLineBreakIterator::string): Deleted.
        (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
        (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
        (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
        (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
        (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
        (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
        (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
        (WebCore::LazyLineBreakIterator::get): Deleted.
        (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
        (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
        * platform/text/cf/HyphenationCF.cpp:
        * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
        (WebCore::currentSearchLocaleID): Deleted.
        (WebCore::currentTextBreakLocaleID): Deleted.
        * platform/text/enchant/TextCheckerEnchant.cpp:
        * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
        (WebCore::currentSearchLocaleID): Deleted.
        (WebCore::currentTextBreakLocaleID): Deleted.
        * platform/text/icu/UTextProvider.cpp:
        (WebCore::fixPointer): Deleted.
        (WebCore::uTextCloneImpl): Deleted.
        * platform/text/icu/UTextProvider.h:
        (WebCore::uTextProviderContext): Deleted.
        (WebCore::initializeContextAwareUTextProvider): Deleted.
        (WebCore::uTextAccessPinIndex): Deleted.
        (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
        * platform/text/icu/UTextProviderLatin1.cpp:
        (WebCore::uTextLatin1Clone): Deleted.
        (WebCore::uTextLatin1NativeLength): Deleted.
        (WebCore::uTextLatin1Access): Deleted.
        (WebCore::uTextLatin1Extract): Deleted.
        (WebCore::uTextLatin1MapOffsetToNative): Deleted.
        (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
        (WebCore::uTextLatin1Close): Deleted.
        (WebCore::openLatin1UTextProvider): Deleted.
        (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
        (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
        (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
        (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
        (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
        (WebCore::uTextLatin1ContextAwareClone): Deleted.
        (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
        (WebCore::uTextLatin1ContextAwareAccess): Deleted.
        (WebCore::uTextLatin1ContextAwareExtract): Deleted.
        (WebCore::uTextLatin1ContextAwareClose): Deleted.
        (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
        * platform/text/icu/UTextProviderUTF16.cpp:
        (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
        (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
        (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
        (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
        (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
        (WebCore::uTextUTF16ContextAwareClone): Deleted.
        (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
        (WebCore::uTextUTF16ContextAwareAccess): Deleted.
        (WebCore::uTextUTF16ContextAwareExtract): Deleted.
        (WebCore::uTextUTF16ContextAwareClose): Deleted.
        (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
        * platform/text/mac/TextBoundaries.mm:
        * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
        (WebCore::textBreakLocalePreference): Deleted.
        (WebCore::topLanguagePreference): Deleted.
        (WebCore::getLocale): Deleted.
        (WebCore::getSearchLocale): Deleted.
        (WebCore::currentSearchLocaleID): Deleted.
        (WebCore::getTextBreakLocale): Deleted.
        (WebCore::currentTextBreakLocaleID): Deleted.
        * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
        (WebCore::currentSearchLocaleID): Deleted.
        (WebCore::currentTextBreakLocaleID): Deleted.
        * rendering/RenderBlock.cpp:
        * rendering/RenderText.cpp:
        * rendering/RenderText.h:
        * rendering/SimpleLineLayoutTextFragmentIterator.h:
        * rendering/break_lines.cpp:
        * rendering/break_lines.h:
        * rendering/line/LineBreaker.h:

2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>

        [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
        https://bugs.webkit.org/show_bug.cgi?id=159189

        Reviewed by Michael Catanzaro.

        Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
        and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
        and it incurs the double free problem.
        In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
        So we drop the failureCallback calling code in GnuTLS subtle crypto code.

        But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
        Using the raw delete is error-prone.

        This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
        The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
        is resolved or rejected, subsequent resolve / reject calls are ignored.

        And this patch also fixes the incorrect call to the lambda that is already WTFMoved.

        While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
        `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::createAesCbcParams):
        (WebCore::createAesKeyGenParams):
        (WebCore::createHmacParams):
        (WebCore::createHmacKeyParams):
        (WebCore::createRsaKeyGenParams):
        (WebCore::createRsaKeyParamsWithHash):
        (WebCore::createRsaOaepParams):
        (WebCore::createRsaSsaParams):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
        * bindings/js/JSCryptoAlgorithmDictionary.h:
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::createHMACParameters):
        (WebCore::createRSAKeyParametersWithHash):
        (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
        * bindings/js/JSCryptoKeySerializationJWK.h:
        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::createAlgorithmFromJSValue):
        (WebCore::importKey):
        (WebCore::JSSubtleCrypto::importKey):
        (WebCore::JSSubtleCrypto::wrapKey):
        (WebCore::JSSubtleCrypto::unwrapKey):
        * crypto/CryptoAlgorithm.h:
        * crypto/CryptoAlgorithmParameters.h:
        * crypto/CryptoAlgorithmRegistry.cpp:
        (WebCore::CryptoAlgorithmRegistry::create):
        * crypto/CryptoAlgorithmRegistry.h:
        * crypto/CryptoKeySerialization.h:
        * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::create):
        * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::create):
        * crypto/algorithms/CryptoAlgorithmAES_KW.h:
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::create):
        * crypto/algorithms/CryptoAlgorithmHMAC.h:
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::create):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
        * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
        (WebCore::CryptoAlgorithmSHA1::create):
        * crypto/algorithms/CryptoAlgorithmSHA1.h:
        * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
        (WebCore::CryptoAlgorithmSHA224::create):
        * crypto/algorithms/CryptoAlgorithmSHA224.h:
        * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
        (WebCore::CryptoAlgorithmSHA256::create):
        * crypto/algorithms/CryptoAlgorithmSHA256.h:
        * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
        (WebCore::CryptoAlgorithmSHA384::create):
        * crypto/algorithms/CryptoAlgorithmSHA384.h:
        * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
        (WebCore::CryptoAlgorithmSHA512::create):
        * crypto/algorithms/CryptoAlgorithmSHA512.h:
        * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
        * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
        (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
        * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
        * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
        * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
        (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
        * crypto/keys/CryptoKeySerializationRaw.cpp:
        (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
        * crypto/keys/CryptoKeySerializationRaw.h:

2016-07-09  Antti Koivisto  <antti@apple.com>

        REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
        https://bugs.webkit.org/show_bug.cgi?id=159599
        rdar://problem/27248835

        Reviewed by Chris Dumez.

        Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::~RenderStyle):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::deletionHasBegun):

2016-07-09  Youenn Fablet  <youenn@apple.com>

        Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
        https://bugs.webkit.org/show_bug.cgi?id=159554

        Reviewed by Alex Christensen.

        Test: fetch/header-constructor-overriden.html
        Patch does not change visible behavior.

        * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
        * Modules/fetch/FetchHeaders.js:
        (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
        * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
        passsing it to C++ FetchResponse initialize method.
        (initializeFetchResponse):
        * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.

2016-07-08  Chris Dumez  <cdumez@apple.com>

        adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
        https://bugs.webkit.org/show_bug.cgi?id=159555
        <rdar://problem/27252541>

        Reviewed by Ryosuke Niwa.

        When adopting an Element from another document which has a different quirks mode,
        case-sensitivity for id and class attributes differs and we need to correctly
        update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.

        To address the issue, have Element override didMoveToNewDocument() and call
        attributeChanged() for id and class attributes.

        Test: fast/dom/Document/adoptNode-quirks-mismatch.html

        * dom/Element.cpp:
        (WebCore::Element::didMoveToNewDocument):
        * dom/Element.h:

2016-07-08  Daniel Bates  <dabates@apple.com>

        Cleanup: Remove use of PassRefPtr from class HTMLTableElement
        https://bugs.webkit.org/show_bug.cgi?id=159587

        Reviewed by Chris Dumez.

        * html/HTMLTableElement.cpp:
        (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
        (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
        fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
        (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
        table section to better convey that we are passing a copy of the table section.
        (WebCore::HTMLTableElement::createCaption): Ditto.
        * html/HTMLTableElement.h:

2016-07-08  Daniel Bates  <dabates@apple.com>

        Move shouldInheritSecurityOriginFromOwner() from URL to Document
        https://bugs.webkit.org/show_bug.cgi?id=158987

        Reviewed by Alex Christensen.

        The URL class should not have knowledge of the concept of an origin or the semantics of origin
        inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
        a static non-member, non-friend function of Document because its implements the origin semantics
        for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
        These semantics only apply to Documents.

        No functionality changed. So, no new tests.

        * dom/Document.cpp:
        (WebCore::shouldInheritSecurityOriginFromOwner): Added.
        (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
        (WebCore::Document::initContentSecurityPolicy): Ditto.
        * platform/URL.cpp:
        (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
        * platform/URL.h:

2016-07-08  Daniel Bates  <dabates@apple.com>

        Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
        https://bugs.webkit.org/show_bug.cgi?id=159583
        <rdar://problem/27255292>

        In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
        HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
        because we want this function to return the instantiated table section.

        * html/HTMLTableElement.cpp:
        (WebCore::HTMLTableElement::createTFoot):

2016-07-08  Daniel Bates  <dabates@apple.com>

        Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
        https://bugs.webkit.org/show_bug.cgi?id=159583
        <rdar://problem/27255292>

        Reviewed by Chris Dumez.

        he HTML standard has long since been revised to describe that assignment to property table.tFoot
        or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
        behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
        and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
        table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
        behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.

        * html/HTMLTableElement.cpp:
        (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
        (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
        * html/HTMLTableElement.h:

2016-07-08  Jer Noble  <jer.noble@apple.com>

        Crash in layout test /media/video-buffered-range-contains-currentTime.html
        https://bugs.webkit.org/show_bug.cgi?id=159109
        <rdar://problem/26535750>

        Reviewed by Alex Christensen.

        Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession dealloc]):
        (-[WebCoreNSURLSession taskCompleted:]):
        (-[WebCoreNSURLSession finishTasksAndInvalidate]):
        (-[WebCoreNSURLSession invalidateAndCancel]):
        (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
        (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
        (-[WebCoreNSURLSession dataTaskWithRequest:]):
        (-[WebCoreNSURLSession dataTaskWithURL:]):

2016-07-08  Jeremy Jones  <jeremyj@apple.com>

        Prevent fullscreen video dimension state from being reset after configuring.
        https://bugs.webkit.org/show_bug.cgi?id=159578

        Reviewed by Jer Noble.

        This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
        mediaState, undoing the configuration done by setVideoElement().

        This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
        https://bugs.webkit.org/show_bug.cgi?id=159580.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setUpFullscreen):

2016-07-08  Andy Estes  <aestes@apple.com>

        [Content Filtering] Load blocked pages more like other error pages are loaded
        https://bugs.webkit.org/show_bug.cgi?id=159485
        <rdar://problem/26014076>

        Reviewed by Brady Eidson.

        Content filter blocked pages were being loaded by cancelling the provisional load of the
        page that was blocked and then scheduling a navigation to the content filter error page.
        Some clients would not expect a new, Web process-initiated provisional navigation to start
        after a cancellation, though, and this would put them in a bad state.
        
        This patch changes blocked page loading to behave more like loading other error pages.
        Specifically:
        1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
        2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
           prevents FrameLoader from creating a new back-forward list item for the substitute data load.
        3. A substitute data load initiated by the client for the blocked URL is ignored if
           ContentFilter will display its own error page.
        4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
           since some clients expect this.

        Updated existing tests to capture frame load delegate callbacks and the back forward list.
        Added new API tests: ContentFiltering.LoadAlternate*.

        * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
        * Resources/ContentFilterBlockedPage.html: Added.
        * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
        since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
        (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
        already Blocked, so that we don't forget this ContentFilter was blocked when calling
        cancelMailResourceLoad() in didDecide().
        (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
        since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
        (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
        (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
        (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
        Created a blockedByContentFilterError() and called cancelMainResourceLoad().
        (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
        (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
        is for the same failingURL as the currently-displayed blocked page, ignore it.
        (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
        and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
        (WebCore::ContentFilter::unblockHandler): Deleted.
        (WebCore::ContentFilter::replacementData): Deleted.
        (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
        * loader/ContentFilter.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
        (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
        (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
        * loader/DocumentLoader.h:
        * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
        and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
        This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
        (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
        (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
        * loader/NavigationScheduler.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
        failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.

2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] The callback passed to document.fonts.ready should always be called
        https://bugs.webkit.org/show_bug.cgi?id=158884

        Reviewed by Dean Jackson.

        The boolean was simply not being reset when loads start.

        Test: fast/text/font-face-set-ready-fire.html

        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::startedLoading):
        * css/FontFaceSet.h:

2016-07-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202944.
        https://bugs.webkit.org/show_bug.cgi?id=159570

        caused some tests to crash under GuardMalloc (Requested by
        estes on #webkit).

        Reverted changeset:

        "[Content Filtering] Load blocked pages more like other error
        pages are loaded"
        https://bugs.webkit.org/show_bug.cgi?id=159485
        http://trac.webkit.org/changeset/202944

2016-07-08  Antti Koivisto  <antti@apple.com>

        Regression(r201805): Crash with <use> resource that has Vary header
        https://bugs.webkit.org/show_bug.cgi?id=159560
        <rdar://problem/27034208>

        Reviewed by Chris Dumez.

        In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
        Such loads always fail. The new vary header verification code path tried to access the frame earlier without
        null check.

        Test: http/tests/cache/vary-frameless-document.html

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::failBeforeStarting):
        (WebCore::addAdditionalRequestHeadersToRequest):

            Null check frame.
            Also move the resource type check here so all callers get the same behavior.

        (WebCore::CachedResource::addAdditionalRequestHeaders):
        (WebCore::CachedResource::load):
        (WebCore::CachedResource::varyHeaderValuesMatch):

2016-07-08  Brady Eidson  <beidson@apple.com>

        Clearing LocalStorage doesn't also delete -wal and -shm files.
        <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566

        Reviewed by Brent Fulgham.
        Also helpfully picked over by Andy "Never Forgets" Estes.

        Covered by new API test.

        * WebCore.xcodeproj/project.pbxproj:

        * platform/sql/SQLiteFileSystem.h:

2016-07-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202945.
        https://bugs.webkit.org/show_bug.cgi?id=159565

        The test for this change is failing on all platforms.
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "[Font Loading] The callback passed to document.fonts.ready
        should always be called"
        https://bugs.webkit.org/show_bug.cgi?id=158884
        http://trac.webkit.org/changeset/202945

2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>

        ExecState should be passed by reference in JS bindings generator for custom constructors
        https://bugs.webkit.org/show_bug.cgi?id=159357

        Reviewed by Youenn Fablet.

        Pass ExecState as a reference instead of pointer in JS bindings
        code for custom constructors.

        * bindings/js/JSAudioContextCustom.cpp:
        (WebCore::constructJSAudioContext):
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::constructJSBlob):
        * bindings/js/JSDOMFormDataCustom.cpp:
        (WebCore::constructJSDOMFormData):
        (WebCore::JSDOMFormData::append):
        * bindings/js/JSDataCueCustom.cpp:
        (WebCore::constructJSDataCue):
        * bindings/js/JSFileCustom.cpp:
        (WebCore::constructJSFile):
        * bindings/js/JSHTMLElementCustom.cpp:
        (WebCore::constructJSHTMLElement):
        * bindings/js/JSMediaSessionCustom.cpp:
        (WebCore::constructJSMediaSession):
        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver):
        * bindings/js/JSReadableStreamPrivateConstructors.cpp:
        (WebCore::constructJSReadableStreamController):
        (WebCore::constructJSReadableStreamReader):
        * bindings/js/JSWebKitPointCustom.cpp:
        (WebCore::constructJSWebKitPoint):
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::constructJSWorker):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateConstructorDefinition):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:

2016-07-08  Olivier Blin  <olivier.blin@softathome.com>

        Expose crossOrigin attribute as a static property in HTMLMediaElement
        https://bugs.webkit.org/show_bug.cgi?id=159459

        Reviewed by Chris Dumez.

        The crossOrigin attribute is already used for MediaResourceLoader
        (r119742 and r175050), but it was not exposed as a static property.

        This fixes VR360 support in Dailymotion, since it uses the "in"
        operator to detect if crossOrigin is supported by the
        HTMLVideoElement, in order to enable VR360.

        No new tests, rebaselined existing tests, 150 WPT tests are fixed.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setCrossOrigin):
        (WebCore::HTMLMediaElement::crossOrigin):
        * html/HTMLMediaElement.h:
        * html/HTMLMediaElement.idl:

2016-03-20  Frederic Wang  <fwang@igalia.com>

        Use Fraction* parameters from the OpenType MATH table
        https://bugs.webkit.org/show_bug.cgi?id=155639

        Reviewed by Brent Fulgham.

        We improve the RenderMathMLFraction so minimal vertical shifts and gaps
        from the MATH table (or arbitrary fallback) are used for fractions.
        We also change the interpretation of "thick" and "thin" linethickness values
        to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.

        Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html

        * rendering/mathml/MathMLStyle.cpp:
        (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
        so that dynamic MathML tests still work.
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
        (WebCore::RenderMathMLFraction::updateFromElement):
        Set new members for fraction gaps and shifts using Fraction* constants or some fallback
        values. Change the interpretation of "thick" and "thin".
        (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
        positions of numerator and denominator.
        (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
        of the fraction bar.
        (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
        * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
        it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
        and for minimal shifts/gaps values.

2016-07-08  Frederic Wang  <fwang@igalia.com>

        Use Radical* constants from the OpenType MATH table.
        https://bugs.webkit.org/show_bug.cgi?id=155638

        Reviewed by Brent Fulgham.

        Test: mathml/mathml-in-html5/root-parameters-1.html

        We make the radical vertical gap depends on displaystyle.
        This is the only remaining step to use all the Radical* constants from the MATH table.
        We also introduce a ruleThicknessFallback function for future use.

        * rendering/mathml/RenderMathMLBlock.h:
        (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
        calculation is used in several places.
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
        add more comments and take into account the displaystyle for the vertical gap.

2016-07-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202967.
        https://bugs.webkit.org/show_bug.cgi?id=159556

        This patch caused crashes in https tests on Windows (Requested
        by perarne on #webkit).

        Reverted changeset:

        "[Win] The test http/tests/security/contentSecurityPolicy
        /upgrade-insecure-requests/basic-upgrade.https.html is
        failing."
        https://bugs.webkit.org/show_bug.cgi?id=159510
        http://trac.webkit.org/changeset/202967

2016-07-08  Youenn Fablet  <youenn@apple.com>

        Generate WebCore builtin wrapper files
        https://bugs.webkit.org/show_bug.cgi?id=159461

        Reviewed by Brian Burg.

        No change of behavior.

        Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
        The generator is now passed all built-ins at once so that wrapper files can be generated.
        Removing WebCoreJSBuiltins* checked-in wrapper files.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
        * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
        * bindings/js/WebCoreJSBuiltins.cpp: Removed.
        * bindings/js/WebCoreJSBuiltins.h: Removed.

2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Inline size is never indefinite during layout
        https://bugs.webkit.org/show_bug.cgi?id=159253

        Reviewed by Sergio Villar Senin.

        The issue is that the inline size of the grid container
        is only indefinite while we're computing the intrinsic sizes.
        During layout we should be able to resolve the percentage tracks
        against that size. This makes Grid Layout compatible with regular blocks
        regarding how inline percentages are resolved.

        The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
        That way we can know if we're computing the intrinsic sizes or not.

        Test: fast/css-grid-layout/grid-container-percentage-columns.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeTrackSizesForDirection):
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::gridTrackSize):
        (WebCore::RenderGrid::minSizeForChild):
        (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
        (WebCore::RenderGrid::rawGridTrackSize): Deleted.
        * rendering/RenderGrid.h:

2016-07-08  Frederic Wang  <fwang@igalia.com>

        Use OpenType MATH constant AxisHeight.
        https://bugs.webkit.org/show_bug.cgi?id=133567

        Reviewed by Brent Fulgham.

        We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
        These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.

        Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
              imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html

        * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
        for its vertical alignment and update a bit the comments.
        (WebCore::axisHeight): Move the code in a static function that can be called by
        RenderMathMLBlock and RenderMathMLTable.
        (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
        (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::stretchTo):

2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Disallow repeat() in grid-template shorthand
        https://bugs.webkit.org/show_bug.cgi?id=159200

        Reviewed by Sergio Villar Senin.

        As discussed on www-style, "repeat()" notation shouldn't be allowed
        in the ASCII branch of the grid-template shorthand.
        https://lists.w3.org/Archives/Public/www-style/2016May/0193.html

        The patch uses an enum to invalidate "repeat()" when parsing
        the grid-template shorthand.

        Test: fast/css-grid-layout/grid-template-shorthand-get-set.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
        (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
        when calling parseGridTemplateColumns().
        (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
        * css/CSSParser.h: Define the new enum and modify method signatures to use it,
        setting it to "AllowRepeat" by default.

2016-07-08  Frederic Wang  <fwang@igalia.com>

        Add support for movablelimits.
        https://bugs.webkit.org/show_bug.cgi?id=155542

        Reviewed by Brent Fulgham.

        Tests: mathml/presentation/displaystyle-1.html
               mathml/presentation/displaystyle-2.html
               mathml/presentation/displaystyle-3.html
               mathml/presentation/mo-movablelimits-default.html
               mathml/presentation/mo-movablelimits-dynamic.html
               mathml/presentation/mo-movablelimits.html

        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
        * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
        * rendering/mathml/MathMLStyle.cpp:
        (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
        displaystyle value change.
        * rendering/mathml/RenderMathMLOperator.h:
        (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
        should have his limits moved when used as a base of munder/mover/munderover.
        * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
        this class and take the same behavior as the corresponding msubsup/msub/sup except for
        the *scriptshift attributes.
        (WebCore::RenderMathMLScripts::RenderMathMLScripts):
        (WebCore::RenderMathMLScripts::getBaseAndScripts):
        (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
        (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
        (WebCore::RenderMathMLScripts::layoutBlock):
        * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
        by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
        RenderMathMLScripts to initialize m_kind.
        (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
        should move its limits.
        (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
        RenderMathMLScripts when the base should move its limits.
        (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
        the base should move its limits. Also improve the early return for invalid markup.
        (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
        (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
        * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
        just remove members that exist in the parent. We define shouldMoveLimits() to determine
        when the layout should be done the same as RenderMathMLScripts. For now, we try and be
        safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.

2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Clean up PassRefPtr in Modules/webaudio
        https://bugs.webkit.org/show_bug.cgi?id=159540

        Reviewed by Alex Christensen.

        Purge PassRefPtr in webaudio directory.

        No new tests, no behavior changes.

        * Modules/webaudio/AsyncAudioDecoder.h:
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioBuffer.h:
        * Modules/webaudio/AudioBufferSourceNode.h:
        * Modules/webaudio/AudioListener.h:
        * Modules/webaudio/AudioParam.h:
        * Modules/webaudio/AudioParamTimeline.h:
        (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
        * Modules/webaudio/AudioProcessingEvent.cpp:
        (WebCore::AudioProcessingEvent::AudioProcessingEvent):
        * Modules/webaudio/AudioProcessingEvent.h:
        (WebCore::AudioProcessingEvent::create):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/GainNode.h:
        * Modules/webaudio/MediaElementAudioSourceNode.h:
        * Modules/webaudio/MediaStreamAudioDestinationNode.h:
        * Modules/webaudio/MediaStreamAudioSource.cpp:
        (WebCore::MediaStreamAudioSource::addAudioConsumer):
        * Modules/webaudio/MediaStreamAudioSource.h:
        * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
        (WebCore::OfflineAudioCompletionEvent::create):
        (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
        * Modules/webaudio/OfflineAudioCompletionEvent.h:
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        * Modules/webaudio/OscillatorNode.h:
        * Modules/webaudio/PeriodicWave.h:
        * Modules/webaudio/ScriptProcessorNode.h:

2016-07-07  Per Arne Vollan  <pvollan@apple.com>

        [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
        https://bugs.webkit.org/show_bug.cgi?id=159510

        Reviewed by Brent Fulgham.

        On Windows, validate certificate chain even when any https certificate is allowed.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):

2016-07-07  Frederic Wang  <fwang@igalia.com>

        Bug 155792 - Basic implementation of mpadded
        https://bugs.webkit.org/show_bug.cgi?id=155792

        Reviewed by Brent Fulgham.

        We implement a basic support for the mpadded element.
        We support most of the attribute values except pseudo-units or negative values.

        Tests: mathml/presentation/mpadded-1-2.html
               mathml/presentation/mpadded-1.html
               mathml/presentation/mpadded-2.html
               mathml/presentation/mpadded-3.html
               mathml/presentation/mpadded-unsupported-values.html
               mathml/presentation/mpadded-dynamic.html

        * CMakeLists.txt: Add RenderMathMLPadded to the build system.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
        for mpadded.
        * mathml/mathattrs.in: Add voffset attribute.
        * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
        * rendering/mathml/RenderMathMLPadded.cpp: Added.
        We do a simple implementation by overriding the behavior of RenderMathMLRow and forcing
        relayout after attribute or style change.
        (WebCore::RenderMathMLPadded::RenderMathMLPadded):
        (WebCore::RenderMathMLPadded::computePreferredLogicalWidths):
        (WebCore::RenderMathMLPadded::layoutBlock):
        (WebCore::RenderMathMLPadded::updateFromElement):
        (WebCore::RenderMathMLPadded::styleDidChange):
        (WebCore::RenderMathMLPadded::firstLineBaseline):
        * rendering/mathml/RenderMathMLPadded.h: Added.

2016-07-07  Frederic Wang  <fwang@igalia.com>

        Move MathML-specific code into a separate accessibility class
        https://bugs.webkit.org/show_bug.cgi?id=159213

        Reviewed by Chris Fleizach.

        Currently, MathML accessibility is completely handled in the generic AccessibilityRenderObject
        and it's sometimes messy and unconvenient. Hence we move most of the MathML-specific code
        into a separate AccessibilityMathMLElement class to facilitate future work and maintenance.

        No new tests, already covered by existing tests.

        * CMakeLists.txt: Add new AccessibilityMathMLElement module.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * accessibility/AccessibilityAllInOne.cpp: Ditto.
        * accessibility/AXObjectCache.cpp: Add MathML headers and create AccessibilityMathMLElement.
        (WebCore::createFromRenderer): Create AccessibilityMathMLElement for MathML elements and
        anonymous operators created by the mfenced element.
        * accessibility/AccessibilityMathMLElement.cpp: Added. This class handles all the MathML
        elements as well as the anonymous operators created by the mfenced element. A boolean is
        passed to the constructor to indicate whether we are in the latter case.
        (WebCore::AccessibilityMathMLElement::AccessibilityMathMLElement):
        (WebCore::AccessibilityMathMLElement::~AccessibilityMathMLElement):
        (WebCore::AccessibilityMathMLElement::create):
        (WebCore::AccessibilityMathMLElement::determineAccessibilityRole): Move handling of specific
        MathElementRole and DocumentMathRole here.
        (WebCore::AccessibilityMathMLElement::textUnderElement): Move retrieval of text from the
        anonymous operators here.
        (WebCore::AccessibilityMathMLElement::stringValue): Ditto.
        (WebCore::AccessibilityMathMLElement::isIgnoredElementWithinMathTree): Move the determination
        of ignored math elements here.
        (WebCore::AccessibilityMathMLElement::isMathFraction): Moved from AccessibilityRenderObject.
        (WebCore::AccessibilityMathMLElement::isMathFenced): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathSubscriptSuperscript): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathRow): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathUnderOver): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathSquareRoot): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathToken): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathRoot): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathOperator): Ditto.
        (WebCore::AccessibilityMathMLElement::isAnonymousMathOperator): Move the determination of
        anonymous operators here. We now just return the boolean passed at creation time.
        (WebCore::AccessibilityMathMLElement::isMathFenceOperator): Moved from
        AccessibilityRenderObject.
        (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathText): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathNumber): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathIdentifier): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathMultiscript): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathTable): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathTableRow): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathTableCell): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathScriptObject): Ditto.
        (WebCore::AccessibilityMathMLElement::isMathMultiscriptObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathRadicandObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathRootIndexObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathNumeratorObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathDenominatorObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathUnderObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathOverObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathBaseObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathSubscriptObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathSuperscriptObject): Ditto.
        (WebCore::AccessibilityMathMLElement::mathFencedOpenString): Ditto.
        (WebCore::AccessibilityMathMLElement::mathFencedCloseString): Ditto.
        (WebCore::AccessibilityMathMLElement::mathPrescripts): Ditto.
        (WebCore::AccessibilityMathMLElement::mathPostscripts): Ditto.
        (WebCore::AccessibilityMathMLElement::mathLineThickness): Ditto.
        * accessibility/AccessibilityMathMLElement.h: Added.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree): The cases of
        AccessibilityMathMLElement objects are now handled in the derived class. We remove the case
        of text node since the MathML code no longer creates anonymous text nodes after r202420.
        Anonymous block inserted into RenderMathMLBlocks to honor CSS rules are not AccessibilityMathMLElements
        and it does not seem safe to modify AXObjectCache::createFromRenderer to force that. Hence
        we still need to be handle them here.
        (WebCore::AccessibilityRenderObject::textUnderElement): This code is moved into AccessibilityMathMLElement.
        (WebCore::AccessibilityRenderObject::stringValue): Ditto.
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
        (WebCore::AccessibilityRenderObject::isMathElement): Deleted.
        (WebCore::AccessibilityRenderObject::isMathFraction): Deleted.
        (WebCore::AccessibilityRenderObject::isMathFenced): Deleted.
        (WebCore::AccessibilityRenderObject::isMathSubscriptSuperscript): Deleted.
        (WebCore::AccessibilityRenderObject::isMathRow): Deleted.
        (WebCore::AccessibilityRenderObject::isMathUnderOver): Deleted.
        (WebCore::AccessibilityRenderObject::isMathSquareRoot): Deleted.
        (WebCore::AccessibilityRenderObject::isMathToken): Deleted.
        (WebCore::AccessibilityRenderObject::isMathRoot): Deleted.
        (WebCore::AccessibilityRenderObject::isMathOperator): Deleted.
        (WebCore::AccessibilityRenderObject::isAnonymousMathOperator): Deleted.
        (WebCore::AccessibilityRenderObject::isMathFenceOperator): Deleted.
        (WebCore::AccessibilityRenderObject::isMathSeparatorOperator): Deleted.
        (WebCore::AccessibilityRenderObject::isMathText): Deleted.
        (WebCore::AccessibilityRenderObject::isMathNumber): Deleted.
        (WebCore::AccessibilityRenderObject::isMathIdentifier): Deleted.
        (WebCore::AccessibilityRenderObject::isMathMultiscript): Deleted.
        (WebCore::AccessibilityRenderObject::isMathTable): Deleted.
        (WebCore::AccessibilityRenderObject::isMathTableRow): Deleted.
        (WebCore::AccessibilityRenderObject::isMathTableCell): Deleted.
        (WebCore::AccessibilityRenderObject::isMathScriptObject): Deleted.
        (WebCore::AccessibilityRenderObject::isMathMultiscriptObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathRadicandObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathRootIndexObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathNumeratorObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathDenominatorObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathUnderObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathOverObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathBaseObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathSubscriptObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathSuperscriptObject): Deleted.
        (WebCore::AccessibilityRenderObject::mathFencedOpenString): Deleted.
        (WebCore::AccessibilityRenderObject::mathFencedCloseString): Deleted.
        (WebCore::AccessibilityRenderObject::mathPrescripts): Deleted.
        (WebCore::AccessibilityRenderObject::mathPostscripts): Deleted.
        (WebCore::AccessibilityRenderObject::mathLineThickness): Deleted.
        * accessibility/AccessibilityRenderObject.h: Remove declarations of functions that are now
        overridden in AccessibilityMathMLElement. Make isIgnoredElementWithinMathTree virtual so that
        it can be reimplemented in AccessibilityMathMLElement.

2016-07-07  Frederic Wang  <fwang@igalia.com>

        Implement an internal style property for displaystyle.
        https://bugs.webkit.org/show_bug.cgi?id=133845

        Reviewed by Brent Fulgham.

        Tests: mathml/opentype/large-operators-displaystyle-dynamic.html
               mathml/opentype/large-operators-displaystyle.html

        This is based on a patch by Alejandro G. Castro <alex@igalia.com>

        * CMakeLists.txt: Add MathMLStyle to the build system.
        * WebCore.xcodeproj/project.pbxproj: ditto.
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::parseAttribute): Resolve the mathml style when the
        displaystyle attribute changes on the mtable or mstyle elements.
        * mathml/MathMLInlineContainerElement.h: Define parseAttribute.
        * mathml/MathMLMathElement.cpp:
        (WebCore::MathMLMathElement::MathMLMathElement): Indicate that we have custom style.
        (WebCore::MathMLMathElement::parseAttribute): Resolve the mathml style when the display or
        displaystyle attributes change on the math element.
        (WebCore::MathMLMathElement::didAttachRenderers): Resolve the mathml style when one
        renderer is attached.
        * mathml/MathMLMathElement.h: Declare parseAttribute and didAttachRenderers.
        * mathml/mathattrs.in: Declare the display and displaystyle attributes.
        * rendering/mathml/MathMLStyle.cpp: Added.
        (WebCore::MathMLStyle::MathMLStyle): New class to handle custom MathML style.
        (WebCore::MathMLStyle::create):
        (WebCore::MathMLStyle::setDisplayStyle): Helper function to take the displaystyle from
        the specified rendered.
        (WebCore::MathMLStyle::resolveMathMLStyleTree): Helper function to resolve the custom
        MathML style in renderer subtree.
        (WebCore::MathMLStyle::getMathMLParentNode): Helper function to get a MathML ancestor of
        the specified renderer.
        (WebCore::MathMLStyle::updateStyleIfNeeded): Helper function to update the style of the
        specified renderer if needed.
        (WebCore::MathMLStyle::resolveMathMLStyle): Resolve the MathML style of a given renderer.
        For displaystyle, we inherit the value of the parent except for the cases mentioned in the
        MathML recommendation.
        * rendering/mathml/MathMLStyle.h: New class header for custom MathML style.
        Only displaystyle is supported for now.
        * rendering/mathml/RenderMathMLBlock.cpp: Add a member and getter for custom MathML style.
        (WebCore::RenderMathMLBlock::RenderMathMLBlock):
        * rendering/mathml/RenderMathMLBlock.h: ditto.
        (WebCore::RenderMathMLBlock::mathMLStyle):
        * rendering/mathml/RenderMathMLMath.h: Add definition to use the syntax is<RenderMathMLMath>.
        * rendering/mathml/RenderMathMLOperator.h:
        (WebCore::RenderMathMLOperator::isLargeOperatorInDisplayStyle): Do not rerturn true when
        the operator is not in displaystyle.
        * rendering/mathml/RenderMathMLRoot.h: Make updateStyle public, so that it can be called
        by MathMLStyle::updateStyleIfNeeded.
        * rendering/mathml/RenderMathMLUnderOver.h: Add definition to use the syntax
        is<RenderMathMLUnderOver>.

2016-07-07  Ryosuke Niwa  <rniwa@webkit.org>

        Replace scoped flag in Event by composed flag
        https://bugs.webkit.org/show_bug.cgi?id=158415

        Reviewed by Chris Dumez.

        Replace `scoped` flag with `composed` flag and negate its meaning per the latest spec:
        https://dom.spec.whatwg.org/#dom-event-composed
        https://github.com/w3c/webcomponents/issues/513

        In the old spec, every event was assumed to be "composed" (crosses shadow boundaries)
        by default and there was `scoped` flag which prevented the event from crossing bondaries,
        and there was a handful of events for which `scoped` was set true when dispatched by UA.

        In the new spec, every event is assumed to be "scoped" and a handful of user-initiated
        events set `composed` flag to true, which is also exposed in EventInit dictionary.
        `relatedTargetScoped` flag has been removed. New behavior is identical to when this flag
        was set to true.

        No new tests since existing tests are updated to test the new flag and behavior.

        * dom/CompositionEvent.cpp:
        (WebCore::CompositionEvent::isCompositionEvent): Added.
        * dom/CompositionEvent.h:
        * dom/Event.cpp:
        (WebCore::Event::Event): Initialize m_composed. Also re-ordered m_type and m_isInitialized
        for better packing.
        (WebCore::Event::composed): Renamed from Event::composed. We return true whenever composed
        is set to true in EventInit, or the engine is dispatching an user-initiated event listed in:
        https://github.com/w3c/webcomponents/issues/513#issuecomment-224183937
        as well as keypress, cut, paste, and, copy as discussed in:
        https://github.com/w3c/webcomponents/issues/513#issuecomment-230988170
        (WebCore::Event::isCompositionEvent): Added.
        * dom/Event.h:
        (WebCore::Event::composed): Added.
        (WebCore::Event::scoped): Deleted.
        (WebCore::Event::relatedTargetScoped): Deleted.
        (WebCore::Event): Reordered m_type and m_isInitialized for better packing. Added m_composed
        and removed m_scoped and m_relatedTargetScoped.
        * dom/Event.idl:
        * dom/EventPath.cpp:
        (WebCore::shouldEventCrossShadowBoundary): Returns true if the event did not originate from
        a shadow tree (this event entered the current shadow tree via a slot so we need to proceed with
        the normal bubble path outside the shadow tree) or composed flag is set true.
        (WebCore::EventPath::EventPath): m_event no longer exists, which was only used to get the value
        of relatedTargetScoped which has been removed.
        (WebCore::EventPath::setRelatedTarget): Behave as if relatedTargetScoped is always set true
        since the flag has been removed.
        * dom/EventPath.h:
        * dom/FocusEvent.cpp:
        (WebCore::FocusEvent::relatedTargetScoped): Deleted.
        * dom/FocusEvent.h:
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::relatedTargetScoped): Deleted.
        * dom/MouseEvent.h:

2016-07-07  Chris Dumez  <cdumez@apple.com>

        tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there are no rows / cells
        https://bugs.webkit.org/show_bug.cgi?id=159527
        <rdar://problem/27232261>

        Reviewed by Alex Christensen.

        tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there
        are no rows / cells:
        - https://html.spec.whatwg.org/multipage/tables.html#dom-tbody-deleterow
        - https://html.spec.whatwg.org/multipage/tables.html#dom-tr-deletecell

        Firefox and Chrome do not throw but WebKit was throwing.

        No new tests, rebaselined existing tests.

        * html/HTMLTableRowElement.cpp:
        (WebCore::HTMLTableRowElement::deleteCell):
        * html/HTMLTableSectionElement.cpp:
        (WebCore::HTMLTableSectionElement::deleteRow):

2016-07-07  Chris Dumez  <cdumez@apple.com>

        HTMLTitleElement.text should only account for direct children Text nodes
        https://bugs.webkit.org/show_bug.cgi?id=159536

        Reviewed by Ryosuke Niwa.

        HTMLTitleElement.text should only account for direct children Text nodes:
        - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
        - https://html.spec.whatwg.org/multipage/infrastructure.html#child-text-content

        Firefox and Chrome match the specification. However, WebKit accounted for all
        Text nodes that are descendants, not just children. This patch aligns our
        behavior with the specification and other browsers.

        No new tests, rebaselined existing tests.

        * html/HTMLTitleElement.cpp:
        (WebCore::HTMLTitleElement::text):

2016-07-07  Dean Jackson  <dino@apple.com>

        REGRESSION(r200769): animations are no longer overridden
        https://bugs.webkit.org/show_bug.cgi?id=159450
        <rdar://problem/27120570>

        Reviewed by Zalan Bujtas.

        The change in r200769 removed a lot of the prefixing variant
        handling, but unfortunately we can't be completely rid
        of it until we alias the prefixed transitions and animations
        to the non-prefixed form. For example, setting the prefixed
        shorthand has to reset the non-prefixed longhands.

        The fix was to explicitly call the variant forms when
        parsing such longhands, and make sure that MutableStyleProperties
        removes all prefixed variants when removing shorthands.

        The existing test was amended to cover this case:
        fast/css/shorthand-omitted-initial-value-overrides-shorthand.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseAnimationShorthand):
        (WebCore::CSSParser::addPropertyWithPrefixingVariant):
        (WebCore::CSSParser::parseTransitionShorthand):
        * css/CSSParser.h:
        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::removeShorthandProperty):

2016-07-07  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:

2016-07-07  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:

2016-07-07  Myles C. Maxfield  <mmaxfield@apple.com> and Frédéric Wang  <fred.wang@free.fr>

        [Font Loading] The callback passed to document.fonts.ready should always be called
        https://bugs.webkit.org/show_bug.cgi?id=158884

        Reviewed by Dean Jackson.

        The boolean was simply not being reset when loads start.

        Test: fast/text/font-face-set-ready-fire.html

        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::startedLoading):
        * css/FontFaceSet.h:

2016-07-07  Andy Estes  <aestes@apple.com>

        [Content Filtering] Load blocked pages more like other error pages are loaded
        https://bugs.webkit.org/show_bug.cgi?id=159485
        <rdar://problem/26014076>

        Reviewed by Brady Eidson.

        Content filter blocked pages were being loaded by cancelling the provisional load of the
        page that was blocked and then scheduling a navigation to the content filter error page.
        Some clients would not expect a new, Web process-initiated provisional navigation to start
        after a cancellation, though, and this would put them in a bad state.
        
        This patch changes blocked page loading to behave more like loading other error pages.
        Specifically:
        1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
        2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
           prevents FrameLoader from creating a new back-forward list item for the substitute data load.
        3. A substitute data load initiated by the client for the blocked URL is ignored if
           ContentFilter will display its own error page.
        4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
           since some clients expect this.

        Updated existing tests to capture frame load delegate callbacks and the back forward list.
        Added new API tests: ContentFiltering.LoadAlternate*.

        * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
        * Resources/ContentFilterBlockedPage.html: Added.
        * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
        already Blocked, so that we don't forget this ContentFilter was blocked when calling
        cancelMailResourceLoad() in didDecide().
        (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
        Created a blockedByContentFilterError() and called cancelMainResourceLoad().
        (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
        (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
        is for the same failingURL as the currently-displayed blocked page, ignore it.
        (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
        and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
        (WebCore::ContentFilter::unblockHandler): Deleted.
        (WebCore::ContentFilter::replacementData): Deleted.
        (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
        * loader/ContentFilter.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
        (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
        (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
        * loader/DocumentLoader.h:
        * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
        and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
        This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
        (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
        (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
        * loader/NavigationScheduler.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
        failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.

2016-07-07  Chris Dumez  <cdumez@apple.com>

        td / th should be exposed as HTMLTableCellElement objects
        https://bugs.webkit.org/show_bug.cgi?id=159518
        <rdar://problem/27225436>

        Reviewed by Ryosuke Niwa.

        td / th should be exposed as HTMLTableCellElement objects:
        - https://html.spec.whatwg.org/multipage/tables.html#the-td-element
        - https://html.spec.whatwg.org/multipage/tables.html#the-th-element

        We were using HTMLTableDataCellElement / HTMLTableHeaderCellElement
        sub-types.

        Firefox and Chrome match the current specification.

        We actually introduced these types recently via Bug 148859 to align
        with an older version of the HTML specification. However, it seems the
        specification has been updated to match Firefox / Chrome in the mean
        time.

        Since we have not shipped those subtypes yet, the compatibility risk is
        low.

        No new tests, rebaselined existing tests.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLElementsAllInOne.cpp:
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::create):
        (WebCore::HTMLTableCellElement::scope):
        (WebCore::HTMLTableCellElement::setScope):
        (WebCore::HTMLTableCellElement::setRowSpanForBindings): Deleted.
        * html/HTMLTableCellElement.h:
        * html/HTMLTableCellElement.idl:
        * html/HTMLTableDataCellElement.h: Removed.
        * html/HTMLTableDataCellElement.idl: Removed.
        * html/HTMLTableHeaderCellElement.cpp: Removed.
        * html/HTMLTableHeaderCellElement.h: Removed.
        * html/HTMLTableHeaderCellElement.idl: Removed.
        * html/HTMLTableRowElement.cpp:
        (WebCore::HTMLTableRowElement::insertCell):
        * html/HTMLTagNames.in:

2016-07-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: When IDBDatabase objects are garbage collected, they don't close their server connection.
        <rdar://problem/25910345> and https://bugs.webkit.org/show_bug.cgi?id=159523

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/gc-closes-database-private.html
               storage/indexeddb/modern/gc-closes-database.html

        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::IDBDatabase): New logging.
        (WebCore::IDBDatabase::~IDBDatabase): Close server connection.
        (WebCore::IDBDatabase::fireVersionChangeEvent): New logging.
        (WebCore::IDBDatabase::dispatchEvent): New logging.

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::openDatabase): New logging.

2016-07-07  Frederic Wang  <fwang@igalia.com>

        Refactor layout functions to avoid using flexbox in MathML
        https://bugs.webkit.org/show_bug.cgi?id=153991

        Reviewed by Brent Fulgham.

        No new tests, already covered by existing tests.

        * css/mathml.css:
        (math): Change inline mathematical formulas from inline-flex to inline.
        (math[display="block"]): Change display mathematical formulas from flex to block and
        remove flexbox property justify-content.
        (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts,
         mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle)
         menclose, semantics, mpadded, maction): In order to render properly, all children of the
         classes derived from RenderMathMLBlock must now be block-level. So we add more elements in
         this list and update the display property.
        (mtd > *): However, we use inline-block for children of the cell so that the text-align
         property is taken into account.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeLogicalWidthInRegion): Add a special case for RenderMathMLBlock
        to preserve the old behavior.
        (WebCore::RenderBox::sizesLogicalWidthToFitContent): Ditto.
        * rendering/RenderFlexibleBox.h: No need to override layoutBlock anymore.
        * rendering/mathml/RenderMathMLBlock.cpp: Include LayoutRepainter header for use in layoutBlock.
        (WebCore::RenderMathMLBlock::RenderMathMLBlock): Inherit from RenderBlock and ensure that
        our children are block-level.
        (WebCore::RenderMathMLBlock::~RenderMathMLBlock): Added.
        (WebCore::RenderMathMLBlock::baselinePosition): If the baselinefirstLineBaseline() is
        undefined, just returns 0.
        (WebCore::RenderMathMLBlock::paint): Call RenderBlock::paint.
        (WebCore::RenderMathMLBlock::layoutItems): Implement a simplified version of
        RenderFlexibleBox::layoutItems where we assume horizontal layout for all children.
        (WebCore::RenderMathMLBlock::layoutBlock): Add a basic implementation based on
        RenderFlexibleBox::layoutBlock.
        (WebCore::RenderMathMLBlock::renderName): Deleted. There is now a simple implementation in the header.
        * rendering/mathml/RenderMathMLBlock.h: Use RenderBlock instead of RenderFlexibleBox and
        define layout functions. Define avoidsFloats and canDropAnonymousBlockChild to preserve
        the old behavior and remove isFlexibleBoxImpl.
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::createMathMLOperator): Use block for anonymous RenderMathMLOperator.
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::layoutRowItems): No need to handle the flexbox case anymore.
        (WebCore::RenderMathMLRow::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
        * rendering/mathml/RenderMathMLRow.h:
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
        * rendering/mathml/RenderMathMLFraction.h:
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
        * rendering/mathml/RenderMathMLScripts.h:
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
        * rendering/mathml/RenderMathMLUnderOver.h:

2016-07-07  Antti Koivisto  <antti@apple.com>

        REGRESSION (r199054): CrashTracer: [USER] parseWebKit at WebCore: WebCore::RenderBlockFlow::checkFloatsInCleanLine + 107
        https://bugs.webkit.org/show_bug.cgi?id=159519

        Reviewed by Zalan Bujtas.

        Test: fast/inline/trailing-floats-inline-crash.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::checkFloatsInCleanLine):

            Use the existing deletionHasBegun bit in RenderStyle to assert against this reliably.

        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):

            In some cases a special TrailingFloatsRootInlineBox may be added as the last root linebox of a flow.
            If it is combined with br the existing invalidation that invalidates the next and previous line may
            not be sufficient. Test for this case and invalidate the TrailingFloatsRootInlineBox too if it exists.

        * rendering/RootInlineBox.h:
        (WebCore::RootInlineBox::isTrailingFloatsRootInlineBox):
        * rendering/TrailingFloatsRootInlineBox.h:
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::deletionHasBegun):

            Expose the bit in debug.

2016-07-07  Alex Christensen  <achristensen@webkit.org>

        Use SocketProvider to create WebSocketChannels
        https://bugs.webkit.org/show_bug.cgi?id=158776

        Reviewed by Brent Fulgham.

        This patch should have no change in behavior except making an InvalidStateError in
        conditions where we should not be able to do networking, like in a detached frame.
        It just replaces ThreadableWebSocketChannel::create with SocketProvider::createWebSocketChannel
        which does the same thing as ThreadableWebSocketChannel::create for Mac and 
        Windows WebKit1.  The WebKit2 implementation is the same right now, but it will
        be replaced by a proxy that will do the WebSocket operations in the NetworkProcess.

        * Modules/websockets/ThreadableWebSocketChannel.cpp: Removed.
        * Modules/websockets/ThreadableWebSocketChannel.h:
        (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect):
        * Modules/websockets/WebSocketChannel.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::idbConnectionProxy):
        (WebCore::Document::socketProvider):
        (WebCore::Document::canNavigate):
        * dom/Document.h:
        (WebCore::Document::notifyRemovePendingSheetIfNeeded):
        * dom/ScriptExecutionContext.h:
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::overlayPage):
        * loader/EmptyClients.cpp:
        (WebCore::EmptyEditorClient::registerRedoStep):
        (WebCore::EmptySocketProvider::createWebSocketChannel):
        * loader/EmptyClients.h:
        * page/Page.h:
        * page/PageConfiguration.cpp:
        (WebCore::PageConfiguration::PageConfiguration):
        * page/PageConfiguration.h:
        * page/SocketProvider.h:
        (WebCore::SocketProvider::~SocketProvider):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::dataChanged):
        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::create):
        (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope):
        * workers/DedicatedWorkerGlobalScope.h:
        * workers/DedicatedWorkerThread.cpp:
        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope):
        (WebCore::DedicatedWorkerThread::runEventLoop):
        * workers/DedicatedWorkerThread.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope):
        (WebCore::WorkerGlobalScope::disableEval):
        (WebCore::WorkerGlobalScope::socketProvider):
        (WebCore::WorkerGlobalScope::idbConnectionProxy):
        * workers/WorkerGlobalScope.h:
        (WebCore::WorkerGlobalScope::script):
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
        (WebCore::WorkerThread::WorkerThread):
        (WebCore::WorkerThread::idbConnectionProxy):
        (WebCore::WorkerThread::socketProvider):
        * workers/WorkerThread.h:
        (WebCore::WorkerThread::workerGlobalScope):

2016-07-07  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202905 and r202911.
        https://bugs.webkit.org/show_bug.cgi?id=159522

        This test is fails on El Capitan and Sierra WK1 (Requested by
        ryanhaddad on #webkit).

        Reverted changesets:

        "Add a test for media control dropoff"
        https://bugs.webkit.org/show_bug.cgi?id=151287
        http://trac.webkit.org/changeset/202905

        "Add a test for media control dropoff"
        https://bugs.webkit.org/show_bug.cgi?id=151287
        http://trac.webkit.org/changeset/202911

2016-07-07  Antoine Quint  <graouts@apple.com>

        <img> with a wide gamut PDF does not display using a wide gamut color space
        https://bugs.webkit.org/show_bug.cgi?id=158983
        <rdar://problem/25720247>

        Reviewed by Dean Jackson.

        Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
        color space will now infer the color space from the provided graphics context
        on platforms using CG. The method signature that takes in a GraphicsContext
        without a color space is now split into a CG-specified implementation and a
        Cairo one to avoid having diverging platform code in ImageBuffer.cpp.

        Some call sites need to provide an explicit color space still, so we add a new
        ImageBuffer::createCompatibleBuffer() that allows for that while inferring
        sizing and scaling from a GraphicsContext.
        
        All signatures of ImageBuffer::createCompatibleBuffer() are losing the
        hasAlpha parameter which was always ignored. All call sites that were using
        hasAlpha have been updated.

        In addition, we make all the IOSurface and IOSurfacePool code, which is
        CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
        so that we may pick up on the color space copied over from the graphics context
        in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::drawPattern):
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::drawPattern):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/NamedImageGeneratedImage.cpp:
        (WebCore::NamedImageGeneratedImage::drawPattern):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::surfaceMatchesParameters):
        (WebCore::IOSurfacePool::takeSurface):
        * platform/graphics/cg/IOSurfacePool.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        (WebCore::ImageBuffer::ImageBuffer):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceFromPool):
        (WebCore::IOSurface::create):
        (WebCore::IOSurface::createFromSendRight):
        (WebCore::IOSurface::createFromSurface):
        (WebCore::IOSurface::createFromImage):
        (WebCore::IOSurface::IOSurface):
        (WebCore::IOSurface::ensurePlatformContext):
        * platform/mac/ThemeMac.mm:
        (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
        * platform/spi/cg/CoreGraphicsSPI.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::bufferForeground):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer):

2016-07-07  Beth Dakin  <bdakin@apple.com>

        All fullscreen videos should be able the control the controls manager
        https://bugs.webkit.org/show_bug.cgi?id=159496
        -and corresponding-
        rdar://problem/27009446

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::fullscreenModeChanged):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::canControlControlsManager):

2016-07-07  Jer Noble  <jer.noble@apple.com>

        Crash due to HTMLMediaElement at JavaScriptCore: JSC::JSLockHolder::JSLockHolder
        https://bugs.webkit.org/show_bug.cgi?id=159517
        <rdar://problem/27221109>

        Reviewed by Eric Carlson.

        When WebKit on iOS gets a notification that the UIProcess has been backgrounded, it sends an
        interruption event to the WebProcess to pause any playing HTMLMediaElements. When the
        elements which get this interruption have pending promises created during a previous call to
        play(), these promises get rejected.

        However, if the HTMLMediaElement's document has already been destroyed, the pending Promises
        are in an inconsistent state: their script execution context (the document) has been
        destroyed, leading to the crash in JSLockHolder.

        When HTMLMediaElement is notified that its ScriptExecutionContext has been destroyed, also
        clear the list of pending Promises.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::contextDestroyed):

2016-07-05  Jer Noble  <jer.noble@apple.com>

        Facebook videos without audio tracks will sometimes cause playback controls to appear.
        https://bugs.webkit.org/show_bug.cgi?id=159437

        Reviewed by Eric Carlson.

        Because updatePlaybackControlsManager() will cause the session manager to walk through all
        the outstanding sessions asking if it canControlControlsManager(), some sessions will say
        they can control the controls manager if we are currently processing a user gesture. This is
        obviously not intended (there may be a user gesture to un-mute video 1, but an unrelated
        video 2 should not be allowed to use that use gesture to fulfill its own requirements.)

        So in those situations where conditions may have changed and updatePlaybackControlsManager()
        needs to be called, instead schedule the update for the next run loop.
        
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setMuted):
        (WebCore::HTMLMediaElement::layoutSizeChanged):
        (WebCore::HTMLMediaElement::updatePlayState):
        (WebCore::HTMLMediaElement::createMediaPlayer):
        (WebCore::HTMLMediaElement::scheduleUpdatePlaybackControlsManager):
        * html/HTMLMediaElement.h:

2016-07-07  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix after r202908. Fix the webPlaybackSessionInterfaceMac @property.

        * platform/mac/WebPlaybackControlsManager.h:
        * platform/mac/WebPlaybackControlsManager.mm:

2016-07-07  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Response constructor should throw in case of bad reason phrase
        https://bugs.webkit.org/show_bug.cgi?id=159508

        Reviewed by Alex Christensen.

        Covered by rebased test.

        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::initializeWith): Validating reason phrase with new routine.
        Throwing a TypeError in case of error.
        * platform/network/HTTPParsers.cpp:
        (WebCore::isValidReasonPhrase): Added to validate reason phrase according
        https://tools.ietf.org/html/rfc7230#section-3.1.2
        * platform/network/HTTPParsers.h:

2016-07-07  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Response.redirect should throw a RangeError in case of bad status code
        https://bugs.webkit.org/show_bug.cgi?id=159507

        Reviewed by Alex Christensen.

        Covered by rebased test.

        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::redirect): Throw a RangeError in case of bad status.

2016-07-05  Jer Noble  <jer.noble@apple.com>

        Ownership between WebPlaybackSessionInterfaceMac and WebPlaybackControlsManager is backwards.
        https://bugs.webkit.org/show_bug.cgi?id=159441

        Reviewed by Eric Carlson.

        The WebPlaybackControlsManager should own the WebPlaybackSessionInterfaceMac, and not
        vice versa.

        * platform/mac/WebPlaybackControlsManager.h:
        * platform/mac/WebPlaybackControlsManager.mm:
        (-[WebPlaybackControlsManager webPlaybackSessionInterfaceMac]):
        (-[WebPlaybackControlsManager setWebPlaybackSessionInterfaceMac:]):
        * platform/mac/WebPlaybackSessionInterfaceMac.h:
        * platform/mac/WebPlaybackSessionInterfaceMac.mm:
        (WebCore::WebPlaybackSessionInterfaceMac::playBackControlsManager):

2016-07-07  Eric Carlson  <eric.carlson@apple.com>

        Add a test for media control dropoff
        https://bugs.webkit.org/show_bug.cgi?id=151287
        <rdar://problem/23544666>

        Reviewed by Antoine Quint.

        Test: media/controls/inline-elements-dropoff-order.html

        * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.

2016-07-07  Miguel Gomez  <magomez@igalia.com>

        [GTK] Painting a video into a canvas doesn't work when accelerated compositing is enabled
        https://bugs.webkit.org/show_bug.cgi?id=159405

        Reviewed by Xabier Rodriguez-Calvar.

        Implement video frame painting to the canvas when accelerated compositing is enabled.

        Already covered by existent tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        Replace custom enumeration for the video rotation with the ImageOrientation class.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
        Replace the orientation value comparison with ImageOrientation::usesWidthAsHeight().
        (WebCore::MediaPlayerPrivateGStreamerBase::paint):
        Perform the frame painting taking into account the video orientation tag.
        (WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
        Rotate the native image before returning it.
        (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceOrientation):
        Replace custom enumeration for the video rotation with the ImageOrientation class.
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase): Deleted.
        Remove orientation initialization.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        Remove custom enumeration for the video orientation.

2016-07-07  Philippe Normand  <pnormand@igalia.com>

        [GStreamer][GL] switch to appsink
        https://bugs.webkit.org/show_bug.cgi?id=159466

        Reviewed by Carlos Garcia Campos.

        Fakesink is mostly used for tests. Appsink provides the same
        functionality and is actually meant to be used on application
        side.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        (WebCore::newSampleCallback):
        (WebCore::newPrerollCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
        (WebCore::MediaPlayerPrivateGStreamerBase::drawCallback): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

2016-07-06  Chris Dumez  <cdumez@apple.com>

        Document.title setter does not work for SVG documents
        https://bugs.webkit.org/show_bug.cgi?id=159503
        <rdar://problem/27212313>

        Reviewed by Ryosuke Niwa.

        Document.title setter should work for SVG documents:
        - https://html.spec.whatwg.org/multipage/dom.html#document.title

        This patch aligns our behavior with the specification
        and with Firefox / Chrome.

        No new tests, rebaselined existing test.

        * dom/Document.cpp:
        (WebCore::Document::setTitle):
        - Reverse the if conditions for clarity.
        - If the document element is an SVG svg element, create a
          SVGTitleElement and insert it as first child of the
          document element.
        - Call SVGTitleElement::setText() instead of
          HTMLTitleElement::setText() at the end of the method if
          m_titleElement is a SVGTitleElement.

        (WebCore::Document::updateTitleElement):
        - If document element is an SVG svg element, use the first
          child of the document element that is a SVGTitleElement.

        * svg/SVGTitleElement.cpp:
        (WebCore::SVGTitleElement::setText):
        * svg/SVGTitleElement.h:
        Add SVGTitleElement::setText() method that does the same
        thing as HTMLTitleElement::setText().

2016-07-06  Chris Dumez  <cdumez@apple.com>

        Align Document.body setter with the HTML specification
        https://bugs.webkit.org/show_bug.cgi?id=159490

        Reviewed by Alex Christensen.

        Align Document.body setter with the HTML specification:
        - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body

        In particular, the following web-exposed changes were made:
        - It is now possible to set document.body to a frameset element.
        - We no longer call importNode() on the passed in body. Therefore,
          if the body comes from another document, its will be adopted /
          transferred rather than cloned.

        Both changes match the behavior of Firefox and Chrome.

        No new tests, updated / rebaselined existing tests.

        * dom/Document.cpp:
        (WebCore::Document::setBodyOrFrameset):

2016-07-06  Brady Eidson  <beidson@apple.com>

        Fix my bogus json I landed earlier today.

        * features.json:

2016-07-06  Benjamin Poulain  <bpoulain@apple.com>

        [JSC] Unify how we throw TypeError from C++
        https://bugs.webkit.org/show_bug.cgi?id=159500

        Reviewed by Saam Barati.

        * bindings/js/JSBiquadFilterNodeCustom.cpp:
        (WebCore::JSBiquadFilterNode::setType):
        * bindings/js/JSBlobCustom.cpp:
        (WebCore::constructJSBlob):
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::getBigIntegerVectorFromJSON):
        (WebCore::JSCryptoKeySerializationJWK::JSCryptoKeySerializationJWK):
        (WebCore::tryJWKKeyOpsValue):
        (WebCore::JSCryptoKeySerializationJWK::reconcileUsages):
        (WebCore::JSCryptoKeySerializationJWK::keyDataOctetSequence):
        (WebCore::JSCryptoKeySerializationJWK::keyDataRSAComponents):
        (WebCore::JSCryptoKeySerializationJWK::keyData):
        (WebCore::addJWKAlgorithmToJSON):
        (WebCore::JSCryptoKeySerializationJWK::serialize):
        * bindings/js/JSCryptoOperationData.cpp:
        (WebCore::cryptoOperationDataFromJSValue):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::enforceRange):
        (WebCore::throwTypeError):
        (WebCore::throwArgumentMustBeEnumError):
        (WebCore::throwArgumentMustBeFunctionError):
        (WebCore::throwArgumentTypeError):
        (WebCore::throwArrayElementTypeError):
        (WebCore::throwGetterTypeError):
        (WebCore::throwThisTypeError):
        * bindings/js/JSDataCueCustom.cpp:
        (WebCore::constructJSDataCue):
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::defineElement):
        * bindings/js/JSFileCustom.cpp:
        (WebCore::constructJSFile):
        * bindings/js/JSModuleLoader.cpp:
        (WebCore::JSModuleLoader::evaluate):
        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver):
        * bindings/js/JSOscillatorNodeCustom.cpp:
        (WebCore::JSOscillatorNode::setType):
        * bindings/js/JSPannerNodeCustom.cpp:
        (WebCore::JSPannerNode::setPanningModel):
        (WebCore::JSPannerNode::setDistanceModel):
        * bindings/js/JSReadableStreamPrivateConstructors.cpp:
        (WebCore::constructJSReadableStreamController):
        (WebCore::constructJSReadableStreamReader):
        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::cryptoKeyFormatFromJSValue):
        (WebCore::importKey):
        (WebCore::exportKey):
        * bindings/js/ReadableStreamController.cpp:
        (WebCore::ReadableStreamController::invoke):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::throwValidationError):
        (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
        * bridge/c/c_instance.cpp:
        (JSC::Bindings::CInstance::invokeMethod):
        * bridge/objc/objc_instance.mm:
        (ObjcInstance::invokeMethod):
        * bridge/objc/objc_runtime.mm:
        (JSC::Bindings::ObjcArray::setValueAt):

2016-07-06  Tim Horton  <timothy_horton@apple.com>

        Email from June 1st containing text 'Today @ 7:10PM' is linkified, but shouldn't be
        https://bugs.webkit.org/show_bug.cgi?id=159498
        <rdar://problem/26719903>

        Reviewed by Sam Weinig.

        New API test: WebKit2.DataDetectionReferenceDate

        * editing/cocoa/DataDetection.h:
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::detectContentInRange):
        Extract the reference date from the DataDetectors context dictionary if it exists,
        and pass it along to DataDetectors.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        * loader/FrameLoaderClient.h:
        Plumb the DataDetectors context dictionary through from WebPage.

2016-07-06  Chris Dumez  <cdumez@apple.com>

        [WK2][Cocoa] Disable ResourceResponse lazy initialization
        https://bugs.webkit.org/show_bug.cgi?id=159497
        <rdar://problem/27209066>

        Reviewed by Alex Christensen.

        Add method to Cocoa's ResponseResponse header to disable
        lazy initialization.

        * platform/network/cf/ResourceResponse.h:
        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::disableLazyInitialization):

2016-07-06  Brent Fulgham  <bfulgham@apple.com>

        Return values of JSArray::createUninitialized (and related) are not consistently checked for nullptr
        https://bugs.webkit.org/show_bug.cgi?id=159495
        <rdar://problem/26075433>

        Reviewed by Dean Jackson.

        Test: fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html

        * html/ImageData.cpp:
        (WebCore::ImageData::ImageData): Assert at construction if we could not create a valid
        buffer.
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::createArrayBuffer): Check for a null buffer before using it.
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::getData): Ditto.
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::platformApplySoftware): Ditto.
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::copyImageBytes): Ditto.
        (WebCore::FilterEffect::copyUnmultipliedImage): Ditto.
        (WebCore::FilterEffect::copyPremultipliedImage): Ditto.

2016-07-06  Chris Dumez  <cdumez@apple.com>

        Document.body should return the first child of the html element that is either a body / frameset element
        https://bugs.webkit.org/show_bug.cgi?id=159488

        Reviewed by Ryosuke Niwa.

        Document.body should return the first child of the html element that is
        either a body / frameset element:
        - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body
        - https://html.spec.whatwg.org/multipage/dom.html#the-body-element-2

        We used the first child of the *document* element that is either a
        body / frameset element, even if the document element is not an html
        element.

        Firefox and Chrome match the specification.

        Test: imported/w3c/web-platform-tests/html/dom/documents/dom-tree-accessors/Document.body.html

        * dom/Document.cpp:
        (WebCore::Document::bodyOrFrameset):

2016-07-06  Dean Jackson  <dino@apple.com>

        Adopt new PiP glyph
        https://bugs.webkit.org/show_bug.cgi?id=159494
        <rdar://problem/27061084>

        Reviewed by Ada Chan.

        We got new artwork for Picture-in-Picture on macOS from
        our designers.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-controls-panel .picture-in-picture-button):
        (video::-webkit-media-controls-panel .picture-in-picture-button.return-from-picture-in-picture):

2016-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202867.
        https://bugs.webkit.org/show_bug.cgi?id=159491

        This change caused an existing LayoutTest to crash on ios-
        simulator (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "<img> with a wide gamut PDF does not display using a wide
        gamut color space"
        https://bugs.webkit.org/show_bug.cgi?id=158983
        http://trac.webkit.org/changeset/202867

2016-07-06  Chris Dumez  <cdumez@apple.com>

        [ShadowDOM] assignedSlot property should be on Text, not CharacterData
        https://bugs.webkit.org/show_bug.cgi?id=159482
        <rdar://problem/27201687>

        Reviewed by Ryosuke Niwa.

        assignedSlot property should be on Text, not CharacterData as per:
        - https://dom.spec.whatwg.org/#mixin-slotable

        Align with the latest specification.

        No new tests, rebaselined existing test.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.idl:
        * dom/NonDocumentTypeChildNode.idl:
        * dom/Slotable.idl: Copied from Source/WebCore/dom/NonDocumentTypeChildNode.idl.
        * dom/Text.idl:

2016-07-06  Jeremy Jones  <jeremyj@apple.com>

        Do not animate video fullscreen exit when page has navigated away.
        https://bugs.webkit.org/show_bug.cgi?id=159479

        Reviewed by Eric Carlson.

        No new tests there is no effect on the DOM. The only effect is to video fullscreen window animation.

        When the page has been navigated away, the fullscreen or picture-in-picture window should
        not animate back inline in the page, since the page has already navigated to a new page.
        Instead exit the fullscreen mode without animating.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::exitFullscreen):

2016-07-06  Jeremy Jones  <jeremyj@apple.com>

        Signal that media element is prepared for inline when being stopped since script won't be able to.
        https://bugs.webkit.org/show_bug.cgi?id=159163
        rdar://problem/26844557

        Reviewed by Jer Noble.

        No new tests since this don't change behavior in the DOM. It prevents a race that could cause 
        fullscreen and picture in picture to fail to tear down completely.
  
        When an element exits a fullscreen mode and is immediately removed from the DOM by the page, 
        its JavaScript stops running. The fullscreen code is then blocked waiting for JS to signal 
        that it has updated its state in preparation for inline mode. This change explicitly signals
        this since JS wont be able to.

        Additionally, when going from PiP back to inline, don't go through fullscreen first, when the 
        request comes from the DOM. This was causing the presentation mode to become confused. The
        page requests inline. PiP would exit back to fullscreen and set the presentation mode to
        fullscreen. Then it would exit fullscreen back to inline, but the DOM still had the wrong
        presentation mode. Skipping this removes an unnecessary step in the animation and keeps the
        presentation mode state consistent.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Set prepared for inline.
        (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Return directly to inlne.

2016-07-06  Chris Dumez  <cdumez@apple.com>

        Add support for Node.isConnected
        https://bugs.webkit.org/show_bug.cgi?id=159474
        <rdar://problem/27197947>

        Reviewed by Ryosuke Niwa.

        Add support for Node.isConnected as per:
        - https://dom.spec.whatwg.org/#dom-node-isconnected

        Chrome already supports this.

        Test: imported/w3c/web-platform-tests/dom/nodes/Node-isConnected.html

        * dom/Node.idl:

2016-07-06  Brady Eidson  <beidson@apple.com>

        Update IndexedDB's status on the feature page (How had we not done this already?)

        Rubberstamped by Sam Weinig.

        * features.json:

2016-07-06  Antoine Quint  <graouts@apple.com>

        <img> with a wide gamut PDF does not display using a wide gamut color space
        https://bugs.webkit.org/show_bug.cgi?id=158983
        <rdar://problem/25720247>

        Reviewed by Tim Horton.

        Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
        color space will now infer the color space from the provided graphics context
        on platforms using CG. The method signature that takes in a GraphicsContext
        without a color space is now split into a CG-specified implementation and a
        Cairo one to avoid having diverging platform code in ImageBuffer.cpp.

        Some call sites need to provide an explicit color space still, so we add a new
        ImageBuffer::createCompatibleBuffer() that allows for that while inferring
        sizing and scaling from a GraphicsContext.
        
        All signatures of ImageBuffer::createCompatibleBuffer() are losing the
        hasAlpha parameter which was always ignored. All call sites that were using
        hasAlpha have been updated.

        In addition, we make all the IOSurface and IOSurfacePool code, which is
        CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
        so that we may pick up on the color space copied over from the graphics context
        in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal):
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::drawPattern):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/NamedImageGeneratedImage.cpp:
        (WebCore::NamedImageGeneratedImage::drawPattern):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::surfaceMatchesParameters):
        (WebCore::IOSurfacePool::takeSurface):
        * platform/graphics/cg/IOSurfacePool.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        (WebCore::ImageBuffer::ImageBuffer):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceFromPool):
        (WebCore::IOSurface::create):
        (WebCore::IOSurface::createFromSendRight):
        (WebCore::IOSurface::createFromSurface):
        (WebCore::IOSurface::createFromImage):
        (WebCore::IOSurface::IOSurface):
        (WebCore::IOSurface::ensurePlatformContext):
        * platform/mac/ThemeMac.mm:
        (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
        * platform/spi/cg/CoreGraphicsSPI.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::bufferForeground):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer):

2016-07-06  Tim Horton  <timothy_horton@apple.com>

        Long spin editing text at top of message containing Reader version of web page with many GIFs
        https://bugs.webkit.org/show_bug.cgi?id=159444
        <rdar://problem/26790386>

        Reviewed by Sam Weinig.

        * editing/cocoa/HTMLConverter.mm:
        (fileWrapperForElement):
        Instead of looking up the image's data in the cache by URL, just use the
        CachedImage on the HTMLImageElement. There are situations (which seem to involve
        cloning the DOM then having the cloned DOM get garbage collected) where the image
        can be removed from the cache, but still be live in the document.

2016-07-06  Brady Eidson  <beidson@apple.com>

        Hold RefPtr<>'s to UniqueIDBDatabases while performing user delete.
        https://bugs.webkit.org/show_bug.cgi?id=159471

        Reviewed by Brent Fulgham.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):

2016-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202725.
        https://bugs.webkit.org/show_bug.cgi?id=159473

        didn't reduce coreui memory usage (Requested by kling on
        #webkit).

        Reverted changeset:

        "[Mac] Get rid of the old timey rubber-banding linen pattern."
        https://bugs.webkit.org/show_bug.cgi?id=159329
        http://trac.webkit.org/changeset/202725

2016-07-06  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] duration query improvements
        https://bugs.webkit.org/show_bug.cgi?id=159458

        Reviewed by Carlos Garcia Campos.

        Currently the player caches the result of the duration query but
        this is overkill because it's cached by playbin already. The only
        time where the player needs to cache the duration is when EOS was
        reached because in that situation the query would fail.

        No new tests, existing media tests cover this patch.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Member variables update.
        (WebCore::MediaPlayerPrivateGStreamer::load): Stop the fill timer
        before loading a new URL, the same player can be used for
        different assets.
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition): Perform
        a duration query, the duration value is no longer locally cached.
        (WebCore::MediaPlayerPrivateGStreamer::duration): Return cached value only after EOS was reached.
        (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Perform
        a duration query, the duration value is no longer locally cached.
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::updateStates): Remove duration caching support.
        (WebCore::MediaPlayerPrivateGStreamer::didEnd): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::durationChanged): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::cacheDuration): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

2016-07-06  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Height percentages are not properly resolved for item's children
        https://bugs.webkit.org/show_bug.cgi?id=159258

        Reviewed by Sergio Villar Senin.

        When grid items are vertically stretched (default behavior)
        they store their height on RenderBox::overrideLogicalContentHeight().
        In order to resolve the percentage height on the grid item's children
        we need to use that size.

        Test: fast/css-grid-layout/percent-resolution-grid-item-children.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computePercentageLogicalHeight):

2016-07-06  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] Better guard TextureMapper header and CMake includes
        https://bugs.webkit.org/show_bug.cgi?id=159415

        Reviewed by Carlos Garcia Campos.

        * PlatformGTK.cmake: Only include TextureMapper.cmake if USE_TEXTURE_MAPPER is enabled.
        * platform/graphics/GraphicsContext3DPrivate.h: Guard texmap header inclusions with USE(TEXTURE_MAPPER).
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Ditto, but wrap it around
        the existing USE(TEXTURE_MAPPER_GL) block.

2016-07-05  Olivier Blin  <olivier.blin@softathome.com>

        [GStreamer] Do not build MediaPlayerPrivateGStreamerOwr when VIDEO is disabled
        https://bugs.webkit.org/show_bug.cgi?id=159425

        Reviewed by Philippe Normand.

        MediaPlayer backends are useful and can be built only when VIDEO is enabled.

        No new tests, behavior is unchanged.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:

2016-07-05  Per Arne Vollan  <pvollan@apple.com>

        [Win] Layout Test http/tests/security/contentSecurityPolicy/source-list-parsing-10.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=147646

        Reviewed by Brent Fulgham.

        Fix build error when CSP_NEXT is disabled.

        * DerivedSources.cpp:

2016-07-05  David Kilzer  <ddkilzer@apple.com>

        Throw exceptions for invalid number of channels for ConvolverNode
        <https://webkit.org/b/159238>

        Reviewed by Brent Fulgham.

        Fix based on a Blink change (patch by <rtoy@chromium.org>):
        <https://chromium.googlesource.com/chromium/src.git/+/0cc26bbb7175aec77910d0b47faf9f8c8a640fe5>

        Also includes a related fix for ReverbConvolverStage (patch by <rtoy@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=157832&view=revision>

        Test: webaudio/convolver-channels.html

        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::setBuffer): Throw an exception for
        anything but 1, 2 or 4 channels.
        * platform/audio/ReverbConvolverStage.cpp:
        (WebCore::ReverbConvolverStage::ReverbConvolverStage): Don't read past the end of
        the impulseResponse array.

2016-07-05  Johan K. Jensen  <jj@johanjensen.dk>

        Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
        https://bugs.webkit.org/show_bug.cgi?id=159358

        Reviewed by Joseph Pecoraro.

        Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html

        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::buildObjectForResourceRequest):
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::setResourceContent):

2016-07-05  Chris Fleizach  <cfleizach@apple.com>

        AX: Image attachment in email does not show up in AX tree
        https://bugs.webkit.org/show_bug.cgi?id=159422

        Reviewed by Joanmarie Diggs.

        When an image loads after the accessibility tree has already been created, the ignored status
        of that image does not get updated.

        Test: accessibility/image-load-on-delay.html

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageChanged):

2016-07-05  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build.
        https://bugs.webkit.org/show_bug.cgi?id=159103

        * Modules/indexeddb/IDBActiveDOMObject.h:
        (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
        WTF.

2016-07-05  Enrica Casucci  <enrica@apple.com>

        HTMLAttachment elements don't receive clicks after the first on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=159310
        rdar://problem/25776940

        Reviewed by Tim Horton.

        shouldSelectOnMouseDown() now returns false on iOS.

        * html/HTMLAttachmentElement.h:

2016-07-05  Brady Eidson  <beidson@apple.com>

        IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost.
        <rdar://problem/27169924> and https://bugs.webkit.org/show_bug.cgi?id=159432

        Reviewed by Alex Christensen.

        No new tests (Targeted test not possible, covered peripherally by all IDB tests).

        * Modules/indexeddb/IDBActiveDOMObject.h:
        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::connectionToServerLost): Make sure there is still a script execution context.

2016-07-01  Jer Noble  <jer.noble@apple.com>

        REGRESSION (r202641): Netflix playback stalls after a few seconds
        https://bugs.webkit.org/show_bug.cgi?id=159365

        Reviewed by Eric Carlson.

        Test: LayoutTests/media/media-source/media-source-small-gap.html

        In r202641, we removed a "fudge factor" of 1 millisecond added onto the duration
        of every sample for the purposes of calculating a SourceBuffer's buffered ranges.
        Netflix (and likely other providers) have streams that have 1 "timeScale" gaps
        between segments (e.g., 1/9000s, 1/3003s, etc.). Fill those gaps by looking for
        the previous and next samples and extending the buffered range to cover the gaps
        if they're short enough. We have to ensure that we correctly remove those extended
        durations when we remove samples from the SourceBuffer as well.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::removeSamplesFromTrackBuffer):
        (WebCore::SourceBuffer::removeCodedFrames):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2016-07-05  Brady Eidson  <beidson@apple.com>

        Database process crashes deleting a corrupt SQLite database file (null deref).
        https://bugs.webkit.org/show_bug.cgi?id=155506.

        Reviewed by Alex Christensen.

        Covered by new API test.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore): Null check.

2016-07-05  Brady Eidson  <beidson@apple.com>

        TransactionOperations can get destroyed on the wrong thread.
        https://bugs.webkit.org/show_bug.cgi?id=159103

        Reviewed by Alex Christensen.

        No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).

        * Modules/indexeddb/IDBActiveDOMObject.h:
        (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
        
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
          origin thread to be deleted there.
        
        * Modules/indexeddb/client/TransactionOperation.h:
        (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):

2016-07-05  Youenn Fablet  <youenn@apple.com>

        Remove CredentialRequest ResourceLoaderOptions
        https://bugs.webkit.org/show_bug.cgi?id=159404

        Reviewed by Sam Weinig.

        No observable change of behavior.
        Removing CredentialRequest from ResourceLoaderOptions and replacing it by FetchOptions::Credentials.
        As per https://fetch.spec.whatwg.org/#http-fetch, credentials flag is set according FetchOptions::Credentials.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource): Set credentials mode to Include.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::redirectReceived): Disable credentials if credentials mode is SameOrigin
        (request being cross origin).
        * loader/MediaResourceLoader.cpp: Refqctoring to use CachedResourceReauest::setAsPotentiallyCrossOrigin.
        Removed unnecessary ResourceRequest copy by using the mutable request of CachedResourceRequest.
        (WebCore::MediaResourceLoader::requestResource):
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Set credential mode  to Include
        * loader/ResourceLoaderOptions.h: Removing CredentialRequest option.
        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
        (WebCore::ResourceLoaderOptions::credentialRequest): Deleted.
        (WebCore::ResourceLoaderOptions::setCredentialRequest): Deleted.
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Set credential mode to Include.
        (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Ditto.
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Set credential mode according crossorigin
        atribute value.
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading): Set credential mode to Omit.
        * page/EventSource.cpp:
        (WebCore::EventSource::connect): Set credential mode according crossorigin atribute value.
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::startLoading): Set credential mode to Omit.
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
        * platform/network/ResourceHandleTypes.h: Removed definition of CredentialRequest.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Set credential mode according crossorigin atribute value.

2016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>

        [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
        https://bugs.webkit.org/show_bug.cgi?id=159411

        Reviewed by Carlos Garcia Campos.

        Tests:
            editing/selection/selection-in-iframe-removed-crash.html

        * editing/atk/FrameSelectionAtk.cpp:
        (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
        Added a null check for the return value of containerNode().

2016-07-04  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [EFL] Remove mac configuration dependency in WebKit Version definition
        https://bugs.webkit.org/show_bug.cgi?id=159407

        Reviewed by Yusuke Suzuki.

        EFL port has been used Version.xconfig file in WebKit/mac/Configurations
        in order to generate WebKitVersion.h file. But it can be simply defined
        in cmake.

        * PlatformEfl.cmake: Remove WebKitVersion.h generation.
        * platform/efl/UserAgentEfl.cpp:
        (WebCore::versionForUAString): Use USER_AGENT_EFL_MAJOR_VERSION and USER_AGENT_EFL_MINOR_VERSION.

2016-07-04  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] Modernize and cleanup CompositingCoordinator
        https://bugs.webkit.org/show_bug.cgi?id=159212

        Reviewed by Žan Doberšek.

        Use references instead of pointers when possible.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::paintToSurface):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        * platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
        (WebCore::CoordinatedImageBacking::update):
        * platform/graphics/texmap/coordinated/CoordinatedImageBacking.h:
        * platform/graphics/texmap/coordinated/CoordinatedSurface.h:
        * platform/graphics/texmap/coordinated/Tile.cpp:
        (WebCore::Tile::updateBackBuffer):
        * platform/graphics/texmap/coordinated/TiledBackingStoreClient.h:

2016-07-04  Youenn Fablet  <youenn@apple.com>

        Remove RequestOriginPolicy from ResourceLoaderOptions
        https://bugs.webkit.org/show_bug.cgi?id=159406

        Reviewed by Sam Weinig.

        Using FetchOptions::mode in lieu of ResourceLoaderOptions::RequestOriginPolicy.
        The cors, no-cors and same-origin values match PotentiallyCrossOriginEnabled,
        UseDefaultOriginRestrictionsForType and RestrictToSameOrigin, default being
        cors/UseDefaultOriginRestrictionsForType as per fetch specification.

        No change of behavior.

        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::cachedImageSet):
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::cachedImage):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::requestResource):
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
        * loader/ResourceLoaderOptions.h:
        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
        (WebCore::ResourceLoaderOptions::requestOriginPolicy): Deleted.
        (WebCore::ResourceLoaderOptions::setRequestOriginPolicy): Deleted.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::init):
        (WebCore::SubresourceLoader::willSendRequestInternal):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
        (WebCore::CachedResourceLoader::canRequest):
        (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading):
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::startLoading):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading):
        * style/StylePendingResources.cpp:
        (WebCore::Style::loadPendingImage):

2016-07-04  Youenn Fablet  <youenn@apple.com>

        Shield WebRTC JS built-ins from user scripts
        https://bugs.webkit.org/show_bug.cgi?id=155964

        Reviewed by Sam Weinig.

        Making use of Promise.prototype.@then instead of Promise.prototype.then.
        Covered by updated tests.

        * Modules/mediastream/RTCPeerConnection.js:
        (createOffer):
        (createAnswer):
        (setLocalDescription):
        (setRemoteDescription):
        (addIceCandidate):
        (getStats):
        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (enqueueOperation):

2016-07-04  Brady Eidson  <beidson@apple.com>

        WebProcesses don't handle DatabaseProcess going away uncleanly..
        https://bugs.webkit.org/show_bug.cgi?id=159371

        Reviewed by Alex Christensen.

        Covered by new API test.

        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::didCloseFromServer):
        (WebCore::IDBDatabase::connectionToServerLost):
        * Modules/indexeddb/IDBDatabase.h:
        
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::connectionToServerLost): Notify all IDBDatabase
          connections, as well as all pending IDBOpenDBRequests, with the error about the
          server connection dropping.
        * Modules/indexeddb/client/IDBConnectionProxy.h:
        
        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::connectionToServerLost):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        
        * Modules/indexeddb/shared/IDBError.h:

2016-07-04  Philippe Normand  <pnormand@igalia.com>

        Release build with logging enabled fails
        https://bugs.webkit.org/show_bug.cgi?id=159403

        Reviewed by Žan Doberšek.

        Protect logging-related methods with !LOG_DISABLED.

        * Modules/indexeddb/IDBDatabaseIdentifier.cpp:
        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        * Modules/indexeddb/IDBKey.cpp:
        * Modules/indexeddb/IDBKey.h:
        * Modules/indexeddb/IDBKeyData.cpp:
        * Modules/indexeddb/IDBKeyData.h:
        * Modules/indexeddb/IDBKeyPath.cpp:
        (WebCore::IDBKeyPath::IDBKeyPath):
        * Modules/indexeddb/IDBKeyRangeData.cpp:
        * Modules/indexeddb/IDBKeyRangeData.h:
        * Modules/indexeddb/server/IndexValueEntry.cpp:
        (WebCore::IDBServer::IndexValueEntry::Iterator::isValid):
        * Modules/indexeddb/server/IndexValueStore.cpp:
        * Modules/indexeddb/server/IndexValueStore.h:
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::clearObjectStore):
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::isVersionChangeInProgress):
        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
        * Modules/indexeddb/shared/IDBIndexInfo.cpp:
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:
        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        * page/SecurityOriginData.cpp:
        * page/SecurityOriginData.h:

2016-07-04  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202556.
        https://bugs.webkit.org/show_bug.cgi?id=159399

        introduces deadlocks (Requested by philn on #webkit).

        Reverted changeset:

        "[GStreamer] improved duration query support in the HTTP
        source element"
        https://bugs.webkit.org/show_bug.cgi?id=159204
        http://trac.webkit.org/changeset/202556

2016-07-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        [image-decoders] Make ImageDecoder::size() lazily decode the image if needed to return a valid size
        https://bugs.webkit.org/show_bug.cgi?id=159297

        Reviewed by Antonio Gomes.

        It's otherwise confusing leading to bugs like #159089.

        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::createFrameImageAtIndex): Check the size at the beginning and return early if it's
        empty. We no longer need to check the size after calling frameBufferAtIndex().
        * platform/image-decoders/ImageDecoder.h:
        (WebCore::ImageDecoder::size): Check first is size is available, which lazily decodes the image.
        (WebCore::ImageDecoder::scaledSize): Remove const.
        (WebCore::ImageDecoder::frameSizeAtIndex): Ditto.
        * platform/image-decoders/ico/ICOImageDecoder.cpp:
        (WebCore::ICOImageDecoder::size): Ditto.
        (WebCore::ICOImageDecoder::frameSizeAtIndex): Ditto.
        * platform/image-decoders/ico/ICOImageDecoder.h:

2016-07-02  Youenn Fablet  <youenn@apple.com>

        Synchronous preflight checker should set loading options to not use credentials
        https://bugs.webkit.org/show_bug.cgi?id=159351

        Reviewed by Alex Christensen.

        Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.

        No change of behavior as preflight request is expressly set to not use credentials in
        createAccessControlPreflightRequest.

        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::doPreflight):

2016-07-01  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202766.
        https://bugs.webkit.org/show_bug.cgi?id=159382

        The new test asserts every time (Requested by ap on #webkit).

        Reverted changeset:

        "Web Inspector: Sending XHR with UTF8 encoded data shows
        garbled data in Resource sidebar"
        https://bugs.webkit.org/show_bug.cgi?id=159358
        http://trac.webkit.org/changeset/202766

2016-07-01  Zalan Bujtas  <zalan@apple.com>

        prepareForDestruction() always needs to be called before destroying the Document object.
        https://bugs.webkit.org/show_bug.cgi?id=159372
        rdar://problem/26788150

        Reviewed by Antti Koivisto.

        We should never start destroying the Document object without calling prepareForDestruction() first.
        It ensures that render tree gets nuked before we start tearing down the node tree.

        Test: fast/history/page-cache-destroy-document.html

        * dom/Document.cpp:
        (WebCore::Document::removedLastRef):

2016-07-01  Johan K. Jensen  <jj@johanjensen.dk>

        Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
        https://bugs.webkit.org/show_bug.cgi?id=159358

        Reviewed by Joseph Pecoraro.

        Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html

        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::buildObjectForResourceRequest):

2016-07-01  Dean Jackson  <dino@apple.com>

        "image-src" support is missing. We only support "-webkit-image-src"
        https://bugs.webkit.org/show_bug.cgi?id=159373
        <rdar://problem/27140443>

        Patch by Brent Fulgham and Dean Jackson.
        Reviewed by Dean Jackson and Brent Fulgham.

        Support unprefixed image-set.

        Test: fast/css/image-set-unprefixed.html

        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::customCSSText):
        * css/CSSParser.cpp:
        (WebCore::isImageSetFunctionValue): New helper function
        that checks prefixed and unprefixed form.
        (WebCore::CSSParser::parseValue): Use the helper.
        (WebCore::CSSParser::parseContent):
        (WebCore::CSSParser::parseFillImage):
        (WebCore::CSSParser::parseBorderImage):

2016-07-01  Chris Dumez  <cdumez@apple.com>

        Possible null Range dereference under AXObjectCache::visiblePositionFromCharacterOffset()
        https://bugs.webkit.org/show_bug.cgi?id=159330
        <rdar://problem/27123752>

        Reviewed by Benjamin Poulain.

        rangeForUnorderedCharacterOffsets() can return a null Range but we failed
        to do a null check before dereferencing it.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):

2016-07-01  Chris Dumez  <cdumez@apple.com>

        Regression(r199087): window.focus() / window.close() can no longer be called by a Window's opener
        https://bugs.webkit.org/show_bug.cgi?id=159364
        <rdar://problem/27117169>

        Reviewed by Gavin Barraclough.

        window.focus() / window.close() could no longer be called by a Window's opener
        after r199087, which would break focusing of open iWork documents on icloud.com.

        Before r199087, we would construct a new function in the caller's context every
        time window.focus and window.close was accessed. r199087 fixed the issue so that
        we always call the same function. However, those functions are using
        [CallWith=Document] and they are were no longer passed the *caller*'s document
        as a result. This broke focus / close permission checking as the code needed the
        caller's document to do the check.

        This patch introduces [CallWith=CallerDocument] and [CallWith=CallerWindow] so
        that the implementation can now pass the caller's Document / Window to the
        implementation. The bindings rely on JSDOMWindow's callerDOMWindow() to get the
        caller DOMWindow / document. This new functionality is now used for window.close
        and window.focus to unbreak their permission checking.

        Test: fast/dom/Window/child-window-focus.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallWith):
        * bindings/scripts/IDLAttributes.txt:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::focus):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2016-07-01  Chris Dumez  <cdumez@apple.com>

        [iOS] Possible null Range dereference under computeAutocorrectionContext()
        https://bugs.webkit.org/show_bug.cgi?id=159328
        <rdar://problem/26766720>

        Reviewed by Benjamin Poulain.

        * editing/Editor.cpp:
        (WebCore::Editor::compositionRange):
        * editing/Editor.h:
        Update to return a RefPtr instead of a PassRefPtr and use nullptr
        instead of 0 in the implementation.

2016-07-01  Jon Davis  <jond@apple.com>

        Updated Picture element and WOFF 2 status
        https://bugs.webkit.org/show_bug.cgi?id=159356

        Reviewed by Timothy Hatcher.
        
        Status updates and clean-up to move Web Animations and Resource Timing entries from JSC to WebCore.

        * features.json:

2016-07-01  Andreas Kling  <akling@apple.com>

        Add early return when processing content extensions if there aren't any.
        <https://webkit.org/b/159363>

        Reviewed by Antti Koivisto.

        Short-circuit outta there if there aren't any extensions to query.

        * contentextensions/ContentExtensionsBackend.cpp:
        (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):

2016-07-01  Eric Carlson  <eric.carlson@apple.com>

        HTMLMediaElement::resume() may cause JavaScript execution
        https://bugs.webkit.org/show_bug.cgi?id=159327
        <rdar://problem/27131641>

        Reviewed by Jer Noble.

        HTMLMediaElement::updatePlayState can cause an element to begin playing and enter fullscreen,
        which can result in a call to the media controls and JavaScript execution. Javascript is not
        allowed allowed to run when a page resumes, so make the call to updatePlayState asynchronous.

        No new tests, I wasn't able to create a test that triggers the crash.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::scheduleDelayedAction): Support UpdatePlayState.
        (WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto.
        (WebCore::HTMLMediaElement::setReadyState): UpdateMediaState -> UpdateState.
        (WebCore::HTMLMediaElement::playInternal): Don't call updateMediaController, it is called
          by updatePlayState.
        (WebCore::HTMLMediaElement::setMuted): UpdateMediaState -> UpdateState.
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): Ditto.
        (WebCore::HTMLMediaElement::mediaEngineWasUpdated): Update media state asynchronously.
        (WebCore::HTMLMediaElement::updatePlayState): Add parameter to allow update to happen
          asynchronously.
        (WebCore::HTMLMediaElement::setPlaying): UpdateMediaState -> UpdateState.
        (WebCore::HTMLMediaElement::setPausedInternal): Update media state asynchronously.
        (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):  
          UpdateMediaState -> UpdateState.
        (WebCore::HTMLMediaElement::removeEventListener): Ditto.
        (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Ditto.
        (WebCore::HTMLMediaElement::updateMediaState): UpdateMediaState -> UpdateState
        * html/HTMLMediaElement.h:
        * html/HTMLMediaElementEnums.h: Add UpdatePlayState.

2016-07-01  Brady Eidson  <beidson@apple.com>

        Blob content type not preserved when retrieving blobs from IndexedDB.
        <rdar://problem/27057357> and https://bugs.webkit.org/show_bug.cgi?id=159360

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/blob-svg-image.html

        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):

        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::postToMainThread):
        (WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked): Pass along the content type
          to the blob registry so that if the file-backed blob takes over, it has the content type.
        (WebCore::threadableQueue): Deleted.
        * fileapi/ThreadableBlobRegistry.h:

        * platform/network/BlobRegistry.h:

        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):
        * platform/network/BlobRegistryImpl.h:

2016-07-01  Youenn Fablet  <youenn@apple.com>

        Make ResourceLoaderOptions derive from FetchOptions
        https://bugs.webkit.org/show_bug.cgi?id=159345

        Reviewed by Alex Christensen.

        No change of behavior.

        * Modules/fetch/FetchLoader.cpp:
        (WebCore::FetchLoader::start):
        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::startPreflight):
        * loader/ResourceLoaderOptions.h:
        (WebCore::ResourceLoaderOptions::fetchOptions): Deleted.
        (WebCore::ResourceLoaderOptions::setFetchOptions): Deleted.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal):
        * loader/ThreadableLoader.h: Removing securityOrigin field (left over from https://bugs.webkit.org/show_bug.cgi?id=159221)

2016-07-01  Per Arne Vollan  <pvollan@apple.com>

        [Win] Animations tests are crashing in debug mode.
        https://bugs.webkit.org/show_bug.cgi?id=159335

        Reviewed by Alex Christensen.

        A MSVC runtime check fails because an uninitialized variable is being used.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::keyframeStylesForAnimation):

2016-07-01  Youenn Fablet  <youennf@gmail.com>

        Add a runtime flag for DOM iterators
        https://bugs.webkit.org/show_bug.cgi?id=159300

        Reviewed by Alex Christensen.

        * Modules/fetch/FetchHeaders.idl: Making iterator runtime-enabled.
        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled):
        (WebCore::RuntimeEnabledFeatures::domIteratorEnabled):
        * bindings/scripts/CodeGeneratorJS.pm:
        (ToMethodName): Fixing dOM -> dom casing issue.
        (GenerateImplementation): Using addIterableProperties new method.
        (addIterableProperties): Activating property addition according runtime flag if iterator is rnutime flagged.
        * bindings/scripts/IDLParser.pm:
        (parseOptionalIterableInterface): Adding extendedAttributes to iterable.
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        * bindings/scripts/test/TestNode.idl: Making iterator runtime-enabled.
        * bindings/scripts/test/TestObj.idl: Ditto.
        * css/FontFaceSet.idl: Ditto.
        * dom/NodeList.idl: Ditto.

2016-07-01  Frederic Wang  <fwang.igalia.com>

        Eliminate trailing whitespace in MathML code
        https://bugs.webkit.org/show_bug.cgi?id=159091

        Reviewed by Alex Christensen.

        No new tests, behavior is unchanged.

        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::RenderMathMLBlock::baselinePosition):
        (WebCore::RenderMathMLBlock::paint):
        (WebCore::parseMathMLNamedSpace):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::updateFromElement):
        (WebCore::RenderMathMLFenced::addChild):
        * rendering/mathml/RenderMathMLFenced.h:
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::styleDidChange):
        (WebCore::RenderMathMLFraction::paint):
        * rendering/mathml/RenderMathMLFraction.h:
        * rendering/mathml/RenderMathMLMath.h:
        * rendering/mathml/RenderMathMLMenclose.h:
        * rendering/mathml/RenderMathMLOperator.cpp:
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::paint):
        * rendering/mathml/RenderMathMLScripts.cpp:
        * rendering/mathml/RenderMathMLSpace.cpp:
        * rendering/mathml/RenderMathMLSpace.h:
        * rendering/mathml/RenderMathMLToken.h:
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        * rendering/mathml/RenderMathMLUnderOver.h:

2016-07-01  Frederic Wang  <fwang@igalia.com>

        Small cleanup: Remove unused functions RenderObject::isRenderMathML*Wrapper
        https://bugs.webkit.org/show_bug.cgi?id=159333

        Reviewed by Alex Christensen.

        After the refactoring of RenderMathMLRoot and RenderMathMLScripts, the anonymous flexbox
        wrappers used in the old layout implementation have been removed. We thus remove the
        corresponding isRender* function from RenderObject.

        No new tests, behavior is unchanged.

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderMathMLRootWrapper): Deleted.
        (WebCore::RenderObject::isRenderMathMLScriptsWrapper): Deleted.

2016-07-01  Andreas Kling  <akling@apple.com>

        [Mac] Get rid of the old timey rubber-banding linen pattern.
        <https://webkit.org/b/159329>

        Reviewed by Benjamin Poulain.

        Remove the "ScrollingOverhang" custom GraphicsLayer appearance since that was only used to
        install the old timey linen pattern behind the web content.

        We now always just set the overhang area's background color to the document background color.

        This fixes an issue where we could end up loading the linen pattern and keeping it in memory
        despite never actually showing it on screen.

        * platform/ScrollbarTheme.h:
        (WebCore::ScrollbarTheme::setUpOverhangAreasLayerContents): Deleted.
        * platform/graphics/GraphicsLayer.cpp:
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (PlatformCALayerCocoa::updateCustomAppearance):
        * platform/mac/ScrollbarThemeMac.h:
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::linenBackgroundColor): Deleted.
        (WebCore::ScrollbarThemeMac::setUpOverhangAreaBackground): Deleted.
        (WebCore::ScrollbarThemeMac::removeOverhangAreaBackground): Deleted.
        (WebCore::ScrollbarThemeMac::setUpOverhangAreasLayerContents): Deleted.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
        (WebCore::RenderLayerCompositor::setRootExtendedBackgroundColor):

2016-06-30  Jiewen Tan  <jiewen_tan@apple.com>

        Create a generic "linked-on-or-after" check for new CSP Rules
        https://bugs.webkit.org/show_bug.cgi?id=159322
        <rdar://problem/27117220>

        Reviewed by Brent Fulgham.

        Create a generic "linked-on-or-after" check for new CSP Rules and cleanup
        quirks for Ecobee, Quora and XtraMat.

        * platform/RuntimeApplicationChecks.h:
        * platform/RuntimeApplicationChecks.mm:
        (WebCore::IOSApplication::isEcobee): Deleted.
        (WebCore::IOSApplication::isQuora): Deleted.
        (WebCore::IOSApplication::isXtraMath): Deleted.

2016-06-30  Antti Koivisto  <antti@apple.com>

        WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
        https://bugs.webkit.org/show_bug.cgi?id=159307
        <rdar://problem/26184868>

        Reviewed by Andreas Kling.

        Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
        resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
        the style resolver in post layout task.

        No known reliable way to test this.

        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::commit):

            Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
            post layout tasks from running synchronously and closes this particular crash path.

2016-06-30  Antoine Quint  <graouts@apple.com>

        Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
        https://bugs.webkit.org/show_bug.cgi?id=159276

        Reviewed by Dean Jackson.

        In the event where the <img> element that we are passing to CanvasRenderingContext2D.drawImage()
        points to an SVG resource, we ensure that the container for the SVG image is sized to match the
        HTML element. The necessity for setting this container size, explained in webkit.org/b/148845,
        is that we must ensure a cached image does not have an outdated container size.

        Tests: svg/as-image/img-with-svg-resource-in-dom-and-drawImage.html
               svg/as-image/img-with-svg-resource-in-dom-no-size-and-drawImage.html
               svg/as-image/img-with-svg-resource-not-in-dom-and-drawImage.html
               svg/as-image/img-with-svg-resource-not-in-dom-no-size-and-drawImage.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):

2016-06-30  Eric Carlson  <eric.carlson@apple.com>

        getUserMedia() exposed, but not functional
        https://bugs.webkit.org/show_bug.cgi?id=158393
        <rdar://problem/26642259>

        Reviewed by Dean Jackson.
        
        Set default value of the Media Stream runtime flag to false on Mac OS X and iOS until the
        browser support is in place.

        * bindings/generic/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Disable media stream by default
        on Mac OS X and iOS.
        * bindings/generic/RuntimeEnabledFeatures.h:

2016-06-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202676.
        https://bugs.webkit.org/show_bug.cgi?id=159314

        This change caused storage/websql tests to crash on Mac and
        iOS WK1 (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "Purge PassRefPtr in Modules/webdatabase"
        https://bugs.webkit.org/show_bug.cgi?id=159255
        http://trac.webkit.org/changeset/202676

2016-06-30  Antoine Quint  <graouts@apple.com>

        [iOS] Media controls are too cramped with small video
        https://bugs.webkit.org/show_bug.cgi?id=158815
        <rdar://problem/26824238>

        Reviewed by Eric Carlson.

        In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
        for the progress indicator. However, we were not accounting for the width used by
        the current and remaining time labels on either side of it, so we would incorrectly
        conclude that we were guaranteeing the minimum time and yield incorrect layouts since
        we were trying to fit more buttons than we had room for.

        In order to correctly compute the available width for the progress indicator, we now
        have clones of the current and remaining time labels, hidden from video and VoiceOver,
        that we update along with the originals. The same styles apply to both clones and
        originals, so we may measure the clones to determine the space used by the time labels.
        The reason we need to use clones is that if the time labels had previously been hidden
        from view, precisely because there was not enough space to display them along with the
        progress indicator, then trying to obtain metrics from them would yield 0 since they had
        "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
        use the clones so that we never have to toggle the "display" property of the originals
        just to obtain their measurements.

        As a result of this change, we adjust the constant used to set the minimum required
        width available to display the progress indicator after all other essential controls
        and labels have been measured. That constant used to account for the width of the
        time labels, and this is no longer correct.

        Test: media/video-controls-drop-and-restore-timeline.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller):
        (Controller.prototype.createTimeClones):
        (Controller.prototype.removeTimeClass):
        (Controller.prototype.addTimeClass):
        (Controller.prototype.updateDuration):
        (Controller.prototype.updateLayoutForDisplayedWidth):
        (Controller.prototype.updateTime):
        (Controller.prototype.updateControlsWhileScrubbing):
        * Modules/mediacontrols/mediaControlsiOS.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsiOS.js:

2016-06-30  Brian Burg  <bburg@apple.com>

        Unreviewed, fix the macOS Sierra Release configuration after r202642.

        * platform/audio/mac/MediaSessionManagerMac.mm:
        (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
        Add missing UNUSED_PARAM for when logging is not enabled.

2016-06-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202679.
        https://bugs.webkit.org/show_bug.cgi?id=159302

        Still causing timeouts on media/controls-drag-timebar.html
        (Requested by ap on #webkit).

        Reverted changeset:

        "[iOS] Media controls are too cramped with small video"
        https://bugs.webkit.org/show_bug.cgi?id=158815
        http://trac.webkit.org/changeset/202679

2016-06-30  Antoine Quint  <graouts@apple.com>

        [iOS] Media controls are too cramped with small video
        https://bugs.webkit.org/show_bug.cgi?id=158815
        <rdar://problem/26824238>

        Reviewed by Eric Carlson.

        In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
        for the progress indicator. However, we were not accounting for the width used by
        the current and remaining time labels on either side of it, so we would incorrectly
        conclude that we were guaranteeing the minimum time and yield incorrect layouts since
        we were trying to fit more buttons than we had room for.

        In order to correctly compute the available width for the progress indicator, we now
        have clones of the current and remaining time labels, hidden from video and VoiceOver,
        that we update along with the originals. The same styles apply to both clones and
        originals, so we may measure the clones to determine the space used by the time labels.
        The reason we need to use clones is that if the time labels had previously been hidden
        from view, precisely because there was not enough space to display them along with the
        progress indicator, then trying to obtain metrics from them would yield 0 since they had
        "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
        use the clones so that we never have to toggle the "display" property of the originals
        just to obtain their measurements.

        As a result of this change, we adjust the constant used to set the minimum required
        width available to display the progress indicator after all other essential controls
        and labels have been measured. That constant used to account for the width of the
        time labels, and this is no longer correct.

        Test: media/video-controls-drop-and-restore-timeline.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller):
        (Controller.prototype.createTimeClones):
        (Controller.prototype.removeTimeClass):
        (Controller.prototype.addTimeClass):
        (Controller.prototype.updateDuration):
        (Controller.prototype.updateLayoutForDisplayedWidth):
        (Controller.prototype.updateTime):
        (Controller.prototype.updateControlsWhileScrubbing):
        * Modules/mediacontrols/mediaControlsiOS.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsiOS.js:

2016-06-30  Eric Carlson  <eric.carlson@apple.com>

        [Mac] Crash registering AVFoundation media engine
        https://bugs.webkit.org/show_bug.cgi?id=159269
        <rdar://problem/27017656>

        Reviewed by Brent Fulgham.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::mediaEngineVectorLock): New, return the static Lock.
        (WebCore::haveMediaEnginesVector): Wrap the naked bool.
        (WebCore::buildMediaEnginesVector): Assert that the lock is locked.
        (WebCore::installedMediaEngines): Hold the lock while checking/rebuilding the vector.
        (WebCore::MediaPlayer::resetMediaEngines): Hold the lock while clearing the vector.

        Use SOFT_LINK_CLASS_FOR_SOURCE instead of SOFT_LINK_CLASS because the former uses dispatch_once
        to ensure that class loading is thread safe.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine):
        (WebCore::assetCacheForPath):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createOpenGLVideoOutput):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::outputMediaDataWillChange):
        (-[WebCoreAVFPullDelegate setCallback:]):
        (-[WebCoreAVFPullDelegate outputMediaDataWillChange:]):
        (-[WebCoreAVFPullDelegate outputSequenceWasFlushed:]):

2016-06-30  Carlos Garcia Campos  <cgarcia@igalia.com>

        [image-decoders] Use final and override in ImageDecoder subclasses
        https://bugs.webkit.org/show_bug.cgi?id=159291

        Reviewed by Antonio Gomes.

        * platform/image-decoders/bmp/BMPImageDecoder.h:
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/ico/ICOImageDecoder.cpp:
        (WebCore::ICOImageDecoder::frameSizeAtIndex):
        * platform/image-decoders/ico/ICOImageDecoder.h:
        * platform/image-decoders/jpeg/JPEGImageDecoder.h:
        * platform/image-decoders/png/PNGImageDecoder.h:
        * platform/image-decoders/webp/WEBPImageDecoder.h:

2016-06-30  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Purge PassRefPtr in Modules/webdatabase
        https://bugs.webkit.org/show_bug.cgi?id=159255

        Reviewed by Benjamin Poulain.

        As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.

        Additionally unnecessary spaces and tabs are removed too.

        * Modules/webdatabase/ChangeVersionWrapper.cpp:
        * Modules/webdatabase/DOMWindowWebDatabase.h:
        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::Database):
        (WebCore::Database::~Database):
        (WebCore::Database::scheduleTransaction):
        (WebCore::Database::runTransaction):
        * Modules/webdatabase/Database.h:
        * Modules/webdatabase/DatabaseAuthorizer.cpp:
        (WebCore::DatabaseAuthorizer::allowRead):
        * Modules/webdatabase/DatabaseManager.cpp:
        (WebCore::DatabaseManager::openDatabase):
        (WebCore::DatabaseManager::fullPathForDatabase):
        (WebCore::DatabaseManager::detailsForNameAndOrigin):
        * Modules/webdatabase/DatabaseManager.h:
        * Modules/webdatabase/DatabaseTask.cpp:
        (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
        * Modules/webdatabase/SQLResultSetRowList.h:
        * Modules/webdatabase/SQLStatement.cpp:
        (WebCore::SQLStatement::SQLStatement):
        (WebCore::SQLStatement::sqlError):
        (WebCore::SQLStatement::sqlResultSet):
        * Modules/webdatabase/SQLStatement.h:
        * Modules/webdatabase/SQLTransaction.h:
        * Modules/webdatabase/SQLTransactionBackend.cpp:
        (WebCore::SQLTransactionBackend::create):
        (WebCore::SQLTransactionBackend::SQLTransactionBackend):
        (WebCore::SQLTransactionBackend::transactionError):
        * Modules/webdatabase/SQLTransactionBackend.h:

2016-06-30  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Coordinated Graphics] Move CompositingCoordinator from platform to WebKit2 layer
        https://bugs.webkit.org/show_bug.cgi?id=159209

        Reviewed by Žan Doberšek.

        Remove CompositingCoordinator and its helper classes from the platform layer.

        * platform/TextureMapper.cmake:

2016-06-29  Youenn Fablet  <youenn@apple.com>

        Pass SecurityOrigin as references in CORS check code
        https://bugs.webkit.org/show_bug.cgi?id=159263

        Reviewed by Alex Christensen.

        No change of behavior.

        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::cachedImageSet):
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::cachedImage):
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestScript):
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::updateRequestForAccessControl):
        (WebCore::createAccessControlPreflightRequest):
        (WebCore::passesAccessControlCheck):
        * loader/CrossOriginAccessControl.h:
        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::preflightSuccess):
        (WebCore::DocumentThreadableLoader::isAllowedRedirect):
        (WebCore::DocumentThreadableLoader::securityOrigin):
        * loader/DocumentThreadableLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):
        * loader/LinkLoader.cpp:
        (WebCore::preloadIfNeeded):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::requestResource):
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::checkCrossOriginAccessControl):
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::load):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::passesAccessControlCheck):
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):

2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Implement MediaEndpointPeerConnection::setConfiguration()
        https://bugs.webkit.org/show_bug.cgi?id=159254

        Reviewed by Eric Carlson.

        Implement MediaEndpointPeerConnection::setConfiguration() which is the
        MediaEndpointPeerConnection implementation of RTCPeerConnection.setConfiguration() [1].

        [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcpeerconnection-setconfiguration

        Testing: Updated existing test.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setConfiguration):
        Implemented.
        * Modules/mediastream/RTCConfiguration.cpp:
        (WebCore::RTCConfiguration::initialize):
        * Modules/mediastream/RTCConfiguration.h:
        Use shared enums.
        * Modules/mediastream/RTCConfiguration.idl:
        Remove 'None'/'Public' IceTransportPolicy enum value (removed from WebRTC 1.0).
        * platform/mediastream/MediaEndpointConfiguration.cpp:
        (WebCore::MediaEndpointConfiguration::MediaEndpointConfiguration):
        * platform/mediastream/MediaEndpointConfiguration.h:
        Use shared enums.
        (WebCore::MediaEndpointConfiguration::create):
        * platform/mediastream/PeerConnectionStates.h: Renamed from Source/WebCore/Modules/mediastream/PeerConnectionStates.h.
        Make shared enums accessible to platform objects (currently MediaEndpointConfiguration).

2016-06-29  Hunseop Jeong  <hs85.jeong@samsung.com>

        Unreviewed, CMake build fix - 2.

        * PlatformMac.cmake:

2016-06-29  Hunseop Jeong  <hs85.jeong@samsung.com>

        Unreviewed, CMake build fix. 

        * PlatformMac.cmake:

2016-06-29  Jer Noble  <jer.noble@apple.com>

        Unprefix webkit-playsinline.
        https://bugs.webkit.org/show_bug.cgi?id=159283

        Reviewed by Eric Carlson.

        Tests: media/video-playsinline.html
               media/video-webkit-playsinline.html

        Unprefix the webkit-playsinline content attribute, as an unprefixed version
        was added to the HTML spec by <https://github.com/whatwg/html/pull/1444>.
        The new 'playsinline' content attribute reflects to a new DOM property of
        the same name.

        * html/HTMLAttributeNames.in:
        * html/HTMLVideoElement.idl:
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):

2016-06-29  Alex Christensen  <achristensen@webkit.org>

        Fix null dereferencing after r201441
        https://bugs.webkit.org/show_bug.cgi?id=159282
        rdar://problem/27082559

        Reviewed by Andreas Kling.

        No new tests.  This is reproducible when dragging from regular to high-DPI displays, 
        and we don't have testing infrastructure for simulating that.

        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::styleResolverChanged):
        MediaQueryListListener::queryChanged can mutate the Vector of listeners while we are iterating it.
        Copy the Vector of listeners and iterate the copy so we don't go out of bounds.

2016-06-29  Antti Koivisto  <antti@apple.com>

        Factor pending CSS resources into a struct
        https://bugs.webkit.org/show_bug.cgi?id=159268

        Reviewed by Andreas Kling.

        To fix resource loading related re-entrancy issues in StyleResolver we should move the triggering of
        resource loads outside the style resolver. The first step for that is to capture pending resources to a struct.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSCursorImageValue.cpp:
        (WebCore::CSSCursorImageValue::cachedImage):
        (WebCore::CSSCursorImageValue::cachedOrPendingImage):
        * css/CSSCursorImageValue.h:
        * css/CSSGradientValue.cpp:
        (WebCore::GradientStop::GradientStop):
        (WebCore::CSSGradientValue::gradientWithStylesResolved):
        * css/CSSGradientValue.h:
        (WebCore::CSSGradientValue::loadSubimages):
        (WebCore::CSSGradientValue::CSSGradientValue):
        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::cachedImageSet):
        (WebCore::CSSImageSetValue::cachedOrPendingImageSet):
        * css/CSSImageSetValue.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::clear):
        (WebCore::StyleResolver::State::setParentStyle):
        (WebCore::StyleResolver::State::ensurePendingResources):
        (WebCore::isAtShadowBoundary):
        (WebCore::StyleResolver::cachedOrPendingFromValue):
        (WebCore::StyleResolver::generatedOrPendingFromValue):
        (WebCore::StyleResolver::setOrPendingFromValue):
        (WebCore::StyleResolver::cursorOrPendingFromValue):
        (WebCore::filterOperationForType):
        (WebCore::StyleResolver::createFilterOperations):
        (WebCore::StyleResolver::loadPendingResources):
        (WebCore::StyleResolver::MatchedProperties::MatchedProperties):
        (WebCore::StyleResolver::loadPendingSVGDocuments): Deleted.
        (WebCore::StyleResolver::loadPendingImage): Deleted.
        (WebCore::StyleResolver::loadPendingShapeImage): Deleted.
        (WebCore::StyleResolver::loadPendingImages): Deleted.
        * css/StyleResolver.h:
        (WebCore::StyleResolver::rootElementStyle):
        (WebCore::StyleResolver::element):
        (WebCore::StyleResolver::document):
        (WebCore::StyleResolver::documentSettings):
        (WebCore::StyleResolver::State::setApplyPropertyToVisitedLinkStyle):
        (WebCore::StyleResolver::State::applyPropertyToRegularStyle):
        (WebCore::StyleResolver::State::applyPropertyToVisitedLinkStyle):
        (WebCore::StyleResolver::State::setFontDirty):
        (WebCore::StyleResolver::State::fontDirty):
        (WebCore::StyleResolver::State::useSVGZoomRules):
        (WebCore::StyleResolver::State::takePendingResources):
        (WebCore::StyleResolver::State::cssToLengthConversionData):
        (WebCore::StyleResolver::State::cascadeLevel):
        (WebCore::StyleResolver::State::setCascadeLevel):
        (WebCore::StyleResolver::state):
        (WebCore::StyleResolver::State::pendingImageProperties): Deleted.
        (WebCore::StyleResolver::State::filtersWithPendingSVGDocuments): Deleted.
        * style/StylePendingResources.cpp: Added.
        (WebCore::Style::loadPendingImage):
        (WebCore::Style::loadPendingImages):
        (WebCore::Style::loadPendingSVGFilters):
        (WebCore::Style::loadPendingResources):

            Move the functions for triggering the resource loads from StyleResolver.

        * style/StylePendingResources.h: Added.

            Add struct for pending resources.

2016-06-29  Anders Carlsson  <andersca@apple.com>

        Add "type" and "paymentPass" properties in PaymentMethod
        https://bugs.webkit.org/show_bug.cgi?id=159278
        rdar://problem/26999112

        Reviewed by Dean Jackson.

        * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
        (WebCore::toString):
        (WebCore::toDictionary):

2016-06-29  Nan Wang  <n_wang@apple.com>

        AX: Crash in WebCore::Document::focusNavigationStartingNode(WebCore::FocusDirection) const + 128
        https://bugs.webkit.org/show_bug.cgi?id=159240

        Reviewed by Ryosuke Niwa.

        This crash is caused by passing an empty node to ElementTraversal::previous(Node&). When the
        focusNavigationStartingNode has been removed and it has no next sibling, we should fallback
        to itself for calculating the next focused element.

        Test: fast/events/remove-focus-navigation-starting-point-crash.html

        * dom/Document.cpp:
        (WebCore::Document::focusNavigationStartingNode):

2016-06-29  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r202617.

        The LayoutTest from this change crashes under GuardMalloc

        Reverted changeset:

        "Throw exceptions for invalid number of channels for
        ConvolverNode"
        https://bugs.webkit.org/show_bug.cgi?id=159238
        http://trac.webkit.org/changeset/202617

2016-06-29  Anders Carlsson  <andersca@apple.com>

        Rename addressFields to contactFields
        https://bugs.webkit.org/show_bug.cgi?id=159271
        rdar://problem/27086955

        Reviewed by Beth Dakin.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::createContactFields):
        (WebCore::isValidPaymentRequestPropertyName):
        (WebCore::createPaymentRequest):
        (WebCore::createAddressFields): Deleted.
        * Modules/applepay/PaymentRequest.h:
        (WebCore::PaymentRequest::requiredBillingContactFields):
        (WebCore::PaymentRequest::setRequiredBillingContactFields):
        (WebCore::PaymentRequest::requiredShippingContactFields):
        (WebCore::PaymentRequest::setRequiredShippingContactFields):
        (WebCore::PaymentRequest::requiredBillingAddressFields): Deleted.
        (WebCore::PaymentRequest::setRequiredBillingAddressFields): Deleted.
        (WebCore::PaymentRequest::requiredShippingAddressFields): Deleted.
        (WebCore::PaymentRequest::setRequiredShippingAddressFields): Deleted.

2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, third attempt to fix ASAN build for r202599

        * platform/text/TextCodecReplacement.cpp:
        (WebCore::TextCodecReplacement::decode):

2016-06-29  Jer Noble  <jer.noble@apple.com>

        Adopt MediaRemote.
        https://bugs.webkit.org/show_bug.cgi?id=159250

        Reviewed by Eric Carlson.

        Adopt MediaRemote and use the framework to implement MediaSessionManageMac
        and RemoteCommandListenerMac.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/RemoteCommandListener.cpp:
        * platform/audio/PlatformMediaSessionManager.cpp:
        * platform/audio/cocoa/MediaSessionManagerCocoa.cpp: Renamed from Source/WebCore/platform/audio/mac/MediaSessionManagerMac.cpp.
        (PlatformMediaSessionManager::updateSessionState):
        * platform/audio/mac/MediaSessionManagerMac.h: Added.
        * platform/audio/mac/MediaSessionManagerMac.mm: Added.
        (WebCore::PlatformMediaSessionManager::sharedManager):
        (WebCore::PlatformMediaSessionManager::sharedManagerIfExists):
        (WebCore::MediaSessionManagerMac::MediaSessionManagerMac):
        (WebCore::MediaSessionManagerMac::~MediaSessionManagerMac):
        (WebCore::MediaSessionManagerMac::sessionWillBeginPlayback):
        (WebCore::MediaSessionManagerMac::removeSession):
        (WebCore::MediaSessionManagerMac::sessionWillEndPlayback):
        (WebCore::MediaSessionManagerMac::clientCharacteristicsChanged):
        (WebCore::MediaSessionManagerMac::nowPlayingEligibleSession):
        (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
        * platform/cocoa/SoftLinking.h:
        * platform/mac/MediaRemoteSoftLink.cpp: Added.
        * platform/mac/MediaRemoteSoftLink.h: Added.
        * platform/mac/RemoteCommandListenerMac.h: Added.
        (WebCore::RemoteCommandListenerMac::createWeakPtr):
        * platform/mac/RemoteCommandListenerMac.mm: Added.
        (WebCore::RemoteCommandListener::create):
        (WebCore::RemoteCommandListenerMac::RemoteCommandListenerMac):
        (WebCore::RemoteCommandListenerMac::~RemoteCommandListenerMac):
        * platform/spi/mac/MediaRemoteSPI.h: Added.

2016-06-29  Jer Noble  <jer.noble@apple.com>

        Cannot clear a MediaSource SourceBuffer in Safari 9 and WebKit nightly
        https://bugs.webkit.org/show_bug.cgi?id=159230

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-remove.html (modified)

        Move to using a MediaTime directly (rather than as a double) to add
        and removed buffered ranges. Also, drop the use of the "microsecond"
        fudge factor when adding buffered ranges.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::removeSamplesFromTrackBuffer):
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, second attempt to fix ASAN build for r202599

        * platform/text/TextCodecReplacement.cpp:

2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, first attempt to fix ASAN build for r202599

        * platform/text/TextCodecReplacement.cpp:

2016-06-29  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Show Shadow Root type in DOM Tree
        https://bugs.webkit.org/show_bug.cgi?id=159236
        <rdar://problem/27068521>

        Reviewed by Timothy Hatcher.

        Test: inspector/dom/shadowRootType.html

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::shadowRootType):
        (WebCore::InspectorDOMAgent::buildObjectForNode):
        Set the shadowRootType property when a node is a ShadowRoot.

2016-06-29  Jeremy Jones  <jeremyj@apple.com>

        Replace MPAudioVideoRoutingActionSheet with MPAVRoutingSheet.
        https://bugs.webkit.org/show_bug.cgi?id=159161
        <rdar://problem/26017691>

        Reviewed by Sam Weinig.

        Replace MPAudioVideoRoutingActionSheet SPI with MPAVRoutingSheet SPI.

        * platform/spi/ios/MediaPlayerSPI.h:

2016-06-29  Alejandro G. Castro  <alex@igalia.com>

        WebRTC: ice-char can not contain '=' characters for credentials
        https://bugs.webkit.org/show_bug.cgi?id=159207

        Reviewed by Eric Carlson.

        Avoid a general calculation to get a base64 without padding which
        was wrong in the randomString function. Because each parameter
        using the function requires a different setup depending of the
        specification and this is not a general API, it is a better
        solution to calculate and store the sizes we want to use, comment
        them and test them, considering we use base64 to generate the
        strings we just need to avoid padding.

        Existing test modified to match the correct behavior.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::randomString): Now the size is the one passed.
        (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
        Used different valid values following the sdp parser in each case.

2016-06-29  David Kilzer  <ddkilzer@apple.com>

        Crash when 'input' event handler for input[type=color] changes the input type
        <https://webkit.org/b/159262>
        <rdar://problem/27020404>

        Reviewed by Daniel Bates.

        Fix based on a Blink change (patch by <tkent@chromium.org>):
        <https://chromium.googlesource.com/chromium/src.git/+/a17cb3ecef49a078657524cdeaba33ad2083646c>

        Test: fast/forms/color/color-type-change-on-input-crash.html

        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::didChooseColor): Add EventQueueScope
        before setValueFromRenderer() to fix the bug.
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::setValueFromRenderer): Add comment
        about how to use this method.

2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Misc MediaStreamEvent fixes: Update build flag and remove PassRefPtr usage
        https://bugs.webkit.org/show_bug.cgi?id=159132

        Reviewed by Eric Carlson.

        Use the WEB_RTC build flag instead of MEDIA_STREAM since this event is related to
        RTCPeerConnection. Also remove PassRefPtr usage.

        Updated existing expected results.

        * Modules/mediastream/MediaStreamEvent.cpp:
        (WebCore::MediaStreamEvent::create):
        (WebCore::MediaStreamEvent::MediaStreamEvent):
        * Modules/mediastream/MediaStreamEvent.h:
        * Modules/mediastream/MediaStreamEvent.idl:
        * dom/EventNames.in:

2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        REGRESSION(r202337) [WebRTC] Crash when loading html5test.com
        https://bugs.webkit.org/show_bug.cgi?id=159145

        Reviewed by Eric Carlson.

        MediaEndpointPeerConnection uses an implementation of the MediaEndpoint interface to
        interact with the port's WebRTC backend. A mock (MockMediaEndpoint) is used for testing.
        This change adds an "empty" MediaEndpoint implementation that simplifies the case when a
        port builds and tests with MediaEndpointPeerConnection/MockMediaEndpoint, but doesn't have
        a "real" MediaEndpoint implementation yet (to use with MiniBrowser).

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
        * platform/mediastream/MediaEndpoint.cpp:
        (WebCore::EmptyRealtimeMediaSource::create):
        (WebCore::EmptyRealtimeMediaSource::EmptyRealtimeMediaSource):
        (WebCore::EmptyMediaEndpoint::EmptyMediaEndpoint):
        (WebCore::createMediaEndpoint):

2016-06-29  Alejandro G. Castro  <alex@igalia.com>

        Fix assertion in debug build when creating the SocketStreamHandle object.

        We have to call relaxAdoptionRequirement to avoid the assertion
        when protecting the non-adopted SocketStreamHandle we are
        creating. Update to r202370.

        Rubber-stamped by Carlos Garcia Campos.

        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):

2016-06-29  David Kilzer  <ddkilzer@apple.com>

        Throw exceptions for invalid number of channels for ConvolverNode
        <https://webkit.org/b/159238>
        <rdar://problem/27020410>

        Reviewed by Brent Fulgham.

        Fix based on a Blink change (patch by <rtoy@chromium.org>):
        <https://chromium.googlesource.com/chromium/src.git/+/0cc26bbb7175aec77910d0b47faf9f8c8a640fe5>

        Test: webaudio/convolver-channels.html

        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::setBuffer): Throw an exception for
        anything but 1, 2 or 4 channels.

2016-06-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r198782, r201043): [image-decoders] Flickering with some animated gif
        https://bugs.webkit.org/show_bug.cgi?id=159089

        Reviewed by Antonio Gomes.

        There's some flickering when loading big enough animated gifs running the animation in a loop. The first time it
        loads everything is fine, but after the first loop iteration there are several flickering effects, once every
        time the animation finishes and some others happening in the middle of the animation loop. The flickering
        happens because we fail to render some of the frames, and it has two diferent causes:

         - In r198782, ImageDecoder::createFrameImageAtIndex(), was modified to check first if the image is empty to
        return early, and then try to get the frame image from the decoder. This is the aone causing the flickering
        always on the first frame after one iteration. It happens because ImageDecoder::size() is always empty at that
        point. The first time doesn't happen because the gif is loaded and BitmapImage calls isSizeAvailable() from
        BitmapImage::dataChanged(). The isSizeAvailable call makes the gif decoder calculate the size. But for the next
        iterations, frames are cached and BitmapImage already has the decoded data so isSizeAvailable is not called
        again. When createFrameImageAtIndex() is called again for the first frame, size is empty until the gif decoder
        creates the reader again, which happens when frameBufferAtIndex() is called, so after that the size is
        available. So, we could call isSizeAvailable before checking the size, or simply do the check after the
        frameBufferAtIndex() call as we used to do.

         - In r201043 BitmapImage::destroyDecodedDataIfNecessary() was fixed to use the actual bytes used by the frame
        in order to decide whether to destroy decoded data or not. This actually revealed a bug, it didn't happen before
        because we were never destroying frames before. The bug is in the gif decoder that doesn't correctly handle the
        case of destroying only some of the frames from the buffer cache. The gif decoder is designed to always process the
        frames in order, the reader keeps an index of the currently processed frame, so when some frames are read from the
        cache, and then we ask the decoder for a not cached frame, the currently processed frame is not in sync with the
        actual frame we are asking for, and we end do not processing any frame at all.

        * platform/image-decoders/ImageDecoder.cpp:
        (WebCore::ImageDecoder::createFrameImageAtIndex): Check the size after calling frameBufferAtIndex().
        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::clearFrameBufferCache): Delete the reader when clearing the cache since it's out of sync.

2016-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] Adaptive streaming issues
        https://bugs.webkit.org/show_bug.cgi?id=144040

        Reviewed by Philippe Normand.

        There are multiple deadlocks in the web process when HLS content is loaded by GStreamer. It happens because gst
        is using several threads to download manifest, fragments, monitor the downloads, etc. To download the fragments
        and manifest it always creates the source element in a separate thread, something that is not actually expected
        to happen in WebKit source element. Our source element is always scheduling tasks (start, stop, need-data,
        enough-data and seek) to the main thread, and those downloads that use the ResourceHandleStreamingClient
        (there's no player associated) also happen in the main thread, because libsoup calls all its async callbacks in
        the main thread. So, the result is that it can happen that we end up blocking the main thread in a lock until
        the download finishes, but the download never finishes because tasks are scheduled in the main thread that is
        blocked in a lock. This can be prevented by always using a secondary thread for downloads made by
        ResourceHandleStreamingClient, using its own run loop with a different GMainContext so that libsoup sends
        callbacks to the right thread. We also had to refactor the tasks a bit, leaving the thread safe parts to be run
        in the calling thread always, and only scheduling to the main thread in case of not using
        ResourceHandleStreamingClient and only for the non thread safe parts.
        This patch also includes r200455 that was rolled out, but it was a perfectly valid workaround for GST bug.

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::ensureGRef): Consume the floating ref if needed.
        * platform/graphics/gstreamer/GRefPtrGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init): Check if object is being created in the main thread.
        (webKitWebSrcStop): Stop the media resource loader in the main thread and the resource handle streaming in the
        current thread.
        (webKitWebSrcStart): Start the media resource loader in the main thread and the resource handle streaming in
        the current thread.
        (webKitWebSrcChangeState): Call webKitWebSrcStart and webKitWebSrcStop in the current thread.
        (webKitWebSrcNeedData): Update status in the current thread and notify the media resource loader in the main thread.
        (webKitWebSrcEnoughData): Ditto.
        (webKitWebSrcSeek): Ditto.
        (webKitWebSrcSetMediaPlayer): Add an assert to ensure that source elements used by WebKit are always created in
        the main thread.
        (ResourceHandleStreamingClient::ResourceHandleStreamingClient): Use a secondary thread to do the download.
        (ResourceHandleStreamingClient::~ResourceHandleStreamingClient): Stop the secondary thread.
        (ResourceHandleStreamingClient::setDefersLoading): Notify the secondary thread.

2016-06-28  Youenn Fablet  <youennf@gmail.com>

        Remove ThreadableLoaderOptions origin
        https://bugs.webkit.org/show_bug.cgi?id=159221

        Reviewed by Sam Weinig.

        No change of behavior.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Adding origing parameter.
        (WebCore::DocumentThreadableLoader::create): Ditto.
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
        (WebCore::DocumentThreadableLoader::redirectReceived): Setting m_origin.
        (WebCore::DocumentThreadableLoader::securityOrigin): Checking m_origin.
        * loader/DocumentThreadableLoader.h: Adding m_origin member.
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing origin.
        (WebCore::ThreadableLoaderOption::isolatedCopy): Deleted.
        * loader/ThreadableLoader.h: Removing origin parameter and isolatedCopy function.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::LoaderTaskOptions::LoaderTaskOptions): Structure to pass loader task options from one thread to another.
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
        * page/EventSource.cpp:
        (WebCore::EventSource::connect): Removing setting of the origin.
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously): Ditto.
        (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Ditto.

2016-06-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202580.
        https://bugs.webkit.org/show_bug.cgi?id=159245

        Caused all WKTR tests to fail on GuardMalloc and Production
        only for unknown reasons, investigating offline. (Requested by
        brrian on #webkit).

        Reverted changeset:

        "RunLoop::Timer should use constructor templates instead of
        class templates"
        https://bugs.webkit.org/show_bug.cgi?id=159153
        http://trac.webkit.org/changeset/202580

2016-06-28  Benjamin Poulain  <benjamin@webkit.org>

        Rename ChildrenAffectedByActive to StyleAffectedByActive
        https://bugs.webkit.org/show_bug.cgi?id=159187

        Reviewed by Antti Koivisto.

        Flags named "ChildrenAffectedBy" are used when the invalidation
        of children is so crazy that we invalidate the whole parent subtree instead.

        That's not the case for :active. It is a straightforward element invalidation.
        Consequently, the property is renamed to StyleAffectedByActive.

        * dom/Element.cpp:
        (WebCore::Element::setActive):
        (WebCore::Element::setStyleAffectedByActive):
        (WebCore::Element::hasFlagsSetDuringStylingOfChildren):
        (WebCore::Element::rareDataStyleAffectedByActive):
        (WebCore::Element::setChildrenAffectedByActive): Deleted.
        (WebCore::Element::rareDataChildrenAffectedByActive): Deleted.
        * dom/Element.h:
        (WebCore::Element::styleAffectedByActive):
        (WebCore::Element::childrenAffectedByActive): Deleted.
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::styleAffectedByActive):
        (WebCore::ElementRareData::setStyleAffectedByActive):
        (WebCore::ElementRareData::ElementRareData):
        (WebCore::ElementRareData::resetDynamicRestyleObservations):
        (WebCore::ElementRareData::childrenAffectedByActive): Deleted.
        (WebCore::ElementRareData::setChildrenAffectedByActive): Deleted.
        * style/StyleRelations.cpp:
        (WebCore::Style::commitRelations):

2016-06-28  Jiewen Tan  <jiewen_tan@apple.com>

        Implement "replacement" codec
        https://bugs.webkit.org/show_bug.cgi?id=159180
        <rdar://problem/26015178>

        Reviewed by Brent Fulgham.

        Test: fast/encoding/charset-replacement.html

        Add support for "replacement" codec according to the spec:
        https://encoding.spec.whatwg.org/#replacement
        According to the spec, encoding labels {"csiso2022kr", "hz-gb-2312", "iso-2022-cn",
        "iso-2022-cn-ext", "iso-2022-kr"} are used to conduct certain attacks that abuse
        a mismatch between encodings supported on the server and the client. Therefore,
        they are grouped under the "replacement" codec, which does the following things
        to prevent those attacks.
        1) Decode: terminates with a single U+FFFD.
        2) Encode: treated as UTF-8.

        Furthermore, the "replacement" codec is a specification convenience to group those
        vulnerable encoding labels. Therefore, it should not be able to use directly.

        This change is based on the following Blink changes:
        https://codereview.chromium.org/265973003, and
        https://codereview.chromium.org/261013007.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/text/TextAllInOne.cpp:
        * platform/text/TextCodecReplacement.cpp: Added.
        (WebCore::TextCodecReplacement::create):
        (WebCore::TextCodecReplacement::TextCodecReplacement):
        (WebCore::TextCodecReplacement::registerEncodingNames):
        (WebCore::TextCodecReplacement::registerCodecs):
        (WebCore::TextCodecReplacement::decode):
        * platform/text/TextCodecReplacement.h: Added.
        * platform/text/TextEncoding.cpp:
        (WebCore::TextEncoding::TextEncoding):
        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::isReplacementEncoding):
        (WebCore::extendTextCodecMaps):
        * platform/text/TextEncodingRegistry.h:

2016-06-28  Dean Jackson  <dino@apple.com>

        Remove incorrect comments in HTMLCanvasElement
        https://bugs.webkit.org/show_bug.cgi?id=159229

        Reviewed by Sam Weinig.

        These comments are wrong.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::probablySupportsContext):
        (WebCore::HTMLCanvasElement::getContext): Deleted.

2016-06-28  Geoffrey Garen  <ggaren@apple.com>

        CrashTracer beneath JSC::MarkedBlock::specializedSweep
        https://bugs.webkit.org/show_bug.cgi?id=159223

        Reviewed by Saam Barati.

        This crash is caused by a media element re-entering JS during the GC
        sweep phase.

        In theory, other CachedResourceClients in the DOM might also trigger
        similar bugs, but our data only implicates the media elements, so this
        fix targets them.

        * html/HTMLDocument.h: Document has no reason to inherit from
        CachedResourceClient. I found this becuase I had to search for all
        CachedResourceClients in researching this patch.

        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::invalidate): Delay our call to
        stopLoading because it might re-enter JS, and we might have been called
        by the GC sweep phase destroying a media element.

        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::invalidate): Ditto.

2016-06-28  Saam Barati  <sbarati@apple.com>

        some Watchpoints' ::fireInternal method will call operations that might GC where the GC will cause the watchpoint itself to destruct
        https://bugs.webkit.org/show_bug.cgi?id=159198
        <rdar://problem/26302360>

        Reviewed by Filip Pizlo.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        (WebCore::JSTestEventTarget::create):

2016-06-28  Anders Carlsson  <andersca@apple.com>

        Move the user gesture requirement to the ApplePaySession constructor
        https://bugs.webkit.org/show_bug.cgi?id=159225
        rdar://problem/26507267

        Reviewed by Tim Horton.

        By doing this, clients can do pre-validation before showing the sheet, while we still maintain the user gesture requirement.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::create):
        (WebCore::ApplePaySession::begin): Deleted.

2016-06-28  Youenn Fablet  <youenn@apple.com>

        Iterable interfaces should have their related prototype @@iterator property writable
        https://bugs.webkit.org/show_bug.cgi?id=159211
        <rdar://problem/26950766>

        Reviewed by Chris Dumez.

        Updating @@iterator property according  http://heycam.github.io/webidl/#es-iterator.

        Covered by updated test.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Removing ReadOnly flag from @@iterator property of iterable interfaces.
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::finishCreation): Rebasing expectation.
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation): Ditto.

2016-06-28  Anders Carlsson  <andersca@apple.com>

        "Total amount is too big" error message is displaying on clicking Pay button
        https://bugs.webkit.org/show_bug.cgi?id=159219
        rdar://problem/26722110

        Reviewed by Tim Horton.

        Match the PassKit max amount.

        * Modules/applepay/PaymentRequestValidator.cpp:
        (WebCore::PaymentRequestValidator::validateTotal):

2016-06-28  Anders Carlsson  <andersca@apple.com>

        PaymentMerchantSession should wrap a PKPaymentMerchantSession
        https://bugs.webkit.org/show_bug.cgi?id=159218
        rdar://problem/26872118

        Reviewed by Tim Horton.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::completeMerchantValidation):
        Use PaymentMerchantSession::fromJS.

        (WebCore::createMerchantSession): Deleted.

        * Modules/applepay/PaymentCoordinator.h:
        PaymentMerchantSession is now a class.

        * Modules/applepay/PaymentCoordinatorClient.h:
        PaymentMerchantSession is now a class.

        * Modules/applepay/PaymentMerchantSession.h:
        (WebCore::PaymentMerchantSession::PaymentMerchantSession):
        (WebCore::PaymentMerchantSession::~PaymentMerchantSession):
        (WebCore::PaymentMerchantSession::pkPaymentMerchantSession):
        Store a PKPaymentMerchantSession in a RetainPtr inside the PaymentMerchantSession object.

        * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
        (WebCore::PaymentMerchantSession::fromJS):
        Convert the JS object to a PKPaymentMerchantSession and return a PaymentMerchantSession that wraps it.

        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/js/Dictionary.h:
        (WebCore::Dictionary::initializerObject):
        Add new getter.

2016-06-28  Brian Burg  <bburg@apple.com>

        RunLoop::Timer should use constructor templates instead of class templates
        https://bugs.webkit.org/show_bug.cgi?id=159153

        Reviewed by Alex Christensen.

        Remove the RunLoop::Timer class template argument, and pass its constructor
        a reference to `this` instead of a pointer to `this`.

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::WebMediaSessionManager::WebMediaSessionManager):
        * Modules/mediasession/WebMediaSessionManager.h:
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::WheelEventTestTrigger):
        * page/WheelEventTestTrigger.h:
        * page/mac/TextIndicatorWindow.h:
        * page/mac/TextIndicatorWindow.mm:
        (WebCore::TextIndicatorWindow::TextIndicatorWindow):
        * platform/MainThreadSharedTimer.h:
        * platform/cocoa/ScrollController.h:
        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::ScrollController):
        * platform/glib/MainThreadSharedTimerGLib.cpp:
        (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
        * platform/graphics/MediaPlaybackTargetPicker.cpp:
        (WebCore::MediaPlaybackTargetPicker::MediaPlaybackTargetPicker):
        * platform/graphics/MediaPlaybackTargetPicker.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (VideoRenderRequestScheduler::VideoRenderRequestScheduler):
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
        (WebCore::TextureMapperPlatformLayerProxy::TextureMapperPlatformLayerProxy):
        (WebCore::TextureMapperPlatformLayerProxy::activateOnCompositingThread):
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
        * platform/mock/MediaPlaybackTargetPickerMock.cpp:
        (WebCore::MediaPlaybackTargetPickerMock::MediaPlaybackTargetPickerMock):
        * platform/mock/MediaPlaybackTargetPickerMock.h:
        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource):
        * platform/mock/MockRealtimeVideoSource.h:
        * platform/network/ResourceHandleInternal.h:
        (WebCore::ResourceHandleInternal::ResourceHandleInternal):

2016-06-27  Jer Noble  <jer.noble@apple.com>

        Cross-domain video loads do not prompt for authorization.
        https://bugs.webkit.org/show_bug.cgi?id=159195
        <rdar://problem/26234612>

        Reviewed by Brent Fulgham.

        Test: http/tests/media/video-auth.html (modified)

        We should prompt for authorization when a cross-origin <video> is embedded
        in a web page.

        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::requestResource):

2016-06-28  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r201471): FormClient.textFieldDidEndEditing is no longer called when a text field is removed
        https://bugs.webkit.org/show_bug.cgi?id=159199
        <rdar://problem/26748189>

        Reviewed by Alexey Proskuryakov.

        The bug was caused by HTMLInputElement's endEditing no longer getting called due to the behavior change.
        Preserve the WebKit2 API semantics by manually calling HTMLInputElement::endEditing in setFocusedElement.

        Tests: WebKit2TextFieldDidBeginAndEndEditing

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement):

2016-06-28  Frederic Wang  <fwang@igalia.com>

        Phrasing content should be accepted in <mo> elements
        https://bugs.webkit.org/show_bug.cgi?id=130245

        Reviewed by Brent Fulgham.

        After r202420, the RenderMathMLOperator element no longer messes with anonymous block and
        text nodes. Hence it is now safe to allow foreign content inside <mo>.

        We extend foreign-element-in-token.html to cover the mo case.

        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::childShouldCreateRenderer): Remove the early return for <mo> so
        that it accepts phrasing content children.

2016-06-27  Anders Carlsson  <andersca@apple.com>

        WebKit::WebPaymentCoordinator leak
        https://bugs.webkit.org/show_bug.cgi?id=159168
        rdar://problem/26929772

        Reviewed by Beth Dakin.

        * Modules/applepay/PaymentCoordinator.cpp:
        (WebCore::PaymentCoordinator::~PaymentCoordinator):
        Call paymentCoordinatorDestroyed().

        * Modules/applepay/PaymentCoordinatorClient.h:
        Rename mainFrameDestroyed to paymentCoordinatorDestroyed().

        * loader/EmptyClients.cpp:

2016-06-28  Frederic Wang  <fwang@igalia.com>

        Remove anonymous in renderName for all MathML renderers but RenderMathMLOperator
        https://bugs.webkit.org/show_bug.cgi?id=159114

        Reviewed by Martin Robinson.

        After r202420, the only anonymous MathML renderers are the RenderMathMLOperators created by
        the mfenced element. Hence we remove the special case for anonymous in the renderName
        implementation of most MathML renderers.

        No new tests, behavior unchanged.

        * rendering/mathml/RenderMathMLRow.h:
        * rendering/mathml/RenderMathMLSpace.h:
        * rendering/mathml/RenderMathMLToken.h:

2016-06-28  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Robustify 'this' type check in RTCPeerConnection JS built-ins
        https://bugs.webkit.org/show_bug.cgi?id=158831

        Reviewed by Youenn Fablet.

        Use @operations slot in RTCPeerConnection type check.

        Updated results of existing test.

        * Modules/mediastream/RTCPeerConnection.js:
        (initializeRTCPeerConnection):
        Initialize @operations slot in constructor.
        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (isRTCPeerConnection):
        Use @operations slot in type check.

2016-06-28  Frederic Wang  <fwang@igalia.com>

        AX: Remove dead code in AccessibilityRenderObject::textUnderElement
        https://bugs.webkit.org/show_bug.cgi?id=159205

        Reviewed by Joanmarie Diggs.

        RenderMathMLOperator used to destroy its descendants and to replace them with an anonymous
        text node wrapped inside anonymous blocks. After r202420, it just behaves as any other token
        elements. Hence we remove the code in AccessibilityRenderObject::textUnderElement that was
        used to handle this specific render tree structure.

        No new tests, already covered by accessibility/math-text.html.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textUnderElement): Remove dead code for RenderText and RenderMathMLOperator.

2016-06-28  Per Arne Vollan  <pvollan@apple.com>

        [Win] Custom elements tests are failing.
        https://bugs.webkit.org/show_bug.cgi?id=159139

        Reviewed by Alex Christensen.

        Fix compile errors after enabling custom element API.

        * bindings/js/JSHTMLElementCustom.cpp:
        (WebCore::constructJSHTMLElement):
        * dom/CustomElementDefinitions.cpp:
        (WebCore::CustomElementDefinitions::addElementDefinition):
        * dom/Document.cpp:
        (WebCore::createHTMLElementWithNameValidation):
        (WebCore::createFallbackHTMLElement):
        * dom/Element.cpp:
        (WebCore::Element::attributeChanged):
        * dom/LifecycleCallbackQueue.cpp:
        (WebCore::LifecycleQueueItem::LifecycleQueueItem):
        (WebCore::LifecycleCallbackQueue::enqueueElementUpgrade):
        (WebCore::LifecycleCallbackQueue::enqueueAttributeChangedCallback):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface):
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::CustomElementConstructionData::CustomElementConstructionData):
        (WebCore::HTMLTreeBuilder::insertGenericHTMLElement):
        * html/parser/HTMLTreeBuilder.h:

2016-06-28  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] usec rounding is wrong during accurate seeking
        https://bugs.webkit.org/show_bug.cgi?id=90734

        Reviewed by Carlos Garcia Campos.

        Use floor() to round the microseconds value, this is more robust
        than roundf.

        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::toGstClockTime):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):

2016-06-28  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] improved duration query support in the HTTP source element
        https://bugs.webkit.org/show_bug.cgi?id=159204

        Reviewed by Carlos Garcia Campos.

        When we have the Content-Length value it is possible to infer the TIME
        duration in most cases by performing a convert query in the downstream
        elements. This is especially useful when the duration query wasn't
        managed by the sinks and thus reached the source element.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcQueryWithParent):

2016-06-28  Youenn Fablet  <youenn@apple.com>

        Binding generator should generate accessors for constructors safely accessed from JS builtin
        https://bugs.webkit.org/show_bug.cgi?id=159087

        Reviewed by Alex Christensen.

        Removed constructor private slots direct additions in JSDOMGlobalObject.
        Added support for generating the code that will do that.
        Advantage of the implementation:
        - Private slots will expose constructors that are also publically visible (previously workers had some private slots filled with WebRTC constructors).
        - Private slots no longer require the creation of the constructors at window creation time.

        Although PublicIdentifier and PrivateIdentifier are both added where needed, the binding generator does not
        support the case of a constructor accessible only privately.

        Covered by existing test set and adding binding test.

        * Modules/mediastream/MediaStream.idl: Marked as PublicIdentifier/PrivateIdentifier.
        * Modules/mediastream/MediaStreamTrack.idl: Ditto.
        * Modules/mediastream/RTCIceCandidate.idl: Ditto.
        * Modules/mediastream/RTCSessionDescription.idl: Ditto.
        * Modules/streams/ReadableStream.idl: Ditto.
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Removed unneeded additions.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Added support for private slots for interface constructors marked as
        PrivateIdentifier.
        * bindings/scripts/preprocess-idls.pl:
        (GenerateConstructorAttribute): Make PublicIdentifier/PrivateIdentifier copied interface attributes.
        * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp:
        (webkit_dom_test_global_object_set_property):
        (webkit_dom_test_global_object_get_property):
        (webkit_dom_test_global_object_class_init):
        (webkit_dom_test_global_object_get_public_and_private_attribute):
        (webkit_dom_test_global_object_set_public_and_private_attribute):
        * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h:
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::jsTestGlobalObjectPublicAndPrivateAttribute):
        (WebCore::setJSTestGlobalObjectPublicAndPrivateAttribute):
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.h:
        * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
        (-[DOMTestGlobalObject publicAndPrivateAttribute]):
        (-[DOMTestGlobalObject setPublicAndPrivateAttribute:]):
        * bindings/scripts/test/TestGlobalObject.idl:


2016-06-27  Jer Noble  <jer.noble@apple.com>

        REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
        https://bugs.webkit.org/show_bug.cgi?id=159172
        <rdar://problem/27030025>

        Reviewed by Brent Fulgham.

        Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
        sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
        (-[WebCoreNSURLSession dataTaskWithRequest:]):
        (-[WebCoreNSURLSession dataTaskWithURL:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):

2016-06-27  Alex Christensen  <achristensen@webkit.org>

        CMake build fix.

        * PlatformMac.cmake:

2016-06-27  Youenn Fablet  <youenn@apple.com>

        Remove didFailAccessControlCheck ThreadableLoaderClient callback
        https://bugs.webkit.org/show_bug.cgi?id=159149

        Reviewed by Daniel Bates.

        Adding an AccessControl ResourceError type.
        Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.

        Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
        were passed directly to threadable loader clients.

        When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
        This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.

        This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
        No other observable change of behavior should be expected.

        * inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
        (WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
        (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
        callback by a direct call to didFail with an error of type AccessControl.
        (WebCore::reportContentSecurityPolicyError): Ditto.
        (WebCore::reportCrossOriginResourceSharingError): Ditto.
        (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
        (WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.
        * loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
        * loader/ThreadableLoaderClientWrapper.h: Ditto.
        * loader/WorkerThreadableLoader.cpp: Ditto.
        * loader/WorkerThreadableLoader.h: Ditto.
        * page/EventSource.cpp:
        (WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.
        * page/EventSource.h:
        * platform/network/ResourceErrorBase.cpp:
        (WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.
        * platform/network/ResourceErrorBase.h: Adding AccessControl error type.
        (WebCore::ResourceErrorBase::isAccessControl):

2016-06-27  Chris Dumez  <cdumez@apple.com>

        HTMLElement / SVGElement should implement GlobalEventHandlers, not Element
        https://bugs.webkit.org/show_bug.cgi?id=159191
        <rdar://problem/27019299>

        Reviewed by Ryosuke Niwa.

        HTMLElement / SVGElement should implement GlobalEventHandlers, not Element:
        - https://html.spec.whatwg.org/multipage/dom.html#htmlelement
        - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement

        Firefox and Chrome behave as per the specification.

        Fixing this also fixes rendering on http://survey123.arcgis.com/.

        No new tests, covered by existing tests that were rebaselined.

        * dom/Element.idl:
        * html/HTMLElement.idl:
        * svg/SVGElement.idl:

2016-06-27  Myles C. Maxfield  <mmaxfield@apple.com>

        [macOS] Test gardening: Generic font families should not map to fonts which aren't installed
        https://bugs.webkit.org/show_bug.cgi?id=159111
        <rdar://problem/25807529>

        Unreviewed.

        Osaka-Mono does not come preinstalled on macOS Sierra. However, many Japanese users
        will have the font installed. Before setting the generic font family, we should check
        to see if the font is present.

        * page/cocoa/SettingsCocoa.mm:
        (WebCore::osakaMonoIsInstalled):
        (WebCore::Settings::initializeDefaultFontFamilies):

2016-06-24  Ryosuke Niwa  <rniwa@webkit.org>

        Don't keep all newly created potential custom elements alive when the feature is disabled
        https://bugs.webkit.org/show_bug.cgi?id=159113

        Reviewed by Daniel Bates.

        Don't keep all HTML unknown elements which has a valid custom element alive when the feature is turned off.

        Ideally we want to conform to the behavior in the Custom Elements specification and only upgrade an element
        that is inserted into the document. We'll implement that later.

        * dom/Document.cpp:
        (WebCore::createHTMLElementWithNameValidation):

2016-06-27  Simon Fraser  <simon.fraser@apple.com>

        [iOS] -webkit-overflow-scrolling: touch prevents repaint with RTL
        https://bugs.webkit.org/show_bug.cgi?id=159186
        rdar://problem/26659341

        Reviewed by Zalan Bujtas.
        
        There were two issues with repaints in -webkit-overflow-scrolling:touch scrolling
        layers.

        First, if the scrolled contents were inline (e.g. a <span>), then repaints were
        broken because RenderInline didn't call shouldApplyClipAndScrollPositionForRepaint().
        Fix by making shouldApplyClipAndScrollPositionForRepaint() a member function of RenderBox
        and calling it from RenderBox::computeRectForRepaint() and RenderInline::clippedOverflowRectForRepaint().

        Second, repaints were broken in RTL because RenderLayerBacking::setContentsNeedDisplayInRect()
        confused scroll offset and scroll position; it needs to subtract scrollPosition.
        
        Finally renamed to applyCachedClipAndScrollOffsetForRepaint() to applyCachedClipAndScrollPositionForRepaint()
        to make it clear that it uses scrollPosition, not scrollOffset.

        Tests: compositing/scrolling/touch-scrolling-repaint-spans.html
               compositing/scrolling/touch-scrolling-repaint.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::applyCachedClipAndScrollPositionForRepaint):
        (WebCore::RenderBox::shouldApplyClipAndScrollPositionForRepaint):
        (WebCore::RenderBox::computeRectForRepaint):
        (WebCore::RenderBox::applyCachedClipAndScrollOffsetForRepaint): Deleted.
        (WebCore::shouldApplyContainersClipAndOffset): Deleted.
        * rendering/RenderBox.h:
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::clippedOverflowRectForRepaint):
        (WebCore::RenderInline::computeRectForRepaint):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::computeRectForRepaint):

2016-06-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202436.
        https://bugs.webkit.org/show_bug.cgi?id=159190

        We don't need to make this change. (Requested by thorton on
        #webkit).

        Reverted changeset:

        "Do not use iOS specific telephone detection on macOS."
        https://bugs.webkit.org/show_bug.cgi?id=159096
        http://trac.webkit.org/changeset/202436

2016-06-27  Benjamin Poulain  <benjamin@webkit.org>

        Adopt the iOS TouchEventHandler API for cases that must have synchronous dispatch
        https://bugs.webkit.org/show_bug.cgi?id=159179
        rdar://problem/27006387

        Reviewed by Simon Fraser.

        Tests: fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-block-scrolling-state.html
               fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-document-scrolling-state.html
               fast/events/touch/ios/block-without-overflow-scroll-scrolling-state.html
               fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-block.html
               fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-document.html
               fast/events/touch/ios/drag-block-without-overflow-scroll.html

        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        (WebCore::Document::removeAllEventListeners):
        * dom/Node.cpp:
        (WebCore::Node::willBeDeletedFrom):
        (WebCore::tryAddEventListener):
        (WebCore::tryRemoveEventListener):
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::SliderThumbElement::registerForTouchEvents):
        (WebCore::SliderThumbElement::unregisterForTouchEvents):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::registerAsTouchEventListenerForScrolling):
        (WebCore::RenderLayer::unregisterAsTouchEventListenerForScrolling):

2016-06-27  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build.

        * bindings/js/SerializedScriptValue.h:
        WTF

2016-06-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202520.
        https://bugs.webkit.org/show_bug.cgi?id=159185

        This change broke the 32-bit El Capitan build (Requested by
        ryanhaddad on #webkit).

        Reverted changeset:

        "REGRESSION?(r202466): http/tests/security/canvas-remote-read-
        remote-video-redirect.html failing on Sierra"
        https://bugs.webkit.org/show_bug.cgi?id=159172
        http://trac.webkit.org/changeset/202520

2016-06-27  Jer Noble  <jer.noble@apple.com>

        REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
        https://bugs.webkit.org/show_bug.cgi?id=159172
        <rdar://problem/27030025>

        Reviewed by Brent Fulgham.

        Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
        sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
        (-[WebCoreNSURLSession dataTaskWithRequest:]):
        (-[WebCoreNSURLSession dataTaskWithURL:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):

2016-06-27  Benjamin Poulain  <benjamin@webkit.org>

        Fix style invalidation for :active when the activated node has no renderer
        https://bugs.webkit.org/show_bug.cgi?id=159125

        Reviewed by Antti Koivisto.

        Same old bug: a style invalidation path was depending
        on the style.

        Here we really need both flags. An element can have
        childrenAffectedByActive() false and renderStyle->affectedByActive() true
        if it was subject to style sharing.

        The element state "childrenAffectedByActive" should be renamed
        "styleAffectedByActive" since it is not a parent invalidation flag.
        That will be done separately.

        Tests: fast/css/pseudo-active-on-labeled-control-without-renderer.html
               fast/css/pseudo-active-style-sharing-1.html
               fast/css/pseudo-active-style-sharing-2.html
               fast/css/pseudo-active-style-sharing-3.html
               fast/css/pseudo-active-style-sharing-4.html
               fast/css/pseudo-active-style-sharing-5.html
               fast/css/pseudo-active-style-sharing-6.html

        * dom/Element.cpp:
        (WebCore::Element::setActive):
        * style/StyleRelations.cpp:
        (WebCore::Style::commitRelationsToRenderStyle):

2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: REGRESSION (r202063): ARIA role attribute is being ignored for label element
        https://bugs.webkit.org/show_bug.cgi?id=159162

        Reviewed by Chris Fleizach.

        createFromRenderer() was creating an AccessibilityLabel for any HTMLLabelElement which
        lacked an explicitly-handled ARIA role. We should instead create an AccessibilityLabel
        when there is no ARIA role.

        Test: accessibility/aria-role-on-label.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):

2016-06-27  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202505.
        https://bugs.webkit.org/show_bug.cgi?id=159169

        The test added with this change is flaky and it caused an
        existing test to time out on El Capitan. (Requested by
        ryanhaddad on #webkit).

        Reverted changeset:

        "[iOS] Media controls are too cramped with small video"
        https://bugs.webkit.org/show_bug.cgi?id=158815
        http://trac.webkit.org/changeset/202505

2016-06-27  Benjamin Poulain  <bpoulain@apple.com>

        Add :focus-within to the status page

        * features.json:
        I forgot to update the json file when landing the feature.

2016-06-27  Eric Carlson  <eric.carlson@apple.com>

        [Mac] PiP placeholder should remain visible when 'controls' attribute is removed
        https://bugs.webkit.org/show_bug.cgi?id=159158
        <rdar://problem/26727435>

        Reviewed by Jer Noble.

        No new tests, existing test updated.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.shouldHaveControls): Always return true when in PiP or AirPlay mode.

2016-06-27  Oliver Hunt  <oliver@apple.com>

        Update ATS WebContent exception for more robust framework information
        https://bugs.webkit.org/show_bug.cgi?id=159151

        Reviewed by Alex Christensen.

        We found some unexpected poor interaction with AVFoundation in the existing
        CFNetwork SPI. This new SPI is more solid and let's us provide more useful
        information while also being more future proof against new frameworks and
        ATS modes.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):

2016-06-27  Antoine Quint  <graouts@apple.com>

        [iOS] Media controls are too cramped with small video
        https://bugs.webkit.org/show_bug.cgi?id=158815
        <rdar://problem/26824238>

        Reviewed by Dean Jackson.

        In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
        for the progress indicator. However, we were not accounting for the width used by
        the current and remaining time labels on either side of it, so we would incorrectly
        conclude that we were guaranteeing the minimum time and yield incorrect layouts since
        we were trying to fit more buttons than we had room for.

        In order to correctly compute the available width for the progress indicator, we now
        have clones of the current and remaining time labels, hidden from video and VoiceOver,
        that we update along with the originals. The same styles apply to both clones and
        originals, so we may measure the clones to determine the space used by the time labels.
        The reason we need to use clones is that if the time labels had previously been hidden
        from view, precisely because there was not enough space to display them along with the
        progress indicator, then trying to obtain metrics from them would yield 0 since they had
        "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
        use the clones so that we never have to toggle the "display" property of the originals
        just to obtain their measurements.

        As a result of this change, we adjust the constant used to set the minimum required
        width available to display the progress indicator after all other essential controls
        and labels have been measured. That constant used to account for the width of the
        time labels, and this is no longer correct.

        Test: media/video-controls-drop-and-restore-timeline.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller):
        (Controller.prototype.createTimeClones):
        (Controller.prototype.removeTimeClass):
        (Controller.prototype.addTimeClass):
        (Controller.prototype.updateDuration):
        (Controller.prototype.updateLayoutForDisplayedWidth):
        (Controller.prototype.updateTime):
        (Controller.prototype.updateControlsWhileScrubbing):
        * Modules/mediacontrols/mediaControlsiOS.css:
        (::-webkit-media-controls-time-remaining-display.clone):
        * Modules/mediacontrols/mediaControlsiOS.js:

2016-06-27  Anders Carlsson  <andersca@apple.com>

        No error message when passing an invalid API version to ApplePaySession constructor
        https://bugs.webkit.org/show_bug.cgi?id=159154

        Reviewed by Tim Horton.

        Log an error message if the version is not supported. Also, check for version 0 since that is also not supported.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::create):

2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: Anonymous RenderMathMLOperators are not exposed to the accessibility tree
        https://bugs.webkit.org/show_bug.cgi?id=139582
        <rdar://problem/26938849>

        Reviewed by Chris Fleizach.

        This is based on a patch by Frederic Wang <fwang@igalia.com>.

        WebCore assigns the generic MathElementRole AccessibilityRole to elements
        which are expected to be included in the accessibility tree. This assignment
        is based on the AccessibilityRenderObject's node being a MathMLElement. The
        anonymous RenderMathMLOperators fail that test.

        From the perspective of accessibility support, these operators function
        like MathMLElements. Furthermore, both WebCore and the platforms rely
        upon MathElementRole to identify accessible MathML objects. The simplest
        fix is to have AccessibilityRenderObject::isMathElement() treat anonymous
        MathML operators as if they were MathMLElements.

        Now that these operators are being exposed, we need to handle them in
        AccessibilityRenderObject::textUnderElement() which assumes that anonymous
        objects either have nodes or have children with nodes. And crashes when
        that fails to be the case. Making RenderMathMLOperator::textContent()
        public and then using it to get the text under anonymous operators solves
        this problem. We also assign StaticTextRole to these operators on the Mac
        because the default platform mapping of MathElementRole is GroupRole, which
        made sense when we had a child RenderText object holding the operator.

        Lastly, AccessibilityRenderObject::isIgnoredElementWithinMathTree() no
        longer needs to special-case anonymous operators because they now have
        MathElementRole.

        Tests: accessibility/math-fenced.html
               accessibility/math-foreign-content.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::isAnonymousMathOperator):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textUnderElement):
        (WebCore::AccessibilityRenderObject::stringValue):
        (WebCore::AccessibilityRenderObject::isMathElement):
        (WebCore::AccessibilityRenderObject::isAnonymousMathOperator):
        (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper role]):
        * rendering/mathml/RenderMathMLMath.h:
        * rendering/mathml/RenderMathMLOperator.h:
        (WebCore::RenderMathMLOperator::textContent):

2016-06-27  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Remove unused RTCOfferAnswerOptionsPrivate.h
        https://bugs.webkit.org/show_bug.cgi?id=159130

        Reviewed by Eric Carlson.

        Remove unused RTCOfferAnswerOptionsPrivate.h file.

        * platform/mediastream/RTCOfferAnswerOptionsPrivate.h: Removed.

2016-06-27  Jer Noble  <jer.noble@apple.com>

        Crash in layout test /media/video-buffered-range-contains-currentTime.html
        https://bugs.webkit.org/show_bug.cgi?id=159109
        <rdar://problem/26535750>

        Reviewed by Alex Christensen.

        Guard against a dealloc race condition by holding a retain on the session
        until the task's _resource:loadFinishedWithError: completes, including
        main thread callbacks.
        
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):

2016-06-27  Frederic Wang  <fwang@igalia.com>

        Set an upper limit for the size or number of pieces of stretchy operators
        https://bugs.webkit.org/show_bug.cgi?id=155434

        Reviewed by Brent Fulgham.

        Stretchy MathML operators can currently use an arbitrary number of extension glyphs to cover
        a target size. This may result in hangs if large stretch sizes are requested. This change
        only allow at most the 128 first extensions to be painted by the MathOperator class, which
        should really be enough for mathematical formulas used in practice.

        No new tests, already tested by very-large-stretchy-operators.

        * rendering/mathml/MathOperator.cpp: Add a new kMaximumExtensionCount constant.
        (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Limit the number of step in this loop to kMaximumExtensionCount.
        (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Ditto.

2016-06-27  Frederic Wang  <fred.wang@free.fr>

        Small refactoring MathMLInlineContainerElement::createElementRenderer
        https://bugs.webkit.org/show_bug.cgi?id=159131

        Reviewed by Brent Fulgham.

        Many of the MathML renderer classes have been merged during the MathML refactoring. We
        simplify how instances are created in MathMLInlineContainerElement::createElementRenderer
        by removing duplicate createRenderer calls.

        No new tests, behavior unchanged.

        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer):

2016-06-27  Miguel Gomez  <magomez@igalia.com>

        [GTK][EFL] Build with threaded compositor enabled is broken
        https://bugs.webkit.org/show_bug.cgi?id=159138

        Reviewed by Carlos Garcia Campos.

        No need to set the device scale. The compositor buffer is only used for the accelerated
        canvas scenario, and the device scale is always 1 there.
        This change was introduced in r202421.

        Covered by existing tests.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::createCompositorBuffer):

2016-06-27  Philippe Normand  <philn@igalia.com>

        [GStreamer] top/bottom black bars added needlessly in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=158980

        Reviewed by Carlos Garcia Campos.

        The natural video size calculation depends on the validity of the
        current sample, so whenever the first sample reached the sink it's a
        good idea to reflect this on the player which will update its natural
        size accordingly.

        Fixes an issue where black borders were added on top and bottom of
        fullscreen video.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):

2016-06-27  Youenn Fablet  <youenn@apple.com>

        Remove didFailRedirectCheck ThreadableLoaderClient callback
        https://bugs.webkit.org/show_bug.cgi?id=159085

        Reviewed by Daniel Bates.

        Removing didFailRedirectCheck and using didFailAccessControlCheck instead.
        The change in behavior is that additional error messages are outputted in the console.
        These messages give additional debugging information.

        Covered by rebased tests.

        * Modules/fetch/FetchLoader.cpp: Removing didFailRedirectCheck.
        * Modules/fetch/FetchLoader.h: Ditto.
        * inspector/InspectorNetworkAgent.cpp: Ditto.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::redirectReceived): Calling didFailAccessControlCheck with information on failing
        URL.
        (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
        * loader/ThreadableLoaderClient.h: Removing didFailRedirectCheck.
        * loader/ThreadableLoaderClientWrapper.h: Ditto.
        * loader/WorkerThreadableLoader.cpp: Ditto.
        * loader/WorkerThreadableLoader.h: Ditto.
        * page/EventSource.cpp: Ditto.
        * page/EventSource.h: Ditto.
        * workers/WorkerScriptLoader.cpp: Ditto.
        * workers/WorkerScriptLoader.h: Ditto.
        * xml/XMLHttpRequest.cpp: Ditto.
        * xml/XMLHttpRequest.h: Ditto.

2016-06-26  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [EFL] Fix build warning when using geoclue2
        https://bugs.webkit.org/show_bug.cgi?id=159128

        Reviewed by Antonio Gomes.

        EFL port has handled build warning as error. So EFL port
        hasn't been built when we use geoclue2 library because a generated geoclue2 file
        has unused-parameter build warning. To fix it this patch set to ignore the build warning
        in the generated geoclue2 file.

        * PlatformEfl.cmake:

2016-06-26  Chris Dumez  <cdumez@apple.com>

        Regression: HTMLOptionsCollection's named properties have precedence over indexed properties
        https://bugs.webkit.org/show_bug.cgi?id=159058
        <rdar://problem/26988542>

        Reviewed by Ryosuke Niwa.

        HTMLOptionsCollection's named properties had precedence over indexed properties,
        which is wrong as per:
        http://heycam.github.io/webidl/#getownproperty-guts

        The reason is that there was a named property getter defined on HTMLOptionsCollection
        but no indexed property getter. As a result, HTMLOptionsCollection would fall back to
        using HTMLCollection's indexed property getter but HTMLOptionsCollection's named getter
        would take precedence. This patch defines an indexed property getter on
        HTMLOptionsCollection to fix the problem.

        Ideally, HTMLOptionsCollection would have no indexed / named property getters and would
        entirely rely on the ones from HTMLCollection. However, our bindings generator currently
        has trouble with this and requires HTMLOptionsCollection to have a named getter.

        Test: fast/dom/HTMLSelectElement/options-indexed-getter-precedence.html

        * html/HTMLOptionsCollection.idl:

2016-06-26  Chris Dumez  <cdumez@apple.com>

        Regression(r202262): Infinite loop under searchForLinkRemovingExistingDDLinks()
        https://bugs.webkit.org/show_bug.cgi?id=159122
        <rdar://problem/27014649>

        Reviewed by Ryosuke Niwa.

        Infinite loop under searchForLinkRemovingExistingDDLinks() because the
        value returned by NodeTraversal::next() was ignored and the node iterator
        was never updated.

        * editing/cocoa/DataDetection.mm:
        (WebCore::searchForLinkRemovingExistingDDLinks):

2016-06-25  Benjamin Poulain  <bpoulain@apple.com>

        The active state of elements can break when focus changes
        https://bugs.webkit.org/show_bug.cgi?id=159112

        Reviewed by Antti Koivisto.

        The pseudo class :active was behaving weirdly when used
        with label elements with an associated form element.
        The form element would get the :active state on the first click
        then no longer get the state until the focus changes.

        What was happenning is setFocusedElement() was clearing active
        for some unknown reason. When you really do that on an active element,
        you end up in an inconsistent state where no invalidation works.

        The two tests illustrates 2 ways this breaks.

        The test "pseudo-active-on-labeled-element-not-canceled-by-focus" clicks
        several time on a lable element. The first time, the input element gets
        the focus. The second time, it already has the focus, setFocusedElement()
        clears :active before finding the focusable element and end up clearing
        the active state on a target in the active chain.

        The test "pseudo-active-with-programmatic-focus.html" shows how to invalidate
        arbitrary elements using JavaScript. This can cause severely broken active
        chains where invalidation never cleans some ancestors.

        Tests: fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html
               fast/css/pseudo-active-with-programmatic-focus.html

        * dom/Document.cpp:
        (WebCore::Document::setFocusedElement): Deleted.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseDoubleClickEvent):
        This is WebKit1 specific. The double click event was dispatching
        the mouseUp and Click with after doing an Active hit test.
        This causes us to have :active state in and after mouseUp in WebKit1.

2016-06-24  Jer Noble  <jer.noble@apple.com>

        Consider exposing or hiding knowledge of a redirect from clients of WebCoreNSURLSession
        https://bugs.webkit.org/show_bug.cgi?id=156722
        <rdar://problem/25780035>

        Reviewed by Alex Christensen.

        Fixes tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed2.html
                     http/tests/security/contentSecurityPolicy/video-redirect-allowed2.html

        When receieving a NSURLResponse containing a redirected URL, AVFoundadtion will use the
        URL in the response for subsequent requests. This violates the HTTP specification if the
        redirect was temporary, and it also breaks two CSP tests by bypassing the redirect step
        for subsequent requests.

        Work around this behavior in AVFoundation by recreating the NSURLResponse with the original
        request URL in the case of a temporary redirect.

        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):

2016-06-24  Jer Noble  <jer.noble@apple.com>

        MSE gets confused by in-band text tracks
        https://bugs.webkit.org/show_bug.cgi?id=159107
        <rdar://problem/26871330>

        Reviewed by Eric Carlson.

        We can't currently handle text track samples in SourceBufferPrivateAVFObjC,
        so don't pass them up to SourceBuffer.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):
        (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):

2016-06-24  Mark Lam  <mark.lam@apple.com>

        [JSC] Error prototypes are called on remote scripts.
        https://bugs.webkit.org/show_bug.cgi?id=52192

        Reviewed by Keith Miller.

        Test: http/tests/security/regress-52192.html

        Parsing errors are reported to the main script's window.onerror function.  AFAIK,
        both Chrome and Firefox have the error reporting mechanism use an internal
        sanitized version of Error.prototype.toString() that will not invoke any getters
        or proxies instead.

        This patch fixes this issue by matching Chrome and Firefox's behavior.

        Note: we did not choose to make error objects and prototypes read-only because
        that was observed to have broken the web.
        See https://bugs.chromium.org/p/chromium/issues/detail?id=69187#c73

        Credit for reporting this issue goes to Daniel Divricean (http://divricean.ro).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::reportException):
        * ForwardingHeaders/runtime/ErrorInstance.h: Added.

2016-06-24  Jer Noble  <jer.noble@apple.com>

        Media elements should not lose playback controls when muted by a user gesture
        https://bugs.webkit.org/show_bug.cgi?id=159078
        <rdar://problem/26925904>

        Reviewed by Beth Dakin.

        Rearrange canControlControlsManager() so that the muted check only occurs if
        a user gesture is required.

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::canControlControlsManager):

2016-06-24  Beth Dakin  <bdakin@apple.com>

        Include enclosingListType in EditorState
        https://bugs.webkit.org/show_bug.cgi?id=159102
        -and corresponding-
        rdar://problem/26932490

        Reviewed by Enrica Casucci.

        Make HTMLOListElement.h and HTMLUListElement.h Private instead of Project.
        * WebCore.xcodeproj/project.pbxproj:

        Export enclosingList(Node*)
        * editing/htmlediting.h:

2016-06-24  Anders Carlsson  <andersca@apple.com>

        Another Windows build fix.

        * platform/network/BlobRegistry.h:

2016-06-24  Anders Carlsson  <andersca@apple.com>

        Yet another Windows build fix.

        * dom/ActiveDOMCallbackMicrotask.h:

2016-06-24  Anders Carlsson  <andersca@apple.com>

        Another Windows build fix.

        * page/FrameView.h:

2016-06-24  Anders Carlsson  <andersca@apple.com>

        Inline more of the Apple Pay source code
        https://bugs.webkit.org/show_bug.cgi?id=159099

        Reviewed by Andreas Kling.

        * page/Settings.h:
        (WebCore::Settings::applePayEnabled):
        (WebCore::Settings::setApplePayEnabled):
        (WebCore::Settings::applePayCapabilityDisclosureAllowed):
        (WebCore::Settings::setApplePayCapabilityDisclosureAllowed):

2016-06-24  Anders Carlsson  <andersca@apple.com>

        Windows build fix.

        * platform/GenericTaskQueue.h:
        (WebCore::TaskDispatcher::postTask):

2016-06-24  Frederic Wang  <fwang@igalia.com>

        Use auto* for MathML elements and renderers when possible
        https://bugs.webkit.org/show_bug.cgi?id=159090

        Reviewed by Alex Christensen.

        No new tests, behavior is unchanged.

        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::attributeChanged):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
        (WebCore::MathMLSelectElement::getSelectedActionChild):
        (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
        (WebCore::MathMLSelectElement::updateSelectedChild):
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::isValid):
        * rendering/mathml/RenderMathMLMenclose.cpp:
        (WebCore::RenderMathMLMenclose::layoutBlock):
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::isValid):
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::firstLineBaseline):
        (WebCore::RenderMathMLRow::computeLineVerticalStretch):
        (WebCore::RenderMathMLRow::computePreferredLogicalWidths):
        (WebCore::RenderMathMLRow::layoutRowItems):
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::unembellishedOperator):
        (WebCore::RenderMathMLScripts::getBaseAndScripts):
        (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
        (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
        (WebCore::RenderMathMLScripts::layoutBlock):
        (WebCore::RenderMathMLScripts::firstLineBaseline):
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::firstLineBaseline):
        (WebCore::RenderMathMLUnderOver::isValid):
        (WebCore::RenderMathMLUnderOver::over):

2016-06-24  Joseph Pecoraro  <pecoraro@apple.com>

        Remove unused and static return value from InspectorStyle::populateAllProperties
        https://bugs.webkit.org/show_bug.cgi?id=159069

        Reviewed by Andreas Kling.

        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyle::populateAllProperties):
        * inspector/InspectorStyleSheet.h:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Rename NoncopyableFunction to Function
        https://bugs.webkit.org/show_bug.cgi?id=158354

        Reviewed by Chris Dumez.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::runTask):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/webaudio/AudioDestinationNode.h:
        (WebCore::AudioDestinationNode::resume):
        (WebCore::AudioDestinationNode::suspend):
        (WebCore::AudioDestinationNode::close):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::resume):
        (WebCore::DefaultAudioDestinationNode::suspend):
        (WebCore::DefaultAudioDestinationNode::close):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        * dom/ActiveDOMCallbackMicrotask.cpp:
        (WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
        * dom/ActiveDOMCallbackMicrotask.h:
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::Task::Task):
        * fileapi/AsyncFileStream.cpp:
        (WebCore::callOnFileThread):
        (WebCore::AsyncFileStream::perform):
        * fileapi/AsyncFileStream.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::queuePostLayoutCallback):
        (WebCore::FrameView::flushPostLayoutTasksQueue):
        * page/FrameView.h:
        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::dispatch):
        (WebCore::ScrollingThread::dispatchBarrier):
        (WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
        * page/scrolling/ScrollingThread.h:
        * platform/GenericTaskQueue.cpp:
        (WebCore::TaskDispatcher<Timer>::postTask):
        * platform/GenericTaskQueue.h:
        (WebCore::TaskDispatcher::postTask):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::scheduleDeferredTask):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::scheduleDeferredTask):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::postResolutionCallbackQueue):
        (WebCore::Style::queuePostResolutionCallback):
        * style/StyleTreeResolver.h:

2016-06-24  Amir Alavi  <aalavi@apple.com>

        Use _CFHTTPCookieStorageGetDefault directly instead of NSHTTPCookieStorage to get default cookie storage
        https://bugs.webkit.org/show_bug.cgi?id=159095
        rdar://problem/26630073

        Reviewed by Brent Fulgham.

        No new tests, it isn't possible to test this in a LayoutTest.

        * platform/network/mac/CookieJarMac.mm:
        (WebCore::httpCookiesForURL): Get a CFHTTPCookieStorageRef when no cookie storage is provided to match the case when cookie storage is provided.

2016-06-24  Enrica Casucci  <enrica@apple.com>

        Do not use iOS specific telephone detection on macOS.
        https://bugs.webkit.org/show_bug.cgi?id=159096
        rdar://problem/25870571

        Reviewed by Anders Carlsson.

        Adding platform guard.

        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
        (WebCore::TelephoneNumberDetector::phoneNumbersScanner):

2016-06-24  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix after r202429; AVStreamDataParser does not exist on iOS.

        * platform/spi/mac/AVFoundationSPI.h:

2016-06-24  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix after r202429; Fix the type of the delegate property on AVStreamDataParser.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        * platform/spi/mac/AVFoundationSPI.h:

2016-06-02  Jer Noble  <jer.noble@apple.com>

        [MSE] Adopt +[AVStreamDataParser outputMIMECodecParameterForInputMIMECodecParameter:]
        https://bugs.webkit.org/show_bug.cgi?id=158312

        Reviewed by Eric Carlson.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType):

        Move the declaration of AVStreamDataParser into AVFoundationSPI.h:

        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        (WebCore::CDMSessionAVStreamSession::update):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
        * platform/spi/mac/AVFoundationSPI.h:

2016-06-24  Eric Carlson  <eric.carlson@apple.com>

        [iOS, Mac] Assume a media file has audio during AirPlay
        https://bugs.webkit.org/show_bug.cgi?id=159088
        <rdar://problem/24616592>

        Reviewed by Jer Noble.

        No new tests, it isn't possible to test this in a LayoutTest.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Call 
          mediaSession->setCanProduceAudio(true) when AirPlay becomes active.

2016-06-24  Jer Noble  <jer.noble@apple.com>

        Playback controls refer to wrong element when playing multiple items in a page.
        https://bugs.webkit.org/show_bug.cgi?id=159076
        <rdar://problem/26953532>

        Reviewed by Beth Dakin.

        Use a new method PlatformMediaSessionManager::currentSessionMatching() to get
        the most recently active media element which qualifies for playback controls.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updatePlaybackControlsManager): Get the most recently active session.
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::canControlControlsManager): Make virtual; no longer takes an element.
        * html/MediaElementSession.h:
        (isType): Allow downcasting from PlatformMediaSession -> MediaElementSession.
        * page/ChromeClient.h:
        * platform/audio/PlatformMediaSession.h:
        (WebCore::PlatformMediaSession::canControlControlsManager): Defaults to false;
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::currentSessionMatching): Added.
        * platform/audio/PlatformMediaSessionManager.h:

2016-06-24  Dan Bernstein  <mitz@apple.com>

        Fixed the macOS build.

        * platform/spi/cocoa/DataDetectorsCoreSPI.h:

2016-06-24  Dan Bernstein  <mitz@apple.com>

        [iOS] Inline DataDetectorsAdditions.h
        https://bugs.webkit.org/show_bug.cgi?id=159093

        Reviewed by Anders Carlsson.

        * editing/cocoa/DataDetection.mm:
        (WebCore::constructURLStringForResult): Use soft-linked constant directly.

        * platform/cocoa/DataDetectorsCoreSoftLink.h: Declare soft-linked constant.
        * platform/cocoa/DataDetectorsCoreSoftLink.mm: Define soft-linked constant.
        * platform/spi/cocoa/DataDetectorsCoreSPI.h: Declare constant.

2016-06-24  Yusuke Suzuki  <utatane.tea@gmail.com>

        [GTK][EFL] ImageBufferCairo should accept resolution factor
        https://bugs.webkit.org/show_bug.cgi?id=157848

        Reviewed by Martin Robinson.

        ImageBufferCairo ignored the resolution factor passed in its constructor.
        This resolution factor is originally introduced for HiDPI Canvas,
        and since HiDPI canvas is not enabled in the ports using Cairo,
        the lack of this implementation does not cause any problems.
        And now, HiDPI Canvas is removed from the tree.

        However, WebKit CSS filter uses this path.
        The missing implementation is required under the HiDPI environment.

        Since Cairo surface can have the device scale factor transparently,
        the operations onto the surface is correctly done in the logical coordinate system.
        So all we need to handle carefully is the direct surface modification done
        in filter effects.

        In this patch, we extend the image buffer size according to the resolution factor,
        as the same to the CoreGraphics' implementation (ImageBufferCG). And by setting the
        device scale factor of the surface correctly, we ensure that the rest of the Cairo
        painting stack works with the existing logical coordinate system. And in ImageBufferCairo,
        we carefully handle the logical and backing store coordinate system.

        The attached test applies the CSS filter onto the svg image. And we resize the image size,
        and perform scrolling. It incurs the paint, and filter effect recalcuation.
        In that path, the filter effect side assumes that the image buffer size is scaled with the
        resolution factor. So without this patch, it incurs buffer overflow and leads WebProcess crash.

        * platform/graphics/IntPoint.h:
        (WebCore::IntPoint::scale):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::createCompositorBuffer):
        (WebCore::ImageBuffer::ImageBuffer):
        (WebCore::ImageBuffer::copyImage):
        (WebCore::ImageBuffer::platformTransformColorSpace):
        (WebCore::getImageData):
        (WebCore::logicalUnit):
        (WebCore::backingStoreUnit):
        (WebCore::ImageBuffer::getUnmultipliedImageData):
        (WebCore::ImageBuffer::getPremultipliedImageData):
        (WebCore::ImageBuffer::putByteArray):
        (WebCore::ImageBuffer::copyToPlatformTexture):

2016-06-24  Frederic Wang  <fwang@igalia.com>

        Refactor RenderMathMLOperator and RenderMathMLToken to avoid using anonymous renderers.
        https://bugs.webkit.org/show_bug.cgi?id=155018

        Reviewed by Martin Robinson.

        No new tests, already covered by existing tests.

        We use MathOperator for RenderMathMLOperator to avoid creating anonymous text nodes again
        and again. We reimplement implicit mathvariant="italic" on single-char mi in a way that does
        not rely on creating anonymous text nodes. Finally, we improve the determination/update of
        when mathvariant is italic to avoid breaking foreign-mi-dynamic test.
        The change in the render tree structure breaks mfenced accessibility support but that will
        be fixed in follow-up patches. The simplifications made here will also allow to simplify the
        accessibility code.

        * css/mathml.css:
        (mo): Deleted. This flexbox rule is no longer needed.
        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::RenderMathMLBlock::createAnonymousMathMLBlock): Deleted. We no longer need to
        create anonymous renderer with this function.
        * rendering/mathml/RenderMathMLBlock.h: Delete createAnonymousMathMLBlock.
        * rendering/mathml/RenderMathMLOperator.cpp: Implement layout functions without relying on
        flexbox or anonymous.
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Handle the case of !useMathOperator()
        for which we need to add extra operator spacing after the RenderMathMLToken layout.
        (WebCore::RenderMathMLOperator::layoutBlock): Ditto.
        (WebCore::RenderMathMLOperator::isChildAllowed): Deleted. We allow the non-anonymous text.
        (WebCore::RenderMathMLOperator::rebuildTokenContent): No longer destroy and rebuild
        anonymous wrapper. Remove updateStyle call.
        (WebCore::RenderMathMLOperator::updateStyle): Deleted. We no longer need anonymous style for the spacing.
        * rendering/mathml/RenderMathMLOperator.h: Remove updateStyle() and isChildAllowed().
        Make textContent() public so that it can be accessed from the accessibility code.
        * rendering/mathml/RenderMathMLToken.cpp: Reimplement implicit mathvariant="italic" by
        painting MATHEMATICAL ITALIC characters instead of styling an anonymous wrapper.
        (WebCore::RenderMathMLToken::RenderMathMLToken): Init m_mathVariantGlyph and m_mathVariantGlyphDirty
        (WebCore::RenderMathMLToken::updateTokenContent): Set mathvariant glyph dirty when the content changes.
        (WebCore::transformToItalic): Helper function to map latin and greek alphabets to their
        MATHEMATICAL ITALIC counterpart.
        (WebCore::RenderMathMLToken::computePreferredLogicalWidths): Implement this function to
        handle the case where the mathvariant glyph is used.
        (WebCore::RenderMathMLToken::updateMathVariantGlyph): Helper function to update the mathvariant glyph.
        For now, we try and keep with the old (and limited) implementation: a mathvariant glyph may
        only used for single-char <mi> without mathvariant attribute attached to it.
        (WebCore::RenderMathMLToken::styleDidChange): Set the mathvariant glyph dirty when the style
        changes.
        (WebCore::RenderMathMLToken::updateFromElement): Remove updateStyle call and set mathvariant
        glyph dirty.
        (WebCore::RenderMathMLToken::firstLineBaseline): Implement this function to handle the case
         where the mathvariant glyph is used.
        (WebCore::RenderMathMLToken::layoutBlock): Ditto.
        (WebCore::RenderMathMLToken::paint): Ditto.
        (WebCore::RenderMathMLToken::paintChildren): Ditto.
        (WebCore::RenderMathMLToken::addChild): Deleted. No need to bother with anonymous renderer
        or style.
        (WebCore::RenderMathMLToken::createWrapperIfNeeded): Deleted. Ditto.
        (WebCore::RenderMathMLToken::updateStyle): Deleted. Ditto.
        * rendering/mathml/RenderMathMLToken.h: Update declarations of functions.
        (WebCore::RenderMathMLToken::setMathVariantGlyphDirty): Helper function to indicate that the
        mathvariant glyph will need to be updated.

2016-06-24  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Unreviewed EFL build fix.

        There is forward declaration build error on EFL port.

        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp: Include DOMWindow.h and Document.h.

2016-06-23  Brady Eidson  <beidson@apple.com>

        Retrieving Blobs from IndexedDB using cursors fails in WK2 (Sandboxing)
        https://bugs.webkit.org/show_bug.cgi?id=158991

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/blob-cursor.html

        * platform/network/BlobDataFileReference.cpp:
        (WebCore::BlobDataFileReference::startTrackingModifications): Deleted.

2016-06-23  Alex Christensen  <achristensen@webkit.org>

        Remove unused didCancelAuthenticationChallenge
        https://bugs.webkit.org/show_bug.cgi?id=158819

        Reviewed by David Kilzer.

        No change in behavior.  This callback was deprecated in Yosemite.  It is never called.

        * loader/EmptyClients.h:
        * loader/FrameLoaderClient.h:
        * loader/ResourceLoadNotifier.cpp:
        (WebCore::ResourceLoadNotifier::didCancelAuthenticationChallenge): Deleted.
        * loader/ResourceLoadNotifier.h:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didCancelAuthenticationChallenge): Deleted.
        * loader/ResourceLoader.h:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::didCancelAuthenticationChallenge): Deleted.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::didCancelAuthenticationChallenge): Deleted.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
        * platform/spi/cocoa/NSURLDownloadSPI.h:

2016-06-23  Anders Carlsson  <andersca@apple.com>

        Add "shippingType" to the list of valid payment request properties
        https://bugs.webkit.org/show_bug.cgi?id=159079
        <rdar://problem/26988429>

        Reviewed by Dean Jackson.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::isValidPaymentRequestPropertyName):

2016-06-23  Benjamin Poulain  <benjamin@webkit.org>

        Specialize synchronous event tracking per event type
        https://bugs.webkit.org/show_bug.cgi?id=158826

        Reviewed by Simon Fraser.

        First, kudos to Rick Byers for all his helps on passive event dispatch.
        The specs are pretty damn good and his help reviewing patches is very useful.

        This patch change synchronous event dispatch to happen per event
        instead of per sequence touchstart->touchend.

        The big advantage of this is we can dispatch more events asynchronously.
        For example, to handle a tap programmatically, you can limit the active listener
        to the touchend event. The touchstart and touchmove are now dispatched asynchronously.

        The implementation is a simple extension to EventTrackingRegions.
        Instead of a single synchronous region, we have one region per event type.
        When processing the events, we only need to send the events synchronously
        if that particular event type has a synchronous region.

        Note that EventDispatcher's touch event support already supports
        mixing synchronous and asynchronous events. The events are always processed
        in order even if asynchronous events are pending when a synchronous dispatch
        happens.

        Tests: fast/events/touch/ios/tap-with-active-listener-inside-document-with-passive-listener.html
               fast/events/touch/ios/tap-with-active-listener-inside-window-with-passive-listener.html
               fast/events/touch/ios/tap-with-active-touch-end-listener.html
               fast/events/touch/ios/tap-with-passive-listener-inside-active-listener.html
               fast/events/touch/ios/tap-with-passive-touch-end-listener.html
               fast/events/touch/ios/tap-with-passive-touch-start-active-touch-end-listeners-on-elements.html
               fast/events/touch/ios/tap-with-passive-touch-start-active-touch-move-listeners-on-elements.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::hasActiveTouchEventListeners): Deleted.
        * dom/EventTarget.h:
        * page/DebugPageOverlays.cpp:
        (WebCore::NonFastScrollableRegionOverlay::updateRegion):
        * page/Page.cpp:
        (WebCore::Page::nonFastScrollableRects):
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
        * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
        (WebCore::ScrollingTree::eventTrackingTypeForPoint):
        * page/scrolling/ScrollingTree.h:
        * platform/EventTrackingRegions.cpp: Added.
        (WebCore::EventTrackingRegions::trackingTypeForPoint):
        (WebCore::EventTrackingRegions::isEmpty):
        (WebCore::EventTrackingRegions::translate):
        (WebCore::EventTrackingRegions::uniteSynchronousRegion):
        (WebCore::EventTrackingRegions::unite):
        (WebCore::operator==):
        * platform/EventTrackingRegions.h:
        (WebCore::EventTrackingRegions::isEmpty): Deleted.
        (WebCore::EventTrackingRegions::trackingTypeForPoint): Deleted.
        (WebCore::operator==): Deleted.

2016-06-23  Simon Fraser  <simon.fraser@apple.com>

        More attempting to fix external iOS builds.

        * platform/spi/cocoa/QuartzCoreSPI.h:

2016-06-23  Simon Fraser  <simon.fraser@apple.com>

        Try to fix the non-internal builds by defining CARenderServerBufferRef.

        * platform/spi/cocoa/QuartzCoreSPI.h:

2016-06-23  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Make DumpRenderTree and WebKitTestRunner in the simulator use render server snapshotting
        https://bugs.webkit.org/show_bug.cgi?id=159077

        Reviewed by Tim Horton.

        Add CARenderServer SPIs.

        Test: fast/harness/snapshot-captures-compositing.html

        * platform/spi/cocoa/QuartzCoreSPI.h:

2016-06-23  Brian Burg  <bburg@apple.com>

        Web Inspector: add assertions to catch dangling frontends that persist between tests
        https://bugs.webkit.org/show_bug.cgi?id=159073

        Reviewed by Joseph Pecoraro.

        Based on the analysis in https://webkit.org/b/159070, we suspect that some test
        flakiness might be caused by dangling frontends from previous test cases. Add an
        assertion that should catch any frontends that are attached to the inspected page's
        backend. There should never be any frontends connected when a test first starts.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::setIsUnderTest):
        * inspector/InspectorController.h:

2016-06-23  Said Abou-Hallawa  <sabouhallawa@apple.com>

        requestFrameAnimation() callback timestamp should be very close to Performance.now() 
        https://bugs.webkit.org/show_bug.cgi?id=159038

        Reviewed by Simon Fraser.

        Pass the Performance.now() to requestFrameAnimation() callback. Do not add
        the timeUntilOutput which is the difference between outputTime and now since
        this addition makes us report a timestamp ahead in the future by almost 33ms.

        A new function named "nowTimestamp()" is added to the DOMWindow class. It
        calls Performance.now() if WEB_TIMING is enabled, otherwise it calls
        monotonicallyIncreasingTime(). The returned timestamp is seconds and it is
        relative to the document loading time.

        The timestamp passing will be removed all the down till the callers of
        ScriptedAnimationController::serviceScriptedAnimations(). The callers will
        getting the now timestamp by calling DOMWindow::nowTimestamp().

        Tests: animations/animation-callback-timestamp.html
               animations/animation-multiple-callbacks-timestamp.html

        * dom/Document.cpp:
        (WebCore::Document::monotonicTimestamp):
        (WebCore::Document::serviceScriptedAnimations):
        * dom/Document.h:
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
        (WebCore::ScriptedAnimationController::animationTimerFired):
        (WebCore::ScriptedAnimationController::displayRefreshFired):
        * dom/ScriptedAnimationController.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
        * loader/DocumentLoadTiming.h:
        (WebCore::DocumentLoadTiming::referenceWallTime):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::nowTimestamp):
        * page/DOMWindow.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::serviceScriptedAnimations):
        * page/FrameView.h:
        * platform/graphics/DisplayRefreshMonitor.cpp:
        (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
        (WebCore::DisplayRefreshMonitor::displayDidRefresh):
        * platform/graphics/DisplayRefreshMonitor.h:
        (WebCore::DisplayRefreshMonitor::setMonotonicAnimationStartTime): Deleted.
        * platform/graphics/DisplayRefreshMonitorClient.cpp:
        (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
        * platform/graphics/DisplayRefreshMonitorClient.h:
        * platform/graphics/GraphicsLayerUpdater.cpp:
        (WebCore::GraphicsLayerUpdater::displayRefreshFired):
        * platform/graphics/GraphicsLayerUpdater.h:
        * platform/graphics/ios/DisplayRefreshMonitorIOS.h:
        * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
        (-[WebDisplayLinkHandler handleDisplayLink:]):
        (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
        (WebCore::mediaTimeToCurrentTime): Deleted.
        * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
        (WebCore::displayLinkCallback):
        (WebCore::DisplayRefreshMonitorMac::displayLinkFired):
        * platform/graphics/mac/DisplayRefreshMonitorMac.h:
        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::syncDisplayState):
        (WebCore::CompositingCoordinator::nextAnimationServiceTime):

2016-06-23  David Kilzer  <ddkilzer@apple.com>

        Remove unused HarfBuzzFaceCoreText.cpp
        <https://webkit.org/b/159065>

        Reviewed by Myles C. Maxfield.

        * platform/graphics/harfbuzz/HarfBuzzFaceCoreText.cpp: Removed.

2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Memory Timeline sometimes shows impossible value for bmalloc size (underflowed)
        https://bugs.webkit.org/show_bug.cgi?id=158110
        <rdar://problem/26498584>

        Reviewed by Andreas Kling.

        IOSurface memory backing Canvas element buffers should be classified as "GC Owned",
        but should not be considered a part of bmalloc. In fact, the actual memory cost is
        external to the Web Content Process. The majority of extra memory reporters tend
        to report extra memory that is also allocated in bmalloc. However, some report
        non-bmalloc memory, such as the IOSurfaces here.
        
        Continue to report the memory cost without changes to inform the Heap for garbage
        collection. However, also keep better accounting of GCOwned memory that is external
        to the process for better accounting for the Resource Usage overlay and Web Inspector
        Memory timeline.
        
        This is a bit of a game where we want to display the best possible number for
        "GCOwned memory" in the tools, but some of that memory shows up in the other
        regions (bmalloc, system malloc, etc). Already many sizes are estimates
        (ReportExtraMemory, reportExtraMemory ignores small allocations), so we just focus
        on getting the largest sources of allocations, such as Canvas IOSurfaces here,
        into the right bucket. ResourceUsageThreadCocoa continues to subtract the "extra"
        memory from bmalloc. So, we should address other large sources of "extra memory"
        not in bmalloc. A likely candidate is HTMLMediaElement which uses the deprecated
        reporting right now.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        Add a way to report External memory, dependent on reporting Extra memory.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::externalMemoryCost):
        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.idl:
        Report external memory cost just like extra memory.

        * page/ResourceUsageData.cpp:
        (WebCore::ResourceUsageData::ResourceUsageData):
        * page/ResourceUsageData.h:
        (WebCore::MemoryCategoryInfo::totalSize):
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::RingBuffer::at):
        (WebCore::appendDataToHistory):
        (WebCore::ResourceUsageOverlay::platformDraw):
        * page/cocoa/ResourceUsageThreadCocoa.mm:
        (WebCore::categoryForVMTag):
        (WebCore::ResourceUsageThread::platformThreadBody):
        Do not count the GCOwned External memory as dirty memory.
        Include External memory output in the overlay.

        * inspector/InspectorMemoryAgent.cpp:
        (WebCore::InspectorMemoryAgent::collectSample):
        When sizing the JavaScript portion, include both the GC Owned
        category's dirty and external memory. Ultimately we will
        want this everywhere in case things change.

        * platform/graphics/ImageBuffer.cpp:
        (WebCore::memoryCost):
        (WebCore::externalMemoryCost):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::memoryCost):
        (WebCore::ImageBuffer::externalMemoryCost):
        Report IOSurface total bytes as extra memory and external memory
        so that it can be tracked as GC Owned memory that is separate from
        regular (bmalloc/other) in process memory.

2016-06-23  Alexey Proskuryakov  <ap@apple.com>

        Handle (0, 0) ranges from Lookup
        https://bugs.webkit.org/show_bug.cgi?id=159062
        rdar://problem/26960385

        Reviewed by Tim Horton.

        * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeAtHitTestResult):
        Paper over <https://bugs.webkit.org/show_bug.cgi?id=159063>, which seems too involved
        to fix now.

2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: first heap snapshot taken when a page is reloaded happens before the reload navigation
        https://bugs.webkit.org/show_bug.cgi?id=158995
        <rdar://problem/26923778>

        Reviewed by Brian Burg.

        When the "Heap" instrument is included in the Timeline list
        of instruments, defer starting it in an auto-capture scenario
        until after the page does its first navigation.

        AutoCapture on the backend happens when it is enabled at
        the main resource starts loading. In that case it proceeds
        through the following phases:

            No Auto Capture:
                None

            Auto Capture:
                BeforeLoad -> FirstNavigation -> AfterFirstNavigation

        When toggling instruments for backend initiated capture
        most instruments do not care and will just start/stop.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        Inform the TimelineAgent that the main frame navigated.
        Do this after informing the HeapAgent (so any potential
        snapshot does not get cleared) and PageAgent (so the
        frontend knows the page navigated before the agent starts).

        * inspector/InspectorTimelineAgent.h:
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::internalStop):
        (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
        (WebCore::InspectorTimelineAgent::mainFrameNavigated):
        Update the auto capture phase transitions.

        (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
        Only start the heap agent during the None phase (console.profile)
        or with the first navigation (auto capture page navigation).

2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Snapshots should be cleared at some point
        https://bugs.webkit.org/show_bug.cgi?id=157907
        <rdar://problem/26373610>

        Reviewed by Timothy Hatcher.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorAllInOne.cpp:
        New specialized agent.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        Construct a specialized HeapAgent.

        * inspector/PageHeapAgent.h:
        * inspector/PageHeapAgent.cpp:
        (WebCore::PageHeapAgent::PageHeapAgent):
        (WebCore::PageHeapAgent::enable):
        (WebCore::PageHeapAgent::disable):
        (WebCore::PageHeapAgent::mainFrameNavigated):
        Clear backend snapshots on page navigations.
        Set the PageHeapAgent instrumenting agent on enable/disable.

        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::pageHeapAgent):
        (WebCore::InstrumentingAgents::setPageHeapAgent):
        Active PageHeapAgent.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        Inform the PageHeapAgent when the mainframe navigates.

2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>

        CSSComputedStyleDeclaration::length should recalculate styles if needed to provide the correct value
        https://bugs.webkit.org/show_bug.cgi?id=159053
        <rdar://problem/26638119>

        Reviewed by Simon Fraser.

        Test: fast/css/variables/custom-property-computed-style-length-update.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::length):

2016-06-23  John Wilander  <wilander@apple.com>

        Enable window.open() for existing versions of Secret Society
        https://bugs.webkit.org/show_bug.cgi?id=159049
        <rdar://problem/26528349>

        Reviewed by Andy Estes.

        The Secret Society Hidden Mystery app has a broken version check treating iOS 10
        as iOS 1 on iPads. Therefore it believes it can use window.open() in a tap
        handler. We should allow the existing versions of the app to do this to not break
        them.

        No new tests. Tested manually in the app.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::allowPopUp):
            Now checks with Settings whether it should allow a popup even though it is
            not processing a user gesture.
        * page/Settings.in:
            Added setting allowWindowOpenWithoutUserGesture.
        * platform/RuntimeApplicationChecks.h:
        * platform/RuntimeApplicationChecks.mm:
        (WebCore::IOSApplication::isTheSecretSocietyHiddenMystery):
            Added.

2016-06-23  Chris Dumez  <cdumez@apple.com>

        Only call sqlite3_initialize() when a SQLite database is actually being opened
        https://bugs.webkit.org/show_bug.cgi?id=159033

        Reviewed by Brady Eidson.

        Only call sqlite3_initialize() when a SQLite database is actually being opened
        instead of doing it unconditionally. sqlite3_initialize() was previously called
        in the SQLiteDatabase constructor which gets called on WebContent process
        initialization because a DatabaseTracker is constructed on initialization and
        DatabaseTracker has a SQLiteDatabase data member.

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::initializeSQLiteIfNecessary):
        (WebCore::SQLiteDatabase::open):
        (WebCore::SQLiteDatabase::SQLiteDatabase): Deleted.
        * platform/sql/SQLiteDatabase.h:

2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Align 'update ICE connection/gathering state' steps with the WebRTC 1.0 specification
        https://bugs.webkit.org/show_bug.cgi?id=159054

        Reviewed by Eric Carlson.

        Add checks for same state and closed RTCPeerConnection in the 'update ICE connection state'
        and 'update ICE gathering state' routines as described in [1].

        [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#update-ice-gathering-state

        No change in current behavior.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::updateIceGatheringState):
        (WebCore::RTCPeerConnection::updateIceConnectionState):

2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API
        https://bugs.webkit.org/show_bug.cgi?id=158940

        Reviewed by Eric Carlson.

        Implement the legacy MediaStream-based RTCPeerConnection API as JS built-ins. The
        getRemoteStreams() function and the 'addstream' event are partly implemented with native
        code.

        Test: fast/mediastream/RTCPeerConnection-legacy-stream-based-api.html

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
        (WebCore::MediaEndpointPeerConnection::getRemoteStreams):
        The getRemoteStreams() function and the 'addstream' event is backed up by native code.
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/MediaStream.idl:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/mediastream/RTCPeerConnection.js:
        (initializeRTCPeerConnection):
        (getLocalStreams):
        (getRemoteStreams):
        (getStreamById):
        (addStream):
        (removeStream):
        Legacy API implemented as JS built-ins.
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        * bindings/js/WebCoreBuiltinNames.h:

2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix the build with CSS Shapes disabled.

        * css/StyleBuilderConverter.h:

2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Soup] Clean up SocketStreamHandle soup implementation
        https://bugs.webkit.org/show_bug.cgi?id=159024

        Reviewed by Žan Doberšek.

        Stop using a global HashMap to "acivate"/"deactivate" handles, and just take a reference of the handle and
        pass the ownership to the callbacks, using a GCancellable to cancel all async operations.

        * platform/network/soup/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::create):
        (WebCore::SocketStreamHandle::id): Deleted.
        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):
        (WebCore::SocketStreamHandle::connected):
        (WebCore::SocketStreamHandle::connectedCallback):
        (WebCore::SocketStreamHandle::readBytes):
        (WebCore::SocketStreamHandle::readReadyCallback):
        (WebCore::SocketStreamHandle::didFail):
        (WebCore::SocketStreamHandle::platformSend):
        (WebCore::SocketStreamHandle::platformClose):
        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
        (WebCore::SocketStreamHandle::writeReadyCallback):
        (WebCore::getHandleFromId): Deleted.
        (WebCore::deactivateHandle): Deleted.
        (WebCore::activateHandle): Deleted.
        (WebCore::SocketStreamHandle::~SocketStreamHandle): Deleted.
        (WebCore::connectedCallback): Deleted.
        (WebCore::readReadyCallback): Deleted.
        (WebCore::writeReadyCallback): Deleted.

2016-06-22  Brady Eidson  <beidson@apple.com>

        DatabaseProcess doesn't handle WebProcesses going away uncleanly.
        https://bugs.webkit.org/show_bug.cgi?id=158894

        Reviewed by Alex Christensen.

        No new tests (Covered by additions to existing API test).

        * Modules/indexeddb/server/IDBConnectionToClient.cpp:
        (WebCore::IDBServer::IDBConnectionToClient::registerDatabaseConnection):
        (WebCore::IDBServer::IDBConnectionToClient::unregisterDatabaseConnection):
        (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed):
        * Modules/indexeddb/server/IDBConnectionToClient.h:
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::unregisterConnection): Call connectionToClientClosed() on
          the connection, which cleans up after it in the server.
        
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):

2016-06-22  Benjamin Poulain  <bpoulain@apple.com>

        AX: Add support for CSS4 :focus-within pseudo
        https://bugs.webkit.org/show_bug.cgi?id=140144

        Reviewed by Antti Koivisto.

        Tests: fast/css/pseudo-focus-within-basics.html
               fast/css/pseudo-focus-within-inside-shadow-dom.html
               fast/css/pseudo-focus-within-style-sharing-1.html
               fast/css/pseudo-focus-within-style-sharing-2.html
               fast/selectors/focus-within-style-update.html

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::selectorText):
        * css/CSSSelector.h:
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorPseudoClassAndCompatibilityElementMap.in:
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasFocusWithin):
        * dom/ContainerNode.cpp:
        (WebCore::destroyRenderTreeIfNeeded):
        * dom/Element.cpp:
        (WebCore::Element::~Element):
        (WebCore::Element::setFocus):
        (WebCore::Element::unregisterNamedFlowContentElement):
        (WebCore::Element::setIsNamedFlowContentElement):
        (WebCore::Element::clearIsNamedFlowContentElement):
        (WebCore::Element::setStyleAffectedByFocusWithin):
        (WebCore::Element::rareDataStyleAffectedByFocusWithin):
        (WebCore::Element::rareDataIsNamedFlowContentElement):
        * dom/Element.h:
        (WebCore::Element::hasFocusWithin):
        (WebCore::Element::styleAffectedByFocusWithin):
        (WebCore::Element::isNamedFlowContentElement):
        (WebCore::Element::setHasFocusWithin):
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::styleAffectedByFocusWithin):
        (WebCore::ElementRareData::setStyleAffectedByFocusWithin):
        (WebCore::ElementRareData::isNamedFlowContentElement):
        (WebCore::ElementRareData::setIsNamedFlowContentElement):
        (WebCore::ElementRareData::ElementRareData):
        (WebCore::ElementRareData::resetComputedStyle):
        * dom/Node.h:
        (WebCore::Node::flagHasFocusWithin):
        (WebCore::Node::isNamedFlowContentNode): Deleted.
        (WebCore::Node::setIsNamedFlowContentNode): Deleted.
        (WebCore::Node::clearIsNamedFlowContentNode): Deleted.
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::clearContentElements):
        (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
        (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
        (WebCore::nextNodeInsideContentElement):
        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        * style/StyleRelations.cpp:
        (WebCore::Style::commitRelationsToRenderStyle):
        (WebCore::Style::commitRelations):
        * style/StyleRelations.h:
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):

2016-06-22  Oliver Hunt  <oliver@apple.com>

        Integrate WebKit's CFURLConnection with App Transport Security
        https://bugs.webkit.org/show_bug.cgi?id=159039
        <rdar://problem/26953685>

        Reviewed by Alex Christensen.

        Pass additional options to NSURLConnect initialiser to identify that
        this connection is for WebKit content loading.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):

2016-06-20  Jeremy Jones  <jeremyj@apple.com>

        Adopt commitPriority to get rid of the 2 AVPL solution for PiP
        https://bugs.webkit.org/show_bug.cgi?id=158949
        rdar://problem/26867866

        Reviewed by Simon Fraser.

        No new tests because there is no behavior change. This reverts changes from 
        https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
        to prevent flicker when moving a layer between contexts. 
        commitPriority allows the layer to be added to the destination context before it is 
        removed from the source context.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
        (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
        (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
        (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
        * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.

2016-06-22  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r201629): Weird button glitching on github.com
        https://bugs.webkit.org/show_bug.cgi?id=159031
        rdar://problem/26880332

        Reviewed by Tim Horton.

        r201629 changed the logic slightly when creating an image buffer for a scaled context;
        it set the buffer context's scale to the scale in the source context, but this failed
        to take into account the rounding up of the buffer size, which the old code did.

        Fix by reverting to the old behavior.

        Since buffer sizes can only be integral, changed compatibleBufferSize() to return
        an IntSize.

        Test: fast/backgrounds/scaled-gradient-background.html

        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::createCompatibleBuffer):
        (WebCore::ImageBuffer::compatibleBufferSize):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/IntRect.h:
        (WebCore::IntRect::area):
        * platform/graphics/IntSize.h:
        (WebCore::IntSize::area): Make this return an unsigned.

2016-06-22  Anders Carlsson  <andersca@apple.com>

        Inline the last of the Apple Pay WebCore code
        https://bugs.webkit.org/show_bug.cgi?id=159032

        Reviewed by Tim Horton.

        * loader/EmptyClients.cpp:
        (WebCore::fillWithEmptyClients):
        * page/MainFrame.cpp:
        (WebCore::MainFrame::MainFrame):
        * page/MainFrame.h:
        * page/PageConfiguration.h:
        * platform/cocoa/ThemeCocoa.mm:
        (WebCore::passKitBundle):
        (WebCore::loadPassKitPDFPage):
        (WebCore::applePayButtonLogoBlack):
        (WebCore::applePayButtonLogoWhite):
        (WebCore::drawApplePayButton):
        (WebCore::ThemeCocoa::drawNamedImage):

2016-06-22  Anders Carlsson  <andersca@apple.com>

        Exception is not thrown when shipping method is an invalid amount
        https://bugs.webkit.org/show_bug.cgi?id=159030
        rdar://problem/26700413

        Reviewed by Tim Horton.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::createShippingMethods):
        Bail if createShippingMethod returns Nullopt.

        (WebCore::createPaymentRequest):
        Bail if createShippingMethods returns Nullopt.

2016-06-22  Anders Carlsson  <andersca@apple.com>

        Exception is not thrown when shipping method is an invalid amount
        https://bugs.webkit.org/show_bug.cgi?id=159029
        rdar://problem/26700413

        Reviewed by Tim Horton.

        * Modules/applepay/PaymentRequest.h:
        Change ShippingMethod::amount to be a signed 64-bit integer.

        * Modules/applepay/PaymentRequestValidator.cpp:
        (WebCore::PaymentRequestValidator::validate):
        Call validateShippingMethods.

        (WebCore::PaymentRequestValidator::validateShippingMethods):
        Validate all the shipping methods.

        (WebCore::PaymentRequestValidator::validateShippingMethod):
        Check that the amount is >= 0.

        * Modules/applepay/PaymentRequestValidator.h:
        Add new members.

2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Add support for the negotiationneeded event in MediaEndpointPeerConnection
        https://bugs.webkit.org/show_bug.cgi?id=158985

        Reviewed by Eric Carlson.

        Implement MediaEndpointPeerConnection's isNegotiationNeeded, markAsNeedingNegotiation and
        clearNegotiationNeededState functions. The calls to these functions are already up-to-date.

        Test: fast/mediastream/RTCPeerConnection-more-media-to-negotiate.html

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::scheduleNegotiationNeededEvent):

2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Replace RTCPeerConnection custom constructor with a JS built-in constructor
        https://bugs.webkit.org/show_bug.cgi?id=158832

        Reviewed by Eric Carlson and Youenn Fablet.

        Use a JS built-in constructor instead of a custom constructor. This makes it easier to
        initialize private fields for functions implemented as JS built-ins. The constructor
        behavior is in need of updating, but that is left to a follow-up change [1].

        [1] http://webkit.org/b/158936
        No change in behavior.

        * CMakeLists.txt:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        (WebCore::RTCPeerConnection::~RTCPeerConnection):
        (WebCore::RTCPeerConnection::initializeWith):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/mediastream/RTCPeerConnection.js:
        (initializeRTCPeerConnection):
        Add JS built-in constructor function.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSRTCPeerConnectionCustom.cpp: Removed.
        (WebCore::constructJSRTCPeerConnection): Deleted.

2016-06-22  Youenn Fablet  <youenn@apple.com>

        CrossOriginPreflightChecker should call DocumentThreadableLoader preflightFailure instead of didFailLoading
        https://bugs.webkit.org/show_bug.cgi?id=158984

        Reviewed by Darin Adler.

        No change of behavior.

        Calling DocumentThreadableLoader preflightFailure instead of didFailLoading for any preflight error case.

        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::notifyFinished): Directly calling preflightFailure callback.
        (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
        (WebCore::CrossOriginPreflightChecker::handleLoadingFailure): Deleted.
        (WebCore::CrossOriginPreflightChecker::redirectReceived): Deleted (should have been removed as part of
        https://bugs.webkit.org/show_bug.cgi?id=111008).
        * loader/CrossOriginPreflightChecker.h:

2016-06-22  Youenn Fablet  <youennf@gmail.com>

        JSDOMIterator forEach should support second optional parameter
        https://bugs.webkit.org/show_bug.cgi?id=159020

        Reviewed by Chris Dumez.

        Covered by beefed up test.

        * bindings/js/JSDOMIterator.h:
        (WebCore::iteratorForEach): Setting callback thisValue to the second argument passed to forEach.

2016-06-22  Jer Noble  <jer.noble@apple.com>

        Media controls stop working after exiting PiP
        https://bugs.webkit.org/show_bug.cgi?id=159026
        <rdar://problem/26753579>

        Reviewed by Eric Carlson.

        Do not slave setting WebVideoFullscreenModelVideoElement::setVideoElement() to
        WebPlaybackSessionModelVideoElement::setMediaElement(). After all, someone else
        (i.e., the media controls) may still be using it.

        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::setVideoElement): Deleted.
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::didCleanupFullscreen):
        (WebVideoFullscreenControllerContext::setUpFullscreen):

2016-06-22  Jer Noble  <jer.noble@apple.com>

        Update document's isPlayingMedia() state whenever media element's media state changes
        https://bugs.webkit.org/show_bug.cgi?id=159018
        <rdar://problem/26586630>

        Reviewed by Beth Dakin.

        The Document can end up with a stale m_mediaState if its own value isn't updated when
        its constituent HTMLMediaElement's m_mediaStates change.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateMediaState):

2016-06-22  Simon Fraser  <simon.fraser@apple.com>

        Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees
        https://bugs.webkit.org/show_bug.cgi?id=159023
        rdar://problem/25377842

        Reviewed by Tim Horton.

        Having an on-stack DisplayList::Recorder increased the stack frame size significantly,
        causing stack exhaustion with deep layer trees, despite the existing depth check.

        Make the Recorder heap-allocated to fix this.

        Tested by LayoutTests/compositing//layer-creation/deep-tree.html.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):

2016-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add support for variadic parameters to GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=158942

        Reviewed by Michael Catanzaro.

        Generate code for functions having variadic parameters.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction):
        (SkipFunction):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_variadic_string_method):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:

2016-06-21  Benjamin Poulain  <bpoulain@apple.com>

        :hover CSS pseudo-class sometimes keeps matching ever after mouse has left the element
        https://bugs.webkit.org/show_bug.cgi?id=158340

        Reviewed by Simon Fraser.

        When removing a hovered subtree from the document, we were getting
        into an inconsistent state where m_hoveredElement is in the detached
        subtree and we have no way of clearing the existing IsHovered flags.

        What happens is:
        -The root "a" has an child "b" that is hovered.
        -"a" starts being removed from the tree, its renderer is destroyed.
        -RenderTreeUpdater::tearDownRenderers() pushes "a" on the teardownStack
         and calls hoveredElementDidDetach().
        -hoveredElementDidDetach() is called with "a". "a" is not the hovered
         element, the function does nothing.
        -RenderTreeUpdater::tearDownRenderers() pushes "b" on the teardownStack
         and calls hoveredElementDidDetach().
        -hoveredElementDidDetach() is called with "b". The next parent with a renderer
         is "a", m_hoveredElement is set to "a".
        -"a"'s parent is set to nullptr.

        -> We have a m_hoveredElement on the root of a detached tree, making
           it impossible to clear the real dirty tree.

        This patch changes the order in which we clear the flags.
        It is done in the order in which we clear the renderers to ensure
        the last element with a dead renderer is the last to update m_hoveredElement.

        Tests: fast/css/ancestor-of-hovered-element-detached.html
               fast/css/ancestor-of-hovered-element-removed.html

        * Source/WebCore/style/RenderTreeUpdater.cpp:

2016-06-21  Youenn Fablet  <youennf@gmail.com>

        [Fetch API] Rename 'origin-only' referrer policy to 'origin'
        https://bugs.webkit.org/show_bug.cgi?id=158982

        Reviewed by Alex Christensen.

        Covered by updated tests.

        * Modules/fetch/FetchRequest.cpp:
        (WebCore::setReferrerPolicy): Renaming origin-only to origin.
        * Modules/fetch/FetchRequest.idl: Ditto.
        * loader/FetchOptions.h: Ditto.

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Let the compiler generate the move constructor and assignment operator for ScriptExecutionContext::Task
        https://bugs.webkit.org/show_bug.cgi?id=159013

        Reviewed by Brady Eidson.

        Let the compiler generate the move constructor and assignment operator for
        ScriptExecutionContext::Task. We previously manually defined the move
        constructor but there is no need as it doesn't do anything special.

        * dom/ScriptExecutionContext.h:

2016-06-21  Dean Jackson  <dino@apple.com>

        DumpRenderTree crashed in com.apple.WebCore: WebCore::HTMLSelectElement::updateSelectedState
        https://bugs.webkit.org/show_bug.cgi?id=159009
        <rdar://problem/23454623>

        Reviewed by Jon Lee.

        It seems we can get bogus indices from UIKit's implementation
        of UIWebSelectMultiplePicker. Guard against this situation.

        Covered by running the existing tests in WebKit1 with Guard Malloc,
        such as fast/spatial-navigation/snav-multiple-select-optgroup.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::updateSelectedState): Early return
        if we get an index out of range.

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Pass ScriptExecutionContext::Task as rvalue reference
        https://bugs.webkit.org/show_bug.cgi?id=159007

        Reviewed by Anders Carlsson.

        Pass ScriptExecutionContext::Task as rvalue reference since its non-copyable
        and has to be moved in.

        * workers/WorkerLoaderProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::Task):
        * workers/WorkerRunLoop.h:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Include IdentifierInlines.h.

        * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Add PaymentHeaders.h file.

        * Modules/applepay/PaymentHeaders.h: Added.
        * WebCore.xcodeproj/project.pbxproj:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Make a bunch of Apple Pay headers private instead of project.

        * WebCore.xcodeproj/project.pbxproj:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Move the last Apple Pay WebCore files to the open source repository
        https://bugs.webkit.org/show_bug.cgi?id=159005

        Reviewed by Tim Horton.

        * DerivedSources.make:
        * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp: Added.
        * Modules/applepay/ApplePayPaymentAuthorizedEvent.h: Added.
        * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl: Added.
        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp: Added.
        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h: Added.
        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl: Added.
        * Modules/applepay/ApplePaySession.cpp: Added.
        * Modules/applepay/ApplePaySession.h: Added.
        * Modules/applepay/ApplePaySession.idl: Added.
        * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp: Added.
        * Modules/applepay/ApplePayShippingContactSelectedEvent.h: Added.
        * Modules/applepay/ApplePayShippingContactSelectedEvent.idl: Added.
        * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp: Added.
        * Modules/applepay/ApplePayShippingMethodSelectedEvent.h: Added.
        * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl: Added.
        * Modules/applepay/ApplePayValidateMerchantEvent.cpp: Added.
        * Modules/applepay/ApplePayValidateMerchantEvent.h: Added.
        * Modules/applepay/ApplePayValidateMerchantEvent.idl: Added.
        * Modules/applepay/Payment.h: Added.
        * Modules/applepay/PaymentAuthorizationStatus.h: Added.
        * Modules/applepay/PaymentContact.h: Added.
        * Modules/applepay/PaymentMerchantSession.h: Added.
        * Modules/applepay/PaymentMethod.h: Added.
        * Modules/applepay/PaymentRequestValidator.cpp: Added.
        * Modules/applepay/PaymentRequestValidator.h: Added.
        * Modules/applepay/cocoa/PaymentContactCocoa.mm: Added.
        * Modules/applepay/cocoa/PaymentMethodCocoa.mm: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Added.
        * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Added.
        * bindings/js/JSApplePaySessionCustom.cpp: Added.
        * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Added.
        * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Added.
        * dom/EventNames.in:
        * dom/EventTargetFactory.in:

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * Configurations/FeatureDefines.xcconfig:

2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, rolling out r202302, r202303, r202305, and
        r202306.

        Roll out the rollouts because of breaking the build.

        Reverted changesets:

        "Unreviewed, rolling out r200678."
        https://bugs.webkit.org/show_bug.cgi?id=157453
        http://trac.webkit.org/changeset/202302

        "Unreviewed, rolling out r200619."
        https://bugs.webkit.org/show_bug.cgi?id=131443
        http://trac.webkit.org/changeset/202303

        "Unreviewed, attempt to fix the build after r202303."
        http://trac.webkit.org/changeset/202305

        "Unreviewed, attempt to fix the build after r202303."
        http://trac.webkit.org/changeset/202306

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, attempt to fix the build after r202303.

        * bindings/js/JSDOMIterator.h:
        (WebCore::IteratorInspector::decltype):
        (WebCore::IteratorInspector::test):

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, attempt to fix the build after r202303.

        * bindings/js/JSDOMIterator.h:
        (WebCore::toJS):

2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, rolling out r200619.

        This incompleted feature broke http://m.yahoo.co.jp. Roll it
        out together with r200678.

        Reverted changeset:

        "NodeList should be iterable"
        https://bugs.webkit.org/show_bug.cgi?id=131443
        http://trac.webkit.org/changeset/200619

2016-06-21  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, rolling out r200678.

        This incompleted feature broke http://m.yahoo.co.jp. Roll it
        out together with r200619.

        Reverted changeset:

        "Ensure DOM iterators remain done"
        https://bugs.webkit.org/show_bug.cgi?id=157453
        http://trac.webkit.org/changeset/200678

2016-06-21  Anders Carlsson  <andersca@apple.com>

        Begin moving the Apple Pay code to the open source repository
        https://bugs.webkit.org/show_bug.cgi?id=158998

        Reviewed by Tim Horton.

        * Configurations/FeatureDefines.xcconfig:
        Add ENABLE_APPLE_PAY.

        * Modules/applepay/PaymentCoordinator.cpp: Added.
        * Modules/applepay/PaymentCoordinator.h: Added.
        * Modules/applepay/PaymentCoordinatorClient.h: Added.
        * Modules/applepay/PaymentRequest.cpp: Added.
        * Modules/applepay/PaymentRequest.h: Added.
        * Modules/applepay/cocoa/PaymentCocoa.mm: Added.
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * dom/EventNames.h:
        Add new event names.

        * page/MainFrame.h:
        Use a forward declaration.

2016-06-21  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Add system tracing points for requestAnimationFrame() workflow
        https://bugs.webkit.org/show_bug.cgi?id=158723

        Reviewed by Simon Fraser.

        Add trace points for requestAnimationFrame().

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::requestAnimationFrameEnabled):
        (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
        (WebCore::ScriptedAnimationController::windowScreenDidChange):
        (WebCore::ScriptedAnimationController::scheduleAnimation):
        * dom/ScriptedAnimationController.h:
        * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
        (WebCore::DisplayRefreshMonitorIOS::requestRefreshCallback):
        (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):

2016-06-20  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Typing text into a text field or text area causes screen to scroll down (hiding text entry)
        https://bugs.webkit.org/show_bug.cgi?id=158970

        Reviewed by Ryosuke Niwa.

        insertTextWithoutSendingTextEvent() should only reveal the selection up to the main frame on iOS,
        since the UI process can zoom and scroll the view to the text input.

        Test: fast/forms/ios/typing-in-input-in-iframe.html

        * editing/Editor.cpp:
        (WebCore::Editor::insertTextWithoutSendingTextEvent):

2016-06-21  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Remove unused MediaEndpointClient::gotRemoteSource function
        https://bugs.webkit.org/show_bug.cgi?id=158986

        Reviewed by Eric Carlson.

        Remote sources are explicitly created with MediaEndpoint::createMutedRemoteSource so the
        MediaEndpointClient::gotRemoteSource can be removed.

        No change in behavior.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::gotRemoteSource): Deleted.
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * platform/mediastream/MediaEndpoint.h:

2016-06-20  Simon Fraser  <simon.fraser@apple.com>

        Focus event dispatched in iframe causes parent document to scroll incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=158629
        rdar://problem/26521616

        Reviewed by Tim Horton.

        When focussing elements in iframes, the page could scroll to an incorrect location.
        This happened because code in Element::focus() tried to disable scrolling on focus,
        but did so only for the current frame, so ancestor frames got programmatically scrolled.
        On iOS we handle the scrolling in the UI process, so never want the web process to
        do programmatic scrolling.

        Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
        rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
        and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.

        Tests: fast/forms/ios/focus-input-in-iframe.html
               fast/forms/ios/programmatic-focus-input-in-iframe.html

        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::scrollIntoView):
        (WebCore::Element::scrollIntoViewIfNeeded):
        (WebCore::Element::scrollIntoViewIfNotVisible):
        (WebCore::Element::focus):
        (WebCore::Element::updateFocusAppearance):
        * dom/Element.h:
        * editing/Editor.cpp:
        (WebCore::Editor::insertTextWithoutSendingTextEvent):
        (WebCore::Editor::revealSelectionAfterEditingOperation):
        (WebCore::Editor::findStringAndScrollToVisible):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::updateAndRevealSelection):
        (WebCore::FrameSelection::revealSelection):
        (WebCore::FrameSelection::FrameSelection): Deleted.
        * editing/FrameSelection.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateFocusAppearance):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::updateFocusAppearance):
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):
        (WebCore::RenderLayer::autoscroll):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::scrollRectToVisible):
        * rendering/RenderObject.h:

2016-06-21  Frederic Wang  <fwang@igalia.com>

        Implement RenderMathMLOperator::layoutBlock
        https://bugs.webkit.org/show_bug.cgi?id=157521

        Reviewed by Brent Fulgham.

        No new tests, already covered by existing tests.

        Add an initial implementation of RenderMathMLOperator::layoutBlock, which will perform
        special layout when the MathOperator is used. We also improved how the logical height is
        calculated and avoid updating the style when stretchTo is called.

        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::stretchTo):
        (WebCore::RenderMathMLOperator::layoutBlock):
        (WebCore::RenderMathMLOperator::computeLogicalHeight): Deleted.
        * rendering/mathml/RenderMathMLOperator.h:

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, roll out r202268 as it looks like it was a ~50% regression on Dromaeo DOM Core

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GeneratePrototypeDeclaration):
        * bindings/scripts/test/JS/JSInterfaceName.cpp:
        (WebCore::JSInterfaceNamePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
        (WebCore::JSTestActiveDOMObject::createPrototype): Deleted.
        (WebCore::JSTestActiveDOMObject::prototype): Deleted.
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
        (WebCore::JSTestCustomNamedGetter::JSTestCustomNamedGetter): Deleted.
        (WebCore::JSTestCustomNamedGetter::createPrototype): Deleted.
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorPrototype::finishCreation):
        (WebCore::JSTestEventConstructor::createPrototype): Deleted.
        (WebCore::JSTestEventConstructor::prototype): Deleted.
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetPrototype::finishCreation):
        (WebCore::JSTestEventTarget::JSTestEventTarget): Deleted.
        (WebCore::JSTestEventTarget::createPrototype): Deleted.
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfacePrototype::finishCreation):
        (WebCore::jsTestInterfaceImplementsStr2): Deleted.
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
        (WebCore::JSTestJSBuiltinConstructor::JSTestJSBuiltinConstructor): Deleted.
        (WebCore::JSTestJSBuiltinConstructor::createPrototype): Deleted.
        (WebCore::JSTestJSBuiltinConstructor::destroy): Deleted.
        (WebCore::jsTestJSBuiltinConstructorTestAttributeCustom): Deleted.
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
        (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener): Deleted.
        (WebCore::JSTestMediaQueryListListener::createPrototype): Deleted.
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::finishCreation):
        (WebCore::JSTestNode::JSTestNode): Deleted.
        (WebCore::JSTestNode::prototype): Deleted.
        (WebCore::jsTestNodeName): Deleted.
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::JSTestNondeterministicPrototype::finishCreation):
        (WebCore::JSTestNondeterministic::JSTestNondeterministic): Deleted.
        (WebCore::JSTestNondeterministic::prototype): Deleted.
        (WebCore::JSTestNondeterministic::destroy): Deleted.
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        (WebCore::JSTestObj::JSTestObj): Deleted.
        (WebCore::JSTestObj::createPrototype): Deleted.
        (WebCore::JSTestObj::prototype): Deleted.
        (WebCore::JSTestObj::destroy): Deleted.
        (WebCore::JSTestObj::getOwnPropertySlot): Deleted.
        (WebCore::JSTestObj::getOwnPropertySlotByIndex): Deleted.
        (WebCore::jsTestObjReadOnlyLongAttr): Deleted.
        (WebCore::jsTestObjReadOnlyStringAttr): Deleted.
        (WebCore::jsTestObjReadOnlyTestObjAttr): Deleted.
        (WebCore::jsTestObjConstructorStaticReadOnlyLongAttr): Deleted.
        (WebCore::jsTestObjConstructorStaticStringAttr): Deleted.
        (WebCore::jsTestObjConstructorTestSubObj): Deleted.
        (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor): Deleted.
        (WebCore::jsTestObjEnumAttr): Deleted.
        (WebCore::jsTestObjByteAttr): Deleted.
        (WebCore::jsTestObjOctetAttr): Deleted.
        (WebCore::jsTestObjShortAttr): Deleted.
        (WebCore::jsTestObjClampedShortAttr): Deleted.
        (WebCore::jsTestObjEnforceRangeShortAttr): Deleted.
        (WebCore::jsTestObjUnsignedShortAttr): Deleted.
        (WebCore::jsTestObjLongAttr): Deleted.
        (WebCore::jsTestObjLongLongAttr): Deleted.
        (WebCore::jsTestObjReflectedCustomBooleanAttr): Deleted.
        (WebCore::jsTestObjReflectedCustomURLAttr): Deleted.
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
        (WebCore::JSTestOverrideBuiltins::JSTestOverrideBuiltins): Deleted.
        (WebCore::JSTestOverrideBuiltins::createPrototype): Deleted.
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
        (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface): Deleted.
        (WebCore::JSTestSerializedScriptValueInterface::prototype): Deleted.
        (WebCore::JSTestSerializedScriptValueInterface::destroy): Deleted.
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsPrototype::finishCreation):
        (WebCore::JSTestTypedefs::JSTestTypedefs): Deleted.
        (WebCore::JSTestTypedefs::createPrototype): Deleted.
        (WebCore::JSTestTypedefs::prototype): Deleted.
        (WebCore::JSTestTypedefs::destroy): Deleted.
        (WebCore::jsTestTypedefsUnsignedLongLongAttr): Deleted.
        (WebCore::jsTestTypedefsImmutableSerializedScriptValue): Deleted.
        (WebCore::jsTestTypedefsAttrWithGetterException): Deleted.
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributePrototype::finishCreation):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyPrototype::finishCreation):

2016-06-21  Keith Miller  <keith_miller@apple.com>

        It should be easy to add a private global helper function for builtins
        https://bugs.webkit.org/show_bug.cgi?id=158893

        Reviewed by Mark Lam.

        Add JSCJSValueInlines.h to fix build issues.

        * platform/mock/mediasource/MockBox.cpp:

2016-06-21  Amir Alavi  <aalavi@apple.com>

        Upstream WKHTTPCookiesForURL from WebKitSystemInterface to OpenSource
        https://bugs.webkit.org/show_bug.cgi?id=158967

        Reviewed by Brent Fulgham.

        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * platform/network/mac/CookieJarMac.mm:
        (WebCore::httpCookiesForURL): Upstreamed from WebKitSystemInterface.
        (WebCore::cookiesForURL): Changed to call httpCookiesForURL.
        (WebCore::deleteCookie): Ditto.
        * platform/spi/cf/CFNetworkSPI.h:

2016-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r202231.

        Seems to have regressed PLT on both iOS and Mac (very obvious
        on iOS Warm PLT)

        Reverted changeset:

        "When navigating, discard decoded image data that is only live
        due to page cache."
        https://bugs.webkit.org/show_bug.cgi?id=158941
        http://trac.webkit.org/changeset/202231

2016-06-21  Youenn Fablet  <youennf@gmail.com>

        Add bindings generator support to add a native JS function to both a 'name' and a private '@name' slot
        https://bugs.webkit.org/show_bug.cgi?id=158777

        Reviewed by Eric Carlson.

        Adding a new PublicIdentifier keyword to cover the case of the same function exposed publicly and privately.
        Renaming Private keyword to PrivateIdentifier.
        Functions exposed both publicly and privately should set both keywords.
        By default, functions are publically exposed.

        Updated binding generator to generate public exposure except if PrivateIdentifer is set and PublicIdentifier is
        not set.

        Keeping skipping of ObjC/GObject binding for PrivateIdentifier-only functions.

        Covered by rebased binding tests.

        * Modules/fetch/FetchHeaders.idl:
        * Modules/fetch/FetchResponse.idl:
        * Modules/mediastream/MediaDevices.idl:
        * Modules/mediastream/RTCPeerConnection.idl:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (SkipFunction):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        * bindings/scripts/CodeGeneratorObjC.pm:
        (SkipFunction):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_private_also_method):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        (WebCore::jsTestObjPrototypeFunctionPrivateMethod):
        (WebCore::jsTestObjPrototypeFunctionPrivateAlsoMethod):
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj privateAlsoMethod:]):
        * bindings/scripts/test/TestObj.idl:

2016-06-21  Dan Bernstein  <mitz@apple.com>

        Inlined some picture-in-picture code.
        https://bugs.webkit.org/show_bug.cgi?id=158977

        Reviewed by Eric Carlsson.

        This code was written primarily by Ada Chan, and originally reviewed by Alex Christensen,
        Anders Carlsson, Conrad Shultz, Dan Bernstein, Eric Carlson, Jer Noble, Jeremy Jones,
        Jon Lee, Remy Demarest, and Zach Li.

        * English.lproj/Localizable.strings:
          Updated using update-webkit-localizable-strings.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video:-webkit-full-screen::-webkit-media-controls-panel .picture-in-picture-button):

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.configureFullScreenControls):

        * WebCore.xcodeproj/project.pbxproj: Added PIPSPI.h.

        * html/HTMLMediaElement.cpp: Inlined code from HTMLMediaElementAdditions.cpp.

        * html/HTMLVideoElement.cpp: Inlined code from HTMLVideoElementSupportsFullscreenAdditions.cpp.

        * platform/LocalizedStrings.cpp:
        (WebCore::contextMenuItemTagEnterVideoEnhancedFullscreen): Brought in from ContextMenuLocalizedStringsAdditions.cpp.
        (WebCore::contextMenuItemTagExitVideoEnhancedFullscreen): Ditto.
        (WebCore::AXARIAContentGroupText): Made updates that should have been part of r198543.

        * platform/mac/WebVideoFullscreenInterfaceMac.h: Removed USE(APPLE_INTERNAL_SDK) guards.
        * platform/mac/WebVideoFullscreenInterfaceMac.mm: Inlined WebVideoFullscreenInterfaceMacAdditions.mm.

        * platform/spi/mac/PIPSPI.h: Added.

        * rendering/HitTestResult.cpp: Inlined HitTestResultAdditions.cpp.

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::mediaControlsStyleSheet): Removed include of
          RenderThemeMacMediaControlsStyleSheetAdditions.mm now that the content is in
          mediaControlsApple.css.
        (WebCore::RenderThemeMac::mediaControlsScript): Removed include of
          RenderThemeMacMediaControlsScriptAdditions.mm now that the content is in mediaControlsApple.js.

2016-06-21  Miguel Gomez  <magomez@igalia.com>

        [GStreamer] video orientation support
        https://bugs.webkit.org/show_bug.cgi?id=148524

        Reviewed by Philippe Normand.

        Rotate video frames to follow the orientation metadata in the video file.
        When accelerated compositing is disabled, the rotation is performed by a videoflip element added
        to the playbin.
        When accelerated compositing is enabled, the rotation is peformed by the TextureMapper in response
        to a rotation flag set on the frame buffers.

        Test: media/video-orientation.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        Handle the GST_MESSAGE_TAG message from the bin.
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        Add the videflip element to the bin when accelerated compositing is disabled.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
        Receive and use extra flags for the TextureMapper.
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
        When using accelerated compositing, transpose the video size if the rotation is 90 or 270 degrees.
        (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
        Add rotation flag to frame holder and layer buffer.
        (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
        Use rotation flag when requesting the TextureMapper to draw.
        (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceRotation):
        Function to store the video rotation.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        Add bits to store the video rotation.
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::drawTexturedQuadWithProgram):
        Modify the patternTransform according to the rotation flag passed.
        * platform/graphics/texmap/TextureMapperGL.h:
        Add new flags to handle the video souce rotation.
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
        (WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):
        Change the drawTexture method used so custom flags can be passed.
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
        (WebCore::TextureMapperPlatformLayerBuffer::setExtraFlags):
        New method to set TextureMapper flags.

2016-06-20  Frederic Wang  <fwang@igalia.com>

        Use the MathOperator to handle some non-stretchy operators
        https://bugs.webkit.org/show_bug.cgi?id=157519

        Reviewed by Brent Fulgham.

        To prepare for the removal of anonymous text node from the render classes of token elements
        we use MathOperator to handle two cases where the actual text to display may not be
        available in the DOM: mfenced and minus operators. This change removes support for the
        case of mfenced operators with multiple characters since that it is not supported by
        MathOperator. It is a edge case that is not used in practice since fences and separators are
        only made of a single character. However, it would still be possible to duplicate some
        code/logic to add it back if that turns out to be necessary.

        No new tests, already covered by existing tests.

        * rendering/mathml/MathOperator.cpp:
        (WebCore::MathOperator::MathOperator): Rename UndefinedOperator.
        (WebCore::RenderMathMLOperator::firstLineBaseline): Improve rounding of ascent so that mfenced operators are correctly aligned.
        * rendering/mathml/MathOperator.h: Rename UndefinedOperator, since it can now be used to draw non-stretchy operators.
        (WebCore::MathOperator::isStretched): Deleted. This function is no longer used by RenderMathMLOperator.
        (WebCore::MathOperator::unstretch): Deleted. This function is no longer used by RenderMathMLOperator.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Use useMathOperator.
        (WebCore::RenderMathMLOperator::rebuildTokenContent): Set the MathOperator when useMathOperator() is true.
        When the operator is not likely to stretch we just leave its type as NormalOperator.
        (WebCore::RenderMathMLOperator::useMathOperator): Helper function to determine when MathOperator should be used.
        (WebCore::RenderMathMLOperator::firstLineBaseline): Use useMathOperator.
        (WebCore::RenderMathMLOperator::computeLogicalHeight): Ditto.
        (WebCore::RenderMathMLOperator::paint): Ditto.
        (WebCore::RenderMathMLOperator::paintChildren): Ditto.
        * rendering/mathml/RenderMathMLOperator.h: Declare useMathOperator.

2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>

        Don't eagerly reify DOM Prototype properties
        https://bugs.webkit.org/show_bug.cgi?id=158557

        Reviewed by Andreas Kling.

        We were eagerly reifying these properties to avoid virtualizing getOwnPropertySlot,
        but since bug #158059 this does not require a method table call in any case.
        Eagerly reifying these values likely has some CPU and memory cost on page load.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
            - should generate compressed index for hashtable,
              prototype object ClassInfo should contain static table,
              don't reifyStaticProperties for prototype objects.
        (GeneratePrototypeDeclaration):
            - Set HasStaticPropertyTable for DOM prototype objects.
        * bindings/scripts/test/JS/JSInterfaceName.cpp:
        (WebCore::JSInterfaceNamePrototype::JSInterfaceNamePrototype):
        (WebCore::JSInterfaceNamePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObjectPrototype::JSTestActiveDOMObjectPrototype):
        (WebCore::JSTestActiveDOMObjectPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::JSTestClassWithJSBuiltinConstructorPrototype):
        (WebCore::JSTestClassWithJSBuiltinConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::JSTestCustomConstructorWithNoInterfaceObjectPrototype):
        (WebCore::JSTestCustomConstructorWithNoInterfaceObjectPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetterPrototype::JSTestCustomNamedGetterPrototype):
        (WebCore::JSTestCustomNamedGetterPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorPrototype::JSTestEventConstructorPrototype):
        (WebCore::JSTestEventConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTargetPrototype::JSTestEventTargetPrototype):
        (WebCore::JSTestEventTargetPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
        (WebCore::JSTestExceptionPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachablePrototype::JSTestGenerateIsReachablePrototype):
        (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfacePrototype::JSTestInterfacePrototype):
        (WebCore::JSTestInterfacePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        (WebCore::JSTestJSBuiltinConstructorPrototype::JSTestJSBuiltinConstructorPrototype):
        (WebCore::JSTestJSBuiltinConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListenerPrototype::JSTestMediaQueryListListenerPrototype):
        (WebCore::JSTestMediaQueryListListenerPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorPrototype::JSTestNamedConstructorPrototype):
        (WebCore::JSTestNamedConstructorPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::JSTestNodePrototype):
        (WebCore::JSTestNodePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::JSTestNondeterministicPrototype::JSTestNondeterministicPrototype):
        (WebCore::JSTestNondeterministicPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::JSTestObjPrototype):
        (WebCore::JSTestObjPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructorsPrototype::JSTestOverloadedConstructorsPrototype):
        (WebCore::JSTestOverloadedConstructorsPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        (WebCore::JSTestOverrideBuiltinsPrototype::JSTestOverrideBuiltinsPrototype):
        (WebCore::JSTestOverrideBuiltinsPrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::JSTestSerializedScriptValueInterfacePrototype):
        (WebCore::JSTestSerializedScriptValueInterfacePrototype::finishCreation):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsPrototype::JSTestTypedefsPrototype):
        (WebCore::JSTestTypedefsPrototype::finishCreation):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattributePrototype::JSattributePrototype):
        (WebCore::JSattributePrototype::finishCreation):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonlyPrototype::JSreadonlyPrototype):
        (WebCore::JSreadonlyPrototype::finishCreation):

2016-06-20  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: RTCIceCandidate init dictionary don't handle explicit null or undefined values correctly
        https://bugs.webkit.org/show_bug.cgi?id=158873

        Reviewed by Alejandro G. Castro.

        Prevent explicit null and undefined values from being converted to "null" and "undefined"
        strings.

        Test: Extended fast/mediastream/RTCIceCandidate.html

        * Modules/mediastream/RTCIceCandidate.cpp:
        (WebCore::RTCIceCandidate::create):

2016-06-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202252.
        https://bugs.webkit.org/show_bug.cgi?id=158974

        See rdar://problem/26867866 for details (Requested by ap on
        #webkit).

        Reverted changeset:

        "Adopt commitPriority to get rid of the 2 AVPL solution for
        PiP"
        https://bugs.webkit.org/show_bug.cgi?id=158949
        http://trac.webkit.org/changeset/202252

2016-06-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202243.
        https://bugs.webkit.org/show_bug.cgi?id=158972

        Broke Windows build and iOS tests (Requested by ap on
        #webkit).

        Reverted changeset:

        "Focus event dispatched in iframe causes parent document to
        scroll incorrectly"
        https://bugs.webkit.org/show_bug.cgi?id=158629
        http://trac.webkit.org/changeset/202243

2016-06-20  Chris Dumez  <cdumez@apple.com>

        Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks()
        https://bugs.webkit.org/show_bug.cgi?id=158968

        Reviewed by Ryosuke Niwa.

        Simplify / Optimize DataDetector's searchForLinkRemovingExistingDDLinks():
        - Use modern ancestorsOfType<HTMLAnchorElement>() to traverse anchor ancestors
          instead of traversing by hand.
        - Use NodeTraversal::next() to traverse the tree until we find endNode and
          use a for loop instead of a while loop. Previously, the logic the determine
          the next node was at the end of the loop and was identical behavior-wise
          to NodeTraversal::next(). However, the previous code for a lot less efficient
          because it was calling Node::childNodes() to get a NodeList of the children,
          then calling length() on it to check if we had children and finally use
          the first item in the list as next node. This was very inefficient because
          NodeList::length() would need to traverse all children to figure out the
          length and would cache all the children in a Vector in CollectionIndexCache.

        * dom/ElementAncestorIterator.h:
        (WebCore::ancestorsOfType):
        * dom/ElementIterator.h:
        (WebCore::findElementAncestorOfType):
        (WebCore::findElementAncestorOfType<Element>):
        Update ancestorsOfType() to take a Node instead of an Element. There are no
        performance benefits to taking an Element here and it is a valid use case to
        want an Element ancestor of a non-Element node.

        * editing/cocoa/DataDetection.mm:
        (WebCore::searchForLinkRemovingExistingDDLinks):
        (WebCore::dataDetectorTypeForCategory): Deleted.

2016-06-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202248.
        https://bugs.webkit.org/show_bug.cgi?id=158960

        breaks builds on the simulator (Requested by keith_mi_ on
        #webkit).

        Reverted changeset:

        "It should be easy to add a private global helper function for
        builtins"
        https://bugs.webkit.org/show_bug.cgi?id=158893
        http://trac.webkit.org/changeset/202248

2016-06-20  Jeremy Jones  <jeremyj@apple.com>

        Adopt commitPriority to get rid of the 2 AVPL solution for PiP
        https://bugs.webkit.org/show_bug.cgi?id=158949
        rdar://problem/26867866

        Reviewed by Simon Fraser.

        No new tests because there is no behavior change. This reverts changes from 
        https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
        to prevent flicker when moving a layer between contexts. 
        commitPriority allows the layer to be added to the destination context before it is 
        removed from the source context.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
        (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
        (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
        (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
        * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.

2016-06-20  Zalan Bujtas  <zalan@apple.com>

        Set the end position on the placeholder BidiRun properly.
        https://bugs.webkit.org/show_bug.cgi?id=158958

        Reviewed by Myles C. Maxfield.
        rdar://problem/26609266

        The second paramenter for BidiRun indicates the end position and not the length of the run.
        This was regressed at r102875 where only the start position was changed from 0 to pos.

        Test: fast/text/international/bidi-style-in-isolate-crash.html

        * rendering/InlineIterator.h:
        (WebCore::addPlaceholderRunForIsolatedInline):

2016-06-20  Fujii Hironori  <Hironori.Fujii@sony.com>

        A composition underline is placed to wrong position in RTL
        https://bugs.webkit.org/show_bug.cgi?id=158602

        Reviewed by Myles C. Maxfield.

        InlineTextBox::paintCompositionUnderline does not take RTL into
        account.  The position of composition underline should be
        mirrored in RTL.

        Test: editing/input/composition-underline-rtl.html

        * rendering/InlineTextBox.cpp:
        (WebCore::mirrorRTLSegment): New helper function to convert RTL start position to LTR.
        (WebCore::InlineTextBox::paintDecoration): Use mirrorRTLSegment.
        (WebCore::InlineTextBox::paintCompositionUnderline): Ditto.

2016-06-20  Keith Miller  <keith_miller@apple.com>

        It should be easy to add a private global helper function for builtins
        https://bugs.webkit.org/show_bug.cgi?id=158893

        Reviewed by Mark Lam.

        Add JSCJSValueInlines.h to fix build issues.

        * platform/mock/mediasource/MockBox.cpp:

2016-06-20  Benjamin Poulain  <benjamin@webkit.org>

        :default CSS pseudo-class should match checkboxes+radios with a `checked` attribute
        https://bugs.webkit.org/show_bug.cgi?id=156230

        Reviewed by Alex Christensen.

        This patch update the :default pseudo class matching to be closer to the spec:
        https://html.spec.whatwg.org/multipage/scripting.html#selector-default

        The main remaining difference with the spec is the definition of "default button".
        This is an unrelated problem that should be addressed separately.

        The implementation was missing support for:
        -input elements of type "checkbox" or "radio" with the "checked" attribute defined.
        -option elements with the "selected" attribute defined.

        The existing support for default button was pretty bad, I fixed that too.
        The owner form now has a resetDefaultButton() API. When a Form Associated Element
        becomes a submit button or loses that property, the element calls its form
        to update the style as needed.

        Whenever the submit button changes, 2 elements needs to have their style invalidated:
        -The former default button.
        -The new default button.
        To invalidate the former button, FormElement now caches the computed
        default button. When the default button changes, the cached value is invalidated
        in addition to the new value.

        Computing the new default button takes linear time in the number of form associated element.
        To mitigate that, resetDefaultButton() is only called when changes are related
        to submit buttons. Since those changes are rare, I don't expect the invalidation
        to be a problem.

        Tests: fast/css/pseudo-default-basics.html
               fast/selectors/default-style-update.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):
        * css/SelectorCheckerTestFunctions.h:
        (WebCore::matchesDefaultPseudoClass):
        (WebCore::isDefaultButtonForForm): Deleted.
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::addPseudoClassType):
        * dom/Element.cpp:
        (WebCore::Element::matchesValidPseudoClass):
        (WebCore::Element::matchesInvalidPseudoClass):
        (WebCore::Element::matchesDefaultPseudoClass):
        * dom/Element.h:
        (WebCore::Element::matchesValidPseudoClass): Deleted.
        (WebCore::Element::matchesInvalidPseudoClass): Deleted.
        (WebCore::Element::isDefaultButtonForForm): Deleted.
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::parseAttribute):
        (WebCore::HTMLButtonElement::matchesDefaultPseudoClass):
        * html/HTMLButtonElement.h:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::isDefaultButtonForForm): Deleted.
        * html/HTMLFormControlElement.h:
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::~HTMLFormElement):
        (WebCore::HTMLFormElement::registerFormElement):
        (WebCore::HTMLFormElement::removeFormElement):
        (WebCore::HTMLFormElement::defaultButton):
        (WebCore::HTMLFormElement::resetDefaultButton):
        * html/HTMLFormElement.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateType):
        (WebCore::HTMLInputElement::parseAttribute):
        (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
        * html/HTMLInputElement.h:
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
        (WebCore::HTMLOptionElement::parseAttribute):
        * html/HTMLOptionElement.h:
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):
        (WebCore::Style::canShareStyleWithControl): Deleted.

2016-06-20  Simon Fraser  <simon.fraser@apple.com>

        Focus event dispatched in iframe causes parent document to scroll incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=158629
        rdar://problem/26521616

        Reviewed by Tim Horton.

        When focussing elements in iframes, the page could scroll to an incorrect location.
        This happened because code in Element::focus() tried to disable scrolling on focus,
        but did so only for the current frame, so ancestor frames got programmatically scrolled.
        On iOS we handle the scrolling in the UI process, so never want the web process to
        do programmatic scrolling.

        Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
        rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
        and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.

        Tests: fast/forms/ios/focus-input-in-iframe.html
               fast/forms/ios/programmatic-focus-input-in-iframe.html

        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::scrollIntoView):
        (WebCore::Element::scrollIntoViewIfNeeded):
        (WebCore::Element::scrollIntoViewIfNotVisible):
        (WebCore::Element::focus):
        (WebCore::Element::updateFocusAppearance):
        * dom/Element.h:
        * editing/Editor.cpp:
        (WebCore::Editor::insertTextWithoutSendingTextEvent):
        (WebCore::Editor::revealSelectionAfterEditingOperation):
        (WebCore::Editor::findStringAndScrollToVisible):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::updateAndRevealSelection):
        (WebCore::FrameSelection::revealSelection):
        (WebCore::FrameSelection::FrameSelection): Deleted.
        * editing/FrameSelection.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateFocusAppearance):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::updateFocusAppearance):
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):
        (WebCore::RenderLayer::autoscroll):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::scrollRectToVisible):
        * rendering/RenderObject.h:

2016-06-20  Keith Rollin  <krollin@apple.com>

        Remove RefPtr::release() and change calls sites to use WTFMove()
        https://bugs.webkit.org/show_bug.cgi?id=158369

        Reviewed by Chris Dumez.

        RefPtr::release() releases its managed pointer awkwardly. It's more
        direct and clearer to use WTFMove to transfer ownership of the managed
        pointer.

        As part of this cleanup, also change a lot of explicit data types to
        'auto'.

        No new tests: there's no new functionality, just a refactoring of
        existing code.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::removeSamplesFromTrackBuffer):
        (WebCore::SourceBuffer::provideMediaData):
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::start):
        * Modules/webdatabase/SQLCallbackWrapper.h:
        (WebCore::SQLCallbackWrapper::clear):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::handlePostMessage):
        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::pushState):
        (WebCore::JSHistory::replaceState):
        * bindings/js/JSMessagePortCustom.h:
        (WebCore::handlePostMessage):
        * bindings/js/ScriptControllerMac.mm:
        (WebCore::ScriptController::createScriptInstanceForWidget):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readTerminal):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::copyPropertiesInSet):
        * css/SVGCSSParser.cpp:
        (WebCore::CSSParser::parseSVGValue):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertShapeValue):
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::copyPropertiesInSet):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::loadPendingImages):
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::clearSheet):
        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeChildrenInRange):
        (WebCore::CompositeEditCommand::removeNodeAndPruneAncestors):
        (WebCore::CompositeEditCommand::prune):
        (WebCore::CompositeEditCommand::replaceSelectedTextInNode):
        (WebCore::CompositeEditCommand::rebalanceWhitespaceOnTextSubstring):
        * editing/CreateLinkCommand.cpp:
        (WebCore::CreateLinkCommand::doApply):
        * editing/EditingStyle.cpp:
        (WebCore::EditingStyle::mergeStyle):
        (WebCore::EditingStyle::mergeStyleFromRulesForSerialization):
        * editing/Editor.cpp:
        (WebCore::ClearTextCommand::CreateAndApply):
        (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
        * editing/EditorCommand.cpp:
        (WebCore::executeInsertNode):
        * editing/InsertTextCommand.cpp:
        (WebCore::InsertTextCommand::performOverwrite):
        (WebCore::InsertTextCommand::insertTab):
        * editing/RemoveNodePreservingChildrenCommand.cpp:
        (WebCore::RemoveNodePreservingChildrenCommand::doApply):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplacementFragment::removeNodePreservingChildren):
        (WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):
        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
        * html/HTMLFontElement.cpp:
        (WebCore::HTMLFontElement::collectStyleForPresentationAttribute):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::prepareForSubmission):
        * html/HTMLTableElement.cpp:
        (WebCore::leakBorderStyle):
        (WebCore::leakGroupBorderStyle):
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
        * html/track/InbandDataTextTrack.cpp:
        (WebCore::InbandDataTextTrack::addDataCue):
        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::newCuesParsed):
        * html/track/InbandWebVTTTextTrack.cpp:
        (WebCore::InbandWebVTTTextTrack::newCuesParsed):
        * html/track/TextTrackCueList.cpp:
        (WebCore::TextTrackCueList::add):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getInlineStylesForNode):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::pushChildNodesToFrontend):
        * inspector/InspectorIndexedDBAgent.cpp:
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::loadResource):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::create):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadPostRequest):
        * loader/ProgressTracker.cpp:
        (WebCore::ProgressTracker::finalProgressComplete):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::disassociateDocumentLoader):
        (WebCore::ApplicationCacheGroup::didFinishLoading):
        (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::ApplicationCacheStorage::loadCacheGroup):
        (WebCore::ApplicationCacheStorage::cacheGroupForURL):
        (WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL):
        (WebCore::ApplicationCacheStorage::loadCache):
        * loader/archive/ArchiveResourceCollection.cpp:
        (WebCore::ArchiveResourceCollection::popSubframeArchive):
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::extract):
        (WebCore::LegacyWebArchive::create):
        (WebCore::LegacyWebArchive::createFromSelection):
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::createImage):
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::setIconDataForIconURL):
        (WebCore::IconDatabase::getOrCreateIconRecord):
        (WebCore::IconDatabase::readFromDatabase):
        (WebCore::IconDatabase::getImageDataForIconURLFromSQLDatabase):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::sessionStorage):
        (WebCore::DOMWindow::localStorage):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateDragAndDrop):
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::updateTransitions):
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation):
        * page/mac/ServicesOverlayController.mm:
        (WebCore::ServicesOverlayController::createOverlayIfNeeded):
        (WebCore::ServicesOverlayController::determineActiveHighlight):
        * page/scrolling/AsyncScrollingCoordinator.h:
        (WebCore::AsyncScrollingCoordinator::releaseScrollingTree):
        * page/scrolling/ScrollingStateNode.cpp:
        (WebCore::ScrollingStateNode::cloneAndReset):
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):
        * platform/audio/HRTFElevation.cpp:
        (WebCore::getConcatenatedImpulseResponsesForSubject):
        * platform/graphics/DisplayRefreshMonitorManager.cpp:
        (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings):
        * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
        (WebCore::MediaSelectionGroupAVFObjC::updateOptions):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        * platform/graphics/ca/PlatformCALayer.cpp:
        (WebCore::PlatformCALayer::createCompatibleLayerOrTakeFromPool):
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::getData):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::asUnmultipliedImage):
        (WebCore::FilterEffect::asPremultipliedImage):
        * platform/graphics/mac/ImageMac.mm:
        (WebCore::Image::loadPlatformResource):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::createForCurrentGLContext):
        (WebCore::GraphicsContext3D::paintRenderingResultsToImageData):
        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::createMediaStream):
        * platform/mock/MockRealtimeMediaSourceCenter.cpp:
        (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints):
        (WebCore::MockRealtimeMediaSourceCenter::createMediaStream):
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::create):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::formCreate):
        * platform/text/BidiContext.cpp:
        (WebCore::BidiContext::copyStackRemovingUnicodeEmbeddingContexts):
        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::build):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::createScrollbar):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::createScrollbar):
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::createScrollbar):
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::createScrollbar):
        * replay/ReplayController.cpp:
        (WebCore::ReplayController::unloadSegment):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/properties/SVGListProperty.h:
        (WebCore::SVGListProperty::getItemValuesAndWrappers):
        (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
        (WebCore::SVGListProperty::removeItemValuesAndWrappers):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::workerThread):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::internalAbort):
        * xml/XPathStep.cpp:
        (WebCore::XPath::Step::nodesInAxis):

2016-06-20  Eric Carlson  <eric.carlson@apple.com>

        Crash in PlatformMediaSession::clientWillPausePlayback
        https://bugs.webkit.org/show_bug.cgi?id=158953
        <rdar://problem/26121125>

        Reviewed by Jer Noble.

        No new tests, I have not been able to reproduce this in a test.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::stop): Ref the element before calling stopWithoutDestroyingMediaPlayer
          because updatePlaybackControlsManager can release the last reference and cause the
          destructor to be called.
        (WebCore::HTMLMediaElement::suspend): Ditto.

2016-06-20  Alex Christensen  <achristensen@webkit.org>

        Clean up ResourceResponseBase after r201943
        https://bugs.webkit.org/show_bug.cgi?id=158706

        Reviewed by Michael Catanzaro.

        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::ResourceResponseBase):
        (WebCore::ResourceResponseBase::asResourceResponse): Deleted.
        * platform/network/ResourceResponseBase.h:
        (WebCore::ResourceResponseBase::platformCompare):

2016-06-20  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: console.profile should use the new Sampling Profiler
        https://bugs.webkit.org/show_bug.cgi?id=153499
        <rdar://problem/24352431>

        Reviewed by Timothy Hatcher.

        Test: inspector/timeline/setInstruments-programmatic-capture.html

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::startFromConsole):
        (WebCore::InspectorTimelineAgent::stopFromConsole):
        (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
        (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
        (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
        (WebCore::InspectorTimelineAgent::toggleInstruments):
        (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
        (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
        (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
        (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
        * inspector/InspectorTimelineAgent.h:
        Web implementation of console.profile/profileEnd.
        Make helpers for startings / stopping instruments.

2016-06-20  Andreas Kling  <akling@apple.com>

        When navigating, discard decoded image data that is only live due to page cache.
        <https://webkit.org/b/158941>

        Reviewed by Antti Koivisto.

        A resource is "live" if it's currently in use by a web page, and "dead" if it's
        only kept alive by the memory cache.

        This patch adds a mechanism that looks at CachedImage resources to see if all the
        clients that make them appear "live" are actually pages in the page cache.

        If so, we let the "jettison expensive objects on top-level navigation" mechanism
        discard the decoded data for such half-live images. This can reduce the peak
        memory usage during navigations quite a bit.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad): Move the call to MemoryPressureHandler
        before we add the outgoing page to the page cache. This allows the jettisoning code
        to make decisions based on which pages were cached *before* the navigation.

        * loader/cache/CachedImageClient.h:
        (WebCore::CachedImageClient::inPageCache):
        * loader/ImageLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::inPageCache):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::inPageCache): Added a CachedImageClient::inPageCache() virtual
        to determine which clients are currently in page cache (answered by their Document.)

        * loader/cache/CachedImage.h:
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::areAllClientsInPageCache): Walks all CachedImageClient clients
        and returns true if all of them are inPageCache().

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
        Walk all the known CachedImages and nuke decoded data for those that have some but
        are only considered live due to clients in the page cache.

2016-06-20  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix post-landing review comment from Darin on r202188.

        * platform/network/CacheValidation.cpp:
        (WebCore::parseCacheHeader):

2016-06-19  Antti Koivisto  <antti@apple.com>

        Updating class name of a shadow host does not update the style applied by :host()
        https://bugs.webkit.org/show_bug.cgi?id=158900
        <rdar://problem/26883707>

        Reviewed by Simon Fraser.

        Test: fast/shadow-dom/shadow-host-style-update.html

        Teach style invalidation optimization code about :host.

        * style/AttributeChangeInvalidation.cpp:
        (WebCore::Style::mayBeAffectedByHostStyle):
        (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
        * style/ClassChangeInvalidation.cpp:
        (WebCore::Style::computeClassChange):
        (WebCore::Style::mayBeAffectedByHostStyle):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
        * style/IdChangeInvalidation.cpp:
        (WebCore::Style::mayBeAffectedByHostStyle):
        (WebCore::Style::IdChangeInvalidation::invalidateStyle):

2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>

        Remove hasStaticPropertyTable (part 5: done!)
        https://bugs.webkit.org/show_bug.cgi?id=158431

        Reviewed by Chris Dumez.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
            - remove hasStaticPropertyTable.
        * bindings/scripts/test/JS/JSInterfaceName.h:
        (WebCore::JSInterfaceName::create):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        (WebCore::JSTestActiveDOMObject::create):
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
        (WebCore::JSTestClassWithJSBuiltinConstructor::create):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        (WebCore::JSTestCustomNamedGetter::create):
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        (WebCore::JSTestEventConstructor::create):
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        (WebCore::JSTestEventTarget::create):
        * bindings/scripts/test/JS/JSTestException.h:
        (WebCore::JSTestException::create):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        (WebCore::JSTestGenerateIsReachable::create):
        * bindings/scripts/test/JS/JSTestGlobalObject.h:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
        (WebCore::JSTestJSBuiltinConstructor::create):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        (WebCore::JSTestMediaQueryListListener::create):
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        (WebCore::JSTestNamedConstructor::create):
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        (WebCore::JSTestNondeterministic::create):
        * bindings/scripts/test/JS/JSTestObj.h:
        (WebCore::JSTestObj::create):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        (WebCore::JSTestOverloadedConstructors::create):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
        (WebCore::JSTestOverrideBuiltins::create):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        (WebCore::JSTestSerializedScriptValueInterface::create):
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        (WebCore::JSTestTypedefs::create):
        * bindings/scripts/test/JS/JSattribute.h:
        (WebCore::JSattribute::create):
        * bindings/scripts/test/JS/JSreadonly.h:
        (WebCore::JSreadonly::create):

2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
        https://bugs.webkit.org/show_bug.cgi?id=158834

        Reviewed by Eric Carlson.

        No change of behavior.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Explicitly setting DOMWrapped type definition from
        JSXX class deriving from another JSYY class.
        * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
        * bindings/scripts/test/JS/JSTestNode.h: Ditto.

2016-06-18  Antti Koivisto  <antti@apple.com>

        Use time literals in WebCore
        https://bugs.webkit.org/show_bug.cgi?id=158905

        Reviewed by Andreas Kling.

        std::chrono::milliseconds(1) -> 1ms etc.

        * dom/Document.cpp:
        (WebCore::Document::minimumLayoutDelay):
        (WebCore::Document::elapsedTime):
        * fileapi/FileReader.cpp:
        (WebCore::FileReader::create):
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::showPaintRect):
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
        * loader/ProgressTracker.cpp:
        (WebCore::ProgressTracker::progressStarted):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::freshnessLifetime):
        * page/ChromeClient.h:
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::intervalClampedToMinimum):
        (WebCore::DOMTimer::alignedFireTime):
        * page/DOMTimer.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        * page/ResourceUsageThread.cpp:
        (WebCore::ResourceUsageThread::threadBody):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/mac/ServicesOverlayController.mm:
        (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::fontForFamily):
        * platform/network/CacheValidation.cpp:
        (WebCore::computeCurrentAge):
        (WebCore::computeFreshnessLifetimeForHTTPFamily):

2016-06-17  Benjamin Poulain  <benjamin@webkit.org>

        :indeterminate pseudo-class should match radios whose group has no checked radio
        https://bugs.webkit.org/show_bug.cgi?id=156270

        Reviewed by Simon Fraser.

        The pseudo-class ":indeterminate" is supposed to match radio buttons
        for which the entire group has no checked button.
        Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate

        The change is straightforward with one non-obvious choice:
        I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().

        The reason is shouldAppearIndeterminate() is used for styling and AX of elements
        with an indeterminate states (check boxes and progress element). There is no such
        UI for radio boxes.
        I could have extended shouldAppearIndeterminate() to radio box
        then filter out this case in RenderTheme. The problem is doing that would also requires
        changes to the repaint logic to match :indeterminate. It seemed overkill to me to
        change repaint() for a case that is never used in practice.

        Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
               fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
               fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
               fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html

        * css/SelectorCheckerTestFunctions.h:
        (WebCore::shouldAppearIndeterminate):
        * dom/Element.cpp:
        (WebCore::Element::matchesIndeterminatePseudoClass):
        * dom/Element.h:
        * dom/RadioButtonGroups.cpp:
        (WebCore::RadioButtonGroup::setCheckedButton):
        (WebCore::RadioButtonGroup::updateCheckedState):
        (WebCore::RadioButtonGroup::remove):
        (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
        (WebCore::RadioButtonGroups::hasCheckedButton):
        * dom/RadioButtonGroups.h:
        * html/CheckboxInputType.cpp:
        (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
        (WebCore::CheckboxInputType::shouldAppearIndeterminate):
        (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
        * html/CheckboxInputType.h:
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setChecked):
        (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
        (WebCore::HTMLInputElement::shouldAppearIndeterminate):
        (WebCore::HTMLInputElement::radioButtonGroups):
        * html/HTMLInputElement.h:
        * html/InputType.cpp:
        (WebCore::InputType::matchesIndeterminatePseudoClass):
        (WebCore::InputType::shouldAppearIndeterminate):
        (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
        * html/InputType.h:
        * html/RadioInputType.cpp:
        (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
        (WebCore::RadioInputType::willDispatchClick): Deleted.
        (WebCore::RadioInputType::didDispatchClick): Deleted.
        (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
        The iOS specific code is just plain wrong.
        It was changing the indeterminate state of the input element.
        The spec clearly says that state is only used by checkbox:
        https://html.spec.whatwg.org/#dom-input-indeterminate

        Moreover, the style update would not change the indeterminate state
        of other buttons in the Button Group, which is just bizarre.
        RenderThemeIOS does not make use of any of this with the current style.

        * html/RadioInputType.h:
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):
        (WebCore::Style::canShareStyleWithControl): Deleted.
        (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
        Style sharing is unified behind the selector matching which is neat.

2016-06-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202152.
        https://bugs.webkit.org/show_bug.cgi?id=158897

        The new test is very unstable, timing out frequently
        (Requested by ap on #webkit).

        Reverted changeset:

        "Web Inspector: console.profile should use the new Sampling
        Profiler"
        https://bugs.webkit.org/show_bug.cgi?id=153499
        http://trac.webkit.org/changeset/202152

2016-06-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r202068, r202115, and r202128.
        https://bugs.webkit.org/show_bug.cgi?id=158896

        The new test is very unstable, timing out frequently
        (Requested by ap on #webkit).

        Reverted changesets:

        "decompose4 return value is unchecked, leading to potentially
        uninitialized data."
        https://bugs.webkit.org/show_bug.cgi?id=158761
        http://trac.webkit.org/changeset/202068

        "[mac] LayoutTest transforms/undecomposable.html is a flaky
        timeout"
        https://bugs.webkit.org/show_bug.cgi?id=158816
        http://trac.webkit.org/changeset/202115

        "[mac] LayoutTest transforms/undecomposable.html is a flaky
        timeout"
        https://bugs.webkit.org/show_bug.cgi?id=158816
        http://trac.webkit.org/changeset/202128

2016-06-17  Chris Fleizach  <cfleizach@apple.com>

        AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
        https://bugs.webkit.org/show_bug.cgi?id=158876
        <rdar://problem/26842619>

        Reviewed by Joanmarie Diggs.

        The indeterminate state was not being reported for native checkboxes. 

        Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
        was not being reported correctly. Changed that to check the actual attribute.

        Test: accessibility/checkbox-mixed-value.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::isIndeterminate):
        (WebCore::AccessibilityNodeObject::isPressed):
        (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::checkboxOrRadioValue):

2016-06-17  Dean Jackson  <dino@apple.com>

        REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
        https://bugs.webkit.org/show_bug.cgi?id=158895
        <rdar://problem/26423617>

        Reviewed by Zalan Bujtas.

        In r199819 we started resetting contexts if the page had too
        many. Unfortunately there were entry points in the WebGL context
        that didn't check for the validity of the object before trying
        to access the lower level objects.

        Test: webgl/many-contexts-access-after-loss.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
        (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.

2016-06-17  Daniel Bates  <dabates@apple.com>

        Unreviewed, rolling out r202186.

        Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
        builds.

        Reverted changeset:

        "File scheme should not allow access of a resource on a
        different volume."
        https://bugs.webkit.org/show_bug.cgi?id=158552
        http://trac.webkit.org/changeset/202186

2016-06-17  Daniel Bates  <dabates@apple.com>

        Unreviewed, rolling out r202187.

        202186

        Reverted changeset:

        "Unreviewed clean-up after r202186."
        http://trac.webkit.org/changeset/202187

2016-06-17  Chris Dumez  <cdumez@apple.com>

        Optimize parseCacheHeader() by using StringView
        https://bugs.webkit.org/show_bug.cgi?id=158891

        Reviewed by Darin Adler.

        Optimize parseCacheHeader() and avoid some temporary String allocations
        by using StringView. We now strip the whitespaces in the input string
        at the beginning of the function, at the same as as we strip the
        control characters. We are then able to leverage StringView in the
        rest of the function to get substrings without the need for extra
        String allocations.

        * platform/network/CacheValidation.cpp:
        (WebCore::isControlCharacterOrSpace):
        (WebCore::trimToNextSeparator):
        (WebCore::parseCacheHeader):

2016-06-17  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed clean-up after r202186.

        * platform/FileSystem.cpp:
        (WebCore::filesHaveSameVolume): Don't use C-style formatting.

2016-06-17  Pranjal Jumde  <pjumde@apple.com>

        File scheme should not allow access of a resource on a different volume.
        https://bugs.webkit.org/show_bug.cgi?id=158552
        <rdar://problem/15307582>

        Reviewed by Brent Fulgham.

        Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canDisplay):
        * platform/FileSystem.cpp:
        (WebCore::platformFileStat):
        (WebCore::filesHaveSameVolume):
        Returns true if the files are on the same volume
        * platform/FileSystem.h:

2016-06-17  Antoine Quint  <graouts@apple.com>

        Web video playback controls should have RTL volume slider
        https://bugs.webkit.org/show_bug.cgi?id=158856
        <rdar://problem/25971769>

        Reviewed by Tim Horton.

        We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
        propagate the user interface layout direction.

        The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
        then notifies the Document of a change, which propagates down to registered media elements, and finally sets
        the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
        Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
        .volume-box which applies a translate to the right and flips the volume controls on the x axis.

        Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
        pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
        can easily set a named JS property with a given JSValue.

        For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.

        Test: fullscreen/video-controls-rtl.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
        (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
        (WebCore::Document::userInterfaceLayoutDirectionChanged):
        * dom/Document.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::registerWithDocument):
        (WebCore::HTMLMediaElement::unregisterWithDocument):
        (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
        (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
        (WebCore::HTMLMediaElement::setControllerJSProperty):
        (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
        (WebCore::HTMLMediaElement::pageScaleFactorChanged):
        (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
        (WebCore::setPageScaleFactorProperty): Deleted.
        * html/HTMLMediaElement.h:
        * page/Page.cpp:
        (WebCore::Page::setUserInterfaceLayoutDirection):
        * page/Page.h:
        (WebCore::Page::userInterfaceLayoutDirection):
        * platform/UserInterfaceLayoutDirection.h: Renamed from Sour