ChangeLog   [plain text]


2017-03-14  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r213949. rdar://problem/31049877

    2017-03-14  Andy Estes  <aestes@apple.com>

            REGRESSION (r209760): Apple Pay doesn't work on sites that specify empty contact fields
            https://bugs.webkit.org/show_bug.cgi?id=169639
            <rdar://problem/30957789>

            Reviewed by Anders Carlsson.

            Shipping and billing contact fields are allowed to be empty.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::convertAndValidate):

2017-03-03  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r213385. rdar://problem/30838984

    2017-03-03  Sam Weinig  <sam@webkit.org>

            REGRESSION (r209760): Apple Pay doesn't work on casper.com, shopspring.com, maybe other sites
            <rdar://problem/30313445>
            https://bugs.webkit.org/show_bug.cgi?id=169149

            Reviewed by Simon Fraser.

            Relax restriction that the ApplePayShippingMethod sequence must not be empty. This
            was incorrect.

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::convertAndValidate):

2017-03-02  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212893. rdar://problem/30812551

2017-02-22  Brent Fulgham  <bfulgham@apple.com>

        Merge r212828. rdar://problem/30636288

    2017-02-21  Antti Koivisto  <antti@apple.com>

            REGRESSION(r207669): Crash after mutating selector text
            https://bugs.webkit.org/show_bug.cgi?id=168655
            <rdar://problem/30632111>

            Reviewed by Brent Fulgham.

            Test: fast/css/selector-text-mutation-crash.html

            * style/StyleScope.cpp:
            (WebCore::Style::Scope::resolver):
            (WebCore::Style::Scope::updateStyleResolver):

            Protect against entering scheduleUpdate and wiping style resolver while updating it.
            Extension stylesheets can trigger this.

            (WebCore::Style::Scope::scheduleUpdate):

            Clear the style resolver immediately if style sheet content changes. The resolver may
            have data structures that point to the old sheet contents.

            The resolver would get wiped anyway when the scheduled update actually occurs.

            * style/StyleScope.h:

2017-02-23  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212740. rdar://problem/30636288

2017-02-22  Brent Fulgham  <bfulgham@apple.com>

        Merge r212554. rdar://problem/30636115

    2017-02-16  Brent Fulgham  <bfulgham@apple.com>

            RenderView needs to be updated when FrameView changes
            https://bugs.webkit.org/show_bug.cgi?id=168481
            <rdar://problem/30339638>

            Reviewed by Andreas Kling.

            The state of the Document's RenderView can get out of sync with the Frame's FrameView.
            We need a notification mechanism so that modifications to the Frame's view are properly
            relayed to Document so that it can have a correct RenderView.

            * dom/Document.cpp:
            (WebCore::Document::didBecomeCurrentDocumentInView): Create an updated render tree (if
            one does not already exist).
            (WebCore::Document::destroyRenderTree): Remove an incorrect ASSERT. We may enter this
            code when the Frame uses 'setView(nullptr)', which happens during certain  updates.
            * dom/Document.h:
            * page/Frame.cpp:
            (WebCore::Frame::setView): Destroy the old render tree (if present) before switching to
            the new view. Then notify the document that it is now the current document in the new view.

2017-02-21  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212737. rdar://problem/30636288

    2017-02-21  Antti Koivisto  <antti@apple.com>

            REGRESSION(r207669): Crash after mutating selector text
            https://bugs.webkit.org/show_bug.cgi?id=168655
            <rdar://problem/30632111>

            Reviewed by Brent Fulgham.

            Test: fast/css/selector-text-mutation-crash.html

            * style/StyleScope.cpp:
            (WebCore::Style::Scope::scheduleUpdate):

            Clear the style resolver immediately if style sheet content changes. The resolver may
            have data structures that point to the old sheet contents.

            The resolver would get wiped anyway when the scheduled update actually occurs.

2017-02-18  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r212218): Assertion failures in and after parserRemoveChild
        https://bugs.webkit.org/show_bug.cgi?id=168458

        Reviewed by Antti Koivisto.

        The bug was caused by parserRemoveChild not preceeding to remove oldChild even when
        oldChild had been inserted elsewhere during unload evnets of the disconnected frames.
        Fixed the bug by checking this condition and exiting early.

        Also fixed various callers of parserRemoveChild to not call parserAppendChild when
        the removed node had already been inserted elsewhere by scripts.

        Tests: fast/parser/adoption-agency-unload-iframe-3.html
               fast/parser/adoption-agency-unload-iframe-4.html
               fast/parser/xml-error-unload-iframe.html

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::parserRemoveChild): Exit early when the node had been
        inserted elsewhere while firing unload events. Also moved the call to
        notifyRemovePendingSheetIfNeeded outside NoEventDispatchAssertion since it can
        synchrnously fire a focus event.
        (WebCore::ContainerNode::parserAppendChild): Moved adoptNode call to inside
        NoEventDispatchAssertion since adoptNode call here should never mutate DOM.
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::executeReparentTask): Added an early exit when the node had already been
        inserted elsewhere.
        (WebCore::executeInsertAlreadyParsedChildTask): Ditto.
        * xml/XMLErrors.cpp:
        (WebCore::XMLErrors::insertErrorMessageBlock): Ditto.
        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::end): Fixed a crash unveiled by one of the test cases.
        Exit early when insertErrorMessageBlock detached the parser (by author scripts).
        (WebCore::XMLDocumentParser::finish): Keep the parser alive until we exit.

2017-02-20  Ryosuke Niwa  <rniwa@webkit.org>

        HTMLConstructionSiteTask::Insert should never be called on a node with a parent
        https://bugs.webkit.org/show_bug.cgi?id=168099

        Reviewed by Sam Weinig.

        insertAlreadyParsedChild always use HTMLConstructionSiteTask::InsertAlreadyParsedChild instead
        of using HTMLConstructionSiteTask::Insert when fostering a child.

        Also combine the step to take all children and re-parenting into a single task instead of
        separately issuing TakeAllChildren and Reparent tasks.

        No new tests since this is a refactoring.

        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::insert): Now asserts that the child node never have a parent.
        (WebCore::executeInsertAlreadyParsedChildTask): Moved the code to remove the parent here.
        (WebCore::executeTakeAllChildrenAndReparentTask): Renamed from executeTakeAllChildrenTask
        now that this function also does the reparenting.
        (WebCore::executeTask):
        (WebCore::HTMLConstructionSite::reparent): Removed the variant only used with takeAllChildren.
        (WebCore::HTMLConstructionSite::insertAlreadyParsedChild): Always use InsertAlreadyParsedChild
        instead of calling fosterParent which uses Insert when fostering parents.
        (WebCore::HTMLConstructionSite::takeAllChildrenAndReparent): Renamed from takeAllChildren.
        * html/parser/HTMLConstructionSite.h:
        (WebCore::HTMLConstructionSiteTask:Operation):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::callTheAdoptionAgency):

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212601. rdar://problem/30339638

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212660. rdar://problem/30553220

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212647. rdar://problem/30563318

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211750. rdar://problem/30383964

    2017-02-06  Simon Fraser  <simon.fraser@apple.com>

            Safari pages are blank sometimes (missing tiles)
            https://bugs.webkit.org/show_bug.cgi?id=167904

            Reviewed by Tim Horton.

            After r211683 we failed to udpate the "inWindow" flag on the page tiled layer, because
            usingTiledBacking() on GraphicsLayer confusingly was false for the page tiled layer.

            Fix by removing usingTiledBacking() entirely, and checking for tiledBacking(),
            looking at the layer type when necessary.

            Tested by tiled-drawing/tiled-backing-in-window.html

            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::GraphicsLayer):
            (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants): This is the bug fix.
            (WebCore::GraphicsLayer::getDebugBorderInfo):
            (WebCore::GraphicsLayer::dumpProperties):
            * platform/graphics/GraphicsLayer.h:
            (WebCore::GraphicsLayer::usingTiledBacking): Deleted.
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::recursiveCommitChanges):
            (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
            (WebCore::GraphicsLayerCA::changeLayerTypeTo):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::willDestroyLayer):
            (WebCore::RenderLayerBacking::compositingLayerType):
            * rendering/RenderLayerCompositor.cpp: A bit more logging.
            (WebCore::RenderLayerCompositor::setIsInWindow):
            (WebCore::RenderLayerCompositor::attachRootLayer):

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212651. rdar://problem/30604254

    2017-02-20  Jon Lee  <jonlee@apple.com>

            Fix build error for iOS. Unreviewed.

            * platform/graphics/GraphicsContext3D.cpp: Move stub function into !PLATFORM(COCOA) instead of !PLATFORM(MAC).

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212650. rdar://problem/30604254

    2017-02-20  Jon Lee  <jonlee@apple.com>

            Unreviewed, rolling out r212639.

            Have a fix for the linker error on iOS.

            Reverted changeset:

            "Unreviewed, rolling out r212637."
            https://bugs.webkit.org/show_bug.cgi?id=168595
            http://trac.webkit.org/changeset/212639

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212633. rdar://problem/30592266

    2017-02-19  Dean Jackson  <dino@apple.com>

            Activate/deactivate high performance GPU when requested
            https://bugs.webkit.org/show_bug.cgi?id=168559
            <rdar://problem/30592266>

            Reviewed by Jon Lee.

            Respect the high-performance powerPreference for WebGL, by managing an
            object that enables the high-performance GPU. If a WebGL context wants
            high-performance, and it is visible, then a manager class in GraphicsContext3D
            creates and retains the object, causing all the WebGL contexts to move GPUs.
            If all the high-performance contexts are not visible, such as in a background tab,
            then the manager will release the object, allowing the GPU to power down.

            The swapping back from the high-performance GPU happens on a timer, to make
            sure we don't churn between GPUs if the user is swapping between a lot of tabs,
            or windows.

            Unfortunately testing this change properly requires hardware with
            multiple GPUs. I plan to write an API test that fakes most of the
            system interaction, such as occluding the page. An API test might
            also be able to verify if the system has more than one GPU. Otherwise
            I'll have to plumb everything through Internals.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::isHighPerformanceContext): Helper to detect if the GraphicsContext3D actually
            used high-performance mode.
            (WebCore::WebGLRenderingContextBase::create): Add logging if we are
            actually overriding a high-performance request.
            (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): If we are high-performance,
            then register for activity state changes.
            (WebCore::WebGLRenderingContextBase::addActivityStateChangeObserverIfNecessary):
            (WebCore::WebGLRenderingContextBase::removeActivityStateChangeObserver):
            (WebCore::WebGLRenderingContextBase::destroyGraphicsContext3D): Call removeActivityStateChangeObserver
            as the GC3D is destroyed.
            (WebCore::WebGLRenderingContextBase::maybeRestoreContext): If the context was
            restored successfully, and came back in high-performance, then we need
            to listen for activity state changes as usual.
            (WebCore::WebGLRenderingContextBase::activityStateDidChange): If we changed visibility,
            tell the GC3D.
            * html/canvas/WebGLRenderingContextBase.h: Class inherits ActivityStateChangeObserver.

            * page/Settings.in: No longer force low-power everywhere.

            * platform/graphics/GraphicsContext3D.cpp:
            (WebCore::GraphicsContext3D::setContextVisibility): Empty implementation for non-Mac.
            * platform/graphics/GraphicsContext3D.h:
            (WebCore::GraphicsContext3D::powerPreferenceUsedForCreation): Tells clients what power preference
            was actually used during creation (e.g. a single GPU system will use default, even if
            they requested high-performance).

            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::GraphicsContext3DManager::GraphicsContext3DManager): Helper class to
            look after all GraphicsContext3Ds.
            (WebCore::GraphicsContext3DManager::hasTooManyContexts): We have a limit on the
            number of contexts we can keep alive at any one time.
            (WebCore::manager): Helper to return the static instance.
            (WebCore::displayWasReconfigured): Send a message to all the contexts.
            (WebCore::GraphicsContext3DManager::addContext):
            (WebCore::GraphicsContext3DManager::removeContext):
            (WebCore::GraphicsContext3DManager::addContextRequiringHighPerformance):
            (WebCore::GraphicsContext3DManager::removeContextRequiringHighPerformance):
            (WebCore::GraphicsContext3DManager::updateHighPerformanceState): Check if the number
            of contexts requiring high-performance means we need to enable/disable that GPU.
            (WebCore::GraphicsContext3DManager::disableHighPerformanceGPUTimerFired): Releases our
            object that keeps the high-performance GPU on.
            (WebCore::GraphicsContext3DManager::recycleContextIfNecessary): Get rid of the first (oldest)
            context. This code was in GC3D proper, but it made more sense here in the helper.
            (WebCore::setPixelFormat): All contexts are created muxable now.
            (WebCore::GraphicsContext3D::create): Use the manager.
            (WebCore::GraphicsContext3D::GraphicsContext3D): Ditto.
            (WebCore::GraphicsContext3D::~GraphicsContext3D): Add logging.
            (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): Better logging.
            (WebCore::GraphicsContext3D::updateCGLContext):
            (WebCore::GraphicsContext3D::setContextVisibility): This is the responder to the
            ActivityStateChanges in the WebGLRenderingContext.
            (WebCore::activeContexts): Deleted.
            (WebCore::addActiveContext): Deleted.
            (WebCore::removeActiveContext): Deleted.

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212331. rdar://problem/30522092

    2017-02-14  Dean Jackson  <dino@apple.com>

            Rename preferLowPowerWebGLRendering setting to forceWebGLUsesLowPower
            https://bugs.webkit.org/show_bug.cgi?id=168339
            <rdar://problem/30522092>

            Reviewed by Simon Fraser.

            Use a setting name that more clearly reflects what it is doing. It's not
            preferring to use the low-power GPU, it's forcing it.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create):
            * page/Settings.in:

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212538. rdar://problem/30541748

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        A/B test concurrent GC
        https://bugs.webkit.org/show_bug.cgi?id=168453
        <rdar://problem/30553220>

        Landed on behalf of JF Bastien.

        Reviewed by Alexey Proskuryakov.

        Initialize the WTF::SplitTest singleton using the anonymous UUID
        from crash reporter. This makes it easy to figure out which A/B
        split tests were enabled from a particular crash log.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/SplitTestInitializer.cpp: Added.
        (getUUID):
        (InitWebCoreSplitTest):
        * platform/SplitTestInitializer.h: Copied from Source/WebKit2/WebProcess/EntryPoint/mac/XPCService/WebContentServiceEntryPoint.mm.

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212652. rdar://problem/30435303

    2017-02-20  Per Arne Vollan  <pvollan@apple.com>

            [Win] Custom scale factor is not applied in all cases.
            https://bugs.webkit.org/show_bug.cgi?id=168117

            Reviewed by Brent Fulgham.

            We should not call the function deviceScaleFactorForWindow directly, since this
            will return the system scale factor, and ignore the custom scale factor.

            * platform/graphics/ca/win/CACFLayerTreeHost.h:
            * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
            (WebCore::WKCACFViewLayerTreeHost::initializeContext):
            (WebCore::WKCACFViewLayerTreeHost::resize):
            (WebCore::WKCACFViewLayerTreeHost::setScaleFactor):
            * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h:
            * platform/win/GDIUtilities.h:
            (WebCore::makeScaledPoint):
            * platform/win/PlatformMouseEventWin.cpp:
            (WebCore::positionForEvent):
            * platform/win/PopupMenuWin.cpp:
            (WebCore::PopupMenuWin::show):
            (WebCore::PopupMenuWin::wndProc):
            * platform/win/PopupMenuWin.h:

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212621. rdar://problem/30563318

    2017-02-18  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION(r212218): Assertion failures in and after parserRemoveChild
            https://bugs.webkit.org/show_bug.cgi?id=168458

            Reviewed by Antti Koivisto.

            The bug was caused by parserRemoveChild not preceeding to remove oldChild even when
            oldChild had been inserted elsewhere during unload evnets of the disconnected frames.
            Fixed the bug by checking this condition and exiting early.

            Also fixed various callers of parserRemoveChild to not call parserAppendChild when
            the removed node had already been inserted elsewhere by scripts.

            Tests: fast/parser/adoption-agency-unload-iframe-3.html
                   fast/parser/adoption-agency-unload-iframe-4.html
                   fast/parser/xml-error-unload-iframe.html

            * dom/ContainerNode.cpp:
            (WebCore::ContainerNode::parserRemoveChild): Exit early when the node had been
            inserted elsewhere while firing unload events. Also moved the call to
            notifyRemovePendingSheetIfNeeded outside NoEventDispatchAssertion since it can
            synchrnously fire a focus event.
            (WebCore::ContainerNode::parserAppendChild): Moved adoptNode call to inside
            NoEventDispatchAssertion since adoptNode call here should never mutate DOM.
            * html/parser/HTMLConstructionSite.cpp:
            (WebCore::executeReparentTask): Added an early exit when the node had already been
            inserted elsewhere.
            (WebCore::executeInsertAlreadyParsedChildTask): Ditto.
            * xml/XMLErrors.cpp:
            (WebCore::XMLErrors::insertErrorMessageBlock): Ditto.
            * xml/parser/XMLDocumentParser.cpp:
            (WebCore::XMLDocumentParser::end): Fixed a crash unveiled by one of the test cases.
            Exit early when insertErrorMessageBlock detached the parser (by author scripts).
            (WebCore::XMLDocumentParser::finish): Keep the parser alive until we exit.

2017-02-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212558. rdar://problem/30451563

    2017-02-17  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (209396): Apple Pay buttons do not render
            https://bugs.webkit.org/show_bug.cgi?id=168523
            rdar://problem/30451563

            Reviewed by Geoffrey Garen.

            The new CSS parser mistakenly converted -apple-pay-button values to
            -webkit-pay-button, breaking -webkit-appearance: -apple-pay-button.

            Fix by excluding "-apple-pay" prefixed values from the conversion.

            Test: fast/css/appearance-apple-pay-button.html

            * css/parser/CSSPropertyParser.cpp:
            (WebCore::isAppleLegacyCssValueKeyword):

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212554. rdar://problem/30339638

    2017-02-16  Brent Fulgham  <bfulgham@apple.com>

            RenderView needs to be updated when FrameView changes
            https://bugs.webkit.org/show_bug.cgi?id=168481
            <rdar://problem/30339638>

            Reviewed by Andreas Kling.

            The state of the Document's RenderView can get out of sync with the Frame's FrameView.
            We need a notification mechanism so that modifications to the Frame's view are properly
            relayed to Document so that it can have a correct RenderView.

            * dom/Document.cpp:
            (WebCore::Document::didBecomeCurrentDocumentInView): Create an updated render tree (if
            one does not already exist).
            (WebCore::Document::destroyRenderTree): Remove an incorrect ASSERT. We may enter this
            code when the Frame uses 'setView(nullptr)', which happens during certain  updates.
            * dom/Document.h:
            * page/Frame.cpp:
            (WebCore::Frame::setView): Destroy the old render tree (if present) before switching to
            the new view. Then notify the document that it is now the current document in the new view.

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212354. rdar://problem/30450371

    2017-02-14  Ryosuke Niwa  <rniwa@webkit.org>

            An assertion failure inside removeChildren
            https://bugs.webkit.org/show_bug.cgi?id=168069

            Reviewed by Brent Fulgham.

            The bug was caused by notifyRemovePendingSheet executing scripts synchronously where it shouldn't.

            Removed the call to notifyRemovePendingSheetIfNeeded in notifyChildNodeRemoved. Instead, invoke it
            in its call sites when they're safe.

            Test: http/tests/security/move-iframe-within-focus-handler-inside-removal.html

            * dom/ContainerNode.cpp:
            (WebCore::ContainerNode::takeAllChildrenFrom):
            (WebCore::ContainerNode::notifyChildInserted):
            (WebCore::ContainerNode::removeChild):
            (WebCore::ContainerNode::parserRemoveChild):
            (WebCore::ContainerNode::replaceAllChildren):
            (WebCore::ContainerNode::removeChildren):
            * dom/ContainerNodeAlgorithms.cpp:
            (WebCore::notifyChildNodeRemoved):

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212265. rdar://problem/30231732

    2017-02-13  Said Abou-Hallawa  <sabouhallawa@apple.com>

            The current frame of an image should not deleted if another frame is asynchronously being decoded
            https://bugs.webkit.org/show_bug.cgi?id=167618

            Reviewed by Simon Fraser.

            Test: fast/images/animated-image-draw-while-decode.html

            If the memory cache asks the BitmapImage to destroy all its frames while
            the next frame is being decoded, a thread contention may happen. This can
            happen when BitmapImage::draw() is called and the next frame is not ready
            yet for drawing, so the current frame has to be drawn. This will invoke
            a frame decoding in the same image from the drawing committing thread.

            We can avoid that by destroying all the frames except the current frame if
            the image is asynchronously decoding its frames. This should not add extra
            memory overhead because building the image frame cache and then destroying
            it, when needed, is an on-going process. The frames will be allocated and
            decoded all the time and all of them can be destroyed except the current one.

            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::destroyDecodedData):
            (WebCore::BitmapImage::destroyDecodedDataIfNecessary):
            The logic of destroying the ImageFrames was split among BitmapImage, ImageSource
            and ImageFrameCache. Move all the logic to BitmapImage and have ImageFrameCache
            be responsible only for destroying a range of ImageFrames.

            (WebCore::BitmapImage::draw): add an ASSERT_IMPLIES to ensure the current frame
            is ready to be rendered if the next frame is being decoded.

            * platform/graphics/BitmapImage.h: Move a const from ImageFrameCache.h to BitmapImage.h.

            * platform/graphics/ImageFrameCache.cpp:
            (WebCore::ImageFrameCache::destroyDecodedData):
            (WebCore::ImageFrameCache::destroyDecodedDataIfNecessary): Deleted.
            * platform/graphics/ImageFrameCache.h:
            (WebCore::ImageFrameCache::destroyAllDecodedData):
            (WebCore::ImageFrameCache::destroyAllDecodedDataExcludeFrame):
            (WebCore::ImageFrameCache::destroyDecodedDataBeforeFrame):
            Make ImageFrameCache be responsible for destroying a range of ImageFrames.
            This range might include all the frames, all the frames but up to a specific
            frame, or all the frames but exclude one frame in the middle.

            * platform/graphics/ImageSource.cpp:
            (WebCore::ImageSource::clear): No need to call clearFrameBufferCache() from clear().
            The decision to call clearFrameBufferCache() or clear() is moved to
            BitmapImage::destroyDecodedData().

            (WebCore::ImageSource::destroyDecodedData): Deleted.
            (WebCore::ImageSource::destroyDecodedDataIfNecessary): Deleted.
            These functions are replaced by another set of functions in ImageSource.h.

            * platform/graphics/ImageSource.h:
            (WebCore::ImageSource::destroyAllDecodedData):
            (WebCore::ImageSource::destroyAllDecodedDataExcludeFrame):
            (WebCore::ImageSource::destroyDecodedDataBeforeFrame):
            (WebCore::ImageSource::hasDecodingQueue):
            These are new wrappers which call the corresponding ImageFrameCache functions.

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212218. rdar://problem/30339793

    2017-02-12  Ryosuke Niwa  <rniwa@webkit.org>

            parserRemoveChild should unload subframes
            https://bugs.webkit.org/show_bug.cgi?id=168151

            Reviewed by Darin Adler.

            Fix the bug that the adoption agency algorithm does not unload subframes as it disconnects nodes.

            Also moved calls to nodeWillBeRemoved inside NoEventDispatchAssertion to expand on r211965.

            Tests: fast/parser/adoption-agency-clear-focus-range.html
                   fast/parser/adoption-agency-unload-iframe-1.html
                   fast/parser/adoption-agency-unload-iframe-2.html

            * dom/ContainerNode.cpp:
            (WebCore::ContainerNode::takeAllChildrenFrom): Rewritten using idioms used in removeChildren and parserAppendChild.

            Disconnect all subframes first since this can synchronously dispatch an unload event. Then update DOM ranges,
            the focused element, and other states in the document.

            Second, use the regular removeBetween, notifyChildNodeRemoved, childrenChanged sequence of calls to disconnect nodes
            instead of a single call to removeDetachedChildren to properly disconnect child nodes since those nodes may have
            already come live due to execution of synchronous scripts prior to the adoption agency algorithm has run, or in
            response to the unload event we just dispatched.

            Third, append these nodes using parserAppendChild to avoid dispatching mutation events.

            (WebCore::willRemoveChild): Removed the call to nodeWillBeRemoved. It's now called within NoEventDispatchAssertion
            in each call site of willRemoveChild and willRemoveChildren.
            (WebCore::willRemoveChildren): Ditto.
            (WebCore::ContainerNode::removeChild): Call nodeWillBeRemoved inside NoEventDispatchAssertion.
            (WebCore::ContainerNode::replaceAllChildren): Call nodeWillBeRemoved inside NoEventDispatchAssertion.
            (WebCore::ContainerNode::parserRemoveChild): Disconnect subframes and update document's states.

            * html/parser/HTMLConstructionSite.cpp:
            (WebCore::executeTakeAllChildrenAndReparentTask): Add a release assert that new parent does not already have a parent.

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212035. rdar://problem/30433204

    2017-02-09  Filip Pizlo  <fpizlo@apple.com>

            SharedArrayBuffer does not need to be in the transfer list
            https://bugs.webkit.org/show_bug.cgi?id=168079

            Reviewed by Geoffrey Garen and Keith Miller.

            Tests: workers/sab/multi-memory-multi-buffer.html
                   workers/sab/multi-memory.html
                   workers/sab/no-transfer.html
                   workers/sab/postMessage-clones.html
                   workers/sab/sent-from-worker-no-transfer.html
                   workers/sab/sent-from-worker-transfer.html

            The SAB API that we originally implemented required that SABs get put in transfer lists
            when they are sent to workers.

            The new SAB API that everyone is converging towards requires that you do not put the
            SAB in the transfer list. That's supposed to be an error. Instead, anytime that a SAB
            is part of any message to or from a dedicated worker then it is automatically shared.

            The new API provides a lot more clarity about what is supposed to happen in contexts
            that support transfering but don't support sharing.

            Right now this patch allows both styles to work, but I hope we can disable the transfer
            list capability soon.

            * bindings/js/IDBBindingUtilities.cpp:
            (WebCore::deserializeIDBValueToJSValue):
            * bindings/js/JSMessageEventCustom.cpp:
            (WebCore::JSMessageEvent::data):
            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::CloneSerializer::serialize):
            (WebCore::CloneSerializer::CloneSerializer):
            (WebCore::CloneSerializer::dumpIfTerminal):
            (WebCore::CloneDeserializer::deserialize):
            (WebCore::CloneDeserializer::CloneDeserializer):
            (WebCore::CloneDeserializer::readTerminal):
            (WebCore::SerializedScriptValue::SerializedScriptValue):
            (WebCore::SerializedScriptValue::create):
            (WebCore::SerializedScriptValue::deserialize):
            * bindings/js/SerializedScriptValue.h:
            (): Deleted.
            * dom/CustomEvent.cpp:
            (WebCore::CustomEvent::trySerializeDetail):
            * dom/ErrorEvent.cpp:
            (WebCore::ErrorEvent::trySerializeError):
            * dom/MessageEvent.cpp:
            (WebCore::MessageEvent::trySerializeData):
            * dom/PopStateEvent.cpp:
            (WebCore::PopStateEvent::trySerializeState):
            * workers/DedicatedWorkerGlobalScope.cpp:
            (WebCore::DedicatedWorkerGlobalScope::postMessage):
            * workers/Worker.cpp:
            (WebCore::Worker::postMessage):

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212488. rdar://problem/29904368

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212500. rdar://problem/29904368

2017-02-17  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212501. rdar://problem/29904368

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212513. rdar://problem/30301317

    2017-02-16  Myles C. Maxfield  <mmaxfield@apple.com>

            font-weight in @font-face can cause a font to be downloaded even when it's not used
            https://bugs.webkit.org/show_bug.cgi?id=168114
            <rdar://problem/30301317>

            Reviewed by Darin Adler.

            There were two problems with our font loading code.

            When we are in the middle of a download, we will use a special interstitial font,
            and this special font has a flag set which will cause it to be invisible when it is
            drawn. However, when we start using this font during the load, we give it a
            unicode-range of U+0-0 which means that it will never be used, and fallback will
            happen to other weights immediately.

            The second problem with the font loading code is that this interstital font is just
            Times. Times doesn't support every character, which means that if we are trying
            to render some exotic character, we fall back to other weights. The solution here
            is to use LastResort as the interstitial font, because it supports all characters.
            Because its metrics are reasonable and we don't ever actually paint this
            interstitial font, this choice is no worse than Times.

            Tests: fast/text/font-style-download.html
                   fast/text/font-weight-download-2.html
                   fast/text/font-weight-download.html
                   fast/text/font-weight-fallback.html

            * css/CSSFontFace.cpp:
            (WebCore::CSSFontFace::font):
            * css/CSSSegmentedFontFace.cpp:
            (WebCore::appendFont):
            (WebCore::CSSSegmentedFontFace::fontRanges):
            (WebCore::appendFontWithInvalidUnicodeRangeIfLoading): Deleted.
            * platform/graphics/Font.h:
            (WebCore::Font::widthForGlyph):
            * platform/graphics/FontCache.h:
            * platform/graphics/freetype/FontCacheFreeType.cpp:
            (WebCore::FontCache::lastResortFallbackFontForEveryCharacter):
            * platform/graphics/mac/FontCacheMac.mm:
            (WebCore::FontCache::lastResortFallbackFontForEveryCharacter):
            * platform/graphics/win/FontCacheWin.cpp:
            (WebCore::FontCache::lastResortFallbackFontForEveryCharacter):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212441. rdar://problem/30357253

    2017-02-16  Chris Fleizach  <cfleizach@apple.com>

            AX: Make form validation accessible on iOS
            https://bugs.webkit.org/show_bug.cgi?id=168400

            Reviewed by Chris Dumez.

            Hide the popover content of form validation from accessibility (since its not interactable)
            and instead announce the message.

            * platform/ios/ValidationBubbleIOS.mm:
            (WebCore::ValidationBubble::show):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212518. rdar://problem/30541748

    2017-02-16  Daniel Bates  <dabates@apple.com>

            Remove Chromium-specific code to call FrameLoaderClient::redirectDataToPlugin(nullptr)
            https://bugs.webkit.org/show_bug.cgi?id=168417
            <rdar://problem/30541748>

            Reviewed by Brent Fulgham.

            Remove Chromium-specific code that was added in r125500 to call FrameLoaderClient::redirectDataToPlugin(nullptr)
            in PluginDocument::detachFromPluginElement(). Calling redirectDataToPlugin() with nullptr was used by the
            Chromium port to signify that the plugin document was being destroyed so that they could tear down their
            plugin widget. And PluginDocument::detachFromPluginElement() is the only place that calls redirectDataToPlugin()
            passing nullptr. No other port made use of this machinery and the Chromium port has long since been removed
            from the Open Source WebKit Project. We should remove this code.

            * html/PluginDocument.cpp:
            (WebCore::PluginDocumentParser::appendBytes): Pass the plugin widget by reference.
            (WebCore::PluginDocument::detachFromPluginElement): Remove call to FrameLoaderClient::redirectDataToPlugin().
            This call was only used by the Chromium port as means to be notified when the plugin document was being
            destroyed. No other port made use of this notification or needed such a notification.
            * loader/EmptyClients.cpp: Change argument of redirectDataToPlugin() from Widget* to Widget& to convey
            that this function always takes a valid Widget. Also remove unnecessary argument name as the data type
            of the argument and the name of the function sufficiently describes the purpose of the argument.
            * loader/FrameLoaderClient.h: Ditto.

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212350. rdar://problem/30450379

    2017-02-14  Brent Fulgham  <bfulgham@apple.com>

            Revalidate URL after events that could trigger navigations
            https://bugs.webkit.org/show_bug.cgi?id=168071
            <rdar://problem/30450379>

            Reviewed by Ryosuke Niwa.

            When arbitary javascript runs during a load, we should revalidate
            the URLs involved to make sure they are still valid.

            Tests: http/tests/plugins/navigation-during-load-embed.html
                   http/tests/plugins/navigation-during-load.html

            * html/HTMLEmbedElement.cpp:
            (WebCore::HTMLEmbedElement::updateWidget): Confirm we are still allowed to
            load the URL after executing JS callbacks.
            * html/HTMLFrameElementBase.cpp:
            (WebCore::HTMLFrameElementBase::isURLAllowed): Split existing function into
            existing protected method, and a new public method that checks a passed URL
            for validity.
            * html/HTMLFrameElementBase.h:
            * html/HTMLFrameOwnerElement.h:
            (WebCore::HTMLFrameOwnerElement::isURLAllowed):
            * html/HTMLObjectElement.cpp:
            (WebCore::HTMLObjectElement::updateWidget): Confirm we are still allowed to
            load the URL after executing JS callbacks.
            * loader/SubframeLoader.cpp:
            (WebCore::SubframeLoader::requestFrame): Ditto.

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212335. rdar://problem/29899473

    2017-02-14  Brady Eidson  <beidson@apple.com>

            Unreviewed followup to r212330 to fix Debug builds

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Add call to relaxAdoptionRequirement().

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212330. rdar://problem/29899473

    2017-02-14  Brady Eidson  <beidson@apple.com>

            Speculative fix for: Crash in DocumentThreadableLoader::redirectReceived.
            <rdar://problem/29899473> and https://bugs.webkit.org/show_bug.cgi?id=168337

            Reviewed by Geoffrey Garen.

            No new tests (Unable to find a reproduction).

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::loadRequest):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212316. rdar://problem/30504444

    2017-02-13  Dean Jackson  <dino@apple.com>

            Rename preferLowPowerToHighPerformance to powerPreference
            https://bugs.webkit.org/show_bug.cgi?id=168269
            <rdar://problem/30504444>

            Reviewed by Chris Dumez.

            Based on the discussion in https://github.com/KhronosGroup/WebGL/pull/2283.

            Change WebGLContextAttributes's preferLowPowerToHighPerformance boolean
            into a powerPreference enum taking three values. The implementation
            of the enum is in GraphicsContext3DAttributes.

            While the name and values have changed, there should be no change in
            behaviour caused by this patch.

            * html/canvas/WebGLContextAttributes.h: Use GraphicsContext3DAttributes
            enum GraphicsContext3DPowerPreference.
            * html/canvas/WebGLContextAttributes.idl: Rename and add the WebIDL enum.
            * html/canvas/WebGLRenderingContextBase.cpp: Use the new values.
            (WebCore::WebGLRenderingContextBase::create):
            (WebCore::WebGLRenderingContextBase::registerWithWebGLStateTracker):
            * platform/WebGLStateTracker.cpp:
            * platform/WebGLStateTracker.h: Update the state tracker to use the new
            values.
            * platform/graphics/GraphicsContext3DAttributes.h:
            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::setPixelFormat): Accept GraphicsContext3DPowerPreference as a parameter.
            (WebCore::GraphicsContext3D::GraphicsContext3D):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212314. rdar://problem/27685077

    2017-02-14  Jeremy Jones  <jeremyj@apple.com>

            When playing inline after fullscreen, set a flag instead of adding attribute plays inline, and use in requiresFullscreenForVideoPlayback.
            https://bugs.webkit.org/show_bug.cgi?id=167815
            rdar://problem/27685077

            Reviewed by Jer Noble.

            Test: media/media-fullscreen-loop-inline.html

            When video is allowed to play inline after fullscreen. Looped video causes play state to update, which can send video back to fullscreen when
            allowsInline is false. This change will set a new flag when allowsInlineMediaPlaybackAfterFullscreen allows inline playback that can be tested
            in requiresFullscreenForVideoPlayback to prevent sending video back into fullscreen when video loops.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::enterFullscreen):
            (WebCore::HTMLMediaElement::exitFullscreen):
            * html/HTMLMediaElement.h:
            (WebCore::HTMLMediaElement::isTemporarilyAllowingInlinePlaybackAfterFullscreen): Added.
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212301. rdar://problem/30494674

    2017-02-13  Filip Pizlo  <fpizlo@apple.com>

            worker.postMessage should throw a TypeError if a SharedArrayBuffer is in the transfer list
            https://bugs.webkit.org/show_bug.cgi?id=168277

            Reviewed by Mark Lam.

            Test: workers/sab/postMessage-transfer-type-error.html

            This is a simple spec compliance change. The title says it all.

            * bindings/js/SerializedScriptValue.cpp:
            (WebCore::SerializedScriptValue::create):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212260. rdar://problem/30481079

    2017-02-13  Simon Fraser  <simon.fraser@apple.com>

            Call WKDestroyRenderingResources() on iOS when tabs are backgrounded
            https://bugs.webkit.org/show_bug.cgi?id=168261
            rdar://problem/30481079

            Reviewed by Tim Horton.

            Add CABackingStoreCollectBlocking() to QuartzCoreSPI.h, and fix files in WebCore
            that do a framework include.

            * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm:
            * platform/graphics/cocoa/WebActionDisablingCALayerDelegate.h:
            * platform/spi/cocoa/QuartzCoreSPI.h:
            * platform/spi/mac/NSViewSPI.h:

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212214. rdar://problem/30451581

    2017-02-12  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION (r179497): Crash inside setAttributeNode
            https://bugs.webkit.org/show_bug.cgi?id=168161
            <rdar://problem/30451581>

            Reviewed by Andreas Kling.

            The bug was caused by setAttributeNode calling setAttributeInternal with the same element data as the one used
            to call removeAttributeInternal despite of the fact removeAttributeInternal could have invoked arbitrary scripts
            and mutated element's m_elementData.

            Fixed the bug by calling with setAttributeInternal with the result of new invocation of ensureUniqueElementData().

            Test: fast/dom/Attr/make-unique-element-data-while-replacing-attr.html

            * dom/Element.cpp:
            (WebCore::Element::setAttributeNode):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212174. rdar://problem/29904368

    2017-02-10  Daniel Bates  <dabates@apple.com>

            Attempt to fix the build following <https://trac.webkit.org/changeset/212173>
            (https://bugs.webkit.org/show_bug.cgi?id=166774)

            * dom/Document.cpp:
            (WebCore::Document::detachFromCachedFrame): Use ASSER_UNUSED() instead of ASSERT() since
            the parameter cachedFrame is unused in non-debug build.

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212173. rdar://problem/29904368

    2017-02-10  Daniel Bates  <dabates@apple.com>

            Detach frame from document when entering page cache
            https://bugs.webkit.org/show_bug.cgi?id=166774
            <rdar://problem/29904368>

            Reviewed by Chris Dumez.

            When a page enters the page cache it is unnecessary for it to hold a reference to its
            associated frame because subsequent interactions with the page do not need to make use
            of it. Once a page exits the page cache we associate it with its frame.

            * dom/Document.cpp:
            (WebCore::Document::frameDestroyed): Update comment to reflect the renaming of disconnectFromFrame().
            (WebCore::Document::attachToCachedFrame): Added.
            (WebCore::Document::detachFromCachedFrame): Added.
            (WebCore::Document::prepareForDestruction): Only call CSSAnimationController::detachFromDocument() if
            we have a frame. Substitute detachFromFrame() for disconnectFromFrame() as the latter was renamed to
            the former.
            (WebCore::Document::hasEverCalledWindowOpen): Deleted.
            (WebCore::Document::markHasCalledWindowOpen): Deleted.
            (WebCore::Document::disconnectFromFrame): Renamed to detachFromFrame.
            * dom/Document.h:
            (WebCore::Document::detachFromFrame): Renamed; formerly named disconnectFromFrame(). Changed
            visibility from public to private and made this function inline.
            * history/CachedFrame.cpp:
            (WebCore::CachedFrameBase::pruneDetachedChildFrames): Remove cached child frames that were
            removed from the page when it was in the page cache as there is no need to restore such frames.
            (WebCore::CachedFrameBase::restore): Call pruneDetachedChildFrames() before restoring the
            frame tree.
            (WebCore::CachedFrame::CachedFrame): Detach from the frame.
            (WebCore::CachedFrame::open): Assert that we have a document and re-attach the frame.
            (WebCore::CachedFrame::destroy): Update assertion as this function should only be called for a
            frameless document. Only detach the FrameView, DocumentLoader, and Page when the cached frame is for
            subframe and is associated with a Page object. Call CSSAnimationController::detachFromDocument() to
            detach the animation controller from the document as it is being destroyed. We have to do this here
            because the document does not have a frame. And Document::prepareForDestruction() only calls
            CSSAnimationController::detachFromDocument() if the document has a frame.
            * history/CachedFrame.h:
            * history/PageCache.cpp:
            (WebCore::canCachePage): Remove logic that prevents caching of a page that called window.open()
            or has an opener as it is feasible to keep such pages in the page cache.
            * html/HTMLFrameElementBase.cpp:
            (WebCore::HTMLFrameElementBase::finishedInsertingSubtree): Fix style nit.
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::frameDetached): Only stop all loaders and stop active DOM objects if the
            page is not in- or about to enter- the page cache. A page in the page cache has finished loading
            and its active DOM objects are suspended. Also fix style nit in comment.
            (WebCore::FrameLoader::detachFromParent): Only stop all loaders if the page is not in- or about to
            enter- the page cache. A page in the page cache has finished loading. Also added a comment to explain
            that we protect the frame because stopAllLoaders() can cause the frame to be deallocated.
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::createWindow): Remove logic to call markHasCalledWindowOpen() as this
            function will be removed.
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::hasCalledWindowOpenKey): Deleted.
            (WebCore::DiagnosticLoggingKeys::hasOpenerKey): Deleted.
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::Page::openedByWindowOpen): Deleted.
            * page/Page.h:
            * page/Settings.in: Remove setting allowsPageCacheWithWindowOpener.

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212172. rdar://problem/30476807

    2017-02-10  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r211845): [ios-simulator] LayoutTest compositing/masks/solid-color-masked.html is a flaky failure
            https://bugs.webkit.org/show_bug.cgi?id=168054

            Reviewed by Tim Horton.

            When adding mask layers, there was an ordering dependency. There was a hack in GraphicsLayerCA::setVisibleAndCoverageRects()
            to propagate m_intersectsCoverageRect to masks. However, if GraphicsLayerCA::setVisibleAndCoverageRects()
            ran on the masked layer before the mask was added, nothing updated the "m_intersectsCoverageRect" state of the mask layer.

            Fix by explicitly calling setVisibleAndCoverageRects() on the mask layer, passing the same rects and
            viewport-constrained state as for its host layer (we already assume that their geometry matches).

            Tested by compositing/masks/solid-color-masked.html

            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):
            (WebCore::GraphicsLayerCA::recursiveCommitChanges):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212153. rdar://problem/30467120

    2017-02-10  Simon Fraser  <simon.fraser@apple.com>

            Make sure the "inwindow" flag propagates to TiledBackings for masks and reflections
            https://bugs.webkit.org/show_bug.cgi?id=168127
            rdar://problem/30467120

            Reviewed by Tim Horton.

            Replace the special-case, but wrong, GraphicsLayer traversal in setIsInWindowIncludingDescendants()
            which forgot to hit masks and replica layers with a generic traverse() function, which
            is then used for setting 'inWindow' as well as resetting tracked repaints.

            Tests: compositing/tiling/tiled-mask-inwindow.html
                   compositing/tiling/tiled-reflection-inwindow.html

            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::layerWithDocumentOverlays):
            (WebCore::PageOverlayController::layerWithViewOverlays):
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::setIsInWindow):
            (WebCore::GraphicsLayer::setReplicatedByLayer):
            (WebCore::GraphicsLayer::traverse):
            (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants): Deleted.
            * platform/graphics/GraphicsLayer.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::setIsInWindow):
            (WebCore::RenderLayerCompositor::resetTrackedRepaintRects):
            (WebCore::resetTrackedRepaintRectsRecursive): Deleted.

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212152. rdar://problem/30459055

    2017-02-09  Simon Fraser  <simon.fraser@apple.com>

            Tiled layers are sometimes left with some tiles when outside the viewport
            https://bugs.webkit.org/show_bug.cgi?id=168104
            rdar://problem/30459055

            Reviewed by Tim Horton.

            When the coverage rect of a TiledBacking goes from a non-empty rect to an empty rect, we
            shouldn't just early return from TileGrid::revalidateTiles(), otherwise we are left with some
            tiles. Run through the function as normal, which will remove all the tiles for an empty coverage rect.

            Minor logging changes.

            Test: tiled-drawing/tile-coverage-iframe-to-zero-coverage.html

            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::revalidateTiles):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212151. rdar://problem/30090186

    2017-02-10  Zalan Bujtas  <zalan@apple.com>

            Mail hangs when removing multiple rows from large table.
            https://bugs.webkit.org/show_bug.cgi?id=168103
            <rdar://problem/30090186>

            Reviewed by Ryosuke Niwa.

            DeleteSelectionCommand::removeNode doesn't actually destroy table structure items,
            but instead it removes their content. In order to be able to continue editing the table after
            the delete, we need to ensure that its cells' width and height are > 0. Currently we issue layout on
            each table item recursively.
            This patch delays the layout until after we've finished with the entire subtree delete (10x progression).

            Performance test added.

            * editing/DeleteSelectionCommand.cpp:
            (WebCore::DeleteSelectionCommand::insertBlockPlaceholderForTableCellIfNeeded):
            (WebCore::DeleteSelectionCommand::removeNodeUpdatingStates):
            (WebCore::shouldRemoveContentOnly):
            (WebCore::DeleteSelectionCommand::removeNode):
            * editing/DeleteSelectionCommand.h:

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211766. rdar://problem/30467124

    2017-02-06  Simon Fraser  <simon.fraser@apple.com>

            Re-land r210095 (avoid a tile revalidation on scale change)
            https://bugs.webkit.org/show_bug.cgi?id=167866

            Reviewed by Tim Horton.

            r210095 was rolled out in r211230 but now that all TileControllers unparent
            offscreen tiles, we can roll it back it.

            Also add more Tiling logging.

            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::validationPolicyAsString):
            (WebCore::TileGrid::setScale):
            (WebCore::TileGrid::prepopulateRect):
            (WebCore::TileGrid::revalidateTiles):
            (WebCore::TileGrid::ensureTilesForRect):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211688. rdar://problem/30467177

    2017-02-05  Simon Fraser  <simon.fraser@apple.com>

            Remove unparentsOffscreenTiles logic in TileController
            https://bugs.webkit.org/show_bug.cgi?id=167823

            Reviewed by Tim Horton.

            Give all TileGrids the "unparents offscreen tiles" behavior. This was enabled for
            only the page tiles in WK2 on Mac and iOS, but there's no reason to not use it for
            tiled composited layers also.

            Also use more modern C++ idioms in a few places.

            * platform/graphics/TiledBacking.h:
            * platform/graphics/ca/TileController.h:
            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::revalidateTiles):
            (WebCore::TileGrid::ensureTilesForRect):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::RenderLayerBacking):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211662. rdar://problem/30467322

    2017-02-03  Simon Fraser  <simon.fraser@apple.com>

            Correctly set the "inWindow" flag for TileControllers that aren't the page tiles, and clarify "usingTiledBacking" logic
            https://bugs.webkit.org/show_bug.cgi?id=167774

            Reviewed by Tim Horton.

            RenderLayerBacking had some very confusing "usingTiledCacheLayer" uses.

            Its member variable, m_usingTiledCacheLayer, really meant "m_isMainFrameLayerWithTiledBacking" so make it so.
            It had a usingTiledBacking(), which returned the same thing, which this patch replaces with isMainFrameLayerWithTiledBacking().

            The fact that usingTiledBacking() was only true for the page tiled layer tripped up
            RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants(), which would only ever call setIsInWindow()
            on the page tiled layer. These changes fix that.

            Also make a way for tests to unparent the web view via UIScriptController, and dump out the "in window"
            status of TileBackings when dumping tile caches.

            Test: tiled-drawing/tiled-backing-in-window.html

            * platform/graphics/TiledBacking.h:
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
            * platform/graphics/ca/TileController.h:
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::RenderLayerBacking):
            (WebCore::computePageTiledBackingCoverage):
            (WebCore::RenderLayerBacking::adjustTiledBackingCoverage):
            (WebCore::RenderLayerBacking::setTiledBackingHasMargins):
            (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
            (WebCore::RenderLayerBacking::shouldClipCompositedBounds):
            (WebCore::RenderLayerBacking::updateDescendantClippingLayer):
            (WebCore::RenderLayerBacking::updateRootLayerConfiguration):
            (WebCore::RenderLayerBacking::paintsIntoWindow):
            (WebCore::computeTileCoverage): Deleted.
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
            (WebCore::RenderLayerCompositor::rootFixedBackgroundsChanged):
            (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants):
            (WebCore::RenderLayerCompositor::supportsFixedRootBackgroundCompositing):
            (WebCore::RenderLayerCompositor::documentUsesTiledBacking):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211683. rdar://problem/30467272

    2017-02-04  Simon Fraser  <simon.fraser@apple.com>

            Clean up how GraphicsLayer's "inWindow" state is set, and fix some issues with Page Overlays
            https://bugs.webkit.org/show_bug.cgi?id=167850

            Reviewed by Tim Horton.

            RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants() walked the RenderLayer
            tree to set the GraphicsLayer's "inWindow" state. This had the problem of skipping non-primary
            GraphicsLayers. We also never did this work for page overlay layers.

            Fix by giving GraphicsLayers a recursive function that sets the inWindow state, and call that
            from RenderLayerCompositor::setIsInWindow() and PageOverlayController.

            PageOverlayController also needs to implement tiledBackingUsageChanged so that tiled backings
            created dynamically get the correct in-window state.

            Page overlays also had some serious issues in MiniBrowser, in that they disappeared on reload,
            and on hide/show web view. This was because the overlay root layers were re-parented, but
            addChild() for each overlay's layer wasn't called. Clean up by replacing willAttachRootLayer() followed
            by viewOverlayRootLayer()/documentOverlayRootLayer() with single calls that set up the layers,
            update the inWindow state, and return the layer.

            Make it possible to dump tile caches in page overlay tests.

            Make showGraphicsLayers() always dump page overlay layers (source of much confusion).

            Test: pageoverlay/overlay-remove-reinsert-view.html

            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::documentOverlayRootLayer):
            (WebCore::PageOverlayController::viewOverlayRootLayer):
            (WebCore::PageOverlayController::layerWithDocumentOverlays):
            (WebCore::PageOverlayController::layerWithViewOverlays):
            (WebCore::PageOverlayController::tiledBackingUsageChanged):
            (WebCore::PageOverlayController::willAttachRootLayer): Deleted.
            * page/PageOverlayController.h:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants):
            (WebCore::dumpChildren):
            * platform/graphics/GraphicsLayer.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::appendDocumentOverlayLayers):
            (WebCore::RenderLayerCompositor::setIsInWindow):
            (WebCore::RenderLayerCompositor::attachRootLayer):
            (WebCore::RenderLayerCompositor::rootLayerAttachmentChanged):
            (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants): Deleted.
            * rendering/RenderLayerCompositor.h:
            * testing/Internals.cpp:
            (WebCore::toLayerTreeFlags):
            (WebCore::Internals::layerTreeAsText):
            (WebCore::Internals::pageOverlayLayerTreeAsText):
            * testing/Internals.h:
            * testing/Internals.idl:
            * testing/MockPageOverlayClient.cpp:
            (WebCore::MockPageOverlayClient::layerTreeAsText):
            * testing/MockPageOverlayClient.h:

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211662. rdar://problem/30467322

    2017-02-03  Simon Fraser  <simon.fraser@apple.com>

            Correctly set the "inWindow" flag for TileControllers that aren't the page tiles, and clarify "usingTiledBacking" logic
            https://bugs.webkit.org/show_bug.cgi?id=167774

            Reviewed by Tim Horton.

            RenderLayerBacking had some very confusing "usingTiledCacheLayer" uses.

            Its member variable, m_usingTiledCacheLayer, really meant "m_isMainFrameLayerWithTiledBacking" so make it so.
            It had a usingTiledBacking(), which returned the same thing, which this patch replaces with isMainFrameLayerWithTiledBacking().

            The fact that usingTiledBacking() was only true for the page tiled layer tripped up
            RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants(), which would only ever call setIsInWindow()
            on the page tiled layer. These changes fix that.

            Also make a way for tests to unparent the web view via UIScriptController, and dump out the "in window"
            status of TileBackings when dumping tile caches.

            Test: tiled-drawing/tiled-backing-in-window.html

            * platform/graphics/TiledBacking.h:
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
            * platform/graphics/ca/TileController.h:
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::RenderLayerBacking):
            (WebCore::computePageTiledBackingCoverage):
            (WebCore::RenderLayerBacking::adjustTiledBackingCoverage):
            (WebCore::RenderLayerBacking::setTiledBackingHasMargins):
            (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
            (WebCore::RenderLayerBacking::shouldClipCompositedBounds):
            (WebCore::RenderLayerBacking::updateDescendantClippingLayer):
            (WebCore::RenderLayerBacking::updateRootLayerConfiguration):
            (WebCore::RenderLayerBacking::paintsIntoWindow):
            (WebCore::computeTileCoverage): Deleted.
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::flushPendingLayerChanges):
            (WebCore::RenderLayerCompositor::rootFixedBackgroundsChanged):
            (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants):
            (WebCore::RenderLayerCompositor::supportsFixedRootBackgroundCompositing):
            (WebCore::RenderLayerCompositor::documentUsesTiledBacking):

2017-02-16  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211501. rdar://problem/29904368

    2017-02-01  Antoine Quint  <graouts@apple.com>

            [mac-wk1] LayoutTest media/modern-media-controls/tracks-support/tracks-support-click-track-in-panel.html is a flaky timeout
            https://bugs.webkit.org/show_bug.cgi?id=165319
            <rdar://problem/30284104>

            Reviewed by Dean Jackson.

            Running media/controls/track-menu.html before media/modern-media-controls/tracks-support/tracks-
            support-click-track-in-panel.html makes that test time out in all test runs. The root of the issue
            is that animations are suspended by media/controls/track-menu.html with a call to
            internals.suspendAnimations(), and that state isn't reset with a call to internals.resumeAnimations().
            Then, media/modern-media-controls/tracks-support/tracks-support-click-track-in-panel.html fails because
            the selection animation for the tracks panel menu item that is clicked never completes and the delegate
            to notify that an item in the tracks panel was selected is never fired, which leads to the test failure.

            We change Internals::suspendAnimations() and Internals::resumeAnimations() to only affect the current
            document, rather than calling into AnimationController::suspendAnimations() which would do just that,
            but also set a Frame-wide flag that would prevent further animations from running, even in a subsequent
            document load.

            * dom/Document.cpp:
            (WebCore::Document::prepareForDestruction): Ensure the document that is about to be destroyed is no longer
            associated with an AnimationController.
            * page/animation/AnimationController.cpp:
            (WebCore::AnimationControllerPrivate::ensureCompositeAnimation): Update the animation's suspend state in case
            the document its renderer is associated with is suspended. This is required since previously CompositeAnimations
            would set their suspend state in their constructor, based on the Frame-wide suspended state, but there is no
            document to use as a basis to query its suspended state in that constructor.
            (WebCore::AnimationControllerPrivate::animationsAreSuspendedForDocument):
            (WebCore::AnimationControllerPrivate::detachFromDocument):
            (WebCore::AnimationControllerPrivate::suspendAnimationsForDocument):
            (WebCore::AnimationControllerPrivate::resumeAnimationsForDocument):
            (WebCore::AnimationControllerPrivate::startAnimationsIfNotSuspended):
            (WebCore::AnimationController::animationsAreSuspendedForDocument):
            (WebCore::AnimationController::detachFromDocument):
            * page/animation/AnimationController.h:
            * page/animation/AnimationControllerPrivate.h:
            * testing/Internals.cpp:
            (WebCore::Internals::animationsAreSuspended):
            (WebCore::Internals::suspendAnimations):
            (WebCore::Internals::resumeAnimations):

2017-02-15  Ryan Haddad  <ryanhaddad@apple.com>

        Merge r212238. rdar://problem/30494165

    2017-02-13  Chris Dumez  <cdumez@apple.com>

            Regression(r211455): ASSERTION FAILED: frameView || pageCacheState() == InPageCache in com.apple.WebCore: WebCore::Document::destroyRenderTree
            https://bugs.webkit.org/show_bug.cgi?id=168237
            <rdar://problem/30494165>

            Reviewed by Gavin Barraclough.

            Drop bad assertion under document::destroyRenderTree() that was introduced in r211455.
            The assertion seemed like a good idea but the issue is that CachedFrame::destroy()
            reset's the document's pageCacheState before calling Document::prepareForDestruction().

            No new tests, this fixes assertion hits on our bots.

            * dom/Document.cpp:
            (WebCore::Document::destroyRenderTree):

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212131. rdar://problem/30271744

    2017-02-10  Dave Hyatt  <hyatt@apple.com>

            [CSS Parser] Make intercap property values serialize correctly
            https://bugs.webkit.org/show_bug.cgi?id=168073

            Reviewed by Zalan Bujtas.

            Fix CSS value keywords to preserve case when the value contains capital
            letters. Examples include optimizeSpeed, translateX, scaleY, etc.

            * css/CSSPrimitiveValueMappings.h:
            (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
            (WebCore::CSSPrimitiveValue::operator EPointerEvents):
            (WebCore::CSSPrimitiveValue::operator TextRenderingMode):
            (WebCore::CSSPrimitiveValue::operator EImageRendering):
            (WebCore::CSSPrimitiveValue::operator EColorInterpolation):
            (WebCore::CSSPrimitiveValue::operator EColorRendering):
            (WebCore::CSSPrimitiveValue::operator EShapeRendering):
            * css/MediaQueryEvaluator.cpp:
            (WebCore::colorGamutEvaluate):
            * css/SVGCSSValueKeywords.in:
            * css/TransformFunctions.cpp:
            (WebCore::transformOperationType):
            (WebCore::transformsForValue):
            * css/makevalues.pl:
            * css/parser/CSSParserFastPaths.cpp:
            (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
            (WebCore::parseTransformTranslateArguments):
            (WebCore::parseSimpleTransformValue):
            * css/parser/CSSPropertyParser.cpp:
            (WebCore::consumeTransformValue):
            * css/parser/CSSPropertyParserHelpers.cpp:
            (WebCore::CSSPropertyParserHelpers::parseColorFunctionParameters):

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211910. rdar://problem/30358835

    2017-02-08  Chris Dumez  <cdumez@apple.com>

            Use smaller tiles in windows that are not active to facilitate App Napping
            https://bugs.webkit.org/show_bug.cgi?id=167997
            <rdar://problem/30358835>

            Reviewed by Simon Fraser.

            Use smaller / non-adaptative tiles in windows that are not active to facilitate
            App Napping after <https://trac.webkit.org/r197594>.

            Test: compositing/tiling/non-active-window-tiles-size.html

            * page/FrameView.cpp:
            (WebCore::FrameView::contentsResized):
            (WebCore::FrameView::addedOrRemovedScrollbar):
            (WebCore::FrameView::computeScrollability):
            (WebCore::FrameView::updateTiledBackingAdaptiveSizing):
            (WebCore::FrameView::unobscuredContentSizeChanged):
            (WebCore::FrameView::setViewExposedRect):
            * page/FrameView.h:
            * page/Page.cpp:
            (WebCore::Page::setActivityState):
            (WebCore::Page::isWindowActive):
            * page/Page.h:
            * platform/graphics/TiledBacking.h:
            * platform/graphics/ca/TileController.cpp:
            (WebCore::TileController::setTileSizeUpdateDelayDisabledForTesting):
            (WebCore::TileController::notePendingTileSizeChange):
            * platform/graphics/ca/TileController.h:
            * testing/Internals.cpp:
            (WebCore::Internals::resetToConsistentState):
            (WebCore::Internals::disableTileSizeUpdateDelay):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-02-10  Brent Fulgham  <bfulgham@apple.com>

        Merge r212026. rdar://problem/30096323

    2017-02-09  Chris Dumez  <cdumez@apple.com>

            Crash under FormSubmission::create()
            https://bugs.webkit.org/show_bug.cgi?id=167200
            <rdar://problem/30096323>

            Reviewed by Darin Adler.

            The issue is that FormSubmission::create() was iterating over
            form.associatedElements() as was calling Element::appendFormData()
            in the loop. HTMLObjectElement::appendFormData() was calling
            pluginWidget(PluginLoadingPolicy::Load) which causes a synchronous
            layout and can fire events (such as focus event) synchronously.
            Firing those events synchronously allows the JS to modify the
            form.associatedElements() vector we are currently iterating on.

            To avoid this issue, we now call pluginWidget(PluginLoadingPolicy::DoNotLoad)
            in HTMLObjectElement::appendFormData() as we are not allowed to fire
            synchronous events at this point. I also added a security assertion
            in FormSubmission::create() to catch cases where we fire JS events
            while iterating over the form associated elements to more easily
            notice these things in the future.

            Test: fast/forms/formsubmission-appendFormData-crash.html

            * html/HTMLObjectElement.cpp:
            (WebCore::HTMLObjectElement::appendFormData):
            * loader/FormSubmission.cpp:
            (WebCore::FormSubmission::create):

2017-02-10  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed build fix.

        * dom/Document.cpp:
        (WebCore::Document::adoptNode): isConnected -> inDocument.

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Rollout r212118. rdar://problem/30096323

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212026. rdar://problem/30096323

    2017-02-09  Chris Dumez  <cdumez@apple.com>

            Crash under FormSubmission::create()
            https://bugs.webkit.org/show_bug.cgi?id=167200
            <rdar://problem/30096323>

            Reviewed by Darin Adler.

            The issue is that FormSubmission::create() was iterating over
            form.associatedElements() as was calling Element::appendFormData()
            in the loop. HTMLObjectElement::appendFormData() was calling
            pluginWidget(PluginLoadingPolicy::Load) which causes a synchronous
            layout and can fire events (such as focus event) synchronously.
            Firing those events synchronously allows the JS to modify the
            form.associatedElements() vector we are currently iterating on.

            To avoid this issue, we now call pluginWidget(PluginLoadingPolicy::DoNotLoad)
            in HTMLObjectElement::appendFormData() as we are not allowed to fire
            synchronous events at this point. I also added a security assertion
            in FormSubmission::create() to catch cases where we fire JS events
            while iterating over the form associated elements to more easily
            notice these things in the future.

            Test: fast/forms/formsubmission-appendFormData-crash.html

            * html/HTMLObjectElement.cpp:
            (WebCore::HTMLObjectElement::appendFormData):
            * loader/FormSubmission.cpp:
            (WebCore::FormSubmission::create):

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211495. rdar://problem/30106362

    2017-02-01  Jer Noble  <jer.noble@apple.com>

            NULL-deref crash in TextTrack::removeCue()
            https://bugs.webkit.org/show_bug.cgi?id=167615

            Reviewed by Eric Carlson.

            Test: http/tests/media/track-in-band-hls-metadata-crash.html

            Follow-up to r211401. When passing around a reference to an object, the assumption is that
            the caller is retaining the underlying object. This breaks down for
            InbandDataTextTrack::removeDataCue(), which releases its own ownership of the cue object,
            then passes the reference to that object to its superclass to do further remove steps. The
            retain count of the cue can thus drop to zero within the scope of
            InbandTextTrack::removeCue(). Use "take" semantics to remove the cue from the
            m_incompleteCueMap without releasing ownership, and pass a reference to that retained object
            on to removeCue(), guaranteeing that the cue will not be destroyed until after the
            romeveDataCue() method returns.

            * html/track/InbandDataTextTrack.cpp:
            (WebCore::InbandDataTextTrack::removeDataCue):

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211650. rdar://problem/30268004

    2017-02-03  Jeremy Jones  <jeremyj@apple.com>

            Pointer lock events should be delivered directly to the target element
            https://bugs.webkit.org/show_bug.cgi?id=167134
            rdar://problem/30268004

            Reviewed by Dean Jackson.

            pointer-lock/mouse-event-delivery.html: Enabled for mac, added wheel event tests.

            When pointer is locked on an element, route mouse events directly to the target element, instead of
            doing the normal event disptach.

            * page/EventHandler.cpp:
            (WebCore::EventHandler::handleMousePressEvent):
            (WebCore::EventHandler::handleMouseDoubleClickEvent):
            (WebCore::EventHandler::handleMouseMoveEvent):
            (WebCore::EventHandler::handleMouseReleaseEvent):
            (WebCore::EventHandler::handleMouseForceEvent):
            (WebCore::EventHandler::handleWheelEvent):
            * page/PointerLockController.cpp:
            (WebCore::PointerLockController::isLocked): Added.
            (WebCore::PointerLockController::dispatchLockedWheelEvent): Added.
            * page/PointerLockController.h:

2017-02-10  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211375. rdar://problem/30268004

    2017-01-30  Ryan Haddad  <ryanhaddad@apple.com>

            Unreviewed, rollout r211235 Pointer lock events should be delivered directly to the target element.

            The LayoutTest for this change is frequently failing.

            * page/EventHandler.cpp:
            (WebCore::EventHandler::handleMousePressEvent):
            (WebCore::EventHandler::handleMouseDoubleClickEvent):
            (WebCore::EventHandler::handleMouseMoveEvent):
            (WebCore::EventHandler::handleMouseReleaseEvent):
            (WebCore::EventHandler::handleMouseForceEvent):
            (WebCore::EventHandler::handleWheelEvent):
            * page/PointerLockController.cpp:
            (WebCore::PointerLockController::isLocked): Deleted.
            (WebCore::PointerLockController::dispatchLockedWheelEvent): Deleted.
            * page/PointerLockController.h:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212029. rdar://problem/30376972

    2017-02-09  Chris Dumez  <cdumez@apple.com>

            Make sure Event keeps its current target element alive
            https://bugs.webkit.org/show_bug.cgi?id=167885
            <rdar://problem/30376972>

            Reviewed by Brent Fulgham.

            Make sure Event keeps its current target element alive to avoid
            crashes if it is accessed by JS after it has been garbage collected.

            Test: fast/events/currentTarget-gc-crash.html

            * dom/Event.cpp:
            (WebCore::Event::setCurrentTarget):
            * dom/Event.h:
            (WebCore::Event::currentTarget):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212028. rdar://problem/30234133

    2017-02-09  Ryosuke Niwa  <rniwa@webkit.org>

            Crash in render tree after dynamically mutating the slot value
            https://bugs.webkit.org/show_bug.cgi?id=167502

            Reviewed by Antti Koivisto.

            The crash was caused by attributeChanged not destructing the render tree after an assigned element had been
            removed from its slot. Since the style resolver can no longer find this element in the flat tree, we need to
            delete its render object as if the element had been removed from the DOM tree.

            Tests: fast/html/details-summary-slot.html
                   fast/shadow-dom/shadow-slot-attribute-change-crash.html

            * dom/Element.cpp:
            (WebCore::Element::attributeChanged):
            * html/HTMLSummaryElement.cpp:
            (WebCore::SummarySlotElement): Added. Always use the default slot regardless of the slot attribute's value.
            (WebCore::HTMLSummaryElement::create): Use SummarySlotElement

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212027. rdar://problem/30145076

    2017-02-09  Antti Koivisto  <antti@apple.com>

            Details element doesn't work correctly when mutating content between closing and opening
            https://bugs.webkit.org/show_bug.cgi?id=167310

            Reviewed by Ryosuke Niwa.

            Tests: fast/html/details-close-modify-open.html
                   fast/shadow-dom/slot-remove-mutate-add.html

            * dom/SlotAssignment.cpp:
            (WebCore::SlotAssignment::didChangeSlot):

                Always reset the slot assignment when content is mutated.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212025. rdar://problem/30076615

    2017-02-09  Chris Dumez  <cdumez@apple.com>

            Crash under HTMLFormElement::registerFormElement()
            https://bugs.webkit.org/show_bug.cgi?id=167162

            Reviewed by Ryosuke Niwa.

            didMoveToNewDocument() was re-registering FormAttributeTargetObserver
            even if the element's inDocument was not set yet. As a result, it was
            possible for FormAssociatedElement::resetFormOwner() to be called
            when the element was in the tree but with its inDocument still being
            false (because insertedInto() has not been called yet). This could
            end up calling HTMLFormElement::registerFormElement() even though
            the element is still recognized as detached. This is an issue because
            HTMLFormElement::m_associatedElements's order and its corresponding
            indexes (m_associatedElementsBeforeIndex / m_associatedElementsAfterIndex)
            rely on the position of the element with regards to the form element
            (before / inside / after).

            To address the issue, we now only register the FormAttributeTargetObserver
            in didMoveToNewDocument() if the inDocument flag is set to true. This
            is similar to what is done at other call sites of
            resetFormAttributeTargetObserver(). We also ignore the form content
            attribute in HTMLFormElement::formElementIndex() if the element is
            not connected.

            As per the HTML specification [1], the form content attribute is only
            taken if the element is connected (i.e. inDocument flag is true).

            Note that FormAssociatedElement::findAssociatedForm() was already
            ignoring the form content attribute if the element is disconnected.

            [1] https://html.spec.whatwg.org/#reset-the-form-owner (step 3)

            Test: fast/forms/registerFormElement-crash.html

            * html/FormAssociatedElement.cpp:
            (WebCore::FormAssociatedElement::didMoveToNewDocument):
            Only call resetFormAttributeTargetObserver() if inDocument flag is set,
            similarly to what is done at other call sites.

            (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
            Add an assertion to make sure no one call this method on an element that
            is not connected.

            * html/HTMLFormElement.cpp:
            (WebCore::HTMLFormElement::formElementIndex):
            Ignore the form content attribute if the element is not connected, as
            per the HTML specification [1].

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212024. rdar://problem/30051227

    2017-02-09  Antti Koivisto  <antti@apple.com>

            Tear down existing renderers when adding a shadow root.
            https://bugs.webkit.org/show_bug.cgi?id=167117

            Reviewed by Andreas Kling.

            Adding a shadow root may cause children no longer be part of the flat tree. If they had renderers
            tear down code would no longer reach them.

            Test: fast/shadow-dom/attach-shadow-teardown.html

            * dom/Element.cpp:
            (WebCore::Element::addShadowRoot):

                Tear down existing render tree when adding a shadow root.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r212023. rdar://problem/30041640

    2017-02-09  Brent Fulgham  <bfulgham@apple.com>

            Handle synchronous layout when setting a selection range
            https://bugs.webkit.org/show_bug.cgi?id=167092
            <rdar://problem/30041640>

            Reviewed by Antti Koivisto.

            The 'innerTextElement' of a form control can change during layout due
            to arbitrary JavaScript executing. Handle the case where the inner text
            element has changed so that current render box height is while setting
            a selection range.

            Test: fast/forms/input-type-change-during-selection.html

            * html/HTMLTextFormControlElement.cpp:
            (WebCore::HTMLTextFormControlElement::setSelectionRange):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211999. rdar://problem/29930443

    2017-02-09  Brent Fulgham  <bfulgham@apple.com>

            Disconnect shadow children of root when detaching a frame
            https://bugs.webkit.org/show_bug.cgi?id=166851
            <rdar://problem/29930443>

            Reviewed by Andy Estes.

            If the root of the tree we are disconnecting has a shadow element, include it in the set of
            things to disconnect.

            Tests: fast/shadow-dom/shadow-at-root-during-disconnect.html

            * dom/ContainerNodeAlgorithms.cpp:
            (WebCore::disconnectSubframes):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211966. rdar://problem/30149422

    2017-02-09  Brent Fulgham  <bfulgham@apple.com>

            Unreviewed build fix after r211965.

            * dom/Document.cpp:
            (WebCore::Document::adoptNode): inDocument -> isConnected

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211965. rdar://problem/30149422

    2017-02-09  Ryosuke Niwa  <rniwa@webkit.org>

            Adopting a child node of a script element can run script
            https://bugs.webkit.org/show_bug.cgi?id=167318

            Reviewed by Darin Adler.

            The bug was caused by ScriptElement::childrenChanged indiscriminately running the script.
            Do this only if some node has been inserted as spec'ed:

            https://html.spec.whatwg.org/multipage/scripting.html#script-processing-model
            "The script element is connected and a node or document fragment is inserted into
            the script element, after any script elements inserted at that time."

            Split NonContentsChildChanged into NonContentsChildInserted and NonContentsChildRemoved to disambiguate
            non-contents child such as text and element being removed or inserted. New behavior matches that of
            Gecko and Chrome as well as the latest HTML5 specification.

            Also deploy NoEventDispatchAssertion in more places. Unfortunately, this results in some DOM trees
            internal to WebKit to be mutated while there is NoEventDispatchAssertion in the stack. Added a new RAII
            object "EventAllowedScope" to temporarily disable this assertion within such a tree. CachedSVGFont's
            ensureCustomFontData used to completely disable this assertion but we no longer have to do this either.

            To clarify the new semantics, renamed isEventDispatchForbidden to isEventAllowedInMainThread with
            the negated boolean value, and added a new variant isEventDispatchAllowedInSubtree, which checks
            isEventDispatchForbidden() is true or if the node was one of an internal DOM node or its descendent
            held by EventAllowedScope.

            Inspired by https://chromium.googlesource.com/chromium/src/+/604e798ec6ee30f44d57a5c4a44ce3dab3a871ed

            Tests: fast/html/script-must-not-run-when-child-is-adopted.html
                   fast/html/script-must-not-run-when-child-is-removed.html

            * dom/CharacterData.cpp:
            (WebCore::CharacterData::notifyParentAfterChange): Added NoEventDispatchAssertion.
            * dom/ContainerNode.cpp:
            (WebCore::ContainerNode::insertBefore): Added NoEventDispatchAssertion around TreeScope's adoptIfNeeded
            and insertBeforeCommon as done elsewhere.
            (WebCore::ContainerNode::appendChildCommon): Added NoEventDispatchAssertion.
            (WebCore::ContainerNode::changeForChildInsertion): Use NonContentsChildInserted here.
            (WebCore::ContainerNode::notifyChildRemoved): Added NoEventDispatchAssertion.
            (WebCore::ContainerNode::replaceChild): Moved adoptIfNeeded into NoEventDispatchAssertion.
            (WebCore::ContainerNode::removeChild): Added NoEventDispatchAssertion.
            (WebCore::ContainerNode::parserRemoveChild): Added NoEventDispatchAssertion.
            (WebCore::ContainerNode::removeChildren): Call childrenChanged in NoEventDispatchAssertion.
            (WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck): Moved adoptIfNeeded into
            NoEventDispatchAssertion.
            (WebCore::dispatchChildInsertionEvents): Check the forbidden-ness more precisely.
            (WebCore::dispatchChildRemovalEvents): Ditto.
            * dom/ContainerNode.h:
            (WebCore::ContainerNode::ChildChange::isInsertion): Added.
            * dom/ContainerNodeAlgorithms.cpp:
            (WebCore::notifyChildNodeInserted): Check the forbidden-ness more precisely. Here, we check against
            insertionPoint since EventAllowedScope checks against the root node.
            * dom/Document.cpp:
            (WebCore::Document::adoptNode): Assert the node to be adopted has not been inserted back, or else
            remove() had resulted in an exception before calling TreeScope::adoptIfNeeded.
            * dom/Element.cpp:
            (WebCore::Element::childrenChanged):
            * dom/NoEventDispatchAssertion.h:
            (WebCore::NoEventDispatchAssertion::isEventDispatchForbidden): Added a new variant that takes a node.
            If this node is a descendent of a node "marked as safe" by EventAllowedScope, then we don't consider
            the event dispatch to be forbidden.
            (WebCore::NoEventDispatchAssertion::dropTemporarily): Deleted.
            (WebCore::NoEventDispatchAssertion::restoreDropped): Deleted.
            (WebCore::NoEventDispatchAssertion::EventAllowedScope): Added. A RAII object which marks descendants of
            a given node as "safe" for the purpose of checking isEventDispatchForbidden.
            (WebCore::NoEventDispatchAssertion::EventAllowedScope::EventAllowedScope): Added. There can be a chain
            of EventAllowedScope objects in the stack. s_currentScope points to the most recently instantiated
            RAII object, and each instance remembers prior instance.
            (WebCore::NoEventDispatchAssertion::EventAllowedScope::~EventAllowedScope): Added.
            (WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNode): Added. Returns true if the given
            node is a descendent of any node held by instances of EventAllowedScope.
            (WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNodeInternal): Added. A helper function
            for isAllowedNode.
            * dom/Node.cpp:
            (WebCore::Node::dispatchSubtreeModifiedEvent): Check the forbidden-ness more precisely.
            * dom/ScriptElement.cpp:
            (WebCore::ScriptElement::childrenChanged): Only prepare the script if we've inserted nodes.
            (WebCore::ScriptElement::executeClassicScript): Assert isEventDispatchForbidden is false since running
            arbitrary author scripts can, indeed, result dispatch any events.
            * dom/ScriptElement.h:
            * html/HTMLElement.cpp:
            (WebCore::textToFragment): Made this a static local function and not return an exception since there
            is no way appendChild called in this function can throw an exception.
            (WebCore::HTMLElement::setInnerText): Create EventAllowedScope for the fragment. It's called called by
            HTMLTextAreaElement's childrenChanged to update its UA shadow tree, and it's dispatching as event on
            a new fragment can't execute arbitrary scripts since it has never been exposed to author scripts.
            Because of the precise-ness of this check, this does not disable the assertion for "this" element.
            HTMLTextFormControlElement::setInnerTextValue explicitly creates another EventAllowedScope to mark
            the shadow tree into which the fragment is inserted safe.
            (WebCore::HTMLElement::setOuterText):
            * html/HTMLElement.h:
            * html/HTMLScriptElement.cpp:
            (WebCore::HTMLScriptElement::childrenChanged):
            * html/HTMLTextFormControlElement.cpp:
            (WebCore::HTMLTextFormControlElement::setInnerTextValue): See above (setInnerText).
            * html/track/VTTCue.cpp:
            (WebCore::VTTCue::createCueRenderingTree): Create EventAllowedScope for the cloned fragment here since
            the VTT tree is never exposed to author scripts.
            (WebCore::VTTCue::updateDisplayTree): Ditto.
            * loader/cache/CachedSVGFont.cpp:
            (WebCore::CachedSVGFont::ensureCustomFontData): Use EventAllowedScope to disable assertions only on
            the new SVG document we just created instead of disabling for all DOM trees.
            * svg/SVGScriptElement.cpp:
            (WebCore::SVGScriptElement::childrenChanged):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211763. rdar://problem/30380075

    2017-02-06  Brent Fulgham  <bfulgham@apple.com>

            Correct File Path Handling in SecurityOrigin and FileSystem
            https://bugs.webkit.org/show_bug.cgi?id=167894
            <rdar://problem/30380080>

            Reviewed by Alexey Proskuryakov.

            Roll out the URL decoding being done in the FileSystem class (added in Bug 167894), and instead ensure that
            SecurityOrigin properly handles file URLs, and only passes valid file strings to the FileSystem interface.

            Tested by FileSystemTests and SecurityOriginTests in TestWebKitAPI.

            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::SecurityOrigin): Initialize m_filePath using the url's fileSystemPath, not
            the %-encoded 'path' property.
            (WebCore::SecurityOrigin::canDisplay): Pass the 'fileSystemPath' to 'filesHaveSameVolume', rather than
            the %-encoded 'path' property.
            * page/SecurityOrigin.h:
            * platform/FileSystem.cpp:
            (WebCore::filesHaveSameVolume): Do not use 'decodeURLEscapeSequences' in 'filesHaveSameVolume'.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211382. rdar://problem/29738514

    2017-01-30  Myles C. Maxfield  <mmaxfield@apple.com>

            Correct spacing regression on inter-element complex path shaping on some fonts
            https://bugs.webkit.org/show_bug.cgi?id=166013

            Reviewed by Simon Fraser.

            This patch brings the implementation of ComplexTextController in-line with the
            design at https://trac.webkit.org/wiki/ComplexTextController. Previously,
            ComplexTextController had a few problems:
            - The total width computed by ComplexTextController didn't match the width if
            you iterated over the entire string and added up the advances
            - FontCascade::getGlyphsAndAdvancesForComplexText() tried to compensate for
            the above by construing the concepts of paint advances as distinct from layout
            advances
            - Initial advances were considered part of layout sometimes and part of painting
            other times, depending on which function reports the information
            - For RTL runs, the wrong origin was added to the initial advance, and the origin
            should have been subtracted instead of added

            This patch exhaustively updates every function in ComplexTextController to be
            consistent with the design linked to above. This design solves all of these
            problems.

            Tests: ComplexTextControllerTest.InitialAdvanceWithLeftRunInRTL
                   ComplexTextControllerTest.InitialAdvanceInRTL
                   ComplexTextControllerTest.InitialAdvanceWithLeftRunInLTR
                   ComplexTextControllerTest.InitialAdvanceInLTR
                   ComplexTextControllerTest.InitialAdvanceInRTLNoOrigins
                   ComplexTextControllerTest.LeadingExpansion
                   ComplexTextControllerTest.VerticalAdvances

            * platform/graphics/GlyphBuffer.h:
            (WebCore::GlyphBuffer::setLeadingExpansion): Deleted. No longer necessary.
            (WebCore::GlyphBuffer::leadingExpansion): Deleted. Ditto.
            * platform/graphics/cocoa/FontCascadeCocoa.mm:
            (WebCore::FontCascade::adjustSelectionRectForComplexText): Removed use of
            unnecessary leadingExpansion().
            (WebCore::FontCascade::getGlyphsAndAdvancesForComplexText): This function needs
            to compute paint advances, which means that it can't base this information off
            of layout advances. This function uses the trick mentioned at the end of the
            above link to compute the paint offset of an arbitrary glyph in the middle of
            an RTL run.
            * platform/graphics/mac/ComplexTextController.cpp:
            (WebCore::ComplexTextController::computeExpansionOpportunity): Refactored for
            testing.
            (WebCore::ComplexTextController::ComplexTextController): Ditto.
            (WebCore::ComplexTextController::finishConstruction): Ditto.
            (WebCore::ComplexTextController::offsetForPosition): This function operates on
            layout advances, and the initial layout advance is already added into the
            m_adjustedBaseAdvances vector by adjustGlyphsAndAdvances(). Therefore, there is
            no need to add it again here.
            (WebCore::ComplexTextController::advance): This function had completely busted
            logic about the relationship between initial advances and the first origin in
            each run. Because of the fortunate choice of only representing layout advances
            in m_adjustedBaseAdvances, this entire block can be removed and the raw paint
            initial advance can be reported to the GlyphBuffer. Later in the function, we
            have to update the logic about how to compute a paint advance given a layout
            advance and some origins. In particular, there are two tricky pieces here: 1.
            The layout advance for the first glyph is equal to (initial advance - first
            origin + first Core Text advance, so computing the paint offset must cancel out
            the initial layout offset, and 2. the last paint advance in a run must actually
            end up at the position of the first glyph in the next run, so the next run's
            initial advance must be queried.
            (WebCore::ComplexTextController::adjustGlyphsAndAdvances): Previously, we
            represented an initial advance of a successive run by just adding it to the
            previous run's last advance. However, this is incompatible with the new model
            presented in the link above, so we remove this section. We also have to add in
            the logic that the layout advance for the first glyph is equal to the formula
            presented above.
            * platform/graphics/mac/ComplexTextController.h:
            (WebCore::ComplexTextController::ComplexTextRun::initialAdvance): Adjust comment
            to reflect reality.
            (WebCore::ComplexTextController::leadingExpansion): Deleted.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211957. rdar://problem/30029354

    2017-02-09  Antti Koivisto  <antti@apple.com>

            Nullptr crash under styleForFirstLetter
            https://bugs.webkit.org/show_bug.cgi?id=167756
            rdar://problem/30029354

            Reviewed by Zalan Bujtas.

            Don't know how we get here. Paper over the crash.

            * rendering/RenderBlock.cpp:
            (WebCore::styleForFirstLetter):

                Use parent first line style if we compute null style for the first letter renderer.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211949. rdar://problem/30119483

    2017-02-09  Andreas Kling  <akling@apple.com>

            Disallow accelerated rendering for ginormous 2D canvases.
            <https://webkit.org/b/167968>
            <rdar://problem/30119483>

            Reviewed by Antti Koivisto.

            Add a "maximumAccelerated2dCanvasSize" setting that defaults to 5120x2880
            which is the 5K resolution for 16:9.

            Also added a way to include the "accelerates drawing" flag in layer tree dumps.

            Test: compositing/canvas/accelerated-canvas-compositing-size-limit.html

            * html/HTMLCanvasElement.cpp:
            (WebCore::HTMLCanvasElement::shouldAccelerate):
            * page/Frame.h:
            * page/Settings.in:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::dumpProperties):
            * platform/graphics/GraphicsLayerClient.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::layerTreeAsText):
            * testing/Internals.cpp:
            (WebCore::toLayerTreeFlags):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211926. rdar://problem/30275036

    2017-02-08  Youenn Fablet  <youennf@gmail.com>

            HTML Link elements should load data URLs as same origin
            https://bugs.webkit.org/show_bug.cgi?id=168032
            <rdar://problem/30275036>

            Reviewed by Alex Christensen.

            Test: fast/dom/data-url-css-link-element-cors-active.html

            Making CSS data URLs resources considered as same origin when loaded through link elements.
            In the future, we should consider remove the data URL same origin flag and fully align with the fetch and HTML spec.

            * html/HTMLLinkElement.cpp:
            (WebCore::HTMLLinkElement::process):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211913. rdar://problem/28062149

    2017-02-08  Sam Weinig  <sam@webkit.org>

            REGRESSION (r193286): Promise chain no longer prevent UI refresh
            <rdar://problem/28062149>
            https://bugs.webkit.org/show_bug.cgi?id=161291

            Reviewed by Geoffrey Garen.

            Add new subtest to js/dom/Promise.html

            * dom/Microtasks.cpp:
            (WebCore::MicrotaskQueue::append):
            (WebCore::MicrotaskQueue::remove):
            (WebCore::MicrotaskQueue::performMicrotaskCheckpoint):
            * dom/Microtasks.h:
            The microtask queue needs to be completely drained, even of new microtasks added while
            the previous task was run. Remove the m_tasksAppendedDuringMicrotaskCheckpoint as it is
            no longer needed.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211895. rdar://problem/30129966

    2017-02-08  Brady Eidson  <beidson@apple.com>

            Opt-out iBooks from synchronous willSendRequest on iOS.
            <rdar://problem/30129966> and https://bugs.webkit.org/show_bug.cgi?id=168006

            Reviewed by Brent Fulgham.

            No new tests (Not a testable behavior change at this time).

            * platform/network/mac/ResourceHandleMac.mm:
            (WebCore::synchronousWillSendRequestEnabled): iBooks never gets synchronous willSendRequest:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211845. rdar://problem/30187368

    2017-02-06  Ryosuke Niwa  <rniwa@webkit.org>

            WebContent process repeatedly jetsams on BuzzFeed's Another Round page
            https://bugs.webkit.org/show_bug.cgi?id=167830
            <rdar://problem/30187368>

            Reviewed by Simon Fraser.

            The jetsams on https://www.buzzfeed.com/anotherround were caused by WebKit creating the backing store
            for every iframe's layer on the page regardless of whether they're in the viewport or not.

            This was caused by GraphicsLayerCA's setVisibleAndCoverageRects not setting CoverageRectChanged on
            m_uncommittedChanges on the very first call. Fixed the bug by initializing m_uncommittedChanges
            to always have CoverageRectChanged so that the coverage rect would get updated properly.

            Unfortunately, no new tests since somehow the backing store doesn't get created inside the test runner.

            * platform/graphics/ca/GraphicsLayerCA.h:
            (WebCore::GraphicsLayerCA):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211835. rdar://problem/27439617

    2017-02-07  Alex Christensen  <achristensen@webkit.org>

            Revert r166597
            https://bugs.webkit.org/show_bug.cgi?id=167951

            Reviewed by Andreas Kling.

            * platform/spi/cf/CFNetworkSPI.h:
            Remove now-unused SPI declaration.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211758. rdar://problem/30096129

    2017-02-06  Youenn Fablet  <youennf@gmail.com>

            Allow some schemes to opt-out of CORS
            https://bugs.webkit.org/show_bug.cgi?id=167795

            Reviewed by Alex Christensen.

            Test: http/tests/security/bypassing-cors-checks-for-extension-urls.html

            Adding the possibility to opt out of CORS for DocumentThreadableLoader clients (fetch and XHR).
            This is made specific to the case of user extension URLs for pages running user scripts.
            Introducing a boolean flag in Page for that purpose.
            Introducing a helper routine in SchemeRegistry to centralize the various user script extension schemes.

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
            * page/Frame.cpp:
            (WebCore::Frame::injectUserScripts):
            * page/Page.h:
            (WebCore::Page::setAsRunningUserScripts):
            (WebCore::Page::isRunningUserScripts):
            * platform/SchemeRegistry.cpp:
            (WebCore::SchemeRegistry::isUserExtensionScheme):
            * platform/SchemeRegistry.h:
            * testing/Internals.cpp:
            (WebCore::Internals::setAsRunningUserScripts):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211746. rdar://problem/30107622

    2017-02-06  Jer Noble  <jer.noble@apple.com>

            Playback stalls when a SourceBuffer append causes frame eviction
            https://bugs.webkit.org/show_bug.cgi?id=167834

            Reviewed by Eric Carlson.

            Test: PerformanceTests/Media/MSERemoveCodedFrames.html

            Optimize searching through SampleMap by presentationTime.

            Many of the methods exposed by PresentationOrderSampleMap used the bare  std::equal_range,
            lower_bound, or upper_bound methods. Unlike those methods exposed on std::map, the bare
            search methods perform a linear O(n) search, rather than a the binary O(log(n)) search used
            by std::map. Rewrite those methods using the bare methods in terms of the std::map search
            methods.

            Drive-by fix: rename findSampleOnOrAfterPresentationTime to
            findSampleStartingOnOrAfterPresentationTime to make the behavior of the method more
            explicit.

            * Modules/mediasource/SampleMap.cpp:
            (WebCore::PresentationOrderSampleMap::findSampleContainingPresentationTime):
            (WebCore::PresentationOrderSampleMap::findSampleStartingOnOrAfterPresentationTime):
            (WebCore::PresentationOrderSampleMap::reverseFindSampleBeforePresentationTime):
            (WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime):
            (WebCore::PresentationOrderSampleMap::findSamplesBetweenPresentationTimes):
            (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRange):
            (WebCore::PresentationOrderSampleMap::findSampleOnOrAfterPresentationTime): Deleted.
            * Modules/mediasource/SampleMap.h:
            (WebCore::PresentationOrderSampleMap::begin):
            (WebCore::PresentationOrderSampleMap::end):
            (WebCore::PresentationOrderSampleMap::rbegin):
            (WebCore::PresentationOrderSampleMap::rend):
            (WebCore::DecodeOrderSampleMap::begin):
            (WebCore::DecodeOrderSampleMap::end):
            (WebCore::DecodeOrderSampleMap::rbegin):
            (WebCore::DecodeOrderSampleMap::rend):
            (WebCore::SampleMap::SampleMap):
            (WebCore::SampleMap::sizeInBytes):
            (WebCore::SampleMap::decodeOrder):
            (WebCore::SampleMap::presentationOrder):
            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::removeSamplesFromTrackBuffer):
            (WebCore::SourceBuffer::removeCodedFrames):
            (WebCore::SourceBuffer::reenqueueMediaForTime):
            * WebCore.xcodeproj/project.pbxproj:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211730. rdar://problem/30251840

    2017-02-06  Antti Koivisto  <antti@apple.com>

            CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle
            https://bugs.webkit.org/show_bug.cgi?id=167878
            rdar://problem/30251840

            Reviewed by Andreas Kling.

            Speculative fix.

            We are trying to invalidate a null node from ~PostResolutionCallbackDisabler. Looks like the only way
            this could happen is if HTMLFrameOwnerElement::scheduleinvalidateStyleAndLayerComposition is called
            with null 'this'. There is one place where this might happen.

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::attachRootLayer): Add null check.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211667. rdar://problem/28193222

    2017-02-03  Myles C. Maxfield  <mmaxfield@apple.com>

            REGRESSION(r204858): Synthetic bold text in vertical writing mode is rotated away from original text
            https://bugs.webkit.org/show_bug.cgi?id=167826
            <rdar://problem/28193222>

            Reviewed by Zalan Bujtas.

            When drawing vertical text, the rotation is not reset between successive paint calls. We implement
            synthetic bold by drawing text twice, which means that the second draw call was getting rotated
            twice. This was an oversight in r204858.

            Test: fast/text/synthetic-bold-vertical-text.html

            * platform/graphics/cocoa/FontCascadeCocoa.mm:
            (WebCore::showGlyphsWithAdvances):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211663. rdar://problem/30343810

    2017-02-03  Jeremy Jones  <jeremyj@apple.com>

            WK1 mouse events are missing movementX and movementY for pointerlock.
            https://bugs.webkit.org/show_bug.cgi?id=167775
            rdar://problem/30343810

            Reviewed by Alexey Proskuryakov.

            pointer-lock/mouse-event-delivery.html

            Improve mouse-event-delivery.html test to mouse move and check for valid movementX and movementY.

            * platform/mac/PlatformEventFactoryMac.mm:
            (WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder): WK1 plumb throuhg movementX and movementY

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211625. rdar://problem/29168795

    2017-02-03  Antti Koivisto  <antti@apple.com>

            WebContent crash when pasting into input fields at com.apple.WebCore: WebCore::ResourceRequestBase::url const + 9
            https://bugs.webkit.org/show_bug.cgi?id=167787
            rdar://problem/29168795

            Reviewed by Andreas Kling.

            No test, don't know how to get here.

            * page/animation/CSSPropertyAnimation.cpp:
            (WebCore::crossfadeBlend): Null check.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211622. rdar://problem/30116072

    2017-02-02  Andreas Kling  <akling@apple.com>

            [Mac] In-process memory pressure monitor for WebContent processes AKA websam
            <https://webkit.org/b/167491>
            <rdar://problem/30116072>

            Reviewed by Antti Koivisto.

            Add a new timer-based memory pressure monitor that checks the process memory
            footprint every 30 seconds and reacts to changes by setting a MemoryUsagePolicy.

            There are four MemoryUsagePolicy values:

                - Unrestricted (below 1GB)
                - Conservative (above 1GB)
                - Strict (above 2GB)
                - Panic (above 4GB, or 3GB if 32-bit)

            For Strict and above, the old-style "isUnderMemoryPressure()" API will return true.

            Transitioning to a higher policy will cause memory pressure handlers to run:

            At Strict, we run the "non-critical" memory pressure handler, then carry on.

            At Panic, we run the "critical" memory pressure handler. If that fails to recover
            enough memory to bring us back below 4GB, we may kill the process:

            A process is eligible to get killed for using too much memory if:

                - It's not visible on screen (i.e it's a background tab.)
                - It's not playing audio.
                - It has not performed a main frame navigation in the last hour.

            Before killing the process, an exit-time callback will run. This patch installs such
            a callback that prints out some time-of-death statistics about C++ and JavaScript memory
            usage to hopefully help understand what was soaking up all the memory.

            * bindings/js/CommonVM.cpp:
            (WebCore::commonVMSlow):
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::setState):
            * page/MainFrame.cpp:
            (WebCore::MainFrame::didCompleteLoad):
            * page/MainFrame.h:
            * page/MemoryRelease.cpp:
            (WebCore::pageCount):
            (WebCore::logMemoryStatisticsAtTimeOfDeath):
            (WebCore::didExceedMemoryLimitAndFailedToRecover):
            (WebCore::processIsEligibleForMemoryKill):
            * page/MemoryRelease.h:
            * page/ResourceUsageThread.h:
            * page/cocoa/ResourceUsageThreadCocoa.mm:
            (WebCore::vmPageSize):
            * platform/MemoryPressureHandler.cpp:
            (WebCore::MemoryPressureHandler::MemoryPressureHandler):
            (WebCore::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor):
            (WebCore::toString):
            (WebCore::thresholdForPolicy):
            (WebCore::policyForFootprint):
            (WebCore::MemoryPressureHandler::measurementTimerFired):
            * platform/MemoryPressureHandler.h:
            (WebCore::MemoryPressureHandler::setMemoryKillCallback):
            (WebCore::MemoryPressureHandler::setProcessIsEligibleForMemoryKillCallback):
            (WebCore::MemoryPressureHandler::isUnderMemoryPressure):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211621. rdar://problem/30221102

    2017-02-02  Alex Christensen  <achristensen@webkit.org>

            URLParser: Fix parsing invalid IPv4 addresses with non-ASCII characters
            https://bugs.webkit.org/show_bug.cgi?id=167773
            <rdar://problem/30221102>

            Reviewed by Ryosuke Niwa.

            If an invalid IPv4 address contains the first syntaxViolation (difference between input and canonicalized URL),
            an iterator is used to calculate how far we have parsed in the input string to copy all the syntax-violation-free
            characters into a Vector. If a URL contains only ASCII that doesn't contain anything percent-encoded in the host,
            there is a fast path to parse ASCII hosts.  All my existing invalid IPv4 tests followed this path.
            If there is a non-ASCII character, we need to use an iterator to the original string instead of an iterator
            to the string after converting the input string's host to ASCII.

            Covered by a new API test which used to RELEASE_ASSERT.

            * platform/URLParser.cpp:
            (WebCore::URLParser::parseIPv4Host):
            (WebCore::URLParser::parseIPv6Host):
            (WebCore::URLParser::parseHostAndPort):
            * platform/URLParser.h:

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211613. rdar://problem/30132707

    2017-02-02  Wenson Hsieh  <wenson_hsieh@apple.com>

            CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::URL::host const + 9
            https://bugs.webkit.org/show_bug.cgi?id=167766
            <rdar://problem/30132707>

            Reviewed by Chris Dumez.

            The mainframe's document pointer may be null when tearing down a page upon navigation to a page that is in the
            page cache. If this triggers a GC sweep, we will attempt to reload touch bar media controls, which (as a part of
            the media controller heuristic) checks the mainframe's document URL to see if quirks should be enabled. This
            assumes that the mainframe's document exists, which is not a safe assumption if page navigation is occurring. As
            such, we need a null check for the mainframe's document in needsPlaybackControlsManagerQuirk().

            No test, as we were unable to reproduce this crash.

            * html/HTMLMediaElement.cpp:
            (WebCore::needsPlaybackControlsManagerQuirk):

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211564. rdar://problem/29012252

    2017-02-02  Antti Koivisto  <antti@apple.com>

            Column progression wrong after enabling pagination on RTL document
            https://bugs.webkit.org/show_bug.cgi?id=167733
            <rdar://problem/29012252>

            Reviewed by Zalan Bujtas.

            Column progression depends on document direction but was not updated when direction changed.

            Test: fast/multicol/pagination/pagination-dynamic-rtl.html

            * rendering/RenderBox.cpp:
            (WebCore::RenderBox::styleDidChange):

                Update column styles if document direction changes.

2017-02-09  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211254. rdar://problem/30188490

    2017-01-26  Chris Dumez  <cdumez@apple.com>

            Crash when navigating back to a page in PacheCache when one of its frames has been removed
            https://bugs.webkit.org/show_bug.cgi?id=167421
            <rdar://problem/30188490>

            Reviewed by Darin Adler.

            Disallow page caching of a page if:
            1. The main window has an opener (i.e. it was opened via window.open)
            2. It has ever used window.open()

            This is because allowing page caching in this case would allow such
            windows to script each other even after one of them entered Page
            Cache. Allowing this is dangerous and easily causes crashes.

            This is a short term workaround until we find a better solution to
            the problem. One issue is this workaround is that navigating back
            to a page that has an opener or used window.open() will not longer
            get the page from PageCache. As a result, state may be lost upon
            navigating back. However, we never guarantee that pages get page
            cached, and Chrome does not have a PageCache.

            Tests: fast/history/page-cache-after-window-open.html
                   fast/history/page-cache-back-navigation-crash.html
                   fast/history/page-cache-with-opener.html

            * dom/Document.cpp:
            (WebCore::Document::hasEverCalledWindowOpen):
            (WebCore::Document::markHasCalledWindowOpen):
            * dom/Document.h:
            * history/PageCache.cpp:
            (WebCore::canCachePage):
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::createWindow):
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::hasCalledWindowOpenKey):
            (WebCore::DiagnosticLoggingKeys::hasOpenerKey):
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::Page::openedByWindowOpen):
            * page/Page.h:
            * page/Settings.in:

2017-02-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211653. rdar://problem/29872943

    2017-02-03  Chris Dumez  <cdumez@apple.com>

            Dismiss HTML form validation popover when pressing Escape key
            https://bugs.webkit.org/show_bug.cgi?id=167716
            <rdar://problem/29872943>

            Reviewed by Simon Fraser.

            Dismiss any visible HTML form validation popover when pressing
            the Escape key.

            Test: fast/forms/validation-bubble-escape-key-dismiss.html

            * page/EventHandler.cpp:
            (WebCore::EventHandler::keyEvent):
            * page/ValidationMessageClient.h:

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211504. rdar://problem/30301117

    2017-02-01  Chris Dumez  <cdumez@apple.com>

            REGRESSION(r205136): {}.toString.call(crossOriginWindow) should not throw
            https://bugs.webkit.org/show_bug.cgi?id=167681
            <rdar://problem/30301117>

            Reviewed by Mark Lam.

            As per https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-):
            """
            If P is @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return
            PropertyDescriptor{ [[Value]]: undefined, [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }.
            """

            We now implement this behavior instead of throwing.

            Test: http/tests/security/symbols-cross-origin.html

            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
            * bindings/js/JSLocationCustom.cpp:
            (WebCore::JSLocation::getOwnPropertySlotDelegate):

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211659. rdar://problem/28725791

    2017-02-03  Jer Noble  <jer.noble@apple.com>

            ASSERT in HTMLMediaElement::~HTMLMediaElement
            https://bugs.webkit.org/show_bug.cgi?id=167818

            Reviewed by Brent Fulgham.

            Test: media/audio-dealloc-crash.html

            HTMLMediaElement's MediaElementSession can nominate the HTMLMediaElement itself
            to become the playback controls session from inside the HTMLMediaElement destructor. Protect
            against this by clearing out the session before calling updatePlaybackControlsManager().

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::~HTMLMediaElement):

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211676. rdar://problem/30229990

    2017-02-04  Chris Dumez  <cdumez@apple.com>

            Unreviewed, fix mistake in comment added in r211569.

            * history/PageCache.cpp:
            (WebCore::PageCache::removeAllItemsForPage):

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211569. rdar://problem/30229990

    2017-02-02  Chris Dumez  <cdumez@apple.com>

            [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage()
            https://bugs.webkit.org/show_bug.cgi?id=167738
            <rdar://problem/30229990>

            Reviewed by Andreas Kling.

            Upon destruction of a Page, we destroy the BackForwardClient, which is supposed
            to keep track of HistoryItems associated to this particular page and remove them
            from the PageCache. Given the crash trace, the issue seems to be that some
            HistoryItems associated with the Page sometimes linger in the PageCache *after*
            the Page has been destroyed, which leads to crashes later on when pruning the
            PageCache.

            In order to make the process more robust, this patch refactors the code so that
            the Page is now in charge of removing all its associated HistoryItems from the
            PageCache instead of relying on the BackForwardClient. Also, instead of having
            the Page keep track of which HistoryItems are associated with it (which is
            error prone), we now scan all PageCache entries instead to find which ones are
            associated with the Page. While this is in theory slower, this is much safer
            and in practice not an issue because the PageCache usually has 3-5 entries.

            No new tests, could not reproduce.

            * history/CachedPage.cpp:
            (WebCore::CachedPage::CachedPage):
            * history/CachedPage.h:
            (WebCore::CachedPage::page):
            * history/PageCache.cpp:
            (WebCore::PageCache::removeAllItemsForPage):
            * history/PageCache.h:
            * page/Page.cpp:
            (WebCore::Page::~Page):

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211551. rdar://problem/26685576

    2017-02-02  Yongjun Zhang  <yongjun_zhang@apple.com>

            In iOS, we should take background assertion when accessing localstorage databases.
            https://bugs.webkit.org/show_bug.cgi?id=165478

            Move WebSQLiteDatabaseTrackerClient from WebKitLegacy to WebCore so that it can be accessible from
            WebKit1 and WebKit2. Previously, to avoid dependencies on UIKit, WebKitLegacy introduced several
            global methods for UIKit to setup the start/end background task blocks on runtime (WebKitSetStartBackgroundTaskBlock,
            WebKitSetInvalidWebBackgroundTaskIdentifier and WebKitSetEndBackgroundTaskBlock). Since we have to
            move the background task handling to WebCore, to avoid adding WebCore dependencies on UIKit, this
            patch introdues a new WebCore class WebBackgroundTaskController which holds the start/end background
            task blocks. The existing WebKitSetStartBackgroundTaskBlock and WebKitSetEndBackgroundTaskBlock methods
            in WebKit1 will use WebBackgroundTaskController to store the blocks set by UIKit.

            Reviewed by Brady Eidson.

            No new test since this is code refactoring.

            * WebCore.xcodeproj/project.pbxproj: Add a new class WebBackgroundTaskController to the project. Also move
                WebSQLiteDatabaseTrackerClient from WebKitLegacy to WebCore.
            * platform/ios/WebBackgroundTaskController.h: Use properties to hold the blocks for starting or ending background tasks.
            * platform/ios/WebBackgroundTaskController.mm:
            (+[WebBackgroundTaskController sharedController]):
            (-[WebBackgroundTaskController dealloc]):
            (-[WebBackgroundTaskController startBackgroundTaskWithExpirationHandler:]): Start a background task with a expiration handler;
                to start the background task, we will use backgroundTaskStartBlock set up by UIKit.
            (-[WebBackgroundTaskController endBackgroundTaskWithIdentifier:]): Call backgroundTaskEndBlack to end a background task.
            * platform/ios/WebSQLiteDatabaseTrackerClient.h: Copied from Source/WebKit/ios/Storage/WebSQLiteDatabaseTrackerClient.h.
            * platform/ios/WebSQLiteDatabaseTrackerClient.mm: Copied from Source/WebKit/ios/Storage/WebSQLiteDatabaseTrackerClient.mm.
            (WebCore::WebSQLiteDatabaseTrackerClient::sharedWebSQLiteDatabaseTrackerClient): Make WebSQLiteDatabaseTrackerClient a singleton.
            (WebCore::WebSQLiteDatabaseTrackerClient::WebSQLiteDatabaseTrackerClient):
            (WebCore::WebSQLiteDatabaseTrackerClient::~WebSQLiteDatabaseTrackerClient):
            (WebCore::WebSQLiteDatabaseTrackerClient::willBeginFirstTransaction): Use a utility class WebDatabaseTransactionBackgroundTaskController
                to schedule database transaction background task.
            (WebCore::WebSQLiteDatabaseTrackerClient::didFinishLastTransaction): Use WebDatabaseTransactionBackgroundTaskController to stop
                databas transaction background task.
            (transactionBackgroundTaskIdentifierLock: Moved from Source/WebKit/mac/Storage/WebDatabaseManager.mm.
            (setTransactionBackgroundTaskIdentifier): Ditto.
            (getTransactionBackgroundTaskIdentifier): Ditto.
            (+[WebDatabaseTransactionBackgroundTaskController startBackgroundTask]): Ditto.
            (+[WebDatabaseTransactionBackgroundTaskController endBackgroundTask]): Ditto.

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211446. rdar://problem/30273885

    2017-01-31  Anders Carlsson  <andersca@apple.com>

            Apple Pay button does nothing on nytimes.com
            https://bugs.webkit.org/show_bug.cgi?id=167664
            rdar://problem/30273885

            Reviewed by Sam Weinig.

            Separate line item validation into convertAndValidateTotal and convertAndValidate. The former
            works on totals (which require an amount), and the latter works on regular line items that do not require an amount
            if the item type is "pending".

            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::convertAndValidateTotal):
            (WebCore::convertAndValidate):
            Only check the amount if the type is not pending.

            (WebCore::ApplePaySession::completeShippingMethodSelection):
            (WebCore::ApplePaySession::completeShippingContactSelection):
            (WebCore::ApplePaySession::completePaymentMethodSelection):
            Call convertAndValidateTotal for totals.

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211455. rdar://problem/30241193

    2017-01-31  Chris Dumez  <cdumez@apple.com>

            com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore::FrameView::didDestroyRenderTree
            https://bugs.webkit.org/show_bug.cgi?id=167665
            <rdar://problem/30241193>

            Reviewed by Andreas Kling.

            When destroying a PageCache entry, we would call Document::prepareFromDestruction()
            which would destroy the render tree and then call FrameView::didDestroyRenderTree().
            We would sometimes hit the ASSERT(m_widgetsInRenderTree.isEmpty()) assertion in
            didDestroyRenderTree(). This indicates that there are still RenderWidgets associated
            with the FrameView even though we claim we already destroyed the render tree.

            The reason for this is that, in the PageCache context, the top document's frame is
            reused on navigation and may not be associated with a new document that is currently
            displayed, has a render tree (and possible RenderWidgets). The solution proposed is
            to stop calling FrameView::didDestroyRenderTree() in Document::prepareFromDestruction()
            if the frame's document is not |this|. This happens when the document is destroyed
            while in PageCache. We do not want to mess with the frame / frameview in this case
            since they are no longer associated to the present document anymore.

            No new tests, already covered by existing tests which currently crash flakily.

            * dom/Document.cpp:
            (WebCore::Document::destroyRenderTree):

2017-02-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211656. rdar://problem/30102568

    2017-02-03  Daniel Bates  <dabates@apple.com>

            [Mac][WK2] Add SPI to override the Content Security Policy of a page
            https://bugs.webkit.org/show_bug.cgi?id=167810
            <rdar://problem/30102568>

            Reviewed by Anders Carlsson.

            * dom/Document.cpp:
            (WebCore::Document::initSecurityContext): Apply the embedding client's override Content Security
            Policy to the document if one exists.
            * loader/FrameLoaderClient.h: Add function overrideContentSecurityPolicy() that a FrameLoaderClient
            can override to provide a custom Content Security Policy for a document (defaults: null string - no policy).
            As its name implies, the policy returned by overrideContentSecurityPolicy() will define the Content
            Security Policy for the document, overriding any subsequently received Content Security Policy for
            the document.
            * page/csp/ContentSecurityPolicy.cpp:
            (WebCore::ContentSecurityPolicy::copyStateFrom): Only copy policies from the specified ContentSecurityPolicy
            object if our policy was not specified by the embedding client.
            (WebCore::ContentSecurityPolicy::didReceiveHeader): Set ContentSecurityPolicy::m_hasAPIPolicy to true
            when we receive an API policy from the embedding client (ContentSecurityPolicy::PolicyFrom::API). An
            API policy must be defined before a policy received from a document. Do not process a received header
            if we already have an API policy as the API policy overrides all other policies.
            * page/csp/ContentSecurityPolicy.h:

2017-02-02  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211541. rdar://problem/30100286

    2017-02-01  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK2] With visual viewports, a fixed bottom bar can be clipped out when the keyboard is visible
            https://bugs.webkit.org/show_bug.cgi?id=167710
            rdar://problem/30100286

            Reviewed by Wenson Hsieh.

            Add a bit of logging to show when RLC decides to not composite a fixed element which
            is out of bounds.

            Test: fast/visual-viewport/ios/bottom-bar-with-keyboard.html

            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::requiresCompositingForPosition):

2017-02-02  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211471. rdar://problem/30270210

    2017-01-31  Wenson Hsieh  <wenson_hsieh@apple.com>

            Regression (Safari 10.1): Pressing Return in a contenteditable no longer inserts a line break under certain conditions
            https://bugs.webkit.org/show_bug.cgi?id=167525
            <rdar://problem/30270210>

            Reviewed by Ryosuke Niwa.

            Test: fast/events/input-events-insert-newlines-after-mutation.html

            Reverts an unintended change made while refactoring code for input events that caused input events to be
            dispatched immediately rather than on the scoped queue. Normally, input events are dispatched in
            CompositeEditCommand::apply after the end of the scope, but TypingCommands may fire input events *from within*
            the scope by calling typingAddedToOpenCommand.

            Instead, TypingCommands should always dispatch events
            synchronously after the end of the scoped queue in CompositeEditCommand::apply, but this is a riskier change
            than we should currently allow, so we should revert to our old behavior for the time being.

            * editing/Editor.cpp:

2017-02-02  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211433. rdar://problem/30091558

    2017-01-31  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r209411): Scrolling to a fragment identifier in overflow:scroll inside position:fixed no longer works
            https://bugs.webkit.org/show_bug.cgi?id=167630
            rdar://problem/30091558

            Reviewed by Zalan Bujtas.

            r209411 added special handling for scrolling inside position:fixed, but cut off all scrolling, breaking
            overflow:scroll inside position:fixed. Fix by only handling the position:fixed case when we get to
            the root layer, which is where we scroll the document.

            Test: fast/overflow/scroll-anchor-in-overflow-in-position-fixed.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::getRectToExpose):

2017-02-01  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211502. rdar://problem/30298722

    2017-02-01  Brent Fulgham  <bfulgham@apple.com>

            Correct "filesHaveSameVolume" predicate
            https://bugs.webkit.org/show_bug.cgi?id=167696
            <rdar://problem/30298722>

            Reviewed by David Kilzer.

            We are passing %-encoded strings to the underlying operating system's file system APIs.
            This doesn't work. Instead, we need to present a decoded version of the file path
            that matches what the system APIs expect.

            Tested by new TestWebKitAPI Test.

            * platform/FileSystem.cpp:
            (WebCore::filesHaveSameVolume): Make sure the file paths we give to the underlying
            operating system are not percent encoded.
            * platform/FileSystem.h: Export 'filesHaveSameVolume' for use by testing system.

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211387. rdar://problem/29500273

    2017-01-30  Simon Fraser  <simon.fraser@apple.com>

            [iOS] position:fixed inside touch-scrollable overflow is mispositioned
            https://bugs.webkit.org/show_bug.cgi?id=167604
            rdar://problem/29500273

            Reviewed by Zalan Bujtas.

            For layers inside touch-scrollable overflow, RenderLayerBacking::computeParentGraphicsLayerRect() needs
            to account for the offset from the ancestor compositing layer's origin, to handle scrollable elements with
            box-shadow, for example.

            Also make the compositing log output a little easier to read.

            Test: compositing/scrolling/fixed-inside-scroll.html

            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::computeParentGraphicsLayerRect):
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::logLayerInfo):

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211386. rdar://problem/30204866

    2017-01-30  Jer Noble  <jer.noble@apple.com>

            NULL-deref crash at PlatformMediaSession::endInterruption
            https://bugs.webkit.org/show_bug.cgi?id=167595

            Reviewed by Eric Carlson.

            Use the same, NULL-aware forEachSession() iterator rather than iterating over m_sessions directly.

            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::beginInterruption):
            (WebCore::PlatformMediaSessionManager::endInterruption):

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211337. rdar://problem/30126535

    2017-01-28  Zalan Bujtas  <zalan@apple.com>

            Resolve beforeChild's render tree position before calling addChildIgnoringContinuation.
            https://bugs.webkit.org/show_bug.cgi?id=167540
            <rdar://problem/30126535>

            Reviewed by Simon Fraser.

            Use the actual render tree position for the beforeChild when inside a flow thread.

            Test: fast/multicol/assert-on-continuation-with-spanner.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::addChild):
            * rendering/RenderInline.cpp:
            (WebCore::RenderInline::addChild):
            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::RenderMultiColumnFlowThread::resolveMovedChild):

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211309. rdar://problem/30240378

    2017-01-27  Michael Saboff  <msaboff@apple.com>

            JSCustomElementInterface::invokeCallback can be called with a null callback because Weak<>
            https://bugs.webkit.org/show_bug.cgi?id=167522

            Reviewed by Filip Pizlo.

            Added all provided callbacks to the global object with a private name the same way
            that the constructor was added.  This will keep these callbacks from being GC'ed.

            * bindings/js/JSCustomElementRegistryCustom.cpp:
            (WebCore::JSCustomElementRegistry::define):

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211305. rdar://problem/29320059

    2017-01-27  Simon Fraser  <simon.fraser@apple.com>

            Element with a backdrop-filter and a mask may not correctly mask the backdrop
            https://bugs.webkit.org/show_bug.cgi?id=167456
            rdar://problem/29320059

            Reviewed by Antoine Quint.

            If a layer had a backdrop filter, but also corner radii that triggered using a mask layer,
            then the call to updateClippingStrategy() in GraphicsLayerCA::updateBackdropFiltersRect() would
            set the backdrop layer's mask, but GraphicsLayerCA::updateMaskLayer() would promptly then set
            the mask layer back to nil.

            Fix by having GraphicsLayerCA::updateMaskLayer() put the mask on the structural layer, if there
            is one. We always have a structural layer with backdrops, so this will mask both the layer
            and the backdrop.

            Test: css3/filters/backdrop/backdrop-filter-uneven-corner-radii.html

            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::updateMaskLayer):
            * platform/graphics/mac/WebLayer.mm:
            (-[CALayer _descriptionWithPrefix:]): Dump the mask layer.

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211249. rdar://problem/29539389

    2017-01-26  Jeremy Jones  <jeremyj@apple.com>

            Page should be able to request pointer lock without user gesture if it relinquished it without a user gesture
            https://bugs.webkit.org/show_bug.cgi?id=167126

            Reviewed by Jon Lee.

            Enabled pointer-lock/locked-element-removed-from-dom.html for WK2.
            Not enable in WK1 because of https://bugs.webkit.org/show_bug.cgi?id=167127

            This change allows a page to lock the pointer again without a user gesture if it was unlocked by
            the page and not by the user. See https://www.w3.org/TR/2016/REC-pointerlock-20161027/ 5.1 Methods

            * page/PointerLockController.cpp:

            When a document acquires pointer lock with a user gesture, that document is allowed to request pointer lock again
            until the user takes an action to end pointer lock. We know it is a user action because user actions always
            call requestPointerUnlockAndForceCursorVisible().

            When the page requests a pointer unlock (via requestPointerUnlock), that document is allowed to continue to relock
            the page. This continues until there is either an unlock request form the user
            via requestPointerUnlockAndForceCursorVisible or a didLosePointerLock without a pointer unlock request.

            (WebCore::PointerLockController::PointerLockController):
            (WebCore::PointerLockController::requestPointerLock):
            (WebCore::PointerLockController::requestPointerUnlock):
            (WebCore::PointerLockController::requestPointerUnlockAndForceCursorVisible):
            (WebCore::PointerLockController::elementRemoved):
            (WebCore::PointerLockController::documentDetached):
            (WebCore::PointerLockController::didAcquirePointerLock):
            (WebCore::PointerLockController::didLosePointerLock):
            (WebCore::PointerLockController::clearElement):
            * page/PointerLockController.h:

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211240. rdar://problem/30247467b

    2017-01-26  Jer Noble  <jer.noble@apple.com>

            Autoplay muted videos stop playback of any streaming app in the background
            https://bugs.webkit.org/show_bug.cgi?id=163993
            <rdar://problem/29020431>

            Reviewed by Eric Carlson.

            Added test in TestWebKitAPI, WebKit1.AudioSessionCategoryIOS.

            Previously, we would set the audio session category to "playback" if there was a media-
            element-type media session, and if there was a session capable of playing audio. But because
            this was an "or" operation, we would incorrectly set the category to "playback" if there was
            a video element incapable of rendering audio (due to being muted, without an audio track,
            etc.), and also a session capable of producing audio, such as WebAudio.

            With this change, this turns into an "and" operation; there must be a media element capable
            of rendering audio in order to switch the audio session category to "playback".

            Additionally, we no longer cache the value of "canProduceAudio()"; it's queried directly
            whenever updateSessionState() is called.

            * Modules/webaudio/AudioContext.cpp:
            (WebCore::AudioContext::constructCommon):
            * Modules/webaudio/AudioContext.h:
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::insertedInto):
            (WebCore::HTMLMediaElement::loadResource):
            (WebCore::HTMLMediaElement::setMuted):
            (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
            (WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged):
            (WebCore::HTMLMediaElement::clearMediaPlayer):
            (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
            (WebCore::HTMLMediaElement::presentationType):
            (WebCore::HTMLMediaElement::characteristics):
            (WebCore::HTMLMediaElement::canProduceAudio):
            * html/HTMLMediaElement.h:
            * platform/audio/PlatformMediaSession.cpp:
            (WebCore::PlatformMediaSession::activeAudioSessionRequired):
            (WebCore::PlatformMediaSession::canProduceAudio):
            (WebCore::PlatformMediaSession::canProduceAudioChanged):
            (WebCore::PlatformMediaSession::setCanProduceAudio): Deleted.
            * platform/audio/PlatformMediaSession.h:
            (WebCore::PlatformMediaSessionClient::canProduceAudio):
            (WebCore::PlatformMediaSession::canProduceAudio): Deleted.
            * platform/audio/cocoa/MediaSessionManagerCocoa.cpp:
            (PlatformMediaSessionManager::updateSessionState):

2017-01-31  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210217. rdar://problem/30260068

        Committed on behalf of Chris Dumez.

        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::nameGetter):
        Early-return false if an item has an exception (after propagating it.)

2017-01-27  Ryan Haddad  <ryanhaddad@apple.com>

        Merge r211285.

    2017-01-27  Ryan Haddad  <ryanhaddad@apple.com>

            Rebaseline bindings tests after r211238.

            Unreviewed test gardening.

            * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
            (WebCore::JSTestDOMJIT::visitChildren):
            * bindings/scripts/test/JS/JSTestEventTarget.cpp:
            (WebCore::JSTestEventTarget::visitChildren):
            * bindings/scripts/test/JS/JSTestNode.cpp:
            (WebCore::JSTestNode::visitChildren):

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211244. rdar://problem/29956321

    2017-01-26  Dean Jackson  <dino@apple.com>

            WebGL content in Safari sticks to GPU that it was started on, sometimes causing extra battery drain and difficulty interacting with UI
            https://bugs.webkit.org/show_bug.cgi?id=167477
            <rdar://problem/29956321>

            Reviewed by Tim Horton.

            We were not implementing the recommended approach to properly handle
            GPU switching, causing some contexts to remain on a GPU and slow
            down the machine's UI. It also could stop the discrete GPU from
            turning off.

            Register for CGL's display reconfiguration notification, so that we
            can alert any active CGLContexts and cause them to update.

            The code change here doesn't lend itself to automated testing because
            it is specific to hardware with multiple GPUs, relies on some separate
            tools to detect which GPU is active, and an external method of triggering
            a GPU switch. It's best tested by the manual workflow in Radar.

            * platform/graphics/GraphicsContext3D.h: Add a macOS-specific update
            call.
            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::displayWasReconfigured): The callback for display reconfigurations.
            (WebCore::addActiveContext): Helper to keep track of active contexts, so we
            can register/unregister the callback when necessary.
            (WebCore::removeActiveContext):
            (WebCore::GraphicsContext3D::create): Use the new helpers.
            (WebCore::GraphicsContext3D::~GraphicsContext3D):
            (WebCore::GraphicsContext3D::updateCGLContext): Tell the CGLContextRef to update.

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211242. rdar://problem/29957753

    2017-01-26  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r210328.
            https://bugs.webkit.org/show_bug.cgi?id=167476

            Blocking bug is fixed <rdar://problem/29957753> (Requested by
            keith_miller on #webkit).

            Reverted changeset:

            "Disable smooth playhead animation for main content media in
            the Touch Bar"
            https://bugs.webkit.org/show_bug.cgi?id=166715
            http://trac.webkit.org/changeset/210328

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211241. rdar://problem/30099051

    2017-01-26  Joseph Pecoraro  <pecoraro@apple.com>

            Web Inspector: iOS: Memory timeline shows impossible values for Page size (underflowed)
            https://bugs.webkit.org/show_bug.cgi?id=167468
            <rdar://problem/30099051>

            Reviewed by Andreas Kling.

            * page/cocoa/ResourceUsageThreadCocoa.mm:
            (WebCore::vmPageSize):
            This value matches the sysctl value we were attempting to access, and is
            the most appropriate when dealing with mach APIs, as we are using here.

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211235. rdar://problem/30058933

    2017-01-26  Jeremy Jones  <jeremyj@apple.com>

            Pointer lock events should be delivered directly to the target element
            https://bugs.webkit.org/show_bug.cgi?id=167134

            Reviewed by Jon Lee.

            pointer-lock/mouse-event-delivery.html: Enabled for mac, added wheel event tests.

            When pointer is locked on an element, route mouse events directly to the target element, instead of
            doing the normal event disptach.

            * page/EventHandler.cpp:
            (WebCore::EventHandler::handleMousePressEvent):
            (WebCore::EventHandler::handleMouseDoubleClickEvent):
            (WebCore::EventHandler::handleMouseMoveEvent):
            (WebCore::EventHandler::handleMouseReleaseEvent):
            (WebCore::EventHandler::handleMouseForceEvent):
            (WebCore::EventHandler::handleWheelEvent):
            * page/PointerLockController.cpp:
            (WebCore::PointerLockController::isLocked): Added.
            (WebCore::PointerLockController::dispatchLockedWheelEvent): Added.
            * page/PointerLockController.h:

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211233. rdar://problem/30220959

    2017-01-26  Chris Dumez  <cdumez@apple.com>

            Fix CPU / Memory diagnostic logging in PerformanceMonitor
            https://bugs.webkit.org/show_bug.cgi?id=167469
            <rdar://problem/30220959>

            Reviewed by Alex Christensen.

            Fix CPU / Memory diagnostic logging in PerformanceMonitor to use logDiagnosticMessage()
            instead of logDiagnosticMessageWithValue(). logDiagnosticMessageWithValue() should only
            be used with numeric values but we already take care of the bucketing on our side.

            * page/DiagnosticLoggingClient.h:
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::postPageBackgroundingCPUUsageKey):
            (WebCore::DiagnosticLoggingKeys::postPageBackgroundingMemoryUsageKey):
            (WebCore::DiagnosticLoggingKeys::postPageLoadCPUUsageKey):
            (WebCore::DiagnosticLoggingKeys::postPageLoadMemoryUsageKey):
            (WebCore::DiagnosticLoggingKeys::foregroundCPUUsageToDiagnosticLoggingKey):
            (WebCore::DiagnosticLoggingKeys::backgroundCPUUsageToDiagnosticLoggingKey):
            (WebCore::DiagnosticLoggingKeys::postPageBackgroundingKey): Deleted.
            (WebCore::DiagnosticLoggingKeys::postPageLoadKey): Deleted.
            (WebCore::DiagnosticLoggingKeys::memoryUsageKey): Deleted.
            * page/DiagnosticLoggingKeys.h:
            * page/PerformanceMonitor.cpp:
            (WebCore::PerformanceMonitor::measurePostLoadCPUUsage):
            (WebCore::PerformanceMonitor::measurePostLoadMemoryUsage):
            (WebCore::PerformanceMonitor::measurePostBackgroundingMemoryUsage):
            (WebCore::PerformanceMonitor::measurePostBackgroundingCPUUsage):

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211231. rdar://problem/30217518

    2017-01-26  Brady Eidson  <beidson@apple.com>

            Gamepads: Some DPads are still not exposed in the HID backend.
            rdar://problem/30217518 and https://bugs.webkit.org/show_bug.cgi?id=167465

            Reviewed by Alex Christensen.

            No new tests (Currently unable to test HID backend directly)

            * platform/gamepad/mac/HIDGamepad.cpp:
            (WebCore::HIDGamepad::maybeAddButton): Allow GenericDesktop paged elements that are DPads to be buttons.

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211230. rdar://problem/30009849

    2017-01-26  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r210095.
            https://bugs.webkit.org/show_bug.cgi?id=167464

            broke tiling on mac (Requested by thorton on #webkit).

            Reverted changeset:

            "TileGrid revalidates tiles twice during flush, first with
            wrong visible rect"
            https://bugs.webkit.org/show_bug.cgi?id=166406
            http://trac.webkit.org/changeset/210095

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211229. rdar://problem/30216981

    2017-01-26  Chris Dumez  <cdumez@apple.com>

            Fix WebGL diagnostic logging
            https://bugs.webkit.org/show_bug.cgi?id=167463
            <rdar://problem/30216981>

            Reviewed by Alex Christensen.

            Fix WebGL diagnostic logging so that it no longer uses logDiagnosticMessageWithValue().
            This is because the value apparently needs to be numeric on Mac.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::checkForContextLossHandling):
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::pageHandlesWebGLContextLossKey):
            (WebCore::WebCore::DiagnosticLoggingKeys::webGLStateKey):
            (WebCore::DiagnosticLoggingKeys::stateKey): Deleted.
            (WebCore::DiagnosticLoggingKeys::handlesContextLossKey): Deleted.
            (WebCore::WebCore::DiagnosticLoggingKeys::webGLKey): Deleted.
            * page/DiagnosticLoggingKeys.h:

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211220. rdar://problem/29578619

    2017-01-26  Brady Eidson  <beidson@apple.com>

            Gamepad support shows wrong values for PS4 controllers (D-pad is missing).
            <rdar://problem/29578619> and https://bugs.webkit.org/show_bug.cgi?id=165588

            Reviewed by Alex Christensen.

            No new tests (Currently unable to test HID backend directly)

            DPads report their HID type as "a button", but their HID usage is "Hatswitch".
            This patch adds a new element type that maps a "hatswitch" value to 4 additional buttons.

            * platform/gamepad/mac/HIDGamepad.cpp:
            (WebCore::HIDGamepad::initElements):
            (WebCore::HIDGamepad::initElementsFromArray):
            (WebCore::HIDGamepad::maybeAddButton):
            (WebCore::HIDGamepad::maybeAddDPad):
            (WebCore::HIDGamepad::maybeAddAxis):
            (WebCore::fillInButtonValues):
            (WebCore::HIDGamepad::valueChanged):

            * platform/gamepad/mac/HIDGamepad.h:
            (WebCore::HIDGamepadElement::isDPad):
            (WebCore::HIDGamepadDPad::HIDGamepadDPad):
            (WebCore::HIDGamepadDPad::normalizedValue):

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211201. rdar://problem/30134866

    2017-01-25  Ryosuke Niwa  <rniwa@webkit.org>

            Crash under DOMSelection::deleteFromDocument()
            https://bugs.webkit.org/show_bug.cgi?id=167232

            Reviewed by Chris Dumez.

            The crash was caused by DOMSelection's deleteFromDocument() mutating contents inside the user-agent
            shadow tree of an input element when the text field is readonly. Fixed the bug by exiting early
            whenever the selection is inside a shadow tree since getSelection().getRangeAt(0) always returns
            a range outside the input element or any shadow tree for that matter.

            New behavior matches that of Gecko. The working draft spec of which I'm the editor states that
            deleteFromDocument() must invoke Range's deleteContents() on the associated range, which is
            the collapsed range returned by getSelection().getRangeAt(0) in the spec:
            https://www.w3.org/TR/2016/WD-selection-api-20160921/#widl-Selection-deleteFromDocument-void
            And Range's deleteContents() immediately terminates in step 1 when start and end are identical:
            https://dom.spec.whatwg.org/commit-snapshots/6b7621282c2e3b222ac585650e484abf4c0a416b/

            Note that Range's DOM mutating methods are not available inside an user-agent shadow tree because
            WebKit never returns a Range whose end boundary points are inside the tree to author scripts.
            Editing commands (ones executable from document.execCommand) that mutate DOM like this check whether
            the content is editable or not. Since VisibleSelection's validate() function makes sure the selection
            is either entirely within or outside of an root editable element (editing host in the W3C spec lingo),
            editing commands should never mutate a random node inside an user-agent shadow tree.

            Test: editing/selection/deleteFromDocument-shadow-tree-crash.html

            * page/DOMSelection.cpp:
            (WebCore::DOMSelection::deleteFromDocument):

2017-01-26  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211238. rdar://problem/30216742

    2017-01-26  Filip Pizlo  <fpizlo@apple.com>

            EventTarget should visit the JSEventListeners using visitAdditionalChildren
            https://bugs.webkit.org/show_bug.cgi?id=167462

            Reviewed by Michael Saboff.

            No new tests because this is already caught by existing testing. This would show up as ASSERTs
            in debug, and we suspect it might be at fault for null deref crashes.

            Previously, EventTarget would have its event listeners visited by its subclasses' visitChildren
            methods. Every subclass of EventTarget would call EventTarget's visitJSEventListeners. For
            example, this means that if JSFoo has seven classes between it and JSEventTarget in the JSCell
            class hierarchy, then JSFoo::visitChildren would end up calling visitJSEventListeners seven extra
            times.

            Also, the weird way that visitJSEventListeners was called meant that it was not part of the GC's
            output constraint processing. This meant that it would not be called when the GC tried to
            terminate. So, if something about the event listener changes during a GC cycle, the GC would
            potentially fail to mark one of the references.

            Both problems can be solved by simply moving the call to visitJSEventListeners into
            visitAdditionalChildren.

            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::JSDOMWindow::visitAdditionalChildren):
            * bindings/js/JSEventTargetCustom.cpp:
            (WebCore::JSEventTarget::visitAdditionalChildren):
            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateImplementation):
            * dom/EventTarget.idl:

2017-01-26  Andreas Kling  <akling@apple.com>

        Branch-specific fix for a crash seen after merging r201777.
        <rdar://problem/30209068>

        Reviewed by Andy Estes.

        Add null checking of the FrameView in Document::destroyRenderTree() before
        calling functions on it. This is not necessary in trunk, as the FrameView
        is guaranteed to be present there.

        FrameView can be missing on the branch, since render trees for page cached documents
        are destroyed when leaving the page cache, not when entering it (trunk behavior.)
        When leaving the page cache, the FrameView is already detached, hence the bug.

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211151. rdar://problem/30171195

    2017-01-25  Chris Dumez  <cdumez@apple.com>

            Measure how common it is for content to deal with WebGL context loss
            https://bugs.webkit.org/show_bug.cgi?id=166866
            <rdar://problem/30171195>

            Reviewed by Alex Christensen.

            Add diagnostic logging to measure how common it is for sites to handle
            WebGL context loss via the webglcontextlost & webglcontextrestored
            events.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase):
            (WebCore::WebGLRenderingContextBase::checkForContextLossHandling):
            * html/canvas/WebGLRenderingContextBase.h:
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::noKey):
            (WebCore::DiagnosticLoggingKeys::yesKey):
            (WebCore::DiagnosticLoggingKeys::handlesContextLossKey):
            * page/DiagnosticLoggingKeys.h:

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge 210777. rdar://problem/30186526

    2017-01-15  Andreas Kling  <akling@apple.com>

            FrameView shouldn't keep dangling pointers into dead render trees.
            <https://webkit.org/b/167011>

            Reviewed by Antti Koivisto.

            Added some pretty paranoid assertions to FrameView that verify all of its raw pointers
            into the render tree are gone after the render tree has been destroyed.
            They immediately caught two bugs, also fixed in this patch.

            * page/FrameView.h:
            * page/FrameView.cpp:
            (WebCore::FrameView::willDestroyRenderTree):
            (WebCore::FrameView::didDestroyRenderTree): Added these two callbacks for before/after
            Document tears down its render tree. The former clears the layout root, and detaches
            custom scrollbars. The latter contains a bunch of sanity assertions that pointers into
            the now-destroyed render tree are gone.

            * dom/Document.cpp:
            (WebCore::Document::destroyRenderTree): Notify FrameView before/after teardown.

            * page/animation/AnimationController.h:
            * page/animation/AnimationController.cpp:
            (WebCore::AnimationController::hasAnimations): Added a helper to check if there are
            any composite animations around, as these contain raw pointers to renderers.

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::willBeRemovedFromTree):
            (WebCore::RenderElement::willBeDestroyed): Moved slow repaint object unregistration
            from willBeRemovedFromTree() to willBeDestroyed(). The willBeRemovedFromTree() callback
            is skipped as an optimization during full tree teardown, but willBeDestroyed() always
            gets called. This fixes a bug where we'd fail to remove dangling pointers.

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211126. rdar://problem/30174873

    2017-01-24  Simon Fraser  <simon.fraser@apple.com>

            [iOS WK2] Avoid IOSurface readback for snapshot creation
            https://bugs.webkit.org/show_bug.cgi?id=167397
            rdar://problem/30174873

            Reviewed by Tim Horton.

            Export sinkIntoImage().

            * platform/graphics/cocoa/IOSurface.h:

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211120. rdar://problem/30151767

    2017-01-24  Andreas Kling  <akling@apple.com>

            Add memory footprint reporting using diagnostic logging.
            <https://webkit.org/b/167285>
            <rdar://problem/30151767>

            Reviewed by Chris Dumez.

            Add some basic logging of physical memory footprint post-load and post-backgrounding.
            The logging works similarly to the CPU usage logging, though with slightly longer
            delays to allow the measurement to stabilize.

            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::memoryUsageKey):
            (WebCore::DiagnosticLoggingKeys::memoryUsageToDiagnosticLoggingKey):
            * page/DiagnosticLoggingKeys.h:
            * page/PerformanceLogging.cpp:
            (WebCore::PerformanceLogging::physicalFootprint):
            * page/PerformanceLogging.h:
            * page/PerformanceMonitor.cpp:
            (WebCore::PerformanceMonitor::PerformanceMonitor):
            (WebCore::PerformanceMonitor::didFinishLoad):
            (WebCore::PerformanceMonitor::activityStateChanged):
            (WebCore::PerformanceMonitor::measurePostLoadMemoryUsage):
            (WebCore::PerformanceMonitor::measurePostBackgroundingMemoryUsage):
            * page/PerformanceMonitor.h:
            * page/Settings.h:
            (WebCore::Settings::isPostLoadMemoryUsageMeasurementEnabled):
            (WebCore::Settings::isPostBackgroundingMemoryUsageMeasurementEnabled):
            * page/cocoa/PerformanceLoggingCocoa.mm:
            (WebCore::PerformanceLogging::physicalFootprint):

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211125. rdar://problem/30074665

    2017-01-24  Brent Fulgham  <bfulgham@apple.com>

            Bug 167392: REGRESSION(r210531): Relax same-volume display requirement for iOS
            https://bugs.webkit.org/show_bug.cgi?id=167392
            <rdar://problem/30074665>

            Reviewed by Brady Eidson.

            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::canDisplay): Exclude the new check when building on iOS.

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211137. rdar://problem/29896656

    2017-01-24  Alex Christensen  <achristensen@webkit.org>

            REGRESSION (r208902): URLWithUserTypedString returns nil with file URLs
            https://bugs.webkit.org/show_bug.cgi?id=167402
            <rdar://problem/29896656>

            Reviewed by Ryosuke Niwa.

            Covered by a new API test.

            * platform/mac/WebCoreNSURLExtras.mm:
            (WebCore::mapHostNameWithRange):
            uidna_IDNToASCII succeeds when length is 0.
            uidna_nameToASCII fails when length is 0.
            This causes bad things to happen with file URLs, which have no host, so their host length is 0.
            This makes us match behavior before r208902.

2017-01-25  Dean Jackson  <dino@apple.com>

        Disable Variation fonts on this branch.
        <rdar://problem/30085249>

        * Configurations/FeatureDefines.xcconfig:

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211114. rdar://problem/29857388

    2017-01-24  Anders Carlsson  <andersca@apple.com>

            When Safari reloads pages with Flash objects after Flash is installed, placeholders don't paint (but do work!)
            https://bugs.webkit.org/show_bug.cgi?id=167391
            rdar://problem/29857388

            Reviewed by Sam Weinig.

            * page/Page.cpp:
            (WebCore::Page::refreshPlugins):
            Remove an unused variable.

            * plugins/PluginInfoProvider.cpp:
            (WebCore::PluginInfoProvider::refresh):
            Make sure to call refreshPlugins(). Instead of reloading subframes, just reload all the main frames with
            subframes that contain plug-ins.

2017-01-25  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211052. rdar://problem/29857388

    2017-01-20  Anders Carlsson  <andersca@apple.com>

            When Safari reloads pages with Flash objects after Flash is installed, placeholders don't paint (but do work!)
            https://bugs.webkit.org/show_bug.cgi?id=167268
            rdar://problem/29857388

            Reviewed by Sam Weinig.

            * page/Page.cpp:
            (WebCore::Page::refreshPlugins):
            Call PluginInfoProvider::refresh instead.

            (WebCore::Page::clearPluginData):
            Add new setter.

            * page/Page.h:
            Declare new members.

            * plugins/PluginInfoProvider.cpp:
            (WebCore::PluginInfoProvider::refresh):
            Put the logic to clear plug-in data and reload frames here.

            * plugins/PluginInfoProvider.h:
            Add new members.

2017-01-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211067. rdar://problem/29319962

    2017-01-23  Alex Christensen  <achristensen@webkit.org>

            URLParser should fail to parse percent-encoded invalid UTF-8 sequences
            https://bugs.webkit.org/show_bug.cgi?id=167330
            <rdar://problem/29319962>

            Reviewed by Tim Horton.

            Covered by new API tests.

            * platform/URLParser.cpp:
            (WebCore::containsOnlyASCII):
            (WebCore::URLParser::parseHostAndPort):
            If UTF-8 decoding fails after percent-decoding the host, fail to parse.
            This matches Chrome and Firefox, and it was proposed to the spec in https://github.com/whatwg/url/issues/215

2017-01-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211058. rdar://problem/29526875

    2017-01-23  Alex Christensen  <achristensen@webkit.org>

            Make URLs with non-special schemes and a query or fragment but no slash after the host more compatible
            https://bugs.webkit.org/show_bug.cgi?id=167317
            <rdar://problem/29526875>

            Reviewed by Sam Weinig.

            This is currently being added to the URL spec in https://github.com/whatwg/url/issues/212
            Covered by new API tests.

            * platform/URLParser.cpp:
            (WebCore::URLParser::parse):
            Only add a slash if there wasn't one if the URL has a special scheme.
            This new behavior matches the old behavior of URL::parse.

2017-01-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211045. rdar://problem/29486368

    2017-01-23  Jer Noble  <jer.noble@apple.com>

            REGRESSION (r208149): Video details does not apear and missing scrubber in Control Center
            https://bugs.webkit.org/show_bug.cgi?id=167233

            Reviewed by Alex Christensen.

            Test: In TestWebKitAPI, NowPlayingControlsTests.NowPlayingControlsIOS

            In r208149, we introduced a new media type, Video, and renamed the old type to
            VideoAudio (to be able to distinguish between video-with-audio and silent-video).
            But we missed one place where that type needs to be renamed.

            For testing purposes, overload methods from PlatformMediaSessionManager which WebKit2 uses
            to report the current now playing session and it's information.

            * platform/audio/ios/MediaSessionManagerIOS.h:
            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession):
            (WebCore::MediaSessionManageriOS::updateNowPlayingInfo):

2017-01-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211028. rdar://problem/30060378

    2017-01-20  Dean Jackson  <dino@apple.com>

            [WebGL] Do not allow GPU muxing on some old Mac hardware
            https://bugs.webkit.org/show_bug.cgi?id=167259
            <rdar://problem/30060378>

            Reviewed by Simon Fraser and Darin Adler.

            Some old Macbook Pro models should never use the
            integrated GPU for WebGL, because they are unstable
            when swapping between that and the discrete GPU.

            Unfortunately this hardware configuration isn't in our
            testing infrastructure, so it was confirmed manually.
            Meanwhile, our existing tests make sure this patch
            doesn't break anything elsewhere.

            * platform/graphics/mac/GraphicsContext3DMac.mm:
            (WebCore::attachToAppleGraphicsControl): Helper function
            to get a mach port that talks to Apple's Graphics Control
            system.
            (WebCore::hasMuxCapability): Decides whether a system
            can do live GPU switching, based on whether or not it
            has a muxable GPU, and if that GPU is not the old hardware
            we know is problematic.
            (WebCore::hasMuxableGPU): Helper to return the static hasMuxCapability value.
            (WebCore::setPixelFormat): Only request the integrated card when the
            GPU is muxable.

2017-01-24  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r211007. rdar://problem/28620919

    2017-01-20  Brady Eidson  <beidson@apple.com>

            Require a button press on a gamepad for them to be exposed to the DOM.
            <rdar://problem/28620919> and https://bugs.webkit.org/show_bug.cgi?id=167272

            Reviewed by Alex Christensen.

            Test: gamepad/gamepad-visibility-1.html

            * Modules/gamepad/GamepadManager.cpp:
            (WebCore::GamepadManager::platformGamepadInputActivity):
            * Modules/gamepad/GamepadManager.h:

            * platform/gamepad/GamepadProvider.cpp:
            (WebCore::GamepadProvider::dispatchPlatformGamepadInputActivity):
            * platform/gamepad/GamepadProvider.h:
            (WebCore::GamepadProvider::~GamepadProvider): Deleted.
            (WebCore::GamepadProvider::isMockGamepadProvider): Deleted.

            * platform/gamepad/GamepadProviderClient.h:

            * platform/gamepad/cocoa/GameControllerGamepad.h:
            * platform/gamepad/cocoa/GameControllerGamepad.mm:
            (WebCore::GameControllerGamepad::setupAsExtendedGamepad):
            (WebCore::GameControllerGamepad::setupAsGamepad):

            * platform/gamepad/cocoa/GameControllerGamepadProvider.h:
            * platform/gamepad/cocoa/GameControllerGamepadProvider.mm:
            (WebCore::GameControllerGamepadProvider::gamepadHadInput):
            (WebCore::GameControllerGamepadProvider::inputNotificationTimerFired):

            * platform/gamepad/mac/HIDGamepad.cpp:
            (WebCore::HIDGamepad::valueChanged):
            * platform/gamepad/mac/HIDGamepad.h:

            * platform/gamepad/mac/HIDGamepadProvider.cpp:
            (WebCore::HIDGamepadProvider::valuesChanged):
            (WebCore::HIDGamepadProvider::inputNotificationTimerFired):
            * platform/gamepad/mac/HIDGamepadProvider.h:

            * testing/MockGamepadProvider.cpp:
            (WebCore::MockGamepadProvider::setMockGamepadButtonValue):
            (WebCore::MockGamepadProvider::gamepadInputActivity):
            * testing/MockGamepadProvider.h:

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210951. rdar://problem/29562247

    2017-01-19  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r206156): Animated images are repeated one extra iteration than the value which is saved in the image file
            https://bugs.webkit.org/show_bug.cgi?id=167174

            Reviewed by Simon Fraser.

            Before r206156, BitmapImage::repetitionCount() used to return zero for
            the case loopCount = 1, -1 for loopCount = Infinity and loopCount for
            all other cases. Having repetitionCount() return zero for loopCount = 1
            makes the condition if (++m_repetitionsComplete > repetitionCount())
            break the animation loop after one iteration. But it was wrong for all
            loopCount > 1. It was causing an extra iteration to be played for the
            animated image. After r206156, BitmapImage::repetitionCount() returns
            loopCount for all cases loopCount != Infinity. Keeping the same condition
            causes the extra iteration to be played even for loopCount = 1.

            Test: fast/images/animated-image-loop-count.html

            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::internalStartAnimation):

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210949. rdar://problem/30108531

    2017-01-19  Chris Dumez  <cdumez@apple.com>

            iterable<> should be enabled on WK1
            https://bugs.webkit.org/show_bug.cgi?id=167221
            <rdar://problem/30108531>

            Reviewed by Youenn Fablet.

            * Modules/fetch/FetchHeaders.idl:
            * bindings/scripts/test/JS/JSTestNode.cpp:
            (WebCore::JSTestNodePrototype::finishCreation):
            * bindings/scripts/test/JS/JSTestObj.cpp:
            (WebCore::JSTestObjPrototype::finishCreation):
            * bindings/scripts/test/TestNode.idl:
            * bindings/scripts/test/TestObj.idl:
            * css/FontFaceSet.idl:
            * dom/NodeList.idl:

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210945. rdar://problem/28745101

    2017-01-19  Jer Noble  <jer.noble@apple.com>

            CRASH at WebCore::TrackListBase::remove
            https://bugs.webkit.org/show_bug.cgi?id=167217

            Reviewed by Brent Fulgham.

            Test: media/media-source/media-source-error-crash.html

            In very specific conditions, a HTMLMediaElement backed by a MediaSource can try to remove
            the same track from its track list twice. If there are two SourceBuffers attached to a
            HTMLMediaElement, and one has not yet been initialized, when the second fails to parse an
            appended buffer after receiving an initialization segment, the HTMLMediaElement will remove
            all its tracks in mediaLoadingFailed(), then MediaSource object itself will attempt remove
            the same track in removeSourceBuffer().

            Solving this the safest way possible: bail early from TrackListBase if asked to remove a
            track which the list does not contain.

            * html/track/TrackListBase.cpp:
            (TrackListBase::remove):

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210936. rdar://problem/30058349

    2017-01-19  Chris Dumez  <cdumez@apple.com>

            Implement per activity state CPU usage reporting using diagnostic logging
            https://bugs.webkit.org/show_bug.cgi?id=167163
            <rdar://problem/30058349>

            Reviewed by Andreas Kling.

            Implement per activity state CPU usage reporting using diagnostic logging.

            * WebCore.xcodeproj/project.pbxproj:
            * page/ActivityState.h:
            * page/ChromeClient.h:
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::nonVisibleStateKey):
            (WebCore::DiagnosticLoggingKeys::visibleNonActiveStateKey):
            (WebCore::DiagnosticLoggingKeys::visibleAndActiveStateKey):
            (WebCore::DiagnosticLoggingKeys::foregroundCPUUsageToDiagnosticLogginKey):
            (WebCore::DiagnosticLoggingKeys::backgroundCPUUsageToDiagnosticLogginKey):
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::isUtilityPageChromeClient):
            (WebCore::Page::Page):
            (WebCore::Page::~Page):
            (WebCore::Page::didStartProvisionalLoad):
            (WebCore::Page::didFinishLoad):
            (WebCore::Page::isUtilityPage):
            (WebCore::Page::setActivityState):
            (WebCore::Page::setIsVisibleInternal):
            * page/Page.h:
            (WebCore::Page::activityState):
            (WebCore::Page::isUtilityPage):
            * page/PerformanceMonitor.cpp: Added.
            (WebCore::activityStateForCPUSampling):
            (WebCore::PerformanceMonitor::PerformanceMonitor):
            (WebCore::PerformanceMonitor::didStartProvisionalLoad):
            (WebCore::PerformanceMonitor::didFinishLoad):
            (WebCore::PerformanceMonitor::activityStateChanged):
            (WebCore::PerformanceMonitor::measurePostLoadCPUUsage):
            (WebCore::PerformanceMonitor::measurePostBackgroundingCPUUsage):
            (WebCore::PerformanceMonitor::measurePerActivityStateCPUUsage):
            (WebCore::stringForCPUSamplingActivityState):
            (WebCore::PerformanceMonitor::measureCPUUsageInActivityState):
            * page/PerformanceMonitor.h: Copied from Source/WebCore/page/ActivityState.h.
            * page/Settings.cpp:
            * page/Settings.h:
            (WebCore::Settings::isPostLoadCPUUsageMeasurementEnabled):
            (WebCore::Settings::isPostBackgroundingCPUUsageMeasurementEnabled):
            (WebCore::Settings::isPerActivityStateCPUUsageMeasurementEnabled):

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210473. rdar://problem/29204422

    2017-01-06  Jer Noble  <jer.noble@apple.com>

            Crash in WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sizeWillChangeAtTime(const MediaTime&, const FloatSize&)::block_invoke
            https://bugs.webkit.org/show_bug.cgi?id=166738

            Reviewed by Eric Carlson.

            AVFoundation can potentially call the same boundary time observer multiple times, and
            in that case, it's possible that the observer queue will be empty when we attempt
            to remove the first item from the queue. There's an ASSERT() in Deque for this case,
            but we need to explicitly protect against this case.

            Drive-by fix: Explicitly unregister the observer before releasing it.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sizeWillChangeAtTime):

2017-01-20  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210939. rdar://problem/29885052

    2017-01-19  Chris Dumez  <cdumez@apple.com>

            Make sure HTML validation bubble gets dismissed when its associated element's frame gets detached
            https://bugs.webkit.org/show_bug.cgi?id=167215
            <rdar://problem/29885052>

            Reviewed by Andreas Kling.

            Make sure HTML validation bubble gets dismissed when its associated
            element's frame gets detached and that we do not crash.

            Tests: fast/forms/validation-message-detached-iframe.html
                   fast/forms/validation-message-detached-iframe2.html

            * dom/Document.cpp:
            (WebCore::Document::prepareForDestruction):
            * page/ValidationMessageClient.h:

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210888. rdar://problem/30068195

    2017-01-18  Michael Catanzaro  <mcatanzaro@igalia.com>

            REGRESSION(r210531): Broke local resource loads from custom local protocols
            https://bugs.webkit.org/show_bug.cgi?id=167058

            Reviewed by Brent Fulgham.

            Allow local protocols to access resources on different volumes unless the protocol is
            "file".

            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::canDisplay):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210862. rdar://problem/30055009

    2017-01-18  Youenn Fablet  <youenn@apple.com>

            [Streams API] ReadableStream generic reader constructor does not need to call ReadableStream getReader
            https://bugs.webkit.org/show_bug.cgi?id=167137

            Reviewed by Xabier Rodriguez-Calvar.

            Test: streams/shadowing-getReader.html

            * bindings/js/JSReadableStreamPrivateConstructors.cpp:
            (WebCore::constructJSReadableStreamDefaultReader): Using private constructor instead of getReader.

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210860. rdar://problem/30080035

    2017-01-18  Youenn Fablet  <youenn@apple.com>

            Reject fetch promise in case of ReadableStream upload
            https://bugs.webkit.org/show_bug.cgi?id=167145

            Reviewed by Alex Christensen.

            Covered by rebased tests.

            * Modules/fetch/FetchBody.cpp:
            (WebCore::FetchBody::extract): Storing the fact that body data is represented as a ReadableStream.
            * Modules/fetch/FetchBody.h:
            (WebCore::FetchBody::isReadableStream):
            * Modules/fetch/FetchRequest.h:
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::fetch): Rejecting if request body data is a ReadableStream.

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210774. rdar://problem/30019773

    2017-01-14  Chris Dumez  <cdumez@apple.com>

            Report CPU usage of tabs after they become non-visible using diagnostic logging
            https://bugs.webkit.org/show_bug.cgi?id=167019
            <rdar://problem/30019773>

            Reviewed by Darin Adler.

            Report CPU usage of tabs after they become non-visible using diagnostic logging.
            We start measure CPU usage 5 seconds after a tab goes to the background, for 5
            minutes and report how much CPU the tab used during those 5 minutes. We will
            not log if the tab gets closed or moved to the foreground during those 5
            minutes.

            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::postPageBackgroundingKey):
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::Page::Page):
            (WebCore::Page::didStartProvisionalLoad):
            (WebCore::Page::didFinishLoad):
            (WebCore::foregroundCPUUsageToDiagnosticLogginKey):
            (WebCore::Page::measurePostLoadCPUUsage):
            (WebCore::backgroundCPUUsageToDiagnosticLogginKey):
            (WebCore::Page::measurePostBackgroundingCPUUsage):
            (WebCore::Page::setIsVisibleInternal):
            * page/Page.h:
            * page/Settings.cpp:
            (WebCore::Settings::isPostBackgroundingCPUUsageMeasurementEnabled):
            * page/Settings.h:

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210733. rdar://problem/30014496

    2017-01-13  Chris Dumez  <cdumez@apple.com>

            Report post-page load CPU usage using diagnostic logging
            https://bugs.webkit.org/show_bug.cgi?id=166950
            <rdar://problem/30014496>

            Reviewed by Alex Christensen.

            Shortly after page load (5 seconds), we measure the WebContent process'
            CPU usage over 10 seconds and report the percentage back via release
            logging. We also log the percentage using diagnostic logging using the
            following buckets:
            - Below 10%
            - 10 to 20%
            - 20 to 40%
            - 60 to 80%
            - Over 80%

            The logging works on both Mac and iOS. I verified that I get results
            consistent with Activity Monitor or top.

            No new tests, no Web-facing behavior change, only extra logging.

            * CMakeLists.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::postPageLoadKey):
            (WebCore::DiagnosticLoggingKeys::cpuUsageKey):
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::Page::Page):
            (WebCore::Page::didFinishLoad):
            (WebCore::cpuUsageToDiagnosticLogginKey):
            (WebCore::Page::measurePostLoadCPUUsage):
            * page/Page.h:
            * page/Settings.cpp:
            (WebCore::Settings::isPostLoadCPUUsageMeasurementEnabled):
            * page/Settings.h:
            * platform/CPUTime.cpp: Added.
            (WebCore::getCPUTime):
            (WebCore::CPUTime::percentageCPUUsageSince):
            * platform/CPUTime.h: Added.
            * platform/cocoa/CPUTimeCocoa.mm: Added.
            (WebCore::timeValueToMicroseconds):
            (WebCore::getCPUTime):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210762. rdar://problem/29883469

    2017-01-13  Alex Christensen  <achristensen@webkit.org>

            Fix WinCairo build after r210753.
            https://bugs.webkit.org/show_bug.cgi?id=166730

            * platform/WebGLStateTracker.h:
            WTF::Function apparently needs to explicitly be differentiated from JSC::Attribute Function in PropertySlot.h.

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210753. rdar://problem/29883469

    2017-01-13  Chris Dumez  <cdumez@apple.com>

            [WK2] Add diagnostic logging to measure WebGL usage
            https://bugs.webkit.org/show_bug.cgi?id=166730
            <rdar://problem/29883469>

            Reviewed by Alex Christensen.

            Add diagnostic logging to measure high performance WebGL usage. We report
            at regular intervals in which WebGL state Safari is:
            - Inactive
            - ActiveInForegroundTab
            - ActiveInBackgroundTabOnly

            This should give us an estimate of:
            - What % of the time is Safari using high performance graphics
            - What % of this time is only due to background tabs

            No new tests, no Web-facing behavior change.

            * WebCore.xcodeproj/project.pbxproj:
            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create):
            (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase):
            (WebCore::WebGLRenderingContextBase::registerWithWebGLStateTracker):
            * html/canvas/WebGLRenderingContextBase.h:
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::inactiveKey):
            (WebCore::DiagnosticLoggingKeys::activeInForegroundTabKey):
            (WebCore::DiagnosticLoggingKeys::activeInBackgroundTabOnlyKey):
            (WebCore::DiagnosticLoggingKeys::stateKey):
            (WebCore::WebCore::DiagnosticLoggingKeys::webGLKey):
            * page/DiagnosticLoggingKeys.h:
            * page/Page.cpp:
            (WebCore::Page::Page):
            * page/Page.h:
            (WebCore::Page::webGLStateTracker):
            * page/PageConfiguration.cpp:
            * page/PageConfiguration.h:
            * platform/WebGLStateTracker.cpp: Copied from Source/WebCore/platform/graphics/GraphicsContext3DAttributes.h.
            (WebCore::WebGLStateTracker::WebGLStateTracker):
            (WebCore::m_stateChangeHandler):
            (WebCore::WebGLStateTracker::updateWebGLState):
            * platform/WebGLStateTracker.h: Copied from Source/WebCore/platform/graphics/GraphicsContext3DAttributes.h.
            * platform/graphics/GraphicsContext3DAttributes.h:

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210748. rdar://problem/27745030

    2017-01-13  Jer Noble  <jer.noble@apple.com>

            Use a strong reference when calling callOnMainThread to schedule events in AudioScheduledSourceNode.
            https://bugs.webkit.org/show_bug.cgi?id=166983

            Reviewed by Brent Fulgham.

            * Modules/webaudio/AudioScheduledSourceNode.cpp:
            (WebCore::AudioScheduledSourceNode::finish):
            * Modules/webaudio/AudioScheduledSourceNode.h:

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210831. rdar://problem/29057611

    2017-01-17  Zalan Bujtas  <zalan@apple.com>

            Editing nested RTL-LTR content makes the process unresponsive.
            https://bugs.webkit.org/show_bug.cgi?id=167140
            rdar://problem/29057611

            Reviewed by Ryosuke Niwa.

            Break out of the loop if we keep coming back to the same position.
            This is a workaround for the underlying editing/position bug -> webkit.org/b/167138.

            Test: editing/rtl-to-ltr-editing-word-move-spin.html

            * editing/VisibleUnits.cpp:
            (WebCore::visualWordPosition):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210795. rdar://problem/24457632

    2017-01-16  Antti Koivisto  <antti@apple.com>

            CrashTracer: com.apple.WebKit.WebContent at JavaScriptCore: WTF::StringImpl::containsOnlyWhitespace
            https://bugs.webkit.org/show_bug.cgi?id=167106
            <rdar://problem/24457632>

            Reviewed by Tim Horton.

            Speculative fix.

            * editing/cocoa/DataDetection.mm:
            (WebCore::DataDetection::detectContentInRange):

                Test before casting to Text.

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210750. rdar://problem/29995070

    2017-01-13  Brent Fulgham  <bfulgham@apple.com>

            Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow
            https://bugs.webkit.org/show_bug.cgi?id=167030
            <rdar://problem/29995070>

            Reviewed by Dean Jackson.

            Correct DOMWindow::scrollTo to match all other functions in the class so that the it
            checks that the current frame is valid before attempting to use it.

            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::scrollTo):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210727. rdar://problem/29668223

    2017-01-12  Tim Horton  <timothy_horton@apple.com>

            Keyboard accessory bar can appear on top of full-screen video
            https://bugs.webkit.org/show_bug.cgi?id=166902
            <rdar://problem/29668223>

            Reviewed by Darin Adler.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::setupFullscreen):
            Increase the full-screen video window level to one above the keyboard,
            to ensure that the video is never obscured by the keyboard or its
            accessory views.

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210844. rdar://problem/29993906

    2017-01-16  Filip Pizlo  <fpizlo@apple.com>

            Make opaque root scanning truly constraint-based
            https://bugs.webkit.org/show_bug.cgi?id=165760

            Reviewed by Geoffrey Garen.

            No new tests yet. I think that writing tests for this is a big investigation:
            https://bugs.webkit.org/show_bug.cgi?id=165808

            Remove the previous advancing wavefront DOM write barrier. I don't think this will scale
            very well. It's super confusing.

            This change makes it so that visitAdditionalChildren can become a GC constraint that
            executes as part of the fixpoint. This changes all WebCore visitAdditionalChildren into
            output constraints by using new JSC API for Subspaces and MarkingConstraints.

            * ForwardingHeaders/heap/MarkedAllocatorInlines.h: Added.
            * ForwardingHeaders/heap/MarkedBlockInlines.h: Added.
            * ForwardingHeaders/heap/MarkingConstraint.h: Added.
            * ForwardingHeaders/heap/SubspaceInlines.h: Added.
            * ForwardingHeaders/heap/VisitingTimeout.h: Added.
            * WebCore.xcodeproj/project.pbxproj:
            * bindings/js/CommonVM.cpp:
            (WebCore::commonVMSlow):
            (WebCore::writeBarrierOpaqueRootSlow): Deleted.
            * bindings/js/CommonVM.h:
            (WebCore::writeBarrierOpaqueRoot): Deleted.
            * bindings/js/JSDOMGlobalObject.cpp:
            (WebCore::JSDOMGlobalObject::finishCreation):
            (WebCore::JSDOMGlobalObject::scriptExecutionContext):
            * bindings/js/JSDOMWrapper.cpp:
            (WebCore::outputConstraintSubspaceFor):
            (WebCore::globalObjectOutputConstraintSubspaceFor):
            * bindings/js/JSDOMWrapper.h:
            * bindings/js/WebCoreJSClientData.cpp: Added.
            (WebCore::JSVMClientData::JSVMClientData):
            (WebCore::JSVMClientData::~JSVMClientData):
            (WebCore::JSVMClientData::getAllWorlds):
            (WebCore::initNormalWorldClientData):
            * bindings/js/WebCoreJSClientData.h:
            (WebCore::JSVMClientData::outputConstraintSpace):
            (WebCore::JSVMClientData::globalObjectOutputConstraintSpace):
            (WebCore::JSVMClientData::forEachOutputConstraintSpace):
            (WebCore::JSVMClientData::JSVMClientData): Deleted.
            (WebCore::JSVMClientData::~JSVMClientData): Deleted.
            (WebCore::JSVMClientData::getAllWorlds): Deleted.
            (WebCore::initNormalWorldClientData): Deleted.
            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateHeader):
            (GenerateImplementation):
            * dom/ContainerNodeAlgorithms.cpp:
            (WebCore::notifyChildNodeInserted):
            (WebCore::notifyChildNodeRemoved):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210829. rdar://problem/30044439

    2017-01-16  Filip Pizlo  <fpizlo@apple.com>

            JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction
            https://bugs.webkit.org/show_bug.cgi?id=167066

            Reviewed by Keith Miller and Michael Saboff.

            No new tests because no new behavior.

            It's now necessary to avoid jsCast in destructors and finalizers. This was an easy
            rule to introduce because this used to always be the rule.

            * bindings/js/JSCSSValueCustom.cpp:
            (WebCore::JSDeprecatedCSSOMValueOwner::finalize):
            * bindings/js/JSDOMIterator.h:
            (WebCore::IteratorTraits>::destroy):
            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateImplementation):

2017-01-18  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210822. rdar://problem/15607819

    2017-01-17  Joseph Pecoraro  <pecoraro@apple.com>

            Crash when closing tab with debugger paused
            https://bugs.webkit.org/show_bug.cgi?id=161746
            <rdar://problem/15607819>

            Reviewed by Brian Burg and Brent Fulgham.

            * page/Page.h:
            (WebCore::Page::incrementNestedRunLoopCount):
            (WebCore::Page::decrementNestedRunLoopCount):
            (WebCore::Page::insideNestedRunLoop):
            Keep track of whether or not this Page is inside of a nested run loop.
            Currently the only nested run loop we know about is EventLoop used
            by Web Inspector when debugging JavaScript.

            (WebCore::Page::whenUnnested):
            Callback that can be called when we are no longer inside of a nested
            run loop.

            (WebCore::Page::~Page):
            Ensure we are not in a known nested run loop when destructing, since
            that could be unsafe.

            * inspector/PageScriptDebugServer.cpp:
            (WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal):
            Increment and decrement as we go into or leave the nested runloop.

            * inspector/InspectorController.cpp:
            (WebCore::InspectorController::inspectedPageDestroyed):
            (WebCore::InspectorController::disconnectAllFrontends):
            Rework destruction to allow disconnectAllFrontends to happen earlier
            if necessary. WebKit clients may use this to disconnect remote
            frontends when closing a Page.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210447. rdar://problem/29872292

    2017-01-06  Chris Dumez  <cdumez@apple.com>

            [Form Validation] "character" in maxlength validation message should be singular when maxlength is 1
            https://bugs.webkit.org/show_bug.cgi?id=166712
            <rdar://problem/29872292>

            Reviewed by Darin Adler.

            Fix validation message to use singular form of "character" when maxLength value is 1.

            Test: fast/forms/validation-message-maxLength.html

            * English.lproj/Localizable.strings:
            * English.lproj/Localizable.stringsdict: Added.
            * WebCore.xcodeproj/project.pbxproj:
            * extract-localizable-strings.pl:
            * platform/LocalizedStrings.cpp:
            * platform/LocalizedStrings.h:
            * platform/cocoa/LocalizedStringsCocoa.mm:
            (WebCore::localizedNString):
            (WebCore::localizedString):
            (WebCore::validationMessageTooLongText):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210474. rdar://problem/29762809

    2017-01-06  Daniel Bates  <dabates@apple.com>

            Ensure navigation only allowed for documents not in the page cache
            https://bugs.webkit.org/show_bug.cgi?id=166773
            <rdar://problem/29762809>

            Reviewed by Brent Fulgham.

            It is wise to ensure that navigation is only allowed when initiated from a document that
            is not in- or about to be put in- the page cache. Such a navigation would surprise a
            person that had navigated away from the initiating document among other issues.

            * dom/Document.cpp:
            (WebCore::Document::canNavigate): Only allow navigation if the document is not in the
            page cache.
            * html/HTMLAnchorElement.cpp:
            (WebCore::HTMLAnchorElement::handleClick): Ditto.
            * html/HTMLLinkElement.cpp:
            (WebCore::HTMLLinkElement::handleClick): Ditto.
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::urlSelected): Assert triggering event's document is not in the
            page cache.
            (WebCore::FrameLoader::submitForm): Allow submission if the document is not in the
            page cache.
            (WebCore::FrameLoader::loadFrameRequest): Assert triggering event's document is not in
            the page cache.
            * mathml/MathMLElement.cpp:
            (WebCore::MathMLElement::defaultEventHandler): Only allow navigation if the document is
            not in the page cache.
            * svg/SVGAElement.cpp:
            (WebCore::SVGAElement::defaultEventHandler): Ditto.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210536. rdar://problem/29939970

    2017-01-09  Chris Dumez  <cdumez@apple.com>

            REGRESSION(r189555): ImageDocument title no longer includes the size of the image
            https://bugs.webkit.org/show_bug.cgi?id=166876
            <rdar://problem/29939970>

            Reviewed by Tim Horton.

            ImageDocument title no longer included the size of the image after r189555.
            This is because Document::setTitle() is a no-op if the document does not
            have a <head> element. To address the issue, we now include a <head>
            element in ImageDocuments so that their title element properly gets added
            to it.

            Test: fast/images/imageDocument-title.html

            * html/ImageDocument.cpp:
            (WebCore::ImageDocument::createDocumentStructure):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210689. rdar://problem/29985957

    2017-01-12  Chris Dumez  <cdumez@apple.com>

            [iOS] HTML form validation popover sometimes does not go away
            https://bugs.webkit.org/show_bug.cgi?id=166990
            <rdar://problem/29985957>

            Reviewed by Tim Horton.

            The issue was that [UIViewController presentViewController:] is asynchronous
            and that we sometimes tried to call [m_popoverController dismissViewControllerAnimated:]
            before presentViewController had completed. This is something that UIKit does
            not handle nicely and the popover just stays visible even though we have
            asked for the controller to be dismissed and destroyed the ValidationBubble
            object.

            To address the issue, I made ValidationBubble RefCounted and make sure the
            ValidationBubble object stays alive at least until the completion handler for
            [UIViewController presentViewController:] has been called. This is done via
            protecting the object using a RefPtr<> and capturing it in the lambda.
            Because dismissViewControllerAnimated is called in the destructor, it is no
            longer possible to call dismissViewControllerAnimated before the call to
            presentViewController has completed.

            No new tests, no easily testable since the popover was staying visible
            after being destroyed (held on by UIKit).

            * platform/ValidationBubble.h:
            (WebCore::ValidationBubble::create):
            * platform/ios/ValidationBubbleIOS.mm:
            (WebCore::ValidationBubble::show):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210685. rdar://problem/29775711

    2017-01-12  Chris Dumez  <cdumez@apple.com>

            Unreviewed EFL/GTK build fix after r210684.

            * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
            (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210684. rdar://problem/29775711

    2017-01-12  Brady Eidson  <beidson@apple.com>

            REGRESSION (r209977): Crash in UniqueIDBDatabase::executeNextDatabaseTask.
            https://bugs.webkit.org/show_bug.cgi?id=166984

            Reviewed by Alex Christensen.

            No new tests (Unable to reproduce, speculative fix).

            * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
            (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): If we're not already prefetching for this cursor,
              starting doing so after holding a protector ref.
            (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): If we're now done prefetching for this cursor,
              schedule the protector ref to be destroyed on the main thread.
            * Modules/indexeddb/server/UniqueIDBDatabase.h:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210679. rdar://problem/29910273

    2017-01-12  Youenn Fablet  <youenn@apple.com>

            OneDrive application crashes upon launch
            https://bugs.webkit.org/show_bug.cgi?id=166975

            Reviewed by Brady Eidson.

            Checking whether load is terminated just after calling ResourceLoader::willSendRequestInternal.
            The reason is that delegate call may actually cancel the load at that point.

            * loader/SubresourceLoader.cpp:
            (WebCore::SubresourceLoader::willSendRequestInternal):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210677. rdar://problem/21482487

    2017-01-12  Jer Noble  <jer.noble@apple.com>

            Protect MediaPlayer from being destroyed mid-load()
            https://bugs.webkit.org/show_bug.cgi?id=166976

            Reviewed by Eric Carlson.

            It's possible for a message sent by MediaPlayer to HTMLMediaElement to cause
            MediaPlayer to be destroyed before MediaPlayer::load() completes. We have
            previously protected against this same problem in HTMLMediaElement::loadResource()
            by ref'ing at the beginning of the function and deref'ing on exit. To do the
            same in MediaPlayer, it must become RefCounted.

            To keep the same semantics about m_client in MediaPlayer (always available without
            requiring a null-check), make a new static MediaPlayerClient object which can
            replace the real (HTMLMediaElement) client when the MediaPlayer is invalidated.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::~HTMLMediaElement):
            (WebCore::HTMLMediaElement::clearMediaPlayer):
            (WebCore::HTMLMediaElement::createMediaPlayer):
            * html/HTMLMediaElement.h:
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::nullMediaPlayerClient):
            (WebCore::MediaPlayer::create):
            (WebCore::MediaPlayer::MediaPlayer):
            (WebCore::MediaPlayer::invalidate):
            (WebCore::MediaPlayer::load):
            (WebCore::MediaPlayer::loadWithNextMediaEngine):
            (WebCore::MediaPlayer::inMediaDocument):
            (WebCore::MediaPlayer::fullscreenMode):
            (WebCore::MediaPlayer::requestedRate):
            (WebCore::MediaPlayer::currentPlaybackTargetIsWirelessChanged):
            (WebCore::MediaPlayer::networkStateChanged):
            (WebCore::MediaPlayer::readyStateChanged):
            (WebCore::MediaPlayer::volumeChanged):
            (WebCore::MediaPlayer::muteChanged):
            (WebCore::MediaPlayer::timeChanged):
            (WebCore::MediaPlayer::sizeChanged):
            (WebCore::MediaPlayer::repaint):
            (WebCore::MediaPlayer::durationChanged):
            (WebCore::MediaPlayer::rateChanged):
            (WebCore::MediaPlayer::playbackStateChanged):
            (WebCore::MediaPlayer::firstVideoFrameAvailable):
            (WebCore::MediaPlayer::characteristicChanged):
            (WebCore::MediaPlayer::cachedKeyForKeyId):
            (WebCore::MediaPlayer::keyNeeded):
            (WebCore::MediaPlayer::mediaKeysStorageDirectory):
            (WebCore::MediaPlayer::referrer):
            (WebCore::MediaPlayer::userAgent):
            (WebCore::MediaPlayer::graphicsDeviceAdapter):
            (WebCore::MediaPlayer::cachedResourceLoader):
            (WebCore::MediaPlayer::createResourceLoader):
            (WebCore::MediaPlayer::addAudioTrack):
            (WebCore::MediaPlayer::removeAudioTrack):
            (WebCore::MediaPlayer::addTextTrack):
            (WebCore::MediaPlayer::removeTextTrack):
            (WebCore::MediaPlayer::addVideoTrack):
            (WebCore::MediaPlayer::removeVideoTrack):
            (WebCore::MediaPlayer::outOfBandTrackSources):
            (WebCore::MediaPlayer::shouldWaitForResponseToAuthenticationChallenge):
            (WebCore::MediaPlayer::handlePlaybackCommand):
            (WebCore::MediaPlayer::sourceApplicationIdentifier):
            (WebCore::MediaPlayer::preferredAudioCharacteristics):
            (WebCore::MediaPlayer::doesHaveAttribute):
            (WebCore::MediaPlayer::mediaPlayerNetworkInterfaceName):
            (WebCore::MediaPlayer::getRawCookies):
            (WebCore::MediaPlayer::shouldDisableSleep):
            * platform/graphics/MediaPlayer.h:
            (WebCore::MediaPlayer::platformVolumeConfigurationRequired):
            (WebCore::MediaPlayer::client):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210663. rdar://problem/29916484

    2017-01-12  Said Abou-Hallawa  <sabouhallawa@apple.com>

            [iOS][WK1] Fix initialization of CADisplayLink::preferredFramesPerSecond
            https://bugs.webkit.org/show_bug.cgi?id=166956

            Reviewed by Tim Horton.

            Set this option to 60fps instead of leaving set to the default.

            * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
            (-[WebDisplayLinkHandler initWithMonitor:]):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210616. rdar://problem/29971105

    2017-01-11  Youenn Fablet  <youenn@apple.com>

            Remove request.formData property until it gets implemented
            https://bugs.webkit.org/show_bug.cgi?id=166920
            <rdar://problem/29971105>

            Reviewed by Chris Dumez.

            Covered by rebased tests.

            * Modules/fetch/FetchBody.idl:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210609. rdar://problem/27896585

    2017-01-11  Andreas Kling  <akling@apple.com>

            Crash when WebCore's GC heap grows way too large.
            <https://webkit.org/b/166875>
            <rdar://problem/27896585>

            Reviewed by Mark Lam.

            Cap the common WebCore VM at 4 GB of live JavaScript heap objects.

            * bindings/js/CommonVM.cpp:
            (WebCore::commonVMSlow):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210599. rdar://problem/15307582

    2017-01-11  Brent Fulgham  <bfulgham@apple.com>

            File scheme should not allow access of a resource on a different volume.
            https://bugs.webkit.org/show_bug.cgi?id=158552
            <rdar://problem/15307582>

            Reviewed by Alex Christensen.

            Revise SecurityOrigin to prevent files from one storage device (volume) from accessing content
            on a different storage device (volume) unless universal access is enabled.

            Pass the current file device as part of the NSURLRequest so that CFNetwork can reject loads
            where the device changes in the midst of a load.

            Also properly reflect that SecurityOrigin is never null by passing as a reference,
            rather than as a pointer.

            Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm

            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::canAccess): Pass argument as reference.
            (WebCore::SecurityOrigin::canDisplay): Add check that files share the same volume.
            (WebCore::SecurityOrigin::isSameSchemeHostPort): Pass argument as reference.
            * page/SecurityOrigin.h:
            * platform/FileSystem.cpp:
            (WebCore::filesHaveSameVolume): Added.
            * platform/FileSystem.h:
            * platform/network/cocoa/ResourceRequestCocoa.mm:
            (WebCore::ResourceRequest::doUpdatePlatformRequest): If loading a file URL, tell CFNetwork
            the storage device at the time of the start of the load so we can trigger a failure if this
            changes during the load operation.
            * platform/posix/FileSystemPOSIX.cpp:
            (WebCore::getFileDeviceId): Added.
            * platform/win/FileSystemWin.cpp:
            (WebCore::getFileDeviceId): Added.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210593. rdar://problem/29970907

    2017-01-11  Chris Dumez  <cdumez@apple.com>

            Iterating over URLSearchParams does not work
            https://bugs.webkit.org/show_bug.cgi?id=166921
            <rdar://problem/29970907>

            Reviewed by Alex Christensen.

            Make URLSearchParams iterable, as per:
            - https://url.spec.whatwg.org/#urlsearchparams

            Test: fast/dom/DOMURL/searchparams-iterable.html

            * html/URLSearchParams.cpp:
            (WebCore::URLSearchParams::Iterator::next):
            (WebCore::URLSearchParams::Iterator::Iterator):
            * html/URLSearchParams.h:
            (WebCore::URLSearchParams::createIterator):
            * html/URLSearchParams.idl:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210564. rdar://problem/29944582

    2017-01-10  Ryosuke Niwa  <rniwa@webkit.org>

            :active and :hover states may not be updated across slots
            https://bugs.webkit.org/show_bug.cgi?id=166881
            <rdar://problem/29944582>

            Reviewed by Antti Koivisto.

            The bug was caused by updateHoverActiveState not updating :hover and :active states on elements
            when nodes are assigned to slots because they were walking up the tree using parentOrShadowHostElement
            and parentNode. Fixed the bug by using parentElementInComposedTree instead since :hover and :active
            states need to be updated in accordance with the render tree, which is created from the "flat tree"
            or the "composed tree" in WebKit's terminology (this is old terminology in the spec).

            Tests: fast/shadow-dom/clear-active-state-in-shadow.html
                   fast/shadow-dom/hover-over-nested-slotted-content.html

            * dom/Document.cpp:
            (WebCore::Document::updateHoverActiveState): Fixed the bug.
            * dom/Node.cpp:
            (WebCore::Node::parentElementInComposedTree): Added.
            * dom/Node.h:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210546. rdar://problem/29491188

    2017-01-10  Youenn Fablet  <youenn@apple.com>

            CachedScript cloning does not clone encodedSize
            https://bugs.webkit.org/show_bug.cgi?id=166865

            Reviewed by Darin Adler.

            Covered by updated test.

            * loader/cache/CachedResource.cpp:
            (WebCore::CachedResource::setBodyDataFrom): set encoded size based on being cloned resource.
            * loader/cache/CachedScript.cpp:
            (WebCore::CachedScript::script):
            (WebCore::CachedScript::setBodyDataFrom): Making use of CachedResource::setBodyDataFrom for complete cloning.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210508. rdar://problem/29801059

    2017-01-09  Daniel Bates  <dabates@apple.com>

            Evaluating window named element may return wrong result
            https://bugs.webkit.org/show_bug.cgi?id=166792
            <rdar://problem/29801059>

            Reviewed by Chris Dumez.

            * bindings/js/JSDOMWindowProperties.cpp:
            (WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210472. rdar://problem/29767412

    2017-01-06  Joseph Pecoraro  <pecoraro@apple.com>

            REGRESSION(r208886) Web Inspector: Toggling CSS Properties in Styles Sidebar (comment / uncomment)
            https://bugs.webkit.org/show_bug.cgi?id=166786
            <rdar://problem/29767412>

            Reviewed by Brian Burg.

            * inspector/InspectorStyleSheet.cpp:
            (WebCore::InspectorStyle::populateAllProperties):
            Match earlier behavior and don't send the frontend information about
            disabled (commented out) properties. Follow-up later to send this
            information when implementing proper handling of them in the frontend.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210468. rdar://problem/29859121

    2017-01-06  Chris Dumez  <cdumez@apple.com>

            Regression(r189230): DOM Callbacks may use wrong global object
            https://bugs.webkit.org/show_bug.cgi?id=166784

            Reviewed by Mark Lam.

            DOM Callbacks could end up using the wrong global object after r189230
            because we were getting the globalObject from the callback object
            instead of the one at the point the callback object was passed in by
            JavaScript. This patch fixes the issue.

            Test: fast/frames/frame-window-as-callback.html

            * bindings/js/JSCallbackData.cpp:
            (WebCore::JSCallbackData::invokeCallback):
            * bindings/js/JSCallbackData.h:
            (WebCore::JSCallbackData::globalObject):
            (WebCore::JSCallbackData::JSCallbackData):
            (WebCore::JSCallbackDataStrong::JSCallbackDataStrong):
            (WebCore::JSCallbackDataStrong::callback):
            (WebCore::JSCallbackDataStrong::invokeCallback):
            (WebCore::JSCallbackDataWeak::JSCallbackDataWeak):
            (WebCore::JSCallbackDataWeak::callback):
            (WebCore::JSCallbackDataWeak::invokeCallback):
            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateCallbackImplementationContent):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210425. rdar://problem/29872021

    2017-01-05  Chris Dumez  <cdumez@apple.com>

            [Form Validation] lengthy validation messages should be truncated with an ellipsis
            https://bugs.webkit.org/show_bug.cgi?id=166747
            <rdar://problem/29872021>

            Reviewed by Simon Fraser.

            Lengthy HTML validation messages should be truncated with an ellipsis.
            Previously, they were truncated but there was no ellipsis.

            No new tests, not easily testable. Manually tested on
            - http://codepen.io/cdumez/full/zoOZmZ/ (last field)

            * platform/ios/ValidationBubbleIOS.mm:
            (WebCore::ValidationBubble::ValidationBubble):
            * platform/mac/ValidationBubbleMac.mm:
            (WebCore::ValidationBubble::ValidationBubble):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210378. rdar://problem/29024384

    2017-01-05  Zalan Bujtas  <zalan@apple.com>

            Start hittesting a clean tree in RenderEmbeddedObject::isReplacementObscured
            https://bugs.webkit.org/show_bug.cgi?id=166743
            <rdar://problem/29024384>

            Reviewed by Simon Fraser.

            Unable to reproduce.

            * rendering/RenderEmbeddedObject.cpp:
            (WebCore::RenderEmbeddedObject::isReplacementObscured):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210376. rdar://problem/29763079

    2017-01-04  Ryosuke Niwa  <rniwa@webkit.org>

            Crash inside Editor::styleForSelectionStart
            https://bugs.webkit.org/show_bug.cgi?id=166710

            Reviewed by Chris Dumez.

            Added a null pointer check. This crash can happen when the DOM is mutated as editorState tries
            to compute the style at the selection start.

            No new tests since there is no reproducible test case, and I couldn't come up with one either.
            This crash seems to retire some intricate dependency between when DOM is mutated, selection is
            updated, and then performPostLayoutTasks ends up updating the editor state in response to
            the element's editabilty changing.

            * editing/cocoa/EditorCocoa.mm:
            (WebCore::Editor::styleForSelectionStart):

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210147. rdar://problem/29675551

    2016-12-23  Simon Fraser  <simon.fraser@apple.com>

            REGRESSION (r209299): Selection is broken when you zoom in webpage using trackpad
            https://bugs.webkit.org/show_bug.cgi?id=166472
            rdar://problem/29675551

            Reviewed by Tim Horton.

            r209299 broke autoscroll in zoomed pages because it changed RenderLayer::scrollRectToVisible()
            to shrink viewRect by page scale. This is incorrect for all callers of scrollRectToVisible, since
            the "absoluteRect" passed in is actually in zoomed document coordinates for all the callers I tested.

            This code is also fixed to account for headers and footers. getRectToExpose() takes rectangles
            in "scroll view contents" coordinates (i.e. including header, and zoomed document), so doesn't need
            the separate visibleRectRelativeToDocument parameter.

            Tests: fast/events/autoscroll-main-document.html
                   fast/events/autoscroll-when-zoomed.html
                   fast/events/drag-select-when-zoomed-with-header.html
                   fast/events/drag-select-when-zoomed.html
                   fast/scrolling/scroll-to-anchor-zoomed-header.html

            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::scrollRectToVisible):
            (WebCore::RenderLayer::getRectToExpose):
            * rendering/RenderLayer.h:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210095. rdar://problem/29912221

    2016-12-21  Tim Horton  <timothy_horton@apple.com>

            TileGrid revalidates tiles twice during flush, first with wrong visible rect
            https://bugs.webkit.org/show_bug.cgi?id=166406

            Reviewed by Simon Fraser.

            No new tests; existing tests cover this code, this is just a perf win,
            specifically reducing the amount of layer churn during zooming.

            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::setScale):
            Schedule a revalidation, which will happen later in the same flush,
            instead of doing it immediately. Doing it immediately is problematic,
            because we're currently in the middle of a GraphicsLayer tree flush,
            and don't have the complete picture of the new state yet. We're guaranteed
            to get the new scale *before* the flush calls revalidateTiles.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210432. rdar://problem/29633667

    2017-01-05  Ryosuke Niwa  <rniwa@webkit.org>

            Finding text doesn't work across shadow boundary
            https://bugs.webkit.org/show_bug.cgi?id=158503

            Reviewed by Antti Koivisto.

            Added a new TextIterator behavior flag, TextIteratorTraversesFlatTree, which makes TextIterator traverse
            the flat tree instead of the DOM tree, and made this behavior default in findPlainText.

            Also added a new find options flag, DoNotTraverseFlatTree, to suppress this behavior in window.find(~)
            and execCommand('FindString', false, ~) as they should not be able to peek information inside shadow trees.
            Unfortunately these APIs have been deprecated in the standards so there is no specification to follow.

            For now, we don't support finding a word or a keyword across a shadow boundary as this would require
            making rangeOfString and other related functions return a Range-like object that can cross shadow boundaries.

            Also added internals.rangeOfString to test Editor::rangeOfString, and replaced the bit-flag arguments
            to internals.countMatchesForText and internals.countFindMatches by an array of strings for better portability.

            Test: editing/text-iterator/find-string-on-flat-tree.html

            * editing/Editor.cpp:
            (WebCore::Editor::rangeOfString): Use the modern containingShadowRoot instead of nonBoundaryShadowTreeRootNode
            since the start container can be a shadow root, which nonBoundaryShadowTreeRootNode asserts not be the case.
            * editing/Editor.h:
            * editing/EditorCommand.cpp:
            (WebCore::executeFindString): Don't traverse across shadow boundaries.
            * editing/FindOptions.h: Added DoNotTraverseFlatTree.
            * editing/TextIterator.cpp:
            (WebCore::assignedAuthorSlot): Added.
            (WebCore::authorShadowRoot): Added.
            (WebCore::firstChildInFlatTreeIgnoringUserAgentShadow): Added.
            (WebCore::nextSiblingInFlatTreeIgnoringUserAgentShadow): Added.
            (WebCore::firstChild): Added. Traverses the flat tree when TextIteratorTraversesFlatTree is set.
            (WebCore::nextSibling): Ditto.
            (WebCore::parentNodeOrShadowHost): Ditto.
            (WebCore::TextIterator::advance): Don't set m_handledChildren to true when the current node has display: contents.
            (WebCore::findPlainText): Use TextIteratorTraversesFlatTree unless DoNotTraverseFlatTree is set.
            * editing/TextIteratorBehavior.h: Added TextIteratorTraversesFlatTree.
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::find): Don't traverse across shadow boundaries.
            * testing/Internals.cpp:
            (WebCore::parseFindOptions): Added.
            (WebCore::Internals::rangeOfString): Added.
            (WebCore::Internals::countMatchesForText): Replaced the find options by an array of strings instead of a bit mask.
            (WebCore::Internals::countFindMatches): Ditto.
            * testing/Internals.h:
            * testing/Internals.idl: Added rangeOfString, and replaced find options bit-flag in countMatchesForText and
            countFindMatches by an array of strings so that the tests themselves don't rely on a specific value of each bit flag.

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210131. rdar://problem/29633667

    2016-12-23  Ryosuke Niwa  <rniwa@webkit.org>

            Eliminate the use of lastChild in TextIterator
            https://bugs.webkit.org/show_bug.cgi?id=166456

            Reviewed by Antti Koivisto.

            Just use the node we just existed in TextIterator::exitNode and in emitting additional new line
            to eliminate the use of Node::lastChild.

            Also initialize member variables in the declaration instead of the constructor to modernize the code.

            * editing/TextIterator.cpp:
            (WebCore::TextIterator::TextIterator):
            (WebCore::TextIterator::advance):
            (WebCore::TextIterator::exitNode):
            * editing/TextIterator.h:

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210094. rdar://problem/29912214

    2016-12-21  Tim Horton  <timothy_horton@apple.com>

            TileGrid creates new tiles when there are recyclable tiles about to be removed
            https://bugs.webkit.org/show_bug.cgi?id=166408

            Reviewed by Simon Fraser.

            No new tests; existing tests cover this code, this is just a perf win,
            specifically reducing the amount of layer churn during zooming.

            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::revalidateTiles):
            Remove all the tiles that will be removed first, then add new tiles.
            Strictly ordering it this way means that tiles will be removed, go into
            the LayerPool, then be pulled back out of the LayerPool to sit in the
            newly-covered areas. Previously, we would sometimes make new layers
            for newly-covered areas, and then remove unneeded but otherwise recyclable
            tiles, which would then just go sit in the LayerPool (and often get
            pruned, wastefully).

2017-01-12  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210078. rdar://problem/29633667

    2016-12-21  Ryosuke Niwa  <rniwa@webkit.org>

            Modernize findPlainText
            https://bugs.webkit.org/show_bug.cgi?id=166299

            Reviewed by Sam Weinig.

            Modernized findPlainText by merging the static version of it into it
            and extracting the main nested loop out as findPlainTextOffset.

            No new tests since there should be no behavioral change.

            * editing/TextIterator.cpp:
            (WebCore::findPlainTextOffset):
            (WebCore::findPlainText):

2017-01-06  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210221. rdar://problem/29449474

    2017-01-01  Jeff Miller  <jeffm@apple.com>

            Update user-visible copyright strings to include 2017
            https://bugs.webkit.org/show_bug.cgi?id=166278

            Reviewed by Dan Bernstein.

            * Info.plist:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210372. rdar://problem/29870033

    2017-01-05  Chris Dumez  <cdumez@apple.com>

            Turn preferLowPowerWebGLRendering setting on by default
            https://bugs.webkit.org/show_bug.cgi?id=166737
            <rdar://problem/29870033>

            Reviewed by Dean Jackson.

            Temporarily turn preferLowPowerWebGLRendering setting on by default until
            we deal better with WebGL content in background tabs.

            * page/Settings.in:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210369. rdar://problem/29100419

    2017-01-05  Zalan Bujtas  <zalan@apple.com>

            Mark the dedicated root linebox for trailing floats in empty inlines dirty.
            https://bugs.webkit.org/show_bug.cgi?id=166732
            <rdar://problem/29100419>

            Reviewed by Antti Koivisto.

            We normally attach floating boxes to the last root linebox. However when the floatbox is preceded by a <br>
            we generate a dedicated root linebox (TrailingFloatsRootInlineBox) for the floatbox.
            When this floatbox is a RenderInline descendant and this RenderInline does not generate lineboxes (it's ancestor RenderBlockFlow does)
            we have to make sure that this special root linebox gets marked dirty when the associated floatbox changes.
            (Unfortunately through the recursive calls on dirtyLinesFromChangedChild(), we lose the information about
            the "changed child" since the inlines propagates the marking logic to the RenderBlockFlow, see FIXME.)

            Test: fast/inline/trailing-floats-inline-crash2.html

            * rendering/RenderLineBoxList.cpp:
            (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210368. rdar://problem/28908164

    2017-01-05  Antoine Quint  <graouts@apple.com>

            [Cocoa] Both modern-media-controls/images/iOS modern-media-controls/images/macOS are installed on both platforms
            https://bugs.webkit.org/show_bug.cgi?id=163871

            Reviewed by Eric Carlson.

            We now only copy modern media controls images, if any, for the current platform.

            * WebCore.xcodeproj/project.pbxproj:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210361. rdar://problem/29870245

    2017-01-05  Chris Dumez  <cdumez@apple.com>

            Form validation: Align email validation with the latest HTML specification
            https://bugs.webkit.org/show_bug.cgi?id=166697
            <rdar://problem/29870245>

            Reviewed by Alex Christensen.

            Align email validation with the latest HTML specification:
            - https://html.spec.whatwg.org/#valid-e-mail-address

            It particular, the following changes were made:
            - The first and last character of the domain now needs to be a letter or a digit
            - Parts of the domain can only be 63 characters in length

            No new tests, extended existing test.

            * html/EmailInputType.cpp:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210360. rdar://problem/19595567

    2017-01-05  Enrica Casucci  <enrica@apple.com>

            Support File Promise during drag for macOS.
            https://bugs.webkit.org/show_bug.cgi?id=165204
            rdar://problem/19595567

            Reviewed by Tim Horton.

            Adds the support for handling File Promise type during
            drag. DragData now has the knowledge of the NSFilesPromisePboardType and
            checks for the data type during drag.

            * page/mac/DragControllerMac.mm:
            (WebCore::DragController::dragOperation):
            * platform/DragData.h:
            (WebCore::DragData::setFileNames):
            (WebCore::DragData::fileNames):
            * platform/mac/DragDataMac.mm:
            (WebCore::DragData::containsFiles):
            (WebCore::DragData::numberOfFiles):
            (WebCore::DragData::asFilenames):
            (WebCore::DragData::containsCompatibleContent):
            (WebCore::DragData::containsPromise):
            (WebCore::DragData::asURL):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210359. rdar://problem/29882478

    2017-01-05  Per Arne Vollan  <pvollan@apple.com>

            [Win] Compile error.
            https://bugs.webkit.org/show_bug.cgi?id=166726

            Reviewed by Alex Christensen.

            Add include folder.

            * CMakeLists.txt:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210328. rdar://problem/29870673

    2017-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>

            Disable smooth playhead animation for main content media in the Touch Bar
            https://bugs.webkit.org/show_bug.cgi?id=166715
            <rdar://problem/29870673>

            Reviewed by Eric Carlson.

            Passing in a non-zero playback rate to WebPlaybackControlsManager's timing property causes unintended effects
            further down the stack. Please see the Radar for more details.

            * platform/mac/WebPlaybackSessionInterfaceMac.mm:
            (WebCore::WebPlaybackSessionInterfaceMac::updatePlaybackControlsManagerTiming):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210288. rdar://problem/29741862

    2016-01-04  Brent Fulgham  <bfulgham@apple.com>

            Correct DOMWindow handling during FrameLoader::clear
            https://bugs.webkit.org/show_bug.cgi?id=166357
            <rdar://problem/29741862>

            Reviewed by Andy Estes.

            Make sure that we always clean up the DOM window when clearing Window properties, even if the document will
            remain in the page cache. Since 'clearWindowShell' is only used in FrameLoader, divide it's beahvior into
            two steps:
        
            1. Rename 'clearWindowShell' to 'clearWIndowShellsNotMatchingDOMWindow' to better describe its function.
            Switch to a modern C++ loop. Do not switch to the new DOMWindow here, but detach and clear existing
            DOMWindow connections.

            2. Add a new method 'setDOMWindowForWindowShell'. Complete switch to the new DOMWindow.

            This change allows us to disconnect the old DOMWindow, perform the 'setDocument(nullptr)' operation, and then
            connect to the new Window without leaving the loader in an inconsistent state.

            * loader/bindings/js/ScriptController.cpp:
            (WebCore::clearWindowShellsNotMatchingDOMWindow): Renamed from 'clearWindowShell'
            (WebCore::setDOMWindowForWindowShell): Added.
            * loader/bindings/js/ScriptController.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::clear): Revise to use the new two-step DOMWindow switch logic.

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210284. rdar://problem/29865854

    2017-01-04  Chris Dumez  <cdumez@apple.com>

            Assertion hit on redfin.com: ASSERTION FAILED: collection->length() > 1
            https://bugs.webkit.org/show_bug.cgi?id=166687
            <rdar://problem/29865854>

            Reviewed by Darin Adler.

            We were mistakenly calling Document::addWindowNamedItem() / Document::removeWindowNamedItem()
            for elements in Shadow DOMs. As a result, the windowNamedItem DocumentOrderedMap would
            contain elements in shadow DOMs. This would cause the assertion to be hit in window's
            named property getter because of the length mismatch between the windowNamedItem
            DocumentOrderedMap and the WindowNameCollection.

            Tests: fast/shadow-dom/document-named-property.html
                   fast/shadow-dom/window-named-property.html

            * dom/Element.cpp:
            (WebCore::Element::updateNameForDocument):
            (WebCore::Element::updateIdForDocument):
            * html/HTMLImageElement.cpp:
            (WebCore::HTMLImageElement::parseAttribute):
            * html/HTMLObjectElement.cpp:
            (WebCore::HTMLObjectElement::updateDocNamedItem):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210279. rdar://problem/29607569

    2017-01-04  Joseph Pecoraro  <pecoraro@apple.com>

            Web Inspector: Cross Origin importScripts() scripts lack source URL, causes issues with Inspector showing Resource
            https://bugs.webkit.org/show_bug.cgi?id=165569
            <rdar://problem/29607569>

            Reviewed by Youenn Fablet.

            Test: http/tests/inspector/worker/blob-script-with-cross-domain-imported-scripts.html

            * Modules/fetch/FetchLoader.cpp:
            (WebCore::FetchLoader::start):
            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::didReceiveResponse):
            * loader/ThreadableLoader.cpp:
            (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions):
            * loader/ThreadableLoader.h:
            * loader/WorkerThreadableLoader.cpp:
            (WebCore::LoaderTaskOptions::LoaderTaskOptions):
            Add a new ThreadableLoader option to avoid filtering the response.

            * workers/WorkerScriptLoader.cpp:
            (WebCore::WorkerScriptLoader::loadSynchronously):
            (WebCore::WorkerScriptLoader::loadAsynchronously):
            Disable filtering of the response. This is an internal load, we
            don't want to filter data that would be valuable later.

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210267. rdar://problem/29796608

    2017-01-03  Ryosuke Niwa  <rniwa@webkit.org>

            label element with tabindex >= 0 is not focusable
            https://bugs.webkit.org/show_bug.cgi?id=102780
            <rdar://problem/29796608>

            Reviewed by Darin Adler.

            Fixed the bug by removing the override for HTMLLabelElement::isFocusable which always returned false.

            This is a behavior from r5532 but it doesn't match the latest HTML specification or that of Chrome
            and Firefox.

            Also fixed an existing bug in HTMLLabelElement::focus and HTMLLegendElement::focus which focused
            the associated form control when there is one even if the element itself is focusable. Without this fix,
            traversing from control with shift+tab would break since focusing the label would move the focus back
            to the input element inside the label element.

            Finally, fixed a bug in HTMLLegendElement::focus that we can call inFocus without updating layout first.

            The fix was inspired by https://chromium.googlesource.com/chromium/src/+/085ad8697b1be50c4f93e296797a25a43a79bcfb

            Test: fast/events/focus-label-legend-elements-with-tabindex.html

            * html/HTMLLabelElement.cpp:
            (WebCore::HTMLLabelElement::focus):
            (WebCore::HTMLLabelElement::isFocusable): Deleted.
            * html/HTMLLabelElement.h:
            * html/HTMLLegendElement.cpp:
            (WebCore::HTMLLegendElement::focus):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210273. rdar://problem/29834093

    2017-01-04  Tim Horton  <timothy_horton@apple.com>

            Provide a setting for clients to always prefer low-power WebGL
            https://bugs.webkit.org/show_bug.cgi?id=166675
            <rdar://problem/29834093>

            Reviewed by Dan Bernstein.

            No new tests; as noted in r204664, we don't know how to reliably test
            automatic graphics switching. One could use the manual test introduced
            in that commit; after this commit, with the setting switched on, on a
            dual-GPU machine that is actively using integrated graphics, that test
            should return the same result for both contexts.

            * page/Settings.in:
            Add a setting to prefer low-power WebGL.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::create):
            If said setting is enabled, set preferLowPowerToHighPerformance.

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210266. rdar://problem/29447824

    2017-01-03  Tim Horton  <timothy_horton@apple.com>

            NSSpellChecker's recordResponse isn't called for unseen automatic corrections
            https://bugs.webkit.org/show_bug.cgi?id=166450
            <rdar://problem/29447824>

            Reviewed by Darin Adler.

            Test: editing/mac/spelling/accept-unseen-candidate-records-acceptance.html

            * editing/AlternativeTextController.cpp:
            (WebCore::AlternativeTextController::recordAutocorrectionResponse):
            (WebCore::AlternativeTextController::recordAutocorrectionResponseReversed): Deleted.
            * editing/AlternativeTextController.h:
            Add recordAutocorrectionResponse, which takes a AutocorrectionResponseType, instead of having
            a function specifically for reverted autocorrections. Also, get rid of the unnecessary indirection
            of the private overload of recordAutocorrectionResponseReversed, since there's only one caller.

            * editing/Editor.cpp:
            (WebCore::Editor::markAndReplaceFor):
            Call recordAutocorrectionResponse with Accepted when performing an auto-autocorrection.

            (WebCore::Editor::changeBackToReplacedString):
            Adopt recordAutocorrectionResponse.

            * page/AlternativeTextClient.h:
            Add an "AutocorrectionAccepted" response type.

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210142. rdar://problem/29109053

    2016-12-23  Andreas Kling  <akling@apple.com>

            REGRESSION(r209865): Crash when navigating back to some pages with compositing layers.
            <https://webkit.org/b/166469>
            <rdar://problem/29109053>

            Reviewed by Darin Adler.

            Remove the old WK1-era clear/restoreBackingStores optimization from the page cache.
            When enabling it on non-iOS platforms, we started hitting lots of assertions,
            and none of our memory tests showed any significant improvement anyway.

            Test: compositing/page-cache-back-crash.html

            * history/CachedFrame.cpp:
            (WebCore::CachedFrameBase::CachedFrameBase):
            (WebCore::CachedFrameBase::restore):
            (WebCore::CachedFrame::CachedFrame):
            * history/CachedFrame.h:
            * page/FrameView.cpp:
            (WebCore::FrameView::restoreBackingStores): Deleted.
            * page/FrameView.h:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210122. rdar://problem/29763012

    2016-12-22  Brent Fulgham  <bfulgham@apple.com>

            Nested calls to setDocument can omit firing 'unload' events
            https://bugs.webkit.org/show_bug.cgi?id=166422
            <rdar://problem/29763012>

            Reviewed by Alex Christensen.

            Test: fast/loader/nested-document-handling.html

            Only allow a single document change to be taking place during a given runloop cycle.

            * bindings/js/ScriptController.cpp:
            (WebCore::ScriptController::executeIfJavaScriptURL): Block script changing the document
            when we are in the middle of changing the document.
            * page/Frame.cpp:
            (WebCore::Frame::setDocument): Keep track of document change state.
            * page/Frame.h:

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210120. rdar://problem/29772233

    2016-12-22  Zalan Bujtas  <zalan@apple.com>

            Do not destroy the RenderNamedFlowFragment as leftover anonymous block.
            https://bugs.webkit.org/show_bug.cgi?id=166436
            rdar://problem/29772233

            Reviewed by Simon Fraser.

            When as the result of certain style change, the generated anonymous block is not needed anymore, we
            move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated
            block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc.

            Test: fast/regions/flow-fragment-as-anonymous-block-crash.html

            * rendering/RenderObject.h:
            (WebCore::RenderObject::isAnonymousBlock):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210112. rdar://problem/29742039

    2016-12-22  Daniel Bates  <dabates@apple.com>

            Bypass pop-up blocker from cross-origin or sandboxed frame
            https://bugs.webkit.org/show_bug.cgi?id=166290
            <rdar://problem/29742039>

            Reviewed by Darin Adler.

            Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html
                   fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html
                   fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html

            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the
            target frame to navigate with respect to the active document just as we do in WebCore::createWindow().

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210104. rdar://problem/29139619

    2016-12-22  Jer Noble  <jer.noble@apple.com>

            NULL-deref CRASH in WebCore::PlatformMediaSession::mediaType
            https://bugs.webkit.org/show_bug.cgi?id=166407

            Reviewed by Darin Adler.

            In r207688, we added a facility in PlatformMediaSessionManager for safely walking through a
            list of PlatformMediaSessions by replacing entries of deleted sessions with nullptr. We now
            need to use those new iteration falicities in MediaSessionManageriOS.

            In addition to the existing iterators, add one which takes a predicate, and returns the first
            session which matches the predicate, or nullptr, if none do.

            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::findSession):
            (WebCore::PlatformMediaSessionManager::anyOfSessions):
            * platform/audio/PlatformMediaSessionManager.h:
            (WebCore::PlatformMediaSessionManager::sessions): Deleted.
            * platform/audio/ios/MediaSessionManagerIOS.mm:
            (WebCore::MediaSessionManageriOS::configureWireLessTargetMonitoring):
            (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession):
            (WebCore::MediaSessionManageriOS::externalOutputDeviceAvailableDidChange):
            (WebCore::MediaSessionManageriOS::applicationDidEnterBackground):
            (WebCore::MediaSessionManageriOS::applicationWillEnterForeground):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210100. rdar://problem/28388000

    2016-12-22  Jer Noble  <jer.noble@apple.com>

            Muted media element playback should not interrupt other audio playback
            https://bugs.webkit.org/show_bug.cgi?id=166347

            Reviewed by Eric Carlson.

            Test: TestWebKitAPI/WebKit/ios/AudioSessionCategoryIOS.mm

            * platform/audio/cocoa/MediaSessionManagerCocoa.cpp:
            (PlatformMediaSessionManager::updateSessionState):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210083. rdar://problem/25391382

    2016-12-21  Jiewen Tan  <jiewen_tan@apple.com>

            WebKit should set Original URL of a download request correctly
            https://bugs.webkit.org/show_bug.cgi?id=166394
            <rdar://problem/25391382>

            Reviewed by Alex Christensen.

            WebKit should set Original URL of a download request correctly if the download
            is initiated by clicking on a link with target=_blank.

            Manually tested as the requested test infrastructure doesn't exist yet. We need actual
            loading process for API test such that we could simulate the real situation which
            PolicyDownload is only set when we receive responds. Currently we can only set
            PolicyDownload in a NavigationDelegate when the load starts. Hence we cannot simulate
            the following process: load starts -> PolicyUse -> creates a new WebView ->
            respond receives -> PolicyDownload -> downloads.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::setOriginalURLForDownloadRequest):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210061. rdar://problem/29763143

    2016-12-21  Eric Carlson  <eric.carlson@apple.com>

            [MediaStream] MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer can be called before it has a media stream
            https://bugs.webkit.org/show_bug.cgi?id=166344
            <rdar://problem/29763143>

            Reviewed by Jer Noble.

            There is a very narrow window during which a MediaStream player can be asked for its layer
            before it has a steam, resulting in a NULL dereference and crash. Don't do that.

            Unable to reproduce.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210059. rdar://problem/29727145

    2016-12-21  Simon Fraser  <simon.fraser@apple.com>

            Fixed bars are positioned incorrectly when there are header and footer banners
            https://bugs.webkit.org/show_bug.cgi?id=166302
            rdar://problem/29727145

            Reviewed by Tim Horton.

            The computation of the visual viewport was wrong in the presence of header and footer
            banners. It needs to take into account the fact that "visibleContentRect" applies to the
            scroll view contents, which includes header and footer (unscaled), and the potentially scaled
            document, and we need to return a rectangle in unscaled document coordinates.

            Make a static method in FrameView to do this computation, and call it from FrameView::visualViewportRect()
            and ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition().

            layoutViewportForScrollPosition() is only called on Mac, so remove the #ifdeffing related to scaling,
            and pass in an unscaled scroll position.

            Test: fast/visual-viewport/zoomed-fixed-header-and-footer.html

            * page/FrameView.cpp:
            (WebCore::FrameView::updateLayoutViewport):
            (WebCore::FrameView::maxStableLayoutViewportOrigin):
            (WebCore::FrameView::visibleDocumentRect):
            (WebCore::FrameView::visualViewportRect):
            * page/FrameView.h:
            * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
            (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition):
            * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
            (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints):

2017-01-05  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210035. rdar://problem/29704862

    2016-12-20  Zalan Bujtas  <zalan@apple.com>

            SVG elements should inherit the root's flow thread state.
            https://bugs.webkit.org/show_bug.cgi?id=166173
            rdar://problem/29704862

            Reviewed by Simon Fraser.

            When the <svg> is not part of the multicolumn context (out of flow positioning), its descendants should not be in the flow either.

            Test: fast/multicol/svg-inside-multicolumn.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::computedFlowThreadState):
            * rendering/RenderObject.h:
            (WebCore::RenderObject::isProgress):
            (WebCore::RenderObject::isRenderSVGBlock):
            * rendering/svg/RenderSVGBlock.h:

2017-01-04  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r209990. rdar://problem/29705967

    2016-12-18  Brent Fulgham  <bfulgham@apple.com>

            Side effects while restting form elements
            https://bugs.webkit.org/show_bug.cgi?id=165959
            <rdar://problem/29705967>

            Reviewed by Anders Carlsson.

            JavaScript logic can run while resetting FormElement objects. This can
            lead to unintended side-effets and other unwanted behavior. We should
            protect these elements during the reset.

            Test: fast/html/form-mutate.html

            * html/HTMLFormElement.cpp:
            (WebCore::HTMLFormElement::HTMLFormElement): Switch to C++11 initialization.
            (WebCore::HTMLFormElement::reset): Protect elements until the reset
            operation is finished.
            (WebCore::HTMLFormElement::resetAssociatedFormControlElements): Added to share
            code with 'resumeFromDocument'.
            (WebCore::HTMLFormElement::resumeFromDocument): Protect elements until the
            reset operation is finished.

2017-01-04  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210045. rdar://problem/29560853

    2016-12-20  Alex Christensen  <achristensen@webkit.org>

            Remove initEvent quirk
            https://bugs.webkit.org/show_bug.cgi?id=166284

            Reviewed by Dan Bernstein.

            We added this quirk in r207908 and expanded it in r209946 and r210034.
            Many web compatibility issues have been found, which leads us to believe that many more exist.
            This reverts the behavior to match how it was before r203848.
            This change was proposed to the spec in https://github.com/whatwg/dom/issues/387

            * dom/Event.cpp:
            (WebCore::Event::initEventForBindings): Deleted.
            * dom/Event.h:
            * dom/Event.idl:
            * platform/RuntimeApplicationChecks.h:
            * platform/RuntimeApplicationChecks.mm:
            (WebCore::IOSApplication::isBaiduNuomi): Deleted.
            (WebCore::IOSApplication::isAutoNaviAMap): Deleted.
            (WebCore::IOSApplication::isFlipboard): Deleted.

2017-01-04  Matthew Hanson  <matthew_hanson@apple.com>

        Merge r210034. rdar://problem/29560853

    2016-12-20  Alex Christensen  <achristensen@webkit.org>

            Fix yet another app that uses initEvent with fewer than 3 parameters
            https://bugs.webkit.org/show_bug.cgi?id=166257
            <rdar://problem/29420268>

            Reviewed by Sam Weinig.

            * dom/Event.cpp:
            (WebCore::Event::initEventForBindings):
            * platform/RuntimeApplicationChecks.h:
            * platform/RuntimeApplicationChecks.mm:
            (WebCore::IOSApplication::isAutoNaviAMap):
            AutoNavi amap has content that uses initEvent with one parameter. This quirk is needed here, too.

2016-12-21  Babak Shafiei  <bshafiei@apple.com>

        Roll out r209261.

2016-12-21  Babak Shafiei  <bshafiei@apple.com>

        Roll out r209510.

2016-12-19  Dean Jackson  <dino@apple.com>

        Merge another patch for rdar://problem/29466493.

    2016-12-19  Dean Jackson  <dino@apple.com>

            Disable some features on the safari-603-branch.
            <rdar://problem/29466493>

            * Configurations/FeatureDefines.xcconfig:
            * css/SelectorChecker.cpp:
            (WebCore::SelectorChecker::matchRecursively):
            * css/SelectorFilter.cpp:
            (WebCore::SelectorFilter::collectIdentifierHashes):
            * css/parser/CSSSelectorParser.cpp:
            (WebCore::isOnlyPseudoClassFunction):
            (WebCore::CSSSelectorParser::consumePseudo):
            (WebCore::CSSSelectorParser::consumeCombinator):
            * cssjit/SelectorCompiler.cpp:
            (WebCore::SelectorCompiler::fragmentRelationForSelectorRelation):

2016-12-19  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for rdar://problem/29466493.

    2016-12-19  Dean Jackson  <dino@apple.com>

            Disable some features on the safari-603-branch.
            <rdar://problem/29466493>

            - Force the default state of experimental features to off.
            - Move some experimental features that should be enabled on this
              branch into the general feature list, so they can't be disabled.
            - Disable some features that are not ready.

            * Configurations/FeatureDefines.xcconfig:

2016-12-18  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Prefetch cursor records in the server.
        https://bugs.webkit.org/show_bug.cgi?id=166014

        Reviewed by Andy Estes.

        No new tests (Covered by existing LayoutTests and PerformanceTests).

        This patch implements the followng:
        1 - After a backing store cursor completes a fetch in the server, it will schedule the next fetch 
            even before the client requests one. It will do this up to a limited number of prefetches.
        2 - Once a client request to advance the cursor comes in, we'll work our way through prefetched
            records instead of reading anything from disk, which might then cause us to continue prefetch.
        3 - If any changes to the object store occur, it will throw away all previously fetched records
            (There's room for future improvement here)

        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::postDatabaseTask):
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange):
        (WebCore::IDBServer::SQLiteIDBBackingStore::prefetchCursor):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::objectStoreRecordsChanged):
        (WebCore::IDBServer::SQLiteIDBCursor::prefetch):
        (WebCore::IDBServer::SQLiteIDBCursor::advance):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-12-18  Wenson Hsieh  <wenson_hsieh@apple.com>

        Changing text direction fires input events with null inputTypes and no data
        https://bugs.webkit.org/show_bug.cgi?id=166007
        <rdar://problem/29557205>

        Reviewed by Sam Weinig.

        Adds support for the "formatSetInlineTextDirection" input type, triggered when using the context menu on Mac in
        an editable area (for both plain and rich text cases) to change paragraph direction. To do this, we add cases
        for EditActionSetWritingDirection in inputTypeNameForEditingAction and inputEventDataForEditingStyleAndAction.

        When changing text direction for a plaintext editable element, we have logic in Editor::setBaseWritingDirection
        that sets the focused element's dir attribute to the requested value (ltr or rtl). We add similar hooks here to
        dispatch input events and handle preventing default.

        Test: fast/events/before-input-events-prevent-text-direction.html

        * editing/EditCommand.cpp:
        (WebCore::inputTypeNameForEditingAction):

        Handle the EditActionSetWritingDirection case.

        * editing/Editor.cpp:
        (WebCore::inputEventDataForEditingStyleAndAction):
        (WebCore::Editor::applyParagraphStyle):

        Include input event data when dispatching an input event here.

        (WebCore::Editor::setBaseWritingDirection):
        * testing/Internals.cpp:
        (WebCore::Internals::setBaseWritingDirection):
        * testing/Internals.h:
        * testing/Internals.idl:

        Introduce an internal testing support hook for setting base writing direction (the same codepath taken when
        using the context menu to change paragraph direction). Currently, using testRunner.execCommand creates and
        applies style with an additional `unicode-bidi` attribute, and appears to also be intentionally disabled for
        plaintext editable elements.

2016-12-17  Simon Fraser  <simon.fraser@apple.com>

        Build fix: linking WebCore was failing: you can't export inline functions.

        * css/DeprecatedCSSOMPrimitiveValue.cpp:
        (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType):
        (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue):
        * css/DeprecatedCSSOMPrimitiveValue.h:
        (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType): Deleted.
        (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue): Deleted.
        (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue): Deleted.
        (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue): Deleted.
        (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue): Deleted.

2016-12-16  Dave Hyatt  <hyatt@apple.com>

        [CSS Values] Make separate wrapper classes for the deprecated CSS Values OM
        https://bugs.webkit.org/show_bug.cgi?id=165968

        Reviewed by Andreas Kling.

        This patch changes the CSS OM for values to use distinct wrapper
        classes instead of cloning the existing classes. By actually wrapping
        values instead of cloning, we are freed up to change our CSS value hierarchy
        however we'd like (such as changing to match the new CSS Values OM that
        is coming soon).

        All of the CSS Values wrapper classes are prefixed with "DeprecatedCSSOM"
        to reflect our desire (ultimately) to remove this API from our tree. We're
        the only ones that support it, and it's not used on the Web, but it is part
        of the WebKitLegacy API and might be used internally.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/DOMWrapperWorld.h:
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::getPropertyCSSValue):
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::JSDeprecatedCSSOMValueOwner::isReachableFromOpaqueRoots):
        (WebCore::JSDeprecatedCSSOMValueOwner::finalize):
        (WebCore::toJSNewlyCreated):
        (WebCore::toJS):
        (WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots): Deleted.
        (WebCore::JSCSSValueOwner::finalize): Deleted.
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSComputedStyleDeclaration.h:
        * css/CSSGridLineNamesValue.cpp:
        (WebCore::CSSGridLineNamesValue::cloneForCSSOM): Deleted.
        * css/CSSGridLineNamesValue.h:
        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::cloneForCSSOM): Deleted.
        * css/CSSImageSetValue.h:
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::createDeprecatedCSSOMWrapper):
        (WebCore::CSSImageValue::cloneForCSSOM): Deleted.
        * css/CSSImageValue.h:
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::createDeprecatedCSSOMPrimitiveWrapper):
        (WebCore::CSSPrimitiveValue::cloneForCSSOM): Deleted.
        * css/CSSPrimitiveValue.h:
        * css/CSSPrimitiveValue.idl: Removed.
        * css/CSSStyleDeclaration.h:
        * css/CSSStyleDeclaration.idl:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::traverseSubresources):
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        (WebCore::CSSValue::createDeprecatedCSSOMWrapper):
        (): Deleted.
        (WebCore::CSSValue::cloneForCSSOM): Deleted.
        * css/CSSValue.h:
        (WebCore::CSSValue::CSSValue):
        (WebCore::CSSValue::setCssText): Deleted.
        (WebCore::CSSValue::isCSSOMSafe): Deleted.
        (WebCore::CSSValue::isSubtypeExposedToCSSOM): Deleted.
        * css/CSSValue.idl: Removed.
        * css/CSSValueList.cpp:
        (WebCore::CSSValueList::cloneForCSSOM): Deleted.
        * css/CSSValueList.h:
        (WebCore::CSSValueList::separator):
        * css/CSSValueList.idl: Removed.
        * css/Counter.h:
        * css/Counter.idl: Removed.
        * css/DeprecatedCSSOMCounter.h: Added.
        * css/DeprecatedCSSOMCounter.idl: Copied from Source/WebCore/css/Counter.idl.
        * css/DeprecatedCSSOMPrimitiveValue.cpp: Added.
        (WebCore::DeprecatedCSSOMPrimitiveValue::getCounterValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getRectValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getRGBColorValue):
        * css/DeprecatedCSSOMPrimitiveValue.h: Added.
        (WebCore::DeprecatedCSSOMPrimitiveValue::create):
        (WebCore::DeprecatedCSSOMPrimitiveValue::equals):
        (WebCore::DeprecatedCSSOMPrimitiveValue::cssValueType):
        (WebCore::DeprecatedCSSOMPrimitiveValue::cssText):
        (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType):
        (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::stringValue):
        (WebCore::DeprecatedCSSOMPrimitiveValue::DeprecatedCSSOMPrimitiveValue):
        * css/DeprecatedCSSOMPrimitiveValue.idl: Copied from Source/WebCore/css/CSSPrimitiveValue.idl.
        * css/DeprecatedCSSOMRGBColor.h: Added.
        * css/DeprecatedCSSOMRGBColor.idl: Copied from Source/WebCore/css/RGBColor.idl.
        * css/DeprecatedCSSOMRect.h: Added.
        * css/DeprecatedCSSOMRect.idl: Copied from Source/WebCore/css/Rect.idl.
        * css/DeprecatedCSSOMValue.cpp: Added.
        (WebCore::compareCSSOMValues):
        (WebCore::DeprecatedCSSOMValue::equals):
        (WebCore::DeprecatedCSSOMValue::destroy):
        (WebCore::DeprecatedCSSOMValue::cssValueType):
        (WebCore::DeprecatedCSSOMValue::cssText):
        * css/DeprecatedCSSOMValue.h: Added.
        (WebCore::DeprecatedCSSOMValue::deref):
        (WebCore::DeprecatedCSSOMValue::setCssText):
        (WebCore::DeprecatedCSSOMValue::operator==):
        (WebCore::DeprecatedCSSOMValue::isComplexValue):
        (WebCore::DeprecatedCSSOMValue::isPrimitiveValue):
        (WebCore::DeprecatedCSSOMValue::isValueList):
        (WebCore::DeprecatedCSSOMValue::classType):
        (WebCore::DeprecatedCSSOMValue::DeprecatedCSSOMValue):
        (WebCore::DeprecatedCSSOMValue::~DeprecatedCSSOMValue):
        (WebCore::DeprecatedCSSOMComplexValue::create):
        (WebCore::DeprecatedCSSOMComplexValue::equals):
        (WebCore::DeprecatedCSSOMComplexValue::cssText):
        (WebCore::DeprecatedCSSOMComplexValue::cssValueType):
        (WebCore::DeprecatedCSSOMComplexValue::DeprecatedCSSOMComplexValue):
        * css/DeprecatedCSSOMValue.idl: Copied from Source/WebCore/css/CSSValue.idl.
        * css/DeprecatedCSSOMValueList.cpp: Added.
        (WebCore::DeprecatedCSSOMValueList::equals):
        (WebCore::DeprecatedCSSOMValueList::cssText):
        * css/DeprecatedCSSOMValueList.h: Added.
        (WebCore::DeprecatedCSSOMValueList::create):
        (WebCore::DeprecatedCSSOMValueList::cssValueType):
        (WebCore::DeprecatedCSSOMValueList::length):
        (WebCore::DeprecatedCSSOMValueList::item):
        (WebCore::DeprecatedCSSOMValueList::DeprecatedCSSOMValueList):
        * css/DeprecatedCSSOMValueList.idl: Copied from Source/WebCore/css/CSSValueList.idl.
        * css/LengthRepeat.h:
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
        (WebCore::PropertySetCSSStyleDeclaration::wrapForDeprecatedCSSOM):
        (WebCore::StyleRuleCSSStyleDeclaration::didMutate):
        (WebCore::InlineCSSStyleDeclaration::didMutate):
        (WebCore::PropertySetCSSStyleDeclaration::cloneAndCacheForCSSOM): Deleted.
        * css/PropertySetCSSStyleDeclaration.h:
        * css/RGBColor.cpp:
        (WebCore::RGBColor::red): Deleted.
        (WebCore::RGBColor::green): Deleted.
        (WebCore::RGBColor::blue): Deleted.
        (WebCore::RGBColor::alpha): Deleted.
        * css/RGBColor.h:
        * css/RGBColor.idl: Removed.
        * css/Rect.h:
        (WebCore::RectBase::RectBase):
        * css/Rect.idl: Removed.
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::getPresentationAttribute):
        * svg/SVGElement.h:
        * svg/SVGElement.idl:

2016-12-17  Philippe Normand  <pnormand@igalia.com>

        Unreviewed, rollout r209860 OWR player shouldn't be selected for normal video playback

        * platform/GStreamer.cmake:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
        (WebCore::MediaPlayerPrivateGStreamerOwr::play):
        (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
        (WebCore::MediaPlayerPrivateGStreamerOwr::load):
        (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded):
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
        (WebCore::MediaPlayerPrivateGStreamerOwr::setSize):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:
        * platform/mediastream/openwebrtc/MediaEndpointOwr.cpp:
        (WebCore::MediaEndpointOwr::createMutedRemoteSource):
        * platform/mediastream/openwebrtc/RealtimeAudioSourceOwr.h: Removed.
        * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
        (WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable):
        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.cpp: Removed.
        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h:
        * platform/mediastream/openwebrtc/RealtimeVideoSourceOwr.h: Removed.

2016-12-17  Michael Catanzaro  <mcatanzaro@igalia.com>

        warning: the compiler can assume that the address of 'thisObject' will always evaluate to 'true' [-Waddress] in WebCore::JSHTMLDocument::getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=165987

        Reviewed by Mark Lam.

        Work around the warning by passing the JSObject pointer this function receives directly to
        ASSERT_GC_OBJECT_INHERITS, instead of casting it to a reference and then taking the address
        of that, to avoid the -Waddress warning.

        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot):

2016-12-17  Jer Noble  <jer.noble@apple.com>

        Add implementation for navigator.requestMediaKeySystemAccess()
        https://bugs.webkit.org/show_bug.cgi?id=165850

        Reviewed by Eric Carlson.

        Test: media/encrypted-media/mock-navigator-requestMediaKeySystemAccess.html

        Add an implementation of NavigatorEME::requestMediaKeySystemAccess() as well as the CDM
        object on which it depends.

        * Modules/encryptedmedia/CDM.cpp: Added.
        (WebCore::cdmFactories):
        (WebCore::createCDMPrivateForKeySystem):
        (WebCore::CDM::registerCDMFactory):
        (WebCore::CDM::unregisterCDMFactory):
        (WebCore::CDM::supportsKeySystem):
        (WebCore::CDM::create):
        (WebCore::CDM::CDM):
        (WebCore::CDM::getSupportedConfiguration):
        (WebCore::CDM::doSupportedConfigurationStep):
        (WebCore::CDM::isPersistentType):
        (WebCore::CDM::getSupportedCapabilitiesForAudioVideoType):
        (WebCore::CDM::getConsentStatus):
        * Modules/encryptedmedia/CDM.h: Added.
        (WebCore::CDMFactory::~CDMFactory):
        (WebCore::CDM::keySystem):
        (WebCore::CDM::createWeakPtr):
        * Modules/encryptedmedia/CDMPrivate.h: Added.
        (WebCore::CDMPrivate::~CDMPrivate):
        * Modules/encryptedmedia/NavigatorEME.cpp:
        (WebCore::NavigatorEME::requestMediaKeySystemAccess):
        (WebCore::tryNextSupportedConfiguration):
        * Modules/encryptedmedia/NavigatorEME.h:
        * Modules/encryptedmedia/NavigatorEME.idl:

        To aid in testing, a new Internals object is added, MockCDMFactory, which can be
        controlled by LayoutTests to change the behavior of the Mock objects it creates.

        * testing/Internals.cpp:
        (WebCore::Internals::registerMockCDM):
        * testing/Internals.h:
        * testing/Internals.idl:
        * testing/MockCDMFactory.cpp: Added.
        (WebCore::MockCDMFactory::MockCDMFactory):
        (WebCore::MockCDMFactory::~MockCDMFactory):
        (WebCore::MockCDMFactory::unregister):
        (WebCore::MockCDMFactory::supportsKeySystem):
        (WebCore::MockCDMFactory::createCDM):
        (WebCore::MockCDM::MockCDM):
        (WebCore::MockCDM::supportsInitDataType):
        (WebCore::MockCDM::supportsConfiguration):
        (WebCore::MockCDM::supportsConfigurationWithRestrictions):
        (WebCore::MockCDM::supportsSessionTypeWithConfiguration):
        (WebCore::MockCDM::supportsRobustness):
        (WebCore::MockCDM::distinctiveIdentifiersRequirement):
        (WebCore::MockCDM::persistentStateRequirement):
        (WebCore::MockCDM::distinctiveIdentifiersAreUniquePerOriginAndClearable):
        * testing/MockCDMFactory.h: Added.
        (WebCore::MockCDMFactory::create):
        (WebCore::MockCDMFactory::supportedDataTypes):
        (WebCore::MockCDMFactory::setSupportedDataTypes):
        (WebCore::MockCDMFactory::supportedRobustness):
        (WebCore::MockCDMFactory::setSupportedRobustness):
        (WebCore::MockCDMFactory::distinctiveIdentifiersRequirement):
        (WebCore::MockCDMFactory::setDistinctiveIdentifiersRequirement):
        (WebCore::MockCDMFactory::persistentStateRequirement):
        (WebCore::MockCDMFactory::setPersistentStateRequirement):
        * testing/MockCDMFactory.idl: Added.

        Move the MediaKeySessionType definition out of the MediaKeys.idl file and into its own.
        Move the MediaKeysRequiriment definition out of the MediaKeySystemConfiguration.idl file
        and into its own. Generally fix up the .idl files so that they properly work with their
        implementation files.

        * Modules/encryptedmedia/MediaKeySessionType.idl: Added.
        * Modules/encryptedmedia/MediaKeySystemAccess.cpp:
        (WebCore::MediaKeySystemAccess::create):
        (WebCore::MediaKeySystemAccess::MediaKeySystemAccess):
        (WebCore::MediaKeySystemAccess::keySystem): Deleted.
        (WebCore::MediaKeySystemAccess::getConfiguration): Deleted.
        * Modules/encryptedmedia/MediaKeySystemAccess.h:
        (WebCore::MediaKeySystemAccess::keySystem):
        (WebCore::MediaKeySystemAccess::getConfiguration):
        (WebCore::MediaKeySystemAccess::create): Deleted.
        * Modules/encryptedmedia/MediaKeySystemAccess.idl:
        * Modules/encryptedmedia/MediaKeySystemConfiguration.h:
        * Modules/encryptedmedia/MediaKeySystemConfiguration.idl:
        * Modules/encryptedmedia/MediaKeySystemMediaCapability.idl:
        * Modules/encryptedmedia/MediaKeys.idl:
        * Modules/encryptedmedia/MediaKeysRequirement.idl: Added.
        * Modules/encryptedmedia/MediaKeysRestrictions.h: Added.
        * bindings/js/JSMediaKeySystemAccessCustom.cpp: Removed.

        As some of these enums are referenced in the Internals project, they need to be exported
        from WebCore correctly. Teach the code generator how to export the symbols generated by
        enums.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateEnumerationHeaderContent):

        Add new files to the project.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:

2016-12-17  Darin Adler  <darin@apple.com>

        Remove WebCore::Dictionary, which is now unused
        https://bugs.webkit.org/show_bug.cgi?id=165988

        Reviewed by Andreas Kling.

        * CMakeLists.txt: Removed the files.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/Dictionary.cpp: Removed.
        * bindings/js/Dictionary.h: Removed.
        * bindings/js/JSBindingsAllInOne.cpp: Removed include of Dictionary.cpp.

2016-12-17  Youenn Fablet  <youenn@apple.com>

        Cloned CachedResource should not have an empty response
        https://bugs.webkit.org/show_bug.cgi?id=165947

        Reviewed by Sam Weinig.

        Test: http/tests/loading/reusing-cached-stylesheet-from-different-domain.html

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::setBodyDataFrom): Copying the response to the cloned resource.
        Even though the issue is appearing for stylesheets only, it is safer to do that for all cloned ressources.

2016-12-16  Brady Eidson  <beidson@apple.com>

        IndexedDB: Refactor SQLiteIDBCursor to prepare for cursor prefetching.
        https://bugs.webkit.org/show_bug.cgi?id=165978

        Reviewed by Alex Christensen.

        No new tests (Refactor, no behavior change).
        
        In preparation for cursor prefetching, we need to shift the cursor off of keeping "the current record"
        and onto keeping "a deque of fetched records", the first of which is "the current record".
        
        This patch does just that, but with no behavior change; The deque only ever holds 0 or 1 records.

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::currentData):
        (WebCore::IDBServer::SQLiteIDBCursor::objectStoreRecordsChanged):
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::prefetch):
        (WebCore::IDBServer::SQLiteIDBCursor::advance):
        (WebCore::IDBServer::SQLiteIDBCursor::fetch):
        (WebCore::IDBServer::SQLiteIDBCursor::fetchNextRecord):
        (WebCore::IDBServer::SQLiteIDBCursor::markAsErrored):
        (WebCore::IDBServer::SQLiteIDBCursor::internalFetchNextRecord):
        (WebCore::IDBServer::SQLiteIDBCursor::iterate):
        (WebCore::IDBServer::SQLiteIDBCursor::currentKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentValue):
        (WebCore::IDBServer::SQLiteIDBCursor::didComplete):
        (WebCore::IDBServer::SQLiteIDBCursor::didError):
        (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID):
        (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::advanceOnce): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce): Deleted.
        
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteCursorRecord::isTerminalRecord):
        (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::currentKey): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::currentValue): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::didComplete): Deleted.
        (WebCore::IDBServer::SQLiteIDBCursor::didError): Deleted.

2016-12-16  Darin Adler  <darin@apple.com>

        Remove all custom bindings from media streams, using dictionaries instead
        https://bugs.webkit.org/show_bug.cgi?id=165943

        Reviewed by Sam Weinig.

        * CMakeLists.txt: Added and removed files.
        * DerivedSources.make: Ditto.

        * Modules/mediastream/DoubleRange.h: Added. Moved dictionary here so it can be shared
        by both MediaStreamTrack and MediaTrackSupportedConstraints.
        * Modules/mediastream/DoubleRange.idl: Ditto.
        * Modules/mediastream/LongRange.h: Ditto.
        * Modules/mediastream/LongRange.idl: Ditto.

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::getSupportedConstraints): Changed to return a struct instead
        of a reference counted object.
        * Modules/mediastream/MediaDevices.h: Updated for the above.
        * Modules/mediastream/MediaDevices.idl: Added a conditional on the dictionary in this
        file; not needed because the conditional on the interface automatically affects the
        entire fiel, but for now the style seems to be to put these on all the dictionaries.

        * Modules/mediastream/MediaSourceSettings.cpp: Removed.
        * Modules/mediastream/MediaSourceSettings.h: Removed.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getSettings): Changed to return a struct instead of a
        reference counted object.
        (WebCore::capabilityDoubleRange): Added. Helper for getCapabilities.
        (WebCore::capabilityIntRange): Ditto.
        (WebCore::capabilityStringVector): Ditto.
        (WebCore::capabilityBooleanVector): Ditto.
        (WebCore::MediaStreamTrack::getCapabilities): Changed to return a struct instead
        of a reference counted object.
        * Modules/mediastream/MediaStreamTrack.h: Updated for the above changes. Also
        defined the structs here in the class.
        * Modules/mediastream/MediaStreamTrack.idl: Defined the two dictionaries here and
        changed the functions to return them and not use [Custom] any more.

        * Modules/mediastream/MediaTrackConstraints.h: Moved DoubleRange and LongRange out
        of this file and into their own headers. Also removed the currently unimplemented
        latency and channelCount; there are FIXME comments in the IDL file about eventually
        adding these to match the specification.
        * Modules/mediastream/MediaTrackConstraints.idl: Added conditionals, and removed
        the unimplemented latency and channelCount.
        style of marking everything consistently.

        * Modules/mediastream/MediaTrackSupportedConstraints.h: Replaced this class with
        a struct.
        * Modules/mediastream/MediaTrackSupportedConstraints.idl: Replaced this interface
        with a dictionary.

        * WebCore.xcodeproj/project.pbxproj: Added and removed files.

        * bindings/js/JSMediaStreamTrackCustom.cpp: Removed.
        * bindings/js/JSMediaTrackSupportedConstraintsCustom.cpp: Removed.

        * platform/mediastream/MediaStreamTrackPrivate.cpp: Removed include of the
        MediaSourceSettings.h header.
        * platform/mediastream/MediaStreamTrackPrivate.h: Removed forward declaration of
        the MediaSourceSettings class.

2016-12-16  Zalan Bujtas  <zalan@apple.com>

        Possible nullptr dereference when applying pagination to viewport
        https://bugs.webkit.org/show_bug.cgi?id=165926

        Reviewed by Simon Fraser.

        Static analysis found a code path where a null dereference could occur.
        
        * page/FrameView.cpp:
        (WebCore::FrameView::applyPaginationToViewport):

2016-12-16  Ryan Haddad  <ryanhaddad@apple.com>

        Fix the Windows build.

        Unreviewed build fix.

        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp:

2016-12-16  Ryan Haddad  <ryanhaddad@apple.com>

        Yet another attempt to fix the Windows build after r209936.

        Unreviewed build fix.

        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h:

2016-12-16  Alex Christensen  <achristensen@webkit.org>

        Use initEvent quirk added in r207908 for Flipboard
        https://bugs.webkit.org/show_bug.cgi?id=165974
        <rdar://problem/28264190>

        Reviewed by Chris Dumez.

        * dom/Event.cpp:
        (WebCore::Event::initEventForBindings):
        * platform/RuntimeApplicationChecks.h:
        * platform/RuntimeApplicationChecks.mm:
        (WebCore::IOSApplication::isFlipboard):
        Flipboard also has JavaScript content that calls initEvent with not enough arguments.

2016-12-16  Chris Dumez  <cdumez@apple.com>

        [iOS] Align HTML from validation popover style with Copy/Paste callout bar
        https://bugs.webkit.org/show_bug.cgi?id=165973
        <rdar://problem/29336638>

        Reviewed by Simon Fraser.

        Tweak font size and padding of the HTML from validation popover to
        match the style of the Copy/Paste callout bar on iOS.

        * platform/ios/ValidationBubbleIOS.mm:
        (WebCore::ValidationBubble::ValidationBubble):

2016-12-16  Ryan Haddad  <ryanhaddad@apple.com>

        Another attempt to fix the Windows build after r209936.

        Unreviewed build fix.

        * CMakeLists.txt:

2016-12-16  Andy Estes  <aestes@apple.com>

        Add a setting to suppress keyboard input during provisional navigation
        https://bugs.webkit.org/show_bug.cgi?id=165830

        Reviewed by Brent Fulgham.

        Added a setting that suppresses keyboard input during provisional navigation. When the
        setting is enabled, DOM propogation of keyboard input events (KeyboardEvents,
        CompositionEvents, InputEvents, and some TextEvents) is suppressed, and text insertion is
        disabled in the editor.

        Non-editing default event handling still occurs, for instance keyboard scrolling, access
        keys, and focus navigation.

        Test: http/tests/navigation/keyboard-events-during-provisional-navigation.html

        * dom/CompositionEvent.h: Added a type trait specialization.
        * dom/EventDispatcher.cpp:
        (WebCore::shouldSuppressEventDispatchInDOM): Added. Returns true if the event is trusted,
        FrameLoader::shouldSuppressKeyboardInput() returns true, and the event is a
        CompositionEvent, InputEvent, KeyboardEvent, or keyboard/composition TextEvent.
        (WebCore::EventDispatcher::dispatchEvent): Called stopPropogation() on the event if
        shouldSuppressEventDispatchInDOM() returns true.
        * dom/InputEvent.h: Removed the inline no-op destructor so that DataTransfer does not need
        to be a complete type in every translation unit that includes this header. Added a type
        trait specialization.
        * dom/TextEvent.h: Added isKeyboard() to determine if m_inputType is TextEventInputKeyboard.
        * editing/Editor.cpp:
        (WebCore::Editor::shouldInsertText): Returned false if
        FrameLoader::shouldSuppressKeyboardInput() returns true and the action is
        EditorInsertActionTyped.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldSuppressKeyboardInput): Added. Returns true if
        Settings::shouldSuppressKeyboardInputDuringProvisionalNavigation() returns true and the
        state is FrameStateProvisional.
        * loader/FrameLoader.h: Declared shouldSuppressKeyboardInput().
        * page/EventHandler.h: Exported accessKeyModifiers().
        * page/Settings.in: Defined shouldSuppressKeyboardInputDuringProvisionalNavigation with an
        initial value of false.
        * testing/Internals.cpp:
        (WebCore::Internals::accessKeyModifiers): Added. Returns a vector of strings representing
        the access key modifiers.
        * testing/Internals.h: Declared accessKeyModifiers().
        * testing/Internals.idl: Exposed accessKeyModifiers() on the internals object.

2016-12-16  Brady Eidson  <beidson@apple.com>

        More SQLiteIDBCursor refactoring.
        https://bugs.webkit.org/show_bug.cgi?id=165956

        Reviewed by Tim Horton.

        No new tests (No behavior change).
        
        This is a simple patch that encapsulates the current state of the cursor in one structure
        which will allow for storing multiple-such states in the future (to support prefetching).

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::currentData):
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::advance):
        (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique):
        (WebCore::IDBServer::SQLiteIDBCursor::markAsErrored):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        (WebCore::IDBServer::SQLiteIDBCursor::iterate):
        
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID):
        (WebCore::IDBServer::SQLiteIDBCursor::currentKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentValue):
        (WebCore::IDBServer::SQLiteIDBCursor::didComplete):
        (WebCore::IDBServer::SQLiteIDBCursor::didError):

2016-12-16  Jer Noble  <jer.noble@apple.com>

        Follow-up build fix after r209936; also rename MockCDM -> LegacyMockCDM in
        CMakeLists.txt.

        * CMakeLists.txt:

2016-12-16  Sam Weinig  <sam@webkit.org>

        [Bindings] Remove use of Dictionary/ArrayValue in CDMSessionClearKey
        https://bugs.webkit.org/show_bug.cgi?id=165961

        Reviewed by Darin Adler.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        Remove ArrayValue.h/cpp

        * bindings/js/ArrayValue.cpp: Removed.
        * bindings/js/ArrayValue.h: Removed.

        * bindings/js/Dictionary.cpp:
        * bindings/js/Dictionary.h:
        Remove support for ArrayValue.

        * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::update):
        Replace use of Dictionary/ArrayValue with direct JSObject functions. This
        should really be replaced with a JSON parser that does not require round
        tripping through JavaScript objects.

2016-12-13  Jer Noble  <jer.noble@apple.com>

        Move existing CDM* implementations into modules/encryptedmedia/legacy
        https://bugs.webkit.org/show_bug.cgi?id=165823

        Rubber-stamped by Sam Weinig.

        * Modules/encryptedmedia/legacy/LegacyCDM.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDM.cpp.
        (WebCore::CDMFactory::CDMFactory):
        (WebCore::installedCDMFactories):
        (WebCore::CDM::registerCDMFactory):
        (WebCore::CDMFactoryForKeySystem):
        (WebCore::CDM::supportsKeySystem):
        (WebCore::CDM::keySystemSupportsMimeType):
        (WebCore::CDM::create):
        (WebCore::CDM::CDM):
        (WebCore::CDM::~CDM):
        (WebCore::CDM::supportsMIMEType):
        (WebCore::CDM::createSession):
        (WebCore::CDM::mediaPlayer):
        * Modules/encryptedmedia/legacy/LegacyCDM.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDM.h.
        (WebCore::CDMClient::~CDMClient):
        (WebCore::CDM::keySystem):
        (WebCore::CDM::client):
        (WebCore::CDM::setClient):
        * Modules/encryptedmedia/legacy/LegacyCDMPrivate.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivate.h.
        (WebCore::CDMPrivateInterface::CDMPrivateInterface):
        (WebCore::CDMPrivateInterface::~CDMPrivateInterface):
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateClearKey.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateClearKey.cpp.
        (WebCore::CDMPrivateClearKey::supportsKeySystem):
        (WebCore::CDMPrivateClearKey::supportsKeySystemAndMimeType):
        (WebCore::CDMPrivateClearKey::supportsMIMEType):
        (WebCore::CDMPrivateClearKey::createSession):
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateClearKey.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateClearKey.h.
        (WebCore::CDMPrivateClearKey::CDMPrivateClearKey):
        (WebCore::CDMPrivateClearKey::~CDMPrivateClearKey):
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp.
        (WebCore::CDMPrivateMediaPlayer::supportsKeySystem):
        (WebCore::CDMPrivateMediaPlayer::supportsKeySystemAndMimeType):
        (WebCore::CDMPrivateMediaPlayer::supportsMIMEType):
        (WebCore::CDMPrivateMediaPlayer::createSession):
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateMediaPlayer.h.
        (WebCore::CDMPrivateMediaPlayer::CDMPrivateMediaPlayer):
        (WebCore::CDMPrivateMediaPlayer::~CDMPrivateMediaPlayer):
        (WebCore::CDMPrivateMediaPlayer::cdm):
        * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp.
        (WebCore::clearKeyVM):
        (WebCore::CDMSessionClearKey::CDMSessionClearKey):
        (WebCore::CDMSessionClearKey::~CDMSessionClearKey):
        (WebCore::CDMSessionClearKey::generateKeyRequest):
        (WebCore::CDMSessionClearKey::releaseKeys):
        (WebCore::CDMSessionClearKey::update):
        (WebCore::CDMSessionClearKey::cachedKeyForKeyID):
        * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.h.
        * Modules/encryptedmedia/legacy/WebKitMediaKeySession.h:
        * Modules/encryptedmedia/legacy/WebKitMediaKeys.h:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/LegacyCDMSession.h: Renamed from Source/WebCore/platform/graphics/CDMSession.h.
        (WebCore::CDMSessionClient::~CDMSessionClient):
        (WebCore::CDMSession::CDMSession):
        (WebCore::CDMSession::~CDMSession):
        (WebCore::CDMSession::type):
        (WebCore::CDMSession::cachedKeyForKeyID):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h:
        * testing/Internals.cpp:
        * testing/LegacyMockCDM.cpp: Renamed from Source/WebCore/testing/MockCDM.cpp.
        (WebCore::MockCDMSession::~MockCDMSession):
        (WebCore::MockCDM::supportsKeySystem):
        (WebCore::MockCDM::supportsKeySystemAndMimeType):
        (WebCore::MockCDM::supportsMIMEType):
        (WebCore::MockCDM::createSession):
        (WebCore::initDataPrefix):
        (WebCore::keyPrefix):
        (WebCore::keyRequest):
        (WebCore::generateSessionId):
        (WebCore::MockCDMSession::MockCDMSession):
        (WebCore::MockCDMSession::generateKeyRequest):
        (WebCore::MockCDMSession::releaseKeys):
        (WebCore::MockCDMSession::update):
        * testing/LegacyMockCDM.h: Renamed from Source/WebCore/testing/MockCDM.h.
        (WebCore::MockCDM::MockCDM):
        (WebCore::MockCDM::~MockCDM):

2016-12-16  Andreas Kling  <akling@apple.com>

        Subframes going into page cache don't need to resetScrollbars().
        <https://webkit.org/b/163750>
        <rdar://problem/29273020>

        Reviewed by Antti Koivisto.

        The main frame is the only frame that switches its FrameView when using the page cache,
        subframes just suspend their DOM and wait around to be either killed or restored.

        Thus there is no reason for subframes to reset their FrameView's scrollbars when going
        into page cache, since nothing affects them while cached, and their layout should end up
        identical when restoring.

        This was causing some flakiness with subframe scrollbars jumping between different sizes
        in when restoring from page cache in macOS/WK1. This change makes the behavior consistent
        in both WK1 and WK2, and removes the flakiness.

        * dom/Document.cpp:
        (WebCore::Document::setPageCacheState):

2016-12-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        Visual viewports: carets and selection UI are incorrectly positioned when editing fixed elements
        https://bugs.webkit.org/show_bug.cgi?id=165767
        <rdar://problem/29602382>

        Reviewed by Simon Fraser.

        When changing the layout viewport override, mark viewport-constrained objects as needing layout. If only the
        width and height of the old and new layout viewports are compared, EditorState info (namely selection and caret
        rects) that depends on the document location of fixed elements may be stale immediately after the layout
        viewport override changes and before layout occurs.

        This caused one of the tests (fixed-caret-position-after-scroll.html) to occasionally fail.

        Tests: editing/caret/ios/absolute-caret-position-after-scroll.html
               editing/caret/ios/fixed-caret-position-after-scroll.html
               editing/selection/ios/absolute-selection-after-scroll.html
               editing/selection/ios/fixed-selection-after-scroll.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setLayoutViewportOverrideRect):

2016-12-14  Sam Weinig  <sam@webkit.org>

        [ApplePay] Remove remaining custom bindings from the ApplePay code
        https://bugs.webkit.org/show_bug.cgi?id=165860

        Reviewed by Darin Adler.

        * DerivedSources.make:
        Add new IDL files.

        * WebCore.xcodeproj/project.pbxproj:
        Add/remove files.

        * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Removed.
        * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Removed.
        * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Removed.
        * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Removed.
        Remove custom bindings.

        * Modules/applepay/ApplePayLineItem.h: Added.
        * Modules/applepay/ApplePayLineItem.idl: Added.
        * Modules/applepay/ApplePayPayment.h: Added.
        * Modules/applepay/ApplePayPayment.idl: Added.
        * Modules/applepay/ApplePayPaymentContact.h: Added.
        * Modules/applepay/ApplePayPaymentContact.idl: Added.
        * Modules/applepay/ApplePayPaymentMethod.h: Added.
        * Modules/applepay/ApplePayPaymentMethod.idl: Added.
        * Modules/applepay/ApplePayPaymentPass.h: Added.
        * Modules/applepay/ApplePayPaymentPass.idl: Added.
        * Modules/applepay/ApplePayPaymentRequest.h: Added.
        * Modules/applepay/ApplePayPaymentRequest.idl: Added.
        * Modules/applepay/ApplePayShippingMethod.h: Added.
        * Modules/applepay/ApplePayShippingMethod.idl: Added.
        Split out dictionaries and enums into separate files where needed.

        * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp:
        (WebCore::ApplePayPaymentAuthorizedEvent::ApplePayPaymentAuthorizedEvent):
        * Modules/applepay/ApplePayPaymentAuthorizedEvent.h:
        * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl:
        Convert the 'payment' property to return an ApplePayPayment dictionary, removing
        the need for custom bindings.

        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp:
        (WebCore::ApplePayPaymentMethodSelectedEvent::ApplePayPaymentMethodSelectedEvent):
        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h:
        * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl:
        Convert the 'paymentMethod' property to return an ApplePayPaymentMethod dictionary, removing
        the need for custom bindings.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::convertAndValidate):
        (WebCore::ApplePaySession::create):
        (WebCore::ApplePaySession::ApplePaySession):
        (WebCore::ApplePaySession::completeShippingMethodSelection):
        (WebCore::ApplePaySession::completeShippingContactSelection):
        (WebCore::ApplePaySession::completePaymentMethodSelection):
        (WebCore::ApplePaySession::didSelectShippingMethod):
        * Modules/applepay/ApplePaySession.h:
        Update for new names, remove need for ExecState in the create function, and simplify
        billingContact and shippingContact now that they are strongly typed.

        * Modules/applepay/ApplePaySession.idl:
        Move dictionaries and enums to their own files.

        * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp:
        (WebCore::ApplePayShippingContactSelectedEvent::ApplePayShippingContactSelectedEvent):
        * Modules/applepay/ApplePayShippingContactSelectedEvent.h:
        * Modules/applepay/ApplePayShippingContactSelectedEvent.idl:
        Convert the 'shippingContact' property to return an ApplePayPaymentContact dictionary, removing
        the need for custom bindings.

        * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp:
        * Modules/applepay/ApplePayShippingMethodSelectedEvent.h:
        * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl:
        Convert the 'shippingMethod' property to return an ApplePayShippingMethod dictionary, removing
        the need for custom bindings.

        * Modules/applepay/Payment.h:
        * Modules/applepay/PaymentContact.h:
        * Modules/applepay/PaymentMethod.h:
        * Modules/applepay/cocoa/PaymentCocoa.mm:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
        Replace toJS/fromJS functions with ones that convert to/from the associated dictionary type.

        * bindings/generic/IDLTypes.h:
        (WebCore::IDLJSON::nullValue):
        (WebCore::IDLJSON::isNullValue):
        (WebCore::IDLJSON::extractValueFromNullable):
        * bindings/js/JSDOMConvert.h:
        (WebCore::Converter<IDLJSON>::convert):
        (WebCore::JSConverter<IDLJSON>::convert):
        Add a new custom type, JSON, which converts from a String to a JS object.

        * bindings/scripts/CodeGenerator.pm:
        * bindings/scripts/CodeGeneratorJS.pm:
        Add support for the new JSON type, and improve scoped naming to allow for enums
        in dictionary only IDL files.

        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        Update test result for improved scoped naming.

2016-12-16  Zalan Bujtas  <zalan@apple.com>

        Defer certain accessibility callbacks until after layout is finished.
        https://bugs.webkit.org/show_bug.cgi?id=165861
        rdar://problem/29646301

        Reviewed by Chris Fleizach.

        Currently with certain AXObjectCache callbacks, we can end up in a layout while the render tree is being mutated.  
        This patch ensures that such callbacks are deferred until after tree mutation/layout is finished.

        Test: accessibility/accessibility-crash-with-dynamic-inline-content.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::remove):
        (WebCore::AXObjectCache::performDeferredIsIgnoredChange):
        (WebCore::AXObjectCache::insertDeferredIsIgnoredChange):
        * accessibility/AXObjectCache.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::performPostLayoutTasks):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::deleteLines):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::createAndAppendRootInlineBox):

2016-12-16  Ryan Haddad  <ryanhaddad@apple.com>

        Rebaseline bindings tests after r209897.

        Unreviewed test gardening.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObj::visitChildren):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterface::visitChildren):

2016-12-15  Brent Fulgham  <bfulgham@apple.com>

        Arguments called in wrong order
        https://bugs.webkit.org/show_bug.cgi?id=165923

        Reviewed by Simon Fraser.

        Correct the ordering of several function calls.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): The 'nearestToPresentationStartTime'
        argument is being checked for validity, but 'nearestToPresentationEndTime' is being used in the
        calculation. This seems like a copy/paste error.
        * page/PrintContext.cpp:
        (WebCore::PrintContext::outputLinkedDestinations): FloatPoint::expandedTo returns a new object that
        has been expanded. This code continued using the 'unexpanded' point.
        * platform/graphics/GraphicsContext3D.cpp:
        (WebCore::GraphicsContext3D::computeImageSizeInBytes): The 'bytesPerComponent' and 'componentsPerPixel'
        variables were being passed in the wrong order.
        * platform/network/CacheValidation.cpp: The 'last-modified' header string was being concatenated with
        the following string, resulting in an incorrect 'last-modifiedproxy-authenticate' string value.
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::firstGlyph): The ASSERT was assigning to the (by-value) input
        parameter 'codePoint', rather than comparing it to the firstGlyph value's codePoint.

2016-12-16  Youenn Fablet  <youenn@apple.com>

        [Fetch API] Improve resource loading console logging
        https://bugs.webkit.org/show_bug.cgi?id=160546

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        Adding support for logging of resource loading failures in ThreadableLoader.
        This will allow doing consistent logging for clients such as fetch, XHR, event source...

        Doing logging for Fetch API only at the moment in ThreadableLoader.
        Future patches should migrate XHR to this logging system.

        Logging routine is implemented in ThreadableLoader.
        It is used directly by DocumentThreadableLoader before calling didFail client callback.
        DocumentThreadableLoader has a new option to not log errors, in the case the client is WorkerThreadableLoader::MainBridge.
        In that case, the logging is done in the worker context within WorkerThreadableLoader::MainBridge::didFail

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Enable logging.
        (WebCore::DocumentThreadableLoader::create): Passing logging parameter to constructor.
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Adding initialization of logging parameter.
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Making use of the new logErrorAndFail helper routine.
        (WebCore::DocumentThreadableLoader::cancel): No need to log error if it is being cancelled.
        (WebCore::DocumentThreadableLoader::redirectReceived): Made the reportXX routines methods of DocumentThreadableLoaders and using logErrorAndFail internally.
        (WebCore::DocumentThreadableLoader::didFail): Wrapper around logErrorAndFail since cancel is not calling it anymore.
        (WebCore::DocumentThreadableLoader::preflightFailure):
        (WebCore::DocumentThreadableLoader::loadRequest):
        (WebCore::DocumentThreadableLoader::reportRedirectionWithBadScheme):
        (WebCore::DocumentThreadableLoader::reportContentSecurityPolicyError):
        (WebCore::DocumentThreadableLoader::reportCrossOriginResourceSharingError):
        (WebCore::DocumentThreadableLoader::logErrorAndFail):
        (WebCore::reportContentSecurityPolicyError): Deleted.
        (WebCore::reportCrossOriginResourceSharingError): Deleted.
        (WebCore::reportRedirectionWithBadScheme): Deleted.
        * loader/DocumentThreadableLoader.h:
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoader::logError):
        * loader/ThreadableLoader.h:
        * loader/ThreadableLoaderClientWrapper.h:
        (WebCore::ThreadableLoaderClientWrapper::create):
        (WebCore::ThreadableLoaderClientWrapper::initiator):
        (WebCore::ThreadableLoaderClientWrapper::ThreadableLoaderClientWrapper):
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::WorkerThreadableLoader):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
        (WebCore::WorkerThreadableLoader::MainThreadBridge::didFail):

2016-12-16  Enrique Ocaña González  <eocanha@igalia.com>

        [GStreamer][MSE] Fix build warning in MediaPlayerPrivateGStreamer.cpp using gcc 6.2
        https://bugs.webkit.org/show_bug.cgi?id=165900

        Reviewed by Žan Doberšek.

        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
        (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs):
        Move the variable asignation out of the if condition.

2016-12-16  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement ReadableByteStreamController cancel internal method
        https://bugs.webkit.org/show_bug.cgi?id=165798

        Reviewed by Youenn Fablet.

        Implemented cancel method of ReadableByteStreamController.
        Also fixed small inconsistency in readableByteStreamControllerClose.

        Added one test to check cancel behaviour. More tests may be added as the API is implemented.

        * Modules/streams/ReadableByteStreamInternals.js:
        (privateInitializeReadableByteStreamController): Define cancel internal method.
        (readableByteStreamControllerCancel): Added.
        (readableByteStreamControllerClose): Fixed behaviour (no value should be dequeued).
        * bindings/js/WebCoreBuiltinNames.h: Removed bytesFilled (previous addition was not needed).

2016-12-16  Youenn Fablet  <youennf@gmail.com>

        svg/as-image/svg-image-with-data-uri-use-data-uri.svg is flaky after r207754
        https://bugs.webkit.org/show_bug.cgi?id=163887
        <rdar://problem/29266436>

        Reviewed by Alex Christensen.

        Test: http/tests/security/cross-origin-cached-images-with-memory-pressure.html

        With the introduction of cached resource cloning, an Image may be referenced by several CachedImage.
        This did not work well with Image observer system as it mandates a one-to-one relationship.

        Introducing CachedImageObserver to restore the one-to-one relationship between Image and its observer.
        CachedImageObserver can keep references for more than one CachedImage.

        In the future, it might be better to split more clearly CachedImageObserver and its API from CachedImage.
        Or remove the concept of CachedResource cloning and find new ways to provide CachedResource origin information to clients.

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::load): Moved boolean image observer fields to CachedImageObserver.
        (WebCore::CachedImage::setBodyDataFrom): Keeping a reference of the image observer when cloning the resource.
        (WebCore::CachedImage::createImage): Creating the observer when creating the image.
        (WebCore::CachedImage::CachedImageObserver::CachedImageObserver):
        (WebCore::CachedImage::CachedImageObserver::decodedSizeChanged):
        (WebCore::CachedImage::CachedImageObserver::didDraw):
        (WebCore::CachedImage::CachedImageObserver::animationAdvanced):
        (WebCore::CachedImage::CachedImageObserver::changedInRect):
        (WebCore::CachedImage::clearImage):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::setBodyDataFrom): Now that each cached image receives decodedSizeChanged callback, we need to set its size correctly.

2016-12-15  Joonghun Park  <jh718.park@samsung.com>

        [EFL] Fix debug build break since r209873. Unreviewed.
        https://bugs.webkit.org/show_bug.cgi?id=165945

        No new tests, no new behaviours.

        Use Primitive System Data Type uint64_t instead of unsigned long long.

        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::openInternal):
        * Modules/indexeddb/IDBFactory.h:

2016-12-15  Zalan Bujtas  <zalan@apple.com>

        text-align: justify and word-spacing combine to overflow column
        https://bugs.webkit.org/show_bug.cgi?id=165796
        rdar://problem/29672168

        Reviewed by Myles C. Maxfield.

        The value of the word-spacing property is not applied on the inline-tree boxes (normal line layout)
        with kerning enabled. It causes hittest failures and selection/rendering glitches.
        We normally use the pre-computed 'WordMeasurements' values to figure out the run widths. However
        with kerning on, in some cases we need to re-measure a certain part of the text by calling RenderText::width().
        This function omits the word-spacing value for leading whitespace, so when this text fragment starts with a whitespace,
        (while it's not at the beginning of the run) we have to manually add the word-spacing value back.
        r146087 added this logic with the restriction of applying it only to whitespace-only runs.

        Test: fast/css/word-spacing-with-normal-layout.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::setLogicalWidthForTextRun):

2016-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Stop reinterpret_casting UBreakIterators to the undefined type TextBreakIterator
        https://bugs.webkit.org/show_bug.cgi?id=165931

        Reviewed by Alex Christensen.

        No new tests because there is no behavior change.

        * dom/CharacterData.cpp:
        (WebCore::CharacterData::parserAppendData):
        * editing/TextCheckingHelper.cpp:
        (WebCore::findMisspellings):
        * editing/VisibleUnits.cpp:
        (WebCore::wordBreakIteratorForMinOffsetBoundary):
        (WebCore::wordBreakIteratorForMaxOffsetBoundary):
        (WebCore::isLogicalStartOfWord):
        (WebCore::islogicalEndOfWord):
        (WebCore::visualWordPosition):
        (WebCore::startSentenceBoundary):
        (WebCore::endSentenceBoundary):
        (WebCore::previousSentencePositionBoundary):
        (WebCore::nextSentencePositionBoundary):
        * html/HTMLInputElement.cpp:
        * html/HTMLTextAreaElement.cpp:
        * html/InputType.cpp:
        * html/TextFieldInputType.cpp:
        * html/TextInputType.cpp:
        * platform/graphics/StringTruncator.cpp:
        (WebCore::textBreakAtOrPreceding):
        (WebCore::boundedTextBreakFollowing):
        (WebCore::rightClipToWordBuffer):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::offsetForPosition):
        * platform/text/TextBoundaries.cpp:
        (WebCore::findNextWordFromIndex):
        (WebCore::findWordBoundary):
        (WebCore::findEndWordBoundary):
        * platform/text/mac/TextBoundaries.mm:
        (WebCore::findNextWordFromIndex):
        * rendering/BreakLines.h:
        (WebCore::nextBreakablePositionNonLoosely):
        (WebCore::nextBreakablePositionLoosely):
        * rendering/RenderBlock.cpp:
        * rendering/RenderText.cpp:
        (WebCore::makeCapitalized):
        (WebCore::RenderText::previousOffset):
        (WebCore::RenderText::previousOffsetForBackwardDeletion):
        (WebCore::RenderText::nextOffset):
        * rendering/SimpleLineLayoutTextFragmentIterator.h:
        * rendering/line/LineBreaker.h:

2016-12-15  Darin Adler  <darin@apple.com>

        Use asString instead of toWTFString, toString, or getString when we already checked isString
        https://bugs.webkit.org/show_bug.cgi?id=165895

        Reviewed by Yusuke Suzuki.

        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::extract): Use asString/value instead of toWTFString.

        * Modules/mediastream/SDPProcessor.cpp:
        (WebCore::SDPProcessor::callScript): Use asString/value instead of getString.

        * bindings/js/ArrayValue.cpp:
        (WebCore::ArrayValue::get): Use asString/value instead of toWTFString.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::get): Use asString/length instead of toString/length.
        (WebCore::createIDBKeyFromValue): Use asString/value instead of toWTFString.
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier): Ditto.
        * bindings/js/JSDataCueCustom.cpp:
        (WebCore::constructJSDataCue): Use asString/value instead of getString.
        * bindings/js/JSInspectorFrontendHostCustom.cpp:
        (WebCore::populateContextMenuItems): Use asString/value instead of toWTFString.

        * bindings/js/ScriptController.cpp:
        (WebCore::jsValueToModuleKey): Use asString/toIdentifier instead of
        jsCast<JSString*>/value/Identifier::fromString.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpIfTerminal): Streamline by getting rid of local variable.

        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::getDomainList): Use asString instead of jsCast<JSString*>.
        (WebCore::ContentExtensions::loadTrigger): Use asString/value instead of toWTFString.
        (WebCore::ContentExtensions::loadAction): Ditto.

        * css/FontFace.cpp:
        (WebCore::FontFace::create): Use asString/value instead of getString.

2016-12-15  Zalan Bujtas  <zalan@apple.com>

        Change ::computeLogicalHeight's computedValues out argument to the return value.
        https://bugs.webkit.org/show_bug.cgi?id=165789

        Reviewed by Simon Fraser.

        No change in functionality.

        * html/shadow/SliderThumbElement.cpp:
        (WebCore::RenderSliderContainer::computeLogicalHeight):
        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::RenderImageControlsButton::computeLogicalHeight):
        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::RenderImageControls::computeLogicalHeight):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeBlockPreferredLogicalWidths):
        (WebCore::RenderBlock::estimateRegionRangeForBoxChild):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::updateLogicalHeight):
        (WebCore::RenderBox::computeLogicalHeight):
        (WebCore::RenderBox::computePercentageLogicalHeight):
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing):
        (WebCore::RenderBox::availableLogicalHeightUsing):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::ComputedMarginValues::ComputedMarginValues): Deleted.
        (WebCore::RenderBox::LogicalExtentComputedValues::LogicalExtentComputedValues): Deleted.
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::mainAxisContentExtent):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::computeLogicalHeight):
        * rendering/RenderFlowThread.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::computeLogicalHeight):
        * rendering/RenderListBox.h:
        * rendering/RenderMeter.cpp:
        (WebCore::RenderMeter::computeLogicalHeight):
        * rendering/RenderMeter.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::computeLogicalHeight):
        * rendering/RenderMultiColumnFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::computeLogicalHeight):
        * rendering/RenderMultiColumnSet.h:
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::computeLogicalHeight):
        * rendering/RenderProgress.h:
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::computeLogicalHeight):
        * rendering/RenderTextControl.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::computeLogicalHeight):
        * rendering/RenderView.h:
        * rendering/svg/RenderSVGForeignObject.cpp:
        (WebCore::RenderSVGForeignObject::computeLogicalHeight):
        * rendering/svg/RenderSVGForeignObject.h:

2016-12-15  Chris Dumez  <cdumez@apple.com>

        Make sure HTML validation bubble's state is updated after layout
        https://bugs.webkit.org/show_bug.cgi?id=165922
        <rdar://problem/29694730>

        Reviewed by Simon Fraser.

        Make sure HTML validation bubble's state is updated after layout.
        In particular, if the validation bubble's associated element has
        moved or is no longer visible, we now hide the bubble.

        Tests: fast/forms/validation-bubble-disappears-when-input-detached.html
               fast/forms/validation-bubble-disappears-when-input-moved.html
               fast/forms/validation-bubble-disappears-when-input-no-longer-visible.html

        * page/FrameView.cpp:
        (WebCore::FrameView::viewportContentsChanged):
        * page/Page.cpp:
        (WebCore::Page::updateValidationBubbleStateIfNeeded):
        * page/Page.h:
        * page/ValidationMessageClient.h:

2016-12-15  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove use of Dictionary from JSCryptoAlgorithmDictionary
        https://bugs.webkit.org/show_bug.cgi?id=165919

        Reviewed by Darin Adler.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        * bindings/js/JSCryptoAlgorithmDictionary.h:
        * bindings/js/JSCryptoOperationData.cpp:
        * bindings/js/JSCryptoOperationData.h:
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        Replace simplistic use of Dictionary with simplistic use of direct JSObject
        functions. Also, pass the ExecState by reference.

2016-12-15  Filip Pizlo  <fpizlo@apple.com>

        Get rid of HeapRootVisitor and make SlotVisitor less painful to use
        https://bugs.webkit.org/show_bug.cgi?id=165911

        Reviewed by Geoffrey Garen.

        No new tests because no new behavior.
        
        This updates WebCore code to new JSC API.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::DOMConstructorJSBuiltinObject::visitChildren):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::visitChildren):
        * bindings/js/JSDOMPromise.h:
        (WebCore::DeferredPromise::visitAggregate):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::visitJSFunction):
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::visitChildren):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):

2016-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Sort Xcode project files
        https://bugs.webkit.org/show_bug.cgi?id=165937

        Reviewed by Simon Fraser.

        No new tests because there is no behavior change.

        * WebCore.xcodeproj/project.pbxproj:

2016-12-15  Chris Dumez  <cdumez@apple.com>

        Move charCode / keyCode / which attributes from UIEvent to KeyboardEvent
        https://bugs.webkit.org/show_bug.cgi?id=165904

        Reviewed by Sam Weinig.

        Move 'charCode' / 'keyCode' attributes from UIEvent to KeyboardEvent and add
        'which' to KeyboardEvent to match the specification:
        - https://w3c.github.io/uievents/#legacy-interface-KeyboardEvent

        We keep a 'which' attribute on UIEvent even though the specification does
        not say we should because Firefox and Chrome have 'which' on UIEvent still.

        Specification:
        - 'charCode' / 'keyCode' / 'which' on KeyboardEvent only

        Firefox:
        - 'charCode' / 'keyCode' on KeyboardEvent only
        - 'which' on UIEvent only

        Chrome:
        - 'charCode' / 'keyCode' / 'which' on KeyboardEvent
        - 'which' on UIEvent as well

        Old WebKit behavior:
        - 'charCode' / 'keyCode' / 'which' on UIEvent only

        New WebKit behavior:
        - 'charCode' / 'keyCode' / 'which' on KeyboardEvent
        - 'which' on UIEvent as well

        Our new behavior is identical to Chrome, much closer to the specification,
        and closer to Firefox as well.

        No new tests, updated / rebaselined existing tests.

        * dom/KeyboardEvent.cpp:
        (WebCore::KeyboardEvent::KeyboardEvent):
        (WebCore::KeyboardEvent::keyCode):
        (WebCore::KeyboardEvent::charCode):
        (WebCore::KeyboardEvent::which):
        * dom/KeyboardEvent.h:
        * dom/KeyboardEvent.idl:
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::which):
        * dom/UIEvent.cpp:
        * dom/UIEvent.h:
        * dom/UIEvent.idl:

2016-12-15  Brady Eidson  <beidson@apple.com>

        IndexedDB: Add an "IDBCursorRecord" struct.
        https://bugs.webkit.org/show_bug.cgi?id=165929

        Reviewed by Alex Christensen.

        No new tests (Refactor, no behavior change).

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::currentData):
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        (WebCore::IDBServer::SQLiteIDBCursor::iterate):
        
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        (WebCore::IDBServer::SQLiteIDBCursor::currentKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentValue):

        * Modules/indexeddb/shared/IDBCursorRecord.h: Added.
        (WebCore::IDBCursorRecord::encode):
        (WebCore::IDBCursorRecord::decode):
        
        * WebCore.xcodeproj/project.pbxproj:

2016-12-15  Keith Rollin  <krollin@apple.com>

        Refactor Document::suspend/resume
        https://bugs.webkit.org/show_bug.cgi?id=165921

        Reviewed by Chris Dumez.

        Update Document::suspend to call Document::suspendScheduledTasks
        rather than duplicating the latter's code within itself. Similar
        treatment of Document::resume and Document::resumeScheduledTasks.

        No new tests -- no new functionality, just refactoring existing code.

        * dom/Document.cpp:
        (WebCore::Document::suspend):
        (WebCore::Document::resume):

2016-12-15  Alex Christensen  <achristensen@webkit.org>

        Remove flex and bison build dependencies; commit generated XPath parser
        https://bugs.webkit.org/show_bug.cgi?id=165783

        Reviewed by Brent Fulgham.

        flex and bison are annoying to install and use, especially on Windows.
        Since only XPathGrammar uses them and that's not actively developed, let's just check in the one generated file
        and make building WebKit easier forever!

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * css/makegrammar.pl: Removed.
        * xml/XPathGrammar.cpp: Added.
        (xpathyylex):
        (xpathyyerror):
        (yysyntax_error):
        * xml/XPathGrammar.h: Added.
        * xml/XPathGrammar.y: Rename TEXT to TEXT_ to fix a build error on Windows.  TEXT is already defined.

2016-12-15  Brady Eidson  <beidson@apple.com>

        Enhance some of the logging statements just added for IndexedDB Operation scheduling.

        Rubberstamped by Tim Horton.

        No new tests (No behavior change).

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::iterateCursor):
        (WebCore::IDBTransaction::requestGetRecord):
        (WebCore::IDBTransaction::requestIndexRecord):
        (WebCore::IDBTransaction::requestPutOrAdd):
        
        * Modules/indexeddb/shared/IDBCursorInfo.cpp:
        (WebCore::IDBCursorInfo::loggingString):
        
        * Modules/indexeddb/shared/IDBIterateCursorData.cpp:
        (WebCore::IDBIterateCursorData::loggingString):

2016-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Implement font-synthesis: small-caps
        https://bugs.webkit.org/show_bug.cgi?id=165892

        Reviewed by David Hyatt.

        The CSS Fonts level 4 spec adds a new value to the "font-synthesis"
        property which controls whether or not small-caps is allowed to be
        synthesized. Luckily, we already have an implementation of this
        straightforward, so the implementation is quite simple.

        Tests: css3/font-synthesis-small-caps.html
               fast/text/font-synthesis-parsing.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::fontSynthesisFromStyle):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertFontSynthesis):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontSynthesis):
        * platform/graphics/FontCache.h:
        (WebCore::FontDescriptionKey::makeFlagsKey):
        * platform/graphics/FontDescription.cpp:
        (WebCore::FontDescription::FontDescription):
        * platform/graphics/FontDescription.h:
        (WebCore::FontCascadeDescription::initialFontSynthesis):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::shouldSynthesize):
        (WebCore::ComplexTextController::collectComplexTextRuns):

2016-12-15  Brady Eidson  <beidson@apple.com>

        Add a new Logging Channel for IndexedDB Operation scheduling.
        https://bugs.webkit.org/show_bug.cgi?id=165912

        Reviewed by Alex Christensen.

        No new tests (No behavior change).

        * Modules/indexeddb/IDBDatabase.cpp:
        (WebCore::IDBDatabase::transaction):
        
        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::openInternal):
        (WebCore::IDBFactory::deleteDatabase):
        
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::internalAbort):
        (WebCore::IDBTransaction::commit):
        (WebCore::IDBTransaction::createObjectStore):
        (WebCore::IDBTransaction::renameObjectStore):
        (WebCore::IDBTransaction::createIndex):
        (WebCore::IDBTransaction::renameIndex):
        (WebCore::IDBTransaction::doRequestOpenCursor):
        (WebCore::IDBTransaction::iterateCursor):
        (WebCore::IDBTransaction::requestGetAllObjectStoreRecords):
        (WebCore::IDBTransaction::requestGetAllIndexRecords):
        (WebCore::IDBTransaction::requestGetRecord):
        (WebCore::IDBTransaction::requestIndexRecord):
        (WebCore::IDBTransaction::requestCount):
        (WebCore::IDBTransaction::requestDeleteRecord):
        (WebCore::IDBTransaction::requestClearObjectStore):
        (WebCore::IDBTransaction::requestPutOrAdd):
        (WebCore::IDBTransaction::deleteObjectStore):
        (WebCore::IDBTransaction::deleteIndex):
        
        * Modules/indexeddb/shared/IDBCursorInfo.cpp:
        (WebCore::IDBCursorInfo::loggingString):
        * Modules/indexeddb/shared/IDBCursorInfo.h:
        
        * Modules/indexeddb/shared/IDBGetAllRecordsData.cpp:
        (WebCore::IDBGetAllRecordsData::loggingString):
        * Modules/indexeddb/shared/IDBGetAllRecordsData.h:
        
        * Modules/indexeddb/shared/IDBGetRecordData.cpp:
        (WebCore::IDBGetRecordData::loggingString):
        * Modules/indexeddb/shared/IDBGetRecordData.h:
        
        * Modules/indexeddb/shared/IDBIndexInfo.cpp:
        (WebCore::IDBIndexInfo::condensedLoggingString):
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        
        * Modules/indexeddb/shared/IDBIterateCursorData.cpp:
        (WebCore::IDBIterateCursorData::loggingString):
        * Modules/indexeddb/shared/IDBIterateCursorData.h:
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
        (WebCore::IDBObjectStoreInfo::condensedLoggingString):
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        
        * platform/Logging.h:

2016-12-15  Konstantin Tokarev  <annulen@yandex.ru>

        Added missing override and final specifiers
        https://bugs.webkit.org/show_bug.cgi?id=165903

        Reviewed by Darin Adler.

        No new tests needed.

        * Modules/mediastream/OverconstrainedErrorEvent.h:
        * bindings/js/JSCallbackData.h:
        * bindings/js/JSCustomXPathNSResolver.h:
        * bindings/js/JSErrorHandler.h:
        * css/StyleRuleImport.h:
        * dom/SecurityPolicyViolationEvent.h:
        * editing/CreateLinkCommand.h:
        * editing/DeleteSelectionCommand.h:
        * editing/DictationCommand.h:
        * editing/Editor.cpp:
        * editing/FormatBlockCommand.h:
        * editing/IndentOutdentCommand.h:
        * editing/InsertLineBreakCommand.h:
        * editing/InsertParagraphSeparatorCommand.h:
        * editing/ModifySelectionListLevel.h:
        * editing/MoveSelectionCommand.h:
        * editing/RemoveFormatCommand.h:
        * editing/RemoveNodePreservingChildrenCommand.h:
        * editing/ReplaceSelectionCommand.h:
        * editing/SimplifyMarkupCommand.h:
        * editing/SplitTextNodeContainingElementCommand.h:
        * editing/UnlinkCommand.h:
        * fileapi/FileReaderLoader.h:
        * html/canvas/ANGLEInstancedArrays.h:
        * html/canvas/WebGLVertexArrayObjectBase.h:
        * loader/SinkDocument.h:
        * loader/archive/mhtml/MHTMLArchive.h:
        * page/animation/CSSPropertyAnimation.cpp:
        * platform/audio/MultiChannelResampler.cpp:
        * platform/audio/SincResampler.cpp:
        * platform/audio/gstreamer/AudioDestinationGStreamer.h:
        * platform/audio/gstreamer/AudioSourceProviderGStreamer.h:
        * platform/graphics/TextTrackRepresentation.cpp:
        * platform/graphics/displaylists/DisplayListItems.h:
        * platform/graphics/filters/FEBlend.h:
        * platform/graphics/filters/FEColorMatrix.h:
        * platform/graphics/filters/FEComponentTransfer.h:
        * platform/graphics/filters/FEConvolveMatrix.h:
        * platform/graphics/filters/FEDiffuseLighting.h:
        * platform/graphics/filters/FEDropShadow.h:
        * platform/graphics/filters/FEGaussianBlur.h:
        * platform/graphics/filters/FELighting.h:
        * platform/graphics/filters/FEMerge.h:
        * platform/graphics/filters/FEMorphology.h:
        * platform/graphics/filters/FEOffset.h:
        * platform/graphics/filters/FESpecularLighting.h:
        * platform/graphics/filters/FETile.h:
        * platform/graphics/filters/FETurbulence.h:
        * platform/graphics/filters/SourceAlpha.h:
        * platform/graphics/filters/SourceGraphic.h:
        * platform/graphics/opengl/Extensions3DOpenGL.h:
        * platform/graphics/opengl/Extensions3DOpenGLCommon.h:
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h:
        * platform/mock/GeolocationClientMock.h:
        * platform/text/TextCodecICU.h:
        * platform/text/TextCodecLatin1.h:
        * platform/text/TextCodecUTF16.h:
        * platform/text/TextCodecUTF8.h:
        * platform/text/TextCodecUserDefined.h:
        * rendering/RenderFullScreen.cpp:
        * storage/StorageEvent.h:
        * svg/properties/SVGListProperty.h:
        * svg/properties/SVGStaticListPropertyTearOff.h:
        * svg/properties/SVGStaticPropertyTearOff.h:
        * xml/NativeXPathNSResolver.h:
        * xml/XMLHttpRequestProgressEvent.h:
        * xml/XMLHttpRequestProgressEventThrottle.h:
        * xml/XPathVariableReference.h:
        * xml/XSLImportRule.h:

2016-12-15  Chris Dumez  <cdumez@apple.com>

        Inline Document::existingAXObjectCache()
        https://bugs.webkit.org/show_bug.cgi?id=165906

        Reviewed by Darin Adler.

        Inline Document::existingAXObjectCache() to avoid paying function call
        cost in the common case where AX is disabled.

        * dom/Document.cpp:
        (WebCore::Document::existingAXObjectCacheSlow):
        (WebCore::Document::existingAXObjectCache): Deleted.
        * dom/Document.h:
        (WebCore::Document::existingAXObjectCache):

2016-12-15  Ryan Haddad  <ryanhaddad@apple.com>

        Rebaseline bindings tests after r209864.

        Unreviewed test gardening.

        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        (WebCore::convertDictionary<DictionaryImplName>):

2016-12-15  Andreas Kling  <akling@apple.com>

        Always clear RenderLayer backing stores when going into page cache.
        <https://webkit.org/b/165901>

        Reviewed by Simon Fraser.

        We were already doing this for the iOS and GTK+ ports, let's do it everywhere
        for consistency, and a bit of memory usage improvement.

        This patch just removes the setting and always calls FrameView::clearBackingStores()
        when there is composited content going into page cache.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        * history/PageCache.h:
        (WebCore::PageCache::shouldClearBackingStores): Deleted.
        (WebCore::PageCache::setShouldClearBackingStores): Deleted.

2016-12-15  Darin Adler  <darin@apple.com>

        Remove custom binding for MediaDevices
        https://bugs.webkit.org/show_bug.cgi?id=165894

        Reviewed by Eric Carlson.

        Removes the explicit code to parse the MediaStreamConstraints and
        MediaTrackConstraints. Next step could be to change the internal
        code to use the structs from bindings directly so we don't need
        code to convert to an internal format.

        * CMakeLists.txt: Added MediaTrackConstraints.idl and MediaTrackConstraints.cpp,
        removed JSMediaDevicesCustom.cpp.

        * DerivedSources.make: Added MediaTrackConstraints.idl.
        Also sorted list of IDL files and fixed use of tabs.

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::createMediaConstraintsImpl): Added.
        (WebCore::MediaDevices::getUserMedia): Changed this function to take arguments that
        are generated by the bindings script, and call createMediaConstraintsImpl to convert
        into the internal data structure.
        * Modules/mediastream/MediaDevices.h: Added StreamConstraints struct and changed
        getUserMedia to take that as specified in the IDL.
        * Modules/mediastream/MediaDevices.idl: Added definition of the MediaStreamConstraints
        dictionary. Removed [Custom] from getUserMedia.

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream): Pass a reference to addObserver.
        (WebCore::MediaStream::~MediaStream): Pass a rference to removeObserver.
        (WebCore::MediaStream::internalAddTrack): Ditto.
        (WebCore::MediaStream::internalRemoveTrack): Ditto.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::createMediaConstraintsImpl): Added.
        (WebCore::MediaStreamTrack::applyConstraints): Changed to take an optional
        MediaTrackConstraints argument and call createMediaConstraintsImpl to convert
        into the internal data structure. Also merged the multiple overloads of this
        all into a single function, used auto to make the code easier to read, and
        moved the code that stores new constrains into the success handling, since the
        specification says that's the only case where we should store it.
        (WebCore::MediaStreamTrack::addObserver): Take a reference instead of a pointer.
        (WebCore::MediaStreamTrack::removeObserver): Ditto.
        * Modules/mediastream/MediaStreamTrack.h: Removed many unneeded includes.
        Changed getConstraints to return const MediaTrackConstraints&, applyConstraints
        to take an optional MediaTrackConstraints, add/removeObserver to take a reference
        rather than a pointer, and changed m_constraints to be a MediaTrackConstraints
        instead of a RefPtr<MediaConstraints>.
        * Modules/mediastream/MediaStreamTrack.idl: Removed [Custom] from getConstraints
        and applyConstraints.

        * Modules/mediastream/MediaTrackConstraints.cpp: Added.
        (WebCore::set): Overloaded function to set constriaints in a
        MediaTrackConstraintSetMap.
        (WebCore::convertToInternalForm): Helper function that takes a
        MediaTrackConstraintSet and turns it into a MediaTrackConstraintSetMap.
        (WebCore::convertAdvancedToInternalForm): More of the same, but for vectors.
        (WebCore::createMediaConstraintsImpl): Top level function. Calls the other
        functions and then MediaConstraintsImpl::create.
        * Modules/mediastream/MediaTrackConstraints.h: Added. Contains all the structures
        and type definitions for the dictionaries defined in the IDL file, and also the
        createMediaConstraintsImpl function declaration.
        * Modules/mediastream/MediaTrackConstraints.idl: Added. Contains the
        MediaTrackConstraints and all the other dictionaries and typedefs that are needed
        to define that dictionary.
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::start): Changed to not depend on MediaDevices::Promise.
        (WebCore::UserMediaRequest::UserMediaRequest): Ditto.
        (WebCore::isSecure): Rearranged to be easier to understand.
        (WebCore::UserMediaRequest::start): Removed a local variable for simplicity.
        (WebCore::UserMediaRequest::document): Removed a redundant null check.
        * Modules/mediastream/UserMediaRequest.h: Reduced includes, changed to not depend
        on MediaDevices::Promise, removing the reason to include MediaDevices.h.

        * WebCore.xcodeproj/project.pbxproj: Updated to remove old files and add new ones.

        * bindings/js/JSBindingsAllInOne.cpp: Removed JSMediaDevicesCustom.cpp.

        * bindings/js/JSMediaDevicesCustom.cpp: Removed.
        * bindings/js/JSMediaDevicesCustom.h: Removed.

        * bindings/js/JSMediaStreamTrackCustom.cpp:
        (WebCore::JSMediaStreamTrack::applyConstraints): Deleted.
        (WebCore::JSMediaStreamTrack::getConstraints): Deleted.

        * bindings/scripts/CodeGenerator.pm:
        (ProcessDocument): Updated to allow multiple standalone dictionaries, as long as
        the name of one of the dictionaries matches the name of the file.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDictionary): Added "other dictionaries" argument so we can support
        files with multiple dictionaries in them.
        (GenerateDictionariesHeaderContent): Completed support for dictionaries that
        are not named after a top level interface by added one more check for a missing
        $interface in a place that otherwise would not handle it correctly.
        (GenerateImplementation): Removed code that set $currentCachedAttribute and
        $cacheIndex, since no was reading the value of either any longer.
        (GenerateDictionaryHeader): Added "other dictionaries".
        (GenerateDictionaryImplementation): Ditto.
        (WriteData): Removed unnnecessarily indirect code that was using FileNamePrefix
        and a local variable named $prefix instead of just writing "JS".

        * bindings/scripts/generate-bindings.pl: Corrected the use of the fileparse
        function from the Path::Basename module; after reading the documentation for
        this it is clear that there is no need to first call basename, and fileparse
        should also be used instead of basename.

        * platform/mediastream/MediaConstraints.h: Removed unneeded includes.
        (WebCore::StringConstraint::appendExact): Removed an incorrect use of clear
        here that would mess up cases where there is supposed to be more than one
        exact value.

        * platform/mediastream/MediaStreamTrackPrivate.cpp: Remvoed unneeded includes.
        (WebCore::MediaStreamTrackPrivate::clone): Removed code to copy m_constraints.
        (WebCore::MediaStreamTrackPrivate::constraints): Deleted.
        * platform/mediastream/MediaStreamTrackPrivate.h: Removed the constraints
        function member and the m_constraints data member.

2016-12-15  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Enable CSS Deferred Parsing
        https://bugs.webkit.org/show_bug.cgi?id=165869

        Reviewed by Sam Weinig.

        Enable CSS deferred parsing once again. It's now behind a pref,
        so it's easy to flip off and on.

        To address the memory regression that caused the previous rollout,
        the tokenizer is no longer retained. Instead the sheet text and escaped
        strings are retained by CSSDeferredParser, and then DeferredStyleProperties
        and DeferredStyleGroupRuleList make copies of the tokens from the original
        tokenization process. As the rules get parsed, these tokens get thrown
        away.

        This means that instead of the entire set of tokens staying in memory
        as long as even one unparsed rule remained, now only the tokens that
        still need parsing will remain alive.

        Unparsed rules will consume slightly more memory than parsed rules, but
        the more unparsed rules you have, the bigger the performance win as
        well, so this is a tradeoff. Given that the parsing speed is going up
        by anywhere from 25-40% on cold loads of pages (where all stylesheets
        have to parse), this seems worth it to me.

        * css/parser/CSSParserMode.h:
        * page/Settings.in:

2016-12-15  Alejandro G. Castro  <alex@igalia.com>

        [OWR] Unskip fast/mediastream/MediaStream-video-element-track-stop.html
        https://bugs.webkit.org/show_bug.cgi?id=165316

        Reviewed by Philippe Normand.

        Fixed the ended support of the video element in the OWR player and
        fixed the videoTracks support. Now the OW player properly adds and
        removes the audio and video tracks. Added the getSettings support
        to the mediastream interface. Solved also the size handling in
        some of the enable/muted situations.

        Unskipping fast/mediastream/MediaStream-video-element-track-stop.html.

        * platform/GStreamer.cmake: Added the new
        RealtimeMediaSourceOwr.cpp with the new code handling the
        settings.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
        Release the new video and audio maps that creates a relationship
        of the mediastream tracks with the mediatracks of the video element.
        (WebCore::MediaPlayerPrivateGStreamerOwr::play): Set ended to
        false when we start playing.
        (WebCore::MediaPlayerPrivateGStreamerOwr::load): Create the media
        tracks to the player so that the videoTracks API returns it, and
        add an entry in the map to be able to restore it using the
        mediastream track.
        (WebCore::MediaPlayerPrivateGStreamerOwr::disableMediaTracks):
        Move some part of the stop function to this one in order to use it
        in pause method and avoid changing the video selection in that
        case.
        (WebCore::MediaPlayerPrivateGStreamerOwr::stop): Now we call the
        function disableMediaTracks and we also change teh selected
        videoTrack.
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded): For
        videoTrack reset the size and the selected element. In case there
        is no media playing we Make sure we set the ended variable to true
        and call the timeChange to modify the state of the player.
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
        Handle properly the situation when the user changed the enabled
        value, we disable the media.
        (WebCore::MediaPlayerPrivateGStreamerOwr::setSize): Modify the
        size of the source.
        (WebCore::MediaPlayerPrivateGStreamerOwr::naturalSize): Overrided
        to make sure we return a size even when the sample is not ready
        for gst.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:
        Added the ended attribute and the maps.
        * platform/mediastream/openwebrtc/MediaEndpointOwr.cpp:
        (WebCore::MediaEndpointOwr::createMutedRemoteSource): Use the new
        realtime video and audio sources classes, this new classes
        implement the settings of each type of media element.
        * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
        (WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable):
        Use the new audio and video source classes instead of the general
        one in order to handle the settings properly.
        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.cpp: Added
        (WebCore::RealtimeMediaSourceOwr::settings): Initialize using the
        subclass and return the new currentSettings attribute.
        (WebCore::RealtimeMediaSourceOwr::supportedConstraints): Call the
        subclass initialization of the supportedSettings.
        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h:
        (WebCore::RealtimeMediaSourceOwr::initializeSettings): Added to
        initialize the settings before returning the value. Implemented in
        the subclass.
        (WebCore::RealtimeMediaSourceOwr::initializeSupportedConstraints):
        Added to initialize the supported settings of the
        media. Implemented in the subclass.
        (WebCore::RealtimeMediaSourceOwr::settings): Moved to the cpp
        file, implemented using the initialize functions of the subclass
        * platform/mediastream/openwebrtc/RealtimeVideoSourceOwr.h: Added
        this new class to handle the settings of the video elements. The
        class initializes the settings and the supportedSettings.
        * platform/mediastream/openwebrtc/RealtimeAudioSourceOwr.h: Added
        this new class to handle the settings of the audio elements. The
        class initializes the settings and the supportedSettings.


2016-12-15  Alex Christensen  <achristensen@webkit.org>

        REGRESSION (r208902) Null pointer dereference in wkIsPublicSuffix
        https://bugs.webkit.org/show_bug.cgi?id=165885
        <rdar://problem/29476917>

        Reviewed by Darin Adler.

        wkIsPublicSuffix crashes if you give it a nil NSString*.
        This was possible before IDN2008 adoption, but it's more common now
        because domains like "r4---asdf.example.com" fail in uidna_nameToASCII but not in uidna_IDNToASCII.
        decodeHostName can return a nil NSString.  We can't use it unchecked, so instead we use an algorithm that allows
        for decoding failures while still finding top privately controlled domains correctly.

        Tested by new API tests which crash before this change and verify the behavior matches behavior before r208902.

        * platform/mac/PublicSuffixMac.mm:
        (WebCore::isPublicSuffix):
        (WebCore::topPrivatelyControlledDomain):

2016-12-15  Alex Christensen  <achristensen@webkit.org>

        Fix Windows WebGL build after r209832

        * CMakeLists.txt:

2016-12-14  Hunseop Jeong  <hs85.jeong@samsung.com>

        Unreviewed build fix after r209832

        * platform/graphics/PlatformDisplay.cpp: 
        (WebCore::PlatformDisplay::sharedDisplay): Added the guard for the clang

2016-12-14  Yusuke Suzuki  <utatane.tea@gmail.com>

        [GTK] Support latest SubtleCrypto HMAC APIs
        https://bugs.webkit.org/show_bug.cgi?id=165863

        Reviewed by Sam Weinig.

        SubtleCrypto spec is updated, and new delegate implementations are required to support these interfaces.
        This patch implements platformSign and platformVerify with WorkQueues for gcrypt backend.

        * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:
        (WebCore::calculateSignature):
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        (WebCore::CryptoAlgorithmHMAC::platformVerify):

2016-12-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r209415.

        This workaround is no longer needed now that
        <rdar://problem/29518605> has been fixed

        Reverted changeset:

        "Add HTML interactive form validation blacklist for some
        WebKit-specific sites"
        https://bugs.webkit.org/show_bug.cgi?id=165470
        http://trac.webkit.org/changeset/209415

2016-12-14  Dean Jackson  <dino@apple.com>

        Update prefers-reduced-motion syntax
        https://bugs.webkit.org/show_bug.cgi?id=165880
        <rdar://problems/29671807>

        Reviewed by Sam Weinig.

        After discussion in:
        https://github.com/w3c/csswg-drafts/issues/442
        ... the syntax of prefers-reduced-motion was changed
        to accept "reduce" or "no-preference".

        Updated the tests in fast/media.

        * css/CSSValueKeywords.in: Add no-preference keyword.
        * css/MediaQueryEvaluator.cpp:
        (WebCore::prefersReducedMotionEvaluate):

2016-12-14  Sam Weinig  <sam@webkit.org>

        REGRESSION (204679): Google notifications never load (expecting DOMStringList rather than JS array for Location.ancestorOrigins)
        <rdar://problem/29573563>
        https://bugs.webkit.org/show_bug.cgi?id=165872

        Reviewed by Chris Dumez.

        Revert the Location.ancestorOrigins part of r204679 because google.com is relying on
        it returning a DOMStringList (or at least something with a .item() function), rather
        than a frozen javascript array.
        
        Spec changes are tracked with https://github.com/whatwg/html/issues/2179.

        * page/Location.cpp:
        (WebCore::Location::ancestorOrigins):
        * page/Location.h:
        * page/Location.idl:
        Change Location.ancestorOrigins back to returning a DOMStringList.

2016-12-14  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Rename StyleKeyframe to StyleRuleKeyframe
        https://bugs.webkit.org/show_bug.cgi?id=165876

        Reviewed by Simon Fraser.

        * css/CSSKeyframeRule.cpp:
        (WebCore::StyleRuleKeyframe::StyleRuleKeyframe):
        (WebCore::StyleRuleKeyframe::~StyleRuleKeyframe):
        (WebCore::StyleRuleKeyframe::mutableProperties):
        (WebCore::StyleRuleKeyframe::keyText):
        (WebCore::StyleRuleKeyframe::setKeyText):
        (WebCore::StyleRuleKeyframe::cssText):
        (WebCore::CSSKeyframeRule::CSSKeyframeRule):
        (WebCore::StyleKeyframe::StyleKeyframe): Deleted.
        (WebCore::StyleKeyframe::~StyleKeyframe): Deleted.
        (WebCore::StyleKeyframe::mutableProperties): Deleted.
        (WebCore::StyleKeyframe::keyText): Deleted.
        (WebCore::StyleKeyframe::setKeyText): Deleted.
        (WebCore::StyleKeyframe::cssText): Deleted.
        * css/CSSKeyframeRule.h:
        * css/CSSKeyframesRule.cpp:
        (WebCore::StyleRuleKeyframes::keyframes):
        (WebCore::StyleRuleKeyframes::parserAppendKeyframe):
        (WebCore::StyleRuleKeyframes::wrapperAppendKeyframe):
        (WebCore::CSSKeyframesRule::appendRule):
        (WebCore::CSSKeyframesRule::item):
        * css/CSSKeyframesRule.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::keyframeStylesForAnimation):
        * css/StyleResolver.h:
        * css/StyleRule.cpp:
        (WebCore::StyleRuleBase::destroy):
        * css/StyleRule.h:
        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseKeyframeRule):
        * css/parser/CSSParser.h:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parseDeferredKeyframeList):
        (WebCore::CSSParserImpl::consumeKeyframesRule):
        (WebCore::CSSParserImpl::consumeKeyframeStyleRule):
        * css/parser/CSSParserImpl.h:

2016-12-14  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make deferred parsing retain the sheet text. Fix invalidation to avoid deferred parsing.
        https://bugs.webkit.org/show_bug.cgi?id=165868

        Reviewed by Simon Fraser.

        With this new model of token copying, the sheet text needs to be retained. The tokenizer did this,
        but we're no longer keeping it around.

        StyleInvalidation is also aggressively crawling media rules, even unsupported ones, so fix it
        to avoid deferred parsing.

        * css/StyleInvalidationAnalysis.cpp:
        (WebCore::shouldDirtyAllStyle):
        * css/parser/CSSDeferredParser.cpp:
        (WebCore::CSSDeferredParser::CSSDeferredParser):
        * css/parser/CSSDeferredParser.h:
        (WebCore::CSSDeferredParser::create):
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::CSSParserImpl):

2016-12-14  Ryosuke Niwa  <rniwa@webkit.org>

        iOS: An element with tabindex is not focusable unless there is no mouse event handler
        https://bugs.webkit.org/show_bug.cgi?id=165843

        Reviewed by Antti Koivisto.

        The bug was caused by ancestorRespondingToClickEvents not checking the precense of tabindex attribute.
        Check that condition along with event listeners.

        Test: fast/events/focusing-element-with-tabindex-by-tap-or-click.html

        * page/ios/FrameIOS.mm:
        (WebCore::ancestorRespondingToClickEvents):

2016-12-14  Alex Christensen  <achristensen@webkit.org>

        Progress towards using ANGLE to do WebGL rendering
        https://bugs.webkit.org/show_bug.cgi?id=165864

        Reviewed by Dean Jackson.

        No new tests, no change in behavior.
        Just compile fixes for a configuration that will soon be standard
        that can be landed now without breaking anything.

        * platform/graphics/PlatformDisplay.cpp:
        (WebCore::PlatformDisplay::sharedDisplay):
        Ignore some clang warnings that will cause problems when this is compiled on Mac.

2016-12-14  Dean Jackson  <dino@apple.com>

        [iOS] MediaDocuments have controls on the bottom of the page
        https://bugs.webkit.org/show_bug.cgi?id=165865
        <rdar://problem/28757268>

        Reviewed by Jon Lee.

        MediaDocuments on iOS are incorrectly placing the controls at
        the bottom of the page. This is due to the <video> element
        getting a height of 100%. It should be "auto" instead.

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):

2016-12-14  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Implement deferred parsing of properties, @media, @supports and @keyframes
        https://bugs.webkit.org/show_bug.cgi?id=165743

        Reviewed by Dean Jackson.

        Added new tests in fast/css/deferred-parsing.

        This patch implements deferred parsing in CSS. By default, when parsing
        author stylesheets, the parser goes into a deferred mode where it leaves
        the declaration block of all style rules unparsed initially. Instead of
        creating and setting an ImmutableStyleProperties object on the StyleRule,
        the parser creates a DeferredStyleProperties object instead that is
        capable of calling into CSSDeferredParser to parse the properties and values
        only when the properties are finally asked for.

        In addition, this patch defers the parsing of the interior of @media,
        @supports, and @keyframes rules. @media blocks that are never matched will
        never parse any of the rules inside. @supports conditions for unsupported
        features will also not be parsed. For @keyframes, if the animation is never
        referenced/used, then the @keyframes child rules will never be parsed.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Add CSSDeferredParser to the build.

        * css/CSSFontFaceSet.cpp:
        (WebCore::CSSFontFaceSet::matchingFaces):
        Patched to drop the StyleSheetContents* argument from parseValue, since it
        is no longer needed.

        * css/CSSKeyframesRule.cpp:
        (WebCore::StyleRuleKeyframes::StyleRuleKeyframes):
        (WebCore::StyleRuleKeyframes::parseDeferredRulesIfNeeded):
        (WebCore::StyleRuleKeyframes::keyframes):
        (WebCore::StyleRuleKeyframes::wrapperAppendKeyframe):
        (WebCore::StyleRuleKeyframes::wrapperRemoveKeyframe):
        (WebCore::StyleRuleKeyframes::findKeyframeIndex):
        * css/CSSKeyframesRule.h:
        Keyframes now hold both a keyframes Vector and a DeferredStyleGroupRuleList
        object. The keyframes vector won't be populated until it is needed, and the
        population is done by DeferredStyleGroupRuleList, which holds both the original
        tokens of the keyframes rule interior, and a references to the
        CSSDeferredParser that will do the parsing.

        * css/DOMCSSNamespace.cpp:
        (WebCore::DOMCSSNamespace::supports):
        Patched to drop the StyleSheetContents* argument from parseValue, since it
        is no longer needed.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        ElementRuleCollector tests to see if a rule is empty by counting properties(),
        but we don't want to initiate deferred parsing just to check this. Instead we
        invoke propertiesWithoutDeferredParsing, which will hand back a nullptr if
        the properties haven't been parsed yet. In order to ensure this optimization
        continues to work, any rules whose interiors consist of only whitespace do
        not get deferred.

        * css/FontFace.cpp:
        (WebCore::FontFace::setVariant):
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::setProperty):
        (WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal):
        Patched to drop the StyleSheetContents* argument from parseValue, since it
        is no longer needed.

        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::MutableStyleProperties):
        (WebCore::MutableStyleProperties::setProperty):
        (WebCore::DeferredStyleProperties::create):
        (WebCore::DeferredStyleProperties::DeferredStyleProperties):
        (WebCore::DeferredStyleProperties::~DeferredStyleProperties):
        (WebCore::DeferredStyleProperties::parseDeferredProperties):
        * css/StyleProperties.h:
        (WebCore::StylePropertiesBase::type):
        (WebCore::StylePropertiesBase::cssParserMode):
        (WebCore::StylePropertiesBase::StylePropertiesBase):
        (WebCore::StyleProperties::isMutable):
        (WebCore::StyleProperties::StyleProperties):
        (WebCore::StylePropertiesBase::deref):
        (isType):
        (WebCore::StyleProperties::cssParserMode): Deleted.
        (WebCore::StyleProperties::deref): Deleted.
        Right now StyleProperties has two subclasses, ImmutableStyleProperties (which
        is created by the parser when not deferring), and MutableStyleProperties (used
        when making changes and doing DOM Manipulations).

        This patch adds a new base class called StylePropertiesBase, and StyleProperties
        now derives from it. DeferredStyleProperties derives from this base. The members
        of StyleProperties have been moved up into StylePropertiesBase.

        The m_isMutable bit, used to determine the type for downcasting has been enhanced
        to m_type (2 bits), since there are now three possible subclasses.

        * css/StyleRule.cpp:
        (WebCore::StyleRule::StyleRule):
        (WebCore::StyleRule::properties):
        (WebCore::StyleRule::mutableProperties):
        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):
        Patched to ensure that when properties() are accessed, that if the current
        stored StylePropertyBase in the rule is a DeferredStyleProperties, we then
        parse and replace DeferredStyleProperties with ImmutableStyleProperties on the
        rule. By using a common base class, we avoid increasing memory usage in
        StyleRule.

        (WebCore::DeferredStyleGroupRuleList::create):
        (WebCore::DeferredStyleGroupRuleList::DeferredStyleGroupRuleList):
        (WebCore::DeferredStyleGroupRuleList::parseDeferredRules):
        (WebCore::DeferredStyleGroupRuleList::parseDeferredKeyframes):
        DeferredStyleGroupList is used to handle deferred parsing of objects with
        child rules. These include @media, @supports and @keyframes.

        (WebCore::StyleRuleGroup::StyleRuleGroup):
        (WebCore::StyleRuleGroup::childRules):
        (WebCore::StyleRuleGroup::wrapperInsertRule):
        (WebCore::StyleRuleGroup::wrapperRemoveRule):
        (WebCore::StyleRuleGroup::parseDeferredRulesIfNeeded):
        (WebCore::StyleRuleMedia::StyleRuleMedia):
        (WebCore::StyleRuleSupports::StyleRuleSupports):
        StyleRuleGroup now holds both a child rules Vector and a
        DeferredStyleGroupRuleList. If DeferredStyleGroupRuleList is set, then
        when the childRules are finally accessed, we will populate the childRules
        Vector and then null out the DeferredStyleGroupRuleList.

        * css/StyleRule.h:
        (WebCore::StyleRule::propertiesWithoutDeferredParsing):
        (WebCore::StyleRuleGroup::childRulesWithoutDeferredParsing):
        (WebCore::StyleRuleGroup::childRules): Deleted.
        Add new accesors for fetching properties and child rules without causing
        deferred parsing to happen.

        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::parseString):
        Patched to turn on deferred parsing for author sheets and for all
        non-UA stylesheets parsed from a string (e.g., <style>).

        (WebCore::traverseSubresourcesInRules):
        The broken resource check was aggressively accessing properties(). Patch
        it to call propertiesWithoutDeferredParsing() instead so that it doesn't
        defeat the new optimization.

        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::setMatrixValue):
        Patched to drop the StyleSheetContents* argument from parseValue, since it
        is no longer needed.

        * css/parser/CSSDeferredParser.cpp: Added.
        (WebCore::CSSDeferredParser::CSSDeferredParser):
        (WebCore::CSSDeferredParser::parseDeclaration):
        (WebCore::CSSDeferredParser::parseRuleList):
        (WebCore::CSSDeferredParser::parseKeyframeList):
        * css/parser/CSSDeferredParser.h: Added.
        (WebCore::CSSDeferredParser::create):
        (WebCore::CSSDeferredParser::tokenizer):
        (WebCore::CSSDeferredParser::mode):
        (WebCore::CSSDeferredParser::context):
        (WebCore::CSSDeferredParser::styleSheet):
        The CSSDeferredParser. It caches the original tokenizer's' escaped strings. Because
        the CSSDeferredParser is referenced by all the rules that have yet to parse,
        it will stay alive until all rules in the stylesheet has been fully parsed.

        The parser receives CSSParserTokenRanges from DeferredStyleProperties or
        DeferredStyleGroupRuleList and feeds them to CSSParserImpl, which then
        is able to do the parsing as it would have occurred originally had the
        range not been deferred.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseSheet):
        (WebCore::CSSParser::parseSupportsCondition):
        (WebCore::CSSParser::parseSingleValue):
        (WebCore::CSSParser::parseValue):
        * css/parser/CSSParser.h:
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        (WebCore::parseKeywordValue):
        (WebCore::CSSParserFastPaths::maybeParseValue):
        * css/parser/CSSParserFastPaths.h:
        Drop the StyleSheetContents* argument from the methods that no longer need
        them.

        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::CSSParserImpl):
        (WebCore::CSSParserImpl::tokenizer):
        (WebCore::CSSParserImpl::parseValue):
        (WebCore::CSSParserImpl::parseCustomPropertyValue):
        (WebCore::CSSParserImpl::parseDeclarationList):
        (WebCore::CSSParserImpl::parseInlineStyleDeclaration):
        (WebCore::CSSParserImpl::parseRule):
        (WebCore::CSSParserImpl::parseStyleSheet):
        (WebCore::CSSParserImpl::parseDeclarationListForInspector):
        (WebCore::CSSParserImpl::parseStyleSheetForInspector):
        (WebCore::CSSParserImpl::consumeQualifiedRule):
        (WebCore::CSSParserImpl::consumeMediaRule):
        (WebCore::CSSParserImpl::consumeSupportsRule):
        (WebCore::CSSParserImpl::consumeKeyframesRule):
        (WebCore::CSSParserImpl::consumeStyleRule):
        Drop the StyleSheetContents* argument from the methods that no longer need
        them.

        (WebCore::CSSParserImpl::createDeferredStyleProperties):
        (WebCore::CSSParserImpl::parseDeferredDeclaration):
        (WebCore::CSSParserImpl::parseDeferredRuleList):
        (WebCore::CSSParserImpl::parseDeferredKeyframeList):
        The methods that handle deferred parsing. They make sure to initialize
        new CSSParserImpls with the original deferred parser, and then call existing
        methods to do the parsing.

        * css/parser/CSSParserImpl.h:
        Patched to remove StyleSheetContents* arguments from some methods and
        to add the new deferred parsing methods.

        * css/parser/CSSParserTokenRange.cpp:
        (WebCore::CSSParserTokenRange::consumeBlockCheckingForEditability):
        * css/parser/CSSParserTokenRange.h:
        In order to preserve the editability optimization from r180867, when
        a style rule's block is consumed, we use a special method that looks
        for -webkit-user-modify tokens. If one is seen, then the editability
        optimization is turned off. Because we do this at the token level,
        the optimization keeps working even if properties don't get parsed.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::parseSingleValue):
        (WebCore::CSSPropertyParser::parseFontFaceDescriptor):
        (WebCore::CSSPropertyParser::consumeFont):
        (WebCore::CSSPropertyParser::parseShorthand):
        Patched to remove StyleSheetContents* arguments now that the editability
        check is in CSSTokenizer instead.

        * css/parser/CSSTokenizer.cpp:
        (WebCore::CSSTokenizer::tokenRange):
        * css/parser/CSSTokenizer.h:
        Make tokenRange() const.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::setFont):
        Patched to drop the StyleSheetContents* argument.

        * testing/Internals.cpp:
        (WebCore::deferredStyleRulesCountForList):
        (WebCore::Internals::deferredStyleRulesCount):
        (WebCore::deferredGroupRulesCountForList):
        (WebCore::Internals::deferredGroupRulesCount):
        (WebCore::deferredKeyframesRulesCountForList):
        (WebCore::Internals::deferredKeyframesRulesCount):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add new testing methods that can count the deferred style rules and
        group child rule lists. These methods are used by the new layout tests.

2016-12-14  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Massively speedup IDBIndex.get().
        https://bugs.webkit.org/show_bug.cgi?id=165802

        Reviewed by Alex Christensen.

        No new tests (No behavior change to Javascript, table upgrade change covered by API test).

        This change upgrades the IndexRecords schema to include the ObjectStore record ID for the referenced record.
        It also adds a SQLite Index-by-key on IndexRecords.

        This speeds up PerformanceTests/IndexedDB/index-get.html by 15-20x.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::v3IndexRecordsTableSchema):
        (WebCore::IDBServer::v3IndexRecordsTableSchemaAlternate):
        (WebCore::IDBServer::v1IndexRecordsIndexSchema):
        (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidIndexRecordsTable):
        (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidIndexRecordsIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateOneIndexForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetIndexRecordForOneKey):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::markAsErrored):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID):

2016-12-14  Sam Weinig  <sam@webkit.org>

        Actually set the shipping contact when validating the payment request

        Reviewed by Anders Carlsson.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::convertAndValidate):
        Fix typo.

2016-12-14  John Wilander  <wilander@apple.com>

        Handle key generation with empty challenge string
        https://bugs.webkit.org/show_bug.cgi?id=165835
        <rdar://problem/29128710>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=160945 didn't set the challenge length to
        1 for empty challenge strings. Thus the null terminator was not included. Empty
        challenge strings are allowed:
        "If the element has a challenge attribute, then let challenge be that attribute's
        value. Otherwise, let challenge be the empty string."
        https://www.w3.org/TR/html5/forms.html#the-keygen-element (fetched 2016-12-13)

        Email certificate generation at
        https://www.comodo.com/home/email-security/free-email-certificate.php broke
        because of https://bugs.webkit.org/show_bug.cgi?id=160945.

        No new tests. The original patch did not have tests and the breakage was in the
        produced key material so a test would have to validate the crypto output.

        * platform/mac/SSLKeyGeneratorMac.mm:
        (WebCore::signedPublicKeyAndChallengeString):
            Now adds 1 to the length of the challenge to account for its null terminator.
            This matches the old behavior.

2016-12-14  Daniel Bates  <dabates@apple.com>

        CSP: Allow HTTPS URL to match HTTP source expression
        https://bugs.webkit.org/show_bug.cgi?id=159520
        <rdar://problem/27287177>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/contentSecurityPolicy/script-src-parsing-implicit-and-explicit-port-number.html

        * page/csp/ContentSecurityPolicySource.cpp:
        (WebCore::ContentSecurityPolicySource::schemeMatches):
        (WebCore::ContentSecurityPolicySource::portMatches):

2016-12-14  Alex Christensen  <achristensen@webkit.org>

        REGRESSION (r209776): [ios-simulator] LayoutTest http/tests/xmlhttprequest/on-network-timeout-error-during-preflight.html is timing out
        https://bugs.webkit.org/show_bug.cgi?id=165836

        Reviewed by Brady Eidson.

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::createAccessControlPreflightRequest):
        Use the platform default timeout for CORS preflight requests.

2016-12-14  Antti Koivisto  <antti@apple.com>

        WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
        https://bugs.webkit.org/show_bug.cgi?id=165852
        <rdar://problem/27297153>

        Reviewed by Chris Dumez.

        There appears to be some path where we get here with a null frame.
        No test, don't know how exactly this happens.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::outgoingReferrer):

            Null check the frame.

2016-12-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r209766.

        Regressed Dromaeo JSLib by ~50%

        Reverted changeset:

        "Make opaque root scanning truly constraint-based"
        https://bugs.webkit.org/show_bug.cgi?id=165760
        http://trac.webkit.org/changeset/209766

2016-12-14  Andy Estes  <aestes@apple.com>

        EventDispatcher::dispatchEvent() should take its Node by reference
        https://bugs.webkit.org/show_bug.cgi?id=165840

        Reviewed by Andreas Kling.

        No new tests. No change in behavior.

        * dom/Element.cpp:
        (WebCore::Element::dispatchWheelEvent): Dereferenced |this| when calling
        EventDispatcher::dispatchEvent().
        (WebCore::Element::dispatchKeyEvent): Ditto.
        (WebCore::Element::dispatchFocusEvent): Ditto.
        (WebCore::Element::dispatchBlurEvent): Ditto.
        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchEvent): Changed |origin| from a Node* to a Node&, renamed
        it to |node|, and protected it with a Ref called |protectedNode| to match our preferred
        style.
        * dom/EventDispatcher.h: Changed dispatchEvent's first parameter type from Node* to Node&.
        * dom/Node.cpp:
        (WebCore::Node::dispatchEvent): Dereferenced |this| when calling
        EventDispatcher::dispatchEvent().
        (WebCore::Node::dispatchTouchEvent): Ditto.
        (WebCore::Node::dispatchUIRequestEvent): Ditto.
        * dom/ScopedEventQueue.cpp:
        (WebCore::ScopedEventQueue::dispatchEvent): Dereferenced |node| when calling
        EventDispatcher::dispatchEvent().
        * dom/SimulatedClick.cpp:
        (WebCore::simulateMouseEvent): Passed |element| as a reference to
        EventDispatcher::dispatchEvent().

2016-12-14  Chris Dumez  <cdumez@apple.com>

        Remove Unicode case-insensitive matching for usemap=""
        https://bugs.webkit.org/show_bug.cgi?id=163894

        Reviewed by Antti Koivisto.

        Remove Unicode case-insensitive matching for usemap="" as this no longer
        matches the specification [1] or Firefox. Also align our parsing logic for
        the usemap attribute to match the specification [2].

        This simplifies the code a bit, is more efficient and the compatibility
        risk should be low based on Firefox's behavior and Chome's usage data.

        [1] https://github.com/whatwg/html/commit/6acdb2122298d2bb7bb839c0a61b4e1f9b0f9bc9
        [2] https://html.spec.whatwg.org/#rules-for-parsing-a-hash-name-reference

        Test: fast/images/image-usemap-parsing.html

        * dom/Document.cpp:
        (WebCore::Document::addImageElementByUsemap):
        (WebCore::Document::removeImageElementByUsemap):
        (WebCore::Document::imageElementByUsemap):
        * dom/Document.h:
        * dom/DocumentOrderedMap.cpp:
        (WebCore::DocumentOrderedMap::getElementByUsemap):
        * dom/DocumentOrderedMap.h:
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::getImageMap):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::parseAttribute):
        (WebCore::HTMLImageElement::insertedInto):
        (WebCore::HTMLImageElement::removedFrom):
        (WebCore::HTMLImageElement::matchesUsemap):
        * html/HTMLImageElement.h:
        * html/HTMLMapElement.cpp:
        (WebCore::HTMLMapElement::imageElement):
        (WebCore::HTMLMapElement::parseAttribute):
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::parseHTMLHashNameReference):
        * html/parser/HTMLParserIdioms.h:

2016-12-14  Ryan Haddad  <ryanhaddad@apple.com>

        Attempt to fix the Windows build after r209805.

        Unreviewed build fix.

        * css/CSSAllInOne.cpp:

2016-12-14  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Remove WebkitCSSTransformValue
        https://bugs.webkit.org/show_bug.cgi?id=165844

        Reviewed by Zalan Bujtas.

        Remove WebkitCSSTransformValue and just use a CSSFunctionValue instead. No other
        browsers support it, and the information it provides is easily obtainable from cssText.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::matrixTransformValue):
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        (WebCore::CSSValue::cloneForCSSOM):
        * css/CSSValue.h:
        (WebCore::CSSValue::isSpringTimingFunctionValue):
        (WebCore::CSSValue::isWebKitCSSTransformValue): Deleted.
        * css/StyleResolver.cpp:
        * css/TransformFunctions.cpp:
        (WebCore::transformOperationType):
        (WebCore::transformsForValue):
        * css/TransformFunctions.h:
        * css/WebKitCSSTransformValue.cpp: Removed.
        * css/WebKitCSSTransformValue.h: Removed.
        * css/WebKitCSSTransformValue.idl: Removed.
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::parseTransformTranslateArguments):
        (WebCore::parseTransformNumberArguments):
        (WebCore::parseSimpleTransformValue):
        (WebCore::parseSimpleTransformList):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeTranslate3d):
        (WebCore::consumeNumbers):
        (WebCore::consumePerspective):
        (WebCore::consumeTransformValue):
        (WebCore::transformOperationForCSSValueID): Deleted.

2016-12-14  Antti Koivisto  <antti@apple.com>

        Make Style::Update const in RenderTreeUpdater
        https://bugs.webkit.org/show_bug.cgi?id=165845

        Reviewed by Andreas Kling.

        Moving style away from unique_ptrs leaves them in weird state.

        * style/RenderTreeUpdater.cpp:
        (WebCore::findRenderingRoots):
        (WebCore::RenderTreeUpdater::commit):
        (WebCore::RenderTreeUpdater::updateElementRenderer):

            Clone the style instead of moving it. This is not meaningfully more expensive.
            Remove null checks, style is never null.

        * style/RenderTreeUpdater.h:

2016-12-13  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use JSValue::toWTFString instead of calling toString(exec) and value(exec)
        https://bugs.webkit.org/show_bug.cgi?id=165795

        Reviewed by Saam Barati.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::createIDBKeyFromValue):
        * bindings/js/JSAudioTrackCustom.cpp:
        (WebCore::JSAudioTrack::setKind):
        (WebCore::JSAudioTrack::setLanguage):
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
        * bindings/js/JSDeviceOrientationEventCustom.cpp:
        (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        (WebCore::JSHTMLAllCollection::namedItem):
        * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
        (WebCore::JSHTMLFormControlsCollection::namedItem):
        * bindings/js/JSHTMLInputElementCustom.cpp:
        (WebCore::JSHTMLInputElement::setSelectionDirection):
        * bindings/js/JSInspectorFrontendHostCustom.cpp:
        (WebCore::populateContextMenuItems):
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::handleInitMessageEvent):
        * bindings/js/JSSQLTransactionCustom.cpp:
        (WebCore::JSSQLTransaction::executeSql):
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrack::setLanguage):
        * bindings/js/JSVideoTrackCustom.cpp:
        (WebCore::JSVideoTrack::setKind):
        (WebCore::JSVideoTrack::setLanguage):
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        (WebCore::cryptoKeyFormatFromJSValue):
        (WebCore::cryptoKeyUsagesFromJSValue):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::send):
        * bindings/js/JSXSLTProcessorCustom.cpp:
        (WebCore::JSXSLTProcessor::setParameter):
        (WebCore::JSXSLTProcessor::getParameter):
        (WebCore::JSXSLTProcessor::removeParameter):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::create):
        * bridge/c/c_utility.cpp:
        (JSC::Bindings::convertValueToNPVariant):
        * bridge/testbindings.cpp:
        (main):

2016-12-14  Joonghun Park  <jh718.park@samsung.com>

        [EFL] Fix debug build break since r207192. Unreviewed.
        https://bugs.webkit.org/show_bug.cgi?id=165847

        No new tests, no new behaviours.

        In JSDOMBinding.h, JSClass::info() returns each js class's
        "static const JSC::ClassInfo s_info"'s address.
        It's static variable's address, so always non-null.

        * bindings/js/JSDOMBinding.h:
        (WebCore::BindingCaller::callPromiseOperation):
        (WebCore::BindingCaller::callOperation):
        (WebCore::BindingCaller::setAttribute):
        (WebCore::BindingCaller::attribute):

2016-12-14  Enrique Ocaña González  <eocanha@igalia.com>

        REGRESSION(r207879-207891): [GStreamer] Introduced many layout test failures and crashes, bots exiting early
        https://bugs.webkit.org/show_bug.cgi?id=164022

        Reviewed by Xabier Rodriguez-Calvar.

        Covered by existing tests.

        * page/Settings.cpp:
        Added new setting to disable GStreamer players, so the selection of
        MockMediaPlayerMediaSource can be forced for some tests, just like
        it's already being done for the AVFoundation player in Mac.
        (WebCore::Settings::setGStreamerEnabled):
        * page/Settings.h:
        (WebCore::Settings::isGStreamerEnabled):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::buildMediaEnginesVector):
        Don't register GStreamer players when they're disabled.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::durationMediaTime):
        Use doubles instead of floats.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        Use doubles instead of floats for m_durationAtEOS.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        Don't reset m_sample on videoSink drain, it causes too many problems.
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSink):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        Removed unused methods.
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        Keep releasing m_sample on drain, but don't report the event
        externally via signal anymore. The base player private isn't
        listening to it anymore.
        (webkitVideoSinkEvent):
        (webkit_video_sink_class_init):
        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
        Check if the demuxer caps correspond to a supported codec.
        (WebCore::AppendPipeline::didReceiveInitializationSegment):
        Empty m_track is now legal and means unsupported codec.
        (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
        Warn about more than one stream, but "support" it by ignoring it using
        a black hole probe.
        (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsink):
        Also report the duration when it's detected for the first time. Invalid
        stream types now mean that unsupported codecs have been detected.
        Complete init segment processing in that case.
        (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
        Disconnect black hole probe.
        (WebCore::appendPipelineDemuxerBlackHolePadProbe): Ignore buffers.
        (WebCore::appendPipelineDemuxerPadRemoved): New parameter used.
        * platform/graphics/gstreamer/mse/AppendPipeline.h:
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
        (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs):
        Check supported codecs by matching against wildcard expressions.
        (WebCore::MediaPlayerPrivateGStreamerMSE::supportsType):
        Check for supported codecs.
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:
        New supportsCodecs() method.
        * platform/graphics/gstreamer/mse/MediaSourceClientGStreamerMSE.cpp:
        (WebCore::MediaSourceClientGStreamerMSE::resetParserState):
        Implemented parser resetting by aborting the AppendPipeline.
        * platform/graphics/gstreamer/mse/MediaSourceClientGStreamerMSE.h:
        Added resetParserState().
        * platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.cpp:
        (WebCore::SourceBufferPrivateGStreamer::resetParserState):
        Implemented it.
        * testing/Internals.cpp:
        (WebCore::Internals::initializeMockMediaSource):
        Disable the GStreamer players when initializing the mock media source,
        like it's already done for the AVFoundation player to force the
        selection of MockMediaPlayerMediaSource.

2016-12-14  Enrique Ocaña González  <eocanha@igalia.com>

        [GStreamer][MSE] Fix player private selection when MSE is enabled
        https://bugs.webkit.org/show_bug.cgi?id=164116

        Reviewed by Philippe Normand.

        Covered by existing tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::load):
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
        (WebCore::MediaPlayerPrivateGStreamerMSE::load):

2016-12-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r209792.
        https://bugs.webkit.org/show_bug.cgi?id=165841

        Cause build failures (Requested by yusukesuzuki on #webkit).

        Reverted changeset:

        "Use JSValue::toWTFString instead of calling toString(exec)
        and value(exec)"
        https://bugs.webkit.org/show_bug.cgi?id=165795
        http://trac.webkit.org/changeset/209792

2016-12-13  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use JSValue::toWTFString instead of calling toString(exec) and value(exec)
        https://bugs.webkit.org/show_bug.cgi?id=165795

        Reviewed by Saam Barati.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::createIDBKeyFromValue):
        (WebCore::getNthValueOnKeyPath): Deleted.
        (WebCore::internalCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
        (WebCore::ensureNthValueOnKeyPath): Deleted.
        (WebCore::canInjectNthValueOnKeyPath): Deleted.
        (WebCore::injectIDBKeyIntoScriptValue): Deleted.
        (WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
        (WebCore::canInjectIDBKeyIntoScriptValue): Deleted.
        (WebCore::deserializeIDBValueToJSValue): Deleted.
        (WebCore::scriptValueToIDBKey): Deleted.
        (WebCore::idbKeyDataToScriptValue): Deleted.
        (WebCore::createKeyPathArray): Deleted.
        (WebCore::generateIndexKeyForValue): Deleted.
        * bindings/js/JSAudioTrackCustom.cpp:
        (WebCore::JSAudioTrack::setKind):
        (WebCore::JSAudioTrack::setLanguage):
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation):
        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
        * bindings/js/JSDeviceOrientationEventCustom.cpp:
        (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        (WebCore::JSEventListener::virtualisAttribute): Deleted.
        (WebCore::JSEventListener::operator==): Deleted.
        (WebCore::eventHandlerAttribute): Deleted.
        (WebCore::createEventListenerForEventHandlerAttribute): Deleted.
        (WebCore::setEventHandlerAttribute): Deleted.
        (WebCore::windowEventHandlerAttribute): Deleted.
        (WebCore::setWindowEventHandlerAttribute): Deleted.
        (WebCore::documentEventHandlerAttribute): Deleted.
        (WebCore::setDocumentEventHandlerAttribute): Deleted.
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        (WebCore::JSHTMLAllCollection::namedItem):
        * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
        (WebCore::JSHTMLFormControlsCollection::namedItem):
        * bindings/js/JSHTMLInputElementCustom.cpp:
        (WebCore::JSHTMLInputElement::setSelectionDirection):
        (WebCore::JSHTMLInputElement::setSelectionRange): Deleted.
        * bindings/js/JSInspectorFrontendHostCustom.cpp:
        (WebCore::populateContextMenuItems):
        (WebCore::JSInspectorFrontendHost::showContextMenu): Deleted.
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::handleInitMessageEvent):
        * bindings/js/JSSQLTransactionCustom.cpp:
        (WebCore::JSSQLTransaction::executeSql):
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrack::setLanguage):
        * bindings/js/JSVideoTrackCustom.cpp:
        (WebCore::JSVideoTrack::setKind):
        (WebCore::JSVideoTrack::setLanguage):
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        (WebCore::cryptoKeyFormatFromJSValue):
        (WebCore::cryptoKeyUsagesFromJSValue):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::send):
        (WebCore::JSXMLHttpRequest::responseText): Deleted.
        (WebCore::JSXMLHttpRequest::retrieveResponse): Deleted.
        * bindings/js/JSXSLTProcessorCustom.cpp:
        (WebCore::JSXSLTProcessor::setParameter):
        (WebCore::JSXSLTProcessor::getParameter):
        (WebCore::JSXSLTProcessor::removeParameter):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::create):
        * bridge/c/c_utility.cpp:
        (JSC::Bindings::convertValueToNPVariant):
        * bridge/testbindings.cpp:
        (main):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):

2016-12-13  Yusuke Suzuki  <utatane.tea@gmail.com>

        ASSERTION FAILED: hasParserBlockingScript() seen with js/dom/modules/module-will-fire-beforeload.html
        https://bugs.webkit.org/show_bug.cgi?id=164883

        Reviewed by Ryosuke Niwa.

        This is *attempt to fix* patch since I cannot reproduce the crash reported in this issue.
        One possible scenario of this crash is the following.

        1. There is pending deferred scripts, that is not fetched yet.
        2. Then, we start watching on the script. And stop document parser.
        3. The document parser is stopped/detached by calling finishJSTest in beforeload.
        4. At this critical timing, (2)'s script is fetched, and notifyFinished is called since it is watched.

        In this patch, we ignore the script execution if the document parser is stopped / detached.
        Previously, it goes into the wrong path. And it causes assertion failure.

        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::notifyFinished):

2016-12-13  Keith Rollin  <krollin@apple.com>

        Memory warning logging appears to capture resident footprint, missing compress/swap.
        https://bugs.webkit.org/show_bug.cgi?id=165533
        <rdar://problem/29318410>

        Reviewed by Daniel Bates.

        Fix GTK build by adding an explicit constructor.

        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::ReliefLogger::MemoryUsage::MemoryUsage):

2016-12-13  Daniel Bates  <dabates@apple.com>

        CSP: ws: and wss: blocked with connect-src *
        https://bugs.webkit.org/show_bug.cgi?id=165804
        <rdar://problem/28563643>

        Reviewed by David Kilzer.

        Allow * to match ws: and wss:. This will make our behavior of * more closely conform
        the behavior of * in the Content Security Policy Level 3 spec.,
        <https://w3c.github.io/webappsec-csp/#match-url-to-source-expression> (Editor's Draft, 2 December 2016).

        Tests: http/tests/security/contentSecurityPolicy/connect-src-star-secure-websocket-allowed.html
               http/tests/security/contentSecurityPolicy/connect-src-star-websocket-allowed.html
               http/tests/security/contentSecurityPolicy/default-src-star-secure-websocket-allowed.html
               http/tests/security/contentSecurityPolicy/default-src-star-websocket-allowed.html

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

2016-12-13  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make CSSFunctionValue derive from CSSValueList
        https://bugs.webkit.org/show_bug.cgi?id=165832

        Reviewed by Dean Jackson.

        With the old parser gone, we can now shrink CSSFunctionValue a bit by
        having it derive from CSSValueList instead of having an extra member
        that holds a value list of arguments. This is similar to the trick
        already employed by WebkitCSSTransformValue.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::specifiedValueForGridTrackSize):
        * css/CSSFunctionValue.cpp:
        (WebCore::CSSFunctionValue::customCSSText):
        (WebCore::CSSFunctionValue::CSSFunctionValue): Deleted.
        (WebCore::CSSFunctionValue::equals): Deleted.
        (WebCore::CSSFunctionValue::append): Deleted.
        * css/CSSFunctionValue.h:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertScrollSnapPoints):
        (WebCore::StyleBuilderConverter::createGridTrackSize):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::createFilterOperations):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::isGridTrackFixedSized):

2016-12-13  Chris Dumez  <cdumez@apple.com>

        Make Document a FrameDestructionObserver
        https://bugs.webkit.org/show_bug.cgi?id=165810
        <rdar://problem/29157645>

        Reviewed by Ryosuke Niwa.

        Make Document a FrameDestructionObserver to make sure Document::m_frame
        is properly nulled out when a Frame gets destroyed.
        Document::disconnectFromFrame() is supposed to be called before the Frame
        gets destroyed so this also adds an assertion to try and identify places
        where we fail to call it.

        No new tests, no known reproduction case.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::disconnectFromFrame):
        (WebCore::Document::frameDestroyed):
        * dom/Document.h:
        (WebCore::Document::frame): Deleted.

2016-12-13  Joseph Pecoraro  <pecoraro@apple.com>

        REGRESSION(r204163): Web Inspector: Page crashes when Inspector tries to load insecure SourceMap
        https://bugs.webkit.org/show_bug.cgi?id=165806
        <rdar://problem/28169025>

        Reviewed by Alex Christensen.

        Test: http/tests/inspector/network/loadResource-insecure-resource.html

        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::loadResource):
        DocumentThreadableLoader now triggers the ThreadableLoaderClient's didFail
        callback, so this didFailLoaderCreation is now redundent and incorrect.

2016-12-13  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Enhance fast path translate transforms to allow percentages
        https://bugs.webkit.org/show_bug.cgi?id=165822

        Reviewed by Simon Fraser.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::parseTransformTranslateArguments):

2016-12-13  Ryosuke Niwa  <rniwa@webkit.org>

        :hover rule causes a single tap to not activate a slotted anchor element
        https://bugs.webkit.org/show_bug.cgi?id=165551

        Reviewed by Antti Koivisto.

        Fixed a bug in ancestorRespondingToClickEvents that we were traversing the ancestor nodes without taking
        shadow roots and slots into account. This prevented tapping on a text node assigned to a slot inside
        an anchor element to activate the hyperlink on iOS.

        This bug was supposed to be fixed in r206605, and it was still broken on iOS due to the bug in
        ancestorRespondingToClickEvents. It is now tested by click-text-inside-linked-slot.html.

        Tests: fast/shadow-dom/click-on-slotted-anchor-with-hover.html
               fast/shadow-dom/click-text-inside-linked-slot.html

        * page/ios/FrameIOS.mm:
        (WebCore::ancestorRespondingToClickEvents):
        (WebCore::Frame::qualifyingNodeAtViewportLocation):

2016-12-13  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Eliminate SVGPaint and SVGColor
        https://bugs.webkit.org/show_bug.cgi?id=165819

        Reviewed by Dean Jackson.

        Remove SVGColor and SVGPaint CSS values from the tree. The new parser
        already stopped making these values when parsing, so all that's left
        is to make sure computed style doesn't use these values either.

        We are the only browser engine to support these CSS values, they see no use
        on the Web, and they're already gone at the parsing level, so it's time
        to remove these interfaces from our tree.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSCSSValueCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * css/CSSComputedStyleDeclaration.h:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        (WebCore::CSSValue::cloneForCSSOM):
        * css/CSSValue.h:
        (WebCore::CSSValue::isSubtypeExposedToCSSOM):
        (WebCore::CSSValue::isSVGColor): Deleted.
        (WebCore::CSSValue::isSVGPaint): Deleted.
        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::adjustSVGPaintForCurrentColor):
        (WebCore::ComputedStyleExtractor::svgPropertyValue):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertSVGColor):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueFill):
        (WebCore::StyleBuilderCustom::applyValueStroke):
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::PropertyWrapperSVGPaint::PropertyWrapperSVGPaint):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::fillPaintType):
        (WebCore::RenderStyle::setFillPaintColor):
        (WebCore::RenderStyle::strokePaintType):
        (WebCore::RenderStyle::setStrokePaintColor):
        * rendering/style/SVGRenderStyle.h:
        (WebCore::SVGRenderStyle::initialFillPaintType):
        (WebCore::SVGRenderStyle::initialStrokePaintType):
        (WebCore::SVGRenderStyle::setFillPaint):
        (WebCore::SVGRenderStyle::setStrokePaint):
        (WebCore::SVGRenderStyle::fillPaintType):
        (WebCore::SVGRenderStyle::strokePaintType):
        (WebCore::SVGRenderStyle::visitedLinkFillPaintType):
        (WebCore::SVGRenderStyle::visitedLinkStrokePaintType):
        (WebCore::SVGRenderStyle::hasStroke):
        (WebCore::SVGRenderStyle::hasFill):
        * rendering/style/SVGRenderStyleDefs.h:
        * rendering/svg/RenderSVGResource.cpp:
        (WebCore::requestPaintingResource):
        * rendering/svg/SVGResources.cpp:
        (WebCore::paintingResourceFromSVGPaint):
        * svg/SVGAllInOne.cpp:
        * svg/SVGAnimatedColor.cpp:
        (WebCore::SVGAnimatedColorAnimator::constructFromString):
        (WebCore::parseColorFromString):
        (WebCore::SVGAnimatedColorAnimator::calculateDistance):
        * svg/SVGAnimatedType.cpp:
        (WebCore::SVGAnimatedType::setValueAsString):
        * svg/SVGAnimatedType.h:
        * svg/SVGColor.cpp: Removed.
        * svg/SVGColor.h: Removed.
        * svg/SVGColor.idl: Removed.
        * svg/SVGFEDiffuseLightingElement.cpp:
        * svg/SVGFESpecularLightingElement.cpp:
        * svg/SVGPaint.cpp: Removed.
        * svg/SVGPaint.h: Removed.
        * svg/SVGPaint.idl: Removed.

2016-12-13  Alex Christensen  <achristensen@webkit.org>

        Restore NSURLRequest's default time interval to match behavior before NSURLSession adoption
        https://bugs.webkit.org/show_bug.cgi?id=165821
        <rdar://problem/28492939>

        Reviewed by Brady Eidson.

        Before adopting NSURLSession, iOS used CFURLConnection, not NSURLConnection.
        iOS used to have a default timeout of INT_MAX and it now has a default timeout of 0, which means use the 
        default NSURLRequest timeout, which is 60 seconds.  This is not enough for some slow mobile networks,
        so we want to match behavior of our CFURLConnection code here.

        * platform/network/ResourceRequestBase.cpp:
        Use INT_MAX as the default timeout of requests on iOS.

2016-12-13  Filip Pizlo  <fpizlo@apple.com>

        Make opaque root scanning truly constraint-based
        https://bugs.webkit.org/show_bug.cgi?id=165760

        Reviewed by Saam Barati.

        No new tests yet. I think that writing tests for this is a big investigation:
        https://bugs.webkit.org/show_bug.cgi?id=165808
        
        Remove the previous advancing wavefront DOM write barrier. I don't think this will scale
        very well. It's super confusing.
        
        This change makes it so that visitChildren can become a GC constraint that executes as
        part of the fixpoint. This changes all WebCore visitChildren methods that do opaque
        roots into constraints.

        * bindings/js/CommonVM.cpp:
        (WebCore::commonVMSlow):
        (WebCore::writeBarrierOpaqueRootSlow): Deleted.
        * bindings/js/CommonVM.h:
        (WebCore::writeBarrierOpaqueRoot): Deleted.
        * bindings/js/JSAttrCustom.cpp:
        (WebCore::JSAttr::visitAdditionalChildren):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::visitAdditionalChildren):
        * bindings/js/JSIDBCursorCustom.cpp:
        (WebCore::JSIDBCursor::visitAdditionalChildren):
        * bindings/js/JSMessageChannelCustom.cpp:
        (WebCore::JSMessageChannel::visitAdditionalChildren):
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::visitAdditionalChildren):
        * bindings/js/JSNodeIteratorCustom.cpp:
        (WebCore::JSNodeIterator::visitAdditionalChildren):
        * bindings/js/JSTextTrackCueCustom.cpp:
        (WebCore::JSTextTrackCue::visitAdditionalChildren):
        * bindings/js/JSTreeWalkerCustom.cpp:
        (WebCore::JSTreeWalker::visitAdditionalChildren):
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::visitAdditionalChildren):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
        * bindings/js/JSXPathResultCustom.cpp:
        (WebCore::JSXPathResult::visitAdditionalChildren):
        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::notifyChildNodeInserted):
        (WebCore::notifyChildNodeRemoved):

2016-12-12  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove use of Dictionary in ApplePaySession
        https://bugs.webkit.org/show_bug.cgi?id=165787

        Reviewed by Anders Carlsson.

        First take at generating the bindings for ApplePaySession and removing
        all use of Dictionary.
        
        - Removes all use of Dictionary!
        - Removes use of logging errors to the console with improved Exception messages.
        - Use ExceptionOr extensively to pass exception state.
        
        Still to do:
            - Reconcile / merge ApplePaySession::PaymentRequest with WebCore::PaymentRequest
              and all the sub-objects held within.
            - Remove PaymentRequestValidator entirely, merging validation into the validation
              we already do in ApplePaySession.cpp
            - Make ApplePayEvents use generated dictionary creation code.

        Test: http/tests/ssl/applepay/ApplePaySession.html

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::convertAndValidate):
        (WebCore::canCallApplePaySessionAPIs):
        (WebCore::ApplePaySession::create):
        (WebCore::ApplePaySession::ApplePaySession):
        (WebCore::ApplePaySession::supportsVersion):
        (WebCore::ApplePaySession::canMakePayments):
        (WebCore::ApplePaySession::canMakePaymentsWithActiveCard):
        (WebCore::ApplePaySession::openPaymentSetup):
        (WebCore::ApplePaySession::begin):
        (WebCore::ApplePaySession::completeMerchantValidation):
        (WebCore::ApplePaySession::completeShippingMethodSelection):
        (WebCore::ApplePaySession::completeShippingContactSelection):
        (WebCore::ApplePaySession::completePaymentMethodSelection):
        (WebCore::ApplePaySession::didSelectShippingMethod):
        (WebCore::createContactFields): Deleted.
        (WebCore::toLineItemType): Deleted.
        (WebCore::isValidLineItemPropertyName): Deleted.
        (WebCore::createLineItem): Deleted.
        (WebCore::createLineItems): Deleted.
        (WebCore::createMerchantCapabilities): Deleted.
        (WebCore::createSupportedNetworks): Deleted.
        (WebCore::toShippingType): Deleted.
        (WebCore::isValidShippingMethodPropertyName): Deleted.
        (WebCore::createShippingMethod): Deleted.
        (WebCore::createShippingMethods): Deleted.
        (WebCore::isValidPaymentRequestPropertyName): Deleted.
        (WebCore::createPaymentRequest): Deleted.
        * Modules/applepay/ApplePaySession.h:
        Replace hand written dictionary extraction code with autogenerated code
        and hand written additional validation.

        * Modules/applepay/ApplePaySession.idl:
        Add helper dictionaries and enums.

        * Modules/applepay/PaymentRequestValidator.cpp:
        (WebCore::PaymentRequestValidator::validate):
        (WebCore::PaymentRequestValidator::validateTotal):
        (WebCore::validateCountryCode):
        (WebCore::validateCurrencyCode):
        (WebCore::validateMerchantCapabilities):
        (WebCore::validateSupportedNetworks):
        (WebCore::validateShippingMethod):
        (WebCore::validateShippingMethods):
        (WebCore::PaymentRequestValidator::PaymentRequestValidator): Deleted.
        (WebCore::PaymentRequestValidator::~PaymentRequestValidator): Deleted.
        (WebCore::PaymentRequestValidator::validateCountryCode): Deleted.
        (WebCore::PaymentRequestValidator::validateCurrencyCode): Deleted.
        (WebCore::PaymentRequestValidator::validateMerchantCapabilities): Deleted.
        (WebCore::PaymentRequestValidator::validateShippingMethod): Deleted.
        (WebCore::PaymentRequestValidator::validateSupportedNetworks): Deleted.
        (WebCore::PaymentRequestValidator::validateShippingMethods): Deleted.
        * Modules/applepay/PaymentRequestValidator.h:
        Instead of reporting the validation errors to the console, pass them in the exception.
        This allows us to remove the window member, and move the helpers to the implementation
        file as statics.

        * WebCore.xcodeproj/project.pbxproj:
        Remove file.

        * bindings/generic/IDLTypes.h:
        (WebCore::IDLObject::nullValue):
        (WebCore::IDLObject::isNullValue):
        (WebCore::IDLObject::extractValueFromNullable):
        Add nullability traits for IDLObject.
        
        * bindings/js/JSApplePaySessionCustom.cpp:
        Removed.

2016-12-13  Daniel Bates  <dabates@apple.com>

        CSP: Teach the preload scanner about the 'nonce' attribute
        https://bugs.webkit.org/show_bug.cgi?id=161192
        <rdar://problem/28010354>

        Reviewed by Darin Adler.

        This patch was inspired by a similar Blink change:
        <https://chromium.googlesource.com/chromium/src/+/dde5487f380cf774e4c0e96ba7f88ea68e723907>

        Preload external scripts and stylesheets whose HTML script and link elements have a nonce
        attribute that is listed in the Content Security Policy (CSP) of the page.

        Currently the preload scanner ignores the nonce attribute on HTML script and link elements.
        So, WebKit does not preload their associated subresources unless the value of the src
        attribute or href attribute is whitelisted in the CSP of the page for script and link
        elements, respectively. Instead the preload scanner should recognize the nonce attribute on
        script and link elements and query the CSP of the page with it. If the nonce attribute is
        whitelisted then the request should be preloaded.

        Tests: http/tests/loading/do-not-preload-css-blocked-by-csp.html
               http/tests/loading/do-not-preload-script-src-blocked-by-csp.html
               http/tests/loading/preload-css-with-csp-nonce.html
               http/tests/loading/preload-script-src-with-csp-nonce.html

        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): Set the nonce on the
        PreloadRequest to the nonce that we found during the scan.
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): For script and link tag names,
        save the value of the nonce attribute (if it has one).
        * html/parser/HTMLResourcePreloader.cpp:
        (WebCore::PreloadRequest::resourceRequest): Skip CSP policy check if the nonce is listed in
        the CSP of the page.
        * html/parser/HTMLResourcePreloader.h:
        (WebCore::PreloadRequest::setNonce): Added.

2016-12-13  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Rename CSSPrimitiveValue::UnitTypes to CSSPrimitiveValue::UnitType
        https://bugs.webkit.org/show_bug.cgi?id=165776

        Reviewed by Zalan Bujtas.

        * css/CSSCalculationValue.cpp:
        (WebCore::unitCategory):
        (WebCore::hasDoubleValue):
        (WebCore::determineCategory):
        (WebCore::CSSCalcExpressionNodeParser::parseValue):
        * css/CSSCalculationValue.h:
        * css/CSSPrimitiveValue.cpp:
        (WebCore::isValidCSSUnitTypeForDoubleConversion):
        (WebCore::isStringType):
        (WebCore::CSSPrimitiveValue::unitCategory):
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::cleanup):
        (WebCore::CSSPrimitiveValue::computeLengthDouble):
        (WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble):
        (WebCore::CSSPrimitiveValue::conversionToCanonicalUnitsScaleFactor):
        (WebCore::CSSPrimitiveValue::getFloatValue):
        (WebCore::CSSPrimitiveValue::doubleValue):
        (WebCore::CSSPrimitiveValue::canonicalUnitTypeForCategory):
        (WebCore::CSSPrimitiveValue::doubleValueInternal):
        (WebCore::CSSPrimitiveValue::cloneForCSSOM):
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::isFontRelativeLength):
        (WebCore::CSSPrimitiveValue::isLength):
        (WebCore::CSSPrimitiveValue::isResolution):
        (WebCore::CSSPrimitiveValue::createAllowingMarginQuirk):
        * css/CSSValue.h:
        * css/CSSValuePool.cpp:
        (WebCore::CSSValuePool::createValue):
        * css/CSSValuePool.h:
        (WebCore::CSSValuePool::createValue):
        * css/MediaQueryExp.cpp:
        (WebCore::featureWithValidDensity):
        (WebCore::MediaQueryExpression::MediaQueryExpression):
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::parseSimpleLength):
        (WebCore::parseSimpleLengthValue):
        (WebCore::parseColorIntOrPercentage):
        (WebCore::fastParseColorInternal):
        (WebCore::parseTransformTranslateArguments):
        (WebCore::parseTransformNumberArguments):
        * css/parser/CSSParserToken.cpp:
        (WebCore::cssPrimitiveValueUnitFromTrie):
        (WebCore::stringToUnitType):
        (WebCore::CSSParserToken::CSSParserToken):
        (WebCore::CSSParserToken::convertToPercentage):
        * css/parser/CSSParserToken.h:
        (WebCore::CSSParserToken::unitType):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeTransformOrigin):
        (WebCore::consumeCounter):
        (WebCore::consumeAnimationName):
        (WebCore::consumePerspective):
        (WebCore::consumePositionLonghand):
        (WebCore::consumeCounterContent):
        (WebCore::consumeReflect):
        (WebCore::consumeGridBreadth):
        (WebCore::CSSPropertyParser::consumeFlex):
        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::CalcParser::consumeNumber):
        (WebCore::CSSPropertyParserHelpers::consumeInteger):
        (WebCore::CSSPropertyParserHelpers::consumeLength):
        (WebCore::CSSPropertyParserHelpers::consumePercent):
        (WebCore::CSSPropertyParserHelpers::consumeAngle):
        (WebCore::CSSPropertyParserHelpers::consumeTime):
        (WebCore::CSSPropertyParserHelpers::consumeCustomIdent):
        (WebCore::CSSPropertyParserHelpers::consumeString):
        (WebCore::CSSPropertyParserHelpers::consumeUrl):
        (WebCore::CSSPropertyParserHelpers::consumeDeprecatedGradientPoint):
        (WebCore::CSSPropertyParserHelpers::consumeDeprecatedGradientColorStop):
        (WebCore::CSSPropertyParserHelpers::consumeCrossFade):
        (WebCore::CSSPropertyParserHelpers::consumeImageSet):
        (WebCore::CSSPropertyParserHelpers::consumeFilterFunction):
        * css/parser/MediaQueryParser.cpp:
        (WebCore::MediaQueryParser::readFeatureValue):
        * css/parser/SizesAttributeParser.cpp:
        (WebCore::SizesAttributeParser::computeLength):
        * css/parser/SizesAttributeParser.h:
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::setInlineStyleProperty):
        (WebCore::StyledElement::addPropertyToPresentationAttributeStyle):
        * dom/StyledElement.h:
        * svg/SVGLengthValue.cpp:
        (WebCore::SVGLengthValue::toCSSPrimitiveValue):

2016-12-13  Eric Carlson  <eric.carlson@apple.com>

        Annotate MediaStream and WebRTC idl with EnabledAtRuntime flag
        https://bugs.webkit.org/show_bug.cgi?id=165251

        Reviewed by Youenn Fablet.

        No new tests, fixes an API test.

        * page/Settings.in: Delete mediaStreamEnabled and peerConnectionEnabled, we don't need a
        setting and a runtime feature.

2016-12-13  Antti Koivisto  <antti@apple.com>

        REGRESSION (r198990): Cannot edit content inside <details> in wysiwyg editor
        https://bugs.webkit.org/show_bug.cgi?id=165757

        Reviewed by Andreas Kling.

        Test: fast/html/details-edit.html

        -webkit-user-modify is reset on shadow boundary so it doesn't go through <details> shadow tree.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::pseudoStyleForElement):
        (WebCore::StyleResolver::styleForPage):
        (WebCore::StyleResolver::applyMatchedProperties):
        * dom/Node.cpp:
        (WebCore::computeEditabilityFromComputedStyle):
        (WebCore::Node::computeEditability):

            Make -webkit-user-modify (which we would want to get rid of completely eventually) have no effect in shadow trees.
            Check for contenteditable directly instead.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::createInnerTextStyle):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::createInnerTextStyle):
        * html/shadow/TextControlInnerElements.cpp:
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::createFlowThreadStyle):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::styleDidChange):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::createAnonymousStyleWithDisplay):
        (WebCore::RenderStyle::createStyleInheritingFromPseudoStyle):
        (WebCore::RenderStyle::inheritFrom):

            Let -webkit-user-modify inherit through shadow boundary as normal.

        * rendering/style/RenderStyle.h:

2016-12-12  Darin Adler  <darin@apple.com>

        Remove bindings generation support for legacy WebCore::Dictionary
        https://bugs.webkit.org/show_bug.cgi?id=165762

        Reviewed by Sam Weinig.

        After this patch, all use of legacy WebCore::Dictionary is within custom bindings or
        inside the DOM code itself. Bindings generation machinery no longer has a special
        type named "Dictionary" but has increasingly good support for IDL-defined dictionaries.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::create): Take ExecState and a JSValue rather than a Dictionary.
        (WebCore::ApplePaySession::completeMerchantValidation): Ditto.
        * Modules/applepay/ApplePaySession.h: Updated for the above changes.
        * Modules/applepay/ApplePaySession.idl: For this last file using Dictionary in IDL, move
        to "[CallWith=ScriptState]" and "any" as a stopgap. Later we can return and use IDL
        dictionaries or other more modern solutions.

        * Modules/mediastream/MediaDevices.idl: For the custom binding written in JavaScript,
        use the type mentioned in the specification rather than Dictionary. The bindings generator
        ignores the type, so this is more like changing a comment rather than changing source code.

        * Modules/mediastream/RTCPeerConnection.js:
        (initializeRTCPeerConnection): Refer to a non-object as not a valid "dictionary", lowercase
        rather than "Dictionary".
        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (callbacksAndDictionaryOverload): Ditto.

        * bindings/generic/IDLTypes.h: Removed IDLLegacyDictionary.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::getHashAlgorithm): Fixed a comment.

        * bindings/js/JSDOMConvert.h:
        (WebCore::Converter<IDLLegacyDictionary<T>>::convert): Deleted.

        * bindings/scripts/CodeGenerator.pm:
        (IsBuiltinType): Removed special case for "Dictionary".
        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType): Ditto.
        (AreTypesDistinguishableForOverloadResolution): Ditto.
        (GenerateOverloadedFunctionOrConstructor): Ditto.
        (GenerateParametersCheck): Ditto.
        (GetBaseIDLType): Ditto.

        * bindings/scripts/test/JS/JSTestObj.cpp: Regenerated results.
        * bindings/scripts/test/TestObj.idl: Removed test case for Dictionary.

2016-12-12  Chris Dumez  <cdumez@apple.com>

        Drop unnecessary null check in removeDetachedChildrenInContainer()
        https://bugs.webkit.org/show_bug.cgi?id=165778

        Reviewed by Alex Christensen.

        Drop unnecessary null check in removeDetachedChildrenInContainer().
        Node cannot be null but we do an implicit null check.

        No new tests, no Web-exposed behavior change.

        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::removeDetachedChildrenInContainer):

2016-12-12  Chris Dumez  <cdumez@apple.com>

        Add Document.onvisibilitychange event handler attribute
        https://bugs.webkit.org/show_bug.cgi?id=165784

        Reviewed by Daniel Bates.

        Add Document.onvisibilitychange event handler attribute as per Page
        Visibility Level 2 API:
        - http://w3c.github.io/page-visibility/#onvisiblitychange-event-handler

        Test: fast/events/page-visibility-onvisibilitychange.html

        * dom/Document.idl:

2016-12-12  Dean Jackson  <dino@apple.com>

        [iOS] MediaDocument "Done" button should navigate the page back
        https://bugs.webkit.org/show_bug.cgi?id=165779

        Reviewed by Sam Weinig.

        Detect if the exit from fullscreen was caused by the Done button,
        and if so, tell the page to navigate back.

        Unfortunately this is not yet testable. It's waiting on the
        UI-based device testing in development by the media team.

        * platform/cocoa/WebVideoFullscreenModel.h: Add a finishedWithMedia parameter to
        requestFullscreenMode, to indicate if the change in mode is associated with
        the closing of the media document.
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::requestFullscreenMode): If we're a media
        document, and we say we're finished with the media, tell the document
        to navigate back a page.
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::requestFullscreenMode):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason):

2016-12-12  Zalan Bujtas  <zalan@apple.com>

        Infinite recursion when viewport is set to the size of the content but the content overflows the viewport.
        https://bugs.webkit.org/show_bug.cgi?id=165775
        rdar://problem/29366628

        Reviewed by Simon Fraser.

        In certain cases when the viewport is sized to accomodate the content and
        the content always overflows the viewport, we might end up in recursive FrameView::layout calls.
        This is specific to content with viewport units, because we always invalidate elements with vw/vh units on
        viewport size change. However if this viewport size change is in response to content size change (layout), 
        invalidating elements could trigger synchronous layout, while we are still inside this current layout.
        This is very similar to the m_setNeedsLayoutWasDeferred case and they should eventually be merged.
        It also means that we might be behind by one layout on elements with vw/vh units (fixed layout only though).

        Currently not testable.

        * page/FrameView.cpp:
        (WebCore::FrameView::availableContentSizeChanged):

2016-12-12  Keith Rollin  <krollin@apple.com>

        Memory warning logging appears to capture resident footprint, missing compress/swap.
        https://bugs.webkit.org/show_bug.cgi?id=165533
        <rdar://problem/29318410>

        Reviewed by Andreas Kling.

        Have platformMemoryUsage return both resident and resident + swapped
        values. This is now returned as a struct in a std::optional to better
        support cases where values cannot or are not returned. Report these
        values in logMemoryUsageChange.

        Remove most of the ReliefLogger instances and their messages. We no
        longer free up fastMalloc memory after each memory-release operation,
        so there are no memory regions returned to the OS. Instead, we now
        free up fastMalloc memory regions at the end of all memory-releasing
        operations in one fell swoop and report a grand total of memory
        returned.

        No new tests -- no changes to user accessible functionality.

        * page/MemoryRelease.cpp:
        (WebCore::releaseNoncriticalMemory):
        (WebCore::releaseCriticalMemory):
        (WebCore::releaseMemory):
        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseMemory):
        (WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):
        * platform/MemoryPressureHandler.h:
        (WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
        (WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):
        (WebCore::MemoryPressureHandler::ReliefLogger::loggingEnabled):
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):
        * platform/linux/MemoryPressureHandlerLinux.cpp:
        * platform/win/MemoryPressureHandlerWin.cpp:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):

2016-12-12  Chris Dumez  <cdumez@apple.com>

        Document.visibilityState should use an IDL string enumeration
        https://bugs.webkit.org/show_bug.cgi?id=165774

        Reviewed by Daniel Bates.

        Document.visibilityState should use an IDL string enumeration:
        - http://w3c.github.io/page-visibility/#extensions-to-the-document-interface

        No new tests, there should be no Web-exposed behavior change.

        * CMakeLists.txt:
        * Modules/vibration/NavigatorVibration.cpp:
        (WebCore::NavigatorVibration::vibrate):
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::hidden):
        (WebCore::Document::pageVisibilityState): Deleted.
        (WebCore::Document::visibilityState): Deleted.
        * dom/Document.h:
        * dom/Document.idl:
        * page/Page.cpp:
        (WebCore::Page::visibilityState):
        * page/PageVisibilityState.cpp: Removed.
        * page/PageVisibilityState.h:
        (): Deleted.

2016-12-12  Jer Noble  <jer.noble@apple.com>

        Remove implementation of legacy Mozilla-based Fullscreen API.
        https://bugs.webkit.org/show_bug.cgi?id=165689

        Reviewed by Eric Carlson.

        Alias the legacy webkitRequestFull_S_creen() function on Element to webkitRequestFull_s_creen().
        Remove the custom behavior in Document::requestFullScreenForElement() to handle the legacy path.

        * dom/Document.cpp:
        (WebCore::Document::requestFullScreenForElement):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::webkitRequestFullscreen):
        (WebCore::Element::webkitRequestFullScreen): Deleted.
        * dom/Element.h:
        * dom/Element.idl:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::enterFullscreen):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlFullscreenButtonElement::defaultEventHandler):

2016-12-12  Zalan Bujtas  <zalan@apple.com>

        The CSS 'columns' property when set on the <body> element makes short columns
        https://bugs.webkit.org/show_bug.cgi?id=164891

        Reviewed by Darin Adler and David Hyatt.

        Currently when the body has auto height, we use the height of the viewport as
        the available height for the columns defined on the body element.
        This is the desired behaviour for paginated content.
        However in case of a simple, non-paginated multicolumn context, we should let the columns grow beyond
        the viewport vertically. This is also what other browsers do.
        This patch sets the available height on columns (in non-paginated context) only if the logical height
        is defined (we are right before layout, so applying non-defined values does not make much sense anyway).
        The reason why it is only broken on the <body> is because it stretches to the viewport by
        default (see stretchesToViewport()) while other block renderers do not.

        Test: fast/multicol/columns-on-body.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange):

2016-12-09  Dean Jackson  <dino@apple.com>

        Autoplay isn't working in iPhone MediaDocuments
        https://bugs.webkit.org/show_bug.cgi?id=165710
        <rdar://problems/29606761>

        Reviewed by Darin Adler.

        Our silent video autoplay detection disabled autoplay
        of videos in MediaDocuments.

        Test: media/ios/autoplay-only-in-main-document.html

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::playbackPermitted):
        Return true if we're in a top-level media document.

2016-12-12  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Fixing build breakage in GStreamer's WebKitCommonEncryptionDecryptorGStreamer.

        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
        (webkitMediaCommonEncryptionDecryptTransformInPlace):
        WTF::Seconds should be used instead of std::chrono::seconds.

2016-12-11  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r200283): Transform, overflow hidden and filter combination completely hides the element
        https://bugs.webkit.org/show_bug.cgi?id=161509

        Reviewed by David Hyatt.
        
        When the filter painting code needs to recompute a paintDirtyRect, it was using selfClipRect() 
        which is obviously wrong because it returns a rect in absolute coordinates. Use code factored
        out of localClipRect() instead, which returns a rect relative to the painting root.

        Test: css3/filters/filter-on-overflow-hidden.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):

2016-12-11  Saam Barati  <sbarati@apple.com>

        We should be able to throw exceptions from Wasm code and when Wasm frames are on the stack
        https://bugs.webkit.org/show_bug.cgi?id=165429

        Reviewed by Keith Miller.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::GetCallerGlobalObjectFunctor::operator()):

2016-12-11  Darin Adler  <darin@apple.com>

        Remove uses of Dictionary in WebRTC IDL files
        https://bugs.webkit.org/show_bug.cgi?id=165736

        Reviewed by Sam Weinig.

        Also removed quite a bit of unused code. There were some mocks that were out of date and
        no longer matched the types used in the real code, that also were no longer hooked up,
        and other types of dead code. We will have to implement anew when we want to restore tests
        like the ones these were intended to enable.

        * CMakeLists.txt: Updated for all the removed files.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp: Moved some types in here
        that don't need to be in the header.
        (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection): Use make_unique.
        (WebCore::MediaEndpointPeerConnection::setConfiguration): Changed argument type,
        obviating the need for most of the code that was here.
        * Modules/mediastream/MediaEndpointPeerConnection.h: Updated for the above. Made more
        things private and final. Marked the constructor explicit. Removed unneeded includes.

        * Modules/mediastream/PeerConnectionBackend.h: Removed unneeded includes and forward
        declarations. Changed the argument type for setConfiguration (see above).

        * Modules/mediastream/RTCConfiguration.cpp: Removed.
        None of the code here was needed except for the ICE server validation, and that was
        moved into RTCPeerConnection::setConfiguration.
        * Modules/mediastream/RTCConfiguration.h: Changed this from a class to a struct since
        this is now a dictionary rather than an interface.
        * Modules/mediastream/RTCConfiguration.idl: Changed this from an interface to a dictionary.

        * Modules/mediastream/RTCDTMFSender.cpp: Removed some of the code from this file. This
        class currently isn't implemented, but was depending on RTCPeerConnectionHandler. I removed
        some of the dead code. Someone will have to straighten this out so we can turn it back on.
        * Modules/mediastream/RTCDTMFSender.h: Ditto.

        * Modules/mediastream/RTCDataChannel.cpp: Updated includes.

        * Modules/mediastream/RTCIceCandidate.cpp:
        (WebCore::RTCIceCandidate::create): Removed most of the code, since this now takes
        a structure rather than a WebCore::Dictionary, and so the bindings take care of the work.
        * Modules/mediastream/RTCIceCandidate.h: Updated for the above.
        * Modules/mediastream/RTCIceCandidate.idl: Changed the constructor to take a
        RTCIceCandidateInit instead of a Dictionary.

        * Modules/mediastream/RTCIceServer.h: Changed this from a class to a struct since
        this is now a dictionary rather than an interface.
        * Modules/mediastream/RTCIceServer.idl: Changed this from an interface to a dictionary.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::initializeWith): Take an RTCConfiguration rather than
        a Dictionary.
        (WebCore::RTCPeerConnection::getConfiguration): Moved to header, now an inline.
        (WebCore::RTCPeerConnection::setConfiguration): Use the configuration dictionary now instead
        of the configuration class. Also moved validation of server URLs here, formerly in the
        RTCConfiguration RTCConfiguration::initialize function. Also moved code to convert from
        RTCConfiguration to MediaEndpointConfiguration here, formerly in
        MediaEndpointPeerConnection::setConfiguration.
        * Modules/mediastream/RTCPeerConnection.h: Updated for the above.
        * Modules/mediastream/RTCPeerConnection.idl: Changed argument to initializeWith and
        setConfiguration from Dictionary to RTCConfiguration.

        * Modules/mediastream/RTCSessionDescription.cpp:
        (WebCore::parseTypeString): Deleted.
        (WebCore::RTCSessionDescription::create): Changed to take struct instead of Dictionary.
        * Modules/mediastream/RTCSessionDescription.h: Added Init struct and changed create to
        take it.
        * Modules/mediastream/RTCSessionDescription.idl: Changed constructor argument to take
        RTCSessionDescriptionInit dictionary instead of Dictionary.

        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp: Updated includes.

        * WebCore.xcodeproj/project.pbxproj: Updated for all the removed files.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDictionaryImplementationContent): Fixed convertDictionaryToJS to work with other
        nullable types besides RefPtr.
        * bindings/scripts/test/JS/JSTestObj.cpp: Regenerated.

        * platform/mediastream/RTCConfigurationPrivate.h: Removed.
        * platform/mediastream/RTCIceServerPrivate.h: Removed.
        * platform/mediastream/RTCPeerConnectionHandler.cpp: Removed.
        * platform/mediastream/RTCPeerConnectionHandler.h: Removed.
        * platform/mock/RTCDTMFSenderHandlerMock.cpp: Removed.
        * platform/mock/RTCDTMFSenderHandlerMock.h: Removed.

        * platform/mock/RTCDataChannelHandlerMock.h: Updated includes, made more things private and final.

        * platform/mock/RTCPeerConnectionHandlerMock.cpp: Removed.
        * platform/mock/RTCPeerConnectionHandlerMock.h: Removed.

        * testing/Internals.cpp:
        (WebCore::Internals::Internals): Removed call to enableMockRTCPeerConnectionHandler.
        (WebCore::Internals::enableMockRTCPeerConnectionHandler): Deleted.

2016-12-11  Darin Adler  <darin@apple.com>

        Use std::vsnprintf instead of vasprintf
        https://bugs.webkit.org/show_bug.cgi?id=165740

        Reviewed by Sam Weinig.

        * platform/FileHandle.cpp:
        (WebCore::FileHandle::printf): Use vsnprintf, including StringExtras.h to
        ensure compatibility with older versions of the Visual Studio library,
        and Vector for the buffer. Use inline capacity in the vector so we normally
        don't need to allocate any memory on the heap.
        * xml/XSLTUnicodeSort.cpp:
        (xsltTransformErrorTrampoline): Ditto.
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::error): Ditto.

2016-12-11  Darin Adler  <darin@apple.com>

        Make some refinements to HTMLPlugInImageElement
        https://bugs.webkit.org/show_bug.cgi?id=165742

        Reviewed by Sam Weinig.

        * html/HTMLPlugInImageElement.cpp: Removed many unneeded includes.
        (WebCore::titleText): Use HashMap::ensure, correct argument types.
        (WebCore::subtitleText): Ditto.
        (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): Moved
        initialization of most scalars to the class definition.
        (WebCore::HTMLPlugInImageElement::isImageType): Use auto.
        (WebCore::HTMLPlugInImageElement::wouldLoadAsPlugIn): Removed
        unneeded local variable and if statement.
        (WebCore::HTMLPlugInImageElement::willDetachRenderers): Use auto.
        (WebCore::HTMLPlugInImageElement::updateSnapshot): Do not call
        renderer twice unnecessarily.
        (WebCore::plugInImageElementIsolatedWorld): Use auto.
        (WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot): Use auto.
        (WebCore::HTMLPlugInImageElement::partOfSnapshotOverlay): Use auto.
        (WebCore::HTMLPlugInImageElement::restartSimilarPlugIns): Got rid of
        unnecessary typedef.
        (WebCore::HTMLPlugInImageElement::userDidClickSnapshot): Take a
        reference rather than PassRefPtr.
        (WebCore::documentHadRecentUserGesture): Removed unneeded if.
        (WebCore::HTMLPlugInImageElement::checkSizeChangeForSnapshotting): Use auto.
        (WebCore::isSmallerThanTinySizingThreshold): Use auto.
        (WebCore::HTMLPlugInImageElement::isTopLevelFullPagePlugin): Use auto.
        (WebCore::HTMLPlugInImageElement::checkSnapshotStatus): Use auto.
        (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Got rid
        of unnecessary local variable. Use auto.
        (WebCore::HTMLPlugInImageElement::requestObject): Got rid of unnecessary
        local variable.
        * html/HTMLPlugInImageElement.h: Updated for the above. Removed incorrect
        use of const. Initialized all scalars. Made function private and final.

        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::handleEvent): Pass reference instead
        of pointer.

2016-12-11  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Cleanup some InspectorInstrumentation network loading notifications
        https://bugs.webkit.org/show_bug.cgi?id=165688

        Reviewed by Brian Burg.

        Eliminate InspectorInstrumentation::willReceiveResourceResponse by folding
        it into InspectorInstrumentation::didReceiveResourceResponse. Simplify other
        related InspectorInstrumentation calls by using references and using more
        consistent InspectorInstrumentation patterns.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didReceiveResourceResponseImpl):
        (WebCore::InspectorInstrumentation::willReceiveResourceResponseImpl): Deleted.
        (WebCore::InspectorInstrumentation::didReceiveResourceResponseButCanceledImpl): Deleted.
        (WebCore::InspectorInstrumentation::continueAfterXFrameOptionsDeniedImpl): Deleted.
        (WebCore::InspectorInstrumentation::continueWithPolicyDownloadImpl): Deleted.
        (WebCore::InspectorInstrumentation::continueWithPolicyIgnoreImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didReceiveResourceResponse):
        (WebCore::InspectorInstrumentation::continueAfterXFrameOptionsDenied):
        (WebCore::InspectorInstrumentation::continueWithPolicyDownload):
        (WebCore::InspectorInstrumentation::continueWithPolicyIgnore):
        (WebCore::InspectorInstrumentation::willReceiveResourceResponse): Deleted.
        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):
        (WebCore::DocumentLoader::continueAfterContentPolicy):
        * loader/ResourceLoadNotifier.cpp:
        (WebCore::ResourceLoadNotifier::dispatchDidReceiveResponse):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::didReceiveResponse):

2016-12-11  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Protect MediaDevicesRequest during callback
        https://bugs.webkit.org/show_bug.cgi?id=165711
        <rdar://problem/28400468>

        Reviewed by Sam Weinig.

        No new tests, I was unable to create a reproducible test but this fix avoids
        an occasional crash in existing tests.

        * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
        (WebCore::MediaDevicesEnumerationRequest::start): Take a reference to the object
        before calling the controller in case the completion handler is called synchronously.

2016-12-09  Filip Pizlo  <fpizlo@apple.com>

        The DOM should have an advancing wavefront opaque root barrier
        https://bugs.webkit.org/show_bug.cgi?id=165712

        Reviewed by Yusuke Suzuki.

        No new tests because this was covered by crashing tests.
        
        Consider these two cases:
        
           Removal:
           1) DOM at start: D->X->Y
           2) Mark X, X->visitChildren, addOpaqueRoot(D)
           3) remove X
           4) Y thinks it's not reachable (its opaque root, X, is not in the set).
           
           Insertion:
           1) DOM at start: D, X->Y
           2) Mark X, X->visitChildren, addOpaqueRoot(X)
           3) insert X into D
           4) Y thinks it's not reachable (its opaque root, D, is not in the set).
        
        We can fix this with two barriers:
        
           Removal: add X (the removed child) to the opaque root set.
           Insertion: add D (the insertion point) to the opaque root set.
        
        Thanks Rysosuke for coming up with this idea!
        
        Both barriers advance the wavefront. We could consider retreating wavefront barriers in
        the future (where we cause visitChildren to be called again on wrappers that belonged to
        roots that got affected by insertion/removal) but those would probably require more
        bookkeeping.
        
        To make this barrier very fast, the WebCore caches the JSC VM's barrier state in
        its own global variable for very fast access. This variable will be false most of the
        time. It's false when there is no VM, so triggering the barrier won't cause the VM to be
        created. It's only true when GC is running, which is rare by design.
        
        To make that caching more sensible, I finally gave WebCore a central header for
        the common VM (CommonVM.h).

        * CMakeLists.txt:
        * Modules/mediastream/SDPProcessor.cpp:
        (WebCore::SDPProcessor::callScript):
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/CommonVM.cpp: Added.
        (WebCore::commonVMSlow):
        (WebCore::writeBarrierOpaqueRootSlow):
        * bindings/js/CommonVM.h: Added.
        (WebCore::commonVM):
        (WebCore::writeBarrierOpaqueRoot):
        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::mainThreadNormalWorld):
        * bindings/js/GCController.cpp:
        (WebCore::collect):
        (WebCore::GCController::garbageCollectSoon):
        (WebCore::GCController::garbageCollectNow):
        (WebCore::GCController::garbageCollectNowIfNotDoneRecently):
        (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
        (WebCore::GCController::deleteAllCode):
        (WebCore::GCController::deleteAllLinkedCode):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::addImpureProperty):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
        (WebCore::JSDOMWindowBase::commonVM): Deleted.
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::setWindow):
        * bindings/js/JSNodeCustom.h:
        (WebCore::root):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
        (WebCore::ScriptCachedFrameData::restore):
        (WebCore::ScriptCachedFrameData::clear):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::~ScriptController):
        (WebCore::ScriptController::createWorld):
        (WebCore::ScriptController::getAllWorlds):
        (WebCore::ScriptController::clearWindowShell):
        (WebCore::ScriptController::cacheableBindingRootObject):
        (WebCore::ScriptController::bindingRootObject):
        (WebCore::ScriptController::windowScriptNPObject):
        (WebCore::ScriptController::jsObjectForPluginElement):
        (WebCore::ScriptController::clearScriptObjects):
        * dom/CollectionIndexCache.cpp:
        (WebCore::reportExtraMemoryAllocatedForCollectionIndexCache):
        * dom/ContainerNode.cpp:
        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::notifyChildNodeInserted):
        (WebCore::notifyChildNodeRemoved):
        * dom/Document.cpp:
        (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy):
        * dom/Node.h:
        (WebCore::Node::opaqueRoot):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::vm):
        * html/HTMLImageLoader.cpp:
        (WebCore::HTMLImageLoader::notifyFinished):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pauseAfterDetachedTask):
        (WebCore::HTMLMediaElement::ensureIsolatedWorld):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::plugInImageElementIsolatedWorld):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::vm):
        * inspector/PageScriptDebugServer.cpp:
        (WebCore::PageScriptDebugServer::PageScriptDebugServer):
        * page/PerformanceLogging.cpp:
        (WebCore::PerformanceLogging::memoryUsageStatistics):
        (WebCore::PerformanceLogging::javaScriptObjectCounts):
        * page/ResourceUsageThread.cpp:
        (WebCore::ResourceUsageThread::createThreadIfNeeded):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::reportApproximateMemoryCost):
        * testing/MemoryInfo.h:
        (WebCore::MemoryInfo::MemoryInfo):

2016-12-11  Dan Bernstein  <mitz@apple.com>

        [Cocoa] NSAttributedString representation of text copied from -webkit-nbsp-mode:space element contains non-breaking space characters, but shouldn’t
        https://bugs.webkit.org/show_bug.cgi?id=165515
        <rdar://problem/4108460>

        Reviewed by Darin Adler.

        Test: platform/mac/fast/text/attributed-substring-from-range.html

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_processText): Emit a space instead of a non-breaking space if the text node
          is styled with -webkit-nbsp-mode:space.
        (WebCore::editingAttributedStringFromRange): Replace all non-breaking spaces with spaces if
          they come from a text node with -webkit-nbsp-mode:space.

2016-12-11  Konstantin Tokarev  <annulen@yandex.ru>

        Unreviewed, add KHR include dir to fix ANGLE build after r209665
        https://bugs.webkit.org/show_bug.cgi?id=165686

        * CMakeLists.txt:

2016-12-10  Dave Hyatt  <hyatt@apple.com>

        Rolling out 165737, since it broke layout tests. I need to find a 
        different place to put the init.

        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::isValidSelector):

2016-12-10  Simon Fraser  <simon.fraser@apple.com>

        Support the deprecated dictionary constructor for DOMPointReadOnly and DOMPoint
        https://bugs.webkit.org/show_bug.cgi?id=165732

        Reviewed by Sam Weinig.
        
        For compatibility with other browsers, support the DOMPointInit constructor to
        DOMPoint and DOMPointReadOnly per <https://www.w3.org/TR/geometry-1/#DOMPoint>

        Extended geometry/DOMPoint-001.html to test.

        * dom/DOMPoint.h:
        * dom/DOMPoint.idl:
        * dom/DOMPointReadOnly.h:
        (WebCore::DOMPointReadOnly::create):
        * dom/DOMPointReadOnly.idl:

2016-12-10  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure content extensions initialize AtomicString
        https://bugs.webkit.org/show_bug.cgi?id=165737

        Reviewed by Simon Fraser.

        Fixes two broken tests in TestWebkitAPI.

        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::isValidSelector):

2016-12-10  Simon Fraser  <simon.fraser@apple.com>

        Animation followed by transition doesn't always fire transitionend event
        https://bugs.webkit.org/show_bug.cgi?id=165731
        rdar://problem/28471240

        Reviewed by Zalan Bujtas.
        
        After r200047, a keyframe animation of an accelerated property followed by a
        transition didn't always fire a transitionend event.
        
        This happened if CompositeAnimation::timeToNextService() happend to be called
        when the transitions's timeToNextService() returned a positive value, but the
        keyframe animation still existed, but its timeToNextService() returned -1. In
        this case that -1 would clobber the positing minT.

        Fix by just continuing in each loop when the timeToNextService() returns -1.

        This code should probably be rewritten to use std::optional<double> rather than
        magic values.

        Test: animations/animation-followed-by-transition.html

        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::timeToNextService):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::addAnimation):
        (WebCore::GraphicsLayerCA::pauseAnimation):
        (WebCore::GraphicsLayerCA::removeAnimation):
        (WebCore::GraphicsLayerCA::platformCALayerAnimationStarted):
        (WebCore::GraphicsLayerCA::platformCALayerAnimationEnded):

2016-12-10  Sam Weinig  <sam@webkit.org>

        [WebIDL] Merge JSDictionary into Dictionary, and remove unused bits
        https://bugs.webkit.org/show_bug.cgi?id=165641

        Reviewed by Dan Bernstein.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        Remove JSDictionary.h/cpp

        * Modules/mediastream/RTCDataChannel.cpp:
        Remove unused #include of Dictionary.h

        * Modules/mediastream/RTCPeerConnection.cpp:
        * Modules/mediastream/RTCPeerConnection.h:
        Replace unnecessary #include of Dictionary in a header with forward declaration.

        * bindings/js/Dictionary.cpp:
        (WebCore::Dictionary::Dictionary):
        (WebCore::Dictionary::tryGetProperty):
        (WebCore::Dictionary::getOwnPropertyNames):
        (WebCore::Dictionary::convertValue):
        (WebCore::Dictionary::asJSObject<Notification>): Deleted.
        (WebCore::Dictionary::getOwnPropertiesAsStringHashMap): Deleted.
        (WebCore::Dictionary::getWithUndefinedOrNullCheck): Deleted.
        * bindings/js/Dictionary.h:
        (WebCore::Dictionary::isObject):
        (WebCore::Dictionary::isUndefinedOrNull):
        (WebCore::Dictionary::execState):
        (WebCore::Dictionary::initializerObject):
        (WebCore::Dictionary::isValid):
        (WebCore::Dictionary::convertValue):
        (WebCore::Dictionary::get):
        (WebCore::Dictionary::tryGetPropertyAndResult):
        (WebCore::Dictionary::getEventListener): Deleted.
        Merge JSDictionary into Dictionary. Remove all unused functions (some getters, lots
        of convertValue overrides). Modernize to taste.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier):
        (WebCore::getHashAlgorithm):
        (WebCore::createHmacParams):
        (WebCore::createHmacKeyParams):
        (WebCore::createRsaKeyGenParams):
        (WebCore::createRsaOaepParams):
        (WebCore::createRsaSsaParams):
        Update for rename. JSDictionary is now Dictionary.

        * bindings/js/JSDictionary.cpp: Removed.
        * bindings/js/JSDictionary.h: Removed.

        * dom/MutationObserver.cpp:
        Remove unused #include of Dictionary.h

2016-12-10  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Move CSSParserValues.h/.cpp to CSSParserSelector.h/.cpp
        https://bugs.webkit.org/show_bug.cgi?id=165730

        Reviewed by Simon Fraser.

        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSCustomPropertyValue.cpp:
        * css/CSSPrimitiveValue.cpp:
        * css/CSSSelectorList.cpp:
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/parser/CSSParserImpl.cpp:
        * css/parser/CSSParserSelector.cpp: Copied from Source/WebCore/css/parser/CSSParserValues.cpp.
        * css/parser/CSSParserSelector.h: Copied from Source/WebCore/css/parser/CSSParserValues.h.
        * css/parser/CSSParserValues.cpp: Removed.
        * css/parser/CSSParserValues.h: Removed.
        * css/parser/CSSSelectorParser.h:

2016-12-10  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Remove the pseudoclass/element hacks
        https://bugs.webkit.org/show_bug.cgi?id=165729

        Reviewed by Sam Weinig.

        * css/SelectorPseudoClassAndCompatibilityElementMap.in:
        * css/SelectorPseudoElementTypeMap.in:
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumePseudo):

2016-12-09  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for Geolocation
        https://bugs.webkit.org/show_bug.cgi?id=165625

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        Add/remove files.

        * Modules/geolocation/GeoNotifier.cpp:
        (WebCore::GeoNotifier::GeoNotifier):
        (WebCore::GeoNotifier::hasZeroTimeout):
        (WebCore::GeoNotifier::startTimerIfNeeded):
        * Modules/geolocation/GeoNotifier.h:
        (WebCore::GeoNotifier::create):
        (WebCore::GeoNotifier::options):
        Update to store PositionOptions as a value, and pass the PositionCallback
        as a Ref, rather than a RefPtr, since it is not optional.

        * Modules/geolocation/Geolocation.cpp:
        (WebCore::createGeoposition):
        Use auto, to get the good type for Coordinates (Ref).

        (WebCore::Geolocation::getCurrentPosition):
        (WebCore::Geolocation::watchPosition):
        (WebCore::Geolocation::haveSuitableCachedPosition):
        (WebCore::Geolocation::startUpdating):
        * Modules/geolocation/Geolocation.h:
        Update to pass PositionOptions itself now that it is a plain struct.

        * Modules/geolocation/Geolocation.idl:
        Remove [Custom] extended attribute and add FIXME about nullable annotation. 

        * Modules/geolocation/Geoposition.h:
        Pass/store Coordinates as a Ref.
 
        * Modules/geolocation/PositionOptions.h:
        Convert to be a simple struct.

        * Modules/geolocation/PositionOptions.idl:
        Added.
        
        * bindings/js/JSGeolocationCustom.cpp:
        Removed.

2016-12-09  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Remove the old CSS Parser
        https://bugs.webkit.org/show_bug.cgi?id=165645

        Reviewed by Daniel Bates.

        Remove the old CSS parser code. In doing so, code that used documentless
        CSSParserContexts is now going through the new parser. This resulted in
        some additional changes. These include:

        (1) Canvas color parsing switched to new parser's code. This resulted in
        progressions on canvas tests.

        (2) Support for CSSNamespaceRule in the CSS OM, since the Inspector's
        creation of CSS OM wrappers made it necessary to add this in. The old parser
        did not create style rules for namespaces, but the new one (and other browsers)
        did.

        (3) <font face="X"> now uses the new parser's font-family parsing code. This
        change was made in createFontFaceValue in CSSValuePool.

        (4) FontFace now uses a new function on the new parser called
        parseFontFaceDescriptor. This function sets things up so that parsing occurs
        as though you are inside a @font-face. The old parser let you call parseValue
        to parse "properties", but descriptors need to be handled differently in the
        new parser.

        (5) Illegal CSS rules in mediaControlsApple/ios.css forced me to add a quirk
        to handle chained shadow DOM pseudo-elements. This should not be allowed, but
        for now it is.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSCSSRuleCustom.cpp:
        (WebCore::toJSNewlyCreated):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        * css/CSSCalculationValue.cpp:
        (WebCore::unitCategory):
        (WebCore::hasDoubleValue):
        (WebCore::checkDepthAndIndexDeprecated): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseCalc): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::operatorValue): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValue): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueTerm): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueMultiplicativeExpression): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseAdditiveValueExpression): Deleted.
        (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueExpression): Deleted.
        * css/CSSCalculationValue.h:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::specifiedValueForGridTrackSize):
        * css/CSSCustomPropertyValue.cpp:
        (WebCore::CSSCustomPropertyValue::checkVariablesForCycles):
        (WebCore::CSSCustomPropertyValue::resolveVariableReferences):
        * css/CSSCustomPropertyValue.h:
        * css/CSSFunctionValue.cpp:
        (WebCore::CSSFunctionValue::CSSFunctionValue):
        (WebCore::CSSFunctionValue::customCSSText):
        (WebCore::CSSFunctionValue::append):
        (WebCore::CSSFunctionValue::buildParserValueSubstitutingVariables): Deleted.
        * css/CSSFunctionValue.h:
        * css/CSSGrammar.y.in: Removed.
        * css/CSSGrammar.y.includes: Removed.
        * css/CSSGroupingRule.cpp:
        (WebCore::CSSGroupingRule::insertRule):
        * css/CSSKeyframeRule.h:
        * css/CSSKeyframesRule.cpp:
        (WebCore::CSSKeyframesRule::appendRule):
        * css/CSSNamespaceRule.cpp: Added.
        (WebCore::CSSNamespaceRule::CSSNamespaceRule):
        (WebCore::CSSNamespaceRule::~CSSNamespaceRule):
        (WebCore::CSSNamespaceRule::namespaceURI):
        (WebCore::CSSNamespaceRule::prefix):
        (WebCore::CSSNamespaceRule::cssText):
        (WebCore::CSSNamespaceRule::reattach):
        * css/CSSNamespaceRule.h: Added.
        * css/CSSNamespaceRule.idl: Added.
        * css/CSSPrimitiveValue.cpp:
        (WebCore::isValidCSSUnitTypeForDoubleConversion):
        (WebCore::isStringType):
        (WebCore::CSSPrimitiveValue::cleanup):
        (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText):
        (WebCore::CSSPrimitiveValue::cloneForCSSOM):
        (WebCore::CSSPrimitiveValue::equals):
        (WebCore::CSSPrimitiveValue::buildParserValue): Deleted.
        * css/CSSPrimitiveValue.h:
        * css/CSSRule.h:
        * css/CSSRule.idl:
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::insertRule):
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals):
        (WebCore::CSSValue::cssText):
        (WebCore::CSSValue::destroy):
        * css/CSSValue.h:
        (WebCore::CSSValue::isCustomPropertyValue):
        (WebCore::CSSValue::hasVariableReferences):
        (WebCore::CSSValue::isVariableDependentValue): Deleted.
        (WebCore::CSSValue::isVariableValue): Deleted.
        * css/CSSValueList.cpp:
        (WebCore::CSSValueList::customCSSText):
        (WebCore::CSSValueList::containsVariables): Deleted.
        (WebCore::CSSValueList::checkVariablesForCycles): Deleted.
        (WebCore::CSSValueList::buildParserValueSubstitutingVariables): Deleted.
        (WebCore::CSSValueList::buildParserValueListSubstitutingVariables): Deleted.
        * css/CSSValueList.h:
        (WebCore::CSSValueList::createSlashSeparated):
        (WebCore::CSSValueList::createFromParserValueList): Deleted.
        * css/CSSValuePool.cpp:
        (WebCore::CSSValuePool::createFontFaceValue):
        * css/CSSVariableData.cpp:
        * css/CSSVariableDependentValue.cpp: Removed.
        * css/CSSVariableDependentValue.h: Removed.
        * css/CSSVariableValue.cpp: Removed.
        * css/CSSVariableValue.h: Removed.
        * css/DOMCSSNamespace.cpp:
        * css/FontFace.cpp:
        (WebCore::FontFace::parseString):
        * css/InspectorCSSOMWrappers.cpp:
        * css/MediaQueryExp.cpp:
        (WebCore::isFeatureValidWithIdentifier): Deleted.
        (WebCore::isFeatureValidWithNonNegativeLengthOrNumber): Deleted.
        (WebCore::isFeatureValidWithDensity): Deleted.
        (WebCore::isFeatureValidWithNonNegativeInteger): Deleted.
        (WebCore::isFeatureValidWithNonNegativeNumber): Deleted.
        (WebCore::isFeatureValidWithZeroOrOne): Deleted.
        (WebCore::isFeatureValidWithNumberWithUnit): Deleted.
        (WebCore::isFeatureValidWithNumber): Deleted.
        (WebCore::isSlash): Deleted.
        (WebCore::isPositiveIntegerValue): Deleted.
        * css/MediaQueryExp.h:
        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::setCssText):
        (WebCore::PropertySetCSSStyleDeclaration::setProperty):
        * css/SelectorPseudoTypeMap.h:
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::getPropertyValue):
        (WebCore::StyleProperties::getPropertyCSSValue):
        (WebCore::MutableStyleProperties::setCustomProperty):
        (WebCore::MutableStyleProperties::parseDeclaration):
        (WebCore::StyleProperties::asText):
        * css/StyleProperties.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):
        * css/StyleResolver.h:
        * css/StyleRule.cpp:
        (WebCore::StyleRuleBase::createCSSOMWrapper):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::parseString):
        (WebCore::StyleSheetContents::completeURL):
        (WebCore::StyleSheetContents::parseStringAtPosition): Deleted.
        * css/StyleSheetContents.h:
        * css/WebKitCSSMatrix.cpp:
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/parser/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):
        (WebCore::CSSParser::CSSParser):
        (WebCore::CSSParser::parseSheet):
        (WebCore::CSSParser::parseRule):
        (WebCore::CSSParser::parseKeyframeRule):
        (WebCore::CSSParser::parseSupportsCondition):
        (WebCore::CSSParser::parseColor):
        (WebCore::CSSParser::parseSystemColor):
        (WebCore::CSSParser::parseSingleValue):
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseCustomPropertyValue):
        (WebCore::CSSParser::parseSelector):
        (WebCore::CSSParser::parseInlineStyleDeclaration):
        (WebCore::CSSParser::parseDeclaration):
        (WebCore::CSSParser::parseValueWithVariableReferences):
        (WebCore::CSSParser::parseKeyframeKeyList):
        (WebCore::CSSParser::parseFontFaceDescriptor):
        (WebCore::equalLettersIgnoringASCIICase): Deleted.
        (WebCore::hasPrefix): Deleted.
        (WebCore::createPrimitiveValuePair): Deleted.
        (WebCore::AnimationParseContext::commitFirstAnimation): Deleted.
        (WebCore::AnimationParseContext::hasCommittedFirstAnimation): Deleted.
        (WebCore::AnimationParseContext::commitAnimationPropertyKeyword): Deleted.
        (WebCore::AnimationParseContext::animationPropertyKeywordAllowed): Deleted.
        (WebCore::AnimationParseContext::hasSeenAnimationPropertyKeyword): Deleted.
        (WebCore::AnimationParseContext::sawAnimationPropertyKeyword): Deleted.
        (): Deleted.
        (WebCore::convertToASCIILowercaseInPlace): Deleted.
        (WebCore::CSSParserString::convertToASCIILowercaseInPlace): Deleted.
        (WebCore::CSSParser::setupParser): Deleted.
        (WebCore::isColorPropertyID): Deleted.
        (WebCore::CSSParser::isValidSystemColorValue): Deleted.
        (WebCore::validPrimitiveValueColor): Deleted.
        (WebCore::parseColorValue): Deleted.
        (WebCore::isSimpleLengthPropertyID): Deleted.
        (WebCore::parseSimpleLength): Deleted.
        (WebCore::parseSimpleLengthValue): Deleted.
        (WebCore::isValidKeywordPropertyAndValue): Deleted.
        (WebCore::isUniversalKeyword): Deleted.
        (WebCore::isKeywordPropertyID): Deleted.
        (WebCore::parseKeywordValue): Deleted.
        (WebCore::parseTransformTranslateArguments): Deleted.
        (WebCore::parseTranslateTransformValue): Deleted.
        (WebCore::CSSParser::parseFontFaceValue): Deleted.
        (WebCore::CSSParser::parseColorFromString): Deleted.
        (WebCore::CSSParser::parseDeclarationDeprecated): Deleted.
        (WebCore::filterProperties): Deleted.
        (WebCore::CSSParser::createStyleProperties): Deleted.
        (WebCore::CSSParser::addProperty): Deleted.
        (WebCore::CSSParser::rollbackLastProperties): Deleted.
        (WebCore::CSSParser::clearProperties): Deleted.
        (WebCore::CSSParser::completeURL): Deleted.
        (WebCore::CSSParser::validateCalculationUnit): Deleted.
        (WebCore::CSSParser::shouldAcceptUnitLessValues): Deleted.
        (WebCore::CSSParser::validateUnit): Deleted.
        (WebCore::CSSParser::createPrimitiveNumericValue): Deleted.
        (WebCore::CSSParser::createPrimitiveStringValue): Deleted.
        (WebCore::isComma): Deleted.
        (WebCore::isForwardSlashOperator): Deleted.
        (WebCore::CSSParser::isValidSize): Deleted.
        (WebCore::CSSParser::parseValidPrimitive): Deleted.
        (WebCore::CSSParser::addExpandedPropertyForValue): Deleted.
        (WebCore::isImageSetFunctionValue): Deleted.
        (WebCore::CSSParser::addFillValue): Deleted.
        (WebCore::isContentDistributionKeyword): Deleted.
        (WebCore::isContentPositionKeyword): Deleted.
        (WebCore::isBaselinePositionKeyword): Deleted.
        (WebCore::isAlignmentOverflowKeyword): Deleted.
        (WebCore::isItemPositionKeyword): Deleted.
        (WebCore::CSSParser::parseLegacyPosition): Deleted.
        (WebCore::CSSParser::parseContentDistributionOverflowPosition): Deleted.
        (WebCore::CSSParser::parseItemPositionOverflowPosition): Deleted.
        (WebCore::parseBackgroundClip): Deleted.
        (WebCore::CSSParser::useLegacyBackgroundSizeShorthandBehavior): Deleted.
        (WebCore::CSSParser::parseNonElementSnapPoints): Deleted.
        (WebCore::CSSParser::parseScrollSnapPositions): Deleted.
        (WebCore::CSSParser::parseScrollSnapDestination): Deleted.
        (WebCore::CSSParser::parseScrollSnapCoordinate): Deleted.
        (WebCore::CSSParser::parseFillShorthand): Deleted.
        (WebCore::CSSParser::addAnimationValue): Deleted.
        (WebCore::CSSParser::parseAnimationShorthand): Deleted.
        (WebCore::CSSParser::parseColumnWidth): Deleted.
        (WebCore::CSSParser::parseColumnCount): Deleted.
        (WebCore::CSSParser::parseColumnsShorthand): Deleted.
        (WebCore::CSSParser::parseTransitionShorthand): Deleted.
        (WebCore::CSSParser::parseShorthand): Deleted.
        (WebCore::CSSParser::parse4Values): Deleted.
        (WebCore::CSSParser::parsePage): Deleted.
        (WebCore::CSSParser::parseSize): Deleted.
        (WebCore::CSSParser::parseSizeParameter): Deleted.
        (WebCore::CSSParser::parseQuotes): Deleted.
        (WebCore::CSSParser::parseAlt): Deleted.
        (WebCore::CSSParser::parseCustomPropertyDeclaration): Deleted.
        (WebCore::CSSParser::parseContent): Deleted.
        (WebCore::CSSParser::parseAttr): Deleted.
        (WebCore::CSSParser::parseBackgroundColor): Deleted.
        (WebCore::CSSParser::parseFillImage): Deleted.
        (WebCore::CSSParser::parsePositionX): Deleted.
        (WebCore::CSSParser::parsePositionY): Deleted.
        (WebCore::CSSParser::parseFillPositionComponent): Deleted.
        (WebCore::isValueConflictingWithCurrentEdge): Deleted.
        (WebCore::isFillPositionKeyword): Deleted.
        (WebCore::CSSParser::parse4ValuesFillPosition): Deleted.
        (WebCore::CSSParser::parse3ValuesFillPosition): Deleted.
        (WebCore::CSSParser::isPotentialPositionValue): Deleted.
        (WebCore::CSSParser::parseFillPosition): Deleted.
        (WebCore::CSSParser::parse2ValuesFillPosition): Deleted.
        (WebCore::CSSParser::parseFillRepeat): Deleted.
        (WebCore::CSSParser::parseFillSize): Deleted.
        (WebCore::CSSParser::parseFillProperty): Deleted.
        (WebCore::CSSParser::parseAnimationDelay): Deleted.
        (WebCore::CSSParser::parseAnimationDirection): Deleted.
        (WebCore::CSSParser::parseAnimationDuration): Deleted.
        (WebCore::CSSParser::parseAnimationFillMode): Deleted.
        (WebCore::CSSParser::parseAnimationIterationCount): Deleted.
        (WebCore::CSSParser::parseAnimationName): Deleted.
        (WebCore::CSSParser::parseAnimationPlayState): Deleted.
        (WebCore::CSSParser::parseAnimationTrigger): Deleted.
        (WebCore::CSSParser::parseAnimationProperty): Deleted.
        (WebCore::CSSParser::parseTransformOriginShorthand): Deleted.
        (WebCore::CSSParser::isSpringTimingFunctionEnabled): Deleted.
        (WebCore::CSSParser::parseCubicBezierTimingFunctionValue): Deleted.
        (WebCore::CSSParser::parseSpringTimingFunctionValue): Deleted.
        (WebCore::CSSParser::parseAnimationTimingFunction): Deleted.
        (WebCore::isValidGridPositionCustomIdent): Deleted.
        (WebCore::CSSParser::parseIntegerOrCustomIdentFromGridPosition): Deleted.
        (WebCore::CSSParser::parseGridPosition): Deleted.
        (WebCore::gridMissingGridPositionValue): Deleted.
        (WebCore::CSSParser::parseGridItemPositionShorthand): Deleted.
        (WebCore::CSSParser::parseGridGapShorthand): Deleted.
        (WebCore::CSSParser::parseGridTemplateColumns): Deleted.
        (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Deleted.
        (WebCore::CSSParser::parseGridTemplateShorthand): Deleted.
        (WebCore::parseImplicitAutoFlow): Deleted.
        (WebCore::CSSParser::parseGridShorthand): Deleted.
        (WebCore::CSSParser::parseGridAreaShorthand): Deleted.
        (WebCore::CSSParser::parseSingleGridAreaLonghand): Deleted.
        (WebCore::CSSParser::parseGridLineNames): Deleted.
        (WebCore::isGridTrackFixedSized): Deleted.
        (WebCore::CSSParser::parseGridTrackList): Deleted.
        (WebCore::CSSParser::parseGridTrackRepeatFunction): Deleted.
        (WebCore::CSSParser::parseGridTrackSize): Deleted.
        (WebCore::CSSParser::parseGridBreadth): Deleted.
        (WebCore::isValidGridAutoFlowId): Deleted.
        (WebCore::CSSParser::parseGridAutoFlow): Deleted.
        (WebCore::skipCommaInDashboardRegion): Deleted.
        (WebCore::CSSParser::parseDashboardRegions): Deleted.
        (WebCore::parseGridTemplateAreasColumnNames): Deleted.
        (WebCore::CSSParser::parseGridTemplateAreasRow): Deleted.
        (WebCore::CSSParser::parseGridTemplateAreas): Deleted.
        (WebCore::CSSParser::parseCounterContent): Deleted.
        (WebCore::CSSParser::parseClipShape): Deleted.
        (WebCore::completeBorderRadii): Deleted.
        (WebCore::CSSParser::parseInsetRoundedCorners): Deleted.
        (WebCore::CSSParser::parseBasicShapeInset): Deleted.
        (WebCore::CSSParser::parseShapeRadius): Deleted.
        (WebCore::CSSParser::parseBasicShapeCircle): Deleted.
        (WebCore::CSSParser::parseBasicShapeEllipse): Deleted.
        (WebCore::CSSParser::parseBasicShapePolygon): Deleted.
        (WebCore::CSSParser::parseBasicShapePath): Deleted.
        (WebCore::isBoxValue): Deleted.
        (WebCore::CSSParser::parseBasicShapeAndOrBox): Deleted.
        (WebCore::CSSParser::parseShapeProperty): Deleted.
        (WebCore::CSSParser::parseClipPath): Deleted.
        (WebCore::CSSParser::parseBasicShape): Deleted.
        (WebCore::CSSParser::parseFont): Deleted.
        (WebCore::CSSParser::parseSystemFont): Deleted.
        (WebCore::FontFamilyValueBuilder::FontFamilyValueBuilder): Deleted.
        (WebCore::FontFamilyValueBuilder::add): Deleted.
        (WebCore::FontFamilyValueBuilder::commit): Deleted.
        (WebCore::valueIsCSSKeyword): Deleted.
        (WebCore::CSSParser::parseFontFamily): Deleted.
        (WebCore::CSSParser::parseLineHeight): Deleted.
        (WebCore::CSSParser::parseFontSize): Deleted.
        (WebCore::createFontWeightValueKeyword): Deleted.
        (WebCore::CSSParser::parseFontWeight): Deleted.
        (WebCore::CSSParser::parseFontSynthesis): Deleted.
        (WebCore::CSSParser::parseFontFaceSrcURI): Deleted.
        (WebCore::CSSParser::parseFontFaceSrcLocal): Deleted.
        (WebCore::CSSParser::parseFontFaceSrc): Deleted.
        (WebCore::CSSParser::parseFontFaceUnicodeRange): Deleted.
        (WebCore::checkForValidDouble): Deleted.
        (WebCore::parseDouble): Deleted.
        (WebCore::parseColorIntOrPercentage): Deleted.
        (WebCore::isTenthAlpha): Deleted.
        (WebCore::parseAlphaValue): Deleted.
        (WebCore::mightBeRGBA): Deleted.
        (WebCore::mightBeRGB): Deleted.
        (WebCore::fastParseColorInternal): Deleted.
        (WebCore::CSSParser::fastParseColor): Deleted.
        (WebCore::CSSParser::parsedDouble): Deleted.
        (WebCore::CSSParser::isCalculation): Deleted.
        (WebCore::isPercent): Deleted.
        (WebCore::CSSParser::parseColorInt): Deleted.
        (WebCore::CSSParser::parseColorDouble): Deleted.
        (WebCore::CSSParser::parseRGBParameters): Deleted.
        (WebCore::CSSParser::parseColorFunctionParameters): Deleted.
        (WebCore::CSSParser::parseHSLParameters): Deleted.
        (WebCore::CSSParser::parseColorFromValue): Deleted.
        (WebCore::ShadowParseContext::ShadowParseContext): Deleted.
        (WebCore::ShadowParseContext::allowLength): Deleted.
        (WebCore::ShadowParseContext::commitValue): Deleted.
        (WebCore::ShadowParseContext::commitLength): Deleted.
        (WebCore::ShadowParseContext::commitColor): Deleted.
        (WebCore::ShadowParseContext::commitStyle): Deleted.
        (WebCore::CSSParser::parseShadow): Deleted.
        (WebCore::CSSParser::parseReflect): Deleted.
        (WebCore::CSSParser::parseFlex): Deleted.
        (WebCore::BorderImageParseContext::BorderImageParseContext): Deleted.
        (WebCore::BorderImageParseContext::canAdvance): Deleted.
        (WebCore::BorderImageParseContext::setCanAdvance): Deleted.
        (WebCore::BorderImageParseContext::allowCommit): Deleted.
        (WebCore::BorderImageParseContext::allowImage): Deleted.
        (WebCore::BorderImageParseContext::allowImageSlice): Deleted.
        (WebCore::BorderImageParseContext::allowRepeat): Deleted.
        (WebCore::BorderImageParseContext::allowForwardSlashOperator): Deleted.
        (WebCore::BorderImageParseContext::requireWidth): Deleted.
        (WebCore::BorderImageParseContext::requireOutset): Deleted.
        (WebCore::BorderImageParseContext::commitImage): Deleted.
        (WebCore::BorderImageParseContext::commitImageSlice): Deleted.
        (WebCore::BorderImageParseContext::commitForwardSlashOperator): Deleted.
        (WebCore::BorderImageParseContext::commitBorderWidth): Deleted.
        (WebCore::BorderImageParseContext::commitBorderOutset): Deleted.
        (WebCore::BorderImageParseContext::commitRepeat): Deleted.
        (WebCore::BorderImageParseContext::commitWebKitBorderImage): Deleted.
        (WebCore::BorderImageParseContext::commitBorderImage): Deleted.
        (WebCore::BorderImageParseContext::commitBorderImageProperty): Deleted.
        (WebCore::CSSParser::parseBorderImage): Deleted.
        (WebCore::isBorderImageRepeatKeyword): Deleted.
        (WebCore::CSSParser::parseBorderImageRepeat): Deleted.
        (WebCore::BorderImageSliceParseContext::BorderImageSliceParseContext): Deleted.
        (WebCore::BorderImageSliceParseContext::allowNumber): Deleted.
        (WebCore::BorderImageSliceParseContext::allowFill): Deleted.
        (WebCore::BorderImageSliceParseContext::allowFinalCommit): Deleted.
        (WebCore::BorderImageSliceParseContext::top): Deleted.
        (WebCore::BorderImageSliceParseContext::commitNumber): Deleted.
        (WebCore::BorderImageSliceParseContext::commitFill): Deleted.
        (WebCore::BorderImageSliceParseContext::commitBorderImageSlice): Deleted.
        (WebCore::CSSParser::parseBorderImageSlice): Deleted.
        (WebCore::BorderImageQuadParseContext::BorderImageQuadParseContext): Deleted.
        (WebCore::BorderImageQuadParseContext::allowNumber): Deleted.
        (WebCore::BorderImageQuadParseContext::allowFinalCommit): Deleted.
        (WebCore::BorderImageQuadParseContext::top): Deleted.
        (WebCore::BorderImageQuadParseContext::commitNumber): Deleted.
        (WebCore::BorderImageQuadParseContext::setAllowFinalCommit): Deleted.
        (WebCore::BorderImageQuadParseContext::setTop): Deleted.
        (WebCore::BorderImageQuadParseContext::commitBorderImageQuad): Deleted.
        (WebCore::CSSParser::parseBorderImageQuad): Deleted.
        (WebCore::CSSParser::parseBorderImageWidth): Deleted.
        (WebCore::CSSParser::parseBorderImageOutset): Deleted.
        (WebCore::CSSParser::parseBorderRadius): Deleted.
        (WebCore::CSSParser::parseAspectRatio): Deleted.
        (WebCore::CSSParser::parseCounter): Deleted.
        (WebCore::parseDeprecatedGradientPoint): Deleted.
        (WebCore::parseDeprecatedGradientColorStop): Deleted.
        (WebCore::CSSParser::parseDeprecatedGradient): Deleted.
        (WebCore::valueFromSideKeyword): Deleted.
        (WebCore::parseGradientColorOrKeyword): Deleted.
        (WebCore::CSSParser::parseDeprecatedLinearGradient): Deleted.
        (WebCore::CSSParser::parseDeprecatedRadialGradient): Deleted.
        (WebCore::CSSParser::parseLinearGradient): Deleted.
        (WebCore::CSSParser::parseRadialGradient): Deleted.
        (WebCore::CSSParser::parseGradientColorStops): Deleted.
        (WebCore::CSSParser::isGeneratedImageValue): Deleted.
        (WebCore::CSSParser::parseGeneratedImage): Deleted.
        (WebCore::CSSParser::parseFilterImage): Deleted.
        (WebCore::CSSParser::parseCrossfade): Deleted.
        (WebCore::CSSParser::parseCanvas): Deleted.
        (WebCore::CSSParser::parseNamedImage): Deleted.
        (WebCore::CSSParser::parseImageResolution): Deleted.
        (WebCore::CSSParser::parseImageSet): Deleted.
        (WebCore::TransformOperationInfo::TransformOperationInfo): Deleted.
        (WebCore::TransformOperationInfo::type): Deleted.
        (WebCore::TransformOperationInfo::argCount): Deleted.
        (WebCore::TransformOperationInfo::unit): Deleted.
        (WebCore::TransformOperationInfo::unknown): Deleted.
        (WebCore::TransformOperationInfo::hasCorrectArgCount): Deleted.
        (WebCore::CSSParser::parseTransform): Deleted.
        (WebCore::CSSParser::parseTransformValue): Deleted.
        (WebCore::CSSParser::isBlendMode): Deleted.
        (WebCore::CSSParser::isCompositeOperator): Deleted.
        (WebCore::isValidPrimitiveFilterFunction): Deleted.
        (WebCore::CSSParser::parseBuiltinFilterArguments): Deleted.
        (WebCore::cssValueKeywordIDForFunctionName): Deleted.
        (WebCore::CSSParser::parseFilter): Deleted.
        (WebCore::validFlowName): Deleted.
        (WebCore::CSSParser::isTextAutosizingEnabled): Deleted.
        (WebCore::CSSParser::isCSSGridLayoutEnabled): Deleted.
        (WebCore::CSSParser::parseFlowThread): Deleted.
        (WebCore::CSSParser::parseRegionThread): Deleted.
        (WebCore::CSSParser::parseTransformOrigin): Deleted.
        (WebCore::CSSParser::parsePerspectiveOrigin): Deleted.
        (WebCore::CSSParser::addTextDecorationProperty): Deleted.
        (WebCore::CSSParser::parseTextDecoration): Deleted.
        (WebCore::CSSParser::parseTextDecorationSkip): Deleted.
        (WebCore::CSSParser::parseTextUnderlinePosition): Deleted.
        (WebCore::CSSParser::parseTextEmphasisStyle): Deleted.
        (WebCore::CSSParser::parseTextEmphasisPosition): Deleted.
        (WebCore::CSSParser::parseTextIndent): Deleted.
        (WebCore::CSSParser::parseHangingPunctuation): Deleted.
        (WebCore::CSSParser::parseLineBoxContain): Deleted.
        (WebCore::CSSParser::parseFontFeatureTag): Deleted.
        (WebCore::CSSParser::parseFontFeatureSettings): Deleted.
        (WebCore::CSSParser::parseFontVariationTag): Deleted.
        (WebCore::CSSParser::parseFontVariationSettings): Deleted.
        (WebCore::CSSParser::parseFontVariantLigatures): Deleted.
        (WebCore::CSSParser::parseFontVariantNumeric): Deleted.
        (WebCore::CSSParser::parseFontVariantEastAsian): Deleted.
        (WebCore::CSSParser::parseFontVariant): Deleted.
        (WebCore::isValidWillChangeAnimatableFeature): Deleted.
        (WebCore::CSSParser::parseWillChange): Deleted.
        (WebCore::CSSParser::parseCalculation): Deleted.
        (WebCore::isCSSLetter): Deleted.
        (WebCore::isCSSEscape): Deleted.
        (WebCore::isURILetter): Deleted.
        (WebCore::isIdentifierStartAfterDash): Deleted.
        (WebCore::isCustomPropertyIdentifier): Deleted.
        (WebCore::isEqualToCSSIdentifier): Deleted.
        (WebCore::isEqualToCSSCaseSensitiveIdentifier): Deleted.
        (WebCore::checkAndSkipEscape): Deleted.
        (WebCore::skipWhiteSpace): Deleted.
        (WebCore::CSSParserString::characters<LChar>): Deleted.
        (WebCore::CSSParserString::characters<UChar>): Deleted.
        (WebCore::CSSParser::currentCharacter<LChar>): Deleted.
        (WebCore::CSSParser::currentCharacter<UChar>): Deleted.
        (WebCore::CSSParser::currentCharacter16): Deleted.
        (WebCore::CSSParser::tokenStart<LChar>): Deleted.
        (WebCore::CSSParser::tokenStart<UChar>): Deleted.
        (WebCore::CSSParser::currentLocation): Deleted.
        (WebCore::CSSParser::isIdentifierStart): Deleted.
        (WebCore::checkAndSkipString): Deleted.
        (WebCore::CSSParser::parseEscape): Deleted.
        (WebCore::CSSParser::UnicodeToChars<LChar>): Deleted.
        (WebCore::CSSParser::UnicodeToChars<UChar>): Deleted.
        (WebCore::CSSParser::parseIdentifierInternal): Deleted.
        (WebCore::CSSParser::parseIdentifier): Deleted.
        (WebCore::CSSParser::parseStringInternal): Deleted.
        (WebCore::CSSParser::parseString): Deleted.
        (WebCore::CSSParser::findURI): Deleted.
        (WebCore::CSSParser::parseURIInternal): Deleted.
        (WebCore::CSSParser::parseURI): Deleted.
        (WebCore::CSSParser::parseUnicodeRange): Deleted.
        (WebCore::CSSParser::parseNthChild): Deleted.
        (WebCore::CSSParser::parseNthChildExtra): Deleted.
        (WebCore::CSSParser::detectFunctionTypeToken): Deleted.
        (WebCore::CSSParser::detectMediaQueryToken): Deleted.
        (WebCore::CSSParser::detectNumberToken): Deleted.
        (WebCore::CSSParser::detectDashToken): Deleted.
        (WebCore::CSSParser::detectAtToken): Deleted.
        (WebCore::CSSParser::detectSupportsToken): Deleted.
        (WebCore::CSSParser::realLex): Deleted.
        (WebCore::CSSParser::createImportRule): Deleted.
        (WebCore::CSSParser::createMediaRule): Deleted.
        (WebCore::CSSParser::createEmptyMediaRule): Deleted.
        (WebCore::CSSParser::createSupportsRule): Deleted.
        (WebCore::CSSParser::markSupportsRuleHeaderStart): Deleted.
        (WebCore::CSSParser::markSupportsRuleHeaderEnd): Deleted.
        (WebCore::CSSParser::popSupportsRuleData): Deleted.
        (WebCore::CSSParser::processAndAddNewRuleToSourceTreeIfNeeded): Deleted.
        (WebCore::CSSParser::addNewRuleToSourceTree): Deleted.
        (WebCore::CSSParser::popRuleData): Deleted.
        (WebCore::CSSParser::syntaxError): Deleted.
        (WebCore::CSSParser::isLoggingErrors): Deleted.
        (WebCore::CSSParser::logError): Deleted.
        (WebCore::CSSParser::createKeyframesRule): Deleted.
        (WebCore::CSSParser::createStyleRule): Deleted.
        (WebCore::CSSParser::createFontFaceRule): Deleted.
        (WebCore::CSSParser::addNamespace): Deleted.
        (WebCore::CSSParser::determineNameInNamespace): Deleted.
        (WebCore::CSSParser::rewriteSpecifiersWithNamespaceIfNeeded): Deleted.
        (WebCore::CSSParser::rewriteSpecifiersWithElementName): Deleted.
        (WebCore::CSSParser::rewriteSpecifiers): Deleted.
        (WebCore::CSSParser::createPageRule): Deleted.
        (WebCore::CSSParser::createSelectorVector): Deleted.
        (WebCore::CSSParser::recycleSelectorVector): Deleted.
        (WebCore::CSSParser::createRegionRule): Deleted.
        (WebCore::CSSParser::createMarginAtRule): Deleted.
        (WebCore::CSSParser::startDeclarationsForMarginBox): Deleted.
        (WebCore::CSSParser::endDeclarationsForMarginBox): Deleted.
        (WebCore::CSSParser::createKeyframe): Deleted.
        (WebCore::CSSParser::invalidBlockHit): Deleted.
        (WebCore::CSSParser::updateLastMediaLine): Deleted.
        (WebCore::fixUnparsedProperties): Deleted.
        (WebCore::CSSParser::fixUnparsedPropertyRanges): Deleted.
        (WebCore::CSSParser::markRuleHeaderStart): Deleted.
        (WebCore::CSSParser::setRuleHeaderEnd): Deleted.
        (WebCore::CSSParser::markRuleHeaderEnd): Deleted.
        (WebCore::CSSParser::markSelectorStart): Deleted.
        (WebCore::CSSParser::markSelectorEnd): Deleted.
        (WebCore::CSSParser::markRuleBodyStart): Deleted.
        (WebCore::CSSParser::markRuleBodyEnd): Deleted.
        (WebCore::CSSParser::markPropertyStart): Deleted.
        (WebCore::CSSParser::markPropertyEnd): Deleted.
        (WebCore::CSSParser::createViewportRule): Deleted.
        (WebCore::CSSParser::parseViewportProperty): Deleted.
        (WebCore::CSSParser::parseViewportShorthand): Deleted.
        (WebCore::isAppleLegacyCSSPropertyKeyword): Deleted.
        (WebCore::cssPropertyID): Deleted.
        (WebCore::cssPropertyNameIOSAliasing): Deleted.
        (WebCore::isAppleLegacyCSSValueKeyword): Deleted.
        (WebCore::cssValueKeywordID): Deleted.
        (WebCore::isValidNthToken): Deleted.
        * css/parser/CSSParser.h:
        (): Deleted.
        (WebCore::CSSParser::ValueWithCalculation::ValueWithCalculation): Deleted.
        (WebCore::CSSParser::ValueWithCalculation::value): Deleted.
        (WebCore::CSSParser::ValueWithCalculation::operator CSSParserValue&): Deleted.
        (WebCore::CSSParser::ValueWithCalculation::calculation): Deleted.
        (WebCore::CSSParser::ValueWithCalculation::setCalculation): Deleted.
        (WebCore::CSSParser::hasProperties): Deleted.
        (WebCore::CSSParser::startNestedSelectorList): Deleted.
        (WebCore::CSSParser::endNestedSelectorList): Deleted.
        (WebCore::CSSParser::resetPropertyRange): Deleted.
        (WebCore::CSSParser::isExtractingSourceData): Deleted.
        (WebCore::CSSParser::lex): Deleted.
        (WebCore::CSSParser::token): Deleted.
        (WebCore::CSSParser::markViewportRuleBodyStart): Deleted.
        (WebCore::CSSParser::markViewportRuleBodyEnd): Deleted.
        (WebCore::CSSParser::setCustomPropertyName): Deleted.
        (WebCore::CSSParser::is8BitSource): Deleted.
        (WebCore::CSSParser::setStyleSheet): Deleted.
        (WebCore::CSSParser::inStrictMode): Deleted.
        (WebCore::CSSParser::inQuirksMode): Deleted.
        (WebCore::CSSParser::setupParser): Deleted.
        (WebCore::CSSParser::inShorthand): Deleted.
        (WebCore::CSSParser::inViewport): Deleted.
        (WebCore::CSSParser::operator|): Deleted.
        (WebCore::CSSParser::validateUnit): Deleted.
        (WebCore::ShorthandScope::ShorthandScope): Deleted.
        (WebCore::ShorthandScope::~ShorthandScope): Deleted.
        (WebCore::CSSParser::setTokenStart<LChar>): Deleted.
        (WebCore::CSSParser::setTokenStart<UChar>): Deleted.
        (WebCore::CSSParser::tokenStartOffset): Deleted.
        (WebCore::CSSParser::currentCharacterOffset): Deleted.
        (WebCore::CSSParser::tokenStartChar): Deleted.
        (WebCore::isCustomPropertyName): Deleted.
        (WebCore::cssyylex): Deleted.
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        * css/parser/CSSParserMode.h:
        (WebCore::CSSParserContextHash::hash):
        * css/parser/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::setSelectorList):
        (WebCore::destroy): Deleted.
        (WebCore::CSSParserValueList::~CSSParserValueList): Deleted.
        (WebCore::CSSParserValueList::addValue): Deleted.
        (WebCore::CSSParserValueList::insertValueAt): Deleted.
        (WebCore::CSSParserValueList::extend): Deleted.
        (WebCore::CSSParserValueList::containsVariables): Deleted.
        (WebCore::CSSParserValue::createCSSValue): Deleted.
        (WebCore::CSSParserSelector::parsePseudoElementSelector): Deleted.
        (WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector): Deleted.
        (WebCore::CSSParserSelector::parsePseudoElementSlottedFunctionSelector): Deleted.
        (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector): Deleted.
        (WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector): Deleted.
        (WebCore::CSSParserSelector::setPseudoClassValue): Deleted.
        * css/parser/CSSParserValues.h:
        (WebCore::CSSParserString::init): Deleted.
        (WebCore::CSSParserString::clear): Deleted.
        (WebCore::CSSParserString::is8Bit): Deleted.
        (WebCore::CSSParserString::characters8): Deleted.
        (WebCore::CSSParserString::characters16): Deleted.
        (WebCore::CSSParserString::length): Deleted.
        (WebCore::CSSParserString::setLength): Deleted.
        (WebCore::CSSParserString::operator[]): Deleted.
        (WebCore::CSSParserString::operator String): Deleted.
        (WebCore::CSSParserString::operator AtomicString): Deleted.
        (WebCore::CSSParserString::toStringView): Deleted.
        (): Deleted.
        (WebCore::CSSParserValueList::CSSParserValueList): Deleted.
        (WebCore::CSSParserValueList::size): Deleted.
        (WebCore::CSSParserValueList::currentIndex): Deleted.
        (WebCore::CSSParserValueList::current): Deleted.
        (WebCore::CSSParserValueList::next): Deleted.
        (WebCore::CSSParserValueList::previous): Deleted.
        (WebCore::CSSParserValueList::setCurrentIndex): Deleted.
        (WebCore::CSSParserValueList::valueAt): Deleted.
        (WebCore::CSSParserValueList::clear): Deleted.
        (WebCore::CSSParserValue::setFromValueList): Deleted.
        (WebCore::equalLettersIgnoringASCIICase): Deleted.
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::isCustomPropertyName):
        (WebCore::cssPropertyNameIOSAliasing):
        * css/parser/CSSPropertyParser.h:
        * css/parser/SVGCSSParser.cpp: Removed.
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::createSheet):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheet::ensureSourceData):
        (WebCore::InspectorStyleSheetForInlineStyle::ruleSourceData):
        * page/animation/AnimationController.cpp:
        * rendering/style/RenderStyle.cpp:
        * svg/SVGAnimateElementBase.cpp:
        * svg/SVGAnimationElement.cpp:
        * svg/SVGElement.cpp:

2016-12-10  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Include WTF, JSC, and WebCore headers automatically to targers using them
        https://bugs.webkit.org/show_bug.cgi?id=165686

        Reviewed by Michael Catanzaro.

        This change reduces duplication of include path lists between modules,
        and reduces future need for fixes like r209605 (broken build because of
        WebCore header suddenly becoming used in WebKit2).

        No new tests needed.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWinCairo.cmake:

2016-12-10  Ryosuke Niwa  <rniwa@webkit.org>

        Replace isUnclosedNode by isClosedShadowHidden
        https://bugs.webkit.org/show_bug.cgi?id=165722

        Reviewed by Antti Koivisto.

        Replaced Node::isUnclosedNode by Node::isClosedShadowHidden and negated the semantics as done in the spec:
        https://dom.spec.whatwg.org/#concept-closed-shadow-hidden
        https://github.com/whatwg/dom/pull/306

        Also added a version which follows the spec text for a debug assertion.

        No new tests since this has no behavioral change.

        * dom/EventContext.h:
        (WebCore::EventContext::isUnreachableNode):
        * dom/EventPath.cpp:
        (WebCore::EventPath::computePathUnclosedToTarget):
        (WebCore::RelatedNodeRetargeter::checkConsistency):
        * dom/Node.cpp:
        (WebCore::isClosedShadowHiddenUsingSpecDefinition): Added to assert our implementation matches the spec text.
        (WebCore::Node::isClosedShadowHidden): Renamed from Node::isUnclosedNode and negated the return value.
        * dom/Node.h:

2016-12-10  Antti Koivisto  <antti@apple.com>

        CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebCore: WTF::match_constness<WebCore::CSSValue, WebCore::CSSContentDistributionValue>::type& WTF::downcast<WebCore::CSSContentDistributionValue, WebCore::CSSValue> + 65
        https://bugs.webkit.org/show_bug.cgi?id=165652
        rdar://problem/28465278

        Reviewed by Darin Adler.

        No, test don't know how to get here.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertContentAlignmentData):

        Add type checks.

2016-12-10  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] RSA algorithms should allow importing keys without usages
        https://bugs.webkit.org/show_bug.cgi?id=165680
        <rdar://problem/29601354>

        Reviewed by Brent Fulgham.

        Tests: crypto/subtle/rsa-oaep-import-jwk-public-key-empty-usages.html
               crypto/subtle/rsa-oaep-import-spki-key-empty-usages.html
               crypto/subtle/rsaes-pkcs1-v1_5-import-jwk-public-key-empty-usages.html
               crypto/subtle/rsaes-pkcs1-v1_5-import-spki-key-empty-usages.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-public-key-empty-usages.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-spki-key-empty-usages.html

        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::importKey):

2016-12-10  Frederic Wang  <fred.wang@free.fr>

        Add STIX Two Math to the list of math fonts in mathml.css
        https://bugs.webkit.org/show_bug.cgi?id=165676

        Reviewed by Darin Adler.

        No new tests, this is just changing default style.

        * css/mathml.css:
        (math):

2016-12-09  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement ReadableByteStreamController desiredSize
        https://bugs.webkit.org/show_bug.cgi?id=165599

        Reviewed by Darin Adler.

        Implemented ReadableByteStreamController attribute desiredSize.

        Added test to check desiredSize value.

        * Modules/streams/ReadableByteStreamController.js:
        (desiredSize):
        * Modules/streams/ReadableByteStreamInternals.js:
        (readableByteStreamControllerGetDesiredSize):

2016-12-09  Ryosuke Niwa  <rniwa@webkit.org>

        document.pointerLockElement exposes a node inside a shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=165702

        Reviewed by Simon Fraser.

        Expose pointerLockElement on ShadowRoot as spec'ed (DocumentOrShadowRoot):
        https://w3c.github.io/pointerlock/#extensions-to-the-documentorshadowroot-mixin

        Use ancestorElementInThisScope to find the correct node in pointerLockElement.

        Tests: fast/shadow-dom/pointerlockelement-in-shadow-tree.html
               fast/shadow-dom/pointerlockelement-in-slot.html

        * dom/Document.cpp:
        (WebCore::Document::pointerLockElement): Moved to TreeScope.
        * dom/Document.h:
        * dom/Document.idl: Moved ointerLockElement to DocumentOrShadowRoot.idl.
        * dom/DocumentOrShadowRoot.idl: Ditto.
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::focusedElementInScope): Use documentScope instead of acessing it via m_rootNode.
        (WebCore::TreeScope::pointerLockElement): Moved from Document.
        * dom/TreeScope.h:

2016-12-09  Daniel Bates  <dabates@apple.com>

        Add reflected nonce attribute to HTML Link element IDL
        https://bugs.webkit.org/show_bug.cgi?id=165709

        Reviewed by Ryosuke Niwa.

        Add the reflected nonce attribute to the HTML Link element IDL definition
        as per the HTML standard <https://html.spec.whatwg.org/multipage/semantics.html#the-link-element> (9 December 2016).

        Test: fast/dom/nonce-attribute-reflection.html

        * html/HTMLLinkElement.idl:

2016-12-09  Eric Carlson  <eric.carlson@apple.com>

        Annotate MediaStream and WebRTC idl with EnabledAtRuntime flag
        https://bugs.webkit.org/show_bug.cgi?id=165251

        Reviewed by Dean Jackson.

        Based on a patch by Dr Alex Gouaillard <agouaillard@gmail.com>
        No new tests, covered by existing tests.

        * Modules/mediastream/MediaStreamEvent.idl: Add "EnabledAtRuntime".
        * Modules/mediastream/NavigatorMediaDevices.idl: Ditto.
        * Modules/mediastream/NavigatorUserMedia.idl: Ditto.
        * Modules/mediastream/RTCDTMFToneChangeEvent.idl: Ditto.
        * Modules/mediastream/RTCIceCandidate.idl: Ditto.
        * Modules/mediastream/RTCPeerConnection.idl: Ditto.
        * Modules/mediastream/RTCRtpReceiver.idl: Ditto.
        * Modules/mediastream/RTCRtpSender.idl: Ditto.
        * Modules/mediastream/RTCRtpTransceiver.idl: Ditto.
        * Modules/mediastream/RTCSessionDescription.idl: Ditto.
        * Modules/mediastream/RTCTrackEvent.idl: Ditto.

        * bindings/generic/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Set m_isMediaStreamEnabled in the
          constructor instead of in reset() because the later is called by the Internals constructor,
          making it impossible to override the runtime flag from WTR or DRT.
        (WebCore::RuntimeEnabledFeatures::reset): Don't set m_isMediaStreamEnabled.
        * page/Settings.in: Add peerConnectionEnabled.

2016-12-09  Daniel Bates  <dabates@apple.com>

        Remove QuickLook scheme from the list of secure schemes
        https://bugs.webkit.org/show_bug.cgi?id=165699

        Reviewed by Andy Estes.

        Following r207155 we use a unique origin for QuickLook documents. Unique origins are not
        subject to mixed content restrictions. Prior to r207155 QuickLook documents used the
        origin from which they were served. We added the QuickLook scheme to the list of secure
        schemes as a workaround to avoid mixed content errors when loading subresources in a
        QuickLook document served over HTTPS. Now that we use a unique origin for QuickLook
        documents we no longer need this workaround.

        * platform/SchemeRegistry.cpp:
        (WebCore::secureSchemes):

2016-12-09  Brady Eidson  <beidson@apple.com>

        Re-landing:
        Add _WKIconLoadingDelegate SPI.
        https://bugs.webkit.org/show_bug.cgi?id=164894

        Reviewed by Alex Christensen.

        No new tests (Manual testing possible in MiniBrowser now, WKTR tests coming soon in https://bugs.webkit.org/show_bug.cgi?id=164895).

        With this client, WebCore will ask the FrameLoaderClient about each icon found in the <head>.

        WebKit2 will then ask the embedding app - for each icon - if it wants that icon to load.

        For icons the app decides to load, WebKit will pass the data to the app without storing locally.

        * WebCore.xcodeproj/project.pbxproj:

        * dom/Document.cpp:
        (WebCore::Document::implicitClose):

        * html/LinkIconCollector.cpp:
        (WebCore::iconSize):
        (WebCore::compareIcons):
        * html/LinkIconCollector.h:

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading):
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon):
        (WebCore::DocumentLoader::finishedLoadingIcon):
        * loader/DocumentLoader.h:

        * loader/FrameLoaderClient.h:

        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::IconLoader):
        (WebCore::IconLoader::startLoading):
        (WebCore::IconLoader::notifyFinished):
        * loader/icon/IconLoader.h:

        * platform/LinkIcon.h: Copied from Source/WebCore/html/LinkIconCollector.h.
        (WebCore::LinkIcon::encode):
        (WebCore::LinkIcon::decode):

2016-12-06  Jiewen Tan  <jiewen_tan@apple.com>

        [Part 2 of 2] Add support for PKCS8 format while doing SubtleCrypto.importKey/exportKey
        https://bugs.webkit.org/show_bug.cgi?id=129978
        <rdar://problem/21799829>

        Reviewed by Brent Fulgham.

        This is part 2 of Bug 129978. In this patch, it adds the PKCS8 format support for
        SubtleCrypto.importKey/exportKey. Currently support algorithms are RSAES-PKCS1-v1_5,
        RSASSA-PKCS1-v1_5 and RSA-OAEP.

        Tests: crypto/subtle/rsa-import-jwk-key-export-pkcs8-key.html
               crypto/subtle/rsa-import-pkcs8-key-export-jwk-key.html
               crypto/subtle/rsa-import-pkcs8-key-export-pkcs8-key.html
               crypto/subtle/rsa-oaep-generate-export-key-pkcs8.html
               crypto/subtle/rsa-oaep-import-pkcs8-key.html
               crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-pkcs8.html
               crypto/subtle/rsaes-pkcs1-v1_5-import-pkcs8-key.html
               crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-pkcs8.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-pkcs8-key.html
               crypto/workers/subtle/rsa-export-pkcs8-key.html
               crypto/workers/subtle/rsa-import-pkcs8-key.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::toKeyData):
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::exportKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::exportKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::importKey):
        (WebCore::CryptoAlgorithmRSA_OAEP::exportKey):
        * crypto/gnutls/CryptoKeyRSAGnuTLS.cpp:
        (WebCore::CryptoKeyRSA::importPkcs8):
        (WebCore::CryptoKeyRSA::exportPkcs8):
        * crypto/keys/CryptoKeyRSA.h:
        * crypto/mac/CryptoKeyRSAMac.cpp:
        (WebCore::CryptoKeyRSA::importSpki):
        (WebCore::CryptoKeyRSA::importPkcs8):
        (WebCore::CryptoKeyRSA::exportPkcs8):

2016-12-09  Geoffrey Garen  <ggaren@apple.com>

        Deploy OrdinalNumber in JSC::SourceCode
        https://bugs.webkit.org/show_bug.cgi?id=165687

        Reviewed by Michael Saboff.

        Updated for interface changes.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateModule):
        * bindings/js/ScriptSourceCode.h:
        (WebCore::ScriptSourceCode::startLine):

2016-12-09  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Some resources fetched via Fetch API do not have data
        https://bugs.webkit.org/show_bug.cgi?id=165230
        <rdar://problem/29449220>

        Reviewed by Alex Christensen.

        Tests: http/tests/inspector/network/fetch-response-body.html
               http/tests/inspector/network/xhr-response-body.html

        * platform/network/ResourceRequestBase.h:
        Distinguish Fetch requests.

        * Modules/fetch/FetchRequest.cpp:
        (WebCore::FetchRequest::initializeWith):
        Set the requester type as Fetch.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::didReceiveResponse):
        * loader/DocumentThreadableLoader.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didReceiveThreadableLoaderResponseImpl):
        (WebCore::InspectorInstrumentation::didReceiveXHRResponseImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didReceiveResourceResponse):
        (WebCore::InspectorInstrumentation::didReceiveThreadableLoaderResponse):
        (WebCore::InspectorInstrumentation::didReceiveXHRResponse): Deleted.
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::didReceiveThreadableLoaderResponse):
        (WebCore::InspectorNetworkAgent::didFinishXHRLoading):
        (WebCore::InspectorNetworkAgent::didReceiveXHRResponse): Deleted.
        Add a generic way for a ThreadableLoader load to update the type of a network request.
        This will include both XHR and Fetch requests.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::hasTextContent):
        (WebCore::createXHRTextDecoder):
        (WebCore::InspectorPageAgent::resourceTypeJson):
        (WebCore::InspectorPageAgent::cachedResourceType):
        (WebCore::InspectorPageAgent::createTextDecoder):
        (WebCore::textContentForCachedResource):
        * inspector/InspectorPageAgent.h:
        * inspector/NetworkResourcesData.cpp:
        (WebCore::createOtherResourceTextDecoder): Deleted.
        Share the logic that creates a Text Decoders for XHR with other non-buffered requests
        (like Fetch). This moves us to identical behavior for now.

        * platform/MIMETypeRegistry.cpp:
        (WebCore::MIMETypeRegistry::isSupportedJSONMIMEType):
        (WebCore::MIMETypeRegistry::isTextMIMEType):
        * platform/MIMETypeRegistry.h:
        Better detect different JSON content based on MIME Type.

2016-12-09  Ryosuke Niwa  <rniwa@webkit.org>

        document.webkitFullscreenElement leaks elements inside a shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=158471

        Reviewed by Chris Dumez.

        Fixed the bug by calling the newly added ancestorElementInThisScope in webkitCurrentFullScreenElementForBindings
        and webkitFullscreenElementForBinding.

        The specification (https://fullscreen.spec.whatwg.org/#dom-document-fullscreenelement) uses "the result of
        retargeting fullscreen element" and returns null if the result is not in the same tree as the context object.

        This is equivalent to the algorithm implemented by ancestorElementInThisScope. Observe that the retargeting
        algorithm (https://dom.spec.whatwg.org/#retarget) finds the lowest common tree scope of the retargetee and
        the context object. There are two cases to consider.

        1. The context object's tree scope is the lowest common tree scope: In this case, an ancestor shadow host or
        the retargetee itself is in this tree scope. It's sufficient traverse every shadow host to find the one that
        resides in the same tree scope as the context object. This is precisely what ancestorElementInThisScope does.

        2. The context object's tree scope is not the lowest common tree scope: In this case, the context object is
        inside a shadow tree whose ancestor shadow host is in the lowest common tree scope. In this case, retargeting
        algorithm finds a node which is not in the same tree as the context object. Thus, the result is null.
        ancestorElementInThisScope traveres ancestor shadow hosts and returns null if no shadow host's tree scope
        matches that of the context object's tree scope. Thus, it would return null in this case as desired.

        Also renamed TreeScope::focusedElement to focusedElementInScope for clarity since Document which inherits
        from TreeScope also has a distinct member function named focusedElement called by TreeScope::focusedElement,
        and used ancestorElementInThisScope since it uses the same algorithm.

        Tests: fast/shadow-dom/activeElement-for-focused-element-in-another-shadow.html
               fast/shadow-dom/blur-on-shadow-host-with-focused-shadow-content.html
               fast/shadow-dom/fullscreen-in-shadow-fullscreenElement.html
               fast/shadow-dom/fullscreen-in-shadow-webkitCurrentFullScreenElement.html
               fast/shadow-dom/fullscreen-in-slot-fullscreenElement.html
               fast/shadow-dom/fullscreen-in-slot-webkitCurrentFullScreenElement.html

        * dom/Document.cpp:
        (WebCore::Document::removeFocusedNodeOfSubtree):
        (WebCore::Document::activeElement):
        * dom/Document.h:
        (WebCore::Document::webkitCurrentFullScreenElementForBindings): Added.
        (WebCore::Document::webkitFullscreenElementForBindings): Added.
        * dom/Document.idl:
        * dom/Element.cpp:
        (WebCore::Element::blur):
        * dom/ShadowRoot.h:
        (WebCore::ShadowRoot::activeElement):
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::ancestorNodeInThisScope): Renamed from ancestorInThisScope for clarity.
        (WebCore::TreeScope::ancestorElementInThisScope):
        (WebCore::TreeScope::focusedElementInScope): Renamed from focusedElement to disambiguate it from Document's
        focusedElement.
        * dom/TreeScope.h:
        * editing/VisibleSelection.cpp:
        (WebCore::adjustPositionForEnd):
        (WebCore::adjustPositionForStart):
        * editing/htmlediting.cpp:
        (WebCore::comparePositions):
        (WebCore::firstEditablePositionAfterPositionInRoot):
        (WebCore::lastEditablePositionBeforePositionInRoot):
        * page/DOMSelection.cpp:
        (WebCore::selectionShadowAncestor):
        (WebCore::DOMSelection::shadowAdjustedNode):
        (WebCore::DOMSelection::shadowAdjustedOffset):
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::addNodeToRectBasedTestResult): Added a FIXME here since this is clearly wrong for
        shadow trees created by author scripts.

2016-12-09  Geoffrey Garen  <ggaren@apple.com>

        TextPosition and OrdinalNumber should be more like idiomatic numbers
        https://bugs.webkit.org/show_bug.cgi?id=165678

        Reviewed by Filip Pizlo.

        * bindings/js/CachedScriptSourceProvider.h:
        (WebCore::CachedScriptSourceProvider::CachedScriptSourceProvider):
        * bindings/js/JSEventListener.h:
        (WebCore::JSEventListener::sourcePosition):
        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::JSLazyEventListener):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::eventHandlerPosition):
        * bindings/js/ScriptSourceCode.h:
        (WebCore::ScriptSourceCode::ScriptSourceCode):
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::create):
        * dom/ScriptElement.h:
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::uninitializedPositionValue1):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo): Adopt
        default construtor.

        * xml/XMLErrors.cpp:
        (WebCore::XMLErrors::XMLErrors):
        (WebCore::XMLErrors::handleError):
        * xml/XMLErrors.h: Use std::optional instead of belowRangePosition()
        because in-band signaling is harder to reason about.

        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::textPosition): Adopt default constructor.

2016-12-09  Chris Dumez  <cdumez@apple.com>

        [Cocoa] Validation message for required checkbox doesn’t conform the the Apple Style Guide
        https://bugs.webkit.org/show_bug.cgi?id=165661

        Reviewed by Dan Bernstein.

        Update validation message as per Apple Style Guide.

        * English.lproj/Localizable.strings:
        * platform/LocalizedStrings.cpp:
        (WebCore::validationMessageValueMissingForCheckboxText):

2016-12-09  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !beforeChild->isRubyRun() in WebCore::RenderRubyAsBlock::addChild
        https://bugs.webkit.org/show_bug.cgi?id=141433
        <rdar://problem/27711351>

        Reviewed by Dean Jackson.

        Do not try to inject the list marker into a block ruby subtree. Have it as the sibling
        of the ruby instead (with an anonymous block wrapper ofc).

        Test: fast/ruby/assert-with-listitem-and-block-ruby.html

        * rendering/RenderListItem.cpp:
        (WebCore::getParentOfFirstLineBox):

2016-12-09  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Implement the pageScaleFactor property
        https://bugs.webkit.org/show_bug.cgi?id=165660

        Reviewed by Dean Jackson.

        We implement the pageScaleFactor property on MediaController. This property is set
        by the HTMLMediaElement when the page scale factor changes, and we only choose to handle
        it on iOS by setting controlsDependOnPageScaleFactor to true on the MediaControlsHost.

        To do so, we now size the media controls by multiplying the layout size of the media by
        the page scale factor, and apply an inverse CSS zoom on the media controls themselves.

        Test: media/modern-media-controls/media-controller/media-controller-scale-factor.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container,):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.get scaleFactor):
        (MediaControls.prototype.set scaleFactor):
        (MediaControls.prototype.commitProperty):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        (MediaController.prototype.set pageScaleFactor):
        (MediaController.prototype._updateControlsSize):
        * html/HTMLMediaElement.cpp:
        (WebCore::controllerJSValue):
        (WebCore::HTMLMediaElement::setControllerJSProperty):

        We no longer hit a JSC assertion when trying to set the pageScaleFactor property before
        the JS controller was actually created.

2016-12-09  Daniel Bates  <dabates@apple.com>

        Attempt to fix the Mac CMake build following <http://trac.webkit.org/changeset/209549>
        (https://bugs.webkit.org/show_bug.cgi?id=165572)

        Add directory html/canvas to the list of forwarding headers directories so that
        the Legacy WebKit Objective-C DOM binding DOMHTMLCanvasElement.mm can ultimately
        include header WebGLContextAttributes.h.

        * PlatformMac.cmake:

2016-12-09  Brady Eidson  <beidson@apple.com>

        LinkIconCollector refactoring.
        https://bugs.webkit.org/show_bug.cgi?id=165657

        Reviewed by Dean Jackson.

        No new tests (Refactor, no behavior change)

        * WebCore.xcodeproj/project.pbxproj:

        * html/LinkIconCollector.cpp:
        (WebCore::iconSize):
        (WebCore::compareIcons):
        * html/LinkIconCollector.h:

        * platform/LinkIcon.h: Move outside of LinkIconCollector for future expandability.

2016-12-09  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r209574.

        This change broke the Windows build.

        Reverted changeset:

        "[WebIDL] Remove custom bindings for Geolocation"
        https://bugs.webkit.org/show_bug.cgi?id=165625
        http://trac.webkit.org/changeset/209574

2016-12-09  Ryosuke Niwa  <rniwa@webkit.org>

        Custom Elements from a different document are not customized when created with innerHTML
        https://bugs.webkit.org/show_bug.cgi?id=165617

        Reviewed by Antti Koivisto.

        The bug was caused by a superflous null check on window in createHTMLElementOrFindCustomElementInterface.
        Removed the nullcheck to fix the bug.

        Test: fast/custom-elements/adopting-from-frameless-document.html

        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):

2016-12-09  Daniel Bates  <dabates@apple.com>

        [CSP] Policy of window opener not applied to about:blank window
        https://bugs.webkit.org/show_bug.cgi?id=165531
        <rdar://problem/29426639>

        Reviewed by Brent Fulgham.

        Fixes an issue where the content security policy of the opener document was not applied to
        an about:blank window.

        An about:blank window inherits its security origin from its opener document. It should also
        copy (inherit) the ContentSecurityPolicy from its opener document. When copying the ContentSecurityPolicy
        state from the opener document to the about:blank document we must take care to avoid copying
        any upgrade-insecure-request directive because new windows should not inherit it by definition.
        With respect to upgrade-insecure-requests, new windows should only inherit the insecure navigation set
        from their opener document.

        Test: http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html

        * dom/Document.cpp:
        (WebCore::Document::initContentSecurityPolicy): Copy the ContentSecurityPolicy state from the
        owner document to this document when it inherits its security origin from its owner. An about:blank
        window is one example of a document that inherits its security origin from its owner.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
        to copy the upgrade insecure requests state from the owner document to the worker now that
        ContentSecurityPolicy::copyStateFrom() no longer does this.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::copyStateFrom): Do not copy the upgrade insecure request state.
        Callers are now responsible for calling ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
        to copy this state.
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore directive upgrade-insecure-requests when
        inheriting ContentSecurityPolicy state as this directive as the Upgrade Insecure Requests feature has
        its own inheritance semantics that differ from the semantics of copying a ContentSecurityPolicy object.
        * xml/XSLTProcessor.cpp:
        (WebCore::XSLTProcessor::createDocumentFromSource): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
        to copy the upgrade insecure requests state from the original document to the transformed document now
        that ContentSecurityPolicy::copyStateFrom() no longer does this.

2016-12-09  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Remaining time label first appears way to the left
        https://bugs.webkit.org/show_bug.cgi?id=165637

        Reviewed by Dean Jackson.

        We would sometimes see the remaining time label be laid out in an incorrect position
        when a video would start playing. This happened because the time label was being committed
        from a previous value before, in the same frame, we would call the layout() function
        of MacOSInlineMediaControls. This would set the newly computed location for the
        remaining time label, but because we would reset the list of dirty properties after
        calling all layout functions, the new value set in MacOSInlineMediaControls.layout()
        would be disregarded and the wrong, committed value would persist until it was reset
        in a much later frame.

        We now correctly clear the list of dirty nodes before laying them out, giving all nodes
        a chance to become dirty again during layout, and updated again in the next frame.

        Test: media/modern-media-controls/layout-node/node-made-dirty-during-layout.html

        * Modules/modern-media-controls/controls/layout-node.js:
        (performScheduledLayout):

2016-12-09  Per Arne Vollan  <pvollan@apple.com>

        Fix compile errors on Windows when building with .proj files.

        Unreviewed build fix.

        Fix include paths.

        * platform/graphics/win/IntPointWin.cpp:
        * platform/graphics/win/IntRectWin.cpp:
        * platform/graphics/win/IntSizeWin.cpp:

2016-12-09  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed buildfix after r209570.

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):

2016-12-01  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Pass Grid as argument to items' placement methods
        https://bugs.webkit.org/show_bug.cgi?id=165250

        Reviewed by Darin Adler.

        In order to constify computeIntrinsicLogicalWidths() it is required to constify
        placeItemsOnGrid() first, which is the base method of the grid items' positioning logic. The
        first step is to constify all the methods invoked by the latter, which basically means to
        pass the Grid as argument to all of them instead of directly using the m_grid attribute from
        RenderGrid. As this is an intermediate step, a new const_cast<> was required in the
        intrinsic size computation. However it will be promptly removed after the const-ification of
        placeItemsOnGrid().

        After this, only the methods used by the track sizing algorithm will directly access
        m_grid. All those would get a reference to the Grid via GridSizingData, but that's a matter
        of a follow up patch.

        Apart from that, m_gridIsDirty was removed because it was always too confusing. It was
        replaced by Grid's m_needsItemsPlacement which is much more concise. The clearGrid() call
        was indeed only forcing a new placement of the grid items.

        No new tests as this is a refactoring.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::Grid::setNeedsItemsPlacement): New method to flag the Grid whenever
        grid items' placement algorithm needs to be run.
        (WebCore::RenderGrid::canPerformSimplifiedLayout):
        (WebCore::RenderGrid::layoutBlock):
        (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
        (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator): Constified. Got Grid as
        argument.
        (WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid): Ditto.
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid): Ditto.
        (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Ditto.
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid): Ditto.
        (WebCore::RenderGrid::clearGrid):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::numTracks):
        * rendering/RenderGrid.h:

2016-12-09  Gavin Barraclough  <barraclough@apple.com>

        Revert - Add _WKIconLoadingDelegate SPI
        https://bugs.webkit.org/show_bug.cgi?id=164894

        Unreviewed rollout due to performance regression.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::implicitClose):
        * html/LinkIconCollector.cpp:
        (WebCore::iconSize):
        (WebCore::compareIcons):
        * html/LinkIconCollector.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading): Deleted.
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Deleted.
        (WebCore::DocumentLoader::finishedLoadingIcon): Deleted.
        * loader/DocumentLoader.h:
        * loader/FrameLoaderClient.h:
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::IconLoader):
        (WebCore::IconLoader::startLoading):
        (WebCore::IconLoader::notifyFinished):
        * loader/icon/IconLoader.h:
        * platform/LinkIcon.h: Removed.

2016-12-08  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] Remove NoInterfaceObject attribute from SubtleCrypto Interface
        https://bugs.webkit.org/show_bug.cgi?id=165629
        <rdar://problem/29586203>

        Reviewed by Chris Dumez.

        Covered by existing tests.

        * crypto/SubtleCrypto.idl:

2016-12-08  Keith Rollin  <krollin@apple.com>

        FileHandle::printf doesn't build on Windows
        https://bugs.webkit.org/show_bug.cgi?id=165642

        Reviewed by Ryosuke Niwa.

        Fix the build -- vasprintf does not exist on Windows, so make
        FileHandle::printf a no-op on that platform.

        No new tests -- affected facility is currently only used in testing
        code and is not user reachable.

        * platform/FileHandle.cpp:
        (WebCore::FileHandle::printf):

2016-12-08  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Exiting fullscreen with paused media shows the start button
        https://bugs.webkit.org/show_bug.cgi?id=165640

        Reviewed by Dean Jackson.

        Like all supporting objects, the StartSupport instance gets recreated when creating controls
        for new layout traits, which happens when going from fullscreen to inline. Due to this, the
        "_isPlayed" property is not longer set to true, even if the media has played prior to being
        paused in fullscreen. We now also check the media's played range to identify whether media
        has been played.

        * Modules/modern-media-controls/media/start-support.js:
        (StartSupport.prototype._shouldShowStartButton):
        (StartSupport):

2016-12-08  Myles C. Maxfield  <mmaxfield@apple.com>

        ASSERTION FAILED: locale in WebCore::lastHyphenLocation
        https://bugs.webkit.org/show_bug.cgi?id=164182

        Reviewed by Zalan Bujtas.

        Our hyphenation code assumes the locale is in a small set of known locales.
        However, web content can put whatever string it wants in the locale field.

        Test: fast/text/hyphenation-unknown-locale.html

        * platform/text/cf/HyphenationCF.cpp:
        (WebCore::lastHyphenLocation):
        * rendering/RenderText.cpp:
        (WebCore::maxWordFragmentWidth): When computing the minimum preferred width of
        an element, we want to know the size of the widest nonbreakable unit. When
        hyphenation is enabled, we have to measure the width of each fragment of each
        word (where "fragment" is determined by a substring between two successive
        hyphenation points, appended with a hyphen character). A hyphenation point at
        string offset 0 is irrelevant for this purpose, because it would lead to an
        empty fragment. Therefore, skip this situation.

2016-12-08  David Kilzer  <ddkilzer@apple.com>

        Always check the return value of pthread_key_create()
        <https://webkit.org/b/165274>

        Reviewed by Darin Adler.

        * platform/ios/wak/WebCoreThread.mm:
        (InitThreadContextKey): Call CRASH() if pthread_key_create()
        returns an error.  The error code will be stored in a register
        available in a crash log, so no need to log the value
        explicitly.

2016-12-08  Alex Christensen  <achristensen@webkit.org>

        Reduce PassRefPtr use in platform/graphics
        https://bugs.webkit.org/show_bug.cgi?id=165636

        Reviewed by Dean Jackson.

        No change in behavior.

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/mac/DisplayRefreshMonitorMac.h:
        (WebCore::DisplayRefreshMonitorMac::create):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::createForCurrentGLContext):
        (WebCore::GraphicsContext3D::paintRenderingResultsToImageData):

2016-12-08  Keith Rollin  <krollin@apple.com>

        Move FileHandle to WebCore FileHandle.h
        https://bugs.webkit.org/show_bug.cgi?id=165562

        Reviewed by Alex Christensen.

        Add FileHandle, a small wrapper around FileSystem facilities to manage
        the lifetime of an open file and give the facilities a C++ interface.

        No new tests -- affected facility is currently only used in testing
        code and is not user reachable.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/FileHandle.cpp: Added.
        (WebCore::FileHandle::FileHandle):
        (WebCore::FileHandle::~FileHandle):
        (WebCore::FileHandle::operator=):
        (WebCore::FileHandle::operator bool):
        (WebCore::FileHandle::open):
        (WebCore::FileHandle::read):
        (WebCore::FileHandle::write):
        (WebCore::FileHandle::printf):
        (WebCore::FileHandle::close):
        * platform/FileHandle.h: Added.

2016-12-07  Ryosuke Niwa  <rniwa@webkit.org>

        ASSERTION FAILED: m_items.isEmpty() in CustomElementReactionQueue destructor
        https://bugs.webkit.org/show_bug.cgi?id=162029
        <rdar://problem/28945851>

        Reviewed by Chris Dumez.

        The bug was caused by Document::removedLastRef enqueuing disconnectedCallback during a tear down.
        Don't enqueue a disconnectedCallback while a document is getting torn down since that should not be
        observable to author scripts. The connected, adopted, and attributeChanged callbacks are immune from
        this problem since they don't happen during a document destruction.

        Note that this was also the case prior to this patch since the disconnectedCallback would have been
        added to the current CustomElementReactionQueue which will be destructed without invoking callbacks
        (or hit a release assertion added in r208785 and r209426 for now).

        Tests: fast/custom-elements/disconnected-callback-in-detached-iframe.html
               fast/custom-elements/element-queue-during-document-destruction.html

        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionQueue::enqueueConnectedCallbackIfNeeded): Added an assertion that
        document's refCount hasn't reached zero yet.
        (WebCore::CustomElementReactionQueue::enqueueDisconnectedCallbackIfNeeded): Fixed the bug.
        (WebCore::CustomElementReactionQueue::enqueueAdoptedCallbackIfNeeded): Added the same assertion.
        (WebCore::CustomElementReactionQueue::enqueueAttributeChangedCallbackIfNeeded): Ditto.

2016-12-08  Daniel Bates  <dabates@apple.com>

        Add Strict Mixed Content Checking and Upgrade Insecure Requests to WebKit Feature Status dashboard
        https://bugs.webkit.org/show_bug.cgi?id=165635

        Rubber-stamped by Ryosuke Niwa.

        * features.json:

2016-12-08  Daniel Bates  <dabates@apple.com>

        Implement Strict Mixed Content Checking
        https://bugs.webkit.org/show_bug.cgi?id=165438
        <rdar://problem/26103867>

        Reviewed by Brent Fulgham and Andy Estes.

        Add support for the CSP directive block-all-mixed-content to enable strict mixed content checking
        as per <https://www.w3.org/TR/2016/CR-mixed-content-20160802/#strict-checking> (2 August 2016).

        Currently WebKit only blocks blockable content as such content can contaminate the security origin
        that loaded it. Optionally-blockable content, including images, would be allowed to load as mixed
        content. When strict mixed content checking is enabled all mixed content is blocked. That is, both
        blockable and optionally-blockable content will be blocked. A web site can opt into strict mixed
        content checking by adding the directive block-all-mixed-content to their content security policy.

        Tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/duplicate-directive.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-blob-url-iframe-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe.html
               http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe.html

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext): Inherit strict mixed content checking mode from parent document.
        * dom/SecurityContext.h:
        (WebCore::SecurityContext::isStrictMixedContentMode): Added.
        (WebCore::SecurityContext::setStrictMixedContentMode): Added.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest): Check mixed content policy with respect to the current frame.
        The document in the current frame may have opted into strict mixed content checking or inherited it from
        its parent document.
        * loader/DocumentWriter.cpp:
        (WebCore::DocumentWriter::begin): Inherit the strict mixed content checking mode from the owner document
        when loading a JavaScript URL in a frame (e.g. <iframe src="javascript:...">) because such URLs inherit
        the security origin of their parent document.
        * loader/MixedContentChecker.cpp:
        (WebCore::MixedContentChecker::canDisplayInsecureContent): Check the content security policy of the document
        and the strict mixed content checking mode bit on the document (in that order) to determine if we are in
        strict mode. Block display of insecure content when in strict mode. Modified to take enum AlwaysDisplayInNonStrictMode (defaults
        to AlwaysDisplayInNonStrictMode::No) as to whether to allow our current relaxed behavior of displaying insecure
        content in non-strict mode.
        (WebCore::MixedContentChecker::canRunInsecureContent): Check the content security policy of the document
        and the strict mixed content checking mode bit on the document (in that order) to determine if we are in
        strict mode. Block running of insecure content when in strict mode.
        * loader/MixedContentChecker.h:
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::checkInsecureContent): Always check mixed content policy with respect to
        the current frame. The document in the current frame may have opted into strict mixed content checking or
        inherited it from its parent document. Also renamed a local variable f to frame to better describe its
        purpose.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowRunningOrDisplayingInsecureContent): Added. Iterate through all the
        policies and report violations with respect to policies that have directive block-all-mixed-content.
        (WebCore::ContentSecurityPolicy::didReceiveHeader): Move logic to set eval() error message from here...
        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext): ...to here so that we only perform
        it once we are ready to apply the CSP policy to the script execution context. Additionally, enable
        strict mixed content checking on the script execution context if applicable.
        (WebCore::ContentSecurityPolicy::reportViolation): Added overrides that take a string and a directive list
        object (ContentSecurityPolicyDirectiveList) for the effective violated directive and its associated directive
        list, respectively. We make use of these overrides so as to support reporting block-all-mixed-content
        violations, which are not implemented using a ContentSecurityPolicyDirective object as it seemed sufficient
        to implement it as a boolean on ContentSecurityPolicyDirectiveList.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::setBlockAllMixedContentEnabled): Added.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the directive block-all-mixed-content.
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        (WebCore::ContentSecurityPolicyDirectiveList::hasBlockAllMixedContentDirective): Added.
        * page/csp/ContentSecurityPolicyDirectiveNames.cpp:
        * page/csp/ContentSecurityPolicyDirectiveNames.h: Add constant for "block-all-mixed-content".

2016-12-08  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for Geolocation
        https://bugs.webkit.org/show_bug.cgi?id=165625

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        Add/remove files.

        * Modules/geolocation/GeoNotifier.cpp:
        (WebCore::GeoNotifier::GeoNotifier):
        (WebCore::GeoNotifier::hasZeroTimeout):
        (WebCore::GeoNotifier::startTimerIfNeeded):
        * Modules/geolocation/GeoNotifier.h:
        (WebCore::GeoNotifier::create):
        (WebCore::GeoNotifier::options):
        Update to store PositionOptions as a value, and pass the PositionCallback
        as a Ref, rather than a RefPtr, since it is not optional.

        * Modules/geolocation/Geolocation.cpp:
        (WebCore::createGeoposition):
        Use auto, to get the good type for Coordinates (Ref).

        (WebCore::Geolocation::getCurrentPosition):
        (WebCore::Geolocation::watchPosition):
        (WebCore::Geolocation::haveSuitableCachedPosition):
        (WebCore::Geolocation::startUpdating):
        * Modules/geolocation/Geolocation.h:
        Update to pass PositionOptions itself now that it is a plain struct.

        * Modules/geolocation/Geolocation.idl:
        Remove [Custom] extended attribute and add FIXME about nullable annotation. 

        * Modules/geolocation/Geoposition.h:
        Pass/store Coordinates as a Ref.
 
        * Modules/geolocation/PositionOptions.h:
        Convert to be a simple struct.

        * Modules/geolocation/PositionOptions.idl:
        Added.
        
        * bindings/js/JSGeolocationCustom.cpp:
        Removed.

2016-12-08  Alex Christensen  <achristensen@webkit.org>

        REGRESSION (URL parser): Relative URLs aren’t resolved correctly when the base URL is an applewebdata: URL
        https://bugs.webkit.org/show_bug.cgi?id=165621

        Reviewed by Dan Bernstein.

        Covered by new API tests.

        * platform/URLParser.cpp:
        (WebCore::URLParser::parse):
        URLs with nonspecial schemes and no slash after the host get no slash as the path to maintain compatibility with all browsers.
        This was proposed to the URL spec in https://github.com/whatwg/url/issues/148
        When such as URL is used as a base URL with a relative path, in order to maintain compatibility with URL::parse we need to prepend
        a slash to the path.  For completeness I added tests with a relative path, a relative query, a relative fragment, and a relative empty string,
        and because the fate of the spec is unclear in this case, I decided to maintain compatibility with URL::parse in all these cases.

2016-12-06  Filip Pizlo  <fpizlo@apple.com>

        Concurrent GC should be stable enough to land enabled on X86_64
        https://bugs.webkit.org/show_bug.cgi?id=164990

        Reviewed by Geoffrey Garen.
        
        Made WebCore down with concurrent marking by adding some locking and adapting to some new API.

        This has new test modes in run-sjc-stress-tests. Also, the way that LayoutTests run is already
        a fantastic GC test.

        * ForwardingHeaders/heap/DeleteAllCodeEffort.h: Added.
        * ForwardingHeaders/heap/LockDuringMarking.h: Added.
        * bindings/js/GCController.cpp:
        (WebCore::GCController::deleteAllCode):
        (WebCore::GCController::deleteAllLinkedCode):
        * bindings/js/GCController.h:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::getCachedDOMStructure):
        (WebCore::cacheDOMStructure):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        (WebCore::JSDOMGlobalObject::visitChildren):
        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::getDOMConstructor):
        * bindings/js/JSDOMPromise.cpp:
        (WebCore::DeferredPromise::DeferredPromise):
        (WebCore::DeferredPromise::clear):
        * bindings/js/JSXPathResultCustom.cpp:
        (WebCore::JSXPathResult::visitAdditionalChildren):
        * dom/EventListenerMap.cpp:
        (WebCore::EventListenerMap::clear):
        (WebCore::EventListenerMap::replace):
        (WebCore::EventListenerMap::add):
        (WebCore::EventListenerMap::remove):
        (WebCore::EventListenerMap::find):
        (WebCore::EventListenerMap::removeFirstEventListenerCreatedFromMarkup):
        (WebCore::EventListenerMap::copyEventListenersNotCreatedFromMarkupToTarget):
        (WebCore::EventListenerIterator::EventListenerIterator):
        * dom/EventListenerMap.h:
        (WebCore::EventListenerMap::lock):
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::visitJSEventListeners):
        * dom/EventTarget.h:
        (WebCore::EventTarget::visitJSEventListeners): Deleted.
        * dom/Node.cpp:
        (WebCore::Node::eventTargetDataConcurrently):
        (WebCore::Node::ensureEventTargetData):
        (WebCore::Node::clearEventTargetData):
        * dom/Node.h:
        * page/MemoryRelease.cpp:
        (WebCore::releaseCriticalMemory):
        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::jettisonExpensiveObjectsOnTopLevelNavigation):
        (WebCore::registerMemoryReleaseNotifyCallbacks):

2016-12-08  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Add strict checking for right parens to selector functions like :matches, :not etc.
        https://bugs.webkit.org/show_bug.cgi?id=165624

        Reviewed by Dean Jackson.

        Unskipped fast/selectors/invalid-functional-pseudo-class.html.

        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumePseudo):
        Bail if we don't actually consume a right parenthesis.

2016-12-08  Jeremy Jones  <jeremyj@apple.com>

        Exit fullscreen on escape key down, not up.
        https://bugs.webkit.org/show_bug.cgi?id=165618
        rdar://problem/29581688

        This problem was introduced by https://bugs.webkit.org/show_bug.cgi?id=165416
        The fix to only exit fullscreen on key down, not key up.

        Reviewed by Jer Noble.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent):

2016-12-08  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Unskip background parsing tests
        https://bugs.webkit.org/show_bug.cgi?id=165619

        Reviewed by Zalan Bujtas.

        Change background-position so that the origin being set is tracked
        on a per-x/y basis instead of as a single boolean. The single boolean
        caused lousy computed style dumping, since we would switch into verbose
        mode for both x and y, even if only one of them had a pair set for it.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::createPositionListForLayer):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertPositionComponent):
        * rendering/style/FillLayer.cpp:
        (WebCore::FillLayer::FillLayer):
        (WebCore::FillLayer::operator=):
        (WebCore::FillLayer::fillUnsetProperties):
        * rendering/style/FillLayer.h:
        (WebCore::FillLayer::isBackgroundXOriginSet):
        (WebCore::FillLayer::isBackgroundYOriginSet):
        (WebCore::FillLayer::setBackgroundXOrigin):
        (WebCore::FillLayer::setBackgroundYOrigin):
        (WebCore::FillLayer::clearXPosition):
        (WebCore::FillLayer::clearYPosition):
        (WebCore::FillLayer::isBackgroundOriginSet): Deleted.

2016-12-08  Jeremy Jones  <jeremyj@apple.com>

        pointer lock should exit when a js alert is shown
        https://bugs.webkit.org/show_bug.cgi?id=165423
        rdar://problem/29430803

        Reviewed by Jer Noble.

        Test: pointer-lock/lock-lost-on-alert.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::alert):
        (WebCore::DOMWindow::confirm):
        (WebCore::DOMWindow::prompt):

2016-12-07  Sam Weinig  <sam@webkit.org>

        [WebIDL] WebGLContextAttributes should be a dictionary
        https://bugs.webkit.org/show_bug.cgi?id=165572

        Reviewed by Dean Jackson.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Remove unused files.

        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        (WebCore::JSHTMLCanvasElement::getContext):
        (WebCore::attributesFor3DContext): Deleted.
        Re-work getContext to use JSDOMConvert and use the WebGLContextAttributes dictionary.

        * bindings/scripts/CodeGeneratorJS.pm:
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Add missing inclusion of dictionaries.

        * html/HTMLCanvasElement.cpp:
        (WebCore::maxActivePixelMemory):
        (WebCore::HTMLCanvasElement::getContext):
        (WebCore::HTMLCanvasElement::is2dType):
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::shouldEnableWebGL):
        (WebCore::HTMLCanvasElement::is3dType):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        * html/HTMLCanvasElement.h:
        Refactor context creation of 2d and WebGL contexts into their own functions. Make the 
        WebGL one take a WebGLContextAttributes struct.

        * html/HTMLCanvasElement.idl:
        No functionality change. Make IDL match the latest spec.

        * html/canvas/CanvasContextAttributes.cpp: Removed.
        * html/canvas/CanvasContextAttributes.h: Removed.
        Remove unneeded base class.

        * html/canvas/WebGLContextAttributes.cpp: Removed.
        * html/canvas/WebGLContextAttributes.h:
        Instead of a class, we can use a type alias of GraphicsContext3D::Attributes for
        WebGLContextAttributes.

        * html/canvas/WebGLContextAttributes.idl:
        Convert to a dictionary.

        * html/canvas/WebGL2RenderingContext.cpp:
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::create):
        (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase):
        (WebCore::WebGLRenderingContextBase::clearIfComposited):
        (WebCore::WebGLRenderingContextBase::getContextAttributes):
        (WebCore::WebGLRenderingContextBase::applyStencilTest):
        * html/canvas/WebGLRenderingContextBase.h:
        Update to WebGLContextAttributes by value, since it is a simple struct now. Update getContextAttributes
        to return a std::optional<WebGLContextAttributes>.

        * html/canvas/WebGLRenderingContextBase.idl:
        Make getContextAttributes return a nullable WebGLContextAttributes, as per spec.
        
        * platform/graphics/GraphicsContext3D.h:
        Sort attributes into categories, one that match WebGLContextAttributes, and the remainder.

2016-12-08  Zalan Bujtas  <zalan@apple.com>

        Do not create multicolumn context for certain type of renderers.
        https://bugs.webkit.org/show_bug.cgi?id=135601
        <rdar://problem/27686300>

        Reviewed by David Hyatt.

        Certain type of renderers including forms should not initialize multicolumn context for
        their inner (shadow) content. It just does not makes sense and is inline with what other browsers do.

        Test: fast/multicol/no-multicol-for-textareas.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::willCreateColumns):
        (WebCore::RenderBlockFlow::requiresColumns):
        * rendering/RenderBlockFlow.h:

2016-12-08  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] REGRESSION: Values of 0 should not be allowed for -webkit-aspect-ratio
        https://bugs.webkit.org/show_bug.cgi?id=165607

        Reviewed by Simon Fraser.

        Unskipped fast/css/aspect-ratio-parsing-tests.html.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeWebkitAspectRatio):
        Don't allow 0 as either the left or right value of the ratio.

2016-12-08  Antti Koivisto  <antti@apple.com>

        ::after and ::before don't work on :host
        https://bugs.webkit.org/show_bug.cgi?id=164675
        <rdar://problem/29231874>

        Reviewed by Andreas Kling.

        We didn't allow combining :host with any other selectors. Pseudo elements should be allowed.

        Test: fast/shadow-dom/shadow-host-with-before-after.html

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::matchAuthorRules):

            Allow pseudo element matching.

        (WebCore::ElementRuleCollector::matchHostPseudoClassRules):

            Use the normal collectMatchingRulesForList path instead of a direct call to SelectorChecker::matchHostPseudoClass.
            This path supports pseudo elements.

            Pass the information that we are matching :host rules with m_isMatchingHostPseudoClass bit
            similarly to how this is done with slots.

        (WebCore::ElementRuleCollector::ruleMatches):
        * css/ElementRuleCollector.h:
        * css/RuleSet.cpp:

            Collect :host rules similarly to other rules.

        (WebCore::RuleSet::addRule):
        * css/SelectorChecker.cpp:

            Rename didMoveToShadowHost->mayMatchHostPseudoClass for clarity.

        (WebCore::SelectorChecker::match):

            Enable :host matching in the current context immediately if needed.

        (WebCore::SelectorChecker::matchHostPseudoClass):

            The check for illegal combinations with :host is now done in checkOne().

        (WebCore::localContextForParent):
        (WebCore::SelectorChecker::checkOne):

            In context where :host matches nothing else can match, except pseudo elements.

        * css/SelectorChecker.h:

2016-12-08  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:
        Add PerformanceLoggingCocoa.mm after r209181.

2016-12-08  Per Arne Vollan  <pvollan@apple.com>

        [Win] Some versions of Cygwin Perl generate incorrect C++ code.
        https://bugs.webkit.org/show_bug.cgi?id=165524
        rdar://problem/29508043

        Reviewed by Daniel Bates.

        Perl strings with variables seems to be handled differently, depending on which version of
        Cygwin Perl you are running. To make sure they are handled identically, specify variables
        in strings as "${var}" instead of "$var".

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):

2016-12-08  Alex Christensen  <achristensen@webkit.org>

        Fix EFL build after r209526
        https://bugs.webkit.org/show_bug.cgi?id=165594

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::consumePositiveIntegerRaw):
        nullptr is being automatically converted to false everywhere but EFL.
        It should be false.  This function returns a bool.

2016-12-07  Dave Hyatt  <hyatt@apple.com>

        REGRESSION: font shorthand parsing is broken
        https://bugs.webkit.org/show_bug.cgi?id=165594

        Reviewed by Zalan Bujtas.

        Unskipping fast/css/font-calculated-value.html.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontWeight):
        The new parser did not support calc() in the font-weight property.
        In order to support a positive integer, add new functions to consume
        and handle positive integers without making a CSSPrimitiveValue out of
        the number. These correspond to consumeNumberRaw but are limited to positive
        integers.

        (WebCore::CSSPropertyParser::consumeFont):
        The implicit bool was incorrectly set to true when properties were
        defined because releaseNonNull() cleared the variables being null
        checked. Add separate booleans to avoid this.

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::CalcParser::consumePositiveIntegerRaw):
        (WebCore::CSSPropertyParserHelpers::consumePositiveIntegerRaw):
        * css/parser/CSSPropertyParserHelpers.h:
        Add the new helpers that consume positive integers without creating
        CSSPrimitiveValues out of them.

2016-12-07  Jeremy Jones  <jeremyj@apple.com>

        Exit pointer lock when page goes into page cache.
        https://bugs.webkit.org/show_bug.cgi?id=165425
        rdar://problem/29430834

        Reviewed by Jer Noble.

        Test: pointer-lock/lock-lost-on-navigation.html

        Cancel pointer lock when page goes into page cache and add methods to Internals
        so it can be tested.

        * dom/Document.cpp:
        (WebCore::Document::setPageCacheState):
        * page/PointerLockController.h:
        * testing/Internals.cpp:
        (WebCore::Internals::pageHasPendingPointerLock):
        (WebCore::Internals::pageHasPointerLock):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-12-07  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Tracks panel does not display in the right location in fullscreen and cannot be dismissed
        https://bugs.webkit.org/show_bug.cgi?id=165575

        Reviewed by Dean Jackson.

        We position the tracks panel programmatically based on the current bounds of the fullscreen button in fullscreen.
        This allows for the tracks panel to be shown in the right spot even after dragging the controls bar. We also use
        the fullscreen media controls as the target for tracking "mousedown" events when the tracks panel is shown in a
        fullscreen presentation.

        Tests: media/modern-media-controls/tracks-support/tracks-support-show-panel-after-dragging-controls.html
               media/modern-media-controls/tracks-support/tracks-support-show-panel-fullscreen.html

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css:
        (.media-controls.mac.fullscreen .scrubber):
        (.media-controls.mac.fullscreen .tracks-panel): Deleted.
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.showTracksPanel):
        * Modules/modern-media-controls/controls/tracks-panel.js:
        (TracksPanel.prototype.presentInParent):
        (TracksPanel.prototype.hide):
        (TracksPanel.prototype.get bottomY):
        (TracksPanel.prototype.set bottomY):
        (TracksPanel.prototype.commitProperty):
        (TracksPanel.prototype._mousedownTarget):

2016-12-07  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Use a small picture-in-picture button in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=165587

        Reviewed by Dean Jackson.

        Use a newer, smaller asset for picture-in-picture in fullscreen.

        * Modules/modern-media-controls/controls/icon-service.js:
        * Modules/modern-media-controls/images/macOS/pip-in-fullscreen@1x.png: Added.
        * Modules/modern-media-controls/images/macOS/pip-in-fullscreen@2x.png: Added.

2016-12-07  Dean Jackson  <dino@apple.com>

        Remove runtime toggle for pointer-lock
        https://bugs.webkit.org/show_bug.cgi?id=165577
        <rdar://problems/29566996>

        Reviewed by Jon Lee.

        Remove any runtime calls to check if pointer-lock is enabled. It's
        either compiled in or out.

        Covered by existing tests.

        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setPointerLockEnabled): Deleted.
        (WebCore::RuntimeEnabledFeatures::pointerLockEnabled): Deleted.
        * dom/Document.idl:
        * dom/Element.idl:
        * page/Page.h:
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::requestPointerLock):
        (WebCore::PointerLockController::requestPointerUnlock):
        (WebCore::PointerLockController::requestPointerUnlockAndForceCursorVisible):

2016-12-07  John Wilander  <wilander@apple.com>

        Allow commas in Accept, Accept-Language, and Content-Language request headers for simple CORS
        https://bugs.webkit.org/show_bug.cgi?id=165566
        <rdar://problem/29560983>

        Reviewed by Alex Christensen.

        Updated the existing tests.

        * platform/network/HTTPParsers.cpp:
        (WebCore::isValidAcceptHeaderValue):
            Now also accepts ','.
        (WebCore::isValidLanguageHeaderValue):
            Ditto.

2016-12-07  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Stop skipping tests in the css3 LayoutTests subdirectory
        https://bugs.webkit.org/show_bug.cgi?id=165574

        Reviewed by Dean Jackson.

        * css/CSSGroupingRule.cpp:
        (WebCore::CSSGroupingRule::insertRule):
        The old parser didn't support the creation of @namespace rules in the
        CSS OM, but the new parser does. We need to ensure that just like for
        @import rules, that the insertion of a @namespace rule inside a
        @supports rule is not allowed. This test passed in the old parser because
        the rule just didn't get created, but in the new parser, we need to
        add a check along with the @import rule check to ensure it isn't allowed.

2016-12-07  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Remove aspect ratio button
        https://bugs.webkit.org/show_bug.cgi?id=165571

        Reviewed by Dean Jackson.

        Since we do not have a way to toggle letterboxing on an HTMLMediaElement, we remove the
        corresponding button in the media controls.

        * Modules/modern-media-controls/controls/aspect-ratio-button.js: Removed.
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        * Modules/modern-media-controls/js-files:

2016-12-07  Jeremy Jones  <jeremyj@apple.com>

        One esc to exit fullscreen and pointer lock
        https://bugs.webkit.org/show_bug.cgi?id=165416
        rdar://problem/29430711

        Reviewed by Jer Noble.

        Test: pointer-lock/lock-lost-on-esc-in-fullscreen.html

        When handling escape, also exit fullscreen on escape.
        This also means that escape can exit fullscreen in TestRunner.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent):

2016-12-07  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Drop translate phase in module loader
        https://bugs.webkit.org/show_bug.cgi?id=164861

        Reviewed by Saam Barati.

        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSWorkerGlobalScopeBase.cpp:

2016-12-07  Keith Rollin  <krollin@apple.com>

        Network event record/replay
        https://bugs.webkit.org/show_bug.cgi?id=164527
        <rdar://problem/29168157>

        Reviewed by Alex Christensen.

        Export parseURLEncodedForm.

        No new tests -- no functionality added, changed, or removed.

        * platform/URLParser.h:

2016-12-07  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Consolidate string/ident/url serialization functions
        https://bugs.webkit.org/show_bug.cgi?id=165552

        Reviewed by Zalan Bujtas.

        Right now CSSParser has string, ident and url serialization functions
        called quoteCSStringIfNeeded (which actually serializes both strings and
        identifiers), as well as quoteCSSURLIfNeeded.

        CSSMarkup already has serialization functions that exist outside of the
        CSSParser and that handle serialization of strings, idents and URLs. This
        patch eliminates the CSSParser functions and consolidates all of the
        serialization to use CSSMarkup's functions.

        Note that we are not spec-compliant at all here, and so I had to amend
        the functions to support our non-spec-compliant serialization. The goal
        of this patch is consolidation and not to fix our broken serialization.

        Notable changes include parameterizing string serialization so that
        both single and double quotes are supported, since in the existing code
        we're sometimes spec-compliant (CSSSelectors) and sometimes not
        (CSSPrimitiveValue).

        We also overload CSS_STRING primitive value type and have it act as both
        a string and a custom identifier. This is lame, since the parser should
        have made two different types of objects instead, but since our parser
        doesn't do that yet, I added a serializeAsStringOrCustomIdent that
        preserves our old behavior of "quote the string only if needed." In this
        case what that really meant was "Try to guess that we were originally a
        custom ident and leave off quotes if so." This function will go away
        once we properly create CSSStringValues and CSSCustomIdentValues instead
        of turning the latter into strings.

        * css/CSSBasicShapes.cpp:
        (WebCore::buildPathString):
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::customCSSText):
        * css/CSSMarkup.cpp:
        (WebCore::isCSSTokenizerURL):
        (WebCore::serializeString):
        (WebCore::serializeURL):
        (WebCore::serializeAsStringOrCustomIdent):
        (WebCore::serializeURI): Deleted.
        * css/CSSMarkup.h:
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText):
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::selectorText):
        * css/parser/CSSParser.cpp:
        (WebCore::isCSSTokenizerIdent): Deleted.
        (WebCore::isCSSTokenizerURL): Deleted.
        (WebCore::quoteCSSStringInternal): Deleted.
        (WebCore::quoteCSSString): Deleted.
        (WebCore::quoteCSSStringIfNeeded): Deleted.
        (WebCore::quoteCSSURLIfNeeded): Deleted.
        * css/parser/CSSParser.h:
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::mapLanguageAttributeToLocale):

2016-12-07  Dean Jackson  <dino@apple.com>

        Expose internal API to detect media documents
        https://bugs.webkit.org/show_bug.cgi?id=165559
        <rdar://problems/29564054>

        Reviewed by Antoine Quint.

        Expose via MediaControlsHost whether or not we're in
        a MediaDocument.

        Since MediaControlsHost is only exposed to our
        internal controls, it's not possible to test this
        directly. However, a subsequent test for media documents
        with audio-only content will cover this change.

        * Modules/mediacontrols/MediaControlsHost.cpp: Add isInMediaDocument and put const on
        various methods that should have it.
        (WebCore::MediaControlsHost::captionDisplayMode):
        (WebCore::MediaControlsHost::supportsFullscreen):
        (WebCore::MediaControlsHost::isVideoLayerInline):
        (WebCore::MediaControlsHost::isInMediaDocument):
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl: Add isInMediaDocument.

2016-12-07  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: count >= 1 in WebCore::RenderMultiColumnSet::columnCount
        https://bugs.webkit.org/show_bug.cgi?id=136365
        <rdar://problem/27686727>

        Reviewed by Simon Fraser.

        Margin value overflow ends up confusing the column count computing logic.

        Test: fast/multicol/assert-on-column-count-when-zoomed-in.html

        * css/StyleResolver.cpp:
        (WebCore::addIntrinsicMargins):

2016-12-07  Ryosuke Niwa  <rniwa@webkit.org>

        document.caretRangeFromPoint doesn't retarget the resultant Range correctly.
        https://bugs.webkit.org/show_bug.cgi?id=165146

        Reviewed by Sam Weinig.

        The bug was caused by caretRangeFromPoint not retargeting the resultant Range correctly.
        Namely, it's possible for RenderObject::positionForPoint to move across shadow boundary
        even if node was identically equal to ancestorInThisScope(node).

        Fixed the bug by directly retargeting the range's container node and its offset as done
        for elementFromPoint in r206795.

        Test: fast/shadow-dom/caret-range-from-point-in-shadow-tree.html

        * dom/Document.cpp:
        (WebCore::Document::caretRangeFromPoint):

2016-12-07  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Entering fullscreen and returning to inline shows fullscreen controls
        https://bugs.webkit.org/show_bug.cgi?id=165536

        Reviewed by Tim Horton.

        We regressed when we implemented the fix for webkit.org/b/165494 and we started to rely solely
        on the "webkitpresentationmodechanged" event to identify presention mode changes. As it turns out,
        when the "webkitpresentationmodechanged" event is dispatched when exiting fullscreen and returning
        to the inline presentation mode, querying the "webkitPresentationMode" property says "inline" while
        "webkitDisplayingFullscreen" still returns true (raised as webkit.org/b/165538).
        
        We now use the "webkitPresentationMode" property when that property is supported and we're using the
        "webkitpresentationmodechanged" event, and we use the "webkitDisplayingFullscreen" property otherwise.

        Test: media/modern-media-controls/media-controller/media-controller-inline-to-fullscreen-to-inline.html

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.get layoutTraits):

2016-12-07  Wenson Hsieh  <wenson_hsieh@apple.com>

        Scroll position jumps to the origin when scrolling without momentum at the end of a scroll snapping container
        https://bugs.webkit.org/show_bug.cgi?id=165474
        <rdar://problem/29534305>

        Reviewed by Simon Fraser.

        When initializing an AppKit _NSScrollingMomentumCalculator, if the initial and target positions are the same and
        the initial velocity is (0, 0), the momentum calculator will output (0, 0) as the animated scroll position when
        animating. This causes the scroll position to jump to the top left in some cases when scrolling in scroll snap
        containers. To fix this, we teach the ScrollingMomentumCalculatorMac to return an animation duration of 0 and
        an animated scroll position equal to the final scroll position when this is the case.

        Test: tiled-drawing/scrolling/scroll-snap/scrolling-jumps-to-top.html

        * page/scrolling/mac/ScrollingMomentumCalculatorMac.h:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm:
        (WebCore::ScrollingMomentumCalculatorMac::ScrollingMomentumCalculatorMac):
        (WebCore::ScrollingMomentumCalculatorMac::scrollOffsetAfterElapsedTime):
        (WebCore::ScrollingMomentumCalculatorMac::animationDuration):

2016-12-07  Nan Wang  <n_wang@apple.com>

        AX: menu type toolbar should be mapped correctly on Mac
        https://bugs.webkit.org/show_bug.cgi?id=165537

        Reviewed by Chris Fleizach.

        The menu tag with a toolbar type should have the corresponding role.

        Test: accessibility/mac/menu-type-toolbar.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):

2016-12-07  Wenson Hsieh  <wenson_hsieh@apple.com>

        Add a new project for recording and playing back editing commands in editable web content
        https://bugs.webkit.org/show_bug.cgi?id=165114
        <rdar://problem/29408135>

        Reviewed by Beth Dakin.

        Adds new scripts used to record and play back editing, as well as a new Xcode Copy files phase that pushes these
        scripts to the internal system directory when installing. See the Tools ChangeLog and individual comments below
        for more details. Covered by 3 new unit tests in the EditingHistory project.

        * InternalScripts/DumpEditingHistory.js: Added.
        (beginProcessingTopLevelUpdate):
        (endProcessingTopLevelUpdate):
        (appendDOMUpdatesFromRecords):
        (appendSelectionUpdateIfNecessary):

        Adds new entries into the top-level list of DOM updates captured when editing. Respectively, these are input
        events and selection changes.

        (EditingHistory.getEditingHistoryAsJSONString):
        * InternalScripts/EditingHistoryUtil.js: Added.
        (prototype._scramble):
        (prototype.applyToText):
        (prototype.applyToFilename):
        (prototype._scrambedNumberIndexForCode):
        (prototype._scrambedLowercaseIndexForCode):
        (prototype._scrambedUppercaseIndexForCode):

        Naive implementation of an obfuscator. Currently, this only affects alphanumeric characters. Obfuscation is off
        by default, but can be toggled on in JavaScript.

        (elementFromMarkdown):
        (GlobalNodeMap):
        (GlobalNodeMap.prototype.nodesForGUIDs):
        (GlobalNodeMap.prototype.guidsForTNodes):
        (GlobalNodeMap.prototype.nodeForGUID):
        (GlobalNodeMap.prototype.guidForNode):
        (GlobalNodeMap.prototype.hasGUIDForNode):
        (GlobalNodeMap.prototype.nodes):
        (GlobalNodeMap.prototype.toObject):
        (GlobalNodeMap.fromObject):
        (GlobalNodeMap.dataForNode):
        (GlobalNodeMap.elementFromTagName):
        (GlobalNodeMap.nodeAttributesToObject):
        (GlobalNodeMap.prototype.descriptionHTMLForGUID):
        (GlobalNodeMap.prototype.descriptionHTMLForNode):

        The GlobalNodeMap keeps track of every node that has appeared in the DOM, assigning each node a globally unique
        identifier (GUID). This GUID is used when reconstructing the DOM, as well as unapplying or applying editing.

        (SelectionState):
        (SelectionState.prototype.isEqual):
        (SelectionState.prototype.applyToSelection):
        (SelectionState.fromSelection):
        (SelectionState.prototype.toObject):
        (SelectionState.fromObject):

        Represents a snapshot of the Selection state (determined by getSelection()).

        (DOMUpdate):
        (DOMUpdate.prototype.apply):
        (DOMUpdate.prototype.unapply):
        (DOMUpdate.prototype.targetNode):
        (DOMUpdate.prototype.detailsElement):
        (DOMUpdate.ofType):
        (DOMUpdate.fromRecords):

        A DOMUpdate is an abstract object representing a change in the DOM that may be applied and unapplied. These are
        also serializable as hashes, which may then be converted to JSON when generating editing history data.

        (ChildListUpdate):
        (ChildListUpdate.prototype.apply):
        (ChildListUpdate.prototype.unapply):
        (ChildListUpdate.prototype._nextSibling):
        (ChildListUpdate.prototype._removedNodes):
        (ChildListUpdate.prototype._addedNodes):
        (ChildListUpdate.prototype.toObject):
        (ChildListUpdate.prototype.detailsElement):
        (ChildListUpdate.fromObject):

        These three update types correspond to the three types of DOM mutations. These may appear as top-level updates
        if they are not captured during an input event, but for the majority of user-input-driven changes, they will be
        children of an input event.

        (CharacterDataUpdate):
        (CharacterDataUpdate.prototype.apply):
        (CharacterDataUpdate.prototype.unapply):
        (CharacterDataUpdate.prototype.detailsElement):
        (CharacterDataUpdate.prototype.toObject):
        (CharacterDataUpdate.fromObject):
        (AttributeUpdate):
        (AttributeUpdate.prototype.apply):
        (AttributeUpdate.prototype.unapply):
        (AttributeUpdate.prototype.detailsElement):
        (AttributeUpdate.prototype.toObject):
        (AttributeUpdate.fromObject):
        (SelectionUpdate):
        (SelectionUpdate.prototype.apply):
        (SelectionUpdate.prototype.unapply):
        (SelectionUpdate.prototype.toObject):
        (SelectionUpdate.fromObject):
        (SelectionUpdate.prototype._rangeDescriptionHTML):
        (SelectionUpdate.prototype._anchorDescriptionHTML):
        (SelectionUpdate.prototype._focusDescriptionHTML):
        (SelectionUpdate.prototype.detailsElement):

        Represents a change in the Selection. While no changes to the DOM structure occur as a result of a
        SelectionUpdate, the information contained in these updates is used to determine where the selection should be
        when rewinding or playing back the editing history.

        (InputEventUpdate):
        (InputEventUpdate.prototype._obfuscatedData):
        (InputEventUpdate.prototype.apply):
        (InputEventUpdate.prototype.unapply):
        (InputEventUpdate.prototype.toObject):
        (InputEventUpdate.fromObject):
        (InputEventUpdate.prototype.detailsElement):

        Represents an update due to user input, which consists of some number of child DOM mutation updates.

        * WebCore.xcodeproj/project.pbxproj:

2016-12-07  Jer Noble  <jer.noble@apple.com>

        ASSERT crash while running media-source/mediasource-activesourcebuffers.html under Stress GC bot.
        https://bugs.webkit.org/show_bug.cgi?id=165514

        Reviewed by Eric Carlson.

        If a track associated with MSE is disabled after a SourceBuffer begins parsing a queued
        append operation, SourceBuffer can get into a state where it asks SourceBufferPrivateAVFObjC
        if it is ready to accept data for that disabled track. This causes an ASSERT_NOT_REACHED in
        isReadyForMoreData().

        However, this seems to be a valid condition; we can safely just return "false" from
        isReadyForMoreSamples() (and also bail from notifyClientWhenReadyForMoreSamples()) when asked
        about a disabled track.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples):
        (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples):

2016-12-07  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Eliminate the Scope class and fold it into CSSTokenizer
        https://bugs.webkit.org/show_bug.cgi?id=165532

        Reviewed by Dean Jackson.

        The Scope class, nested inside CSSTokenizer, is both poorly named and serves
        no purpose. It's especially weird that it was the entry point into tokenization
        instead of CSSTokenizer.

        Eliminate the class, fold its members and functions into CSSTokenizer, and have
        callers just make a CSSTokenizer instead.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseSupportsCondition):
        (WebCore::CSSParser::parseSelector):
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parseValue):
        (WebCore::CSSParserImpl::parseCustomPropertyValue):
        (WebCore::CSSParserImpl::parseInlineStyleDeclaration):
        (WebCore::CSSParserImpl::parseDeclarationList):
        (WebCore::CSSParserImpl::parseRule):
        (WebCore::CSSParserImpl::parseStyleSheet):
        (WebCore::CSSParserImpl::parseKeyframeKeyList):
        (WebCore::CSSParserImpl::parseDeclarationListForInspector):
        (WebCore::CSSParserImpl::parseStyleSheetForInspector):
        * css/parser/CSSTokenizer.cpp:
        (WebCore::CSSTokenizer::CSSTokenizer):
        (WebCore::CSSTokenizer::tokenRange):
        (WebCore::CSSTokenizer::tokenCount):
        (WebCore::CSSTokenizer::registerString):
        (WebCore::CSSTokenizer::Scope::Scope): Deleted.
        (WebCore::CSSTokenizer::Scope::tokenRange): Deleted.
        (WebCore::CSSTokenizer::Scope::tokenCount): Deleted.
        * css/parser/CSSTokenizer.h:
        (WebCore::CSSTokenizer::Scope::storeString): Deleted.
        * css/parser/CSSTokenizerInputStream.cpp:
        (WebCore::CSSTokenizerInputStream::CSSTokenizerInputStream):
        * css/parser/CSSTokenizerInputStream.h:
        * css/parser/MediaQueryParser.cpp:
        (WebCore::MediaQueryParser::parseMediaQuerySet):
        * css/parser/SizesAttributeParser.cpp:
        (WebCore::SizesAttributeParser::SizesAttributeParser):

2016-12-07  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unused and mostly untested Page domain commands and events
        https://bugs.webkit.org/show_bug.cgi?id=165507

        Reviewed by Brian Burg.

        Remove any code associated with the commands/events being removed.

        * inspector/DOMPatchSupport.cpp:
        * inspector/DOMPatchSupport.h:
        * inspector/InspectorClient.h:
        (WebCore::InspectorClient::handleJavaScriptDialog): Deleted.
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::scriptsEnabledImpl): Deleted.
        (WebCore::InspectorInstrumentation::willRunJavaScriptDialogImpl): Deleted.
        (WebCore::InspectorInstrumentation::didRunJavaScriptDialogImpl): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::scriptsEnabled): Deleted.
        (WebCore::InspectorInstrumentation::willRunJavaScriptDialog): Deleted.
        (WebCore::InspectorInstrumentation::didRunJavaScriptDialog): Deleted.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::disable):
        (WebCore::InspectorPageAgent::didClearWindowObjectInWorld):
        (WebCore::InspectorPageAgent::didPaint):
        (WebCore::InspectorPageAgent::buildObjectForFrame):
        (WebCore::InspectorPageAgent::archive):
        (WebCore::createXHRTextDecoder): Deleted.
        (WebCore::InspectorPageAgent::getScriptExecutionStatus): Deleted.
        (WebCore::InspectorPageAgent::setScriptExecutionDisabled): Deleted.
        (WebCore::InspectorPageAgent::willRunJavaScriptDialog): Deleted.
        (WebCore::InspectorPageAgent::didRunJavaScriptDialog): Deleted.
        (WebCore::InspectorPageAgent::scriptsEnabled): Deleted.
        (WebCore::InspectorPageAgent::handleJavaScriptDialog): Deleted.
        * inspector/InspectorPageAgent.h:
        * page/Chrome.cpp:
        (WebCore::Chrome::runBeforeUnloadConfirmPanel):
        (WebCore::Chrome::runJavaScriptAlert):
        (WebCore::Chrome::runJavaScriptConfirm):
        (WebCore::Chrome::runJavaScriptPrompt):
        * page/Settings.cpp:
        (WebCore::Settings::setScriptEnabled):

2016-12-07  Jer Noble  <jer.noble@apple.com>

        [pointer-lock] Cursor should become visible when exiting pointer-lock via ESC key.
        https://bugs.webkit.org/show_bug.cgi?id=165377

        Reviewed by Eric Carlson.

        Follow up to previous patch; clear the m_forceCursorVisibleUponUnlock flag upon losing
        pointer lock, so that subsequent unlocks don't erroneously cause the cursor to become
        visible. 

        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::didLosePointerLock):

2016-12-06  Geoffrey Garen  <ggaren@apple.com>

        performance.now() should truncate to 100us
        https://bugs.webkit.org/show_bug.cgi?id=165503
        <rdar://problem/29544531>

        Reviewed by Mark Lam.

        * page/Performance.cpp:
        (WebCore::Performance::reduceTimeResolution):

2016-12-07  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Turn back on a bunch of layout tests
        https://bugs.webkit.org/show_bug.cgi?id=165529

        Reviewed by Zalan Bujtas.

        Fixes fast/css/transform-origin-parsing.html.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeTransformOrigin):
        The implicit check was relying on a null check of the z value, but
        we called releaseNonNull on it already. This meant all z properties were
        marked as implicit incorrectly. Fix by storing whether or not we had a z
        value in a local variable.

2016-12-07  Andreas Kling  <akling@apple.com>

        [iOS] Remove bitrotted FrameLoader attempt to limit page caching under memory pressure.
        <https://webkit.org/b/165527>

        Reviewed by Antti Koivisto.

        This code no longer does anything, as the page cache is hard capped
        at 0 entries while under memory pressure.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

2016-12-06  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Use tap and pinch gestures on iOS
        https://bugs.webkit.org/show_bug.cgi?id=165518

        Reviewed by Dean Jackson.

        We now use touch events to identify taps and pinches on media controls to respond immediately
        to user interaction on buttons and enter fullscreen when pinching out.

        * Modules/modern-media-controls/controls/button.css:
        (button):
        * Modules/modern-media-controls/controls/button.js:
        (Button):
        (Button.prototype.handleEvent):
        (Button.prototype.gestureRecognizerStateDidChange):
        (Button.prototype._notifyDelegateOfActivation):
        (Button.prototype._handleUIEvent): Deleted.
        * Modules/modern-media-controls/controls/controls-bar.js:
        (ControlsBar.prototype.set fadesWhileIdle):
        (ControlsBar.prototype.gestureRecognizerStateDidChange):
        * Modules/modern-media-controls/controls/icon-button.js:
        (IconButton.prototype._updateImage):
        (IconButton):
        * Modules/modern-media-controls/controls/ios-inline-media-controls.js:
        (IOSInlineMediaControls.prototype.gestureRecognizerStateDidChange):
        * Modules/modern-media-controls/gesture-recognizers/gesture-recognizer.js: Added.
        (GestureRecognizer):
        (GestureRecognizer.prototype.get state):
        (GestureRecognizer.prototype.set state):
        (GestureRecognizer.prototype.get target):
        (GestureRecognizer.prototype.set target):
        (GestureRecognizer.prototype.get numberOfTouches):
        (GestureRecognizer.prototype.get enabled):
        (GestureRecognizer.prototype.set enabled):
        (GestureRecognizer.prototype.reset):
        (GestureRecognizer.prototype.locationInElement):
        (GestureRecognizer.prototype.locationInClient):
        (GestureRecognizer.prototype.locationOfTouchInElement):
        (GestureRecognizer.prototype.touchesBegan):
        (GestureRecognizer.prototype.touchesMoved):
        (GestureRecognizer.prototype.touchesEnded):
        (GestureRecognizer.prototype.touchesCancelled):
        (GestureRecognizer.prototype.gestureBegan):
        (GestureRecognizer.prototype.gestureChanged):
        (GestureRecognizer.prototype.gestureEnded):
        (GestureRecognizer.prototype.enterPossibleState):
        (GestureRecognizer.prototype.enterBeganState):
        (GestureRecognizer.prototype.enterEndedState):
        (GestureRecognizer.prototype.enterCancelledState):
        (GestureRecognizer.prototype.enterFailedState):
        (GestureRecognizer.prototype.enterChangedState):
        (GestureRecognizer.prototype.enterRecognizedState):
        (GestureRecognizer.prototype.handleEvent):
        (GestureRecognizer.prototype._initRecognizer):
        (GestureRecognizer.prototype._updateBaseListeners):
        (GestureRecognizer.prototype._removeTrackingListeners):
        (GestureRecognizer.prototype._updateTargetTouches):
        (GestureRecognizer.prototype._updateKeyboardModifiers):
        * Modules/modern-media-controls/gesture-recognizers/pinch.js: Added.
        (PinchGestureRecognizer):
        (PinchGestureRecognizer.prototype.get velocity):
        (PinchGestureRecognizer.prototype.touchesBegan):
        (PinchGestureRecognizer.prototype.touchesMoved):
        (PinchGestureRecognizer.prototype.touchesEnded):
        (PinchGestureRecognizer.prototype.gestureBegan):
        (PinchGestureRecognizer.prototype.gestureChanged):
        (PinchGestureRecognizer.prototype.gestureEnded):
        (PinchGestureRecognizer.prototype.reset):
        (PinchGestureRecognizer.prototype._recordGesture):
        (PinchGestureRecognizer.prototype._updateStateWithEvent):
        (PinchGestureRecognizer.prototype._distance):
        * Modules/modern-media-controls/gesture-recognizers/tap.js: Added.
        (TapGestureRecognizer):
        (TapGestureRecognizer.prototype.touchesBegan):
        (TapGestureRecognizer.prototype.touchesMoved):
        (TapGestureRecognizer.prototype.touchesEnded):
        (TapGestureRecognizer.prototype.reset):
        (TapGestureRecognizer.prototype.locationInElement):
        (TapGestureRecognizer.prototype.locationInClient):
        (TapGestureRecognizer.prototype._clearTimer):
        (TapGestureRecognizer.prototype._rewindTimer):
        (TapGestureRecognizer.prototype._timerFired):
        * Modules/modern-media-controls/js-files:
        * Modules/modern-media-controls/media/airplay-support.js:
        (AirplaySupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/controls-visibility-support.js:
        (ControlsVisibilitySupport):
        (ControlsVisibilitySupport.prototype.handleEvent):
        (ControlsVisibilitySupport.prototype.syncControl): Deleted.
        * Modules/modern-media-controls/media/fullscreen-support.js:
        (FullscreenSupport):
        (FullscreenSupport.prototype.iOSInlineMediaControlsRecognizedPinchInGesture):
        (FullscreenSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/media-controller-support.js:
        (MediaControllerSupport):
        (MediaControllerSupport.prototype.handleEvent):
        (MediaControllerSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/mute-support.js:
        (MuteSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/pip-support.js:
        (PiPSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/playback-support.js:
        (PlaybackSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/skip-back-support.js:
        (SkipBackSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/start-support.js:
        (StartSupport.prototype.buttonWasClicked): Deleted.
        * Modules/modern-media-controls/media/tracks-support.js:
        (TracksSupport.prototype.buttonWasClicked): Deleted.

2016-12-06  Dean Jackson  <dino@apple.com>

        Apply styling to media documents with modern controls
        https://bugs.webkit.org/show_bug.cgi?id=165499
        <rdar://problems/29543847>

        Reviewed by Antoine Quint.

        Forgot to commit most of the changes in MediaDocument.cpp :(

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):

2016-12-06  Simon Fraser  <simon.fraser@apple.com>

        Two tiled drawing tests failing with visual viewports enabled.
        https://bugs.webkit.org/show_bug.cgi?id=165489

        Reviewed by Dean Jackson.

        computeLayoutViewportOrigin() gets called for iframes when the layout viewport
        is zero-sized, but the visual viewport is non-zero. It doesn't really make sense
        to compute a layout viewport when the visual viewport is larger than the layout
        viewport, but if this happens just anchor the layout viewport at the origin
        of the visual viewport.

        * page/FrameView.cpp:
        (WebCore::FrameView::computeLayoutViewportOrigin):

2016-12-04  Darin Adler  <darin@apple.com>

        Remove various stray uses of WebCore::Dictionary
        https://bugs.webkit.org/show_bug.cgi?id=165358

        Reviewed by Sam Weinig.

        I discovered three completely unused classes in the MediaStream code:
        MediaTrackConstraint, MediaTrackConstraintSet, and MediaTrackConstraints.
        While there is some chance we may implement these at some point, they are
        likely to be dictionaries or some other kind of data structure rather than
        clases, and there is no reason to keep the current classes.

        * CMakeLists.txt: Removed MediaTrackConstraint, MediaTrackConstraintSet,
        and MediaTrackConstraints.
        * DerivedSources.cpp: Ditto.
        * DerivedSources.make: Ditto.

        * Modules/indexeddb/IDBDatabase.h: Removed include of Dictionary.h.
        * Modules/indexeddb/IDBObjectStore.cpp: Added include of HeapInlines.h.
        * Modules/indexeddb/IDBRequest.cpp: Added include of StrongInlines.h.
        * Modules/indexeddb/IDBTransaction.cpp: Added include of SerializedScriptValue.h.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getConstraints): Deleted.
        This function is implemented entirely in the bindings layer.
        * Modules/mediastream/MediaStreamTrack.h: Removed getConstraints.

        * Modules/mediastream/MediaTrackConstraint.cpp: Removed.
        * Modules/mediastream/MediaTrackConstraint.h: Removed.
        * Modules/mediastream/MediaTrackConstraint.idl: Removed.
        * Modules/mediastream/MediaTrackConstraintSet.cpp: Removed.
        * Modules/mediastream/MediaTrackConstraintSet.h: Removed.
        * Modules/mediastream/MediaTrackConstraintSet.idl: Removed.
        * Modules/mediastream/MediaTrackConstraints.cpp: Removed.
        * Modules/mediastream/MediaTrackConstraints.h: Removed.
        * Modules/mediastream/MediaTrackConstraints.idl: Removed.

        * Modules/mediastream/NavigatorUserMedia.idl: Use the type names from the latest
        getUserMedia specification for the arguments to webkitGetUserMedia; not sure they
        are precisely correct for this legacy function, but since this is a JSBuiltin,
        it's all ignored anyway. Just important not to call anything "Dictionary".

        * WebCore.xcodeproj/project.pbxproj: Removed MediaTrackConstraint, MediaTrackConstraintSet,
        and MediaTrackConstraints.

        * bindings/js/JSApplePaySessionCustom.cpp:
        (WebCore::JSApplePaySession::completeShippingMethodSelection): Use uncheckedArgument, since
        the code explicitly checks the number of arguments.
        (WebCore::JSApplePaySession::completeShippingContactSelection): Ditto.
        (WebCore::JSApplePaySession::completePaymentMethodSelection): Ditto.

        * bindings/js/JSFontFaceCustom.cpp: Removed include of Dictionary.h.
        * dom/Document.cpp: Ditto.
        * dom/Element.cpp: Ditto.

        * dom/Element.h: Removed forward declaration of Dictionary.

2016-12-06  Wenson Hsieh  <wenson_hsieh@apple.com>

        After preventing a beforeinput event, an input event is fired when formatting rich text
        https://bugs.webkit.org/show_bug.cgi?id=165435
        <rdar://problem/29522314>

        Reviewed by Ryosuke Niwa.

        This regressed after I refactored some input event event dispatch logic when formatting text in r208461.
        I moved the logic for dispatching input events when applying styles into Editor::applyStyle, but left out an
        early return after firing the beforeinput event if the default behavior was prevented, which caused us to
        continue on and dispatch an input event. The fix is to bail from applyStyle if default was prevented.

        Augmented an existing layout test to cover this case.

        * editing/Editor.cpp:
        (WebCore::Editor::applyStyle):
        (WebCore::Editor::applyParagraphStyle):

2016-12-06  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Instantiate iOS media controls
        https://bugs.webkit.org/show_bug.cgi?id=165498

        Reviewed by Dean Jackson.

        Add support for the modern media controls runtime flags in RenderThemeIOS and, when instantiating iOS controls,
        return an IOSInlineMediaControls class.

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._controlsClass):
        (MediaController):
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::mediaControlsStyleSheet):
        (WebCore::RenderThemeIOS::mediaControlsScript):
        (WebCore::RenderThemeIOS::mediaControlsBase64StringForIconAndPlatform):

2016-12-06  Dean Jackson  <dino@apple.com>

        Apply styling to media documents with modern controls
        https://bugs.webkit.org/show_bug.cgi?id=165499
        <rdar://problems/29543847>

        Reviewed by Antoine Quint.

        Existing MediaDocuments got styling from the injected style
        sheet, which had rules for such documents. The modern media controls
        use a scoped style rule, so we can't touch the document style. Instead,
        inline the style directly from MediaDocument.

        Test: media/modern-media-controls/media-documents/background-color-and-centering.html

        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):

2016-12-06  Zalan Bujtas  <zalan@apple.com>

        Move RenderElement::rendererForRootBackground to RenderView.
        https://bugs.webkit.org/show_bug.cgi?id=165454

        Reviewed by Simon Fraser.

        Currently RenderElement::rendererForRootBackground can only be called on document element's renderer.
        This patch removes this limitation and moves the functionality from RenderElement to RenderView.

        No change in functionality.

        * page/FrameView.cpp:
        (WebCore::FrameView::calculateExtendedBackgroundMode):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintRootBoxFillLayers):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::rendererForRootBackground): Deleted.
        * rendering/RenderElement.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::rendererBackgroundColor):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::rendererForRootBackground):
        (WebCore::rendererObscuresBackground):
        (WebCore::RenderView::paintBoxDecorations):
        (WebCore::RenderView::rootBackgroundIsEntirelyFixed):
        * rendering/RenderView.h:

2016-12-05  Jiewen Tan  <jiewen_tan@apple.com>

        [Part 1 of 2] Add support for SPKI format while doing SubtleCrypto.importKey/exportKey
        https://bugs.webkit.org/show_bug.cgi?id=129978
        <rdar://problem/21799829>

        This is part 1 of Bug 129978. In this patch, it adds the SPKI format support for
        SubtleCrypto.importKey/exportKey. Currently support algorithms are RSAES-PKCS1-v1_5,
        RSASSA-PKCS1-v1_5 and RSA-OAEP.

        Reviewed by Brent Fulgham.

        Tests: crypto/subtle/rsa-import-jwk-key-export-spki-key.html
               crypto/subtle/rsa-import-spki-key-export-jwk-key.html
               crypto/subtle/rsa-import-spki-key-export-spki-key.html
               crypto/subtle/rsa-import-spki-small-key.html
               crypto/subtle/rsa-oaep-generate-export-key-spki.html
               crypto/subtle/rsa-oaep-import-spki-key.html
               crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-spki.html
               crypto/subtle/rsaes-pkcs1-v1_5-import-spki-key.html
               crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-spki.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-spki-key.html
               crypto/workers/subtle/rsa-export-spki-key.html
               crypto/workers/subtle/rsa-import-spki-key.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::toKeyData):
        * crypto/CommonCryptoUtilities.h:
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::exportKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::exportKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::importKey):
        (WebCore::CryptoAlgorithmRSA_OAEP::exportKey):
        * crypto/gnutls/CryptoKeyRSAGnuTLS.cpp:
        (WebCore::CryptoKeyRSA::importSpki):
        (WebCore::CryptoKeyRSA::exportSpki):
        * crypto/keys/CryptoKeyRSA.h:
        * crypto/mac/CryptoKeyRSAMac.cpp:
        (WebCore::bytesUsedToEncodedLength):
        (WebCore::bytesNeededForEncodedLength):
        (WebCore::addEncodedASN1Length):
        (WebCore::CryptoKeyRSA::importSpki):
        (WebCore::CryptoKeyRSA::exportSpki):

2016-12-06  Simon Fraser  <simon.fraser@apple.com>

        Fix editing text flakiness introduced in r209411
        https://bugs.webkit.org/show_bug.cgi?id=165500

        Reviewed by Dean Jackson.

        The "insideFixed" out param was left uninitialized sometimes. This affected FrameSelection's 
        m_caretInsidePositionFixed, which caused problems in these tests.

        Tested by editing tests in WK1.

        * editing/htmlediting.cpp:
        (WebCore::absoluteBoundsForLocalCaretRect):

2016-12-06  Alexey Proskuryakov  <ap@apple.com>

        Correct SDKROOT values in xcconfig files
        https://bugs.webkit.org/show_bug.cgi?id=165487
        rdar://problem/29539209

        Reviewed by Dan Bernstein.

        Fix suggested by Dan Bernstein.

        * Configurations/DebugRelease.xcconfig:

2016-12-06  Saam Barati  <sbarati@apple.com>

        Remove old Wasm object model
        https://bugs.webkit.org/show_bug.cgi?id=165481

        Reviewed by Keith Miller and Mark Lam.

        * testing/Internals.cpp:
        (WebCore::Internals::parserMetaData):

2016-12-06  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Media controls use the fullscreen layout after going from inline to fullscreen to PiP to inline
        https://bugs.webkit.org/show_bug.cgi?id=165494

        Reviewed by Dean Jackson.

        We would only call _updateControlsIfNeeded() when entering or leaving fullscreen, so we going from fullscreen to PiP to
        inline would retain fullscreen controls since we would not check for the event that indicates we went back from PiP to
        inline. On platforms that support it, we listen to the "webkitpresentationmodechanged" event
        to update the controls, and only "webkitfullscreenchange" on others (ie. Yosemite).

        Test: media/modern-media-controls/media-controller/media-controller-inline-to-fullscreen-to-pip-to-inline.html

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        (MediaController.prototype.handleEvent):
        (MediaController.prototype._returnMediaLayerToInlineIfNeeded):

2016-12-06  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Rendering issues with controls bar when captions are on
        https://bugs.webkit.org/show_bug.cgi?id=165390

        Reviewed by Dean Jackson.

        We would face some layout issues with captions due to RenderImage::layoutShadowControls()
        expecting a single RenderBox in the media controls shadow root, which was the case with
        legacy media controls, but no longer the case with modern media controls. We now host
        both the captions and the media controls elements under a single container, and add
        an asertion in RenderImage to check that a single RenderBox child exists.

        Test: media/modern-media-controls/media-controller/media-controller-single-container.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container):
        (.media-controls-container,):
        (.media-controls-container > *):
        (.media-controls):
        * Modules/modern-media-controls/controls/text-tracks.css:
        (video::-webkit-media-text-track-container):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        (MediaController.prototype._updateControlsIfNeeded):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::layoutShadowControls):

2016-12-06  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Automatically hide the controls bar when the mouse is idle
        https://bugs.webkit.org/show_bug.cgi?id=165492

        Reviewed by Dean Jackson.

        We now automatically hide the controls bar. When the media is no longer paused, the controls remain
        visible for 4 seconds, regardless of where the mouse pointer is located. When the user mouses over the
        media, the controls become visible and automatically hide 4 seconds after the last time the user has
        moved his mouse over the media. When the user mouses out of the media, the controls automatically hide.
        When the mouse is over the controls bar, it remains visible. When the media is paused, the controls bar
        remain visible regardless of the mouse position.

        Tests: media/modern-media-controls/media-controller/media-controller-auto-hide-mouse-enter-and-mouse-leave.html
               media/modern-media-controls/media-controller/media-controller-auto-hide-mouse-enter-over-controls-bar.html
               media/modern-media-controls/media-controller/media-controller-auto-hide-mouse-leave-after-play.html
               media/modern-media-controls/media-controller/media-controller-auto-hide-pause.html
               media/modern-media-controls/media-controller/media-controller-auto-hide-rewind-with-mouse-enter.html
               media/modern-media-controls/media-controller/media-controller-auto-hide.html

        * Modules/modern-media-controls/controls/controls-bar.css: Added.
        (.controls-bar):
        (.controls-bar.faded):
        * Modules/modern-media-controls/controls/controls-bar.js:
        (ControlsBar.prototype.get userInteractionEnabled):
        (ControlsBar.prototype.set userInteractionEnabled):
        (ControlsBar.prototype.get fadesWhileIdle):
        (ControlsBar.prototype.set fadesWhileIdle):
        (ControlsBar.prototype.get visible):
        (ControlsBar.prototype.set visible):
        (ControlsBar.prototype.get faded):
        (ControlsBar.prototype.set faded):
        (ControlsBar.prototype.handleEvent):
        (ControlsBar.prototype.commitProperty):
        (ControlsBar.prototype._cancelAutoHideTimer):
        (ControlsBar.prototype._rewindAutoHideTimer):
        (ControlsBar.prototype._autoHideTimerFired):
        * Modules/modern-media-controls/controls/media-controls.js:
        * Modules/modern-media-controls/media/controls-visibility-support.js:
        (ControlsVisibilitySupport.prototype.get mediaEvents):
        (ControlsVisibilitySupport.prototype.syncControl):
        (ControlsVisibilitySupport):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._updateControlsIfNeeded):

2016-12-06  Zalan Bujtas  <zalan@apple.com>

        Can not select whole line when using flexbox
        https://bugs.webkit.org/show_bug.cgi?id=165299

        Reviewed by David Hyatt.

        RootInlineBox::selectionTopAdjustedForPrecedingBlock assumes that the preceding block is
        always above the current line. However in certain layout contexts (flex as an example) the block before
        could just be on the same line as the current one.

        This patch checks if we actually need to adjust the selection top to avoid vertical selection overlap.

        Test: fast/flexbox/flexbox-fail-to-select-same-line.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::blockBeforeWithinSelectionRoot): Deleted.
        * rendering/RenderBlock.h:
        * rendering/RootInlineBox.cpp:
        (WebCore::blockBeforeWithinSelectionRoot):
        (WebCore::RootInlineBox::selectionTopAdjustedForPrecedingBlock):

2016-12-06  Ryosuke Niwa  <rniwa@webkit.org>

        Add more assertions to ElementQueue diagnose a bug
        https://bugs.webkit.org/show_bug.cgi?id=164814

        Reviewed by Alexey Proskuryakov.

        Set m_invoking in release builds now that assertions are also run in release builds.

        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionStack::ElementQueue::invokeAll):

2016-12-06  Jer Noble  <jer.noble@apple.com>

        YouTube sometimes pauses when switching tabs
        https://bugs.webkit.org/show_bug.cgi?id=165468

        Reviewed by Eric Carlson.

        Test: media/media-session-restrictions.html

        The bitfield which represents the restrictions for "VideoAudio" media type was unititialized,
        leading to what was effectively a random set of restrictions at runtime.

        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::resetRestrictions):
        * testing/Internals.cpp:
        (WebCore::mediaTypeFromString):
        (WebCore::Internals::setMediaSessionRestrictions):
        (WebCore::Internals::mediaSessionRestrictions):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-12-06  Mark Lam  <mark.lam@apple.com>

        Introduce the concept of Immutable Prototype Exotic Objects to comply with the spec.
        https://bugs.webkit.org/show_bug.cgi?id=165227
        <rdar://problem/29442665>

        Reviewed by Saam Barati.

        Make all objects in window.__proto__'s prototype chain immutable prototype exotic
        objects.  This gives us roughly equivalent behavior to other browsers.  

        Firefox's behavior differ slightly in that Firefox will fail any attempted
        assignment their __proto__, while the immutable prototype exotic objects will
        only fail if the assignment is of a different value.  See
        https://tc39.github.io/ecma262/#sec-immutable-prototype-exotic-objects.

        Chrome differs in that assignment to window.__proto__ is also handled like an
        immutable prototype exotic object.  Instead we adhere to the current HTML spec
        that says that the assignment should fail unconditionally.  See
        https://html.spec.whatwg.org/#the-windowproxy-exotic-object and
        https://html.spec.whatwg.org/#windowproxy-setprototypeof.

        If the HTML spec is changed to make the WindowProxy and Location objects into
        immutable prototype exotic objects later, we can update to match the spec then.

        Test: js/prototype-assignment.html

        * bindings/js/JSDOMWindowProperties.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GeneratePrototypeDeclaration):
        * bindings/scripts/IDLAttributes.txt:
        * dom/EventTarget.idl:
        * page/DOMWindow.idl:

2016-12-06  Andreas Kling  <akling@apple.com>

        [Cocoa] Add some memory usage related information to sysdiagnose state dumps
        <https://webkit.org/b/165375>
        <rdar://problem/29057243>

        Reviewed by Darin Adler.

        Follow-up to address two more review comments.

        * page/PerformanceLogging.cpp:
        (WebCore::PerformanceLogging::javaScriptObjectCounts): Use WTFMove() when returning the
        HashCountedSet to avoid making an extra copy.

2016-12-06  Dave Hyatt  <hyatt@apple.com>

        REGRESSION (Safari 10): Scrolling not working inside height 100% table
        https://bugs.webkit.org/show_bug.cgi?id=164366
        <rdar://problem/29095535>

        Reviewed by Zalan Bujtas.

        Added fast/table/overflow-percent-height-regression.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computePercentageLogicalHeight):
        This patch wasn't merged correctly from Blink. The value returned needed
        to be 0, not unset.

2016-12-06  Sam Weinig  <sam@webkit.org>

        REGRESSION: media/track LayoutTests are flaky failures
        https://bugs.webkit.org/show_bug.cgi?id=165432

        Reviewed by Antoine Quint.

        RenderThemeMac was caching the media controls script / style sheets
        and not being invalidated when the RuntimeEnabledFeatures changed. So,
        we can just cache both.

        * bindings/generic/RuntimeEnabledFeatures.h:
        Initialize m_areModernMediaControlsEnabled to false.

        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::mediaControlsStyleSheet):
        (WebCore::RenderThemeMac::mediaControlsScript):
        Have separate caches for the modern and legacy media control scripts/style sheets.

2016-12-06  Sam Weinig  <sam@webkit.org>

        DumpRenderTree crashed in com.apple.WebCore: WebCore::MockMediaEndpoint::generateDtlsInfo const + 23
        https://bugs.webkit.org/show_bug.cgi?id=165486
        <rdar://problem/29149588>

        Reviewed by Tim Horton.

        The MockMediaEndpoint can be destroyed before the task created in MockMediaEndpoint::generateDtlsInfo()
        gets a chance to run, so guard it with a weak pointer.

        * platform/mock/MockMediaEndpoint.cpp:
        (WebCore::MockMediaEndpoint::MockMediaEndpoint):
        (WebCore::MockMediaEndpoint::generateDtlsInfo):
        * platform/mock/MockMediaEndpoint.h:

2016-12-06  Chris Dumez  <cdumez@apple.com>

        Add HTML interactive form validation blacklist for some WebKit-specific sites
        https://bugs.webkit.org/show_bug.cgi?id=165470
        <rdar://problem/29509424>

        Reviewed by Simon Fraser.

        Add HTML interactive form validation blacklist for some WebKit-specific sites
        expecting our old behavior, until they get a chance to be updated.

        * html/HTMLFormElement.cpp:
        (WebCore::isURLBlacklistedForInteractiveFormValidation):
        (WebCore::HTMLFormElement::prepareForSubmission):

2016-12-06  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rollout r209050.

        This change may impact other popovers than the HTML validation one.
        The previous code is safer.

        * platform/ValidationBubble.h:
        * platform/ios/ValidationBubbleIOS.mm:
        (-[WebValidationBubbleDelegate adaptivePresentationStyleForPresentationController:traitCollection:]):
        (WebCore::ValidationBubble::setAnchorRect):
        * platform/spi/ios/UIKitSPI.h:

2016-12-05  Simon Fraser  <simon.fraser@apple.com>

        Improve the behavior of scroll-into-view when the target is inside position:fixed
        https://bugs.webkit.org/show_bug.cgi?id=165354

        Reviewed by Zalan Bujtas.
        
        The existing RenderLayer::scrollRectToVisible() code paid no heed to whether the 
        target was inside position:fixed, resulting in unwanted scrolls.
        
        Fix this by plumbing through from the call sites a "insideFixed" flag which we get
        when we call localToAbsolute(), and use this flag to avoid scrolling at all if
        unzoomed.
        
        If zoomed and we're focussing something inside position:fixed, and if visual viewports
        are enabled, we can compute the visual viewport required to reveal the target rect,
        which gives us the ideal scroll position.
        
        Fix a bug on non-iOS platforms when zoomed, which is to scale the viewRect since
        frameView.visibleContentRect() gives an unscaled rect on those platforms.
        
        Not all callers of scrollRectToVisible() are fixed, but those that are not will get
        the current behavior.

        Tests: fast/overflow/scroll-anchor-in-position-fixed.html
               fast/visual-viewport/zoomed-scroll-into-view-fixed.html
               fast/visual-viewport/zoomed-scroll-to-anchor-in-position-fixed.html

        * dom/Element.cpp:
        (WebCore::Element::scrollIntoView):
        (WebCore::Element::scrollIntoViewIfNeeded):
        (WebCore::Element::scrollIntoViewIfNotVisible):
        (WebCore::Element::updateFocusAppearance):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::FrameSelection):
        (WebCore::FrameSelection::absoluteCaretBounds):
        (WebCore::FrameSelection::recomputeCaretRect):
        (WebCore::FrameSelection::revealSelection):
        * editing/FrameSelection.h:
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::absoluteCaretBounds):
        * editing/VisiblePosition.h:
        * editing/htmlediting.cpp:
        (WebCore::absoluteBoundsForLocalCaretRect):
        * editing/htmlediting.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollElementToRect):
        (WebCore::FrameView::scrollToAnchor):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::outputLinkedDestinations):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getLeadingCorner):
        (WebCore::RenderElement::getTrailingCorner):
        (WebCore::RenderElement::absoluteAnchorRect):
        (WebCore::RenderElement::anchorRect): Deleted.
        * rendering/RenderElement.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):
        (WebCore::RenderLayer::getRectToExpose):
        (WebCore::RenderLayer::autoscroll):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::scrollRectToVisible):
        * rendering/RenderObject.h:

2016-12-06  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] REGRESSION(r205396): Intermediate CTRuns with initial advances get double counted when glyph origins are enabled
        https://bugs.webkit.org/show_bug.cgi?id=165084

        Reviewed by Simon Fraser.

        When glyph origins are not enabled, an intermediate CTRun's initial advance is simply added
        to the previous glyph's advance. However, when glyph origins are enabled, this shouldn't
        occur.

        Test: fast/text/initial-advance-in-intermediate-run-complex.html

        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):

2016-12-06  Simon Fraser  <simon.fraser@apple.com>

        Enable visual viewports by default on Mac, and iOS Wk2
        https://bugs.webkit.org/show_bug.cgi?id=165452

        Reviewed by Zalan Bujtas.

        Some tests revealed an issue where, during scrollbar updates, the visual viewport would be
        15px wider than the layout viewport, which results in the layout viewport shifting 15px to the
        right. Prevent this by disallowing viewport updates during the AdjustViewSize phase; we'll
        be called again in postLayoutTasks.

        * page/FrameView.cpp:
        (WebCore::FrameView::updateLayoutViewport):

2016-12-06  Daniel Bates  <dabates@apple.com>

        Cleanup: Rename some HTTP 0.9-specific functions to conform to WebKit Code Style Guidelines
        https://bugs.webkit.org/show_bug.cgi?id=165451

        Reviewed by Alex Christensen.

        Rename Document::shouldEnforceHTTP0_9Sandbox() and ResourceResponseBase::isHttpVersion0_9()
        to Document::shouldEnforceHTTP09Sandbox() and ResourceResponseBase::isHTTP09, respectively,
        to conform to the WebKit Code Style Guidelines.

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext):
        (WebCore::Document::shouldEnforceHTTP09Sandbox): Renamed; formerly named shouldEnforceHTTP0_9Sandbox
        * dom/Document.h:
        * platform/network/ResourceHandle.cpp:
        (WebCore::ResourceHandle::didReceiveResponse):
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::isHTTP09): Renamed; formerly named isHttpVersion0_9.
        * platform/network/ResourceResponseBase.h:

2016-12-06  Daniel Bates  <dabates@apple.com>

        Use Vector::uncheckedAppend() in more places
        https://bugs.webkit.org/show_bug.cgi?id=164952

        Reviewed by Darin Adler.

        We can use Vector::uncheckedAppend() whenever the number of items that will be appended
        to a vector is equal to or less than its capacity. Using Vector::uncheckedAppend() is
        more efficient than Vector::append() as it avoids checking the capacity of the vector
        before appending a value to the end of it.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        * contentextensions/DFABytecodeCompiler.cpp:
        (WebCore::ContentExtensions::DFABytecodeCompiler::extractJumpTable):
        * contentextensions/DFAMinimizer.cpp:
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::copyPropertiesInSet): Use Vector::uncheckedAppend() and inline
        the assignment of the temporary variable value into the if condition to limit its scope
        as it is referenced exactly once in the loop body.
        * css/StyleRule.cpp:
        (WebCore::StyleRuleGroup::StyleRuleGroup): Use Vector::uncheckedAppend() and write for-loop
        using a C++11 range-based for-loop.
        * css/parser/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::setLangArgumentList):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):
        * dom/DocumentMarkerController.cpp:
        (WebCore::updateRenderedRectsForMarker):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::convertToLayoutUnits):
        * platform/audio/AudioBus.cpp:
        (WebCore::AudioBus::AudioBus):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::purgeInactiveFontData):
        * platform/graphics/PathUtilities.cpp:
        (WebCore::polygonsForRect):
        * platform/mediastream/CaptureDeviceManager.cpp:
        (CaptureDeviceManager::bestSourcesForTypeAndConstraints):
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::fitnessDistance):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::formCreate):

2016-12-04  Darin Adler  <darin@apple.com>

        Use ASCIICType more, and improve it a little bit
        https://bugs.webkit.org/show_bug.cgi?id=165360

        Reviewed by Sam Weinig.

        * css/CSSGrammar.y.in: Use isASCIIDigit.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceUnicodeRange): Use isASCIIHexDigit and
        toASCIIHexValue.
        (WebCore::isEqualToCSSIdentifier): Use isASCIILower.
        * html/FormController.cpp:
        (WebCore::isNotFormControlTypeCharacter): Use isASCIILower.
        * html/parser/CSSPreloadScanner.cpp:
        (WebCore::CSSPreloadScanner::tokenize): Use isASCIIAlpha.
        * platform/Decimal.cpp:
        (WebCore::Decimal::fromString): Use isASCIIDigit.
        * platform/FileSystem.cpp:
        (WebCore::decodeFromFilename): Use isASCIIHexDigit and toASCIIHexValue.
        * platform/URL.cpp:
        (WebCore::isLetterMatchIgnoringCase): Deleted.
        (WebCore::isSchemeCharacterMatchIgnoringCase): Deleted.
        (WebCore::assertProtocolIsGood): Use isASCIIUpper.
        (WebCore::URL::protocolIs): Use isASCIIAlphaCaselessEqual.
        (WebCore::URL::parse): Ditto.
        (WebCore::protocolIs): Ditto.
        (WebCore::protocolIsInHTTPFamily): Ditto.
        * platform/URLParser.cpp:
        (WeCore::URLParser::parseIPv4Piece): Use isASCIIDigit.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isRussianDomainNameCharacter): Use isASCIIDigit.
        (WebCore::allCharactersAllowedByTLDRules): Ditto.
        (WebCore::dataWithUserTypedString): Use upperNibbleToASCIIHexDigit and
        lowerNibbleToASCIIHexDigit.
        (WebCore::dataForURLComponentType): Ditto.
        (WebCore::createStringWithEscapedUnsafeCharacters): Ditto.
        (WebCore::userVisibleString): Use isASCIIHexDigit, toASCIIHexValue,
        upperNibbleToASCIIHexDigit, and lowerNibbleToASCIIHexDigit.
        (WebCore::isUserVisibleURL): Use isASCIIHexDigit and toASCIIHexValue.

        * platform/network/FormDataBuilder.cpp:
        (WebCore::FormDataBuilder::encodeStringAsFormData): Use isASCIIAlphanumeric.

        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::mathVariant): Use isASCIIUpper, isASCIILower, and isASCIIDigit.

        * svg/SVGParserUtilities.cpp:
        (WebCore::genericParseNumber): Use isASCIIDigit.
        * svg/SVGPathStringSource.cpp:
        (WebCore::nextCommandHelper): Ditto.
        * xml/XPathParser.cpp:
        (WebCore::XPath::Parser::lexNumber): Ditto.
        (WebCore::XPath::Parser::nextTokenInternal): Ditto.

2016-12-06  Ryan Haddad  <ryanhaddad@apple.com>

        Rebaseline bindings tests after r209390.

        Unreviewed test gardening.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::convertDictionaryToJS):
        * bindings/scripts/test/JS/JSTestObj.h:

2016-12-06  Tim Horton  <timothy_horton@apple.com>

        PDF markup/annotations visible in Mail on macOS but not on iOS
        https://bugs.webkit.org/show_bug.cgi?id=165444
        <rdar://problem/28942896>

        Reviewed by Simon Fraser.

        No new tests, but enabled an existing test for this feature.

        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::drawPDFPage):
        * platform/spi/cg/CoreGraphicsSPI.h:
        Make use of CGContextDrawPDFPageWithAnnotations where available,
        to paint the page with annotations.

2016-12-06  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Turn on the new CSS parser
        https://bugs.webkit.org/show_bug.cgi?id=165213

        Reviewed by Zalan Bujtas.

        * page/Settings.in:

2016-12-06  Dan Bernstein  <mitz@apple.com>

        Tried to fix the USE(APPLE_INTERNAL_SDK) build after r209385.

        * platform/spi/cocoa/NSTouchBarSPI.h:

2016-12-05  Jer Noble  <jer.noble@apple.com>

        [pointer-lock] Cursor should become visible when exiting pointer-lock via ESC key.
        https://bugs.webkit.org/show_bug.cgi?id=165377

        Reviewed by Darin Adler.

        Introduce the concept of "force cursor to become visible" when requesting the pointer be
        unlocked.  ESC events will cause the pointer to become visible, while normal key events
        will not.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent):
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::requestPointerUnlock):
        (WebCore::PointerLockController::requestPointerUnlockAndForceCursorVisible):
        (WebCore::PointerLockController::documentDetached):
        (WebCore::PointerLockController::didLosePointerLock):
        * page/PointerLockController.h:

        Drive-by fix: apply Darin's feedback to existing functions:

        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        * dom/Element.cpp:
        (WebCore::Element::removedFrom):
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::elementRemoved):
        (WebCore::PointerLockController::documentDetached):


2016-12-06  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for converting dictionaries to JS
        https://bugs.webkit.org/show_bug.cgi?id=165367

        Reviewed by Darin Adler and Alex Christensen.

        - Adds support for converting dictionary types to JSValues via JSDOMConvert.
        - Adopts that functionality to correct the CryptoKeyPair implementation, which
          is supposed to be a dictionary.
          (While doing this, I also update places that were passing both a CryptoKey 
          and CryptoKeyPair to use a Variant, since they always only wanted one.)
        - Re-works DOMPromise and DeferredPromise to be based on JSDOMConvert and IDLTypes.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        Remove JSCryptoKeyPairCustom.cpp and CryptoKeyPair.cpp.

        * Modules/encryptedmedia/legacy/WebKitMediaKeys.cpp:
        * Modules/mediasource/MediaSource.cpp:
        * Modules/mediasource/SourceBuffer.cpp:
        * bindings/js/JSMediaDevicesCustom.cpp:
        * html/MediaController.cpp:
        * html/track/TextTrack.cpp:
        Add some missing includes.

        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::ApplePaySession::canMakePaymentsWithActiveCard):
        (WebCore::ApplePaySession::openPaymentSetup):
        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::text):
        (WebCore::FetchBody::consume):
        (WebCore::FetchBody::loadingFailed):
        * Modules/fetch/FetchBodyConsumer.cpp:
        (WebCore::FetchBodyConsumer::resolveWithData):
        (WebCore::FetchBodyConsumer::resolve):
        * Modules/fetch/FetchBodyOwner.cpp:
        (WebCore::FetchBodyOwner::blob):
        (WebCore::FetchBodyOwner::formData):
        (WebCore::FetchBodyOwner::text):
        * Modules/fetch/FetchResponse.h:
        * Modules/mediastream/MediaDevices.h:
        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::replaceTrack):
        (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::applyConstraints):
        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::setLocalDescription):
        (WebCore::PeerConnectionBackend::setRemoteDescription):
        (WebCore::PeerConnectionBackend::addIceCandidate):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::queuedSetLocalDescription):
        (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
        (WebCore::RTCPeerConnection::queuedAddIceCandidate):
        (WebCore::RTCPeerConnection::replaceTrack):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCRtpSender.cpp:
        (WebCore::RTCRtpSender::replaceTrack):
        * Modules/mediastream/RTCRtpSender.h:
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::deny):
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::suspend):
        (WebCore::AudioContext::resume):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::whenDefinedPromise):
        * bindings/js/ScriptModuleLoader.cpp:
        (WebCore::ScriptModuleLoader::resolve):
        (WebCore::ScriptModuleLoader::notifyFinished):
        * css/FontFace.h:
        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::load):
        * css/FontFaceSet.h:
        * dom/CustomElementRegistry.cpp:
        (WebCore::CustomElementRegistry::addElementDefinition):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::rejectPendingPlayPromises):
        * html/HTMLMediaElement.h:
        Update to use new IDLType based promises.

        * bindings/generic/IDLTypes.h:
        Add a new type, ParameterType, to use as the parameter to 
        DOMPromise/DeferredPromise.

        * bindings/js/JSCryptoKeyPairCustom.cpp:
        Removed.

        * bindings/js/JSDOMConvert.h:
        (WebCore::JSConverter<IDLDictionary<T>>::convert):
        Add JSConverter specialization for IDLDictionary. Have it simply forward to a generated 
        convertDictionaryToJS function, following the convention set in place by IDLEnumeration.

        * bindings/js/JSDOMPromise.cpp:
        * bindings/js/JSDOMPromise.h:
        Re-write to be based on IDLTypes and JSDOMConvert, simplifying the implementation.

        * bindings/js/JSSubtleCryptoCustom.cpp:
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        Update for variant based KeyOrKeyPair.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDictionaryHeaderContent):
        (GenerateDictionaryImplementationContent):
        Add generation of the convertDictionaryToJS function. I made it require the JSGenerateToJSObject
        extended attribute for now, as the majority of dictionaries do not need this code generated for them.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::convertDictionaryToJS):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/TestObj.idl:
        Add JSGenerateToJSObject to a dictionary to test generation in bindings tests.

        * crypto/CryptoAlgorithm.h:
        Change KeyOrKeyPairCallback to take a Variant<RefPtr<CryptoKey>, CryptoKeyPair>, rather
        than two separate arguments.

        * crypto/CryptoKeyPair.cpp:
        Removed.

        * crypto/CryptoKeyPair.h:
        Convert to a struct.

        * crypto/CryptoKeyPair.idl:
        Convert to a dictionary.

        * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::generateKey):
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::generateKey):
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::generateKey):
        * crypto/keys/CryptoKeyRSA.h:
        * crypto/mac/CryptoKeyRSAMac.cpp:
        (WebCore::CryptoKeyRSA::generatePair):
        Update for new signature of KeyOrKeyPairCallback.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Reject invalid hex colors on the fast path
        https://bugs.webkit.org/show_bug.cgi?id=165461

        Reviewed by Zalan Bujtas.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::fastParseColorInternal):
        Make sure to check for success. There was even a FIXME in the code about this!
        Matches our old parser's behavior.

2016-12-05  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Controls bar in fullscreen cannot be dragged
        https://bugs.webkit.org/show_bug.cgi?id=165448

        Reviewed by Simon Fraser.

        We weren't listening to mousemove and mouseup events on the right event target, window in the context
        of a fullscreen shadow root makes no sense. We now listen to those events on the media controls, which
        we size to fit the whole of the media element's bounds. We then apply a transform to the controls bar
        to apply the dragging distance.

        Test: media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-drag.html

        * Modules/modern-media-controls/controls/controls-bar.js:
        (ControlsBar.prototype.get translation):
        (ControlsBar.prototype.set translation):
        (ControlsBar.prototype.commitProperty):
        (ControlsBar): Deleted.
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css:
        (.media-controls.mac.fullscreen):
        (.media-controls.mac.fullscreen > .controls-bar):
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype._handleMousedown):
        (MacOSFullscreenMediaControls.prototype._handleMousemove):
        (MacOSFullscreenMediaControls.prototype._handleMouseup):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Allow calc in SVG attributes
        https://bugs.webkit.org/show_bug.cgi?id=165459

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::consumeLength):

2016-12-05  Brady Eidson  <beidson@apple.com>

        Build fix followup to r209379:

        STP 19 fails to launch on 16B255
        https://bugs.webkit.org/show_bug.cgi?id=165388
        -and corresponding-
        rdar://problem/29514476

        Rubberstamped by Tim Horton.

        No new tests (No behavior change).

        * platform/spi/cocoa/NSTouchBarSPI.h: Strategically relocate NS_ASSUME_NONNULL* macros.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure the SVGPaint URI and currentColor style still paints using the URI
        https://bugs.webkit.org/show_bug.cgi?id=165457

        Reviewed by Zalan Bujtas.

        * rendering/svg/SVGResources.cpp:
        (WebCore::paintingResourceFromSVGPaint):
        Add support for this paint type. The old parser doesn't use it.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix dashboard region parsing
        https://bugs.webkit.org/show_bug.cgi?id=165456

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeWebkitDashboardRegion):
        Make sure to reject whitespace by itself as well as unclosed dashboard-region functions.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Properly reject large numeric values
        https://bugs.webkit.org/show_bug.cgi?id=165455

        Reviewed by Zalan Bujtas.

        The new parser clamped numeric values in both the slow and fast paths to the max
        and min float values. The old parser simply allowed the values to be inf, and then
        had std::isinf checks to reject.

        Blink rejects also even though it clamps, but I could not discern the mechanism by
        which they did so. Therefore I am changing the new parser to exactly match the old
        parser. Numeric values are no longer clamped, but instead are allowed to be inf, and
        isinf checks now exist in the new parser in the same places they do in the old parser.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::parseSimpleLength):
        (WebCore::parseSimpleLengthValue):
        * css/parser/CSSParserToken.cpp:
        (WebCore::CSSParserToken::CSSParserToken):
        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::consumeLength):
        (WebCore::CSSPropertyParserHelpers::consumePercent):

2016-12-05  Ricky Mondello  <rmondello@apple.com>

        STP 19 fails to launch on 16B255
        https://bugs.webkit.org/show_bug.cgi?id=165388
        -and corresponding-
        rdar://problem/29514476

        Reviewed by Tim Horton.

        * platform/spi/cocoa/NSTouchBarSPI.h: Re-declare the SPI symbols as weak. The cited crash itself is for a
            symbol we weren't handling here, but is part of the same group. Re-declare all four of these symbols to
            be safe.

2016-12-05  Antoine Quint  <graouts@apple.com>

        ERROR: post-layout: dirty renderer(s) - Encountered with LayoutTest media/modern-media-controls/media-controller/media-controller-fullscreen-ltr.html
        https://bugs.webkit.org/show_bug.cgi?id=165312

        Reviewed by Simon Fraser.

        Reverting part of the code added in https://bugs.webkit.org/show_bug.cgi?id=165287 that triggered
        an assertion. We go back to removing previous media controls as we add new ones when the fullscreen
        status changes, and simply hide the controls during the animated transition using a CSS pseudo-class.
        This also fixes an issue where we wouldn't have removed the previous controls should we have entered
        fullscreen in a different way than clicking on the fullscreen button in the media controls.

        We restore testing coverage that was fixed due to this assertion.

        * Modules/modern-media-controls/controls/media-controls.css:
        (:host(:-webkit-animating-full-screen-transition) .media-controls):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.fadeIn):
        (MediaControls.prototype.presentInElement): Deleted.
        * Modules/modern-media-controls/media/fullscreen-support.js:
        (FullscreenSupport.prototype.buttonWasClicked):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._updateControlsIfNeeded):

2016-12-05  Dean Jackson  <dino@apple.com>

        MediaDocuments crash with modern media controls
        https://bugs.webkit.org/show_bug.cgi?id=165446
        <rdar://problem/29524959>

        Reviewed by Antoine Quint.

        The modern media controls inject a <style> element into
        the document, which exposed a bug when used in MediaDocuments.
        Such documents were not getting a charset, and the hash table
        for the CSSParserContexts was crashing.

        Test: media/modern-media-controls/media-documents/insert-style-should-not-crash.html

        * css/parser/CSSParserMode.h: Guard against an empty charset.
        (WebCore::CSSParserContextHash::hash):
        * dom/InlineStyleSheetOwner.cpp: Ask for the charset with fallback.
        (WebCore::parserContextForElement):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] shape-rendering supports crispEdges rather than crisp-edges
        https://bugs.webkit.org/show_bug.cgi?id=165443

        Reviewed by Tim Horton.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support setting of custom properties from the CSS OM
        https://bugs.webkit.org/show_bug.cgi?id=165442

        Reviewed by Tim Horton.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseCustomPropertyValue):
        Call in to a new function in CSSParserImpl that can handle
        custom property parsing.

        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parseCustomPropertyValue):
        New function that is similar to parseValue, but handling custom
        properties.

        (WebCore::CSSParserImpl::consumeDeclaration):
        (WebCore::CSSParserImpl::consumeCustomPropertyValue):
        (WebCore::CSSParserImpl::consumeVariableValue): Deleted.
        * css/parser/CSSParserImpl.h:
        Rename consumeVariableValue to consumeCustomPropertyValue, since that
        is more clear. consumeVariableValue sounds like you might be resolving
        a variable reference rather than parsing a custom property's value.

2016-12-05  Tim Horton  <timothy_horton@apple.com>

        Adopt CAMachPort-as-layer-contents
        https://bugs.webkit.org/show_bug.cgi?id=141687
        <rdar://problem/19393233>

        Reviewed by Darin Adler.

        No new tests, just a performance bump.

        * platform/spi/cocoa/QuartzCoreSPI.h:
        Add some SPI.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] calcs on column-width that resolve to 0 should be discarded
        https://bugs.webkit.org/show_bug.cgi?id=165439

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeColumnWidth):

2016-12-05  Dean Jackson  <dino@apple.com>

        pointer lock needs to be feature detectable
        https://bugs.webkit.org/show_bug.cgi?id=165426
        <rdar://problem/29486715>

        Reviewed by Antoine Quint.

        Annotate the public-facing API for pointer-lock, so
        that it is hidden when not available.

        Also move the Setting to a RuntimeEnabledFeature, since
        pointer-lock is exposed from WebKit as a feature.

        Tests: pointer-lock/pointerlock-interface-disabled.html
               pointer-lock/pointerlock-interface.html

        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setPointerLockEnabled):
        (WebCore::RuntimeEnabledFeatures::pointerLockEnabled):
        * dom/Document.idl:
        * dom/Element.idl:
        * page/PointerLockController.cpp:
        (WebCore::PointerLockController::requestPointerLock):
        (WebCore::PointerLockController::requestPointerUnlock):
        * page/Settings.in:

2016-12-05  Keith Rollin  <krollin@apple.com>

        Reduce number of platformMemoryUsage calls
        https://bugs.webkit.org/show_bug.cgi?id=164375

        Reviewed by Darin Adler.

        Removed the calls to WTF::releaseFastMallocFreeMemory (it's already
        called elsewhere in the free-all-memory pipeline) and
        malloc_zone_pressure_relief (it should be called by the OS on its own
        terms).

        No new tests -- no new or changed features.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::ReliefLogger::platformMemoryUsage):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Leave the Animation type alone when the property is invalid
        https://bugs.webkit.org/show_bug.cgi?id=165418

        Reviewed by Dean Jackson.

        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::mapAnimationProperty):

2016-12-05  Antti Koivisto  <antti@apple.com>

        keyframes do not work when defined inside a style in a shadowRoot
        https://bugs.webkit.org/show_bug.cgi?id=164608
        <rdar://problem/29210251>

        Reviewed by Darin Adler.

        With :host and ::slotted rules a keyframe animation affecting an element can be
        defined in a style scope different from the element's own scope. Style resolver
        loses the scope information when building the RenderStyle so there is no way
        to find out the correct scope.

        Fix by passing style scope through to style builder and including a scope association
        with the animation name. Find the correct scope when resolving keyframes.

        Test: fast/shadow-dom/shadow-host-animation.html

        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::mapAnimationName):

            Include scope with the name.

        * css/ElementRuleCollector.cpp:
        (WebCore::MatchRequest::MatchRequest):
        (WebCore::ElementRuleCollector::addMatchedRule):
        (WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
        (WebCore::ElementRuleCollector::matchAuthorRules):
        (WebCore::ElementRuleCollector::matchAuthorShadowPseudoElementRules):
        (WebCore::ElementRuleCollector::matchHostPseudoClassRules):
        (WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):
        (WebCore::ElementRuleCollector::collectMatchingRulesForList):

            Replace treeContextOrdinal int with Style::ScopeOrdinal enum carrying the same information.
            Simplify the code removing unnecessary use of MatchRequest struct.

        (WebCore::compareRules):
        * css/ElementRuleCollector.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::MatchResult::addMatchedProperties):
        (WebCore::StyleResolver::CascadedProperties::setPropertyInternal):
        (WebCore::StyleResolver::CascadedProperties::set):
        (WebCore::StyleResolver::CascadedProperties::setDeferred):

            Pass styleScopeOrdinal through the cascade mechanism

        (WebCore::cascadeLevelForIndex):
        (WebCore::StyleResolver::CascadedProperties::addMatch):
        (WebCore::StyleResolver::CascadedProperties::addImportantMatches):
        (WebCore::StyleResolver::CascadedProperties::Property::apply):

            Set styleScopeOrdinal in State when applying style.

        (WebCore::StyleResolver::CascadedProperties::addStyleProperties): Deleted.

            Move the code to the only caller.

        * css/StyleResolver.h:
        (WebCore::StyleResolver::State::styleScopeOrdinal):
        (WebCore::StyleResolver::State::setStyleScopeOrdinal):
        * page/animation/CompositeAnimation.cpp:
        (WebCore::KeyframeAnimation::KeyframeAnimation):
        (WebCore::KeyframeAnimation::resolveKeyframeStyles):

            Find the correct scope for resolving keyframes based on the scope ordinal.

        * platform/animation/Animation.cpp:
        * platform/animation/Animation.h:

            Add m_nameStyleScopeOrdinal that tells the scope where the name is defined.

        * style/StyleScope.cpp:
        (WebCore::Style::Scope::forOrdinal):

            Find the scope for ordinal.

        * style/StyleScope.h:

            Define ScopeOrdinal types.

        (WebCore::Style::operator++):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support glyph-orientation-horizontal and glyph-orientation-vertical
        https://bugs.webkit.org/show_bug.cgi?id=165414

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeGlyphOrientation):
        (WebCore::CSSPropertyParser::parseSingleValue):
        Add support for the glyph-orientation-horizontal and glyph-orientation-vertical
        properties. They take an angle and allow unitless values.

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::consumeAngle):
        Fix a bug in the handling of unitless values for angles. Make sure to
        actually pass in the value instead of always doing 0. Blink does not
        accept unitless values for angles at all, so this is another difference
        to investigate for SVG in the future.

2016-12-05  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r209299.

        This change appears to have caused LayoutTest failures on
        Sierra WK1.

        Reverted changeset:

        "Improve the behavior of scroll-into-view when the target is
        inside position:fixed"
        https://bugs.webkit.org/show_bug.cgi?id=165354
        http://trac.webkit.org/changeset/209299

2016-12-05  Andreas Kling  <akling@apple.com>

        [Cocoa] Add some memory usage related information to sysdiagnose state dumps
        <https://webkit.org/b/165375>
        <rdar://problem/29057243>

        Reviewed by Darin Adler.

        Add a flag to memoryUsageStatistics() to allow gathering of slightly more expensive information.
        This mode is used when capturing a state dump for sysdiagnose.

        The more expensive information added in this patch relates to information about live objects
        and memory on the JavaScript heap.

        * WebCore.xcodeproj/project.pbxproj:
        * page/PerformanceLogging.cpp:
        (WebCore::PerformanceLogging::memoryUsageStatistics):
        (WebCore::PerformanceLogging::javaScriptObjectCounts):
        (WebCore::PerformanceLogging::didReachPointOfInterest):
        * page/PerformanceLogging.h:

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure the transform fast path uses WebKitCSSTransformValue
        https://bugs.webkit.org/show_bug.cgi?id=165399

        Reviewed by Dean Jackson.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::parseTransformTranslateArguments):
        (WebCore::parseTransformNumberArguments):
        (WebCore::parseSimpleTransformValue):
        (WebCore::parseSimpleTransformList):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix calc() with -webkit-line-clamp
        https://bugs.webkit.org/show_bug.cgi?id=165398

        Reviewed by Zalan Bujtas.

        Remove the aggressive token type checking up front, since it was causing calc() to not
        be allowed.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeLineClamp):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support -webkit-text-decoration
        https://bugs.webkit.org/show_bug.cgi?id=165391

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::parseShorthand):

2016-12-05  Beth Dakin  <bdakin@apple.com>

        STP 19 fails to launch on 16B255
        https://bugs.webkit.org/show_bug.cgi?id=165388
        -and corresponding-
        rdar://problem/29514476

        Rubber-stamped by Brady Eidson. 

        * platform/spi/cocoa/NSTouchBarSPI.h:

2016-12-05  Beth Dakin  <bdakin@apple.com>

        STP 19 fails to launch on 16B255
        https://bugs.webkit.org/show_bug.cgi?id=165388
        -and corresponding-
        rdar://problem/29514476

        Reviewed by Tim Horton.

        Speculative fix.
        * platform/spi/cocoa/NSTouchBarSPI.h:

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support the 'alphabetic' keyword for text-underline-position
        https://bugs.webkit.org/show_bug.cgi?id=165387

        Reviewed by Simon Fraser.

        Fixes fast/css3-text/css3-text-decoration/getComputedStyle/getComputedStyle-text-underline-position.html

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix assert when unknown properties are encountered.
        https://bugs.webkit.org/show_bug.cgi?id=165385

        Reviewed by Zalan Bujtas.

        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::mapAnimationProperty):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix rx and ry parsing
        https://bugs.webkit.org/show_bug.cgi?id=165383

        Reviewed by Dean Jackson.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::isSimpleLengthPropertyID):
        rx and ry can be negative in the slow path, so make sure they can be negative in the
        fast path too.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeRxOrRy):
        Disallow auto as a value since we are not equipped to handle it, and it's not clear if it's
        even valid.

2016-12-05  Konstantin Tokarev  <annulen@yandex.ru>

        Add __STDC_FORMAT_MACROS before inttypes.h is included
        https://bugs.webkit.org/show_bug.cgi?id=165374

        We need formatting macros like PRIu64 to be available in all places where
        inttypes.h header is used. All these usages get inttypes.h definitions
        via wtf/Assertions.h header, except SQLiteFileSystem.cpp where formatting
        macros are not used anymore since r185129.

        This patch fixes multiple build errors with MinGW and reduces number of
        independent __STDC_FORMAT_MACROS uses in the code base.

        Reviewed by Darin Adler.

        No new tests needed.

        * platform/sql/SQLiteFileSystem.cpp: Removed unused inttypes.h
        inclusion.

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Properly fail on bad values for -webkit-clip-path
        https://bugs.webkit.org/show_bug.cgi?id=165382

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeBasicShapeOrBox):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] The page-break-* properties are only keyword props for old parser.
        https://bugs.webkit.org/show_bug.cgi?id=165381

        Reviewed by Dean Jackson.

        * css/parser/CSSParser.cpp:
        (WebCore::isKeywordPropertyID):
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isKeywordPropertyID):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Don't use CSS_PARSER_INTEGER unit for resolved integer calcs.
        https://bugs.webkit.org/show_bug.cgi?id=165379

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::CalcParser::consumeNumber):

2016-12-05  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Add parseValue support to new parser. Use new parser for UA sheet too if useNewParser is set.
        https://bugs.webkit.org/show_bug.cgi?id=165376

        Reviewed by Zalan Bujtas.

        * css/StyleColor.cpp:
        (WebCore::StyleColor::isColorKeyword):
        Include system colors when using the fast parseValue path.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::setupParser):
        Add an assert to catch any code path using the old parser when the new parser flag is set.

        (WebCore::CSSParser::parseSheet):
        (WebCore::CSSParser::parseRule):
        (WebCore::CSSParser::parseKeyframeRule):
        (WebCore::CSSParser::parseSupportsCondition):
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseSelector):
        (WebCore::CSSParser::parseDeclaration):
        Patched to use the new parser in UASheetMode as well as other modes when the new parser flag
        is set. parseValue is patched to use the new parser's fast paths and to call into CSSParserImpl's
        parseValue.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::isSimpleLengthPropertyID):
        Support CSSPropertyShapeMargin in the fast path since the old parser did in its fast path.

        (WebCore::parseSimpleLengthValue):
        Don't ever return unitless numbers. If we accept a unitless number, convert the unit to PX still.

        (WebCore::CSSParserFastPaths::parseColor):
        Use the CSSValuePool when creating colors on the fast path.

        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parseValue):
        * css/parser/CSSParserImpl.h:
        Change the return type to be compatible with the old parser's ParseResult flag.

2016-12-05  Konstantin Tokarev  <annulen@yandex.ru>

        Removed MediaPlayerPrivateTaskTimer
        https://bugs.webkit.org/show_bug.cgi?id=165373

        Reviewed by Sam Weinig.

        It is not used anywhere since QTSDK removal in r165476.

        No new tests needed.

        * platform/graphics/win/MediaPlayerPrivateTaskTimer.cpp: Removed.
        * platform/graphics/win/MediaPlayerPrivateTaskTimer.h: Removed.

2016-12-04  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Eliminate in-place lowercasing in the parser.
        https://bugs.webkit.org/show_bug.cgi?id=165368

        Reviewed by Darin Adler.

        Replace the in-place lowercasing that the parser does with new
        mechanisms. In-place lowercasing ruins serialization and doesn't
        work on CSS parsed from static strings. It also has the side effect
        of mutating strings passed in from JavaScript like for querySelectorAll.

        For class/id selectors, we now check if the string is lowercase or not.
        If it contains uppercase ASCII characters, then we allocate the RareData
        for the selector. RareData now has two fields instead of one for the value,
        a matching value (all lowercase in quirks mode), and a serializing value (the
        original string). Because this is done at the CSSSelector level, the old
        parser has been patched as well for these cases.

        In addition, in-place lowercasing was done for pseudo-elements, for
        media query features, and for attr(). In all of these cases we do
        lowercase converting by first checking if it's needed. Serialization will
        not retain the original string in these cases, so we may want to revisit
        these cases in the future and apply a solution similar to what we did for
        selectors.

        * css/CSSGrammar.y.in:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::createRareData):
        (WebCore::CSSSelector::selectorText):
        (WebCore::CSSSelector::RareData::RareData):
        (WebCore::CSSSelector::RareData::~RareData):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::RareData::create):
        (WebCore::CSSSelector::setValue):
        (WebCore::CSSSelector::value):
        (WebCore::CSSSelector::serializingValue):
        * css/MediaQueryExp.cpp:
        (WebCore::MediaQueryExpression::MediaQueryExpression):
        * css/parser/CSSParserToken.cpp:
        (WebCore::convertToASCIILowercaseInPlace): Deleted.
        (WebCore::CSSParserToken::convertToASCIILowercaseInPlace): Deleted.
        * css/parser/CSSParserToken.h:
        * css/parser/CSSParserValues.h:
        (WebCore::CSSParserSelector::setValue):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeAttr):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumeId):
        (WebCore::CSSSelectorParser::consumeClass):
        (WebCore::CSSSelectorParser::consumePseudo):
        * css/parser/MediaQueryParser.cpp:
        (WebCore::MediaQueryParser::readFeature):

2016-12-04  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Fix a build break on EFL since r209303.

        Unreviewed build fix.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::exceptionForSerializationFailure): Add a return in the end of function.

2016-12-03  Dan Bernstein  <mitz@apple.com>

        [Cocoa] Expose InjectedBundlePageEditorClient via the Objective-C bundle SPI
        https://bugs.webkit.org/show_bug.cgi?id=165276
        <rdar://problem/29467040>

        Reviewed by Darin Adler.

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::write): Make sure to put the client data on the pasteboard,
          like we do on macOS.

2016-12-03  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Remove line numbers from StyleRule.
        https://bugs.webkit.org/show_bug.cgi?id=165361

        Reviewed by Simon Fraser.

        StyleRules have a concept of a source line that is eventually passed
        to the inspector. This was only ever used by normal rules, i.e., ones with
        selectors, and set to 0 for all other rules. This line was set to the line number
        at which the end of the selector text occurred.

        Because Inspector already computes the start and end range for the selector
        text, storing a source line on StyleRule ends up being redundant. This patch
        gets rid of the source line and uses the end line of the selector text
        instead.

        * css/CSSGrammar.y.in:
        Remove the code that updates the last seen selector line.

        * css/CSSKeyframeRule.cpp:
        (WebCore::StyleKeyframe::StyleKeyframe):
        * css/CSSKeyframesRule.cpp:
        (WebCore::StyleRuleKeyframes::StyleRuleKeyframes):
        No longer need to pass in a 0 line number.

        * css/StyleRule.cpp:
        (WebCore::StyleRule::StyleRule):
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):
        (WebCore::StyleRuleFontFace::StyleRuleFontFace):
        (WebCore::StyleRuleGroup::StyleRuleGroup):
        (WebCore::StyleRuleCharset::StyleRuleCharset):
        (WebCore::StyleRuleNamespace::StyleRuleNamespace):
        * css/StyleRule.h:
        (WebCore::StyleRuleBase::StyleRuleBase):
        (WebCore::StyleRuleBase::sourceLine): Deleted.
        * css/StyleRuleImport.cpp:
        (WebCore::StyleRuleImport::StyleRuleImport):
        Remove m_sourceLine and change the create methods and constructors to not
        require a line number.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::createStyleRule):
        Line number no longer needed.

        (WebCore::CSSParser::updateLastSelectorLineAndPosition): Deleted.
        * css/parser/CSSParser.h:
        Got rid of the function that tracks and updates the last seen selector line.

        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::consumeStyleRule):
        Fix the rule creation in the new parser to not pass in a 0 line number.

        * inspector/InspectorStyleSheet.cpp:
        (WebCore::buildSourceRangeObject):
        (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
        (WebCore::InspectorStyleSheet::buildObjectForRule):
        * inspector/InspectorStyleSheet.h:
        Patch the methods that build up the selector range to return the end line
        information for selector text so that it can be set as the source line
        for the rule (thus eliminating the need to store the line number on the style
        rule itself).

2016-12-02  Sam Weinig  <sam@webkit.org>

        optional sequence values not handled correctly by binding generator
        https://bugs.webkit.org/show_bug.cgi?id=142562

        Also fixes:
            Remove non-standard postMessage overload
            https://bugs.webkit.org/show_bug.cgi?id=161911
        and
            Wrong argument order in window.postMessage
            https://bugs.webkit.org/show_bug.cgi?id=63141

        Reviewed by Darin Adler.

        * WebCore.xcodeproj/project.pbxproj:
        Remove no longer needed files.

        * bindings/generic/IDLTypes.h:
        * bindings/js/JSDOMConvert.h:
        (WebCore::Converter<IDLObject>::convert):
        Add support for the WebIDL object type.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::createDOMException):
        Add support for throwing stack overflow errors.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::handlePostMessage): Deleted.
        (WebCore::JSDOMWindow::postMessage): Deleted.
        * bindings/js/JSDedicatedWorkerGlobalScopeCustom.cpp: Removed.
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::postMessage): Deleted.
        (WebCore::extractTransferables): Deleted.
        * bindings/js/JSMessagePortCustom.h: Removed.
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::JSWorker::postMessage): Deleted.
        Remove custom bindings for postMessage.

        * bindings/js/SerializedScriptValue.h:
        Switch to using enum class.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::transferArrayBuffers):
        (WebCore::SerializedScriptValue::create):
        Add new create function that takes the transfer list, processes it, and returns
        MessagePorts and SerializedScriptValue / exception.

        (WebCore::CloneBase::throwStackOverflow): Deleted.
        (WebCore::CloneDeserializer::throwValidationError): Deleted.
        Remove uncalled functions.

        * bindings/scripts/CodeGenerator.pm:
        (IsRefPtrType):
        (IsBuiltinType):
        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (GetBaseIDLType):
        Add support for the WebIDL 'object' type.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/TestObj.idl:
        Add tests for 'object'.

        * dom/ExceptionCode.h:
        Add two new ExceptionCodes:
          - ExistingExceptionError, to indicate that implementation code threw a JS exception.
          - StackOverflowError, to indicate that a stack overflow exception should be thrown.

        * dom/MessagePort.cpp:
        (WebCore::MessagePort::postMessage):
        * dom/MessagePort.h:
        * dom/MessagePort.idl:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:
        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::postMessage):
        * workers/DedicatedWorkerGlobalScope.h:
        * workers/DedicatedWorkerGlobalScope.idl:
        * workers/Worker.cpp:
        (WebCore::Worker::postMessage):
        * workers/Worker.h:
        * workers/Worker.idl:
        Update to call new SerializedScriptValue create function.

2016-12-03  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support Dashboard Regions
        https://bugs.webkit.org/show_bug.cgi?id=165357

        Reviewed by Daniel Bates.

        * css/CSSValueKeywords.in:
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeWebkitDashboardRegion):
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-12-02  Simon Fraser  <simon.fraser@apple.com>

        Improve the behavior of scroll-into-view when the target is inside position:fixed
        https://bugs.webkit.org/show_bug.cgi?id=165354

        Reviewed by Zalan Bujtas.
        
        The existing RenderLayer::scrollRectToVisible() code paid no heed to whether the 
        target was inside position:fixed, resulting in unwanted scrolls.
        
        Fix this by plumbing through from the call sites a "insideFixed" flag which we get
        when we call localToAbsolute(), and use this flag to avoid scrolling at all if
        unzoomed.
        
        If zoomed and we're focussing something inside position:fixed, and if visual viewports
        are enabled, we can compute the visual viewport required to reveal the target rect,
        which gives us the ideal scroll position.
        
        Fix a bug on non-iOS platforms when zoomed, which is to scale the viewRect since
        frameView.visibleContentRect() gives an unscaled rect on those platforms.
        
        Not all callers of scrollRectToVisible() are fixed, but those that are not will get
        the current behavior.

        Tests: fast/overflow/scroll-anchor-in-position-fixed.html
               fast/visual-viewport/zoomed-scroll-into-view-fixed.html
               fast/visual-viewport/zoomed-scroll-to-anchor-in-position-fixed.html

        * dom/Element.cpp:
        (WebCore::Element::scrollIntoView):
        (WebCore::Element::scrollIntoViewIfNeeded):
        (WebCore::Element::scrollIntoViewIfNotVisible):
        (WebCore::Element::updateFocusAppearance):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::FrameSelection):
        (WebCore::FrameSelection::absoluteCaretBounds):
        (WebCore::FrameSelection::recomputeCaretRect):
        (WebCore::FrameSelection::revealSelection):
        * editing/FrameSelection.h:
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::absoluteCaretBounds):
        * editing/VisiblePosition.h:
        * editing/htmlediting.cpp:
        (WebCore::absoluteBoundsForLocalCaretRect):
        * editing/htmlediting.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollElementToRect):
        (WebCore::FrameView::scrollToAnchor):
        * page/PrintContext.cpp:
        (WebCore::PrintContext::outputLinkedDestinations):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getLeadingCorner):
        (WebCore::RenderElement::getTrailingCorner):
        (WebCore::RenderElement::absoluteAnchorRect):
        (WebCore::RenderElement::anchorRect): Renamed to absoluteAnchorRect().
        * rendering/RenderElement.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):
        (WebCore::RenderLayer::getRectToExpose):
        (WebCore::RenderLayer::autoscroll):
        * rendering/RenderLayer.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::scrollRectToVisible):
        * rendering/RenderObject.h:

2016-11-30  Simon Fraser  <simon.fraser@apple.com>

        localToAbsolute() does incorrect conversion for elements inside position:fixed with zooming
        https://bugs.webkit.org/show_bug.cgi?id=165244

        Reviewed by Zalan Bujtas.
        
        RenderView::mapLocalToContainer() and RenderView::mapAbsoluteToLocalPoint() handle the coordinate
        mapping through the RenderView's transform (when zoomed), and apply the scroll offset for position:fixed
        elements.
        
        They did this in the wrong order; "local to absolute" applied the zoom scale, and then adjusted for the scroll position,
        and "absolute to local" applied the scroll position and then the transform.
        
        However that scroll position adjustment should be in unzoomed coordinates, since it's accounting for the
        layout adjustment that position:fixed receives (which actually occurs via the localToAbsolute() call
        in RenderLayer's accumulateOffsetTowardsAncestor()). "local to absolute" should therefore apply the scroll
        adjustment first before the transform, and "absolute to local" the reverse.
        
        In both visual viewport mode, and legacy drifty fixed mode FrameView::scrollPositionForFixedPosition()
        returns a scroll offset that is unaffected by zoom, which is correct and confirms this change.
        
        [Confusingly, ScrollView scroll positions _are_ affected by zoom, as the entire document gets bigger.]
        
        RenderGeometryMap::mapToContainer(), which is an optimization on top of RenderView::mapLocalToContainer(),
        gets a similar fix.
        
        Test: fast/zooming/client-rect-in-fixed-zoomed.html

        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::mapToContainer):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::mapLocalToContainer):
        (WebCore::RenderView::mapAbsoluteToLocalPoint):

2016-12-02  Simon Fraser  <simon.fraser@apple.com>

        Put names on layers in release builds
        https://bugs.webkit.org/show_bug.cgi?id=165347

        Reviewed by Tim Horton.

        Put names on GraphicsLayers (and therefore CALayers) in release builds. Release names
        are a simpler, truncated version of debug names, with <tagname> id class names.

        Non-primary layer names converted to lowercase and "layer" removed.

        Fix comments that refer to gdb.

        Use ENABLE(TREE_DEBUGGING) in more places.

        * dom/Node.h:
        * dom/Position.h:
        * dom/Range.h:
        * editing/FrameSelection.h:
        * editing/VisiblePosition.h:
        * editing/VisibleSelection.h:
        * history/HistoryItem.h:
        * page/FrameTree.h:
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::setName):
        (WebCore::GraphicsLayerCA::setContentsToSolidColor):
        (WebCore::GraphicsLayerCA::updateNames):
        (WebCore::GraphicsLayerCA::updateBackdropFilters):
        (WebCore::GraphicsLayerCA::updateContentsImage):
        (WebCore::GraphicsLayerCA::updateClippingStrategy):
        (WebCore::GraphicsLayerCA::updateContentsRects):
        (WebCore::GraphicsLayerCA::changeLayerTypeTo):
        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::tileGridContainerLayerName):
        (WebCore::TileController::zoomedOutTileGridContainerLayerName):
        (WebCore::TileController::createTileLayer):
        * rendering/CounterNode.h:
        * rendering/InlineBox.h:
        * rendering/InlineFlowBox.h:
        * rendering/RenderCounter.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::name):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createGraphicsLayer):
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
        (WebCore::RenderLayerBacking::updateAncestorClippingLayer):
        (WebCore::RenderLayerBacking::updateDescendantClippingLayer):
        (WebCore::RenderLayerBacking::updateForegroundLayer):
        (WebCore::RenderLayerBacking::updateBackgroundLayer):
        (WebCore::RenderLayerBacking::updateMaskingLayer):
        (WebCore::RenderLayerBacking::updateChildClippingStrategy):
        (WebCore::RenderLayerBacking::updateScrollingLayers):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateLayerForTopOverhangArea):
        (WebCore::RenderLayerCompositor::updateLayerForBottomOverhangArea):
        (WebCore::RenderLayerCompositor::updateLayerForHeader):
        (WebCore::RenderLayerCompositor::updateLayerForFooter):
        (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
        (WebCore::RenderLayerCompositor::ensureRootLayer):
        * rendering/RenderObject.h:

2016-12-02  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Update the media controls size as the media element is resized
        https://bugs.webkit.org/show_bug.cgi?id=165346

        Reviewed by Dean Jackson.

        The "resize" event dispatched by HTMLMediaElement indicates a change in the media's
        intrinsic size, while the "resize" event dispatched by the HTMLMediaElement's ShadowRoot
        indicates that the layout size of the media element has changed. We now use the latter.

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        (MediaController.prototype.handleEvent):

2016-12-02  Andy Estes  <aestes@apple.com>

        [Cocoa] Adopt the PRODUCT_BUNDLE_IDENTIFIER build setting
        https://bugs.webkit.org/show_bug.cgi?id=164492

        Reviewed by Dan Bernstein.

        * Configurations/WebCore.xcconfig: Set PRODUCT_BUNDLE_IDENTIFIER to
        com.apple.$(PRODUCT_NAME:rfc1034identifier).
        * Info.plist: Changed CFBundleIdentifier's value from com.apple.${PRODUCT_NAME} to
        ${PRODUCT_BUNDLE_IDENTIFIER}.

2016-12-02  Chris Dumez  <cdumez@apple.com>

        HTML Interactive Form Validation popovers do not show in iOS WKWebViews
        https://bugs.webkit.org/show_bug.cgi?id=165340
        <rdar://problem/29489966>

        Reviewed by Simon Fraser.

        HTML Interactive Form Validation popovers do not show in iOS WKWebViews,
        only in MobileSafari. To address the issue try to find an appropriate
        UIViewController to present the popover when the client does not provide
        a presenting view controller.

        * platform/ValidationBubble.h:
        * platform/ios/ValidationBubbleIOS.mm:
        (WebCore::fallbackViewController):
        (WebCore::ValidationBubble::setAnchorRect):
        * platform/spi/ios/UIKitSPI.h:

2016-12-02  Zalan Bujtas  <zalan@apple.com>

        Remove redundant LayoutUnit conversions.
        https://bugs.webkit.org/show_bug.cgi?id=165338

        Reviewed by Simon Fraser.

        RenderBlockFlow::computeColumnCountAndWidth has some redundant LayoutUnti <-> unsigned conversions.

        No change in functionality.

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::computeColumnCountAndWidth):

2016-12-02  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Add rewind and fast-forward support
        https://bugs.webkit.org/show_bug.cgi?id=165294

        Reviewed by Dean Jackson.

        We implement support for rewinding and fast-forwarding the media by pressing dedicated
        buttons in fullscreen on macOS. We introduce a new SeekButton class that the existing
        RewindButton and ForwardButton classes now extend and which provides handling of
        "mousedown" and "mouseup" events to indicate that a button is being pressed to the
        UI delegate.

        We also introduce a new SeekSupport class from which SeekBackwardSupport and
        SeekForwardSupport inherit to integrate with those controls and update the media
        time.

        Tests: media/modern-media-controls/layout-node/layout-node-parent-of-type.html
               media/modern-media-controls/seek-backward-support/seek-backward-support.html
               media/modern-media-controls/seek-forward-support/seek-forward-support.html

        * Modules/modern-media-controls/controls/forward-button.js:
        * Modules/modern-media-controls/controls/layout-node.js:
        (LayoutNode.prototype.parentOfType):
        * Modules/modern-media-controls/controls/rewind-button.js:
        * Modules/modern-media-controls/controls/seek-button.js: Added.
        (SeekButton):
        (SeekButton.prototype.handleEvent):
        (SeekButton.prototype._didStartPressing):
        (SeekButton.prototype._didStopPressing):
        (SeekButton.prototype._notifyDelegateOfPressingState):
        * Modules/modern-media-controls/js-files:
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._updateControlsIfNeeded):
        * Modules/modern-media-controls/media/seek-backward-support.js: Added.
        (SeekBackwardSupport.prototype.get control):
        (SeekBackwardSupport.prototype.get multiplier):
        (SeekBackwardSupport):
        * Modules/modern-media-controls/media/seek-forward-support.js: Added.
        (SeekForwardSupport.prototype.get control):
        (SeekForwardSupport.prototype.get multiplier):
        (SeekForwardSupport):
        * Modules/modern-media-controls/media/seek-support.js: Added.
        (SeekSupport.prototype.get multiplier):
        (SeekSupport.prototype.buttonPressedStateDidChange):
        (SeekSupport.prototype._startSeeking):
        (SeekSupport.prototype._stopSeeking):
        (SeekSupport.prototype._seek):
        (SeekSupport):
        * WebCore.xcodeproj/project.pbxproj:

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Need to set edit flags properly when user-modify/select are used.
        https://bugs.webkit.org/show_bug.cgi?id=165334

        Reviewed by Dean Jackson.

        The old parser calls parserSetUsesStyleBasedEditability on
        StyleSheetContents* from inside isValidKeywordPropertyAndValue. This
        is pretty lame, but we have to do the same in order to pass editing
        layout tests.

        All of the functions below have been patched with the sole purpose of
        propagating StyleSheetContents* through to isValidKeywordPropertyAndValue
        in the new parser.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseValueWithVariableReferences):
        * css/parser/CSSParser.h:
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        (WebCore::parseKeywordValue):
        (WebCore::CSSParserFastPaths::maybeParseValue):
        * css/parser/CSSParserFastPaths.h:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::consumeDeclarationValue):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::CSSPropertyParser):
        (WebCore::CSSPropertyParser::parseValue):
        (WebCore::CSSPropertyParser::parseSingleValue):
        (WebCore::CSSPropertyParser::parseFontFaceDescriptor):
        (WebCore::CSSPropertyParser::consumeFont):
        (WebCore::CSSPropertyParser::parseShorthand):
        * css/parser/CSSPropertyParser.h:

2016-12-02  Beth Dakin  <bdakin@apple.com>

        REGRESSION (r208802): TouchBar pause button doesn't work
        https://bugs.webkit.org/show_bug.cgi?id=165333
        -and corresponding-
        rdar://problem/29487187

        Reviewed by Wenson Hsieh.

        The previous code got this right by using self.playing. _playing was totally un-
        used, so this patch just removes it.

        * platform/mac/WebPlaybackControlsManager.h:
        * platform/mac/WebPlaybackControlsManager.mm:
        (-[WebPlaybackControlsManager setPlaying:]):

2016-12-02  John Wilander  <wilander@apple.com>

        Require preflight for non-standard CORS-safelisted request headers Accept, Accept-Language, and Content-Language
        https://bugs.webkit.org/show_bug.cgi?id=165178
        <rdar://problem/18792250>

        Reviewed by Youenn Fablet.

        Fetch currently only restricts the header Content-Type for simple requests:
        https://fetch.spec.whatwg.org/#cors-safelisted-request-header

        This means simple CORS requests can send unexpected characters in Accept, 
        Accept-Language, and Content-Language header values.

        RFC 7231 implies restrictions on these header values:
        - Accept https://tools.ietf.org/html/rfc7231#section-5.3.2
        - Accept-Language https://tools.ietf.org/html/rfc7231#section-5.3.5
        - Content-Language https://tools.ietf.org/html/rfc7231#section-3.1.3.2

        As per discussions in the W3C WebAppSec group we should try to restrict 
        these header values to help protect servers that do not expect simple CORS 
        requests.

        Non-standard, safelisted header values should trigger a preflight and require
        the headers to be whitelisted in the response's Access-Control-Allow-Headers.
        For Fetch in no-cors mode this change means non-standard header values are not
        allowed to be set.

        Test: http/tests/xmlhttprequest/cors-non-standard-safelisted-headers-should-trigger-preflight.html

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::isSimpleCrossOriginAccessRequest):
            Now calls WebCore::isCrossOriginSafeRequestHeader() instead of
            WebCore::isOnAccessControlSimpleRequestHeaderWhitelist().
        (WebCore::isOnAccessControlSimpleRequestHeaderWhitelist): Deleted.
            It was a duplicate of WebCore::isCrossOriginSafeRequestHeader().
        * loader/CrossOriginAccessControl.h:
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCacheItem::allowsCrossOriginHeaders):
            Now calls WebCore::isCrossOriginSafeRequestHeader() instead of
            WebCore::isOnAccessControlSimpleRequestHeaderWhitelist().
        * platform/network/HTTPParsers.cpp:
        (WebCore::isValidAcceptHeaderValue):
            Basic check that the characters are all ASCII alphanumeric, ' ', '*', '.',
            '/', ';', or '='.
        (WebCore::isValidLanguageHeaderValue):
            Basic check that the characters are all ASCII alphanumeric, ' ', '*', '-',
            '.', ';', or '='.
        (WebCore::isSimpleHeader):
            Removed duplicate code. Now calls WebCore::isCrossOriginSafeRequestHeader().
        (WebCore::isCrossOriginSafeRequestHeader):
            Now makes a call to WebCore::isValidAcceptHeaderValue() for Accept
            headers and WebCore::isValidLanguageHeaderValue() for Accept-Language
            and Content-Language headers.
        * platform/network/HTTPParsers.h:

2016-12-02  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: flowThread->regionInRange(region, startRegion, endRegion) in WebCore::RenderBox::borderBoxRectInRegion
        https://bugs.webkit.org/show_bug.cgi?id=152113
        <rdar://problem/27720221>

        Reviewed by David Hyatt.

        In a nested column context, do not process a spanner if it belongs to an inner column.

        While populating a flow, we search for possible spanners and construct multicolumnsets accordingly.
        However due to the top-down nature of populating flows, a descendant spanner could belong to an inner
        flow which hasn't been populated yet.
        This patch checks if a potential spanner has an ancestor (which is also a descendant
        of the flow that we are populating -> nested) that will eventually create a flow context. 

        Test: fast/multicol/assert-with-nested-columns-and-spanner.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::computeColumnCountAndWidth):
        (WebCore::RenderBlockFlow::willCreateColumns):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::isValidColumnSpanner):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure the z-component of transform-origin can be implicit
        https://bugs.webkit.org/show_bug.cgi?id=165326

        Reviewed by Tim Horton.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeTransformOrigin):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix :any/:host to allow pseudo-elements. Support -webkit-border-radius.
        https://bugs.webkit.org/show_bug.cgi?id=165323

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::parseShorthand):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumePseudo):

2016-12-02  Chris Dumez  <cdumez@apple.com>

        [iOS] Tapping on an HTML validation bubble should dismiss it
        https://bugs.webkit.org/show_bug.cgi?id=165122
        <rdar://problem/29429372>

        Reviewed by Simon Fraser.

        Tapping on an HTML validation bubble should dismiss it. Previously it did
        nothing.

        No new tests, I tried writing one but the validation popover does not
        show in the simulator, only on device. I believe at least one reason is that
        _presentingViewControllerForWebView() is required and is currently not
        implemented by WKTR. I'll look into this issue separately.

        * platform/ValidationBubble.h:
        * platform/ios/ValidationBubbleIOS.mm:
        (-[WebValidationBubbleTapRecognizer initWithPopoverController:withPopoverView:]):
        (-[WebValidationBubbleTapRecognizer dismissPopover]):
        (WebCore::ValidationBubble::ValidationBubble):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Add support for the SVG 'kerning' property
        https://bugs.webkit.org/show_bug.cgi?id=165315

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeKerning):
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-12-02  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove support for the 'Nondeterministic' extended attribute
        https://bugs.webkit.org/show_bug.cgi?id=165307

        Reviewed by Chris Dumez.

        We are not currently using the WebReplay functionality that the Nondeterministic
        extended attribute is intended to aide. If we come back to WebReplay in the future,
        we can bring it back.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateImplementationFunctionCall):
        (GetNativeTypeForMemoization): Deleted.
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp: Removed.
        * bindings/scripts/test/JS/JSTestNondeterministic.h: Removed.
        * bindings/scripts/test/TestNondeterministic.idl: Removed.
        * page/Navigator.idl:
        * page/Screen.idl:

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support the -webkit-letterpress value for text-decoration
        https://bugs.webkit.org/show_bug.cgi?id=165313

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeTextDecorationLine):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix the color-gamut media query evaluator
        https://bugs.webkit.org/show_bug.cgi?id=165309

        Reviewed by Zalan Bujtas).

        * css/MediaQueryEvaluator.cpp:
        (WebCore::colorGamutEvaluate):
        Unknown values should result in a failed match, not a successful match.

2016-12-02  Darin Adler  <darin@apple.com>

        Remove use of WebCore::Dictionary in MediaSession
        https://bugs.webkit.org/show_bug.cgi?id=165296

        Reviewed by Chris Dumez.

        I am not exactly sure of the status of this code. When I enabled it to test my
        changes it did not compile until I fixed some things, and it's far out of date
        of the latest draft of the Media Session Standard. But despite that I updated it.

        * DerivedSources.make: Removed a line that was breaking the build for some
        configurations, perhaps only for programmers from Apple, after r209198.

        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::MediaSession): Fixed so it compiles.
        (WebCore::MediaSession::setMetadata): Changed argument to use a struct rather
        htan a WebCore::Dictionary.
        * Modules/mediasession/MediaSession.h: Added a Metadata struct, and used it.
        Also fixed the arguments to the constructor.
        * Modules/mediasession/MediaSession.idl: Added MediaMetadata and used it instead
        of Dictionary.

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure margin and font set the implicit flag properly
        https://bugs.webkit.org/show_bug.cgi?id=165306

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeFont):
        (WebCore::CSSPropertyParser::consume4Values):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure the templatized consumeIdent uses CSSValuePool
        https://bugs.webkit.org/show_bug.cgi?id=165302

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParserHelpers.h:
        (WebCore::CSSPropertyParserHelpers::consumeIdent):

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix font-variant parsing 
        https://bugs.webkit.org/show_bug.cgi?id=165301

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontVariantEastAsian):
        (WebCore::CSSPropertyParser::consumeFontVariantShorthand):
        Fix a bug with font-variant-east-asian parsing where the id
        was getting improperly consumed even when it didn't match.

2016-12-02  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix animation property parsing
        https://bugs.webkit.org/show_bug.cgi?id=165305

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeAnimationPropertyList):
        Match the old parser by only creating a list for animation properties if there
        are two or more comma-separated values. Otherwise just return the CSSValue for
        the singleton without creating a list.

2016-12-02  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Fix build break when disabling some features.
        https://bugs.webkit.org/show_bug.cgi?id=165254

        Reviewed by Michael Catanzaro.

        If we disable SVG_FONTS or XSLT, then
        WebCore::CachedResource::isCORSSameOrigin() would have assertions
        on non-existent members. These should be isolated within "#if" as
        the other places.

        If we're in DEVELOPER_MODE but did not provide
        TEST_HYPHENATAION_PATH, then we must mark UNUSED_PARAM() if we're
        not on GTK port (ie: EFL).

        No new tests as this is a build fix.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::isCORSSameOrigin):
         - missing #if ENABLED(SVG_FONTS)
         - missing #if ENABLED(XSLT)
        * platform/text/hyphen/HyphenationLibHyphen.cpp:
        (WebCore::scanTestDictionariesDirectoryIfNecessary):
         - missing UNUSED_PARAM()


2016-12-02  Miguel Gomez  <magomez@igalia.com>

        [GTK] Use an OpenGL < 3.0 compliant way to request the OpenGL version
        https://bugs.webkit.org/show_bug.cgi?id=165253

        Reviewed by Carlos Garcia Campos.

        Use glGetString(GL_VERSION) to get the OpenGL version, as glGetIntegerv with GL_MAJOR_VERSION
        and GL_MINOR_VERSION is only supported from 3.0 on.

        Covered by existent tests.

        * platform/graphics/GLContext.cpp:
        (WebCore::GLContext::version):

2016-12-02  Alex Christensen  <achristensen@webkit.org>

        Fix WinCairo build after r208997
        https://bugs.webkit.org/show_bug.cgi?id=165283

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/GLContext.cpp:
        glGetIntegerv is defined in gl2.h.
        GL_MAJOR_VERSION is defined in gl3.h.
        These are not included in the WinCairo build.

2016-11-30  Darin Adler  <darin@apple.com>

        Stop using WebCore::Dictionary in bindings for Fetch
        https://bugs.webkit.org/show_bug.cgi?id=165241

        Reviewed by Chris Dumez.

        * Modules/fetch/DOMWindowFetch.idl: Use RequestInit instead of Dictionary.
        No effect on code generated since this is a JSBuiltin.

        * Modules/fetch/FetchRequest.cpp:
        (WebCore::setReferrerPolicy): Deleted. Bindings handle this now.
        (WebCore::setMode): Ditto.
        (WebCore::setCredentials): Ditto.
        (WebCore::setCache): Ditto.
        (WebCore::setRedirect): Ditto.
        (WebCore::setReferrer): Changed argument from Dictionary to String.
        (WebCore::buildOptions): Changed argument from Dictionary to FetchRequest::Init,
        and simplified the code accordingly.
        (WebCore::FetchRequest::initializeOptions): Ditto.
        (WebCore::FetchRequest::initializeWith): Ditto.
        * Modules/fetch/FetchRequest.h: Updated for above changes. Also added the Init struct.

        * Modules/fetch/FetchRequest.idl: Added missing "only-if-cached" value to RequestCache.
        Added RequestInit dictionary and used it instead of Dictionary. Used more-specific string
        types for the method and referrer attributes; no effect at runtime, since the code for
        getters is the same for ByteString, USVString, and DOMString and these are read-only.

        * Modules/fetch/WorkerGlobalScopeFetch.idl: Use RequestInit instead of Dictionary.
        No effect on code generated since this is a JSBuiltin.

2016-12-01  Jiewen Tan  <jiewen_tan@apple.com>

        Add a runtime flag for SubtleCrypto
        https://bugs.webkit.org/show_bug.cgi?id=164982

        Reviewed by Brent Fulgham.

        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setSubtleCryptoEnabled):
        (WebCore::RuntimeEnabledFeatures::subtleCryptoEnabled):
        * page/Crypto.idl:

2016-12-01  Saam Barati  <sbarati@apple.com>

        Rename CallFrame::callee() to CallFrame::jsCallee()
        https://bugs.webkit.org/show_bug.cgi?id=165293

        Reviewed by Keith Miller.

        * bindings/js/JSDOMConstructor.h:
        (WebCore::JSBuiltinConstructor<JSClass>::construct):
        * bindings/js/JSDataCueCustom.cpp:
        (WebCore::constructJSDataCue):
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        * bindings/js/JSHTMLElementCustom.cpp:
        (WebCore::constructJSHTMLElement):
        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::construct):
        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver):
        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::callPlugin):
        * bindings/js/JSWorkerCustom.cpp:
        (WebCore::constructJSWorker):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorDefinition):
        * bindings/scripts/test/JS/JSFloat64Array.cpp:
        (WebCore::JSFloat64ArrayConstructor::constructJSFloat64Array):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::construct):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterfaceConstructor::construct):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructorNamedConstructor::construct):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodeConstructor::construct):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjConstructor::construct):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::constructJSTestOverloadedConstructors1):
        (WebCore::constructJSTestOverloadedConstructors2):
        (WebCore::constructJSTestOverloadedConstructors3):
        (WebCore::constructJSTestOverloadedConstructors4):
        (WebCore::constructJSTestOverloadedConstructors5):
        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
        (WebCore::constructJSTestOverloadedConstructorsWithSequence1):
        (WebCore::constructJSTestOverloadedConstructorsWithSequence2):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefsConstructor::construct):
        * bridge/objc/objc_runtime.mm:
        (JSC::Bindings::callObjCFallbackObject):
        * bridge/runtime_method.cpp:
        (JSC::callRuntimeMethod):
        * bridge/runtime_object.cpp:
        (JSC::Bindings::callRuntimeObject):
        (JSC::Bindings::callRuntimeConstructor):

2016-12-01  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Fade controls in when entering and exiting fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=165287

        Reviewed by Dean Jackson.

        Fade controls in when we enter and leave fullscreen.

        Test: media/modern-media-controls/media-controller/media-controller-fade-controls-when-entering-fullscreen.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls.fade-in):
        (@keyframes fade-in):
        (to):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.presentInElement):
        * Modules/modern-media-controls/media/fullscreen-support.js:
        (FullscreenSupport.prototype.buttonWasClicked):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._updateControlsIfNeeded):

2016-12-01  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Show and populate the tracks panel
        https://bugs.webkit.org/show_bug.cgi?id=165284

        Reviewed by Dean Jackson.

        We added a TracksPanel in https://bugs.webkit.org/show_bug.cgi?id=165239 which allows to
        show a list of media tracks and text tracks to choose from. We now show this panel when
        clicking on the tracks button in the controls bar and populate its content with the
        list of audio and text tracks for the media element. As an item is picked from the tracks
        panel, we toggle the represented track's enabled state and dismiss the panel.

        We also pick up the text track container display mostly unchanged from current media controls.

        Tests: media/modern-media-controls/tracks-support/tracks-support-click-track-in-panel.html
               media/modern-media-controls/tracks-support/tracks-support-show-and-populate-panel.html

        * Modules/modern-media-controls/controls/macos-inline-media-controls.js:
        (MacOSInlineMediaControls.prototype.showTracksPanel):
        * Modules/modern-media-controls/controls/text-tracks.css: Added.
        (video::-webkit-media-text-track-container):
        (video::cue):
        (video::-webkit-media-text-track-display):
        (video::-webkit-media-text-track-display-backdrop):
        (video::cue(:future)):
        (video::-webkit-media-text-track-container b):
        (video::-webkit-media-text-track-container u):
        (video::-webkit-media-text-track-container i):
        (video::-webkit-media-text-track-container .hidden):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        * Modules/modern-media-controls/media/tracks-support.js:
        (TracksSupport):
        (TracksSupport.prototype.destroy):
        (TracksSupport.prototype.buttonWasClicked):
        (TracksSupport.prototype.tracksPanelNumberOfSections):
        (TracksSupport.prototype.tracksPanelTitleForSection):
        (TracksSupport.prototype.tracksPanelNumberOfTracksInSection):
        (TracksSupport.prototype.tracksPanelTitleForTrackInSection):
        (TracksSupport.prototype.tracksPanelIsTrackInSectionSelected):
        (TracksSupport.prototype.tracksPanelSelectionDidChange):
        (TracksSupport.prototype.syncControl):
        (TracksSupport.prototype._textTracks):
        (TracksSupport.prototype._audioTracks):
        (TracksSupport.prototype._canPickAudioTracks):
        (TracksSupport.prototype._canPickTextTracks):
        (TracksSupport.prototype._sortedTrackList):

2016-12-01  Brent Fulgham  <bfulgham@apple.com>

        Rare crash when preparing to print
        https://bugs.webkit.org/show_bug.cgi?id=165280
        <rdar://problem/28240254>

        Reviewed by Dean Jackson.

        * page/Frame.cpp:
        (WebCore::Frame::setPrinting): Only manipulate the FrameView if it is non-null.
        (WebCore::Frame::documentAtPoint): Drive-by fix to change a 0 return to nullptr.

2016-12-01  Simon Fraser  <simon.fraser@apple.com>

        Put an obvious debug border on layers with backdrop filters
        https://bugs.webkit.org/show_bug.cgi?id=165291

        Reviewed by Tim Horton.

        Put a wide magenta border on layers with backdrop filters, to highlight their performance impact.
        
        Change the "contents layer" color (used by WebGL, video etc) to blue.
        
        Make the clipping layer border slightly narrower.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::getDebugBorderInfo):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::setBackdropFilters):

2016-12-01  Brian Burg  <bburg@apple.com>

        Fix the Windows Release build after r209198
        https://bugs.webkit.org/show_bug.cgi?id=165285

        Unreviewed build fix.

        * Modules/webdriver/NavigatorWebDriver.cpp:
        Brute force include all the inlines to work around a JSC issue.

2016-12-01  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Only allow a single font-family in @font-face
        https://bugs.webkit.org/show_bug.cgi?id=165278

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontFamilyDescriptor):
        (WebCore::CSSPropertyParser::parseFontFaceDescriptor):

2016-12-01  Beth Dakin  <bdakin@apple.com>

        Blacklist Netflix for TouchBar support
        https://bugs.webkit.org/show_bug.cgi?id=165104

        Rubber-stamped by Tim Horton.

        Meant to not have the www. in the first case because that is covered by the second 
        case.

        * html/HTMLMediaElement.cpp:
        (WebCore::needsPlaybackControlsManagerQuirk):

2016-12-01  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support -webkit-overflow-scrolling: touch
        https://bugs.webkit.org/show_bug.cgi?id=165275

        Reviewed by Zalan Bujtas.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):

2016-12-01  Jiewen Tan  <jiewen_tan@apple.com>

        Update SubtleCrypto::unwrapKey to match the latest spec
        https://bugs.webkit.org/show_bug.cgi?id=164747
        <rdar://problem/29258198>

        Reviewed by Brent Fulgham.

        This patch does following few things:
        1. It updates the SubtleCrypto::unwrapKey method to match the latest spec:
           https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-unwrapKey.
           It also refers to the latest Editor's Draft to a certain degree:
           https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-unwrapKey.
        2. It implements unwrapKey operations of the following algorithms: AES-KW.

        Tests: crypto/subtle/aes-cbc-import-key-unwrap-jwk-rsa-key-private.html
               crypto/subtle/aes-cbc-import-key-uwrap-jwk-rsa-key-public.html
               crypto/subtle/aes-kw-generate-key-wrap-key-unwrap-key.html
               crypto/subtle/aes-kw-import-key-unwrap-raw-key.html
               crypto/subtle/rsa-oaep-import-key-unwrap-jwk-oct-key.html
               crypto/subtle/unwrapKey-malformed-parameters.html
               crypto/workers/subtle/aes-cbc-import-key-unwrap-key.html
               crypto/workers/subtle/aes-kw-import-key-unwrap-key.html
               crypto/workers/subtle/rsa-oaep-import-key-unwrap-key.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::jsSubtleCryptoFunctionWrapKeyPromise):
        Add some comments.
        (WebCore::jsSubtleCryptoFunctionUnwrapKeyPromise):
        (WebCore::JSSubtleCrypto::unwrapKey):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::unwrapKey):
        * crypto/CryptoAlgorithm.h:
        * crypto/SubtleCrypto.idl:
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::unwrapKey):
        * crypto/algorithms/CryptoAlgorithmAES_KW.h:
        * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
        (WebCore::CryptoAlgorithmAES_KW::platformUnwrapKey):
        * crypto/mac/CryptoAlgorithmAES_KWMac.cpp:
        (WebCore::unwrapKeyAES_KW):
        (WebCore::CryptoAlgorithmAES_KW::platformUnwrapKey):
        (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):

2016-12-01  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix font-variant parsing
        https://bugs.webkit.org/show_bug.cgi?id=165266

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeFontVariantEastAsian):
        (WebCore::consumeFontVariantAlternates):
        (WebCore::consumeFontVariantPosition):
        (WebCore::CSSPropertyParser::parseSingleValue):
        (WebCore::CSSPropertyParser::parseFontFaceDescriptor):
        (WebCore::CSSPropertyParser::consumeFontVariantShorthand):
        (WebCore::consumeFontVariantList): Deleted.

2016-12-01  Brian Burg  <bburg@apple.com>

        Web Automation: expose navigator.webdriver if the page is controlled by automation
        https://bugs.webkit.org/show_bug.cgi?id=165245
        <rdar://problem/29449874>

        Reviewed by Joseph Pecoraro.

        Move the implementation into OpenSource. It's in Modules/webdriver/.

        * CMakeLists.txt:
        * DerivedSources.make:
        Add new paths and files.

        * Modules/webdriver/NavigatorWebDriver.cpp: Added.
        (WebCore::NavigatorWebDriver::NavigatorWebDriver):
        (WebCore::NavigatorWebDriver::~NavigatorWebDriver):
        (WebCore::NavigatorWebDriver::supplementName):
        (WebCore::NavigatorWebDriver::isControlledByAutomation):
        (WebCore::NavigatorWebDriver::from):
        (WebCore::JSNavigator::webdriver):
        * Modules/webdriver/NavigatorWebDriver.h: Added.
        * Modules/webdriver/NavigatorWebDriver.idl: Added.
        * WebCore.xcodeproj/project.pbxproj:

2016-12-01  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Implement IDBObjectStore.getKey().
        https://bugs.webkit.org/show_bug.cgi?id=165256

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/idbobjectstore-getkey-1-private.html
               storage/indexeddb/modern/idbobjectstore-getkey-1.html

        * Modules/indexeddb/IDBObjectStore.cpp:
        (WebCore::IDBObjectStore::get):
        (WebCore::IDBObjectStore::getKey):
        * Modules/indexeddb/IDBObjectStore.h:
        * Modules/indexeddb/IDBObjectStore.idl:

        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::createObjectStoreGet):
        (WebCore::IDBRequest::IDBRequest):
        (WebCore::IDBRequest::requestedObjectStoreRecordType):
        * Modules/indexeddb/IDBRequest.h:

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::requestGetRecord):
        (WebCore::IDBTransaction::requestIndexRecord):
        (WebCore::IDBTransaction::didGetRecordOnServer):

        * Modules/indexeddb/IndexedDB.h:

        * Modules/indexeddb/server/IDBBackingStore.h:

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::getRecord):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:

        * Modules/indexeddb/server/MemoryObjectStore.h:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::getRecord):
        (WebCore::IDBServer::UniqueIDBDatabase::performGetRecord):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

        * Modules/indexeddb/shared/IDBGetRecordData.cpp:
        (WebCore::IDBGetRecordData::isolatedCopy):
        * Modules/indexeddb/shared/IDBGetRecordData.h:
        (WebCore::IDBGetRecordData::encode):
        (WebCore::IDBGetRecordData::decode):

2016-12-01  Joseph Pecoraro  <pecoraro@apple.com>

        Misc. cleanup in Modules/fetch
        https://bugs.webkit.org/show_bug.cgi?id=165240

        Reviewed by Darin Adler.

        * Modules/fetch/DOMWindowFetch.h:
        * Modules/fetch/FetchBody.cpp:
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchBodyConsumer.cpp:
        * Modules/fetch/FetchBodyOwner.cpp:
        * Modules/fetch/FetchBodyOwner.h:
        * Modules/fetch/FetchInternals.js:
        (consumeStream):
        * Modules/fetch/FetchLoader.cpp:
        * Modules/fetch/FetchResponse.h:
        Remove unnecessary includes and forward declarations.

        * Modules/fetch/DOMWindowFetch.js:
        (fetch):
        * Modules/fetch/FetchResponse.js:
        (initializeFetchResponse):
        * Modules/fetch/WorkerGlobalScopeFetch.js:
        (fetch):
        Improve style.

2016-12-01  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Turn off text selection
        https://bugs.webkit.org/show_bug.cgi?id=165261

        Reviewed by Dean Jackson.

        We turn off text selection and force a non-text cursor for all text in media controls.

        Tests: media/modern-media-controls/airplay-placard/airplay-placard-text-section.html
               media/modern-media-controls/pip-placard/pip-placard-text-section.html
               media/modern-media-controls/status-label/status-label-text-selection.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls):

2016-12-01  Chris Dumez  <cdumez@apple.com>

        Parameter to DOMStringList.contains() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=165257

        Reviewed by Alex Christensen.

        Parameter to DOMStringList.contains() should be mandatory.
        Gecko and Blink have it mandatory but WebKit had it optional and the
        string 'undefined" was used by default, which is not helpful.

        No new tests, updated existing test.

        * dom/DOMStringList.idl:

2016-12-01  Jiewen Tan  <jiewen_tan@apple.com>

        SubtleCrypto::deriveBits always return NOT_SUPPORTED_ERR for now
        https://bugs.webkit.org/show_bug.cgi?id=164745
        <rdar://problem/29258118>

        Reviewed by Darin Adler.

        Since we don't support any cryptography algorithms that has deriveBits operations,
        SubtleCrypto::deriveBits will always return NOT_SUPPORTED_ERR for now.

        Test: crypto/subtle/deriveBits-malformed-parameters.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::jsSubtleCryptoFunctionDeriveBitsPromise):
        (WebCore::JSSubtleCrypto::deriveBits):
        * crypto/SubtleCrypto.idl:

2016-12-01  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream][Mac] Video presets sometimes don't work
        https://bugs.webkit.org/show_bug.cgi?id=165214
        <rdar://problem/29444533>

        Reviewed by Jer Noble.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::setPreset): Set videoSettings width and height.
        (WebCore::AVVideoCaptureSource::setupCaptureSession): Store videoSettings object for later use.
          Set videoSettings width and height.
        (WebCore::AVVideoCaptureSource::bestSessionPresetForVideoDimensions):
        (WebCore::AVVideoCaptureSource::sizeForPreset): New.

2016-12-01  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Promote the "on" property from AirPlayButton to IconButton
        https://bugs.webkit.org/show_bug.cgi?id=165260

        Reviewed by Dean Jackson.

        With the fix for https://bugs.webkit.org/show_bug.cgi?id=165239 we now set the "on"
        property for the TracksButton as well, so it makes sense to provide that property
        for all IconButton subclasses, not just AirplayButton.

        Test: media/modern-media-controls/icon-button/icon-button-on.html

        * Modules/modern-media-controls/controls/airplay-button.css:
        (button.airplay.on):
        * Modules/modern-media-controls/controls/airplay-button.js:
        (AirplayButton):
        (AirplayButton.prototype.get on): Deleted.
        (AirplayButton.prototype.set on): Deleted.
        * Modules/modern-media-controls/controls/icon-button.css:
        (button.icon:active,):
        (button.icon:active): Deleted.
        * Modules/modern-media-controls/controls/icon-button.js:
        (IconButton.prototype.get on):
        (IconButton.prototype.set on):

2016-11-30  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for File and Blob constructors
        https://bugs.webkit.org/show_bug.cgi?id=165218

        Reviewed by Darin Adler.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        Add/remove new files.

        * bindings/js/JSBlobCustom.cpp:
        (WebCore::constructJSBlob): Deleted.
        * bindings/js/JSFileCustom.cpp: Removed.
        Remove custom constructors.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDefaultValue):
        (GenerateDictionaryImplementationContent):
        (GenerateParametersCheck):
        Add support for optional sequences without default values. Move string default value
        optimizations into GenerateDefaultValue.

        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        (WebCore::Blob::create):
        * fileapi/Blob.idl:
        * fileapi/File.cpp:
        (WebCore::File::File):
        * fileapi/File.h:
        * fileapi/File.idl:
        Add support for the generated constructors.

        * fileapi/BlobBuilder.cpp: Copied from Source/WebCore/fileapi/WebKitBlobBuilder.cpp.
        * fileapi/BlobBuilder.h: Copied from Source/WebCore/fileapi/WebKitBlobBuilder.h.
        * fileapi/WebKitBlobBuilder.cpp: Removed.
        * fileapi/WebKitBlobBuilder.h: Removed.
        Rename WebKitBlobBuilder to BlobBuilder, and update to work with generated constructor.

        * fileapi/BlobPropertyBag.h: Added.
        * fileapi/BlobPropertyBag.idl: Added.
        Added.

        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        * fileapi/ThreadableBlobRegistry.h:
        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::registerBlobURL):
        * platform/network/BlobRegistryImpl.h:
        Avoid copies of the BlobPart Vector.

        * platform/network/BlobPart.h:
        Replace header-guards with #pragma once.

2016-12-01  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Provide a UI object to show a list of tracks
        https://bugs.webkit.org/show_bug.cgi?id=165239

        Reviewed by Dean Jackson.

        We add a new TracksPanel object which we will be using to display a list of
        audio and text tracks. The tracks panel can be shown by calling showTracksPanel()
        on a MacOSMediaControls object and will be dismissed by hitting the Escape key
        or mousing down outside of the panel's bounds. While the tracks panel is up,
        arrows can be used to focus individual tracks which can be activated by either
        pressing the Space bar or Enter key.

        Activating a track will briefly animate its background to indicate selection and
        dismissing the tracks panel is also animated with a quick fade-out animation.

        Data for the tracks panel is provided by specifying a dataSource property and
        implementing the required methods to provide the number of sections in the panel,
        the number of tracks in each section, etc.

        Tests: media/modern-media-controls/tracks-panel/tracks-panel-hide-click-outside.html
               media/modern-media-controls/tracks-panel/tracks-panel-hide-esc-key.html
               media/modern-media-controls/tracks-panel/tracks-panel-hide.html
               media/modern-media-controls/tracks-panel/tracks-panel-population.html
               media/modern-media-controls/tracks-panel/tracks-panel-right-x.html
               media/modern-media-controls/tracks-panel/tracks-panel-select-track-with-keyboard.html
               media/modern-media-controls/tracks-panel/tracks-panel-select-track-with-mouse.html
               media/modern-media-controls/tracks-panel/tracks-panel.html

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css:
        (.media-controls.mac.fullscreen):
        (.media-controls.mac.fullscreen > .controls-bar):
        (.media-controls.mac.fullscreen .tracks-panel):
        * Modules/modern-media-controls/controls/macos-inline-media-controls.css:
        (.media-controls.mac.inline .tracks-panel):
        * Modules/modern-media-controls/controls/macos-media-controls.js:
        (MacOSMediaControls.prototype.showTracksPanel):
        (MacOSMediaControls.prototype.hideTracksPanel):
        (MacOSMediaControls):
        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls):
        * Modules/modern-media-controls/controls/placard.css:
        (.placard):
        * Modules/modern-media-controls/controls/status-label.css:
        (.status-label):
        * Modules/modern-media-controls/controls/tracks-panel.css: Added.
        (.tracks-panel):
        (.tracks-panel *):
        (.tracks-panel.fade-out):
        (.tracks-panel-section):
        (.tracks-panel-section:first-of-type):
        (.tracks-panel-section > h3):
        (.tracks-panel-section > ul):
        (.tracks-panel-section > ul > li):
        (.tracks-panel-section > ul > li:focus):
        (.tracks-panel-section > ul > li.selected:before):
        (.tracks-panel-section > ul > li.animated):
        (@keyframes tracks-panel-item-selection):
        (22.22%):
        * Modules/modern-media-controls/controls/tracks-panel.js: Added.
        (TracksPanel.prototype.get presented):
        (TracksPanel.prototype.presentInParent):
        (TracksPanel.prototype.hide):
        (TracksPanel.prototype.get rightX):
        (TracksPanel.prototype.set rightX):
        (TracksPanel.prototype.trackNodeSelectionAnimationDidEnd):
        (TracksPanel.prototype.mouseMovedOverTrackNode):
        (TracksPanel.prototype.mouseExitedTrackNode):
        (TracksPanel.prototype.commitProperty):
        (TracksPanel.prototype.handleEvent):
        (TracksPanel.prototype._childrenFromDataSource.):
        (TracksPanel.prototype._childrenFromDataSource):
        (TracksPanel.prototype._handleMousedown):
        (TracksPanel.prototype._handleKeydown):
        (TracksPanel.prototype._dismiss):
        (TracksPanel.prototype._focusTrackNode):
        (TracksPanel.prototype._focusPreviousTrackNode):
        (TracksPanel.prototype._focusNextTrackNode):
        (TracksPanel.prototype._focusFirstTrackNode):
        (TracksPanel.prototype._focusLastTrackNode):
        (TrackNode):
        (TrackNode.prototype.activate):
        (TrackNode.prototype.handleEvent):
        (TrackNode.prototype._animationDidEnd):
        * Modules/modern-media-controls/js-files:
        * WebCore.xcodeproj/project.pbxproj:

2016-12-01  Andreas Kling  <akling@apple.com>

        Log some basic memory usage stats at interesting points in time
        <https://webkit.org/b/165206>

        Reviewed by Antti Koivisto.

        This patch adds a mechanism to mark points of interests where we might
        want to do performance-related logging:

            class PerformanceLogging {
                enum PointOfInterest {
                    MainFrameLoadStarted,
                    MainFrameLoadCompleted,
                }
                void didReachPointOfInterest(PointOfInterest)
            }

        You get to this object via MainFrame::performanceLogging().

        We respond to these callbacks by logging some basic data about memory usage
        to the PerformanceLogging channel.

        More PointOfInterest values will be added soon.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadWithDocumentLoader):
        (WebCore::FrameLoader::setState):
        * page/MainFrame.cpp:
        (WebCore::MainFrame::MainFrame):
        * page/MainFrame.h:
        * page/PerformanceLogging.cpp: Added.
        (WebCore::toString):
        (WebCore::getMemoryUsageStatistics):
        (WebCore::PerformanceLogging::PerformanceLogging):
        (WebCore::writeLog):
        (WebCore::PerformanceLogging::didReachPointOfInterest):
        (WebCore::PerformanceLogging::getPlatformMemoryUsageStatistics):
        * page/PerformanceLogging.h: Added.
        * page/cocoa/PerformanceLoggingCocoa.mm: Added.
        (WebCore::PerformanceLogging::getPlatformMemoryUsageStatistics):
        * platform/Logging.h:

2016-11-28  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Move more attributes from RenderGrid to the new Grid class
        https://bugs.webkit.org/show_bug.cgi?id=165094

        Reviewed by Darin Adler.

        Moved more attributes from RenderGrid to Grid as they are not really part of the state of
        the RenderGrid object. In particular m_autoRepeat{Columns|Rows},
        m_autoRepeatEmpty{Columns|Rows} and m_orderIterator. All of them are now private attributes
        of the Grid class so clients should use the getters/setters provided by this patch.

        This change allows to definitely remove the grid{Column|Row}Count() methods from
        RenderGrid. These two became Grid::numTracks() which returns the number of tracks in the
        data structure used to represent the grid (currently a matrix). Contrary to that,
        RenderGrid::numTracks() returns the actual size of the grid.

        No new tests as this is a refactoring.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::Grid::numTracks):
        (WebCore::RenderGrid::Grid::ensureGridSize):
        (WebCore::RenderGrid::Grid::setAutoRepeatTracks):
        (WebCore::RenderGrid::Grid::autoRepeatTracks):
        (WebCore::RenderGrid::Grid::setAutoRepeatEmptyColumns):
        (WebCore::RenderGrid::Grid::setAutoRepeatEmptyRows):
        (WebCore::RenderGrid::Grid::hasAutoRepeatEmptyTracks):
        (WebCore::RenderGrid::Grid::isEmptyAutoRepeatTrack):
        (WebCore::RenderGrid::Grid::autoRepeatEmptyTracks):
        (WebCore::RenderGrid::Grid::gridItemSpan):
        (WebCore::RenderGrid::Grid::clear):
        (WebCore::RenderGrid::RenderGrid):
        (WebCore::RenderGrid::computeTrackSizesForDirection):
        (WebCore::RenderGrid::guttersSize):
        (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::rawGridTrackSize):
        (WebCore::RenderGrid::gridTrackSize):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
        (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::trackSizesForComputedStyle):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
        (WebCore::RenderGrid::gridAreaBreadthForChild):
        (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
        (WebCore::RenderGrid::populateGridPositionsForDirection):
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        (WebCore::RenderGrid::numTracks):
        (WebCore::RenderGrid::paintChildren):
        (WebCore::RenderGrid::gridColumnCount): Deleted.
        (WebCore::RenderGrid::gridRowCount): Deleted.
        (WebCore::RenderGrid::hasAutoRepeatEmptyTracks): Deleted.
        (WebCore::RenderGrid::isEmptyAutoRepeatTrack): Deleted.
        (WebCore::RenderGrid::cachedGridSpan): Deleted.
        * rendering/RenderGrid.h:
        (WebCore::RenderGrid::autoRepeatCountForDirection): Deleted.

2016-11-30  Brady Eidson  <beidson@apple.com>

        Unreviewed, rolling out r209168.

        Caused 2 API tests to fail

        Reverted changeset:

        "IndexedDB: When doing puts, don't
        "updateAllIndexesForAddRecord" if there are no indexes."
        https://bugs.webkit.org/show_bug.cgi?id=165215
        http://trac.webkit.org/changeset/209168

2016-11-30  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Build break when using --minimal
        https://bugs.webkit.org/show_bug.cgi?id=165238

        Reviewed by Darin Adler.

        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumePseudo): Use #if ENABLE(VIDEO_TRACK) guard.

2016-11-30  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Add support for right-to-left layouts
        https://bugs.webkit.org/show_bug.cgi?id=165229

        Reviewed by Dean Jackson.

        We implement the "usesLTRUserInterfaceLayoutDirection" property which is set by HTMLMediaElement
        and set a CSS class when the layout is left-to-right, flipping the fullscreen volume slider in the
        case that it would not be present (right-to-left).

        Test: media/modern-media-controls/media-controller/media-controller-fullscreen-ltr.html

        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.css:
        (.media-controls.mac.fullscreen:not(.uses-ltr-user-interface-layout-direction) .volume.slider):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.get usesLTRUserInterfaceLayoutDirection):
        (MediaControls.prototype.set usesLTRUserInterfaceLayoutDirection):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.set usesLTRUserInterfaceLayoutDirection):
        (MediaController.prototype._updateControlsIfNeeded):

2016-11-30  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unused parameter of InspectorInstrumentation::didFinishXHRLoading
        https://bugs.webkit.org/show_bug.cgi?id=165233

        Reviewed by Brian Burg.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didFinishXHRLoadingImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didFinishXHRLoading):
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::didFinishXHRLoading):
        * inspector/InspectorNetworkAgent.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::didFinishLoading):
        Remove unused ThreadableLoaderClient parameter.

2016-11-30  Brady Eidson  <beidson@apple.com>

        IndexedDB: When doing puts, don't "updateAllIndexesForAddRecord" if there are no indexes.
        https://bugs.webkit.org/show_bug.cgi?id=165215

        Reviewed by Alex Christensen.

        No new tests (No observable behavior change).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord): Don't "updateAllIndexesForAddRecord" if there are no indexes.
          Avoiding this saved us some IDBKey serialization and Javascript object manipulation.

2016-11-30  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] LayoutNode: only mark properties as dirty if different than current value
        https://bugs.webkit.org/show_bug.cgi?id=165236

        Reviewed by Simon Fraser.

        Check that the new value is different than the current value before marking the property as dirty.

        * Modules/modern-media-controls/controls/layout-node.js:
        (LayoutNode.prototype.set x):
        (LayoutNode.prototype.set y):
        (LayoutNode.prototype.set width):
        (LayoutNode.prototype.set height):
        (LayoutNode.prototype.set visible):
        (performScheduledLayout):
        * Modules/modern-media-controls/controls/scheduler.js:
        (const.scheduler.new.prototype.get hasScheduledLayoutCallbacks):

2016-11-30  Jiewen Tan  <jiewen_tan@apple.com>

        SubtleCrypto::deriveKey always return NOT_SUPPORTED_ERR for now
        https://bugs.webkit.org/show_bug.cgi?id=164744
        <rdar://problem/29258083>

        Reviewed by Darin Adler.

        Since we don't support any cryptography algorithms that has deriveKey operations,
        SubtleCrypto::deriveKey will always return NOT_SUPPORTED_ERR for now.

        Test: crypto/subtle/deriveKey-malformed-parameters.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::jsSubtleCryptoFunctionDeriveKeyPromise):
        (WebCore::JSSubtleCrypto::deriveKey):
        * crypto/SubtleCrypto.idl:

2016-11-26  Jiewen Tan  <jiewen_tan@apple.com>

        Update SubtleCrypto::digest to match the latest spec
        https://bugs.webkit.org/show_bug.cgi?id=164742
        <rdar://problem/29258037>

        Reviewed by Darin Adler.

        This patch updates the SubtleCrypto::digest method to match the latest spec:
        https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-digest.
        It also refers to the latest Editor's Draft to a certain degree:
        https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-digest.
        Currently supported digest algorithms are SHA-1, SHA-224, SHA-256, SHA-384,
        and SHA-512.

        Tests: crypto/subtle/digest-malformed-parameters.html
               crypto/subtle/sha1-digest.html
               crypto/subtle/sha224-digest.html
               crypto/subtle/sha256-digest.html
               crypto/subtle/sha384-digest.html
               crypto/subtle/sha512-digest.html
               crypto/workers/subtle/sha1-digest.html
               crypto/workers/subtle/sha224-digest.html
               crypto/workers/subtle/sha256-digest.html
               crypto/workers/subtle/sha384-digest.html
               crypto/workers/subtle/sha512-digest.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::jsSubtleCryptoFunctionDigestPromise):
        (WebCore::JSSubtleCrypto::digest):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::digest):
        * crypto/CryptoAlgorithm.h:
        * crypto/SubtleCrypto.idl:
        * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
        (WebCore::CryptoAlgorithmSHA1::digest):
        * crypto/algorithms/CryptoAlgorithmSHA1.h:
        * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
        (WebCore::CryptoAlgorithmSHA224::digest):
        * crypto/algorithms/CryptoAlgorithmSHA224.h:
        * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
        (WebCore::CryptoAlgorithmSHA256::digest):
        * crypto/algorithms/CryptoAlgorithmSHA256.h:
        * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
        (WebCore::CryptoAlgorithmSHA384::digest):
        * crypto/algorithms/CryptoAlgorithmSHA384.h:
        * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
        (WebCore::CryptoAlgorithmSHA512::digest):
        * crypto/algorithms/CryptoAlgorithmSHA512.h:

2016-11-30  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] UI Library: <audio> controls
        https://bugs.webkit.org/show_bug.cgi?id=164619
        <rdar://problem/29207215>

        Reviewed by Dean Jackson.

        Add a default size for <audio> elements (200x50).

        Tests: media/modern-media-controls/audio/audio-controls-buttons.html
               media/modern-media-controls/audio/audio-controls-metrics.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (:host(audio)):

2016-11-30  Brady Eidson  <beidson@apple.com>

        REGRESSION (r209144): API test IndexedDB.DeleteRecovery failing.
        https://bugs.webkit.org/show_bug.cgi?id=165216

        Rubberstamped by Tim Horton.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::closeSQLiteDB): Change invalid ASSERT into a null check.

2016-11-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Add separate settings and preferences to enable/disable async decoding for large images and animated images
        https://bugs.webkit.org/show_bug.cgi?id=165177

        Reviewed by Simon Fraser.

        Instead of having the async image decoding be controlled by one setting,
        two separate settings are added:
            largeImageAsyncDecodingEnabled
            animatedImageAsyncDecodingEnabled
            
        And an existing setting is removed:
            asyncImageDecodingEnabled

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::load):
        * loader/cache/CachedImage.h:
        * page/Settings.in:
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::internalStartAnimation):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/ImageObserver.h:

2016-11-30  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: layoutState->m_renderer == this in WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage
        https://bugs.webkit.org/show_bug.cgi?id=155364
        <rdar://problem/27720461>

        Reviewed by David Hyatt.

        RenderNamedFlowThread is considered to be a root for the current renderer context so
        we need to bail out from the containing block traversal here (like we do for the RenderView). 

        Test: fast/replaced/replaced-element-with-percentage-width-inside-flow-asserts.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing):

2016-11-30  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Send operations off to the server in batches instead of one at a time.
        https://bugs.webkit.org/show_bug.cgi?id=165221

        Reviewed by Myles C. Maxfield.

        No new tests (No observable behavior change).

        On a profile of "Lots of writes to an IndexedDB", timer scheduling/firing presented as over 10% of the time.

        This patch negates much of that.

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::pendingOperationTimerFired): Send 100 operations off to the server
          before spinning the runloop, instead of only 1.

2016-11-30  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Controls are not visible when returning from picture-in-picture playback
        https://bugs.webkit.org/show_bug.cgi?id=165183

        Reviewed by Dean Jackson.

        We need to call MediaControlsHost::setPreparedToReturnVideoLayerToInline() when we return from
        picture-in-picture playback such that the video layer is correctly stacked under the media controls.
        We call that function in a rAF call to ensure it's performed in sync with the next scheduled layout
        or the media controls would not appear in sync with the video layer.

        We also fix an error from a previous commit in ControlsVisibilitySupport.

        * Modules/modern-media-controls/media/controls-visibility-support.js:
        (ControlsVisibilitySupport.prototype.syncControl):
        (ControlsVisibilitySupport):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):
        (MediaController.prototype.handleEvent):
        (MediaController.prototype._returnMediaLayerToInlineIfNeeded):

2016-11-30  Jiewen Tan  <jiewen_tan@apple.com>

        Update SubtleCrypto::wrapKey to match the latest spec
        https://bugs.webkit.org/show_bug.cgi?id=164746
        <rdar://problem/29258160>

        Reviewed by Brent Fulgham.

        This patch does following few things:
        1. It updates the SubtleCrypto::wrapKey method to match the latest spec:
           https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-wrapKey.
           It also refers to the latest Editor's Draft to a certain degree:
           https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-wrapKey.
        2. It implements wrapKey operations of the following algorithms: AES-KW.
        3. It also replaces JSSubtleCrypto* with auto in all promise functions.

        Tests: crypto/subtle/aes-cbc-import-key-wrap-jwk-rsa-key-private.html
               crypto/subtle/aes-cbc-import-key-wrap-jwk-rsa-key-public.html
               crypto/subtle/aes-kw-import-key-wrap-raw-key.html
               crypto/subtle/aes-kw-wrap-key-malformed-parameters.html
               crypto/subtle/rsa-oaep-import-key-wrap-jwk-oct-key.html
               crypto/subtle/wrapKey-malformed-parameters.html
               crypto/workers/subtle/aes-cbc-import-key-wrap-key.html
               crypto/workers/subtle/aes-kw-import-key-wrap-key.html
               crypto/workers/subtle/rsa-oaep-import-key-wrap-key.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::supportExportKeyThrow):
        (WebCore::jsSubtleCryptoFunctionEncryptPromise):
        (WebCore::jsSubtleCryptoFunctionDecryptPromise):
        (WebCore::jsSubtleCryptoFunctionExportKeyPromise):
        (WebCore::jsSubtleCryptoFunctionWrapKeyPromise):
        (WebCore::JSSubtleCrypto::wrapKey):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::wrapKey):
        * crypto/CryptoAlgorithm.h:
        * crypto/SubtleCrypto.idl:
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::wrapKey):
        * crypto/algorithms/CryptoAlgorithmAES_KW.h:
        * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
        (WebCore::CryptoAlgorithmAES_KW::platformWrapKey):
        * crypto/mac/CryptoAlgorithmAES_KWMac.cpp:
        (WebCore::wrapKeyAES_KW):
        (WebCore::CryptoAlgorithmAES_KW::platformWrapKey):
        (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):

2016-11-29  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for more missing / exotic IDLTypes
        https://bugs.webkit.org/show_bug.cgi?id=165156

        Reviewed by Alex Christensen.

        - Adds JSDOMConvert support for WebIDL's 'callback interface' and 'callback function'.
        - Adds JSDOMConvert support for WebIDL extensions for SerializedScriptValue, Dictionary, 
          EventListener and XPathNSResolver (moving much of their special casing out of perl and
          into JSDOMConvert).

        * DerivedSources.make:
        Adds $(WebCore)/testing to the list of available IDL directories to keep internals
        compiling.

        * Modules/webaudio/WaveShaperNode.cpp:
        * Modules/webaudio/WaveShaperNode.h:
        Update to take curve by reference.

        * bindings/generic/IDLTypes.h:
        (WebCore::IDLWrapper):
        Add helper type, IDLWrapper, which serves as a base type for all IDLTypes that are
        RefCounted.

        * bindings/js/JSDOMConvert.h:
        (WebCore::convert):
        (WebCore::Converter<IDLNullable<T>>::convert):
        (WebCore::Converter<IDLCallbackFunction<T>>::convert):
        (WebCore::JSConverter<IDLCallbackFunction<T>>::convert):
        (WebCore::JSConverter<IDLCallbackFunction<T>>::convertNewlyCreated):
        (WebCore::Converter<IDLCallbackInterface<T>>::convert):
        (WebCore::JSConverter<IDLCallbackInterface<T>>::convert):
        (WebCore::JSConverter<IDLCallbackInterface<T>>::convertNewlyCreated):
        (WebCore::Converter<IDLSerializedScriptValue<T>>::convert):
        (WebCore::JSConverter<IDLSerializedScriptValue<T>>::convert):
        (WebCore::Converter<IDLLegacyDictionary<T>>::convert):
        (WebCore::Converter<IDLEventListener<T>>::convert):
        (WebCore::Converter<IDLXPathNSResolver<T>>::convert):
        (WebCore::JSConverter<IDLXPathNSResolver<T>>::convert):
        (WebCore::JSConverter<IDLXPathNSResolver<T>>::convertNewlyCreated):
        Add converters for the new types. IDLSerializedScriptValue, IDLLegacyDictionary, IDLEventListener and IDLXPathNSResolver
        have been templatized to avoid including their implementation classes everywhere. We can improve this in the future by
        splitting JSDOMConvert up into to separate files.

        * bindings/scripts/CodeGenerator.pm:
        (IsBuiltinType):
        (IsInterfaceType):
        (IsWrapperType):
        (ComputeIsCallbackInterface):
        (ComputeIsCallbackFunction):
        Add new predicates, IsBuiltinType and IsInterfaceType, and re-work IsWrapperType to determine all types that
        have a JS wrapper (and consequently a JS{name}.h file).

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        Update to add include for EventListener.

        (GetArgumentExceptionFunction):
        (GetArgumentExceptionThrower):
        (GetAttributeExceptionFunction):
        (GetAttributeExceptionThrower):
        Add support for exceptions for callbacks.

        (PassArgumentExpression):
        Factor out logic on how to pass arguments to C++.

        (GenerateHeader):
        Make toWrapped and JSDOMWrapperConverterTraits work with XPathNSResolver.

        (GenerateImplementation):
        Update to use PassArgumentExpression and pass a global object reference to JSValueToNative.

        (GenerateParametersCheck):
        Remove special casing for callbacks.

        (GenerateCallbackHeaderContent):
        (GenerateCallbackImplementationContent):
        Simplify toJS functions. State and global object are not necessary.

        (GetBaseIDLType):
        Add support for new types. Add assertion so that unknown types can't get through.

        (ShouldPassArgumentByReference):
        Rename from ShouldPassWrapperByReference, and merge in CodeGenerator's ShouldPassWrapperByReference.

        (JSValueToNativeDOMConvertNeedsThisObject):
        Added. Predicate to determine types that need a this object for conversion.

        (JSValueToNativeDOMConvertNeedsGlobalObject):
        Added. Predicate to determine types that need a global object for conversion.

        (JSValueToNative):
        Remove special cases for new types.

        (NativeToJSValueDOMConvertNeedsState):
        Add SerializedScriptValue and XPathNSResolver.

        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Add SerializedScriptValue and XPathNSResolver.

        (NativeToJSValueUsingReferences):
        (NativeToJSValueUsingPointers):
        (NativeToJSValue):
        Remove unused $statePointer and replace $globalObject with $globalObjectReference. Remove
        special cases for new types.

        (GenerateConstructorDefinition):
        Use PassArgumentExpression.

        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunction.h:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.h:
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/TestSerializedScriptValueInterface.idl:
        Update tests. Remove test for a readonly attribute returning a Promise, which is not supported
        yet (this was caught by the assertion added to GetBaseIDLType). Add tests for passing and returning 
        SerializedScriptValues from functions.

2016-11-30  Jiewen Tan  <jiewen_tan@apple.com>

        Update SubtleCrypto::verify to match the latest spec
        https://bugs.webkit.org/show_bug.cgi?id=164741
        <rdar://problem/29257935>

        Reviewed by Brent Fulgham.

        This patch does following few things:
        1. It updates the SubtleCrypto::verify method to match the latest spec:
           https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-verify.
           It also refers to the latest Editor's Draft to a certain degree:
           https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-verify.
        2. It implements verify operations of the following algorithms: HMAC, and
           RSASSA-PKCS1-V1_5.

        Tests: crypto/subtle/hmac-generate-key-sign-verify.html
               crypto/subtle/hmac-import-key-verify-sha1.html
               crypto/subtle/hmac-import-key-verify-sha224.html
               crypto/subtle/hmac-import-key-verify-sha256.html
               crypto/subtle/hmac-import-key-verify-sha384.html
               crypto/subtle/hmac-import-key-verify-sha512.html
               crypto/subtle/rsassa-pkcs1-v1_5-generate-key-sign-verify.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-verify-sha1.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-verify-sha224.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-verify-sha256.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-verify-sha384.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-verify-sha512.html
               crypto/subtle/verify-malformed-parameters.html
               crypto/workers/subtle/hmac-import-key-verify.html
               crypto/workers/subtle/rsassa-pkcs1-v1_5-import-key-verify.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::jsSubtleCryptoFunctionVerifyPromise):
        (WebCore::JSSubtleCrypto::verify):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::verify):
        * crypto/CryptoAlgorithm.h:
        * crypto/SubtleCrypto.idl:
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::verify):
        * crypto/algorithms/CryptoAlgorithmHMAC.h:
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::verify):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
        * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
        * crypto/mac/CryptoAlgorithmHMACMac.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
        (WebCore::verifyRSASSA_PKCS1_v1_5):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):

2016-11-30  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix columns shorthand parsing
        https://bugs.webkit.org/show_bug.cgi?id=165210

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeColumns):
        (WebCore::consumeColumnWidthOrCount): Deleted.
        Bring over the old parser code, since it was actually better at creating implicit values for auto.

2016-11-30  Andy Estes  <aestes@apple.com>

        [Cocoa] Pass the embedding app's bundle ID to new instances of NEFilterSource
        https://bugs.webkit.org/show_bug.cgi?id=165168
        <rdar://problem/29003618>

        Reviewed by Simon Fraser.

        * platform/RuntimeApplicationChecks.h: Declared applicationBundleIdentifier().
        * platform/RuntimeApplicationChecks.mm:
        (WebCore::applicationBundleIdentifier): Made non-static.
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (WebCore::NetworkExtensionContentFilter::initialize): If the new NEFilterSource instance
        responds to -setSourceAppBundleID:, call it with applicationBundleIdentifier().
        * platform/spi/cocoa/NEFilterSourceSPI.h: Moved NEFilterSourceOptionsRedirectURL into the
        !USE(APPLE_INTERNAL_SDK) section and unconditionally declared @property sourceAppBundleID in
        a new category on NEFilterSource.

2016-11-30  Brent Fulgham  <bfulgham@apple.com>

        Use 'childOfType' template when retrieving Shadow DOM elements
        https://bugs.webkit.org/show_bug.cgi?id=165145
        <rdar://problem/29331830>

        Reviewed by Antti Koivisto.

        Tests: fast/shadow-dom/color-input-element-shadow-manipulation.html
               fast/shadow-dom/file-input-element-shadow-manipulation.html
               fast/shadow-dom/keygen-shadow-manipulation.html
               fast/shadow-dom/media-shadow-manipulation.html
               fast/shadow-dom/range-input-element-shadow-manipulation.html
               fast/shadow-dom/textarea-shadow-manipulation.html

        Switch to using 'childOfType' when retrieving Shadow DOM elements, rather
        than relying on expected element positions, as these can be changed by
        JavaScript.

        Drive by fix: Make more use of is<> and downcast<> templates rather than blindly casting.

        * dom/Element.h:
        (WebCore::Element::isUploadButton): Added.
        (WebCore::Element::isSliderContainerElement): Added.
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::shadowColorSwatch): Use 'childOfType' rather than assuming
        the first child is the one we want.
        * html/FileInputType.cpp:
        (isType): Added.
        (WebCore::FileInputType::disabledAttributeChanged): Use 'childOfType' rather than assuming
        the first child is the one we want.
        (WebCore::FileInputType::multipleAttributeChanged): Ditto.
        * html/HTMLKeygenElement.cpp:
        (WebCore::HTMLKeygenElement::shadowSelect): Ditto.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaControls): Ditto.
        (WebCore::HTMLMediaElement::hasMediaControls): Ditto.
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::innerTextElement): Ditto.
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::sliderTrackElement): Ditto.
        * html/shadow/SliderThumbElement.h:
        (isType): Added.
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::targetClone): Use 'childOfType' rather than assuming
        the first child is the one we want.

2016-11-30  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Cache and reuse SQLiteStatements in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=164974

        Reviewed by Alex Christensen.

        No new tests (No behavior change other than being faster).

        Instead of building new SQLiteStatements from scratch each time they're needed and then
        finalizing them after they're used for a single operation, we cache them.

        For tests that do puts and/or gets in tight loops, this shows up as a 5%-20% speedup on profiles.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::~SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::renameObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedHasIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::renameIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::keyExistsInObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getBlobRecordsForObjectStoreRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::cachedStatementForGetAllObjectStoreRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getAllObjectStoreRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedSetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::cachedStatement):
        (WebCore::IDBServer::SQLiteIDBBackingStore::closeSQLiteDB):
        (WebCore::IDBServer::queryForGetAllObjectStoreRecords): Deleted.
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-11-30  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Make sure -webkit-background-size coalesces identical values.
        https://bugs.webkit.org/show_bug.cgi?id=165207

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeBackgroundSize):

2016-11-30  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Sync video preview layer and parent layer sizes
        https://bugs.webkit.org/show_bug.cgi?id=165139

        Reviewed by Jer Noble.

        CALayer auto-resizing doesn't work on iOS, so manually reize the video capture preview layer
        whenever the background layer's bounds change.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoSourcePreview::AVVideoSourcePreview): Create layer observer.
        (WebCore::AVVideoSourcePreview::backgroundLayerBoundsChanged): Sync preview layer and background
          layer sizes.
        (WebCore::AVVideoSourcePreview::invalidate): Invalidate and clear observer.
        (-[WebCoreAVVideoCaptureSourceObserver initWithParent:]):
        (-[WebCoreAVVideoCaptureSourceObserver setParent:]): Add KVO bounds observer.
        (-[WebCoreAVVideoCaptureSourceObserver observeValueForKeyPath:ofObject:change:context:]): Call
        parent when "bounds" changes.
        (-[WebCoreAVVideoCaptureSourceObserver actionForKey:]): Return nil to disable all animations.

2016-11-30  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix crash in -webkit-shape-outside parsing
        https://bugs.webkit.org/show_bug.cgi?id=165202

        Reviewed by Dean Jackson.

        * css/CSSBasicShapes.cpp:
        (WebCore::buildSerializablePositionOffset):
        The old parser never passed in a singleton value ID for top/right/bottom/left.
        The new parser does, and it exposed a bug in the serialization code for
        shapes that didn't properly create the offset primitive value as a percentage
        in those cases.

2016-11-30  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GLIB] IndexedDB: Switch to use new encoder for IDBKeyData
        https://bugs.webkit.org/show_bug.cgi?id=165191

        Reviewed by Sergio Villar Senin.

        Instead of using KeyedEncoder.

        * Modules/indexeddb/server/IDBSerialization.cpp:
        (WebCore::isLegacySerializedIDBKeyData): Helper function to check whether the given data were encoded with
        KeyedEncoder or not.
        (WebCore::serializedTypeForKeyType): Remove #ifdefs for CF and always use the new encoder.
        (WebCore::encodeKey): Ditto.
        (WebCore::serializeIDBKeyData): Ditto.
        (WebCore::decodeKey): Ditto.
        (WebCore::deserializeIDBKeyData): Ditto.

2016-11-30  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Null ResourceResponse Preflight requests cause crash
        https://bugs.webkit.org/show_bug.cgi?id=165120
        <rdar://problem/27911350>

        Reviewed by Brian Burg.

        * loader/CrossOriginPreflightChecker.cpp:
        (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
        Only inform Web Inspector about successful responses. Informing with a
        null response would break the expected Inspector API contract when
        notifying about did receive response. Also, when informing Web Inspector
        include a didFinishLoading event so the frontend knows this pre-flight
        request is complete.

2016-11-30  Brady Eidson  <beidson@apple.com>

        REGRESSION (209086): IDB tests crash under GuardMalloc.
        https://bugs.webkit.org/show_bug.cgi?id=165201

        Reviewed by Chris Dumez.

        No new tests (Covered by literally every IDB test when run under GuardMalloc).

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::commitOnServer): "Commit on Server" operations are special, in that they
          are the last operation a transaction does, and they remove themselves from the protector map right away.
          So when we remove them from the protector map we also need to remove their raw-pointer from the 
          "in-progress" queue.

2016-11-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Some animated image do not animate after reseting their animations
        https://bugs.webkit.org/show_bug.cgi?id=165131

        Reviewed by Simon Fraser.

        Test: fast/images/reset-image-animation.html

        The bug happens because the ImageFrameCache does not reset its cached
        frames properly when the BitmapImage rests its animation.

        -- We need to ignore caching the new NativeImage of an ImageFrame if the
        decoding thread is terminated after asynchronously calling  
        cacheFrameNativeImageAtIndex() on the main thread through callOnMainThread().
        Although the decoding thread was terminated this call is still scheduled
        to be executed later on the main thread.

        -- We need to open the m_frameRequestQueue before starting a new decoding
        thread. Opening m_frameRequestQueue clears the enqueued requests from the 
        previous decoding thread and allows enqueueing requests for the new thread.

        -- We need to clear the ImageFrames which were being decoded at the time
        the decoding queue was closing and their new NativeImages were not cached.

        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Assert the NativeImage
        is cached for an ImageFrame which is still being decoded.

        (WebCore::ImageFrameCache::startAsyncDecodingQueue): Open the m_frameRequestQueue
        before starting the decoding thread. Don't cache the NativeImage of an ImageFrame
        unless the decoding thread is still alive and it the same as the one that makes
        the asynchronous call to cacheFrameNativeImageAtIndex().
        
        (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex): Don't request an
        image frame to be be asynchronously decoded if it is already being decoded.
        
        (WebCore::ImageFrameCache::stopAsyncDecodingQueue): Clear the ImageFrames that
        were being decoded when the decoding thread terminates.
        
        * testing/Internals.cpp:
        (WebCore::Internals::resetImageAnimation):
        * testing/Internals.h:
        * testing/Internals.idl:
        Expose BitmapImage::resetAnimation() through Internals so tests can force it.

2016-11-30  Darin Adler  <darin@apple.com>

        Streamline and speed up tokenizer and segmented string classes
        https://bugs.webkit.org/show_bug.cgi?id=165003

        Reviewed by Sam Weinig.

        Profiling Speedometer on my iMac showed the tokenizer as one of the
        hottest functions. This patch streamlines the segmented string class,
        removing various unused features, and also improves some other functions
        seen on the Speedometer profile. On my iMac I measured a speedup of
        about 3%. Changes include:

        - Removed m_pushedChar1, m_pushedChar2, and m_empty data members from the
          SegmentedString class and all the code that used to handle them.

        - Simplified the SegmentedString advance functions so they are small
          enough to get inlined in the HTML tokenizer.

        - Updated callers to call the simpler SegmentedString advance functions
          that don't handle newlines in as many cases as possible.

        - Cut down on allocations of SegmentedString and made code move the
          segmented string and the strings that are moved into it rather than
          copying them whenever possible.

        - Simplified segmented string functions, removing some branches, mostly
          from the non-fast paths.

        - Removed small unused functions and small functions used in only one
          or two places, made more functions private and renamed for clarity.

        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::documentWrite): Moved a little more of the common code in here
        from the two functions belwo. Removed obsolete comment saying this was not
        following the DOM specification because it is. Removed unneeded special
        cases for 1 argument and no arguments. Take a reference instead of a pointer.
        (WebCore::JSHTMLDocument::write): Updated for above.
        (WebCore::JSHTMLDocument::writeln): Ditto.

        * css/parser/CSSTokenizer.cpp: Added now-needed include.
        * css/parser/CSSTokenizer.h: Removed unneeded include.

        * css/parser/CSSTokenizerInputStream.h: Added definition of kEndOfFileMarker
        here; this is now separate from the use in the HTMLParser. In the long run,
        unclear to me whether it is really needed in either.

        * dom/Document.cpp:
        (WebCore::Document::prepareToWrite): Added. Helper function used by the three
        different variants of write. Using this may prevent us from having to construct
        a SegmentedString just to append one string after future refactoring.
        (WebCore::Document::write): Updated to take an rvalue reference and move the
        value through.
        (WebCore::Document::writeln): Use a single write call instead of two.

        * dom/Document.h: Changed write to take an rvalue reference to SegmentedString
        rather than a const reference.

        * dom/DocumentParser.h: Changed insert to take an rvalue reference to
        SegmentedString. In the future, should probably overload to take a single
        string since that is the normal case.

        * dom/RawDataDocumentParser.h: Updated for change to DocumentParser.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::append): Refactored a bit, just enough
        so that we don't need an assignment operator for SegmentedString that can
        copy a String.

        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::insert): Updated to take an rvalue reference,
        and move the value through.
        * html/parser/HTMLDocumentParser.h: Updated for the above.

        * html/parser/HTMLEntityParser.cpp:
        (WebCore::HTMLEntityParser::consumeNamedEntity): Updated for name changes.
        Changed the twao calls to advance here to call advancePastNonNewline; no
        change in behavior, but asserts what the code was assuming before, that the
        character was not a newline.

        * html/parser/HTMLInputStream.h:
        (WebCore::HTMLInputStream::appendToEnd): Updated to take an rvalue reference,
        and move the value through.
        (WebCore::HTMLInputStream::insertAtCurrentInsertionPoint): Ditto.
        (WebCore::HTMLInputStream::markEndOfFile): Removed the code to construct a
        SegmentedString, overkill since we can just append an individual string.
        (WebCore::HTMLInputStream::splitInto): Rewrote the move idiom here to actually
        use move, which will reduce reference count churn and other unneeded work.

        * html/parser/HTMLMetaCharsetParser.cpp:
        (WebCore::HTMLMetaCharsetParser::checkForMetaCharset): Removed unneeded
        construction of a SegmentedString, just to append a string.

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::HTMLSourceTracker): Moved to the class definition.
        (WebCore::HTMLSourceTracker::source): Updated for function name change.
        * html/parser/HTMLSourceTracker.h: Updated for above.

        * html/parser/HTMLTokenizer.cpp: Added now-needed include.
        (WebCore::HTMLTokenizer::emitAndResumeInDataState): Use advancePastNonNewline,
        since this function is never called in response to a newline character.
        (WebCore::HTMLTokenizer::commitToPartialEndTag): Ditto.
        (WebCore::HTMLTokenizer::commitToCompleteEndTag): Ditto.
        (WebCore::HTMLTokenizer::processToken): Use ADVANCE_PAST_NON_NEWLINE_TO macro
        instead of ADVANCE_TO in cases where the character we are advancing past is
        known not to be a newline, so we can use the more efficient advance function
        that doesn't check for the newline character.

        * html/parser/InputStreamPreprocessor.h: Moved kEndOfFileMarker to
        SegmentedString.h; not sure that's a good place for it either. In the long run,
        unclear to me whether this is really needed.
        (WebCore::InputStreamPreprocessor::peek): Added UNLIKELY for the empty check.
        Added LIKELY for the not-special character check.
        (WebCore::InputStreamPreprocessor::advance): Updated for the new name of the
        advanceAndUpdateLineNumber function.
        (WebCore::InputStreamPreprocessor::advancePastNonNewline): Added. More
        efficient than advance for cases where the last characer is known not to be
        a newline character.
        (WebCore::InputStreamPreprocessor::skipNextNewLine): Deleted. Was unused.
        (WebCore::InputStreamPreprocessor::reset): Deleted. Was unused except in the
        constructor; added initial values for the data members to replace.
        (WebCore::InputStreamPreprocessor::processNextInputCharacter): Removed long
        FIXME comment that didn't really need to be here. Reorganized a bit.
        (WebCore::InputStreamPreprocessor::isAtEndOfFile): Renamed and made static.

        * html/track/BufferedLineReader.cpp:
        (WebCore::BufferedLineReader::nextLine): Updated to not use the poorly named
        scanCharacter function to advance past a newline. Also renamed from getLine
        and changed to return Optional<String> instead of using a boolean to indicate
        failure and an out argument.

        * html/track/BufferedLineReader.h:
        (WebCore::BufferedLineReader::BufferedLineReader): Use the default, putting
        initial values on each data member below.
        (WebCore::BufferedLineReader::append): Updated to take an rvalue reference,
        and move the value through.
        (WebCore::BufferedLineReader::scanCharacter): Deleted. Was poorly named,
        and easy to replace with two lines of code at its two call sites.
        (WebCore::BufferedLineReader::reset): Rewrote to correctly clear all the
        data members of the class, not just the segmented string.

        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::parseWebVTTFileHeader): Updated to take
        an rvalue reference and move the value through.
        * html/track/InbandGenericTextTrack.h: Updated for the above.

        * html/track/InbandTextTrack.h: Updated since parseWebVTTFileHeader now
        takes an rvalue reference.

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFileHeader): Updated to take an rvalue reference
        and move the value through.
        (WebCore::WebVTTParser::parseBytes): Updated to pass ownership of the string
        in to the line reader append function.
        (WebCore::WebVTTParser::parseCueData): Use auto and WTFMove for WebVTTCueData.
        (WebCore::WebVTTParser::flush): More of the same.
        (WebCore::WebVTTParser::parse): Changed to use nextLine instead of getLine.
        * html/track/WebVTTParser.h: Updated for the above.

        * html/track/WebVTTTokenizer.cpp:
        (WebCore::advanceAndEmitToken): Use advanceAndUpdateLineNumber by its new
        name, just advance. No change in behavior.
        (WebCore::WebVTTTokenizer::WebVTTTokenizer): Pass a String, not a
        SegmentedString, to add the end of file marker.

        * platform/graphics/InbandTextTrackPrivateClient.h: Updated since
        parseWebVTTFileHeader takes an rvalue reference.

        * platform/text/SegmentedString.cpp:
        (WebCore::SegmentedString::Substring::appendTo): Moved here from the header.
        The only caller is SegmentedString::toString, inside this file.
        (WebCore::SegmentedString::SegmentedString): Deleted the copy constructor.
        No longer needed.
        (WebCore::SegmentedString::operator=): Defined a move assignment operator
        rather than an ordinary assignment operator, since that's what the call
        sites really need.
        (WebCore::SegmentedString::length): Simplified since we no longer need to
        support pushed characters.
        (WebCore::SegmentedString::setExcludeLineNumbers): Simplified, since we
        can just iterate m_otherSubstrings without an extra check. Also changed to
        write directly to the data member of Substring instead of using a function.
        (WebCore::SegmentedString::updateAdvanceFunctionPointersForEmptyString):
        Added. Used when we run out of characters.
        (WebCore::SegmentedString::clear): Removed code to clear now-deleted members.
        Updated for changes to other member names.
        (WebCore::SegmentedString::appendSubstring): Renamed from just append to
        avoid ambiguity with the public append function. Changed to take an rvalue
        reference, and move in, and added code to set m_currentCharacter properly,
        so the caller doesn't have to deal with that.
        (WebCore::SegmentedString::close): Updated to use m_isClosed by its new name.
        Also removed unneeded comment about assertion that fires when trying to close
        an already closed string.
        (WebCore::SegmentedString::append): Added overloads for rvalue references of
        both entire SegmentedString objects and of String. Streamlined to just call
        appendSubstring and append to the deque.
        (WebCore::SegmentedString::pushBack): Tightened up since we don't allow empty
        strings and changed to take just a string, not an entire segmented string.
        (WebCore::SegmentedString::advanceSubstring): Moved logic into the
        advancePastSingleCharacterSubstringWithoutUpdatingLineNumber function.
        (WebCore::SegmentedString::toString): Simplified now that we don't need to
        support pushed characters.
        (WebCore::SegmentedString::advancePastNonNewlines): Deleted.
        (WebCore::SegmentedString::advance8): Deleted.
        (WebCore::SegmentedString::advanceWithoutUpdatingLineNumber16): Renamed from
        advance16. Simplified now that there are no pushed characters. Also changed to
        access data members of m_currentSubstring directly instead of calling a function.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber8): Deleted.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber16): Ditto.
        (WebCore::SegmentedString::advancePastSingleCharacterSubstringWithoutUpdatingLineNumber):
        Renamed from advanceSlowCase. Removed uneeded logic to handle pushed characters.
        Moved code in here from advanceSubstring.
        (WebCore::SegmentedString::advancePastSingleCharacterSubstring): Renamed from
        advanceAndUpdateLineNumberSlowCase. Simplified by calling the function above.
        (WebCore::SegmentedString::advanceEmpty): Broke assertion up into two.
        (WebCore::SegmentedString::updateSlowCaseFunctionPointers): Updated for name changes.
        (WebCore::SegmentedString::advancePastSlowCase): Changed name and meaning of
        boolean argument. Rewrote to use the String class less; it's now used only when
        we fail to match after the first character rather than being used for the actual
        comparison with the literal.

        * platform/text/SegmentedString.h: Moved all non-trivial function bodies out of
        the class definition to make things easier to read. Moved the SegmentedSubstring
        class inside the SegmentedString class, making it a private struct named Substring.
        Removed the m_ prefix from data members of the struct, removed many functions from
        the struct and made its union be anonymous instead of naming it m_data. Removed
        unneeded StringBuilder.h include.
        (WebCore::SegmentedString::isEmpty): Changed to use the length of the substring
        instead of a separate boolean. We never create an empty substring, nor leave one
        in place as the current substring unless the entire segmented string is empty.
        (WebCore::SegmentedString::advancePast): Updated to use the new member function
        template instead of a non-template member function. The new member function is
        entirely rewritten and does the matching directly rather than allocating a string
        just to do prefix matching.
        (WebCore::SegmentedString::advancePastLettersIgnoringASCIICase): Renamed to make
        it clear that the literal must be all non-letters or lowercase letters as with
        the other "letters ignoring ASCII case" functions. The three call sites all fit
        the bill. Implement by calling the new function template.
        (WebCore::SegmentedString::currentCharacter): Renamed from currentChar.
        (WebCore::SegmentedString::Substring::Substring): Use an rvalue reference and
        move the string in.
        (WebCore::SegmentedString::Substring::currentCharacter): Simplified since this
        is never used on an empty substring.
        (WebCore::SegmentedString::Substring::incrementAndGetCurrentCharacter): Ditto.
        (WebCore::SegmentedString::SegmentedString): Overload to take an rvalue reference.
        Simplified since there are now fewer data members.
        (WebCore::SegmentedString::advanceWithoutUpdatingLineNumber): Renamed from
        advance, since this is only safe to use if there is some reason it is OK to skip
        updating the line number.
        (WebCore::SegmentedString::advance): Renamed from advanceAndUpdateLineNumber,
        since doing that is the normal desired behavior and not worth mentioning in the
        public function name.
        (WebCore::SegmentedString::advancePastNewline): Renamed from
        advancePastNewlineAndUpdateLineNumber.
        (WebCore::SegmentedString::numberOfCharactersConsumed): Greatly simplified since
        pushed characters are no longer supported.
        (WebCore::SegmentedString::characterMismatch): Added. Used by advancePast.

        * xml/parser/CharacterReferenceParserInlines.h:
        (WebCore::unconsumeCharacters): Use toString rather than toStringPreserveCapacity
        because the SegmentedString is going to take ownership of the string.
        (WebCore::consumeCharacterReference): Updated to use the pushBack that takes just
        a String, not a SegmentedString. Also use advancePastNonNewline.

        * xml/parser/MarkupTokenizerInlines.h: Added ADVANCE_PAST_NON_NEWLINE_TO.

        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::insert): Updated since this takes an rvalue reference.
        (WebCore::XMLDocumentParser::append): Removed unnecessary code to create a
        SegmentedString.
        * xml/parser/XMLDocumentParser.h: Updated for above. Also fixed indentation
        and initialized most data members.
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser): Moved most data member
        initialization into the class definition.
        (WebCore::XMLDocumentParser::resumeParsing): Removed code that copied a
        segmented string, but converted the whole thing into a string before using it.
        Now we convert to a string right away.

2016-11-30  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed speculative cmake buildfix after r209070.

        * PlatformMac.cmake: New sources added.

2016-11-29  Philippe Normand  <pnormand@igalia.com>

        [WebRTC][OpenWebRTC] Temporary device selection support
        https://bugs.webkit.org/show_bug.cgi?id=165141

        Reviewed by Alejandro G. Castro.

        Make sure the player handles only one audio and video track at
        most for now. The device choice can be influenced with the
        WEBKIT_VIDEO_DEVICE and WEBKIT_AUDIO_DEVICE environment variables.
        Each variable optionally holds the name of the device to use.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::play):
        (WebCore::MediaPlayerPrivateGStreamerOwr::load):

2016-11-29  Claudio Saavedra  <csaavedra@igalia.com>

        Build fix with !HAVE(ACCESSIBILITY)

        * accessibility/AXObjectCache.h:
        (WebCore::AccessibilityReplacedText::AccessibilityReplacedText):
        (WebCore::AccessibilityReplacedText::postTextStateChangeNotification):

        Add dummy implementations.

2016-11-29  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r209058 and r209074.
        https://bugs.webkit.org/show_bug.cgi?id=165188

        These changes caused API test StringBuilderTest.Equal to crash
        and/or fail. (Requested by ryanhaddad on #webkit).

        Reverted changesets:

        "Streamline and speed up tokenizer and segmented string
        classes"
        https://bugs.webkit.org/show_bug.cgi?id=165003
        http://trac.webkit.org/changeset/209058

        "REGRESSION (r209058): API test StringBuilderTest.Equal
        crashing"
        https://bugs.webkit.org/show_bug.cgi?id=165142
        http://trac.webkit.org/changeset/209074

2016-11-29  Nan Wang  <n_wang@apple.com>

        AX: ARIA tree & treeitem roles & aria-expanded state not spoken to VoiceOver iOS 10
        https://bugs.webkit.org/show_bug.cgi?id=164936
        <rdar://problem/29334274>

        Reviewed by Chris Fleizach.

        Added a new container type on iOS for trees. Also, since the treeitem role is ignored
        on iOS, we should expose the expanded status of a treeitem to its accessible children.

        Test: accessibility/ios-simulator/treeitem-expanded.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityTreeAncestor]):
        (-[WebAccessibilityObjectWrapper treeItemParentForObject:]):
        (-[WebAccessibilityObjectWrapper accessibilitySupportsARIAExpanded]):
        (-[WebAccessibilityObjectWrapper accessibilityIsExpanded]):

2016-11-29  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r209096, r209104, and r209114.

        Caused over 200 layout test failures on the bots

        Reverted changesets:

        "IndexedDB 2.0: Cache and reuse SQLiteStatements in the SQLite
        backend."
        https://bugs.webkit.org/show_bug.cgi?id=164974
        http://trac.webkit.org/changeset/209096

        "Followup to:"
        https://bugs.webkit.org/show_bug.cgi?id=164974
        http://trac.webkit.org/changeset/209104

        "REGRESSION (r209104): storage/indexeddb/modern/gc-closes-
        database(-private).html timeout."
        https://bugs.webkit.org/show_bug.cgi?id=165186
        http://trac.webkit.org/changeset/209114

2016-11-29  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Localization
        https://bugs.webkit.org/show_bug.cgi?id=165176

        Reviewed by Dean Jackson.

        We add a new localization file for the purpose of modern media controls, since we may
        require different strings than the legacy one.

        * English.lproj/modern-media-controls-localized-strings.js: Added.
        * Modules/modern-media-controls/controls/airplay-placard.js:
        (AirplayPlacard):
        * Modules/modern-media-controls/controls/pip-placard.js:
        (PiPPlacard):
        * Modules/modern-media-controls/main.js:
        (UIString):
        * Modules/modern-media-controls/media/status-support.js:
        (StatusSupport.prototype.syncControl):
        (StatusSupport):
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::mediaControlsScript):

2016-11-29  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Show an invalid placard when we fail to load a media file
        https://bugs.webkit.org/show_bug.cgi?id=165180

        Reviewed by Dean Jackson.

        We now show a placard with an "invalid" icon when we fail to load the media file.

        Tests: media/modern-media-controls/invalid-placard/invalid-placard.html
               media/modern-media-controls/placard-support/placard-support-error.html

        * Modules/modern-media-controls/controls/icon-service.js:
        * Modules/modern-media-controls/controls/invalid-placard.js: Added.
        (InvalidPlacard):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.get showsStartButton):
        (MediaControls.prototype.set showsStartButton):
        (MediaControls.prototype.get showsPlacard):
        (MediaControls.prototype.hidePlacard):
        (MediaControls.prototype._invalidateChildren):
        * Modules/modern-media-controls/controls/placard.css:
        (.placard .icon):
        * Modules/modern-media-controls/images/iOS/invalid-placard@1x.png: Added.
        * Modules/modern-media-controls/images/iOS/invalid-placard@2x.png: Added.
        * Modules/modern-media-controls/images/iOS/invalid-placard@3x.png: Added.
        * Modules/modern-media-controls/images/macOS/invalid-placard@1x.png: Added.
        * Modules/modern-media-controls/images/macOS/invalid-placard@2x.png: Added.
        * Modules/modern-media-controls/js-files:
        * Modules/modern-media-controls/media/placard-support.js:
        (PlacardSupport.prototype.get mediaEvents):
        (PlacardSupport.prototype._updatePlacard):
        (PlacardSupport):
        * WebCore.xcodeproj/project.pbxproj:

2016-11-29  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Only show controls when the controls attribute is set
        https://bugs.webkit.org/show_bug.cgi?id=165175

        We now respect the value of the media's "controls" attribute so that the start button and the controls
        bar are only shown when that attribute is set to "true".

        Reviewed by Dean Jackson.

        Tests: media/modern-media-controls/controls-visibility-support/controls-visibility-support-controls-off-audio.html
               media/modern-media-controls/controls-visibility-support/controls-visibility-support-controls-off.html
               media/modern-media-controls/controls-visibility-support/controls-visibility-support-controls-on-audio.html
               media/modern-media-controls/controls-visibility-support/controls-visibility-support-controls-on.html
               media/modern-media-controls/controls-visibility-support/controls-visibility-support-controls-toggle.html

        * Modules/modern-media-controls/controls/controls-bar.js: Added.
        (ControlsBar):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.): Deleted.
        * Modules/modern-media-controls/js-files:
        * Modules/modern-media-controls/media/controls-visibility-support.js: Added.
        (ControlsVisibilitySupport):
        (ControlsVisibilitySupport.prototype.destroy):
        (ControlsVisibilitySupport.prototype.get mediaEvents):
        (ControlsVisibilitySupport.prototype.syncControl):
        * Modules/modern-media-controls/media/media-controller-support.js:
        (MediaControllerSupport):
        (MediaControllerSupport.prototype.handleEvent):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype._updateControlsIfNeeded):
        * WebCore.xcodeproj/project.pbxproj:

2016-11-29  Brady Eidson  <beidson@apple.com>

        Followup to:
        IndexedDB 2.0: Cache and reuse SQLiteStatements in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=164974

        Unreviewed.

        * Modules/indexeddb/IDBTransaction.h: Until I can explore further why these operations
          are not protected in the map, change these raw pointers to RefPtrs.
          This fixes issues seen under GuardMalloc.

2016-11-29  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Inline controls show when entering fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=165161

        Reviewed by Dean Jackson.

        We would error when entering fullscreen due to the TracksSupport having its destroy() method
        called when tearing down the inline controls and the `mediaController` reference being incorrect.

        * Modules/modern-media-controls/media/tracks-support.js:
        (TracksSupport.prototype.destroy):

2016-11-29  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Status text stuck saying "Loading" after media starts playing
        https://bugs.webkit.org/show_bug.cgi?id=165162

        Reviewed by Dean Jackson.

        We forgot to handle the case where none of the special messages need to be set and the
        status text should be just an empty string, meaning there is no status text shown in the
        controls bar and the scrubber appears instead.

        Test: media/modern-media-controls/status-support/status-support-playing.html

        * Modules/modern-media-controls/media/status-support.js:
        (StatusSupport.prototype.syncControl):
        (StatusSupport):

2016-11-29  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Cache and reuse SQLiteStatements in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=164974

        Reviewed by Alex Christensen.

        No new tests (No behavior change other than being faster).

        Instead of building new SQLiteStatements from scratch each time they're needed and then
        finalizing them after used for a single operation, cache them.

        For tests that do puts and/or gets in tight loops, this shows up as a 5%-20% speedup on profiles.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::renameObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedHasIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::renameIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::keyExistsInObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteUnusedBlobFileRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getBlobRecordsForObjectStoreRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::cachedStatementForGetAllObjectStoreRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getAllObjectStoreRecords):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedSetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::cachedStatement):
        (WebCore::IDBServer::SQLiteIDBBackingStore::closeSQLiteDB):
        (WebCore::IDBServer::queryForGetAllObjectStoreRecords): Deleted.
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-11-22  Jiewen Tan  <jiewen_tan@apple.com>

        Update SubtleCrypto::sign to match the latest spec
        https://bugs.webkit.org/show_bug.cgi?id=164740
        <rdar://problem/29257864>

        Reviewed by Brent Fulgham.

        This patch does following few things:
        1. It updates the SubtleCrypto::sign method to match the latest spec:
           https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-sign.
           It also refers to the latest Editor's Draft to a certain degree:
           https://w3c.github.io/webcrypto/Overview.html#SubtleCrypto-method-sign.
        2. It implements sign operations of the following algorithms: HMAC, and
           RSASSA-PKCS1-V1_5.
        3. It also replaces promise.copyRef() with WTFMove(promise) for all the
           capture lists of exception callbacks in promise functions.

        Tests: crypto/subtle/hmac-import-key-sign-sha1.html
               crypto/subtle/hmac-import-key-sign-sha224.html
               crypto/subtle/hmac-import-key-sign-sha256.html
               crypto/subtle/hmac-import-key-sign-sha384.html
               crypto/subtle/hmac-import-key-sign-sha512.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-sign-sha1.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-sign-sha224.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-sign-sha256.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-sign-sha384.html
               crypto/subtle/rsassa-pkcs1-v1_5-import-key-sign-sha512.html
               crypto/subtle/sign-malformed-parameters.html
               crypto/workers/subtle/hmac-import-key-sign.html
               crypto/workers/subtle/rsassa-pkcs1-v1_5-import-key-sign.html

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::jsSubtleCryptoFunctionDecryptPromise):
        Fix a minor bug.
        (WebCore::jsSubtleCryptoFunctionEncryptPromise):
        (WebCore::jsSubtleCryptoFunctionDecryptPromise):
        (WebCore::jsSubtleCryptoFunctionSignPromise):
        (WebCore::jsSubtleCryptoFunctionGenerateKeyPromise):
        (WebCore::jsSubtleCryptoFunctionImportKeyPromise):
        (WebCore::jsSubtleCryptoFunctionExportKeyPromise):
        (WebCore::JSSubtleCrypto::sign):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::sign):
        * crypto/CryptoAlgorithm.h:
        * crypto/SubtleCrypto.idl:
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::sign):
        * crypto/algorithms/CryptoAlgorithmHMAC.h:
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::sign):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
        * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
        * crypto/mac/CryptoAlgorithmHMACMac.cpp:
        (WebCore::commonCryptoHMACAlgorithm):
        (WebCore::calculateSignature):
        Remove a null guardance since the depending bug is resolved.
        (WebCore::CryptoAlgorithmHMAC::platformSign):
        (WebCore::CryptoAlgorithmHMAC::platformVerify):
        * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
        (WebCore::signRSASSA_PKCS1_v1_5):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):

2016-11-29  Chris Dumez  <cdumez@apple.com>

        Can't download move.simple.com direct deposit transition PDF: Non user-triggered activations of anchors that have a download attribute are ignored
        https://bugs.webkit.org/show_bug.cgi?id=165148
        <rdar://problem/29421771>

        Reviewed by Daniel Bates.

        We were ignoring non user-triggered activations of anchors that have a
        download attribute which is stricter than Chrome and Firefox and breaks
        downloads on move.simple.com. This patch relaxes our policy to allow
        simulated clicks on such links, similarly to other browsers.

        Web authors can anyway already trigger downloads using script by setting
        window.location to a specific URL and serving to right HTTP headers to
        trigger a download.

        Note that our previous behavior matches the current version of the
        specification so I also filed a bug against the HTML specification to
        see if we can get it changed to match the behavior of browsers:
        - https://github.com/whatwg/html/issues/2116

        No new tests, updated existing test.

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::handleClick):

2016-11-29  Andy Estes  <aestes@apple.com>

        [Cocoa] Enable two clang warnings recommended by Xcode
        https://bugs.webkit.org/show_bug.cgi?id=164498

        Reviewed by Mark Lam.

        * Configurations/Base.xcconfig: Enabled CLANG_WARN_INFINITE_RECURSION and CLANG_WARN_SUSPICIOUS_MOVE.

2016-11-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        Address post-review feedback following r209070 (AppKit momentum scrolling adoption for scroll snapping)
        https://bugs.webkit.org/show_bug.cgi?id=165147

        Reviewed by Simon Fraser.

        Addresses some additional review feedback after r209070, which adopts _NSScrollingMomentumCalculator for scroll
        snapping. See individual changes below for more details. No new tests, since there is no behavior change.

        * page/EventHandler.cpp:
        (WebCore::handleWheelEventInAppropriateEnclosingBox):
        (WebCore::EventHandler::defaultWheelEventHandler):
        * page/Page.cpp:
        (WebCore::Page::ensureTestTrigger):
        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::filteredVelocity):
        * page/WheelEventDeltaFilter.h:
        * page/mac/WheelEventDeltaFilterMac.mm:
        (WebCore::WheelEventDeltaFilterMac::updateFromDelta):
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateExpectsWheelEventTestTriggerWithFrameView):
        * page/scrolling/AsyncScrollingCoordinator.h:
        * page/scrolling/ScrollingCoordinator.h:
        (WebCore::ScrollingCoordinator::updateExpectsWheelEventTestTriggerWithFrameView):

        Rather than force a complete layout pass when the Page first acquires a WheelEventTestTrigger, we now simply
        have the scrolling coordinator update its frame node to expect a wheel event test trigger.

        * page/scrolling/ScrollingMomentumCalculator.cpp:
        (WebCore::ScrollingMomentumCalculator::ScrollingMomentumCalculator):
        (WebCore::ScrollingMomentumCalculator::create):
        (WebCore::BasicScrollingMomentumCalculator::BasicScrollingMomentumCalculator):
        (WebCore::BasicScrollingMomentumCalculator::scrollOffsetAfterElapsedTime):
        (WebCore::BasicScrollingMomentumCalculator::animationDuration):
        (WebCore::BasicScrollingMomentumCalculator::initializeSnapProgressCurve):
        (WebCore::BasicScrollingMomentumCalculator::animationProgressAfterElapsedTime):
        * page/scrolling/ScrollingMomentumCalculator.h:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.h:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm:
        (WebCore::ScrollingMomentumCalculator::create):
        (WebCore::ScrollingMomentumCalculatorMac::ScrollingMomentumCalculatorMac):
        (WebCore::ScrollingMomentumCalculatorMac::scrollOffsetAfterElapsedTime):
        (WebCore::ScrollingMomentumCalculatorMac::animationDuration):
        (WebCore::ScrollingMomentumCalculatorMac::ensurePlatformMomentumCalculator):
        * platform/PlatformWheelEvent.h:
        (WebCore::PlatformWheelEvent::copyWithDeltasAndVelocity):
        (WebCore::PlatformWheelEvent::scrollingVelocity):

        Change scrolling velocity in PlatformWheelEvent to be a FloatSize instead of a FloatPoint. This change
        propagates to the ScrollController, where state variables and arguments pertaining to scrolling velocity are
        also now sizes instead of points.

        * platform/cocoa/ScrollController.h:
        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::scheduleStatelessScrollSnap):
        * platform/cocoa/ScrollSnapAnimatorState.h:
        * platform/cocoa/ScrollSnapAnimatorState.mm:
        (WebCore::ScrollSnapAnimatorState::transitionToGlideAnimationState):
        (WebCore::ScrollSnapAnimatorState::setupAnimationForState):
        (WebCore::ScrollSnapAnimatorState::teardownAnimationForState):
        (WebCore::ScrollSnapAnimatorState::currentAnimatedScrollOffset):

        Refactor elapsed time to be Seconds instead of double. Additionally, use MonotonicTime::now() instead of
        monotonicallyIncreasingTime(), and MonotonicTime instead of double for keeping track of the start time.

        * platform/spi/mac/NSScrollingMomentumCalculatorSPI.h:

2016-11-29  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: The client's transaction operation queue should flush as much to the server as possible.
        https://bugs.webkit.org/show_bug.cgi?id=164932

        Reviewed by Alex Christensen.

        No new tests (No new test necessary, covered extensively by all existing tests).

        Profiles showed that on tests with lots of rapid IDBRequests in a row, both the main thread and database 
        threads were largely idle.

        The explanation was simple. Currently the client IDBTransaction queues up operations and only vends them out 
        to the server 1 at a time, waiting for the previous operation to complete.

        While some operations do need to wait for the server to reply, by making the change to send most operations 
        (all operations with an associated IDBRequest) to the server without waiting we get rid of most of the idleness.

        It is possible we can find a few other types of operations to send without waiting, but we haven't yet seen any
        test case where they would show up on profiles.

        Sending more than one operation at a time was actually a very small part of this change.
        As many "edge case" regression tests revealed, we also needed to start having IDBTransaction track all of their
        "in progress" operations such that they could be aborted on the client side in exceptional circumstances.

        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::abortInProgressOperations): Abort's all in-progress operations (ones that have already
          been sent to the server)
        (WebCore::IDBTransaction::abortOnServerAndCancelRequests): Abort in-progress operations before pending ones.
        (WebCore::IDBTransaction::operationTimerFired): If we just started an operation with an associated IDBRequest,
          schedule the timer to send another one right away.
        (WebCore::IDBTransaction::operationDidComplete):
        (WebCore::IDBTransaction::connectionClosedFromServer): Abort in-progress operations before pending ones.
        * Modules/indexeddb/IDBTransaction.h:

        * Modules/indexeddb/client/TransactionOperation.cpp:
        (WebCore::IDBClient::TransactionOperation::TransactionOperation):
        * Modules/indexeddb/client/TransactionOperation.h:
        (WebCore::IDBClient::TransactionOperation::completed):
        (WebCore::IDBClient::TransactionOperation::hasIDBRequest):

2016-11-29  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix ::cue parsing
        https://bugs.webkit.org/show_bug.cgi?id=165152

        Reviewed by Zalan Bujtas.

        * css/parser/CSSParserValues.h:
        (WebCore::CSSParserSelector::setPseudoElementType):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::isOnlyPseudoClassFunction):
        (WebCore::isOnlyPseudoElementFunction):
        (WebCore::CSSSelectorParser::consumePseudo):
        (WebCore::isPseudoClassFunction): Deleted.
        (WebCore::isPseudoElementFunction): Deleted.

2016-11-28  Gavin Barraclough  <barraclough@apple.com>

        HTMLMediaElement::updateVolume should updateIsPlayingMedia
        https://bugs.webkit.org/show_bug.cgi?id=165132

        Reviewed by Darin Adler & Jer Noble.

        HTMLMediaElement::mediaState takes the volume into account when determining whether media
        is playing (audio is not considered to be playing if volume is 0). As such, any change to
        the volume may require mediaState to be recomputed.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateVolume):

2016-11-29  Daniel Bates  <dabates@apple.com>

        Avoid ref-count churn in ShadowParseContext::commitColor()
        https://bugs.webkit.org/show_bug.cgi?id=165125

        Reviewed by Simon Fraser.

        Avoid ref-count churn in ShadowParseContext::commitColor() by moving the passed
        color into its instance variable.

        Also modified ShadowParseContext::commitColor() to take a Ref<> instead of a
        RefPtr<> because it is never passed a nullptr.

        * css/parser/CSSParser.cpp:
        (WebCore::ShadowParseContext::commitColor):

2016-11-29  Daniel Bates  <dabates@apple.com>

        Avoid ref-count churn in CSSParser::ValueWithCalculation::setCalculation()
        https://bugs.webkit.org/show_bug.cgi?id=165127

        Reviewed by Simon Fraser.

        Use WTFMove() to move the passed RefPtr into CSSParser::ValueWithCalculation::m_calculation
        instead of copying it.

        * css/parser/CSSParser.h:
        (WebCore::CSSParser::ValueWithCalculation::setCalculation):

2016-11-29  Daniel Bates  <dabates@apple.com>

        CryptoAlgorithm::generateKey() should take lvalue reference to const CryptoAlgorithmParameters
        https://bugs.webkit.org/show_bug.cgi?id=165111

        Reviewed by Darin Adler.

        CryptoAlgorithm::generateKey() and its overrides always expect to receive a non-null pointer
        to a CryptoAlgorithmParameter object and never take ownership of it. This kind of relationship
        is best expressed by modifying CryptoAlgorithm::generateKey() to take a lvalue reference to
        a const CryptoAlgorithmParameter object.

        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::jsSubtleCryptoFunctionGenerateKeyPromise):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::generateKey):
        * crypto/CryptoAlgorithm.h:
        * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::generateKey):
        * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::generateKey):
        * crypto/algorithms/CryptoAlgorithmAES_KW.h:
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::generateKey):
        * crypto/algorithms/CryptoAlgorithmHMAC.h:
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:

2016-11-29  Andy Estes  <aestes@apple.com>

        window.name leaks information across domains
        https://bugs.webkit.org/show_bug.cgi?id=158216
        <rdar://problem/14548481>

        Reviewed by Brent Fulgham.

        When updating the history after a cross-origin navigation, the HTML Standard says:

        "If the browsing context is a top-level browsing context, but not an auxiliary browsing
        context, then set the browsing context's name to the empty string."

        https://html.spec.whatwg.org/multipage/browsers.html#resetBCName

        Tests: http/tests/security/window-name-after-cross-origin-aux-frame-navigation.html
               http/tests/security/window-name-after-cross-origin-main-frame-navigation.html
               http/tests/security/window-name-after-cross-origin-sub-frame-navigation.html
               http/tests/security/window-name-after-same-origin-aux-frame-navigation.html
               http/tests/security/window-name-after-same-origin-main-frame-navigation.html
               http/tests/security/window-name-after-same-origin-sub-frame-navigation.html

        * loader/FrameLoader.cpp:
        (WebCore::shouldClearWindowName): Returns true if frame is a main frame with no opener and
        newDocument does not have the same origin as the frame's current document.
        (WebCore::FrameLoader::clear): Changed to set m_frame's name to nullAtom if
        clearWindowProperties and shouldClearWindowName() are true.
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccessStorage): Changed to call isSameOriginAs() and check
        m_universalAccess.
        (WebCore::SecurityOrigin::isSameOriginAs): Renamed from isThirdParty(); removed the check
        for m_universalAccess.
        (WebCore::SecurityOrigin::isThirdParty): Renamed to isSameOriginAs().
        * page/SecurityOrigin.h: Renamed isThirdParty() to isSameOriginAs() and made it public.

2016-11-29  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix parsing of "all" in transitions
        https://bugs.webkit.org/show_bug.cgi?id=165144

        Reviewed by Dean Jackson.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeTransitionProperty):

2016-11-29  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix @page rule parsing
        https://bugs.webkit.org/show_bug.cgi?id=165143

        Reviewed by Zalan Bujtas.

        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parsePageSelector):

2016-11-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, fix the build after r209070

        -[ScrollingMomentumCalculatorMac calculateToReachDestination] is only available on Sierra.

        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm:
        (WebCore::ScrollingMomentumCalculatorMac::ensurePlatformMomentumCalculator):
        * platform/spi/mac/NSScrollingMomentumCalculatorSPI.h:

2016-11-28  Wenson Hsieh  <wenson_hsieh@apple.com>

        Scroll snapping on Mac should use AppKit animations
        https://bugs.webkit.org/show_bug.cgi?id=147261
        <rdar://problem/29395293>

        Reviewed by Brent Fulgham.

        Refactors the scroll snapping animation logic to support arbitrary scrolling momentum calculators and
        introduces ScrollingMomentumCalculatorMac, which wraps AppKit's _NSScrollingMomentumCalculator. On macOS El
        Capitan and later, we use the platform scrolling momentum calculator and for all other cases, we fall back to
        the preexissting platform-invariant momentum calculator.

        Previously, the scroll snapping animation logic was shared between the ScrollSnapAnimatorState and
        ScrollController -- namely, the ScrollController would update various parameters of the ScrollSnapAnimatorState
        and then tell it to compute animation-specific constants and coefficients. After this patch, ScrollController
        will no longer directly set the ScrollSnapAnimatorState's member variables. Instead, it will tell the animator
        state to transition to a new ScrollSnapState with the necessary parameters, and the ScrollSnapAnimatorState is
        responsible for modifying itself accordingly. Furthermore, logic pertaining to computing animated scroll offsets
        is now split out into a new ScrollingMomentumCalculator, which may have different platform-dependent
        implementations. The correct calculator is initialized via ScrollingMomentumCalculator::create, which currently
        returns a ScrollingMomentumCalculatorMac on El Capitan and later, and a BasicScrollingMomentumCalculator
        otherwise.

        The new abstracted ScrollingMomentumCalculator is initialized with various parameters describing the scrolled
        content and viewport, as well as the initial and target scrolling offsets. The momentum calculator is then able
        to compute the animated scroll offset at any given elapsed time, as well as the total duration of the snapping
        animation. The ScrollController's scroll snap timer uses this information (via the ScrollSnapAnimatorState) to
        animate its client's scroll offset during a snap or glide.

        Also reenables 8 failing and/or flaky scroll snapping tests and adds a new layout test. This patch addresses
        two causes for failures and flakiness in these scroll snapping tests:

        1.  When starting or stopping the scroll snap animation timer, we call deferTestsForReason and
            removeTestDeferralForReason, respectively. These were actually noops for the first simulated scroll gesture
            on each of the failing mainframe scrolling tests due to m_expectsWheelEventTestTrigger being false. This
            member variable is updated when AsyncScrollingCoordinator::frameViewLayoutUpdated is invoked, wherein we
            call ScrollingStateFrameScrollingNode::setExpectsWheelEventTestTrigger(true) when the test has started
            monitoring wheel events. However, if this does not happen before scrolling begins in the test (which is the
            case here), then the mainframe scrolling node will not expect a wheel event test trigger even though
            eventSender.monitorWheelEvents() has been called. To fix this, we simply make the Page trigger a layout of
            the main FrameView when first ensuring the wheel event test trigger on the Page.

        2.  The second reason for flakiness affects both overflow and mainframe scrolling. Previously, due to the way
            we would wait for multiple momentum scroll events before starting to glide, we would end up starting the
            scroll snap timer for a snapping animation, stopping it, and then starting it again for the glide animation.
            Thus, if the wheel event test trigger's timer fires right after the scroll snap timer stops and before it
            starts again due to a glide animation, it will erroneously think that scroll snapping is complete, even
            though it's only just about to begin! Now that we know scrolling velocity when we receive the initial
            "momentum begin", we now directly transition the scroll snap state from a snapping state to a gliding state
            and no longer stop and start the timer during this transition, which means that the test trigger will be
            deferred for at least the entire duration of the scroll snapping animation (starting right after the first
            "drag end" wheel event).

        Test: tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-vertical-then-horizontal.html

        * WebCore.xcodeproj/project.pbxproj:
        * page/EventHandler.cpp:
        (WebCore::handleWheelEventInAppropriateEnclosingBox):
        (WebCore::EventHandler::defaultWheelEventHandler):
        * page/Page.cpp:
        (WebCore::Page::ensureTestTrigger):

        Addresses test failures by forcing the mainframe scrolling node to expect wheel event test triggers.

        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::create):
        (WebCore::WheelEventDeltaFilter::filteredVelocity):
        * page/WheelEventDeltaFilter.h:
        * page/mac/WheelEventDeltaFilterMac.mm:
        (WebCore::WheelEventDeltaFilterMac::updateFromDelta):

        Add support for plumbing filtered scrolling velocity over to the ScrollController.

        * page/scrolling/ScrollingMomentumCalculator.cpp: Copied from Source/WebCore/platform/cocoa/ScrollSnapAnimatorState.mm.
        (WebCore::ScrollingMomentumCalculator::ScrollingMomentumCalculator):
        (WebCore::ScrollingMomentumCalculator::create):

        Creates a platform-independent BasicScrollingMomentumCalculator.

        (WebCore::BasicScrollingMomentumCalculator::BasicScrollingMomentumCalculator):
        (WebCore::BasicScrollingMomentumCalculator::linearlyInterpolatedOffsetAtProgress):
        (WebCore::BasicScrollingMomentumCalculator::cubicallyInterpolatedOffsetAtProgress):
        (WebCore::BasicScrollingMomentumCalculator::scrollOffsetAfterElapsedTime):
        (WebCore::BasicScrollingMomentumCalculator::animationDuration):
        (WebCore::BasicScrollingMomentumCalculator::initializeInterpolationCoefficientsIfNecessary):
        (WebCore::BasicScrollingMomentumCalculator::initializeSnapProgressCurve):
        (WebCore::BasicScrollingMomentumCalculator::animationProgressAfterElapsedTime):

        Interpolation logic ported over from ScrollSnapAnimatorState.

        * page/scrolling/ScrollingMomentumCalculator.h: Added.
        (WebCore::ScrollingMomentumCalculator::~ScrollingMomentumCalculator):
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.h: Copied from Source/WebCore/page/WheelEventDeltaFilter.h.
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm: Added.
        (WebCore::ScrollingMomentumCalculator::create):

        Creates a ScrollingMomentumCalculatorMac.

        (WebCore::ScrollingMomentumCalculatorMac::ScrollingMomentumCalculatorMac):
        (WebCore::ScrollingMomentumCalculatorMac::scrollOffsetAfterElapsedTime):
        (WebCore::ScrollingMomentumCalculatorMac::animationDuration):
        (WebCore::ScrollingMomentumCalculatorMac::ensurePlatformMomentumCalculator):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffset):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::viewportSize):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffsetOnAxis): Deleted.
        * platform/PlatformWheelEvent.h:
        (WebCore::PlatformWheelEvent::copyWithDeltasAndVelocity):
        (WebCore::PlatformWheelEvent::scrollingVelocity):
        (WebCore::PlatformWheelEvent::copyWithDeltas): Deleted.
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::scrollOffset):
        (WebCore::ScrollAnimator::viewportSize):
        (WebCore::ScrollAnimator::scrollOffsetOnAxis): Deleted.
        * platform/ScrollAnimator.h:
        * platform/cocoa/ScrollController.h:
        * platform/cocoa/ScrollController.mm:
        (WebCore::otherScrollEventAxis):
        (WebCore::ScrollController::ScrollController):
        (WebCore::ScrollController::shouldOverrideInertialScrolling):
        (WebCore::ScrollController::scheduleStatelessScrollSnap):
        (WebCore::ScrollController::statelessSnapTransitionTimerFired):
        (WebCore::ScrollController::startDeferringTestsDueToScrollSnapping):
        (WebCore::ScrollController::stopDeferringTestsDueToScrollSnapping):
        (WebCore::ScrollController::processWheelEventForScrollSnap):
        (WebCore::ScrollController::updateScrollSnapState):
        (WebCore::ScrollController::updateScrollSnapPoints):

        Update the ScrollController's ScrollSnapAnimationState for both vertical and horizontal axes. If both axes lack
        any snap points, the pointer to the animation state will be nulled out; otherwise, the animation state will
        exist.

        (WebCore::ScrollController::startScrollSnapTimer):
        (WebCore::ScrollController::stopScrollSnapTimer):
        (WebCore::ScrollController::scrollSnapTimerFired):
        (WebCore::ScrollController::activeScrollSnapIndexForAxis):
        (WebCore::ScrollController::setActiveScrollSnapIndexForAxis):
        (WebCore::ScrollController::setNearestScrollSnapIndexForAxisAndOffset):
        (WebCore::ScrollController::setActiveScrollSnapIndicesForOffset):
        (WebCore::ScrollController::scrollSnapPointState): Deleted.
        (WebCore::ScrollController::processWheelEventForScrollSnapOnAxis): Deleted.
        (WebCore::ScrollController::shouldOverrideWheelEvent): Deleted.
        (WebCore::projectedInertialScrollDistance): Deleted.
        (WebCore::ScrollController::beginScrollSnapAnimation): Deleted.
        (WebCore::ScrollController::endScrollSnapAnimation): Deleted.
        (WebCore::ScrollController::initializeScrollSnapAnimationParameters): Deleted.
        (WebCore::ScrollController::isSnappingOnAxis): Deleted.
        * platform/cocoa/ScrollSnapAnimatorState.h:
        (WebCore::ScrollSnapAnimatorState::snapOffsetsForAxis):
        (WebCore::ScrollSnapAnimatorState::setSnapOffsetsForAxis):
        (WebCore::ScrollSnapAnimatorState::currentState):
        (WebCore::ScrollSnapAnimatorState::activeSnapIndexForAxis):
        (WebCore::ScrollSnapAnimatorState::setActiveSnapIndexForAxis):
        * platform/cocoa/ScrollSnapAnimatorState.mm:
        (WebCore::projectedInertialScrollDistance):
        (WebCore::ScrollSnapAnimatorState::transitionToSnapAnimationState):
        (WebCore::ScrollSnapAnimatorState::transitionToGlideAnimationState):
        (WebCore::ScrollSnapAnimatorState::transitionToUserInteractionState):
        (WebCore::ScrollSnapAnimatorState::transitionToDestinationReachedState):

        These methods are used to update the ScrollSnapAnimationState. These state transitions should (and do)
        encapsulate all changes that need to be made to the animation state; in other words, the ScrollController should
        no longer be reaching directly into the ScrollSnapAnimatorState to change member variables.

        (WebCore::ScrollSnapAnimatorState::setupAnimationForState):
        (WebCore::ScrollSnapAnimatorState::teardownAnimationForState):
        (WebCore::ScrollSnapAnimatorState::currentAnimatedScrollOffset):
        (WebCore::ScrollSnapAnimatorState::targetOffsetForStartOffset):
        (WebCore::ScrollSnapAnimatorState::ScrollSnapAnimatorState): Deleted.
        (WebCore::ScrollSnapAnimatorState::pushInitialWheelDelta): Deleted.
        (WebCore::ScrollSnapAnimatorState::averageInitialWheelDelta): Deleted.
        (WebCore::ScrollSnapAnimatorState::clearInitialWheelDeltaWindow): Deleted.
        (WebCore::ScrollSnapAnimatorState::isSnapping): Deleted.
        (WebCore::ScrollSnapAnimatorState::canReachTargetWithCurrentInitialScrollDelta): Deleted.
        (WebCore::ScrollSnapAnimatorState::wheelDeltaTrackingIsInProgress): Deleted.
        (WebCore::ScrollSnapAnimatorState::hasFinishedTrackingWheelDeltas): Deleted.
        (WebCore::ScrollSnapAnimatorState::interpolatedOffsetAtProgress): Deleted.
        (WebCore::ScrollSnapAnimationCurveState::initializeSnapProgressCurve): Deleted.
        (WebCore::ScrollSnapAnimationCurveState::initializeInterpolationCoefficientsIfNecessary): Deleted.
        (WebCore::ScrollSnapAnimationCurveState::interpolatedPositionAtProgress): Deleted.
        (WebCore::ScrollSnapAnimationCurveState::shouldCompleteSnapAnimationImmediatelyAtTime): Deleted.
        (WebCore::ScrollSnapAnimationCurveState::animationProgressAtTime): Deleted.

        The ScrollSnapAnimatorState now tracks state across both axes. This simplifies coordinating scroll snapping in
        both horizontal and vertical axes and fixes the issue of the scroll offset not snapping when performing a scroll
        in one direction without momentum, then scrolling with momentum in the other direction in a single gesture.

        * platform/spi/mac/NSScrollingMomentumCalculatorSPI.h: Added.

2016-11-29  Brady Eidson  <beidson@apple.com>

        IndexedDB 2.0: Queue up completed requests in the client, handle them one by one.
        https://bugs.webkit.org/show_bug.cgi?id=165000

        Reviewed by Alex Christensen.

        No new tests (Covered extensively by every existing test).

        Currently when a TransactionOperation completes on the server, it immediately completes
        itself on the client side, including scheduling an event dispatch if necessary.
        
        This patch changes it so that "server completed operations" instead queue up in the 
        IDBTransaction and are "client-side completed" asynchronously, 1-by-1.
        
        Currently this is a "no behavior change" because only one operation is ever sent to
        the server at a time.
        
        But that will change with https://webkit.org/b/164932
        And this patch is a pre-requisite for that.
        
        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::dispatchEvent):
        (WebCore::IDBRequest::didOpenOrIterateCursor):
        (WebCore::IDBRequest::completeRequestAndDispatchEvent):
        (WebCore::IDBRequest::requestCompleted): Deleted.
        * Modules/indexeddb/IDBRequest.h:
        
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::IDBTransaction):
        (WebCore::IDBTransaction::internalAbort):
        (WebCore::IDBTransaction::abortOnServerAndCancelRequests):
        (WebCore::IDBTransaction::scheduleOperation):
        (WebCore::IDBTransaction::schedulePendingOperationTimer):
        (WebCore::IDBTransaction::pendingOperationTimerFired):
        (WebCore::IDBTransaction::operationCompletedOnServer):
        (WebCore::IDBTransaction::scheduleCompletedOperationTimer):
        (WebCore::IDBTransaction::completedOperationTimerFired):
        (WebCore::IDBTransaction::completeNoncursorRequest):
        (WebCore::IDBTransaction::completeCursorRequest):
        (WebCore::IDBTransaction::finishedDispatchEventForRequest):
        (WebCore::IDBTransaction::didStart):
        (WebCore::IDBTransaction::didOpenCursorOnServer):
        (WebCore::IDBTransaction::didIterateCursorOnServer):
        (WebCore::IDBTransaction::didGetAllRecordsOnServer):
        (WebCore::IDBTransaction::didGetRecordOnServer):
        (WebCore::IDBTransaction::didGetCountOnServer):
        (WebCore::IDBTransaction::didDeleteRecordOnServer):
        (WebCore::IDBTransaction::didClearObjectStoreOnServer):
        (WebCore::IDBTransaction::putOrAddOnServer):
        (WebCore::IDBTransaction::didPutOrAddOnServer):
        (WebCore::IDBTransaction::operationCompletedOnClient):
        (WebCore::IDBTransaction::deactivate):
        (WebCore::IDBTransaction::connectionClosedFromServer):
        (WebCore::IDBTransaction::scheduleOperationTimer): Deleted.
        (WebCore::IDBTransaction::operationTimerFired): Deleted.
        (WebCore::IDBTransaction::operationDidComplete): Deleted.
        * Modules/indexeddb/IDBTransaction.h:
        
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::completeOperation):
        
        * Modules/indexeddb/client/TransactionOperation.cpp:
        (WebCore::IDBClient::TransactionOperation::TransactionOperation):
        * Modules/indexeddb/client/TransactionOperation.h:
        (WebCore::IDBClient::TransactionOperation::transitionToCompleteOnThisThread):
        (WebCore::IDBClient::TransactionOperation::transitionToComplete):
        (WebCore::IDBClient::TransactionOperation::doComplete):
        (WebCore::IDBClient::TransactionOperation::idbRequest):
        (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread): Deleted.
        (WebCore::IDBClient::TransactionOperation::completed): Deleted.

2016-11-29  Zalan Bujtas  <zalan@apple.com>

        Safari (WebKit) doesn't wrap element within flex when width comes below min-width
        https://bugs.webkit.org/show_bug.cgi?id=136041
        <rdar://problem/25569370>

        Reviewed by Darin Adler.

        While figuring out whether a particular flex item fits the current line, we need to take
        the min-width into account too. This matches both FF and Chrome behaviour.

        Tests: fast/flexbox/flex-wrap-when-min-widht-is-set-1.html
               fast/flexbox/flex-wrap-when-min-widht-is-set-2.html

        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::computeNextFlexLine):

2016-11-29  Antti Koivisto  <antti@apple.com>

        Try to fix win/gtk build.

        * style/StyleUpdate.h:
        (WebCore::Style::ElementUpdate::ElementUpdate):

            Add explicit constructor for compilers that don't support C++14 list initialization correctly.

2016-11-28  Antti Koivisto  <antti@apple.com>

        Slotted nodes ignore transition
        https://bugs.webkit.org/show_bug.cgi?id=160866
        <rdar://problem/29231901>

        Reviewed by Sam Weinig.

        The problem is that slot (display:contents) always triggers full render tree rebuild when something
        changes in the slotted subtree. This causes animation to jump to end (may be another bug).

        Test: fast/shadow-dom/shadow-host-transition.html

        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        (WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement):
        * style/StyleChange.h:

            Rearrange so the strongest ('Detach') is the highest.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveElement):
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):

            If style was display:contents and stays that way, use 'Inherit' StyleChange which doesn't force render tree rebuild.
            Refactor more of the functionality to createAnimatedElementUpdate.

        * style/StyleTreeResolver.h:

2016-11-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Crash in WebCore::PlatformDisplayX11::supportsXComposite when running under Wayland
        https://bugs.webkit.org/show_bug.cgi?id=164917

        Reviewed by Michael Catanzaro.

        WebKitGTK+ appplications are expected to call gtk_init(), because WebKitGTK+, like GTK+ itself, requires a
        display to work. We currently fallback to create a X11 display when X11 is enabled in cases where GTK+ doesn't
        have a default display (gtk_init() wasn't called or failed). That's why we end up creating an X11 display under
        Wayland when both Wayland and X11 option are enabled. The code assumes X11 display creation will always work if
        X11 is enabled, but that's not true now that we support also Wayland at runtime. So, we should try to get a
        native display before creating the PlatformDisplay. Rendering will not work in any case when gtk_init() is not
        called, but in most of the cases those applications are not actually going to render anything, so this way at
        least we will not crash.

        * platform/graphics/PlatformDisplay.cpp:
        (WebCore::PlatformDisplay::createPlatformDisplay): Use create() method for X11 and Wayland if we couldn't get a
        native display from GTK+. If everything fails create a display with no native.
        (WebCore::PlatformDisplay::PlatformDisplay): Add NativeDisplayOwned parameter.
        * platform/graphics/PlatformDisplay.h:
        * platform/graphics/wayland/PlatformDisplayWayland.cpp:
        (WebCore::PlatformDisplayWayland::create): Try to create a native Wayland display or return nullptr.
        (WebCore::PlatformDisplayWayland::PlatformDisplayWayland): Initialize NativeDisplayOwned parameter.
        (WebCore::PlatformDisplayWayland::~PlatformDisplayWayland): Destroy the display if owned.
        (WebCore::PlatformDisplayWayland::initialize): Return early if native display is nullptr.
        * platform/graphics/wayland/PlatformDisplayWayland.h:
        * platform/graphics/x11/PlatformDisplayX11.cpp:
        (WebCore::PlatformDisplayX11::create): Try to create a native X11 display or return nullptr.
        (WebCore::PlatformDisplayX11::PlatformDisplayX11): Use NativeDisplayOwned now.
        (WebCore::PlatformDisplayX11::~PlatformDisplayX11): Ditto.
        * platform/graphics/x11/PlatformDisplayX11.h:

2016-11-28  Matt Baker  <mattbaker@apple.com>

        Web Inspector: Debugger should have an option for showing asynchronous call stacks
        https://bugs.webkit.org/show_bug.cgi?id=163230
        <rdar://problem/28698683>

        Reviewed by Joseph Pecoraro.

        Test: inspector/debugger/async-stack-trace.html

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::didScheduleAsyncCall):
        Helper function used by by instrumentation hooks. Informs the debugger
        agent that an asynchronous call was scheduled for the current script
        execution state.

        (WebCore::InspectorInstrumentation::didInstallTimerImpl):
        (WebCore::InspectorInstrumentation::didRemoveTimerImpl):
        (WebCore::InspectorInstrumentation::willFireTimerImpl):
        (WebCore::InspectorInstrumentation::didFireTimerImpl):
        Asynchronous stack trace plumbing for timers (setTimeout, setInterval).
        (WebCore::InspectorInstrumentation::didRequestAnimationFrameImpl):
        (WebCore::InspectorInstrumentation::didCancelAnimationFrameImpl):
        (WebCore::InspectorInstrumentation::willFireAnimationFrameImpl):
        (WebCore::InspectorInstrumentation::didFireAnimationFrameImpl):
        Asynchronous stack trace plumbing for requestAnimationFrame.

2016-11-28  Jiewen Tan  <jiewen_tan@apple.com>

        Unreviewed, followup patch after r209059.

        * crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
        * crypto/mac/CryptoAlgorithmRSAES_PKCS1_v1_5Mac.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
        * crypto/mac/CryptoAlgorithmRSA_OAEPMac.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
        (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):

2016-11-28  Jiewen Tan  <jiewen_tan@apple.com>

        ASSERTION FAILED: m_scriptExecutionContext->isContextThread() seen with LayoutTest crypto/subtle/rsa-oaep-generate-key-encrypt-decrypt.html
        https://bugs.webkit.org/show_bug.cgi?id=165124
        <rdar://problem/29413805>

        Reviewed by Daniel Bates.

        We should only dereference callbacks after being back to the Document/Worker threads as
        it might destroy promises in the work queue which will then trigger the assertion.

        Covered by existing tests.

        * crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
        * crypto/mac/CryptoAlgorithmRSAES_PKCS1_v1_5Mac.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
        * crypto/mac/CryptoAlgorithmRSA_OAEPMac.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
        (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):

2016-11-28  Darin Adler  <darin@apple.com>

        Streamline and speed up tokenizer and segmented string classes
        https://bugs.webkit.org/show_bug.cgi?id=165003

        Reviewed by Sam Weinig.

        Profiling Speedometer on my iMac showed the tokenizer as one of the
        hottest functions. This patch streamlines the segmented string class,
        removing various unused features, and also improves some other functions
        seen on the Speedometer profile. On my iMac I measured a speedup of
        about 3%. Changes include:

        - Removed m_pushedChar1, m_pushedChar2, and m_empty data members from the
          SegmentedString class and all the code that used to handle them.

        - Simplified the SegmentedString advance functions so they are small
          enough to get inlined in the HTML tokenizer.

        - Updated callers to call the simpler SegmentedString advance functions
          that don't handle newlines in as many cases as possible.

        - Cut down on allocations of SegmentedString and made code move the
          segmented string and the strings that are moved into it rather than
          copying them whenever possible.

        - Simplified segmented string functions, removing some branches, mostly
          from the non-fast paths.

        - Removed small unused functions and small functions used in only one
          or two places, made more functions private and renamed for clarity.

        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::documentWrite): Moved a little more of the common code in here
        from the two functions belwo. Removed obsolete comment saying this was not
        following the DOM specification because it is. Removed unneeded special
        cases for 1 argument and no arguments. Take a reference instead of a pointer.
        (WebCore::JSHTMLDocument::write): Updated for above.
        (WebCore::JSHTMLDocument::writeln): Ditto.

        * css/parser/CSSTokenizer.cpp: Added now-needed include.
        * css/parser/CSSTokenizer.h: Removed unneeded include.

        * css/parser/CSSTokenizerInputStream.h: Added definition of kEndOfFileMarker
        here; this is now separate from the use in the HTMLParser. In the long run,
        unclear to me whether it is really needed in either.

        * dom/Document.cpp:
        (WebCore::Document::prepareToWrite): Added. Helper function used by the three
        different variants of write. Using this may prevent us from having to construct
        a SegmentedString just to append one string after future refactoring.
        (WebCore::Document::write): Updated to take an rvalue reference and move the
        value through.
        (WebCore::Document::writeln): Use a single write call instead of two.

        * dom/Document.h: Changed write to take an rvalue reference to SegmentedString
        rather than a const reference.

        * dom/DocumentParser.h: Changed insert to take an rvalue reference to
        SegmentedString. In the future, should probably overload to take a single
        string since that is the normal case.

        * dom/RawDataDocumentParser.h: Updated for change to DocumentParser.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::append): Refactored a bit, just enough
        so that we don't need an assignment operator for SegmentedString that can
        copy a String.

        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::insert): Updated to take an rvalue reference,
        and move the value through.
        * html/parser/HTMLDocumentParser.h: Updated for the above.

        * html/parser/HTMLEntityParser.cpp:
        (WebCore::HTMLEntityParser::consumeNamedEntity): Updated for name changes.
        Changed the twao calls to advance here to call advancePastNonNewline; no
        change in behavior, but asserts what the code was assuming before, that the
        character was not a newline.

        * html/parser/HTMLInputStream.h:
        (WebCore::HTMLInputStream::appendToEnd): Updated to take an rvalue reference,
        and move the value through.
        (WebCore::HTMLInputStream::insertAtCurrentInsertionPoint): Ditto.
        (WebCore::HTMLInputStream::markEndOfFile): Removed the code to construct a
        SegmentedString, overkill since we can just append an individual string.
        (WebCore::HTMLInputStream::splitInto): Rewrote the move idiom here to actually
        use move, which will reduce reference count churn and other unneeded work.

        * html/parser/HTMLMetaCharsetParser.cpp:
        (WebCore::HTMLMetaCharsetParser::checkForMetaCharset): Removed unneeded
        construction of a SegmentedString, just to append a string.

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::HTMLSourceTracker): Moved to the class definition.
        (WebCore::HTMLSourceTracker::source): Updated for function name change.
        * html/parser/HTMLSourceTracker.h: Updated for above.

        * html/parser/HTMLTokenizer.cpp: Added now-needed include.
        (WebCore::HTMLTokenizer::emitAndResumeInDataState): Use advancePastNonNewline,
        since this function is never called in response to a newline character.
        (WebCore::HTMLTokenizer::commitToPartialEndTag): Ditto.
        (WebCore::HTMLTokenizer::commitToCompleteEndTag): Ditto.
        (WebCore::HTMLTokenizer::processToken): Use ADVANCE_PAST_NON_NEWLINE_TO macro
        instead of ADVANCE_TO in cases where the character we are advancing past is
        known not to be a newline, so we can use the more efficient advance function
        that doesn't check for the newline character.

        * html/parser/InputStreamPreprocessor.h: Moved kEndOfFileMarker to
        SegmentedString.h; not sure that's a good place for it either. In the long run,
        unclear to me whether this is really needed.
        (WebCore::InputStreamPreprocessor::peek): Added UNLIKELY for the empty check.
        Added LIKELY for the not-special character check.
        (WebCore::InputStreamPreprocessor::advance): Updated for the new name of the
        advanceAndUpdateLineNumber function.
        (WebCore::InputStreamPreprocessor::advancePastNonNewline): Added. More
        efficient than advance for cases where the last characer is known not to be
        a newline character.
        (WebCore::InputStreamPreprocessor::skipNextNewLine): Deleted. Was unused.
        (WebCore::InputStreamPreprocessor::reset): Deleted. Was unused except in the
        constructor; added initial values for the data members to replace.
        (WebCore::InputStreamPreprocessor::processNextInputCharacter): Removed long
        FIXME comment that didn't really need to be here. Reorganized a bit.
        (WebCore::InputStreamPreprocessor::isAtEndOfFile): Renamed and made static.

        * html/track/BufferedLineReader.cpp:
        (WebCore::BufferedLineReader::nextLine): Updated to not use the poorly named
        scanCharacter function to advance past a newline. Also renamed from getLine
        and changed to return Optional<String> instead of using a boolean to indicate
        failure and an out argument.

        * html/track/BufferedLineReader.h:
        (WebCore::BufferedLineReader::BufferedLineReader): Use the default, putting
        initial values on each data member below.
        (WebCore::BufferedLineReader::append): Updated to take an rvalue reference,
        and move the value through.
        (WebCore::BufferedLineReader::scanCharacter): Deleted. Was poorly named,
        and easy to replace with two lines of code at its two call sites.
        (WebCore::BufferedLineReader::reset): Rewrote to correctly clear all the
        data members of the class, not just the segmented string.

        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::parseWebVTTFileHeader): Updated to take
        an rvalue reference and move the value through.
        * html/track/InbandGenericTextTrack.h: Updated for the above.

        * html/track/InbandTextTrack.h: Updated since parseWebVTTFileHeader now
        takes an rvalue reference.

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::parseFileHeader): Updated to take an rvalue reference
        and move the value through.
        (WebCore::WebVTTParser::parseBytes): Updated to pass ownership of the string
        in to the line reader append function.
        (WebCore::WebVTTParser::parseCueData): Use auto and WTFMove for WebVTTCueData.
        (WebCore::WebVTTParser::flush): More of the same.
        (WebCore::WebVTTParser::parse): Changed to use nextLine instead of getLine.
        * html/track/WebVTTParser.h: Updated for the above.

        * html/track/WebVTTTokenizer.cpp:
        (WebCore::advanceAndEmitToken): Use advanceAndUpdateLineNumber by its new
        name, just advance. No change in behavior.
        (WebCore::WebVTTTokenizer::WebVTTTokenizer): Pass a String, not a
        SegmentedString, to add the end of file marker.

        * platform/graphics/InbandTextTrackPrivateClient.h: Updated since
        parseWebVTTFileHeader takes an rvalue reference.

        * platform/text/SegmentedString.cpp:
        (WebCore::SegmentedString::Substring::appendTo): Moved here from the header.
        The only caller is SegmentedString::toString, inside this file.
        (WebCore::SegmentedString::SegmentedString): Deleted the copy constructor.
        No longer needed.
        (WebCore::SegmentedString::operator=): Defined a move assignment operator
        rather than an ordinary assignment operator, since that's what the call
        sites really need.
        (WebCore::SegmentedString::length): Simplified since we no longer need to
        support pushed characters.
        (WebCore::SegmentedString::setExcludeLineNumbers): Simplified, since we
        can just iterate m_otherSubstrings without an extra check. Also changed to
        write directly to the data member of Substring instead of using a function.
        (WebCore::SegmentedString::updateAdvanceFunctionPointersForEmptyString):
        Added. Used when we run out of characters.
        (WebCore::SegmentedString::clear): Removed code to clear now-deleted members.
        Updated for changes to other member names.
        (WebCore::SegmentedString::appendSubstring): Renamed from just append to
        avoid ambiguity with the public append function. Changed to take an rvalue
        reference, and move in, and added code to set m_currentCharacter properly,
        so the caller doesn't have to deal with that.
        (WebCore::SegmentedString::close): Updated to use m_isClosed by its new name.
        Also removed unneeded comment about assertion that fires when trying to close
        an already closed string.
        (WebCore::SegmentedString::append): Added overloads for rvalue references of
        both entire SegmentedString objects and of String. Streamlined to just call
        appendSubstring and append to the deque.
        (WebCore::SegmentedString::pushBack): Tightened up since we don't allow empty
        strings and changed to take just a string, not an entire segmented string.
        (WebCore::SegmentedString::advanceSubstring): Moved logic into the
        advancePastSingleCharacterSubstringWithoutUpdatingLineNumber function.
        (WebCore::SegmentedString::toString): Simplified now that we don't need to
        support pushed characters.
        (WebCore::SegmentedString::advancePastNonNewlines): Deleted.
        (WebCore::SegmentedString::advance8): Deleted.
        (WebCore::SegmentedString::advanceWithoutUpdatingLineNumber16): Renamed from
        advance16. Simplified now that there are no pushed characters. Also changed to
        access data members of m_currentSubstring directly instead of calling a function.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber8): Deleted.
        (WebCore::SegmentedString::advanceAndUpdateLineNumber16): Ditto.
        (WebCore::SegmentedString::advancePastSingleCharacterSubstringWithoutUpdatingLineNumber):
        Renamed from advanceSlowCase. Removed uneeded logic to handle pushed characters.
        Moved code in here from advanceSubstring.
        (WebCore::SegmentedString::advancePastSingleCharacterSubstring): Renamed from
        advanceAndUpdateLineNumberSlowCase. Simplified by calling the function above.
        (WebCore::SegmentedString::advanceEmpty): Broke assertion up into two.
        (WebCore::SegmentedString::updateSlowCaseFunctionPointers): Updated for name changes.
        (WebCore::SegmentedString::advancePastSlowCase): Changed name and meaning of
        boolean argument. Rewrote to use the String class less; it's now used only when
        we fail to match after the first character rather than being used for the actual
        comparison with the literal.

        * platform/text/SegmentedString.h: Moved all non-trivial function bodies out of
        the class definition to make things easier to read. Moved the SegmentedSubstring
        class inside the SegmentedString class, making it a private struct named Substring.
        Removed the m_ prefix from data members of the struct, removed many functions from
        the struct and made its union be anonymous instead of naming it m_data. Removed
        unneeded StringBuilder.h include.
        (WebCore::SegmentedString::isEmpty): Changed to use the length of the substring
        instead of a separate boolean. We never create an empty substring, nor leave one
        in place as the current substring unless the entire segmented string is empty.
        (WebCore::SegmentedString::advancePast): Updated to use the new member function
        template instead of a non-template member function. The new member function is
        entirely rewritten and does the matching directly rather than allocating a string
        just to do prefix matching.
        (WebCore::SegmentedString::advancePastLettersIgnoringASCIICase): Renamed to make
        it clear that the literal must be all non-letters or lowercase letters as with
        the other "letters ignoring ASCII case" functions. The three call sites all fit
        the bill. Implement by calling the new function template.
        (WebCore::SegmentedString::currentCharacter): Renamed from currentChar.
        (WebCore::SegmentedString::Substring::Substring): Use an rvalue reference and
        move the string in.
        (WebCore::SegmentedString::Substring::currentCharacter): Simplified since this
        is never used on an empty substring.
        (WebCore::SegmentedString::Substring::incrementAndGetCurrentCharacter): Ditto.
        (WebCore::SegmentedString::SegmentedString): Overload to take an rvalue reference.
        Simplified since there are now fewer data members.
        (WebCore::SegmentedString::advanceWithoutUpdatingLineNumber): Renamed from
        advance, since this is only safe to use if there is some reason it is OK to skip
        updating the line number.
        (WebCore::SegmentedString::advance): Renamed from advanceAndUpdateLineNumber,
        since doing that is the normal desired behavior and not worth mentioning in the
        public function name.
        (WebCore::SegmentedString::advancePastNewline): Renamed from
        advancePastNewlineAndUpdateLineNumber.
        (WebCore::SegmentedString::numberOfCharactersConsumed): Greatly simplified since
        pushed characters are no longer supported.
        (WebCore::SegmentedString::characterMismatch): Added. Used by advancePast.

        * xml/parser/CharacterReferenceParserInlines.h:
        (WebCore::unconsumeCharacters): Use toString rather than toStringPreserveCapacity
        because the SegmentedString is going to take ownership of the string.
        (WebCore::consumeCharacterReference): Updated to use the pushBack that takes just
        a String, not a SegmentedString. Also use advancePastNonNewline.

        * xml/parser/MarkupTokenizerInlines.h: Added ADVANCE_PAST_NON_NEWLINE_TO.

        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::insert): Updated since this takes an rvalue reference.
        (WebCore::XMLDocumentParser::append): Removed unnecessary code to create a
        SegmentedString.
        * xml/parser/XMLDocumentParser.h: Updated for above. Also fixed indentation
        and initialized most data members.
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser): Moved most data member
        initialization into the class definition.
        (WebCore::XMLDocumentParser::resumeParsing): Removed code that copied a
        segmented string, but converted the whole thing into a string before using it.
        Now we convert to a string right away.

2016-11-28  Chris Dumez  <cdumez@apple.com>

        [iOS] Use UIKit SPI to force popover presentation style on iPhone for html validation popovers
        https://bugs.webkit.org/show_bug.cgi?id=165107

        Reviewed by Simon Fraser.

        Use UIKit SPI to force popover presentation style on iPhone for html validation
        popovers as this results in simpler code and achieves the same behavior.

        * platform/ValidationBubble.h:
        * platform/ios/ValidationBubbleIOS.mm:
        (WebCore::ValidationBubble::setAnchorRect):
        (-[WebValidationBubbleDelegate adaptivePresentationStyleForPresentationController:traitCollection:]): Deleted.
        * platform/spi/ios/UIKitSPI.h:

2016-11-28  Chris Dumez  <cdumez@apple.com>

        [Mac] Clicking on an HTML validation bubble should dismiss it
        https://bugs.webkit.org/show_bug.cgi?id=165117
        <rdar://problem/29409837>

        Reviewed by Simon Fraser.

        Clicking on an HTML validation bubble should dismiss it. It previously
        did nothing.

        No new tests, this is not easily testable as EventSender.keyDown() sends
        the event to the view, not to a particular screen location.

        * platform/mac/ValidationBubbleMac.mm:
        (-[WebValidationPopover mouseDown:]):
        (WebCore::ValidationBubble::ValidationBubble):

2016-11-27  Sam Weinig  <sam@webkit.org>

        Make CanvasRenderingContext2D use WebIDL unions / Variants for createPattern and drawImage
        https://bugs.webkit.org/show_bug.cgi?id=165086

        Reviewed by Darin Adler.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::size):
        Add overloads of size for each type of CanvasSource.
        (WebCore::CanvasRenderingContext2D::drawImage):
        (WebCore::CanvasRenderingContext2D::createPattern):
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.idl:
        Use variants to reduce code duplication and match spec language in drawImage and createPattern.

2016-11-28  Beth Dakin  <bdakin@apple.com>

        Blacklist Netflix for TouchBar support
        https://bugs.webkit.org/show_bug.cgi?id=165104
        -and corresponding-
        rdar://problem/29404778

        Reviewed by Tim Horton.

        This patch moves the algorithm to 
        bestMediaElementForShowingPlaybackControlsManager() so that Now Playing can also 
        use it.
        * html/HTMLMediaElement.cpp:
        (WebCore::needsPlaybackControlsManagerQuirk):
        (WebCore::HTMLMediaElement::bestMediaElementForShowingPlaybackControlsManager):
        (WebCore::HTMLMediaElement::updatePlaybackControlsManager):

2016-11-28  Mark Lam  <mark.lam@apple.com>

        Fix exception scope verification failures in more miscellaneous files.
        https://bugs.webkit.org/show_bug.cgi?id=165102

        Reviewed by Saam Barati.

        No new tests because these are fixes to failures detected by existing tests when
        exception check verification is enabled.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::toJS):
        * bindings/js/JSCommandLineAPIHostCustom.cpp:
        (WebCore::getJSListenerFunctions):
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::buildJSONForRSAComponents):
        (WebCore::addUsagesToJSON):
        * bindings/js/JSDOMBinding.h:
        (WebCore::toJS):
        * bridge/runtime_array.cpp:
        (JSC::RuntimeArray::put):

2016-11-28  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Fix bugs in the @supports parser
        https://bugs.webkit.org/show_bug.cgi?id=165115

        Reviewed by Zalan Bujtas.

        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        Clean up the display property to match the old parser to ensure
        that @supports conditions on display are the same.

        * css/parser/CSSSupportsParser.cpp:
        (WebCore::CSSSupportsParser::consumeCondition):
        (WebCore::CSSSupportsParser::consumeNegation):
        (WebCore::CSSSupportsParser::consumeConditionInParenthesis):
        * css/parser/CSSSupportsParser.h:
        What follows are all bugs in Blink that need to be fixed to pass our
        tests.

        Fix the supports parser to allow the whitespace after not/or/and to
        be optional. Allow the whitespace following parenthetical conditions
        to be optional.

        With whitespace being optional, this means that "not(" will parse
        as a FunctionToken type, as will "or(" and "and(". Handle this situation
        by checking for FunctionToken along with IdentToken and parameterizing
        consumeConditionInParenthesis to do the right thing when it starts with
        a FunctionToken instead of an IdentToken.

        Fix the general enclosure FunctionToken for forward compatibility to require that
        the function still be enclosed within parentheses.

2016-11-28  Mark Lam  <mark.lam@apple.com>

        Fix exception scope verification failures in ObjectConstructor.cpp and ObjectPrototype.cpp.
        https://bugs.webkit.org/show_bug.cgi?id=165051

        Reviewed by Saam Barati.

        No new tests because this is covered by the existing test
        http/tests/security/cross-frame-access-object-prototype.html with the help of a
        new ASSERT in ObjectPrototype.cpp.

        Fixed jsDOMWindowGetOwnPropertySlotRestrictedAccess() to return false when it
        throws an exception.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):

2016-11-28  Tim Horton  <timothy_horton@apple.com>

        Obvious change in saturation/color when swiping to a previously visited page
        https://bugs.webkit.org/show_bug.cgi?id=165112
        <rdar://problem/29257229>

        Reviewed by Simon Fraser.

        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::createFromImage):
        IOSurface::createFromImage should take into account the colorspace of the
        originating image, instead of just hardcoding sRGB.

        Otherwise, on a non-sRGB display, the display-space snapshot that we take
        for back-forward swipe is converted to sRGB, then the colorspace information
        is lost (without a way to maintain it inside the IOSurface), and displayed
        as layer contents interpreted as display space (instead of sRGB).

2016-11-28  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix crashes on Yosemite after r209009

        NSTextField's maximumNumberOfLines was introduced in ElCapitan so
        disable it at compile-time on previous OSes for now.

        * platform/mac/ValidationBubbleMac.mm:
        (WebCore::ValidationBubble::ValidationBubble):

2016-11-28  Keith Rollin  <krollin@apple.com>

        Unreviewed, rolling out r208607.

        The actual changes aren't inline with what was requested.

        Reverted changeset:

        "Reduce number of platformMemoryUsage calls"
        https://bugs.webkit.org/show_bug.cgi?id=164375
        http://trac.webkit.org/changeset/208607

2016-11-28  Beth Dakin  <bdakin@apple.com>

        Blacklist Netflix for TouchBar support
        https://bugs.webkit.org/show_bug.cgi?id=165104
        -and corresponding-
        rdar://problem/29404778

        Reviewed by Darin Adler.

        * html/HTMLMediaElement.cpp:
        (WebCore::needsPlaybackControlsManagerQuirk):
        (WebCore::HTMLMediaElement::updatePlaybackControlsManager):

2016-11-28  Chris Dumez  <cdumez@apple.com>

        Limit HTML Form validation popovers to 4 lines
        https://bugs.webkit.org/show_bug.cgi?id=165098
        <rdar://problem/29403286>

        Reviewed by Darin Adler.

        Limit HTML Form validation popovers to 4 lines as per recent feedback.

        * platform/ios/ValidationBubbleIOS.mm:
        (WebCore::ValidationBubble::ValidationBubble):
        * platform/mac/ValidationBubbleMac.mm:
        (WebCore::ValidationBubble::ValidationBubble):

2016-11-28  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Filters and Reflections Fixes
        https://bugs.webkit.org/show_bug.cgi?id=165103

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeReflect):
        Support the "none" keyword for box-reflect.

        * css/parser/CSSPropertyParserHelpers.cpp:
        (WebCore::CSSPropertyParserHelpers::isValidPrimitiveFilterFunction):
        (WebCore::CSSPropertyParserHelpers::consumeFilterFunction):
        Don't rely on range checking, since invert isn't grouped with the other
        function values. Actually check every keyword.

2016-11-28  Brent Fulgham  <bfulgham@apple.com>

        ImageData does not match specification
        https://bugs.webkit.org/show_bug.cgi?id=164663

        Reviewed by Simon Fraser.

        The W3C specification https://www.w3.org/TR/2dcontext/ clearly states that
        the width and height attributes of the ImageData type should be unsigned.
        Our current implementation has signed integer values.

        In practice, we have enforced the unsigned requirement by throwing a TypeError
        if you attempt to construct an ImageData with negative width or height.

        This change simply updates the IDL and impelemntation to match the spec.

        Test coverage is already provided by fast/canvas/canvas-imageData.html

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readTerminal): Serialize as uint32_t values.
        * html/ImageData.idl: Revise width and height to be unsigned long.

2016-11-28  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] flex-basis should be pixel units not percentages.
        https://bugs.webkit.org/show_bug.cgi?id=165100

        Reviewed by Zalan Bujtas.

        * css/parser/CSSPropertyParser.cpp:
        (WebCore::CSSPropertyParser::consumeFlex):

2016-11-28  Daniel Bates  <dabates@apple.com>

        Replace CSSPropertyNames.in with a JSON file
        https://bugs.webkit.org/show_bug.cgi?id=164691

        Reviewed by Simon Fraser.

        Convert CSSPropertyNames.in to a structured JSON file. This is the first step towards
        exposing a CSS feature status dashboard and generating more of the boilerplate code
        for a CSS property.

        A side effect of this change is that makeprop.pl no longer detects duplicate CSS property
        definitions. We will look to bring such duplication detection back in a subsequent
        commit.

        * CMakeLists.txt: Substitute CSSProperties.json for CSSPropertyNames.in and update the
        invocation of makeprop.pl as we no longer need to pass the bindings/scripts/preprocessor.pm
        Perl module. Makeprop.pl supports conditional CSS properties and values without the need
        to preprocess CSSProperties.json using the C preprocessor.
        * DerivedSources.make: Ditto. Pass WTF_PLATFORM_IOS to makeprop.pl when building for iOS
        as we no longer make use of bindings/scripts/preprocessor.pm.
        * css/CSSProperties.json: Added.
        * css/CSSPropertyNames.in: Removed.
        * css/StyleResolver.cpp: Remove variable lastHighPriorityProperty as we now generate it.
        * css/makeprop.pl: Extracted the input file name, now CSSProperties.json, into a global variable
        and referenced this variable throughout this script instead of hardcoding the input file name at
        each call site. Updated code to handle CSS longhand names being encoded in a JSON array as opposed
        to a string of '|'-separated values. I added a FIXME comment to do the same for the codegen property
        "custom". Fixed Perl uninitialized variable warnings when die()-ing with error "Unknown CSS property
        used in all shorthand ..." or "Unknown CSS property used in longhands ...".
        (isPropertyEnabled): Added. Determine whether code should be generated for a property.
        (addProperty): Added.
        (sortByDescendingPriorityAndName): Added.
        (getScopeForFunction): Lowercase option names so that we can use a consistent case throughout
        the JSON file.
        (getNameForMethods): Ditto.
        (generateColorValueSetter):
        (generateAnimationPropertyInitialValueSetter): Ditto.
        (generateAnimationPropertyInheritValueSetter): Ditto.
        (generateFillLayerPropertyInitialValueSetter): Ditto.
        (generateFillLayerPropertyInheritValueSetter): Ditto.
        (generateSetValueStatement): Ditto.
        (generateInitialValueSetter): Ditto.
        (generateInheritValueSetter): Ditto.
        (generateValueSetter): Ditto.

2016-11-28  Dave Hyatt  <hyatt@apple.com>

        [CSS Parser] Support -webkit-animation-trigger
        https://bugs.webkit.org/show_bug.cgi?id=165095

        Reviewed by Zalan Bujtas.

        * css/CSSValueKeywords.in:
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeWebkitAnimationTrigger):
        (WebCore::consumeAnimationValue):
        (WebCore::CSSPropertyParser::parseSingleValue):

2016-11-28  Antti Koivisto  <antti@apple.com>

        Remove FIRST_LINE_INHERITED fake pseudo style
        https://bugs.webkit.org/show_bug.cgi?id=165071

        Reviewed by Andreas Kling.

        These are create during layout an then cached to the RenderStyle. Cache computed first line style to
        RenderObject rare data instead, avoiding style mutation an other confusing messiness.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        (WebCore::RenderElement::computeFirstLineStyle):
        (WebCore::RenderElement::firstLineStyle):

            Cache the first line style.

        (WebCore::RenderElement::invalidateCachedFirstLineStyle):
        (WebCore::RenderElement::styleWillChange):

            Invalidate subtree if we have cached first line style.

        (WebCore::RenderElement::getUncachedPseudoStyle):
        (WebCore::RenderElement::uncachedFirstLineStyle): Deleted.
        (WebCore::RenderElement::cachedFirstLineStyle): Deleted.
        * rendering/RenderElement.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::rareDataMap):
        (WebCore::RenderObject::rareData):
        (WebCore::RenderObject::ensureRareData):
        * rendering/RenderObject.h:

            Stop copying rare data objects.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):

            Use the normal mechanism for invalidating layout for first-line instead of a hack in pseudoStyleCacheIsInvalid.

        * rendering/style/RenderStyleConstants.h:
        * style/RenderTreeUpdater.cpp:
        (WebCore::pseudoStyleCacheIsInvalid):

            Simplify.

2016-11-28  Miguel Gomez  <magomez@igalia.com>

        [GTK] Dramatic increase on memory usage since 2.14.x
        https://bugs.webkit.org/show_bug.cgi?id=164049

        Reviewed by Žan Doberšek.

        Use OpenGL version 3.2 Core for rendering when available.
        Update some operations that have changed when using 3.2 Core:
        - Use glGetStringi to get the extensions list.
        - Do not use GL_POINT_SPRITE.
        - Always use a VAO when rendering.
        - Use a GLSL 1.50 compatible shader.

        No new tests needed.

        * platform/graphics/GLContext.cpp:
        (WebCore::GLContext::version):
        Add a method to get OpenGL version we are using.
        * platform/graphics/GLContext.h:
        Ditto.
        * platform/graphics/GraphicsContext3D.h:
        Add an attribute to store the VAO used for rendering.
        * platform/graphics/OpenGLShims.cpp:
        (WebCore::initializeOpenGLShims):
        Add glGetStringi to the list of functions.
        * platform/graphics/OpenGLShims.h:
        Ditto.
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        Set appropriate output to the shader compiler and initalize the VAO if needed.
        (WebCore::GraphicsContext3D::~GraphicsContext3D):
        Delete the VAO if needed.
        (WebCore::GraphicsContext3D::getExtensions):
        Use glGetExtensionsi for OpenGL versions >= 3.2.
        * platform/graphics/glx/GLContextGLX.cpp:
        (WebCore::hasGLXARBCreateContextExtension):
        Check whether the GLX_ARB_create_context extension is available.
        (WebCore::GLContextGLX::createWindowContext):
        Use glXCreateContextAttribsARB() if possible to request an OpenGL 3.2 context.
        (WebCore::GLContextGLX::createPbufferContext):
        Ditto.
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::initializeAvailableExtensions):
        Enable glGetStringi for GTK.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        Do not use default getExtensions