2017-04-16 Jason Marcell Roll out r211294 vi 215335. rdar://problem/31512298 2017-04-12 Myles C. Maxfield [Cocoa] Prepare ComplexTextController for unit testing https://bugs.webkit.org/show_bug.cgi?id=167493 Reviewed by Dean Jackson. ComplexTextController has three phases: 1. Interrogate Core Text about some text 2. Compute layout advances and paint advances from the information retrieved from Core Text 3. Iterate through the layout advances or paint advances. This patch tests phases 2 and 3 by chopping ComplexTextController between phases 1 and 2, and injecting foreign metrics from a unit test. These metrics have been gathered from real-world uses; however, a layout test is not appropriate because the fonts which produced these metrics are not licensed appropriately. The tests can enforce the correct behavior by using ComplexTextController's public API. This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=166013. However, the fix for that bug is quite large, so I've split out this smaller piece to ease the reviewing burden. The tests I've added are disabled for now (because they fail), but will be enabled by the fix to that bug. No new tests because there is no behavior change. * WebCore.xcodeproj/project.pbxproj: * platform/graphics/FontCascade.h: * platform/graphics/FontDescription.h: * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::ComplexTextController): (WebCore::ComplexTextController::finishConstruction): * platform/graphics/mac/ComplexTextController.h: (WebCore::ComplexTextController::ComplexTextRun::createForTesting): * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): 2017-04-12 Myles C. Maxfield REGRESSION(r211382): Complex text with justification erroneously overflows containers https://bugs.webkit.org/show_bug.cgi?id=170399 When we perform justification, we adjust glyphs' advances to add extra space between words. ComplexTextController maintains an invariant where m_totalWidth is equal to the sum of these advances. However, in RTL text, inserting extra justification space to the left of a glyph would break that invariant, and would increase the advances of two glyphs instead of just one. Then, when we go to draw the text, the sum of the advances is wider than m_totalWidth, which means the glyphs would be drawn outside of their container. This regressed in r211382 simply because of an oversight and because there were no tests for this codepath. Test: ComplexTextControllerTest.TotalWidthWithJustification * platform/graphics/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * rendering/InlineBox.h: (WebCore::InlineBox::InlineBox): 2017-04-11 Jason Marcell Cherry-pick 214358. rdar://problem/31502340 2017-03-24 Alex Christensen REGRESSION: Content Blocker: Blocking "a[href*=randomString]" doesn't work https://bugs.webkit.org/show_bug.cgi?id=169167 Reviewed by Simon Fraser. When testing content extensions, we have always called an API function that internally has called AtomicString::init somewhere before we start compiling the content extension. On iOS, though, we call [_WKUserContentExtensionStore compileContentExtensionForIdentifier:...] without having already called anything that calls AtomicString::init. The new CSS parser is now failing to parse some selectors because CSSSelectorParser::defaultNamespace is returning starAtom, which is a null atomic string before AtomicString::init is called. Covered by a new API test. * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::isValidCSSSelector): (WebCore::ContentExtensions::loadAction): (WebCore::ContentExtensions::isValidSelector): Deleted. * contentextensions/ContentExtensionParser.h: Call AtomicString::init before checking if a css selector is valid. 2017-04-03 Jason Marcell Cherry-pick r214819. rdar://problem/31407633 2017-04-01 Simon Fraser Clean up touch event handler registration when moving nodes between documents https://bugs.webkit.org/show_bug.cgi?id=170384 rdar://problem/30816694 Reviewed by Chris Dumez. Make sure that Node::didMoveToNewDocument() does the correct unregistration on the old document, and registration on the new document for nodes with touch event listeners, and gesture event listeners. Touch "handler" nodes (those for overflow and sliders) are already correctly moved via renderer-related teardown. Add assertions that fire when removal was not complete. Use references in more places. Tests: fast/events/touch/ios/gesture-node-move-between-documents.html fast/events/touch/ios/overflow-node-move-between-documents.html fast/events/touch/ios/slider-node-move-between-documents.html fast/events/touch/ios/touch-node-move-between-documents.html * dom/EventNames.h: (WebCore::EventNames::gestureEventNames): * dom/Node.cpp: (WebCore::Node::willBeDeletedFrom): (WebCore::Node::didMoveToNewDocument): (WebCore::tryAddEventListener): (WebCore::tryRemoveEventListener): * html/shadow/SliderThumbElement.cpp: (WebCore::SliderThumbElement::registerForTouchEvents): (WebCore::SliderThumbElement::unregisterForTouchEvents): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::registerAsTouchEventListenerForScrolling): (WebCore::RenderLayer::unregisterAsTouchEventListenerForScrolling): 2017-04-03 Jason Marcell Cherry-pick r214703. rdar://problem/31407633 2017-03-31 Simon Fraser Rename DOMWindow's m_touchEventListenerCount to m_touchAndGestureEventListenerCount https://bugs.webkit.org/show_bug.cgi?id=170371 Reviewed by Tim Horton. This count tracks touch and gesture event listeners, so name it appropriately. * page/DOMWindow.cpp: (WebCore::DOMWindow::addEventListener): (WebCore::DOMWindow::removeEventListener): (WebCore::DOMWindow::removeAllEventListeners): * page/DOMWindow.h: 2017-04-03 Jason Marcell Cherry-pick r214702. rdar://problem/31407633 2017-03-31 Simon Fraser When destroying a Node, assert that it's been removed from all the touch handler maps https://bugs.webkit.org/show_bug.cgi?id=170363 rdar://problem/31377469 Reviewed by Tim Horton. Assert that the Node has been removed from the touch handler maps in all documents on destruction. * dom/Document.h: (WebCore::Document::hasTouchEventHandlers): (WebCore::Document::touchEventTargetsContain): * dom/Node.cpp: (WebCore::Node::~Node): 2017-04-03 Jason Marcell Cherry-pick r214649. rdar://problem/31407626 2017-03-30 Simon Fraser Ensure that Node::willBeDeletedFrom() always removes touch event handlers from the document https://bugs.webkit.org/show_bug.cgi?id=170323 rdar://problem/23647630 Reviewed by Chris Dumez. There are two instances where nodes are registered as touch event handlers without having normal touch event listeners: slider thumb elements, and elements with overflow scrolling, on iOS. For such nodes, hasEventTargetData() will be false, but we want to ensure that they are removed from the Document's touchEventHandler set, so move the call to document.removeTouchEventHandler() outside of the conditional block. This should be cheap in most cases when the touchEventHandler is empty. * dom/Node.cpp: (WebCore::Node::willBeDeletedFrom): 2017-04-03 Jason Marcell Cherry-pick r214648. rdar://problem/31408453 2017-03-30 Simon Fraser Minor cleanup checking for gesture event names https://bugs.webkit.org/show_bug.cgi?id=170319 Reviewed by Tim Horton. Just use isGestureEventType() in a couple of places. * dom/Node.cpp: (WebCore::tryAddEventListener): (WebCore::tryRemoveEventListener): 2017-04-03 Jason Marcell Cherry-pick r214640. rdar://problem/31408453 2017-03-30 Simon Fraser Rename a touch event function, and new touch region test results https://bugs.webkit.org/show_bug.cgi?id=170309 rdar://problem/31329520 Reviewed by Chris Dumez. Adapt to a naming change in WebKitAdditions. * dom/Document.cpp: (WebCore::Document::removeAllEventListeners): * page/FrameView.cpp: (WebCore::FrameView::layout): * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollTo): (WebCore::RenderLayer::calculateClipRects): 2017-03-31 Brent Fulgham Merge r214378. rdar://problem/31177657 2017-03-24 Brent Fulgham Handle recursive calls to ProcessingInstruction::checkStyleSheet https://bugs.webkit.org/show_bug.cgi?id=169982 Reviewed by Antti Koivisto. See if we triggered a recursive load of the stylesheet during the 'beforeload' event handler. If so, reset to a valid state before completing the load. We should also check after 'beforeload' that we were not disconnected from (or moved to a new) document. I also looked for other cases of this pattern and fixed them, too. Tests: fast/dom/beforeload/image-removed-during-before-load.html fast/dom/beforeload/recursive-css-pi-before-load.html fast/dom/beforeload/recursive-link-before-load.html fast/dom/beforeload/recursive-xsl-pi-before-load.html * dom/ProcessingInstruction.cpp: (WebCore::ProcessingInstruction::checkStyleSheet): Prevent recursive calls into this function during 'beforeload' handling. Also, safely handle the case where the element was disconnected in the 'beforeload' handler (similar to what we do in HTMLLinkElement). (WebCore::ProcessingInstruction::setCSSStyleSheet): Drive-by Fix: Protect the current document to match what we do in setXSLStyleSheet. * dom/ProcessingInstruction.h: * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): Prevent recursive calls into this function during 'beforeload' handling. * html/HTMLLinkElement.h: * loader/ImageLoader.cpp: (WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): safely handle the case where the element was disconnected in the 'beforeload' handler (similar to what we do in HTMLLinkElement). 2017-03-30 Jason Marcell Merge r214392. rdar://problem/31356105 2017-03-24 Daniel Bates media/restore-from-page-cache.html causes NoEventDispatchAssertion::isEventAllowedInMainThread() assertion failure https://bugs.webkit.org/show_bug.cgi?id=170087 Reviewed by Simon Fraser. Reduce the scope of code that should never dispatch DOM events so as to allow updating contents size after restoring a page from the page cache. In r214014 we instantiate a NoEventDispatchAssertion in FrameLoader::commitProvisionalLoad() around the call to CachedPage::restore() to assert when a DOM event is dispatched during page restoration as such events can cause re-entrancy into the page cache. As it turns out it is sufficient to ensure that no DOM events are dispatched after restoring all cached frames as opposed to after CachedPage::restore() returns. Also rename Document::enqueue{Pageshow, Popstate}Event() to dispatch{Pageshow, Popstate}Event(), respectively, since they synchronously dispatch events :(. We hope in the future to make them asynchronously dispatch events. * dom/Document.cpp: (WebCore::Document::implicitClose): Update for renaming. (WebCore::Document::statePopped): Ditto. (WebCore::Document::dispatchPageshowEvent): Renamed; formerly named enqueuePageshowEvent(). (WebCore::Document::dispatchPopstateEvent): Renamed; formerly named enqueuePopstateEvent(). (WebCore::Document::enqueuePageshowEvent): Deleted. (WebCore::Document::enqueuePopstateEvent): Deleted. * dom/Document.h: * history/CachedPage.cpp: (WebCore::firePageShowAndPopStateEvents): Moved logic from FrameLoader::didRestoreFromCachedPage() to here. (WebCore::CachedPage::restore): Modified to call firePageShowAndPopStateEvents(). * loader/FrameLoader.cpp: (WebCore::FrameLoader::commitProvisionalLoad): Removed use of NoEventDispatchAssertion RAII object. We will instantiate it in CachedPage::restore() with a smaller scope. (WebCore::FrameLoader::didRestoreFromCachedPage): Deleted; moved logic from here to WebCore::firePageShowAndPopStateEvents(). * loader/FrameLoader.h: 2017-03-30 Jason Marcell Merge r214599. rdar://problem/31356103 2017-03-29 Ryosuke Niwa Disconnecting a HTMLObjectElement does not always unload its content document https://bugs.webkit.org/show_bug.cgi?id=169606 Reviewed by Andy Estes. When removing a node, we first disconnect all subframes then update the focused element as we remove each child. However, when the removed element is a focused object element with a content document, removeFocusedNodeOfSubtree can update the style tree synchronously inside Document::setFocusedElement, and reload the document. Avoid this by instantiating a SubframeLoadingDisabler on the parent of the focused element. Test: fast/dom/removing-focused-object-element.html * dom/Document.cpp: (WebCore::Document::removeFocusedNodeOfSubtree): 2017-03-30 Jason Marcell Merge r214510. rdar://problem/31356107 2017-03-27 Brent Fulgham Only attach Attributes to a given element one time https://bugs.webkit.org/show_bug.cgi?id=170125 Reviewed by Chris Dumez. Attach the attribute node to the Element before calling 'setAttributeInternal', since that method may cause arbitrary JavaScript events to fire. Test: fast/dom/Attr/only-attach-attr-once.html * dom/Element.cpp: (WebCore::Element::attachAttributeNodeIfNeeded): Added. (WebCore::Element::setAttributeNode): Use new method. Revise to attach attribute before calling 'setAttributeInternal'. (WebCore::Element::setAttributeNodeNS): Ditto. * dom/Element.h: 2017-03-30 Jason Marcell Merge r214086. rdar://problem/31356102 2017-03-16 Dean Jackson WebGL: Improve index validation when using uint index values https://bugs.webkit.org/show_bug.cgi?id=169798 Reviewed by Simon Fraser. Make sure that we test index validation with the correct type. Also stop using -1 in WebGLBuffer to indicate non-existant values. Test: fast/canvas/webgl/draw-elements-out-of-bounds-uint-index.html * html/canvas/WebGL2RenderingContext.cpp: (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Use optional<> and unsigned values. * html/canvas/WebGLBuffer.cpp: Use unsigned for maxIndex (they can't be negative) and optional<> to indicate unknown value. (WebCore::WebGLBuffer::getCachedMaxIndex): (WebCore::WebGLBuffer::setCachedMaxIndex): * html/canvas/WebGLBuffer.h: * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::validateIndexArrayConservative): Use optional<> and unsigned values. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateVertexAttributes): No need to check if an unsigned value is less than zero. 2017-03-29 Jason Marcell Merge r214291. rdar://problem/30922110 2017-03-22 Jiewen Tan ASSERT_WITH_SECURITY_IMPLICATION hit when removing an while dragging on iOS https://bugs.webkit.org/show_bug.cgi?id=165535 Reviewed by Ryosuke Niwa. Utimately we should prevent SliderThumbElement::unregisterForTouchEvents() being called while updating render tree. A quick fix for this is to move dispatchFormControlChangeEvent for input from stopDragging up to the callers which really needs to dispatch this event, i.e., finishing dragging the slider. It is clear that not every caller of stopDragging wants to dispatchFormControlChangeEvent. Test: fast/forms/range/range-remove-on-drag.html * html/shadow/SliderThumbElement.cpp: (WebCore::SliderThumbElement::stopDragging): (WebCore::SliderThumbElement::defaultEventHandler): (WebCore::SliderThumbElement::handleTouchEndAndCancel): 2017-03-28 Jason Marcell Merge r214365. rdar://problem/30922115 2017-03-24 Daniel Bates Prevent new navigations during document unload https://bugs.webkit.org/show_bug.cgi?id=169934 Reviewed by Chris Dumez. Similar to our policy of preventing new navigations from onbeforeunload handlers we should prevent new navigations that are initiated during the document unload process. The significant part of this change is the instantiation of the RAII object NavigationDisabler in Document::prepareForDestruction(). The rest of this change just renames class NavigationDisablerForBeforeUnload to NavigationDisabler now that this RAII class is used to prevent navigation from both onbeforeunload event handlers and when unloading a document. Test: fast/frames/frame-unload-navigate-and-setTimeout-assert-fail.html * dom/Document.cpp: (WebCore::Document::prepareForDestruction): Disable new navigations when disconnecting subframes. Also assert that the document is not in the page cache before we fall off the end of the function. * loader/FrameLoader.cpp: (WebCore::FrameLoader::isNavigationAllowed): Update for renaming below. (WebCore::FrameLoader::shouldClose): Ditto. * loader/NavigationScheduler.cpp: (WebCore::NavigationScheduler::shouldScheduleNavigation): Ditto. * loader/NavigationScheduler.h: (WebCore::NavigationDisabler::NavigationDisabler): Renamed class; formerly named NavigationDisablerForBeforeUnload. (WebCore::NavigationDisabler::~NavigationDisabler): Ditto. (WebCore::NavigationDisabler::isNavigationAllowed): Ditto. (WebCore::NavigationDisablerForBeforeUnload::NavigationDisablerForBeforeUnload): Deleted. (WebCore::NavigationDisablerForBeforeUnload::~NavigationDisablerForBeforeUnload): Deleted. (WebCore::NavigationDisablerForBeforeUnload::isNavigationAllowed): Deleted. 2017-03-28 Jason Marcell Merge r214194. rdar://problem/31101594 2017-03-20 Daniel Bates Prevent new navigations from onbeforeunload handler https://bugs.webkit.org/show_bug.cgi?id=169891 Reviewed by Ryosuke Niwa. Ensure that all navigations initiated from an onbeforeunload handler are disallowed regardless of how they were scheduled. Such navigations go against the expectation of a user. * loader/FrameLoader.cpp: (WebCore::FrameLoader::isNavigationAllowed): Added. (WebCore::FrameLoader::loadURL): Modified code to call FrameLoader::isNavigationAllowed(). (WebCore::FrameLoader::loadWithDocumentLoader): Ditto. (WebCore::FrameLoader::stopAllLoaders): Ditto. * loader/FrameLoader.h: 2017-03-28 Jason Marcell Merge r214237. rdar://problem/31178134 2017-03-21 Brady Eidson Disable all virtual tables. and https://bugs.webkit.org/show_bug.cgi?id=169928 Reviewed by Jer Noble. No new tests (Covered by changes to existing test). * Modules/webdatabase/DatabaseAuthorizer.cpp: (WebCore::DatabaseAuthorizer::createVTable): (WebCore::DatabaseAuthorizer::dropVTable): 2017-03-28 Jason Marcell Merge r214232. rdar://problem/30922105 2017-03-21 Zalan Bujtas Tear down descendant renderers when 's display value is set to no "contents". https://bugs.webkit.org/show_bug.cgi?id=169921 Reviewed by Antti Koivisto. Since "display: contents" does not generate a renderer, when an element's display value is changed to something other than "contents", we not only create a renderer but also reparent its descendant subtree (e.g from slot's parent to the newly constructed slot renderer). During this reparenting, we need to tear down the descendant subtree tree and build it up again to reflect the new rendering context. Test: fast/shadow-dom/slot-with-continuation-descendants.html * style/RenderTreeUpdater.cpp: (WebCore::RenderTreeUpdater::updateElementRenderer): 2017-03-28 Jason Marcell Merge r211645. rdar://problem/30922105 2017-02-03 Chris Dumez Fix bad assertion under HTMLTreeBuilder::processStartTagForInBody() https://bugs.webkit.org/show_bug.cgi?id=167799 Reviewed by Brent Fulgham. Fix bad assertion under HTMLTreeBuilder::processStartTagForInBody() that was expecting the root element to be an element when parsing a . While this assertion is true in theory and as per the specification, it does not hold in WebKit when parsing a DocumentFragment. This is because WebKit has an optimization causing us to have a DocumentFragment as root element when parsing a fragment. See the following constructor: "HTMLTreeBuilder(HTMLDocumentParser&, DocumentFragment&, Element&, ParserContentPolicy, const HTMLParserOptions&)" which has the following code: """ // https://html.spec.whatwg.org/multipage/syntax.html#parsing-html-fragments // For efficiency, we skip step 5 ("Let root be a new html element with no attributes") and instead use the DocumentFragment as a root node. m_tree.openElements().pushRootNode(HTMLStackItem::create(fragment)); """ Update the assertion to expect a DocumentFragment as root element when parsing a fragment, and keep expecting an element otherwise. Test: fast/parser/fragment-with-frameset-crash.html * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::processStartTagForInBody): 2017-03-22 Jason Marcell Merge r214125. rdar://problem/30921831 2017-03-17 Said Abou-Hallawa Time channel attack on SVG Filters https://bugs.webkit.org/show_bug.cgi?id=118689 Reviewed by Simon Fraser. The time channel attack can happen if the attacker applies FEColorMatrix or FEConvolveMatrix and provides a matrix which is filled with subnormal floating point values. Performing floating-point operations on subnormals is very expensive unless the pixel in the source graphics is black (or zero). By measuring the time a filter takes to be applied, the attacker can know whether the pixel he wants to steal from an iframe is black or white. By repeating the same process on all the pixels in the iframe, the attacker can reconstruct the whole page of the iframe. To fix this issue, the values in the matrices of these filters will clamped to FLT_MIN. We do not want to consume too much time calculating filtered pixels because of such tiny values. The difference between applying FLT_MIN and applying a subnormal should not be even noticeable. Normalizing the floating-point matrices should happen only at the beginning of the filter platformApplySoftware(). * platform/graphics/filters/FEColorMatrix.cpp: (WebCore::FEColorMatrix::platformApplySoftware): * platform/graphics/filters/FEConvolveMatrix.cpp: (WebCore::FEConvolveMatrix::fastSetInteriorPixels): (WebCore::FEConvolveMatrix::fastSetOuterPixels): (WebCore::FEConvolveMatrix::platformApplySoftware): * platform/graphics/filters/FEConvolveMatrix.h: * platform/graphics/filters/FilterEffect.h: (WebCore::FilterEffect::normalizedFloats): 2017-03-21 Jason Marcell Merge r214014. rdar://problem/30921815 2017-03-15 Daniel Bates Iteratively dispatch DOM events after restoring a cached page https://bugs.webkit.org/show_bug.cgi?id=169703 Reviewed by Brady Eidson. Make dispatching of DOM events when restoring a page from the page cache symmetric with dispatching of events when saving a page to the page cache. * history/CachedFrame.cpp: (WebCore::CachedFrameBase::restore): Move code to dispatch events from here to FrameLoader::didRestoreFromCachedPage(). * loader/FrameLoader.cpp: (WebCore::FrameLoader::commitProvisionalLoad): Ensure that no DOM events are dispatched during restoration of a cached page. Call didRestoreFromCachedPage() after restoring the page to dispatch DOM events on the restored frames. (WebCore::FrameLoader::willRestoreFromCachedPage): Renamed; formerly named prepareForCachedPageRestore(). (WebCore::FrameLoader::didRestoreFromCachedPage): Added. (WebCore::FrameLoader::prepareForCachedPageRestore): Renamed to willRestoreFromCachedPage(). * loader/FrameLoader.h: * page/FrameTree.cpp: (WebCore::FrameTree::traverseNextInPostOrderWithWrap): Returns the next Frame* in a post-order traversal of the frame tree optionally wrapping around to the deepest first child in the tree. (WebCore::FrameTree::deepFirstChild): Added. * page/FrameTree.h: 2017-03-20 Matthew Hanson Merge r213949. rdar://problem/31049771 2017-03-14 Andy Estes REGRESSION (r209760): Apple Pay doesn't work on sites that specify empty contact fields https://bugs.webkit.org/show_bug.cgi?id=169639 Reviewed by Anders Carlsson. Shipping and billing contact fields are allowed to be empty. * Modules/applepay/ApplePaySession.cpp: (WebCore::convertAndValidate): 2017-03-20 Matthew Hanson Merge r213253. rdar://problem/30773140 2017-03-01 Chris Dumez [WK2][!NETWORK_SESSION] Failure to download when using a download attribute with no value on an anchor https://bugs.webkit.org/show_bug.cgi?id=169060 Reviewed by Darin Adler. Make sure we never set the suggested filename to the empty string when the download attribute is present but has no value. Test: http/tests/download/anchor-download-no-value.html * loader/PolicyChecker.cpp: (WebCore::PolicyChecker::checkNavigationPolicy): 2017-03-16 Jason Marcell Merge r214059. rdar://problem/31099341 2017-03-16 Zalan Bujtas Stay inside the continuation while searching for a candidate ancestor for insertion. https://bugs.webkit.org/show_bug.cgi?id=169768 Reviewed by David Hyatt. Test: fast/inline/continuation-crash-with-anon-ancestors.html * rendering/RenderInline.cpp: (WebCore::RenderInline::addChildToContinuation): 2017-03-16 Jason Marcell Merge r214023. rdar://problem/31091039 2017-03-15 Zalan Bujtas Do not reparent floating object until after intruding/overhanging dependency is cleared. https://bugs.webkit.org/show_bug.cgi?id=169711 Reviewed by Simon Fraser. This patch ensures that we cleanup the m_floatingObjects for siblings before reparenting the fresh float. Test: fast/block/float/inline-becomes-float-and-moves-around.html * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::styleDidChange): * rendering/RenderElement.cpp: (WebCore::RenderElement::styleDidChange): * rendering/RenderElement.h: (WebCore::RenderElement::noLongerAffectsParentBlock): 2017-03-16 Jason Marcell Merge r213967. rdar://problem/30921827 2017-03-14 Wenson Hsieh RenderElements should unregister for viewport visibility callbacks when they are destroyed https://bugs.webkit.org/show_bug.cgi?id=169521 Reviewed by Simon Fraser. When registering a RenderElement for viewport visibility callbacks, we always need to make sure that it is unregistered before it is destroyed. While we account for this in the destructor of RenderElement, we only unregister in the destructor if we are already registered for visibility callbacks. In the call to RenderObject::willBeDestroyed(), we clear out rare data, which holds RenderElement's viewport callback registration state, so upon entering the destructor of RenderElement, we skip unregistration because RenderElement thinks that it is not registered. We can mitigate this by unregistering the RenderElement earlier, in RenderElement::willBeDestroyed, prior to clearing out the rare data. However, we'd ideally want to move the cleanup logic out of the destructor altogether and into willBeDestroyed (see https://bugs.webkit.org/show_bug.cgi?id=169650). Test: fast/media/video-element-in-details-collapse.html * rendering/RenderElement.cpp: (WebCore::RenderElement::willBeDestroyed): 2017-03-16 Jason Marcell Merge r213897. rdar://problem/30921833 2017-03-13 Wenson Hsieh Make RepaintRegionAccumulator hold a WeakPtr to its root RenderView https://bugs.webkit.org/show_bug.cgi?id=168480 Reviewed by Antti Koivisto. Implements two mitigations to prevent the symptoms of the bug from occurring (see the bugzilla for more details). Test: editing/execCommand/show-modal-dialog-during-execCommand.html * editing/EditorCommand.cpp: (WebCore::Editor::Command::execute): Do not allow edit commands to execute if the frame's document before and after layout differ (that is, edit commands triggered by a certain document should not run on a different document). * rendering/RenderView.cpp: (WebCore::RenderView::RenderView): (WebCore::RenderView::RepaintRegionAccumulator::RepaintRegionAccumulator): Turns RepaintRegionAccumulator's reference to its root RenderView into a WeakPtr to gracefully handle the case where its RenderView is destroyed before RepaintRegionAccumulator's destructor gets a chance to flush the RenderView's repaint regions. * rendering/RenderView.h: 2017-03-16 Jason Marcell Merge r213833. rdar://problem/31092879 2017-03-13 Miguel Gomez ImageDecoder can be deleted while the async decoder thread is still using it https://bugs.webkit.org/show_bug.cgi?id=169199 Reviewed by Carlos Garcia Campos. Make the image decoder used by ImageSource and ImageFrameCache into a RefPtr instead of and unique_ptr, and pass a reference to the decoder thread. This ensures that the decoder will stay alive as long as the decoding thread is processing frames. Also, stop the async decoding queue if a new decoder is set to ImageFrameCache. No new tests. * platform/graphics/ImageFrameCache.cpp: (WebCore::ImageFrameCache::setDecoder): (WebCore::ImageFrameCache::decoder): (WebCore::ImageFrameCache::startAsyncDecodingQueue): (WebCore::ImageFrameCache::metadata): * platform/graphics/ImageFrameCache.h: (WebCore::ImageFrameCache::setDecoder): Deleted. Moved to source file so we can keep the ImageDecoder forward declaration. (WebCore::ImageFrameCache::decoder): Deleted. Moved to source file so we can keep the ImageDecoder forward declaration. * platform/graphics/ImageSource.h: * platform/graphics/cg/ImageDecoderCG.h: (WebCore::ImageDecoder::create): * platform/graphics/win/ImageDecoderDirect2D.h: (WebCore::ImageDecoder::create): * platform/image-decoders/ImageDecoder.cpp: (WebCore::ImageDecoder::create): * platform/image-decoders/ImageDecoder.h: 2017-03-16 Jason Marcell Merge r213501. rdar://problem/30921830 2017-03-06 Brent Fulgham Validate DOM after potentially destructive actions during parser insert operations https://bugs.webkit.org/show_bug.cgi?id=169222 Reviewed by Ryosuke Niwa. Do not perform an insert operation if the next child's parent is no longer part of the tree. This can happen if JavaScript runs during node removal events and modifies the contents of the document. This patch was inspired by a similar Blink change by Marius Mlynski: Tests: fast/parser/scriptexec-during-parserInsertBefore.html * html/parser/HTMLConstructionSite.cpp: (WebCore::executeReparentTask): (WebCore::executeInsertAlreadyParsedChildTask): 2017-03-16 Jason Marcell Merge r213385. rdar://problem/30921816 2017-03-03 Sam Weinig REGRESSION (r209760): Apple Pay doesn't work on casper.com, shopspring.com, maybe other sites https://bugs.webkit.org/show_bug.cgi?id=169149 Reviewed by Simon Fraser. Relax restriction that the ApplePayShippingMethod sequence must not be empty. This was incorrect. * Modules/applepay/ApplePaySession.cpp: (WebCore::convertAndValidate): 2017-03-16 Jason Marcell Merge r213311. rdar://problem/30812769 2017-03-02 Chris Dumez We should prevent load of subframes inserted during FrameTree deconstruction https://bugs.webkit.org/show_bug.cgi?id=169095 Reviewed by Brent Fulgham. When deconstructing the FrameTree, we fire the unload event in each subframe. Such unload event handler may insert a new frame, we would previously load such new frame which was unsafe as we would end up with an attached subframe on a detached tree. To address the issue, we prevent new subframes from loading while deconstructing the FrameTree and firing the unload events. This new behavior is consistent with Chrome and should therefore be safe from a compatibility standpoint. Test: fast/frames/insert-frame-unload-handler.html * dom/ContainerNodeAlgorithms.cpp: (WebCore::disconnectSubframes): Update SubframeLoadingDisabler call site now that the constructor takes in a pointer instead of a reference. * html/HTMLFrameOwnerElement.h: (WebCore::SubframeLoadingDisabler::SubframeLoadingDisabler): (WebCore::SubframeLoadingDisabler::~SubframeLoadingDisabler): Update SubframeLoadingDisabler constructor to take in a pointer instead of a reference, for convenience. * loader/FrameLoader.cpp: (WebCore::FrameLoader::detachChildren): Prevent loads in subframes while detaching the subframes. It would be unsafe as we copy the list of frames before iterating to fire the unload events. Therefore, newly inserted frames would not get unloaded. 2017-03-02 Matthew Hanson Rollout r212893. rdar://problem/30812551 2017-02-22 Matthew Hanson rdar://problem/30657889 2017-02-22 Filip Pizlo A:B testing should not be contingent upon RC_SEED_BUILD Reviewed by Alexey Proskuryakov. * platform/SplitTestInitializer.cpp: 2017-03-01 Matthew Hanson Merge r213211. rdar://problem/30742143 2017-03-01 Per Arne Vollan [Win] Popup menus are too small in HiDPI mode. https://bugs.webkit.org/show_bug.cgi?id=168965 Reviewed by Brent Fulgham. Scale font with device scale factor. * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::show): (WebCore::PopupMenuWin::calculatePositionAndSize): (WebCore::PopupMenuWin::paint): * platform/win/PopupMenuWin.h: 2017-02-24 Matthew Hanson Merge r212822. rdar://problem/30682429 2017-02-22 Per Arne Vollan [Win] Crash under CACFLayerTreeHost::acceleratedCompositingAvailable(). https://bugs.webkit.org/show_bug.cgi?id=168711 Reviewed by Alex Christensen. Add null pointer check. * platform/graphics/ca/win/CACFLayerTreeHost.cpp: (WebCore::CACFLayerTreeHost::acceleratedCompositingAvailable): 2017-02-22 Brent Fulgham Merge r212828. rdar://problem/30636288 2017-02-21 Antti Koivisto REGRESSION(r207669): Crash after mutating selector text https://bugs.webkit.org/show_bug.cgi?id=168655 Reviewed by Brent Fulgham. Test: fast/css/selector-text-mutation-crash.html * style/StyleScope.cpp: (WebCore::Style::Scope::resolver): (WebCore::Style::Scope::updateStyleResolver): Protect against entering scheduleUpdate and wiping style resolver while updating it. Extension stylesheets can trigger this. (WebCore::Style::Scope::scheduleUpdate): Clear the style resolver immediately if style sheet content changes. The resolver may have data structures that point to the old sheet contents. The resolver would get wiped anyway when the scheduled update actually occurs. * style/StyleScope.h: 2017-02-28 Matthew Hanson Merge r213078. rdar://problem/30704432 2017-02-27 Matthew Hanson Merge r213010. rdar://problem/30704432 2017-02-26 Chris Dumez HitTestResult's linkSuggestedFilename should sanitize download attribute https://bugs.webkit.org/show_bug.cgi?id=168856 Reviewed by Antti Koivisto. HitTestResult's linkSuggestedFilename should sanitize download attribute. This is used by the context menu's "Download Linked File" & "Download Linked File As..." actions. * rendering/HitTestResult.cpp: (WebCore::HitTestResult::linkSuggestedFilename): * rendering/HitTestResult.h: 2017-02-28 Matthew Hanson Merge r213077. rdar://problem/30704432 2017-02-27 Matthew Hanson Merge r212987. rdar://problem/30704432 2017-02-24 Chris Dumez Unreviewed, follow-up fix after r212972. Fixes a few assertions on the debug build bots. URL needs to be exactly the same as the parsed one given that we are calling the ParsedURLString constructor. * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::sanitizeSuggestedFilename): 2017-02-28 Matthew Hanson Merge r213076. rdar://problem/30704432 2017-02-27 Matthew Hanson Merge r212972. rdar://problem/30704432 2017-02-24 Chris Dumez Download attribute should be sanitized before being used as suggested filename https://bugs.webkit.org/show_bug.cgi?id=168839 Reviewed by Darin Adler. Sanitize Download attribute before using it as a suggested filename for the download. We rely on ResourceResponse's sanitizing of the suggested filename to do so, which has the benefit of being consistent with downloads without the download attribute. Tests: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html * html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::handleClick): * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::sanitizeSuggestedFilename): * platform/network/ResourceResponseBase.h: 2017-02-22 Brent Fulgham Merge r212828. rdar://problem/30636274 2017-02-21 Antti Koivisto REGRESSION(r207669): Crash after mutating selector text https://bugs.webkit.org/show_bug.cgi?id=168655 Reviewed by Brent Fulgham. Test: fast/css/selector-text-mutation-crash.html * style/StyleScope.cpp: (WebCore::Style::Scope::resolver): (WebCore::Style::Scope::updateStyleResolver): Protect against entering scheduleUpdate and wiping style resolver while updating it. Extension stylesheets can trigger this. (WebCore::Style::Scope::scheduleUpdate): Clear the style resolver immediately if style sheet content changes. The resolver may have data structures that point to the old sheet contents. The resolver would get wiped anyway when the scheduled update actually occurs. * style/StyleScope.h: 2017-02-23 Matthew Hanson Rollout r212740. rdar://problem/30636274 2017-02-22 Brent Fulgham Merge r212554. rdar://problem/30636115 2017-02-16 Brent Fulgham RenderView needs to be updated when FrameView changes https://bugs.webkit.org/show_bug.cgi?id=168481 Reviewed by Andreas Kling. The state of the Document's RenderView can get out of sync with the Frame's FrameView. We need a notification mechanism so that modifications to the Frame's view are properly relayed to Document so that it can have a correct RenderView. * dom/Document.cpp: (WebCore::Document::didBecomeCurrentDocumentInView): Create an updated render tree (if one does not already exist). (WebCore::Document::destroyRenderTree): Remove an incorrect ASSERT. We may enter this code when the Frame uses 'setView(nullptr)', which happens during certain updates. * dom/Document.h: * page/Frame.cpp: (WebCore::Frame::setView): Destroy the old render tree (if present) before switching to the new view. Then notify the document that it is now the current document in the new view. 2017-02-22 Matthew Hanson Merge r212730. rdar://problem/30515072 2017-02-21 Per Arne Vollan [Win] WebView is not painting in accelerated compositing mode. https://bugs.webkit.org/show_bug.cgi?id=168654 Reviewed by Brent Fulgham. Initializing the uncommitted layer change flags to CoverageRectChanged in GraphicsLayerCA, stops WebView painting in accelerated mode. Covered by existing tests. * platform/graphics/ca/GraphicsLayerCA.h: 2017-02-22 Matthew Hanson Merge r212831. rdar://problem/30628889 2017-02-22 Per Arne Vollan [Win] Compile fix. https://bugs.webkit.org/show_bug.cgi?id=168713 Reviewed by Brent Fulgham. The include file is not found. * testing/Internals.cpp: 2017-02-22 Matthew Hanson Merge r212819. rdar://problem/30640217 2017-02-22 Matthew Hanson Merge r212773. rdar://problem/30640217 2017-02-21 Chris Dumez REGRESSION (203941): iAd Producer: Clicking buttons in Preview does not work https://bugs.webkit.org/show_bug.cgi?id=168677 Reviewed by Ryosuke Niwa. Add quirk to initMouseEvent to unbreak iAd Producer. * dom/MouseEvent.cpp: (WebCore::MouseEvent::initMouseEventQuirk): * dom/MouseEvent.h: * dom/MouseEvent.idl: * platform/RuntimeApplicationChecks.h: * platform/RuntimeApplicationChecks.mm: (WebCore::MacApplication::isIADProducer): 2017-02-21 Matthew Hanson Merge r212737. rdar://problem/30636274 2017-02-21 Antti Koivisto REGRESSION(r207669): Crash after mutating selector text https://bugs.webkit.org/show_bug.cgi?id=168655 Reviewed by Brent Fulgham. Test: fast/css/selector-text-mutation-crash.html * style/StyleScope.cpp: (WebCore::Style::Scope::scheduleUpdate): Clear the style resolver immediately if style sheet content changes. The resolver may have data structures that point to the old sheet contents. The resolver would get wiped anyway when the scheduled update actually occurs. 2017-02-17 JF Bastien A/B test concurrent GC https://bugs.webkit.org/show_bug.cgi?id=168453 Reviewed by Phil Pizlo. Initialize the WTF::SplitTest singleton using the anonymous UUID from crash reporter. This makes it easy to figure out which A/B split tests were enabled from a particular crash log. * WebCore.xcodeproj/project.pbxproj: * platform/SplitTestInitializer.cpp: Added. (getUUID): (InitWebCoreSplitTest): * platform/SplitTestInitializer.h: Copied from Source/WebKit2/WebProcess/EntryPoint/mac/XPCService/WebContentServiceEntryPoint.mm. 2017-02-21 Matthew Hanson Merge r212667. rdar://problem/29852056 2017-02-20 Brent Fulgham Nullptr dereferences when stopping a load https://bugs.webkit.org/show_bug.cgi?id=168608 Reviewed by Ryosuke Niwa. Don't attempt to notify a detached frame's load client that the load is stopped. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::stopLoading): Check for null frame loader and bypass dereferencing it. 2017-02-18 Ryosuke Niwa REGRESSION(r212218): Assertion failures in and after parserRemoveChild https://bugs.webkit.org/show_bug.cgi?id=168458 Reviewed by Antti Koivisto. The bug was caused by parserRemoveChild not preceeding to remove oldChild even when oldChild had been inserted elsewhere during unload evnets of the disconnected frames. Fixed the bug by checking this condition and exiting early. Also fixed various callers of parserRemoveChild to not call parserAppendChild when the removed node had already been inserted elsewhere by scripts. Tests: fast/parser/adoption-agency-unload-iframe-3.html fast/parser/adoption-agency-unload-iframe-4.html fast/parser/xml-error-unload-iframe.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::parserRemoveChild): Exit early when the node had been inserted elsewhere while firing unload events. Also moved the call to notifyRemovePendingSheetIfNeeded outside NoEventDispatchAssertion since it can synchrnously fire a focus event. (WebCore::ContainerNode::parserAppendChild): Moved adoptNode call to inside NoEventDispatchAssertion since adoptNode call here should never mutate DOM. * html/parser/HTMLConstructionSite.cpp: (WebCore::executeReparentTask): Added an early exit when the node had already been inserted elsewhere. (WebCore::executeInsertAlreadyParsedChildTask): Ditto. * xml/XMLErrors.cpp: (WebCore::XMLErrors::insertErrorMessageBlock): Ditto. * xml/parser/XMLDocumentParser.cpp: (WebCore::XMLDocumentParser::end): Fixed a crash unveiled by one of the test cases. Exit early when insertErrorMessageBlock detached the parser (by author scripts). (WebCore::XMLDocumentParser::finish): Keep the parser alive until we exit. 2017-02-20 Ryosuke Niwa HTMLConstructionSiteTask::Insert should never be called on a node with a parent https://bugs.webkit.org/show_bug.cgi?id=168099 Reviewed by Sam Weinig. insertAlreadyParsedChild always use HTMLConstructionSiteTask::InsertAlreadyParsedChild instead of using HTMLConstructionSiteTask::Insert when fostering a child. Also combine the step to take all children and re-parenting into a single task instead of separately issuing TakeAllChildren and Reparent tasks. No new tests since this is a refactoring. * html/parser/HTMLConstructionSite.cpp: (WebCore::insert): Now asserts that the child node never have a parent. (WebCore::executeInsertAlreadyParsedChildTask): Moved the code to remove the parent here. (WebCore::executeTakeAllChildrenAndReparentTask): Renamed from executeTakeAllChildrenTask now that this function also does the reparenting. (WebCore::executeTask): (WebCore::HTMLConstructionSite::reparent): Removed the variant only used with takeAllChildren. (WebCore::HTMLConstructionSite::insertAlreadyParsedChild): Always use InsertAlreadyParsedChild instead of calling fosterParent which uses Insert when fostering parents. (WebCore::HTMLConstructionSite::takeAllChildrenAndReparent): Renamed from takeAllChildren. * html/parser/HTMLConstructionSite.h: (WebCore::HTMLConstructionSiteTask:Operation): * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::callTheAdoptionAgency): 2017-02-20 Matthew Hanson Rollout r212601. rdar://problem/30339638 2017-02-20 Matthew Hanson Rollout r212660. rdar://problem/30553220 2017-02-20 Matthew Hanson Rollout r212647. rdar://problem/30563318 2017-02-20 Matthew Hanson Merge r211750. rdar://problem/30383964 2017-02-06 Simon Fraser Safari pages are blank sometimes (missing tiles) https://bugs.webkit.org/show_bug.cgi?id=167904 Reviewed by Tim Horton. After r211683 we failed to udpate the "inWindow" flag on the page tiled layer, because usingTiledBacking() on GraphicsLayer confusingly was false for the page tiled layer. Fix by removing usingTiledBacking() entirely, and checking for tiledBacking(), looking at the layer type when necessary. Tested by tiled-drawing/tiled-backing-in-window.html * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::GraphicsLayer): (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants): This is the bug fix. (WebCore::GraphicsLayer::getDebugBorderInfo): (WebCore::GraphicsLayer::dumpProperties): * platform/graphics/GraphicsLayer.h: (WebCore::GraphicsLayer::usingTiledBacking): Deleted. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::recursiveCommitChanges): (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers): (WebCore::GraphicsLayerCA::changeLayerTypeTo): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::willDestroyLayer): (WebCore::RenderLayerBacking::compositingLayerType): * rendering/RenderLayerCompositor.cpp: A bit more logging. (WebCore::RenderLayerCompositor::setIsInWindow): (WebCore::RenderLayerCompositor::attachRootLayer): 2017-02-20 Matthew Hanson Merge r212651. rdar://problem/30604254 2017-02-20 Jon Lee Fix build error for iOS. Unreviewed. * platform/graphics/GraphicsContext3D.cpp: Move stub function into !PLATFORM(COCOA) instead of !PLATFORM(MAC). 2017-02-20 Matthew Hanson Merge r212650. rdar://problem/30604254 2017-02-20 Jon Lee Unreviewed, rolling out r212639. Have a fix for the linker error on iOS. Reverted changeset: "Unreviewed, rolling out r212637." https://bugs.webkit.org/show_bug.cgi?id=168595 http://trac.webkit.org/changeset/212639 2017-02-20 Matthew Hanson Merge r212633. rdar://problem/30592266 2017-02-19 Dean Jackson Activate/deactivate high performance GPU when requested https://bugs.webkit.org/show_bug.cgi?id=168559 Reviewed by Jon Lee. Respect the high-performance powerPreference for WebGL, by managing an object that enables the high-performance GPU. If a WebGL context wants high-performance, and it is visible, then a manager class in GraphicsContext3D creates and retains the object, causing all the WebGL contexts to move GPUs. If all the high-performance contexts are not visible, such as in a background tab, then the manager will release the object, allowing the GPU to power down. The swapping back from the high-performance GPU happens on a timer, to make sure we don't churn between GPUs if the user is swapping between a lot of tabs, or windows. Unfortunately testing this change properly requires hardware with multiple GPUs. I plan to write an API test that fakes most of the system interaction, such as occluding the page. An API test might also be able to verify if the system has more than one GPU. Otherwise I'll have to plumb everything through Internals. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::isHighPerformanceContext): Helper to detect if the GraphicsContext3D actually used high-performance mode. (WebCore::WebGLRenderingContextBase::create): Add logging if we are actually overriding a high-performance request. (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): If we are high-performance, then register for activity state changes. (WebCore::WebGLRenderingContextBase::addActivityStateChangeObserverIfNecessary): (WebCore::WebGLRenderingContextBase::removeActivityStateChangeObserver): (WebCore::WebGLRenderingContextBase::destroyGraphicsContext3D): Call removeActivityStateChangeObserver as the GC3D is destroyed. (WebCore::WebGLRenderingContextBase::maybeRestoreContext): If the context was restored successfully, and came back in high-performance, then we need to listen for activity state changes as usual. (WebCore::WebGLRenderingContextBase::activityStateDidChange): If we changed visibility, tell the GC3D. * html/canvas/WebGLRenderingContextBase.h: Class inherits ActivityStateChangeObserver. * page/Settings.in: No longer force low-power everywhere. * platform/graphics/GraphicsContext3D.cpp: (WebCore::GraphicsContext3D::setContextVisibility): Empty implementation for non-Mac. * platform/graphics/GraphicsContext3D.h: (WebCore::GraphicsContext3D::powerPreferenceUsedForCreation): Tells clients what power preference was actually used during creation (e.g. a single GPU system will use default, even if they requested high-performance). * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::GraphicsContext3DManager::GraphicsContext3DManager): Helper class to look after all GraphicsContext3Ds. (WebCore::GraphicsContext3DManager::hasTooManyContexts): We have a limit on the number of contexts we can keep alive at any one time. (WebCore::manager): Helper to return the static instance. (WebCore::displayWasReconfigured): Send a message to all the contexts. (WebCore::GraphicsContext3DManager::addContext): (WebCore::GraphicsContext3DManager::removeContext): (WebCore::GraphicsContext3DManager::addContextRequiringHighPerformance): (WebCore::GraphicsContext3DManager::removeContextRequiringHighPerformance): (WebCore::GraphicsContext3DManager::updateHighPerformanceState): Check if the number of contexts requiring high-performance means we need to enable/disable that GPU. (WebCore::GraphicsContext3DManager::disableHighPerformanceGPUTimerFired): Releases our object that keeps the high-performance GPU on. (WebCore::GraphicsContext3DManager::recycleContextIfNecessary): Get rid of the first (oldest) context. This code was in GC3D proper, but it made more sense here in the helper. (WebCore::setPixelFormat): All contexts are created muxable now. (WebCore::GraphicsContext3D::create): Use the manager. (WebCore::GraphicsContext3D::GraphicsContext3D): Ditto. (WebCore::GraphicsContext3D::~GraphicsContext3D): Add logging. (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): Better logging. (WebCore::GraphicsContext3D::updateCGLContext): (WebCore::GraphicsContext3D::setContextVisibility): This is the responder to the ActivityStateChanges in the WebGLRenderingContext. (WebCore::activeContexts): Deleted. (WebCore::addActiveContext): Deleted. (WebCore::removeActiveContext): Deleted. 2017-02-20 Matthew Hanson Merge r212331. rdar://problem/30522092 2017-02-14 Dean Jackson Rename preferLowPowerWebGLRendering setting to forceWebGLUsesLowPower https://bugs.webkit.org/show_bug.cgi?id=168339 Reviewed by Simon Fraser. Use a setting name that more clearly reflects what it is doing. It's not preferring to use the low-power GPU, it's forcing it. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::create): * page/Settings.in: 2017-02-20 Matthew Hanson Rollout r212538. rdar://problem/30541748 2017-02-17 Matthew Hanson A/B test concurrent GC https://bugs.webkit.org/show_bug.cgi?id=168453 Landed on behalf of JF Bastien. Reviewed by Alexey Proskuryakov. Initialize the WTF::SplitTest singleton using the anonymous UUID from crash reporter. This makes it easy to figure out which A/B split tests were enabled from a particular crash log. * WebCore.xcodeproj/project.pbxproj: * platform/SplitTestInitializer.cpp: Added. (getUUID): (InitWebCoreSplitTest): * platform/SplitTestInitializer.h: Copied from Source/WebKit2/WebProcess/EntryPoint/mac/XPCService/WebContentServiceEntryPoint.mm. 2017-02-20 Matthew Hanson Merge r212652. rdar://problem/30435303 2017-02-20 Per Arne Vollan [Win] Custom scale factor is not applied in all cases. https://bugs.webkit.org/show_bug.cgi?id=168117 Reviewed by Brent Fulgham. We should not call the function deviceScaleFactorForWindow directly, since this will return the system scale factor, and ignore the custom scale factor. * platform/graphics/ca/win/CACFLayerTreeHost.h: * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: (WebCore::WKCACFViewLayerTreeHost::initializeContext): (WebCore::WKCACFViewLayerTreeHost::resize): (WebCore::WKCACFViewLayerTreeHost::setScaleFactor): * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: * platform/win/GDIUtilities.h: (WebCore::makeScaledPoint): * platform/win/PlatformMouseEventWin.cpp: (WebCore::positionForEvent): * platform/win/PopupMenuWin.cpp: (WebCore::PopupMenuWin::show): (WebCore::PopupMenuWin::wndProc): * platform/win/PopupMenuWin.h: 2017-02-20 Matthew Hanson Merge r212621. rdar://problem/30563318 2017-02-18 Ryosuke Niwa REGRESSION(r212218): Assertion failures in and after parserRemoveChild https://bugs.webkit.org/show_bug.cgi?id=168458 Reviewed by Antti Koivisto. The bug was caused by parserRemoveChild not preceeding to remove oldChild even when oldChild had been inserted elsewhere during unload evnets of the disconnected frames. Fixed the bug by checking this condition and exiting early. Also fixed various callers of parserRemoveChild to not call parserAppendChild when the removed node had already been inserted elsewhere by scripts. Tests: fast/parser/adoption-agency-unload-iframe-3.html fast/parser/adoption-agency-unload-iframe-4.html fast/parser/xml-error-unload-iframe.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::parserRemoveChild): Exit early when the node had been inserted elsewhere while firing unload events. Also moved the call to notifyRemovePendingSheetIfNeeded outside NoEventDispatchAssertion since it can synchrnously fire a focus event. (WebCore::ContainerNode::parserAppendChild): Moved adoptNode call to inside NoEventDispatchAssertion since adoptNode call here should never mutate DOM. * html/parser/HTMLConstructionSite.cpp: (WebCore::executeReparentTask): Added an early exit when the node had already been inserted elsewhere. (WebCore::executeInsertAlreadyParsedChildTask): Ditto. * xml/XMLErrors.cpp: (WebCore::XMLErrors::insertErrorMessageBlock): Ditto. * xml/parser/XMLDocumentParser.cpp: (WebCore::XMLDocumentParser::end): Fixed a crash unveiled by one of the test cases. Exit early when insertErrorMessageBlock detached the parser (by author scripts). (WebCore::XMLDocumentParser::finish): Keep the parser alive until we exit. 2017-02-20 Matthew Hanson Merge r212558. rdar://problem/30451563 2017-02-17 Simon Fraser REGRESSION (209396): Apple Pay buttons do not render https://bugs.webkit.org/show_bug.cgi?id=168523 rdar://problem/30451563 Reviewed by Geoffrey Garen. The new CSS parser mistakenly converted -apple-pay-button values to -webkit-pay-button, breaking -webkit-appearance: -apple-pay-button. Fix by excluding "-apple-pay" prefixed values from the conversion. Test: fast/css/appearance-apple-pay-button.html * css/parser/CSSPropertyParser.cpp: (WebCore::isAppleLegacyCssValueKeyword): 2017-02-17 Matthew Hanson Merge r212554. rdar://problem/30339638 2017-02-16 Brent Fulgham RenderView needs to be updated when FrameView changes https://bugs.webkit.org/show_bug.cgi?id=168481 Reviewed by Andreas Kling. The state of the Document's RenderView can get out of sync with the Frame's FrameView. We need a notification mechanism so that modifications to the Frame's view are properly relayed to Document so that it can have a correct RenderView. * dom/Document.cpp: (WebCore::Document::didBecomeCurrentDocumentInView): Create an updated render tree (if one does not already exist). (WebCore::Document::destroyRenderTree): Remove an incorrect ASSERT. We may enter this code when the Frame uses 'setView(nullptr)', which happens during certain updates. * dom/Document.h: * page/Frame.cpp: (WebCore::Frame::setView): Destroy the old render tree (if present) before switching to the new view. Then notify the document that it is now the current document in the new view. 2017-02-17 Matthew Hanson Merge r212354. rdar://problem/30450371 2017-02-14 Ryosuke Niwa An assertion failure inside removeChildren https://bugs.webkit.org/show_bug.cgi?id=168069 Reviewed by Brent Fulgham. The bug was caused by notifyRemovePendingSheet executing scripts synchronously where it shouldn't. Removed the call to notifyRemovePendingSheetIfNeeded in notifyChildNodeRemoved. Instead, invoke it in its call sites when they're safe. Test: http/tests/security/move-iframe-within-focus-handler-inside-removal.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::takeAllChildrenFrom): (WebCore::ContainerNode::notifyChildInserted): (WebCore::ContainerNode::removeChild): (WebCore::ContainerNode::parserRemoveChild): (WebCore::ContainerNode::replaceAllChildren): (WebCore::ContainerNode::removeChildren): * dom/ContainerNodeAlgorithms.cpp: (WebCore::notifyChildNodeRemoved): 2017-02-17 Matthew Hanson Merge r212265. rdar://problem/30231732 2017-02-13 Said Abou-Hallawa The current frame of an image should not deleted if another frame is asynchronously being decoded https://bugs.webkit.org/show_bug.cgi?id=167618 Reviewed by Simon Fraser. Test: fast/images/animated-image-draw-while-decode.html If the memory cache asks the BitmapImage to destroy all its frames while the next frame is being decoded, a thread contention may happen. This can happen when BitmapImage::draw() is called and the next frame is not ready yet for drawing, so the current frame has to be drawn. This will invoke a frame decoding in the same image from the drawing committing thread. We can avoid that by destroying all the frames except the current frame if the image is asynchronously decoding its frames. This should not add extra memory overhead because building the image frame cache and then destroying it, when needed, is an on-going process. The frames will be allocated and decoded all the time and all of them can be destroyed except the current one. * platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::destroyDecodedData): (WebCore::BitmapImage::destroyDecodedDataIfNecessary): The logic of destroying the ImageFrames was split among BitmapImage, ImageSource and ImageFrameCache. Move all the logic to BitmapImage and have ImageFrameCache be responsible only for destroying a range of ImageFrames. (WebCore::BitmapImage::draw): add an ASSERT_IMPLIES to ensure the current frame is ready to be rendered if the next frame is being decoded. * platform/graphics/BitmapImage.h: Move a const from ImageFrameCache.h to BitmapImage.h. * platform/graphics/ImageFrameCache.cpp: (WebCore::ImageFrameCache::destroyDecodedData): (WebCore::ImageFrameCache::destroyDecodedDataIfNecessary): Deleted. * platform/graphics/ImageFrameCache.h: (WebCore::ImageFrameCache::destroyAllDecodedData): (WebCore::ImageFrameCache::destroyAllDecodedDataExcludeFrame): (WebCore::ImageFrameCache::destroyDecodedDataBeforeFrame): Make ImageFrameCache be responsible for destroying a range of ImageFrames. This range might include all the frames, all the frames but up to a specific frame, or all the frames but exclude one frame in the middle. * platform/graphics/ImageSource.cpp: (WebCore::ImageSource::clear): No need to call clearFrameBufferCache() from clear(). The decision to call clearFrameBufferCache() or clear() is moved to BitmapImage::destroyDecodedData(). (WebCore::ImageSource::destroyDecodedData): Deleted. (WebCore::ImageSource::destroyDecodedDataIfNecessary): Deleted. These functions are replaced by another set of functions in ImageSource.h. * platform/graphics/ImageSource.h: (WebCore::ImageSource::destroyAllDecodedData): (WebCore::ImageSource::destroyAllDecodedDataExcludeFrame): (WebCore::ImageSource::destroyDecodedDataBeforeFrame): (WebCore::ImageSource::hasDecodingQueue): These are new wrappers which call the corresponding ImageFrameCache functions. 2017-02-17 Matthew Hanson Merge r212218. rdar://problem/30339793 2017-02-12 Ryosuke Niwa parserRemoveChild should unload subframes https://bugs.webkit.org/show_bug.cgi?id=168151 Reviewed by Darin Adler. Fix the bug that the adoption agency algorithm does not unload subframes as it disconnects nodes. Also moved calls to nodeWillBeRemoved inside NoEventDispatchAssertion to expand on r211965. Tests: fast/parser/adoption-agency-clear-focus-range.html fast/parser/adoption-agency-unload-iframe-1.html fast/parser/adoption-agency-unload-iframe-2.html * dom/ContainerNode.cpp: (WebCore::ContainerNode::takeAllChildrenFrom): Rewritten using idioms used in removeChildren and parserAppendChild. Disconnect all subframes first since this can synchronously dispatch an unload event. Then update DOM ranges, the focused element, and other states in the document. Second, use the regular removeBetween, notifyChildNodeRemoved, childrenChanged sequence of calls to disconnect nodes instead of a single call to removeDetachedChildren to properly disconnect child nodes since those nodes may have already come live due to execution of synchronous scripts prior to the adoption agency algorithm has run, or in response to the unload event we just dispatched. Third, append these nodes using parserAppendChild to avoid dispatching mutation events. (WebCore::willRemoveChild): Removed the call to nodeWillBeRemoved. It's now called within NoEventDispatchAssertion in each call site of willRemoveChild and willRemoveChildren. (WebCore::willRemoveChildren): Ditto. (WebCore::ContainerNode::removeChild): Call nodeWillBeRemoved inside NoEventDispatchAssertion. (WebCore::ContainerNode::replaceAllChildren): Call nodeWillBeRemoved inside NoEventDispatchAssertion. (WebCore::ContainerNode::parserRemoveChild): Disconnect subframes and update document's states. * html/parser/HTMLConstructionSite.cpp: (WebCore::executeTakeAllChildrenAndReparentTask): Add a release assert that new parent does not already have a parent. 2017-02-17 Matthew Hanson Merge r212035. rdar://problem/30433204 2017-02-09 Filip Pizlo SharedArrayBuffer does not need to be in the transfer list https://bugs.webkit.org/show_bug.cgi?id=168079 Reviewed by Geoffrey Garen and Keith Miller. Tests: workers/sab/multi-memory-multi-buffer.html workers/sab/multi-memory.html workers/sab/no-transfer.html workers/sab/postMessage-clones.html workers/sab/sent-from-worker-no-transfer.html workers/sab/sent-from-worker-transfer.html The SAB API that we originally implemented required that SABs get put in transfer lists when they are sent to workers. The new SAB API that everyone is converging towards requires that you do not put the SAB in the transfer list. That's supposed to be an error. Instead, anytime that a SAB is part of any message to or from a dedicated worker then it is automatically shared. The new API provides a lot more clarity about what is supposed to happen in contexts that support transfering but don't support sharing. Right now this patch allows both styles to work, but I hope we can disable the transfer list capability soon. * bindings/js/IDBBindingUtilities.cpp: (WebCore::deserializeIDBValueToJSValue): * bindings/js/JSMessageEventCustom.cpp: (WebCore::JSMessageEvent::data): * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::serialize): (WebCore::CloneSerializer::CloneSerializer): (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::deserialize): (WebCore::CloneDeserializer::CloneDeserializer): (WebCore::CloneDeserializer::readTerminal): (WebCore::SerializedScriptValue::SerializedScriptValue): (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::deserialize): * bindings/js/SerializedScriptValue.h: (): Deleted. * dom/CustomEvent.cpp: (WebCore::CustomEvent::trySerializeDetail): * dom/ErrorEvent.cpp: (WebCore::ErrorEvent::trySerializeError): * dom/MessageEvent.cpp: (WebCore::MessageEvent::trySerializeData): * dom/PopStateEvent.cpp: (WebCore::PopStateEvent::trySerializeState): * workers/DedicatedWorkerGlobalScope.cpp: (WebCore::DedicatedWorkerGlobalScope::postMessage): * workers/Worker.cpp: (WebCore::Worker::postMessage): 2017-02-17 Matthew Hanson Rollout r212488. rdar://problem/29904368 2017-02-17 Matthew Hanson Rollout r212500. rdar://problem/29904368 2017-02-17 Matthew Hanson Rollout r212501. rdar://problem/29904368 2017-02-16 Matthew Hanson Merge r212513. rdar://problem/30301317 2017-02-16 Myles C. Maxfield font-weight in @font-face can cause a font to be downloaded even when it's not used https://bugs.webkit.org/show_bug.cgi?id=168114 Reviewed by Darin Adler. There were two problems with our font loading code. When we are in the middle of a download, we will use a special interstitial font, and this special font has a flag set which will cause it to be invisible when it is drawn. However, when we start using this font during the load, we give it a unicode-range of U+0-0 which means that it will never be used, and fallback will happen to other weights immediately. The second problem with the font loading code is that this interstital font is just Times. Times doesn't support every character, which means that if we are trying to render some exotic character, we fall back to other weights. The solution here is to use LastResort as the interstitial font, because it supports all characters. Because its metrics are reasonable and we don't ever actually paint this interstitial font, this choice is no worse than Times. Tests: fast/text/font-style-download.html fast/text/font-weight-download-2.html fast/text/font-weight-download.html fast/text/font-weight-fallback.html * css/CSSFontFace.cpp: (WebCore::CSSFontFace::font): * css/CSSSegmentedFontFace.cpp: (WebCore::appendFont): (WebCore::CSSSegmentedFontFace::fontRanges): (WebCore::appendFontWithInvalidUnicodeRangeIfLoading): Deleted. * platform/graphics/Font.h: (WebCore::Font::widthForGlyph): * platform/graphics/FontCache.h: * platform/graphics/freetype/FontCacheFreeType.cpp: (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): * platform/graphics/mac/FontCacheMac.mm: (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): * platform/graphics/win/FontCacheWin.cpp: (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): 2017-02-16 Matthew Hanson Merge r212441. rdar://problem/30357253 2017-02-16 Chris Fleizach AX: Make form validation accessible on iOS https://bugs.webkit.org/show_bug.cgi?id=168400 Reviewed by Chris Dumez. Hide the popover content of form validation from accessibility (since its not interactable) and instead announce the message. * platform/ios/ValidationBubbleIOS.mm: (WebCore::ValidationBubble::show): 2017-02-16 Matthew Hanson Merge r212518. rdar://problem/30541748 2017-02-16 Daniel Bates Remove Chromium-specific code to call FrameLoaderClient::redirectDataToPlugin(nullptr) https://bugs.webkit.org/show_bug.cgi?id=168417 Reviewed by Brent Fulgham. Remove Chromium-specific code that was added in r125500 to call FrameLoaderClient::redirectDataToPlugin(nullptr) in PluginDocument::detachFromPluginElement(). Calling redirectDataToPlugin() with nullptr was used by the Chromium port to signify that the plugin document was being destroyed so that they could tear down their plugin widget. And PluginDocument::detachFromPluginElement() is the only place that calls redirectDataToPlugin() passing nullptr. No other port made use of this machinery and the Chromium port has long since been removed from the Open Source WebKit Project. We should remove this code. * html/PluginDocument.cpp: (WebCore::PluginDocumentParser::appendBytes): Pass the plugin widget by reference. (WebCore::PluginDocument::detachFromPluginElement): Remove call to FrameLoaderClient::redirectDataToPlugin(). This call was only used by the Chromium port as means to be notified when the plugin document was being destroyed. No other port made use of this notification or needed such a notification. * loader/EmptyClients.cpp: Change argument of redirectDataToPlugin() from Widget* to Widget& to convey that this function always takes a valid Widget. Also remove unnecessary argument name as the data type of the argument and the name of the function sufficiently describes the purpose of the argument. * loader/FrameLoaderClient.h: Ditto. 2017-02-16 Matthew Hanson Merge r212350. rdar://problem/30450379 2017-02-14 Brent Fulgham Revalidate URL after events that could trigger navigations https://bugs.webkit.org/show_bug.cgi?id=168071 Reviewed by Ryosuke Niwa. When arbitary javascript runs during a load, we should revalidate the URLs involved to make sure they are still valid. Tests: http/tests/plugins/navigation-during-load-embed.html http/tests/plugins/navigation-during-load.html * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::updateWidget): Confirm we are still allowed to load the URL after executing JS callbacks. * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::isURLAllowed): Split existing function into existing protected method, and a new public method that checks a passed URL for validity. * html/HTMLFrameElementBase.h: * html/HTMLFrameOwnerElement.h: (WebCore::HTMLFrameOwnerElement::isURLAllowed): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateWidget): Confirm we are still allowed to load the URL after executing JS callbacks. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestFrame): Ditto. 2017-02-16 Matthew Hanson Merge r212335. rdar://problem/29899473 2017-02-14 Brady Eidson Unreviewed followup to r212330 to fix Debug builds * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Add call to relaxAdoptionRequirement(). 2017-02-16 Matthew Hanson Merge r212330. rdar://problem/29899473 2017-02-14 Brady Eidson Speculative fix for: Crash in DocumentThreadableLoader::redirectReceived. and https://bugs.webkit.org/show_bug.cgi?id=168337 Reviewed by Geoffrey Garen. No new tests (Unable to find a reproduction). * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::loadRequest): 2017-02-16 Matthew Hanson Merge r212316. rdar://problem/30504444 2017-02-13 Dean Jackson Rename preferLowPowerToHighPerformance to powerPreference https://bugs.webkit.org/show_bug.cgi?id=168269 Reviewed by Chris Dumez. Based on the discussion in https://github.com/KhronosGroup/WebGL/pull/2283. Change WebGLContextAttributes's preferLowPowerToHighPerformance boolean into a powerPreference enum taking three values. The implementation of the enum is in GraphicsContext3DAttributes. While the name and values have changed, there should be no change in behaviour caused by this patch. * html/canvas/WebGLContextAttributes.h: Use GraphicsContext3DAttributes enum GraphicsContext3DPowerPreference. * html/canvas/WebGLContextAttributes.idl: Rename and add the WebIDL enum. * html/canvas/WebGLRenderingContextBase.cpp: Use the new values. (WebCore::WebGLRenderingContextBase::create): (WebCore::WebGLRenderingContextBase::registerWithWebGLStateTracker): * platform/WebGLStateTracker.cpp: * platform/WebGLStateTracker.h: Update the state tracker to use the new values. * platform/graphics/GraphicsContext3DAttributes.h: * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::setPixelFormat): Accept GraphicsContext3DPowerPreference as a parameter. (WebCore::GraphicsContext3D::GraphicsContext3D): 2017-02-16 Matthew Hanson Merge r212314. rdar://problem/27685077 2017-02-14 Jeremy Jones When playing inline after fullscreen, set a flag instead of adding attribute plays inline, and use in requiresFullscreenForVideoPlayback. https://bugs.webkit.org/show_bug.cgi?id=167815 rdar://problem/27685077 Reviewed by Jer Noble. Test: media/media-fullscreen-loop-inline.html When video is allowed to play inline after fullscreen. Looped video causes play state to update, which can send video back to fullscreen when allowsInline is false. This change will set a new flag when allowsInlineMediaPlaybackAfterFullscreen allows inline playback that can be tested in requiresFullscreenForVideoPlayback to prevent sending video back into fullscreen when video loops. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::enterFullscreen): (WebCore::HTMLMediaElement::exitFullscreen): * html/HTMLMediaElement.h: (WebCore::HTMLMediaElement::isTemporarilyAllowingInlinePlaybackAfterFullscreen): Added. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback): 2017-02-16 Matthew Hanson Merge r212301. rdar://problem/30494674 2017-02-13 Filip Pizlo worker.postMessage should throw a TypeError if a SharedArrayBuffer is in the transfer list https://bugs.webkit.org/show_bug.cgi?id=168277 Reviewed by Mark Lam. Test: workers/sab/postMessage-transfer-type-error.html This is a simple spec compliance change. The title says it all. * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::create): 2017-02-16 Matthew Hanson Merge r212260. rdar://problem/30481079 2017-02-13 Simon Fraser Call WKDestroyRenderingResources() on iOS when tabs are backgrounded https://bugs.webkit.org/show_bug.cgi?id=168261 rdar://problem/30481079 Reviewed by Tim Horton. Add CABackingStoreCollectBlocking() to QuartzCoreSPI.h, and fix files in WebCore that do a framework include. * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: * platform/graphics/cocoa/WebActionDisablingCALayerDelegate.h: * platform/spi/cocoa/QuartzCoreSPI.h: * platform/spi/mac/NSViewSPI.h: 2017-02-16 Matthew Hanson Merge r212214. rdar://problem/30451581 2017-02-12 Ryosuke Niwa REGRESSION (r179497): Crash inside setAttributeNode https://bugs.webkit.org/show_bug.cgi?id=168161 Reviewed by Andreas Kling. The bug was caused by setAttributeNode calling setAttributeInternal with the same element data as the one used to call removeAttributeInternal despite of the fact removeAttributeInternal could have invoked arbitrary scripts and mutated element's m_elementData. Fixed the bug by calling with setAttributeInternal with the result of new invocation of ensureUniqueElementData(). Test: fast/dom/Attr/make-unique-element-data-while-replacing-attr.html * dom/Element.cpp: (WebCore::Element::setAttributeNode): 2017-02-16 Matthew Hanson Merge r212174. rdar://problem/29904368 2017-02-10 Daniel Bates Attempt to fix the build following (https://bugs.webkit.org/show_bug.cgi?id=166774) * dom/Document.cpp: (WebCore::Document::detachFromCachedFrame): Use ASSER_UNUSED() instead of ASSERT() since the parameter cachedFrame is unused in non-debug build. 2017-02-16 Matthew Hanson Merge r212173. rdar://problem/29904368 2017-02-10 Daniel Bates Detach frame from document when entering page cache https://bugs.webkit.org/show_bug.cgi?id=166774 Reviewed by Chris Dumez. When a page enters the page cache it is unnecessary for it to hold a reference to its associated frame because subsequent interactions with the page do not need to make use of it. Once a page exits the page cache we associate it with its frame. * dom/Document.cpp: (WebCore::Document::frameDestroyed): Update comment to reflect the renaming of disconnectFromFrame(). (WebCore::Document::attachToCachedFrame): Added. (WebCore::Document::detachFromCachedFrame): Added. (WebCore::Document::prepareForDestruction): Only call CSSAnimationController::detachFromDocument() if we have a frame. Substitute detachFromFrame() for disconnectFromFrame() as the latter was renamed to the former. (WebCore::Document::hasEverCalledWindowOpen): Deleted. (WebCore::Document::markHasCalledWindowOpen): Deleted. (WebCore::Document::disconnectFromFrame): Renamed to detachFromFrame. * dom/Document.h: (WebCore::Document::detachFromFrame): Renamed; formerly named disconnectFromFrame(). Changed visibility from public to private and made this function inline. * history/CachedFrame.cpp: (WebCore::CachedFrameBase::pruneDetachedChildFrames): Remove cached child frames that were removed from the page when it was in the page cache as there is no need to restore such frames. (WebCore::CachedFrameBase::restore): Call pruneDetachedChildFrames() before restoring the frame tree. (WebCore::CachedFrame::CachedFrame): Detach from the frame. (WebCore::CachedFrame::open): Assert that we have a document and re-attach the frame. (WebCore::CachedFrame::destroy): Update assertion as this function should only be called for a frameless document. Only detach the FrameView, DocumentLoader, and Page when the cached frame is for subframe and is associated with a Page object. Call CSSAnimationController::detachFromDocument() to detach the animation controller from the document as it is being destroyed. We have to do this here because the document does not have a frame. And Document::prepareForDestruction() only calls CSSAnimationController::detachFromDocument() if the document has a frame. * history/CachedFrame.h: * history/PageCache.cpp: (WebCore::canCachePage): Remove logic that prevents caching of a page that called window.open() or has an opener as it is feasible to keep such pages in the page cache. * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::finishedInsertingSubtree): Fix style nit. * loader/FrameLoader.cpp: (WebCore::FrameLoader::frameDetached): Only stop all loaders and stop active DOM objects if the page is not in- or about to enter- the page cache. A page in the page cache has finished loading and its active DOM objects are suspended. Also fix style nit in comment. (WebCore::FrameLoader::detachFromParent): Only stop all loaders if the page is not in- or about to enter- the page cache. A page in the page cache has finished loading. Also added a comment to explain that we protect the frame because stopAllLoaders() can cause the frame to be deallocated. * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Remove logic to call markHasCalledWindowOpen() as this function will be removed. * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::hasCalledWindowOpenKey): Deleted. (WebCore::DiagnosticLoggingKeys::hasOpenerKey): Deleted. * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::Page::openedByWindowOpen): Deleted. * page/Page.h: * page/Settings.in: Remove setting allowsPageCacheWithWindowOpener. 2017-02-16 Matthew Hanson Merge r212172. rdar://problem/30476807 2017-02-10 Simon Fraser REGRESSION (r211845): [ios-simulator] LayoutTest compositing/masks/solid-color-masked.html is a flaky failure https://bugs.webkit.org/show_bug.cgi?id=168054 Reviewed by Tim Horton. When adding mask layers, there was an ordering dependency. There was a hack in GraphicsLayerCA::setVisibleAndCoverageRects() to propagate m_intersectsCoverageRect to masks. However, if GraphicsLayerCA::setVisibleAndCoverageRects() ran on the masked layer before the mask was added, nothing updated the "m_intersectsCoverageRect" state of the mask layer. Fix by explicitly calling setVisibleAndCoverageRects() on the mask layer, passing the same rects and viewport-constrained state as for its host layer (we already assume that their geometry matches). Tested by compositing/masks/solid-color-masked.html * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects): (WebCore::GraphicsLayerCA::recursiveCommitChanges): 2017-02-16 Matthew Hanson Merge r212153. rdar://problem/30467120 2017-02-10 Simon Fraser Make sure the "inwindow" flag propagates to TiledBackings for masks and reflections https://bugs.webkit.org/show_bug.cgi?id=168127 rdar://problem/30467120 Reviewed by Tim Horton. Replace the special-case, but wrong, GraphicsLayer traversal in setIsInWindowIncludingDescendants() which forgot to hit masks and replica layers with a generic traverse() function, which is then used for setting 'inWindow' as well as resetting tracked repaints. Tests: compositing/tiling/tiled-mask-inwindow.html compositing/tiling/tiled-reflection-inwindow.html * page/PageOverlayController.cpp: (WebCore::PageOverlayController::layerWithDocumentOverlays): (WebCore::PageOverlayController::layerWithViewOverlays): * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::setIsInWindow): (WebCore::GraphicsLayer::setReplicatedByLayer): (WebCore::GraphicsLayer::traverse): (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants): Deleted. * platform/graphics/GraphicsLayer.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::setIsInWindow): (WebCore::RenderLayerCompositor::resetTrackedRepaintRects): (WebCore::resetTrackedRepaintRectsRecursive): Deleted. 2017-02-16 Matthew Hanson Merge r212152. rdar://problem/30459055 2017-02-09 Simon Fraser Tiled layers are sometimes left with some tiles when outside the viewport https://bugs.webkit.org/show_bug.cgi?id=168104 rdar://problem/30459055 Reviewed by Tim Horton. When the coverage rect of a TiledBacking goes from a non-empty rect to an empty rect, we shouldn't just early return from TileGrid::revalidateTiles(), otherwise we are left with some tiles. Run through the function as normal, which will remove all the tiles for an empty coverage rect. Minor logging changes. Test: tiled-drawing/tile-coverage-iframe-to-zero-coverage.html * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::revalidateTiles): 2017-02-16 Matthew Hanson Merge r212151. rdar://problem/30090186 2017-02-10 Zalan Bujtas Mail hangs when removing multiple rows from large table. https://bugs.webkit.org/show_bug.cgi?id=168103 Reviewed by Ryosuke Niwa. DeleteSelectionCommand::removeNode doesn't actually destroy table structure items, but instead it removes their content. In order to be able to continue editing the table after the delete, we need to ensure that its cells' width and height are > 0. Currently we issue layout on each table item recursively. This patch delays the layout until after we've finished with the entire subtree delete (10x progression). Performance test added. * editing/DeleteSelectionCommand.cpp: (WebCore::DeleteSelectionCommand::insertBlockPlaceholderForTableCellIfNeeded): (WebCore::DeleteSelectionCommand::removeNodeUpdatingStates): (WebCore::shouldRemoveContentOnly): (WebCore::DeleteSelectionCommand::removeNode): * editing/DeleteSelectionCommand.h: 2017-02-16 Matthew Hanson Merge r211766. rdar://problem/30467124 2017-02-06 Simon Fraser Re-land r210095 (avoid a tile revalidation on scale change) https://bugs.webkit.org/show_bug.cgi?id=167866 Reviewed by Tim Horton. r210095 was rolled out in r211230 but now that all TileControllers unparent offscreen tiles, we can roll it back it. Also add more Tiling logging. * platform/graphics/ca/TileGrid.cpp: (WebCore::validationPolicyAsString): (WebCore::TileGrid::setScale): (WebCore::TileGrid::prepopulateRect): (WebCore::TileGrid::revalidateTiles): (WebCore::TileGrid::ensureTilesForRect): 2017-02-16 Matthew Hanson Merge r211688. rdar://problem/30467177 2017-02-05 Simon Fraser Remove unparentsOffscreenTiles logic in TileController https://bugs.webkit.org/show_bug.cgi?id=167823 Reviewed by Tim Horton. Give all TileGrids the "unparents offscreen tiles" behavior. This was enabled for only the page tiles in WK2 on Mac and iOS, but there's no reason to not use it for tiled composited layers also. Also use more modern C++ idioms in a few places. * platform/graphics/TiledBacking.h: * platform/graphics/ca/TileController.h: * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::revalidateTiles): (WebCore::TileGrid::ensureTilesForRect): * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::RenderLayerBacking): 2017-02-16 Matthew Hanson Merge r211662. rdar://problem/30467322 2017-02-03 Simon Fraser Correctly set the "inWindow" flag for TileControllers that aren't the page tiles, and clarify "usingTiledBacking" logic https://bugs.webkit.org/show_bug.cgi?id=167774 Reviewed by Tim Horton. RenderLayerBacking had some very confusing "usingTiledCacheLayer" uses. Its member variable, m_usingTiledCacheLayer, really meant "m_isMainFrameLayerWithTiledBacking" so make it so. It had a usingTiledBacking(), which returned the same thing, which this patch replaces with isMainFrameLayerWithTiledBacking(). The fact that usingTiledBacking() was only true for the page tiled layer tripped up RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants(), which would only ever call setIsInWindow() on the page tiled layer. These changes fix that. Also make a way for tests to unparent the web view via UIScriptController, and dump out the "in window" status of TileBackings when dumping tile caches. Test: tiled-drawing/tiled-backing-in-window.html * platform/graphics/TiledBacking.h: * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::dumpAdditionalProperties): * platform/graphics/ca/TileController.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::RenderLayerBacking): (WebCore::computePageTiledBackingCoverage): (WebCore::RenderLayerBacking::adjustTiledBackingCoverage): (WebCore::RenderLayerBacking::setTiledBackingHasMargins): (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): (WebCore::RenderLayerBacking::shouldClipCompositedBounds): (WebCore::RenderLayerBacking::updateDescendantClippingLayer): (WebCore::RenderLayerBacking::updateRootLayerConfiguration): (WebCore::RenderLayerBacking::paintsIntoWindow): (WebCore::computeTileCoverage): Deleted. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::flushPendingLayerChanges): (WebCore::RenderLayerCompositor::rootFixedBackgroundsChanged): (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants): (WebCore::RenderLayerCompositor::supportsFixedRootBackgroundCompositing): (WebCore::RenderLayerCompositor::documentUsesTiledBacking): 2017-02-16 Matthew Hanson Merge r211683. rdar://problem/30467272 2017-02-04 Simon Fraser Clean up how GraphicsLayer's "inWindow" state is set, and fix some issues with Page Overlays https://bugs.webkit.org/show_bug.cgi?id=167850 Reviewed by Tim Horton. RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants() walked the RenderLayer tree to set the GraphicsLayer's "inWindow" state. This had the problem of skipping non-primary GraphicsLayers. We also never did this work for page overlay layers. Fix by giving GraphicsLayers a recursive function that sets the inWindow state, and call that from RenderLayerCompositor::setIsInWindow() and PageOverlayController. PageOverlayController also needs to implement tiledBackingUsageChanged so that tiled backings created dynamically get the correct in-window state. Page overlays also had some serious issues in MiniBrowser, in that they disappeared on reload, and on hide/show web view. This was because the overlay root layers were re-parented, but addChild() for each overlay's layer wasn't called. Clean up by replacing willAttachRootLayer() followed by viewOverlayRootLayer()/documentOverlayRootLayer() with single calls that set up the layers, update the inWindow state, and return the layer. Make it possible to dump tile caches in page overlay tests. Make showGraphicsLayers() always dump page overlay layers (source of much confusion). Test: pageoverlay/overlay-remove-reinsert-view.html * page/PageOverlayController.cpp: (WebCore::PageOverlayController::documentOverlayRootLayer): (WebCore::PageOverlayController::viewOverlayRootLayer): (WebCore::PageOverlayController::layerWithDocumentOverlays): (WebCore::PageOverlayController::layerWithViewOverlays): (WebCore::PageOverlayController::tiledBackingUsageChanged): (WebCore::PageOverlayController::willAttachRootLayer): Deleted. * page/PageOverlayController.h: * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::setIsInWindowIncludingDescendants): (WebCore::dumpChildren): * platform/graphics/GraphicsLayer.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::appendDocumentOverlayLayers): (WebCore::RenderLayerCompositor::setIsInWindow): (WebCore::RenderLayerCompositor::attachRootLayer): (WebCore::RenderLayerCompositor::rootLayerAttachmentChanged): (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants): Deleted. * rendering/RenderLayerCompositor.h: * testing/Internals.cpp: (WebCore::toLayerTreeFlags): (WebCore::Internals::layerTreeAsText): (WebCore::Internals::pageOverlayLayerTreeAsText): * testing/Internals.h: * testing/Internals.idl: * testing/MockPageOverlayClient.cpp: (WebCore::MockPageOverlayClient::layerTreeAsText): * testing/MockPageOverlayClient.h: 2017-02-16 Matthew Hanson Merge r211662. rdar://problem/30467322 2017-02-03 Simon Fraser Correctly set the "inWindow" flag for TileControllers that aren't the page tiles, and clarify "usingTiledBacking" logic https://bugs.webkit.org/show_bug.cgi?id=167774 Reviewed by Tim Horton. RenderLayerBacking had some very confusing "usingTiledCacheLayer" uses. Its member variable, m_usingTiledCacheLayer, really meant "m_isMainFrameLayerWithTiledBacking" so make it so. It had a usingTiledBacking(), which returned the same thing, which this patch replaces with isMainFrameLayerWithTiledBacking(). The fact that usingTiledBacking() was only true for the page tiled layer tripped up RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants(), which would only ever call setIsInWindow() on the page tiled layer. These changes fix that. Also make a way for tests to unparent the web view via UIScriptController, and dump out the "in window" status of TileBackings when dumping tile caches. Test: tiled-drawing/tiled-backing-in-window.html * platform/graphics/TiledBacking.h: * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::dumpAdditionalProperties): * platform/graphics/ca/TileController.h: * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::RenderLayerBacking): (WebCore::computePageTiledBackingCoverage): (WebCore::RenderLayerBacking::adjustTiledBackingCoverage): (WebCore::RenderLayerBacking::setTiledBackingHasMargins): (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): (WebCore::RenderLayerBacking::shouldClipCompositedBounds): (WebCore::RenderLayerBacking::updateDescendantClippingLayer): (WebCore::RenderLayerBacking::updateRootLayerConfiguration): (WebCore::RenderLayerBacking::paintsIntoWindow): (WebCore::computeTileCoverage): Deleted. * rendering/RenderLayerBacking.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::flushPendingLayerChanges): (WebCore::RenderLayerCompositor::rootFixedBackgroundsChanged): (WebCore::RenderLayerCompositor::setIsInWindowForLayerIncludingDescendants): (WebCore::RenderLayerCompositor::supportsFixedRootBackgroundCompositing): (WebCore::RenderLayerCompositor::documentUsesTiledBacking): 2017-02-16 Matthew Hanson Merge r211501. rdar://problem/29904368 2017-02-01 Antoine Quint [mac-wk1] LayoutTest media/modern-media-controls/tracks-support/tracks-support-click-track-in-panel.html is a flaky timeout https://bugs.webkit.org/show_bug.cgi?id=165319 Reviewed by Dean Jackson. Running media/controls/track-menu.html before media/modern-media-controls/tracks-support/tracks- support-click-track-in-panel.html makes that test time out in all test runs. The root of the issue is that animations are suspended by media/controls/track-menu.html with a call to internals.suspendAnimations(), and that state isn't reset with a call to internals.resumeAnimations(). Then, media/modern-media-controls/tracks-support/tracks-support-click-track-in-panel.html fails because the selection animation for the tracks panel menu item that is clicked never completes and the delegate to notify that an item in the tracks panel was selected is never fired, which leads to the test failure. We change Internals::suspendAnimations() and Internals::resumeAnimations() to only affect the current document, rather than calling into AnimationController::suspendAnimations() which would do just that, but also set a Frame-wide flag that would prevent further animations from running, even in a subsequent document load. * dom/Document.cpp: (WebCore::Document::prepareForDestruction): Ensure the document that is about to be destroyed is no longer associated with an AnimationController. * page/animation/AnimationController.cpp: (WebCore::AnimationControllerPrivate::ensureCompositeAnimation): Update the animation's suspend state in case the document its renderer is associated with is suspended. This is required since previously CompositeAnimations would set their suspend state in their constructor, based on the Frame-wide suspended state, but there is no document to use as a basis to query its suspended state in that constructor. (WebCore::AnimationControllerPrivate::animationsAreSuspendedForDocument): (WebCore::AnimationControllerPrivate::detachFromDocument): (WebCore::AnimationControllerPrivate::suspendAnimationsForDocument): (WebCore::AnimationControllerPrivate::resumeAnimationsForDocument): (WebCore::AnimationControllerPrivate::startAnimationsIfNotSuspended): (WebCore::AnimationController::animationsAreSuspendedForDocument): (WebCore::AnimationController::detachFromDocument): * page/animation/AnimationController.h: * page/animation/AnimationControllerPrivate.h: * testing/Internals.cpp: (WebCore::Internals::animationsAreSuspended): (WebCore::Internals::suspendAnimations): (WebCore::Internals::resumeAnimations): 2017-02-15 Ryan Haddad Merge r212238. rdar://problem/30494165 2017-02-13 Chris Dumez Regression(r211455): ASSERTION FAILED: frameView || pageCacheState() == InPageCache in com.apple.WebCore: WebCore::Document::destroyRenderTree https://bugs.webkit.org/show_bug.cgi?id=168237 Reviewed by Gavin Barraclough. Drop bad assertion under document::destroyRenderTree() that was introduced in r211455. The assertion seemed like a good idea but the issue is that CachedFrame::destroy() reset's the document's pageCacheState before calling Document::prepareForDestruction(). No new tests, this fixes assertion hits on our bots. * dom/Document.cpp: (WebCore::Document::destroyRenderTree): 2017-02-10 Matthew Hanson Merge r212131. rdar://problem/30271744 2017-02-10 Dave Hyatt [CSS Parser] Make intercap property values serialize correctly https://bugs.webkit.org/show_bug.cgi?id=168073 Reviewed by Zalan Bujtas. Fix CSS value keywords to preserve case when the value contains capital letters. Examples include optimizeSpeed, translateX, scaleY, etc. * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): (WebCore::CSSPrimitiveValue::operator EPointerEvents): (WebCore::CSSPrimitiveValue::operator TextRenderingMode): (WebCore::CSSPrimitiveValue::operator EImageRendering): (WebCore::CSSPrimitiveValue::operator EColorInterpolation): (WebCore::CSSPrimitiveValue::operator EColorRendering): (WebCore::CSSPrimitiveValue::operator EShapeRendering): * css/MediaQueryEvaluator.cpp: (WebCore::colorGamutEvaluate): * css/SVGCSSValueKeywords.in: * css/TransformFunctions.cpp: (WebCore::transformOperationType): (WebCore::transformsForValue): * css/makevalues.pl: * css/parser/CSSParserFastPaths.cpp: (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue): (WebCore::parseTransformTranslateArguments): (WebCore::parseSimpleTransformValue): * css/parser/CSSPropertyParser.cpp: (WebCore::consumeTransformValue): * css/parser/CSSPropertyParserHelpers.cpp: (WebCore::CSSPropertyParserHelpers::parseColorFunctionParameters): 2017-02-10 Matthew Hanson Merge r211910. rdar://problem/30358835 2017-02-08 Chris Dumez Use smaller tiles in windows that are not active to facilitate App Napping https://bugs.webkit.org/show_bug.cgi?id=167997 Reviewed by Simon Fraser. Use smaller / non-adaptative tiles in windows that are not active to facilitate App Napping after . Test: compositing/tiling/non-active-window-tiles-size.html * page/FrameView.cpp: (WebCore::FrameView::contentsResized): (WebCore::FrameView::addedOrRemovedScrollbar): (WebCore::FrameView::computeScrollability): (WebCore::FrameView::updateTiledBackingAdaptiveSizing): (WebCore::FrameView::unobscuredContentSizeChanged): (WebCore::FrameView::setViewExposedRect): * page/FrameView.h: * page/Page.cpp: (WebCore::Page::setActivityState): (WebCore::Page::isWindowActive): * page/Page.h: * platform/graphics/TiledBacking.h: * platform/graphics/ca/TileController.cpp: (WebCore::TileController::setTileSizeUpdateDelayDisabledForTesting): (WebCore::TileController::notePendingTileSizeChange): * platform/graphics/ca/TileController.h: * testing/Internals.cpp: (WebCore::Internals::resetToConsistentState): (WebCore::Internals::disableTileSizeUpdateDelay): * testing/Internals.h: * testing/Internals.idl: 2017-02-10 Brent Fulgham Merge r212026. rdar://problem/30096323 2017-02-09 Chris Dumez Crash under FormSubmission::create() https://bugs.webkit.org/show_bug.cgi?id=167200 Reviewed by Darin Adler. The issue is that FormSubmission::create() was iterating over form.associatedElements() as was calling Element::appendFormData() in the loop. HTMLObjectElement::appendFormData() was calling pluginWidget(PluginLoadingPolicy::Load) which causes a synchronous layout and can fire events (such as focus event) synchronously. Firing those events synchronously allows the JS to modify the form.associatedElements() vector we are currently iterating on. To avoid this issue, we now call pluginWidget(PluginLoadingPolicy::DoNotLoad) in HTMLObjectElement::appendFormData() as we are not allowed to fire synchronous events at this point. I also added a security assertion in FormSubmission::create() to catch cases where we fire JS events while iterating over the form associated elements to more easily notice these things in the future. Test: fast/forms/formsubmission-appendFormData-crash.html * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::appendFormData): * loader/FormSubmission.cpp: (WebCore::FormSubmission::create): 2017-02-10 Brent Fulgham Unreviewed build fix. * dom/Document.cpp: (WebCore::Document::adoptNode): isConnected -> inDocument. 2017-02-10 Matthew Hanson Rollout r212118. rdar://problem/30096323 2017-02-10 Matthew Hanson Merge r212026. rdar://problem/30096323 2017-02-09 Chris Dumez Crash under FormSubmission::create() https://bugs.webkit.org/show_bug.cgi?id=167200 Reviewed by Darin Adler. The issue is that FormSubmission::create() was iterating over form.associatedElements() as was calling Element::appendFormData() in the loop. HTMLObjectElement::appendFormData() was calling pluginWidget(PluginLoadingPolicy::Load) which causes a synchronous layout and can fire events (such as focus event) synchronously. Firing those events synchronously allows the JS to modify the form.associatedElements() vector we are currently iterating on. To avoid this issue, we now call pluginWidget(PluginLoadingPolicy::DoNotLoad) in HTMLObjectElement::appendFormData() as we are not allowed to fire synchronous events at this point. I also added a security assertion in FormSubmission::create() to catch cases where we fire JS events while iterating over the form associated elements to more easily notice these things in the future. Test: fast/forms/formsubmission-appendFormData-crash.html * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::appendFormData): * loader/FormSubmission.cpp: (WebCore::FormSubmission::create): 2017-02-10 Matthew Hanson Merge r211495. rdar://problem/30106362 2017-02-01 Jer Noble NULL-deref crash in TextTrack::removeCue() https://bugs.webkit.org/show_bug.cgi?id=167615 Reviewed by Eric Carlson. Test: http/tests/media/track-in-band-hls-metadata-crash.html Follow-up to r211401. When passing around a reference to an object, the assumption is that the caller is retaining the underlying object. This breaks down for InbandDataTextTrack::removeDataCue(), which releases its own ownership of the cue object, then passes the reference to that object to its superclass to do further remove steps. The retain count of the cue can thus drop to zero within the scope of InbandTextTrack::removeCue(). Use "take" semantics to remove the cue from the m_incompleteCueMap without releasing ownership, and pass a reference to that retained object on to removeCue(), guaranteeing that the cue will not be destroyed until after the romeveDataCue() method returns. * html/track/InbandDataTextTrack.cpp: (WebCore::InbandDataTextTrack::removeDataCue): 2017-02-10 Matthew Hanson Merge r211650. rdar://problem/30268004 2017-02-03 Jeremy Jones Pointer lock events should be delivered directly to the target element https://bugs.webkit.org/show_bug.cgi?id=167134 rdar://problem/30268004 Reviewed by Dean Jackson. pointer-lock/mouse-event-delivery.html: Enabled for mac, added wheel event tests. When pointer is locked on an element, route mouse events directly to the target element, instead of doing the normal event disptach. * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): (WebCore::EventHandler::handleMouseDoubleClickEvent): (WebCore::EventHandler::handleMouseMoveEvent): (WebCore::EventHandler::handleMouseReleaseEvent): (WebCore::EventHandler::handleMouseForceEvent): (WebCore::EventHandler::handleWheelEvent): * page/PointerLockController.cpp: (WebCore::PointerLockController::isLocked): Added. (WebCore::PointerLockController::dispatchLockedWheelEvent): Added. * page/PointerLockController.h: 2017-02-10 Matthew Hanson Merge r211375. rdar://problem/30268004 2017-01-30 Ryan Haddad Unreviewed, rollout r211235 Pointer lock events should be delivered directly to the target element. The LayoutTest for this change is frequently failing. * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): (WebCore::EventHandler::handleMouseDoubleClickEvent): (WebCore::EventHandler::handleMouseMoveEvent): (WebCore::EventHandler::handleMouseReleaseEvent): (WebCore::EventHandler::handleMouseForceEvent): (WebCore::EventHandler::handleWheelEvent): * page/PointerLockController.cpp: (WebCore::PointerLockController::isLocked): Deleted. (WebCore::PointerLockController::dispatchLockedWheelEvent): Deleted. * page/PointerLockController.h: 2017-02-09 Matthew Hanson Merge r212029. rdar://problem/30376972 2017-02-09 Chris Dumez Make sure Event keeps its current target element alive https://bugs.webkit.org/show_bug.cgi?id=167885 Reviewed by Brent Fulgham. Make sure Event keeps its current target element alive to avoid crashes if it is accessed by JS after it has been garbage collected. Test: fast/events/currentTarget-gc-crash.html * dom/Event.cpp: (WebCore::Event::setCurrentTarget): * dom/Event.h: (WebCore::Event::currentTarget): 2017-02-09 Matthew Hanson Merge r212028. rdar://problem/30234133 2017-02-09 Ryosuke Niwa Crash in render tree after dynamically mutating the slot value https://bugs.webkit.org/show_bug.cgi?id=167502 Reviewed by Antti Koivisto. The crash was caused by attributeChanged not destructing the render tree after an assigned element had been removed from its slot. Since the style resolver can no longer find this element in the flat tree, we need to delete its render object as if the element had been removed from the DOM tree. Tests: fast/html/details-summary-slot.html fast/shadow-dom/shadow-slot-attribute-change-crash.html * dom/Element.cpp: (WebCore::Element::attributeChanged): * html/HTMLSummaryElement.cpp: (WebCore::SummarySlotElement): Added. Always use the default slot regardless of the slot attribute's value. (WebCore::HTMLSummaryElement::create): Use SummarySlotElement 2017-02-09 Matthew Hanson Merge r212027. rdar://problem/30145076 2017-02-09 Antti Koivisto Details element doesn't work correctly when mutating content between closing and opening https://bugs.webkit.org/show_bug.cgi?id=167310 Reviewed by Ryosuke Niwa. Tests: fast/html/details-close-modify-open.html fast/shadow-dom/slot-remove-mutate-add.html * dom/SlotAssignment.cpp: (WebCore::SlotAssignment::didChangeSlot): Always reset the slot assignment when content is mutated. 2017-02-09 Matthew Hanson Merge r212025. rdar://problem/30076615 2017-02-09 Chris Dumez Crash under HTMLFormElement::registerFormElement() https://bugs.webkit.org/show_bug.cgi?id=167162 Reviewed by Ryosuke Niwa. didMoveToNewDocument() was re-registering FormAttributeTargetObserver even if the element's inDocument was not set yet. As a result, it was possible for FormAssociatedElement::resetFormOwner() to be called when the element was in the tree but with its inDocument still being false (because insertedInto() has not been called yet). This could end up calling HTMLFormElement::registerFormElement() even though the element is still recognized as detached. This is an issue because HTMLFormElement::m_associatedElements's order and its corresponding indexes (m_associatedElementsBeforeIndex / m_associatedElementsAfterIndex) rely on the position of the element with regards to the form element (before / inside / after). To address the issue, we now only register the FormAttributeTargetObserver in didMoveToNewDocument() if the inDocument flag is set to true. This is similar to what is done at other call sites of resetFormAttributeTargetObserver(). We also ignore the form content attribute in HTMLFormElement::formElementIndex() if the element is not connected. As per the HTML specification [1], the form content attribute is only taken if the element is connected (i.e. inDocument flag is true). Note that FormAssociatedElement::findAssociatedForm() was already ignoring the form content attribute if the element is disconnected. [1] https://html.spec.whatwg.org/#reset-the-form-owner (step 3) Test: fast/forms/registerFormElement-crash.html * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::didMoveToNewDocument): Only call resetFormAttributeTargetObserver() if inDocument flag is set, similarly to what is done at other call sites. (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver): Add an assertion to make sure no one call this method on an element that is not connected. * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::formElementIndex): Ignore the form content attribute if the element is not connected, as per the HTML specification [1]. 2017-02-09 Matthew Hanson Merge r212024. rdar://problem/30051227 2017-02-09 Antti Koivisto Tear down existing renderers when adding a shadow root. https://bugs.webkit.org/show_bug.cgi?id=167117 Reviewed by Andreas Kling. Adding a shadow root may cause children no longer be part of the flat tree. If they had renderers tear down code would no longer reach them. Test: fast/shadow-dom/attach-shadow-teardown.html * dom/Element.cpp: (WebCore::Element::addShadowRoot): Tear down existing render tree when adding a shadow root. 2017-02-09 Matthew Hanson Merge r212023. rdar://problem/30041640 2017-02-09 Brent Fulgham Handle synchronous layout when setting a selection range https://bugs.webkit.org/show_bug.cgi?id=167092 Reviewed by Antti Koivisto. The 'innerTextElement' of a form control can change during layout due to arbitrary JavaScript executing. Handle the case where the inner text element has changed so that current render box height is while setting a selection range. Test: fast/forms/input-type-change-during-selection.html * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setSelectionRange): 2017-02-09 Matthew Hanson Merge r211999. rdar://problem/29930443 2017-02-09 Brent Fulgham Disconnect shadow children of root when detaching a frame https://bugs.webkit.org/show_bug.cgi?id=166851 Reviewed by Andy Estes. If the root of the tree we are disconnecting has a shadow element, include it in the set of things to disconnect. Tests: fast/shadow-dom/shadow-at-root-during-disconnect.html * dom/ContainerNodeAlgorithms.cpp: (WebCore::disconnectSubframes): 2017-02-09 Matthew Hanson Merge r211966. rdar://problem/30149422 2017-02-09 Brent Fulgham Unreviewed build fix after r211965. * dom/Document.cpp: (WebCore::Document::adoptNode): inDocument -> isConnected 2017-02-09 Matthew Hanson Merge r211965. rdar://problem/30149422 2017-02-09 Ryosuke Niwa Adopting a child node of a script element can run script https://bugs.webkit.org/show_bug.cgi?id=167318 Reviewed by Darin Adler. The bug was caused by ScriptElement::childrenChanged indiscriminately running the script. Do this only if some node has been inserted as spec'ed: https://html.spec.whatwg.org/multipage/scripting.html#script-processing-model "The script element is connected and a node or document fragment is inserted into the script element, after any script elements inserted at that time." Split NonContentsChildChanged into NonContentsChildInserted and NonContentsChildRemoved to disambiguate non-contents child such as text and element being removed or inserted. New behavior matches that of Gecko and Chrome as well as the latest HTML5 specification. Also deploy NoEventDispatchAssertion in more places. Unfortunately, this results in some DOM trees internal to WebKit to be mutated while there is NoEventDispatchAssertion in the stack. Added a new RAII object "EventAllowedScope" to temporarily disable this assertion within such a tree. CachedSVGFont's ensureCustomFontData used to completely disable this assertion but we no longer have to do this either. To clarify the new semantics, renamed isEventDispatchForbidden to isEventAllowedInMainThread with the negated boolean value, and added a new variant isEventDispatchAllowedInSubtree, which checks isEventDispatchForbidden() is true or if the node was one of an internal DOM node or its descendent held by EventAllowedScope. Inspired by https://chromium.googlesource.com/chromium/src/+/604e798ec6ee30f44d57a5c4a44ce3dab3a871ed Tests: fast/html/script-must-not-run-when-child-is-adopted.html fast/html/script-must-not-run-when-child-is-removed.html * dom/CharacterData.cpp: (WebCore::CharacterData::notifyParentAfterChange): Added NoEventDispatchAssertion. * dom/ContainerNode.cpp: (WebCore::ContainerNode::insertBefore): Added NoEventDispatchAssertion around TreeScope's adoptIfNeeded and insertBeforeCommon as done elsewhere. (WebCore::ContainerNode::appendChildCommon): Added NoEventDispatchAssertion. (WebCore::ContainerNode::changeForChildInsertion): Use NonContentsChildInserted here. (WebCore::ContainerNode::notifyChildRemoved): Added NoEventDispatchAssertion. (WebCore::ContainerNode::replaceChild): Moved adoptIfNeeded into NoEventDispatchAssertion. (WebCore::ContainerNode::removeChild): Added NoEventDispatchAssertion. (WebCore::ContainerNode::parserRemoveChild): Added NoEventDispatchAssertion. (WebCore::ContainerNode::removeChildren): Call childrenChanged in NoEventDispatchAssertion. (WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck): Moved adoptIfNeeded into NoEventDispatchAssertion. (WebCore::dispatchChildInsertionEvents): Check the forbidden-ness more precisely. (WebCore::dispatchChildRemovalEvents): Ditto. * dom/ContainerNode.h: (WebCore::ContainerNode::ChildChange::isInsertion): Added. * dom/ContainerNodeAlgorithms.cpp: (WebCore::notifyChildNodeInserted): Check the forbidden-ness more precisely. Here, we check against insertionPoint since EventAllowedScope checks against the root node. * dom/Document.cpp: (WebCore::Document::adoptNode): Assert the node to be adopted has not been inserted back, or else remove() had resulted in an exception before calling TreeScope::adoptIfNeeded. * dom/Element.cpp: (WebCore::Element::childrenChanged): * dom/NoEventDispatchAssertion.h: (WebCore::NoEventDispatchAssertion::isEventDispatchForbidden): Added a new variant that takes a node. If this node is a descendent of a node "marked as safe" by EventAllowedScope, then we don't consider the event dispatch to be forbidden. (WebCore::NoEventDispatchAssertion::dropTemporarily): Deleted. (WebCore::NoEventDispatchAssertion::restoreDropped): Deleted. (WebCore::NoEventDispatchAssertion::EventAllowedScope): Added. A RAII object which marks descendants of a given node as "safe" for the purpose of checking isEventDispatchForbidden. (WebCore::NoEventDispatchAssertion::EventAllowedScope::EventAllowedScope): Added. There can be a chain of EventAllowedScope objects in the stack. s_currentScope points to the most recently instantiated RAII object, and each instance remembers prior instance. (WebCore::NoEventDispatchAssertion::EventAllowedScope::~EventAllowedScope): Added. (WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNode): Added. Returns true if the given node is a descendent of any node held by instances of EventAllowedScope. (WebCore::NoEventDispatchAssertion::EventAllowedScope::isAllowedNodeInternal): Added. A helper function for isAllowedNode. * dom/Node.cpp: (WebCore::Node::dispatchSubtreeModifiedEvent): Check the forbidden-ness more precisely. * dom/ScriptElement.cpp: (WebCore::ScriptElement::childrenChanged): Only prepare the script if we've inserted nodes. (WebCore::ScriptElement::executeClassicScript): Assert isEventDispatchForbidden is false since running arbitrary author scripts can, indeed, result dispatch any events. * dom/ScriptElement.h: * html/HTMLElement.cpp: (WebCore::textToFragment): Made this a static local function and not return an exception since there is no way appendChild called in this function can throw an exception. (WebCore::HTMLElement::setInnerText): Create EventAllowedScope for the fragment. It's called called by HTMLTextAreaElement's childrenChanged to update its UA shadow tree, and it's dispatching as event on a new fragment can't execute arbitrary scripts since it has never been exposed to author scripts. Because of the precise-ness of this check, this does not disable the assertion for "this" element. HTMLTextFormControlElement::setInnerTextValue explicitly creates another EventAllowedScope to mark the shadow tree into which the fragment is inserted safe. (WebCore::HTMLElement::setOuterText): * html/HTMLElement.h: * html/HTMLScriptElement.cpp: (WebCore::HTMLScriptElement::childrenChanged): * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setInnerTextValue): See above (setInnerText). * html/track/VTTCue.cpp: (WebCore::VTTCue::createCueRenderingTree): Create EventAllowedScope for the cloned fragment here since the VTT tree is never exposed to author scripts. (WebCore::VTTCue::updateDisplayTree): Ditto. * loader/cache/CachedSVGFont.cpp: (WebCore::CachedSVGFont::ensureCustomFontData): Use EventAllowedScope to disable assertions only on the new SVG document we just created instead of disabling for all DOM trees. * svg/SVGScriptElement.cpp: (WebCore::SVGScriptElement::childrenChanged): 2017-02-09 Matthew Hanson Merge r211763. rdar://problem/30380075 2017-02-06 Brent Fulgham Correct File Path Handling in SecurityOrigin and FileSystem https://bugs.webkit.org/show_bug.cgi?id=167894 Reviewed by Alexey Proskuryakov. Roll out the URL decoding being done in the FileSystem class (added in Bug 167894), and instead ensure that SecurityOrigin properly handles file URLs, and only passes valid file strings to the FileSystem interface. Tested by FileSystemTests and SecurityOriginTests in TestWebKitAPI. * page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::SecurityOrigin): Initialize m_filePath using the url's fileSystemPath, not the %-encoded 'path' property. (WebCore::SecurityOrigin::canDisplay): Pass the 'fileSystemPath' to 'filesHaveSameVolume', rather than the %-encoded 'path' property. * page/SecurityOrigin.h: * platform/FileSystem.cpp: (WebCore::filesHaveSameVolume): Do not use 'decodeURLEscapeSequences' in 'filesHaveSameVolume'. 2017-02-09 Matthew Hanson Merge r211382. rdar://problem/29738514 2017-01-30 Myles C. Maxfield Correct spacing regression on inter-element complex path shaping on some fonts https://bugs.webkit.org/show_bug.cgi?id=166013 Reviewed by Simon Fraser. This patch brings the implementation of ComplexTextController in-line with the design at https://trac.webkit.org/wiki/ComplexTextController. Previously, ComplexTextController had a few problems: - The total width computed by ComplexTextController didn't match the width if you iterated over the entire string and added up the advances - FontCascade::getGlyphsAndAdvancesForComplexText() tried to compensate for the above by construing the concepts of paint advances as distinct from layout advances - Initial advances were considered part of layout sometimes and part of painting other times, depending on which function reports the information - For RTL runs, the wrong origin was added to the initial advance, and the origin should have been subtracted instead of added This patch exhaustively updates every function in ComplexTextController to be consistent with the design linked to above. This design solves all of these problems. Tests: ComplexTextControllerTest.InitialAdvanceWithLeftRunInRTL ComplexTextControllerTest.InitialAdvanceInRTL ComplexTextControllerTest.InitialAdvanceWithLeftRunInLTR ComplexTextControllerTest.InitialAdvanceInLTR ComplexTextControllerTest.InitialAdvanceInRTLNoOrigins ComplexTextControllerTest.LeadingExpansion ComplexTextControllerTest.VerticalAdvances * platform/graphics/GlyphBuffer.h: (WebCore::GlyphBuffer::setLeadingExpansion): Deleted. No longer necessary. (WebCore::GlyphBuffer::leadingExpansion): Deleted. Ditto. * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::FontCascade::adjustSelectionRectForComplexText): Removed use of unnecessary leadingExpansion(). (WebCore::FontCascade::getGlyphsAndAdvancesForComplexText): This function needs to compute paint advances, which means that it can't base this information off of layout advances. This function uses the trick mentioned at the end of the above link to compute the paint offset of an arbitrary glyph in the middle of an RTL run. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::computeExpansionOpportunity): Refactored for testing. (WebCore::ComplexTextController::ComplexTextController): Ditto. (WebCore::ComplexTextController::finishConstruction): Ditto. (WebCore::ComplexTextController::offsetForPosition): This function operates on layout advances, and the initial layout advance is already added into the m_adjustedBaseAdvances vector by adjustGlyphsAndAdvances(). Therefore, there is no need to add it again here. (WebCore::ComplexTextController::advance): This function had completely busted logic about the relationship between initial advances and the first origin in each run. Because of the fortunate choice of only representing layout advances in m_adjustedBaseAdvances, this entire block can be removed and the raw paint initial advance can be reported to the GlyphBuffer. Later in the function, we have to update the logic about how to compute a paint advance given a layout advance and some origins. In particular, there are two tricky pieces here: 1. The layout advance for the first glyph is equal to (initial advance - first origin + first Core Text advance, so computing the paint offset must cancel out the initial layout offset, and 2. the last paint advance in a run must actually end up at the position of the first glyph in the next run, so the next run's initial advance must be queried. (WebCore::ComplexTextController::adjustGlyphsAndAdvances): Previously, we represented an initial advance of a successive run by just adding it to the previous run's last advance. However, this is incompatible with the new model presented in the link above, so we remove this section. We also have to add in the logic that the layout advance for the first glyph is equal to the formula presented above. * platform/graphics/mac/ComplexTextController.h: (WebCore::ComplexTextController::ComplexTextRun::initialAdvance): Adjust comment to reflect reality. (WebCore::ComplexTextController::leadingExpansion): Deleted. 2017-02-09 Matthew Hanson Merge r211957. rdar://problem/30029354 2017-02-09 Antti Koivisto Nullptr crash under styleForFirstLetter https://bugs.webkit.org/show_bug.cgi?id=167756 rdar://problem/30029354 Reviewed by Zalan Bujtas. Don't know how we get here. Paper over the crash. * rendering/RenderBlock.cpp: (WebCore::styleForFirstLetter): Use parent first line style if we compute null style for the first letter renderer. 2017-02-09 Matthew Hanson Merge r211949. rdar://problem/30119483 2017-02-09 Andreas Kling Disallow accelerated rendering for ginormous 2D canvases. Reviewed by Antti Koivisto. Add a "maximumAccelerated2dCanvasSize" setting that defaults to 5120x2880 which is the 5K resolution for 16:9. Also added a way to include the "accelerates drawing" flag in layer tree dumps. Test: compositing/canvas/accelerated-canvas-compositing-size-limit.html * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::shouldAccelerate): * page/Frame.h: * page/Settings.in: * platform/graphics/GraphicsLayer.cpp: (WebCore::GraphicsLayer::dumpProperties): * platform/graphics/GraphicsLayerClient.h: * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::layerTreeAsText): * testing/Internals.cpp: (WebCore::toLayerTreeFlags): * testing/Internals.h: * testing/Internals.idl: 2017-02-09 Matthew Hanson Merge r211926. rdar://problem/30275036 2017-02-08 Youenn Fablet HTML Link elements should load data URLs as same origin https://bugs.webkit.org/show_bug.cgi?id=168032 Reviewed by Alex Christensen. Test: fast/dom/data-url-css-link-element-cors-active.html Making CSS data URLs resources considered as same origin when loaded through link elements. In the future, we should consider remove the data URL same origin flag and fully align with the fetch and HTML spec. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::process): 2017-02-09 Matthew Hanson Merge r211913. rdar://problem/28062149 2017-02-08 Sam Weinig REGRESSION (r193286): Promise chain no longer prevent UI refresh https://bugs.webkit.org/show_bug.cgi?id=161291 Reviewed by Geoffrey Garen. Add new subtest to js/dom/Promise.html * dom/Microtasks.cpp: (WebCore::MicrotaskQueue::append): (WebCore::MicrotaskQueue::remove): (WebCore::MicrotaskQueue::performMicrotaskCheckpoint): * dom/Microtasks.h: The microtask queue needs to be completely drained, even of new microtasks added while the previous task was run. Remove the m_tasksAppendedDuringMicrotaskCheckpoint as it is no longer needed. 2017-02-09 Matthew Hanson Merge r211895. rdar://problem/30129966 2017-02-08 Brady Eidson Opt-out iBooks from synchronous willSendRequest on iOS. and https://bugs.webkit.org/show_bug.cgi?id=168006 Reviewed by Brent Fulgham. No new tests (Not a testable behavior change at this time). * platform/network/mac/ResourceHandleMac.mm: (WebCore::synchronousWillSendRequestEnabled): iBooks never gets synchronous willSendRequest: 2017-02-09 Matthew Hanson Merge r211845. rdar://problem/30187368 2017-02-06 Ryosuke Niwa WebContent process repeatedly jetsams on BuzzFeed's Another Round page https://bugs.webkit.org/show_bug.cgi?id=167830 Reviewed by Simon Fraser. The jetsams on https://www.buzzfeed.com/anotherround were caused by WebKit creating the backing store for every iframe's layer on the page regardless of whether they're in the viewport or not. This was caused by GraphicsLayerCA's setVisibleAndCoverageRects not setting CoverageRectChanged on m_uncommittedChanges on the very first call. Fixed the bug by initializing m_uncommittedChanges to always have CoverageRectChanged so that the coverage rect would get updated properly. Unfortunately, no new tests since somehow the backing store doesn't get created inside the test runner. * platform/graphics/ca/GraphicsLayerCA.h: (WebCore::GraphicsLayerCA): 2017-02-09 Matthew Hanson Merge r211835. rdar://problem/27439617 2017-02-07 Alex Christensen Revert r166597 https://bugs.webkit.org/show_bug.cgi?id=167951 Reviewed by Andreas Kling. * platform/spi/cf/CFNetworkSPI.h: Remove now-unused SPI declaration. 2017-02-09 Matthew Hanson Merge r211758. rdar://problem/30096129 2017-02-06 Youenn Fablet Allow some schemes to opt-out of CORS https://bugs.webkit.org/show_bug.cgi?id=167795 Reviewed by Alex Christensen. Test: http/tests/security/bypassing-cors-checks-for-extension-urls.html Adding the possibility to opt out of CORS for DocumentThreadableLoader clients (fetch and XHR). This is made specific to the case of user extension URLs for pages running user scripts. Introducing a boolean flag in Page for that purpose. Introducing a helper routine in SchemeRegistry to centralize the various user script extension schemes. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): * page/Frame.cpp: (WebCore::Frame::injectUserScripts): * page/Page.h: (WebCore::Page::setAsRunningUserScripts): (WebCore::Page::isRunningUserScripts): * platform/SchemeRegistry.cpp: (WebCore::SchemeRegistry::isUserExtensionScheme): * platform/SchemeRegistry.h: * testing/Internals.cpp: (WebCore::Internals::setAsRunningUserScripts): * testing/Internals.h: * testing/Internals.idl: 2017-02-09 Matthew Hanson Merge r211746. rdar://problem/30107622 2017-02-06 Jer Noble Playback stalls when a SourceBuffer append causes frame eviction https://bugs.webkit.org/show_bug.cgi?id=167834 Reviewed by Eric Carlson. Test: PerformanceTests/Media/MSERemoveCodedFrames.html Optimize searching through SampleMap by presentationTime. Many of the methods exposed by PresentationOrderSampleMap used the bare std::equal_range, lower_bound, or upper_bound methods. Unlike those methods exposed on std::map, the bare search methods perform a linear O(n) search, rather than a the binary O(log(n)) search used by std::map. Rewrite those methods using the bare methods in terms of the std::map search methods. Drive-by fix: rename findSampleOnOrAfterPresentationTime to findSampleStartingOnOrAfterPresentationTime to make the behavior of the method more explicit. * Modules/mediasource/SampleMap.cpp: (WebCore::PresentationOrderSampleMap::findSampleContainingPresentationTime): (WebCore::PresentationOrderSampleMap::findSampleStartingOnOrAfterPresentationTime): (WebCore::PresentationOrderSampleMap::reverseFindSampleBeforePresentationTime): (WebCore::DecodeOrderSampleMap::findSyncSampleAfterPresentationTime): (WebCore::PresentationOrderSampleMap::findSamplesBetweenPresentationTimes): (WebCore::PresentationOrderSampleMap::findSamplesWithinPresentationRange): (WebCore::PresentationOrderSampleMap::findSampleOnOrAfterPresentationTime): Deleted. * Modules/mediasource/SampleMap.h: (WebCore::PresentationOrderSampleMap::begin): (WebCore::PresentationOrderSampleMap::end): (WebCore::PresentationOrderSampleMap::rbegin): (WebCore::PresentationOrderSampleMap::rend): (WebCore::DecodeOrderSampleMap::begin): (WebCore::DecodeOrderSampleMap::end): (WebCore::DecodeOrderSampleMap::rbegin): (WebCore::DecodeOrderSampleMap::rend): (WebCore::SampleMap::SampleMap): (WebCore::SampleMap::sizeInBytes): (WebCore::SampleMap::decodeOrder): (WebCore::SampleMap::presentationOrder): * Modules/mediasource/SourceBuffer.cpp: (WebCore::removeSamplesFromTrackBuffer): (WebCore::SourceBuffer::removeCodedFrames): (WebCore::SourceBuffer::reenqueueMediaForTime): * WebCore.xcodeproj/project.pbxproj: 2017-02-09 Matthew Hanson Merge r211730. rdar://problem/30251840 2017-02-06 Antti Koivisto CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Node::invalidateStyle https://bugs.webkit.org/show_bug.cgi?id=167878 rdar://problem/30251840 Reviewed by Andreas Kling. Speculative fix. We are trying to invalidate a null node from ~PostResolutionCallbackDisabler. Looks like the only way this could happen is if HTMLFrameOwnerElement::scheduleinvalidateStyleAndLayerComposition is called with null 'this'. There is one place where this might happen. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::attachRootLayer): Add null check. 2017-02-09 Matthew Hanson Merge r211667. rdar://problem/28193222 2017-02-03 Myles C. Maxfield REGRESSION(r204858): Synthetic bold text in vertical writing mode is rotated away from original text https://bugs.webkit.org/show_bug.cgi?id=167826 Reviewed by Zalan Bujtas. When drawing vertical text, the rotation is not reset between successive paint calls. We implement synthetic bold by drawing text twice, which means that the second draw call was getting rotated twice. This was an oversight in r204858. Test: fast/text/synthetic-bold-vertical-text.html * platform/graphics/cocoa/FontCascadeCocoa.mm: (WebCore::showGlyphsWithAdvances): 2017-02-09 Matthew Hanson Merge r211663. rdar://problem/30343810 2017-02-03 Jeremy Jones WK1 mouse events are missing movementX and movementY for pointerlock. https://bugs.webkit.org/show_bug.cgi?id=167775 rdar://problem/30343810 Reviewed by Alexey Proskuryakov. pointer-lock/mouse-event-delivery.html Improve mouse-event-delivery.html test to mouse move and check for valid movementX and movementY. * platform/mac/PlatformEventFactoryMac.mm: (WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder): WK1 plumb throuhg movementX and movementY 2017-02-09 Matthew Hanson Merge r211625. rdar://problem/29168795 2017-02-03 Antti Koivisto WebContent crash when pasting into input fields at com.apple.WebCore: WebCore::ResourceRequestBase::url const + 9 https://bugs.webkit.org/show_bug.cgi?id=167787 rdar://problem/29168795 Reviewed by Andreas Kling. No test, don't know how to get here. * page/animation/CSSPropertyAnimation.cpp: (WebCore::crossfadeBlend): Null check. 2017-02-09 Matthew Hanson Merge r211622. rdar://problem/30116072 2017-02-02 Andreas Kling [Mac] In-process memory pressure monitor for WebContent processes AKA websam Reviewed by Antti Koivisto. Add a new timer-based memory pressure monitor that checks the process memory footprint every 30 seconds and reacts to changes by setting a MemoryUsagePolicy. There are four MemoryUsagePolicy values: - Unrestricted (below 1GB) - Conservative (above 1GB) - Strict (above 2GB) - Panic (above 4GB, or 3GB if 32-bit) For Strict and above, the old-style "isUnderMemoryPressure()" API will return true. Transitioning to a higher policy will cause memory pressure handlers to run: At Strict, we run the "non-critical" memory pressure handler, then carry on. At Panic, we run the "critical" memory pressure handler. If that fails to recover enough memory to bring us back below 4GB, we may kill the process: A process is eligible to get killed for using too much memory if: - It's not visible on screen (i.e it's a background tab.) - It's not playing audio. - It has not performed a main frame navigation in the last hour. Before killing the process, an exit-time callback will run. This patch installs such a callback that prints out some time-of-death statistics about C++ and JavaScript memory usage to hopefully help understand what was soaking up all the memory. * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): * loader/FrameLoader.cpp: (WebCore::FrameLoader::setState): * page/MainFrame.cpp: (WebCore::MainFrame::didCompleteLoad): * page/MainFrame.h: * page/MemoryRelease.cpp: (WebCore::pageCount): (WebCore::logMemoryStatisticsAtTimeOfDeath): (WebCore::didExceedMemoryLimitAndFailedToRecover): (WebCore::processIsEligibleForMemoryKill): * page/MemoryRelease.h: * page/ResourceUsageThread.h: * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::vmPageSize): * platform/MemoryPressureHandler.cpp: (WebCore::MemoryPressureHandler::MemoryPressureHandler): (WebCore::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor): (WebCore::toString): (WebCore::thresholdForPolicy): (WebCore::policyForFootprint): (WebCore::MemoryPressureHandler::measurementTimerFired): * platform/MemoryPressureHandler.h: (WebCore::MemoryPressureHandler::setMemoryKillCallback): (WebCore::MemoryPressureHandler::setProcessIsEligibleForMemoryKillCallback): (WebCore::MemoryPressureHandler::isUnderMemoryPressure): 2017-02-09 Matthew Hanson Merge r211621. rdar://problem/30221102 2017-02-02 Alex Christensen URLParser: Fix parsing invalid IPv4 addresses with non-ASCII characters https://bugs.webkit.org/show_bug.cgi?id=167773 Reviewed by Ryosuke Niwa. If an invalid IPv4 address contains the first syntaxViolation (difference between input and canonicalized URL), an iterator is used to calculate how far we have parsed in the input string to copy all the syntax-violation-free characters into a Vector. If a URL contains only ASCII that doesn't contain anything percent-encoded in the host, there is a fast path to parse ASCII hosts. All my existing invalid IPv4 tests followed this path. If there is a non-ASCII character, we need to use an iterator to the original string instead of an iterator to the string after converting the input string's host to ASCII. Covered by a new API test which used to RELEASE_ASSERT. * platform/URLParser.cpp: (WebCore::URLParser::parseIPv4Host): (WebCore::URLParser::parseIPv6Host): (WebCore::URLParser::parseHostAndPort): * platform/URLParser.h: 2017-02-09 Matthew Hanson Merge r211613. rdar://problem/30132707 2017-02-02 Wenson Hsieh CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::URL::host const + 9 https://bugs.webkit.org/show_bug.cgi?id=167766 Reviewed by Chris Dumez. The mainframe's document pointer may be null when tearing down a page upon navigation to a page that is in the page cache. If this triggers a GC sweep, we will attempt to reload touch bar media controls, which (as a part of the media controller heuristic) checks the mainframe's document URL to see if quirks should be enabled. This assumes that the mainframe's document exists, which is not a safe assumption if page navigation is occurring. As such, we need a null check for the mainframe's document in needsPlaybackControlsManagerQuirk(). No test, as we were unable to reproduce this crash. * html/HTMLMediaElement.cpp: (WebCore::needsPlaybackControlsManagerQuirk): 2017-02-09 Matthew Hanson Merge r211564. rdar://problem/29012252 2017-02-02 Antti Koivisto Column progression wrong after enabling pagination on RTL document https://bugs.webkit.org/show_bug.cgi?id=167733 Reviewed by Zalan Bujtas. Column progression depends on document direction but was not updated when direction changed. Test: fast/multicol/pagination/pagination-dynamic-rtl.html * rendering/RenderBox.cpp: (WebCore::RenderBox::styleDidChange): Update column styles if document direction changes. 2017-02-09 Matthew Hanson Merge r211254. rdar://problem/30188490 2017-01-26 Chris Dumez Crash when navigating back to a page in PacheCache when one of its frames has been removed https://bugs.webkit.org/show_bug.cgi?id=167421 Reviewed by Darin Adler. Disallow page caching of a page if: 1. The main window has an opener (i.e. it was opened via window.open) 2. It has ever used window.open() This is because allowing page caching in this case would allow such windows to script each other even after one of them entered Page Cache. Allowing this is dangerous and easily causes crashes. This is a short term workaround until we find a better solution to the problem. One issue is this workaround is that navigating back to a page that has an opener or used window.open() will not longer get the page from PageCache. As a result, state may be lost upon navigating back. However, we never guarantee that pages get page cached, and Chrome does not have a PageCache. Tests: fast/history/page-cache-after-window-open.html fast/history/page-cache-back-navigation-crash.html fast/history/page-cache-with-opener.html * dom/Document.cpp: (WebCore::Document::hasEverCalledWindowOpen): (WebCore::Document::markHasCalledWindowOpen): * dom/Document.h: * history/PageCache.cpp: (WebCore::canCachePage): * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::hasCalledWindowOpenKey): (WebCore::DiagnosticLoggingKeys::hasOpenerKey): * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::Page::openedByWindowOpen): * page/Page.h: * page/Settings.in: 2017-02-06 Matthew Hanson Merge r211653. rdar://problem/29872943 2017-02-03 Chris Dumez Dismiss HTML form validation popover when pressing Escape key https://bugs.webkit.org/show_bug.cgi?id=167716 Reviewed by Simon Fraser. Dismiss any visible HTML form validation popover when pressing the Escape key. Test: fast/forms/validation-bubble-escape-key-dismiss.html * page/EventHandler.cpp: (WebCore::EventHandler::keyEvent): * page/ValidationMessageClient.h: 2017-02-05 Matthew Hanson Merge r211504. rdar://problem/30301117 2017-02-01 Chris Dumez REGRESSION(r205136): {}.toString.call(crossOriginWindow) should not throw https://bugs.webkit.org/show_bug.cgi?id=167681 Reviewed by Mark Lam. As per https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-): """ If P is @@toStringTag, @@hasInstance, or @@isConcatSpreadable, then return PropertyDescriptor{ [[Value]]: undefined, [[Writable]]: false, [[Enumerable]]: false, [[Configurable]]: true }. """ We now implement this behavior instead of throwing. Test: http/tests/security/symbols-cross-origin.html * bindings/js/JSDOMWindowCustom.cpp: (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess): * bindings/js/JSLocationCustom.cpp: (WebCore::JSLocation::getOwnPropertySlotDelegate): 2017-02-05 Matthew Hanson Merge r211659. rdar://problem/28725791 2017-02-03 Jer Noble ASSERT in HTMLMediaElement::~HTMLMediaElement https://bugs.webkit.org/show_bug.cgi?id=167818 Reviewed by Brent Fulgham. Test: media/audio-dealloc-crash.html HTMLMediaElement's MediaElementSession can nominate the HTMLMediaElement itself to become the playback controls session from inside the HTMLMediaElement destructor. Protect against this by clearing out the session before calling updatePlaybackControlsManager(). * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::~HTMLMediaElement): 2017-02-05 Matthew Hanson Merge r211676. rdar://problem/30229990 2017-02-04 Chris Dumez Unreviewed, fix mistake in comment added in r211569. * history/PageCache.cpp: (WebCore::PageCache::removeAllItemsForPage): 2017-02-05 Matthew Hanson Merge r211569. rdar://problem/30229990 2017-02-02 Chris Dumez [Crash] com.apple.WebKit.WebContent at WebKit: WebKit::WebPage::fromCorePage() https://bugs.webkit.org/show_bug.cgi?id=167738 Reviewed by Andreas Kling. Upon destruction of a Page, we destroy the BackForwardClient, which is supposed to keep track of HistoryItems associated to this particular page and remove them from the PageCache. Given the crash trace, the issue seems to be that some HistoryItems associated with the Page sometimes linger in the PageCache *after* the Page has been destroyed, which leads to crashes later on when pruning the PageCache. In order to make the process more robust, this patch refactors the code so that the Page is now in charge of removing all its associated HistoryItems from the PageCache instead of relying on the BackForwardClient. Also, instead of having the Page keep track of which HistoryItems are associated with it (which is error prone), we now scan all PageCache entries instead to find which ones are associated with the Page. While this is in theory slower, this is much safer and in practice not an issue because the PageCache usually has 3-5 entries. No new tests, could not reproduce. * history/CachedPage.cpp: (WebCore::CachedPage::CachedPage): * history/CachedPage.h: (WebCore::CachedPage::page): * history/PageCache.cpp: (WebCore::PageCache::removeAllItemsForPage): * history/PageCache.h: * page/Page.cpp: (WebCore::Page::~Page): 2017-02-05 Matthew Hanson Merge r211551. rdar://problem/26685576 2017-02-02 Yongjun Zhang In iOS, we should take background assertion when accessing localstorage databases. https://bugs.webkit.org/show_bug.cgi?id=165478 Move WebSQLiteDatabaseTrackerClient from WebKitLegacy to WebCore so that it can be accessible from WebKit1 and WebKit2. Previously, to avoid dependencies on UIKit, WebKitLegacy introduced several global methods for UIKit to setup the start/end background task blocks on runtime (WebKitSetStartBackgroundTaskBlock, WebKitSetInvalidWebBackgroundTaskIdentifier and WebKitSetEndBackgroundTaskBlock). Since we have to move the background task handling to WebCore, to avoid adding WebCore dependencies on UIKit, this patch introdues a new WebCore class WebBackgroundTaskController which holds the start/end background task blocks. The existing WebKitSetStartBackgroundTaskBlock and WebKitSetEndBackgroundTaskBlock methods in WebKit1 will use WebBackgroundTaskController to store the blocks set by UIKit. Reviewed by Brady Eidson. No new test since this is code refactoring. * WebCore.xcodeproj/project.pbxproj: Add a new class WebBackgroundTaskController to the project. Also move WebSQLiteDatabaseTrackerClient from WebKitLegacy to WebCore. * platform/ios/WebBackgroundTaskController.h: Use properties to hold the blocks for starting or ending background tasks. * platform/ios/WebBackgroundTaskController.mm: (+[WebBackgroundTaskController sharedController]): (-[WebBackgroundTaskController dealloc]): (-[WebBackgroundTaskController startBackgroundTaskWithExpirationHandler:]): Start a background task with a expiration handler; to start the background task, we will use backgroundTaskStartBlock set up by UIKit. (-[WebBackgroundTaskController endBackgroundTaskWithIdentifier:]): Call backgroundTaskEndBlack to end a background task. * platform/ios/WebSQLiteDatabaseTrackerClient.h: Copied from Source/WebKit/ios/Storage/WebSQLiteDatabaseTrackerClient.h. * platform/ios/WebSQLiteDatabaseTrackerClient.mm: Copied from Source/WebKit/ios/Storage/WebSQLiteDatabaseTrackerClient.mm. (WebCore::WebSQLiteDatabaseTrackerClient::sharedWebSQLiteDatabaseTrackerClient): Make WebSQLiteDatabaseTrackerClient a singleton. (WebCore::WebSQLiteDatabaseTrackerClient::WebSQLiteDatabaseTrackerClient): (WebCore::WebSQLiteDatabaseTrackerClient::~WebSQLiteDatabaseTrackerClient): (WebCore::WebSQLiteDatabaseTrackerClient::willBeginFirstTransaction): Use a utility class WebDatabaseTransactionBackgroundTaskController to schedule database transaction background task. (WebCore::WebSQLiteDatabaseTrackerClient::didFinishLastTransaction): Use WebDatabaseTransactionBackgroundTaskController to stop databas transaction background task. (transactionBackgroundTaskIdentifierLock: Moved from Source/WebKit/mac/Storage/WebDatabaseManager.mm. (setTransactionBackgroundTaskIdentifier): Ditto. (getTransactionBackgroundTaskIdentifier): Ditto. (+[WebDatabaseTransactionBackgroundTaskController startBackgroundTask]): Ditto. (+[WebDatabaseTransactionBackgroundTaskController endBackgroundTask]): Ditto. 2017-02-05 Matthew Hanson Merge r211446. rdar://problem/30273885 2017-01-31 Anders Carlsson Apple Pay button does nothing on nytimes.com https://bugs.webkit.org/show_bug.cgi?id=167664 rdar://problem/30273885 Reviewed by Sam Weinig. Separate line item validation into convertAndValidateTotal and convertAndValidate. The former works on totals (which require an amount), and the latter works on regular line items that do not require an amount if the item type is "pending". * Modules/applepay/ApplePaySession.cpp: (WebCore::convertAndValidateTotal): (WebCore::convertAndValidate): Only check the amount if the type is not pending. (WebCore::ApplePaySession::completeShippingMethodSelection): (WebCore::ApplePaySession::completeShippingContactSelection): (WebCore::ApplePaySession::completePaymentMethodSelection): Call convertAndValidateTotal for totals. 2017-02-05 Matthew Hanson Merge r211455. rdar://problem/30241193 2017-01-31 Chris Dumez com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore::FrameView::didDestroyRenderTree https://bugs.webkit.org/show_bug.cgi?id=167665 Reviewed by Andreas Kling. When destroying a PageCache entry, we would call Document::prepareFromDestruction() which would destroy the render tree and then call FrameView::didDestroyRenderTree(). We would sometimes hit the ASSERT(m_widgetsInRenderTree.isEmpty()) assertion in didDestroyRenderTree(). This indicates that there are still RenderWidgets associated with the FrameView even though we claim we already destroyed the render tree. The reason for this is that, in the PageCache context, the top document's frame is reused on navigation and may not be associated with a new document that is currently displayed, has a render tree (and possible RenderWidgets). The solution proposed is to stop calling FrameView::didDestroyRenderTree() in Document::prepareFromDestruction() if the frame's document is not |this|. This happens when the document is destroyed while in PageCache. We do not want to mess with the frame / frameview in this case since they are no longer associated to the present document anymore. No new tests, already covered by existing tests which currently crash flakily. * dom/Document.cpp: (WebCore::Document::destroyRenderTree): 2017-02-05 Matthew Hanson Merge r211656. rdar://problem/30102568 2017-02-03 Daniel Bates [Mac][WK2] Add SPI to override the Content Security Policy of a page https://bugs.webkit.org/show_bug.cgi?id=167810 Reviewed by Anders Carlsson. * dom/Document.cpp: (WebCore::Document::initSecurityContext): Apply the embedding client's override Content Security Policy to the document if one exists. * loader/FrameLoaderClient.h: Add function overrideContentSecurityPolicy() that a FrameLoaderClient can override to provide a custom Content Security Policy for a document (defaults: null string - no policy). As its name implies, the policy returned by overrideContentSecurityPolicy() will define the Content Security Policy for the document, overriding any subsequently received Content Security Policy for the document. * page/csp/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::copyStateFrom): Only copy policies from the specified ContentSecurityPolicy object if our policy was not specified by the embedding client. (WebCore::ContentSecurityPolicy::didReceiveHeader): Set ContentSecurityPolicy::m_hasAPIPolicy to true when we receive an API policy from the embedding client (ContentSecurityPolicy::PolicyFrom::API). An API policy must be defined before a policy received from a document. Do not process a received header if we already have an API policy as the API policy overrides all other policies. * page/csp/ContentSecurityPolicy.h: 2017-02-02 Matthew Hanson Merge r211541. rdar://problem/30100286 2017-02-01 Simon Fraser [iOS WK2] With visual viewports, a fixed bottom bar can be clipped out when the keyboard is visible https://bugs.webkit.org/show_bug.cgi?id=167710 rdar://problem/30100286 Reviewed by Wenson Hsieh. Add a bit of logging to show when RLC decides to not composite a fixed element which is out of bounds. Test: fast/visual-viewport/ios/bottom-bar-with-keyboard.html * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::requiresCompositingForPosition): 2017-02-02 Matthew Hanson Merge r211471. rdar://problem/30270210 2017-01-31 Wenson Hsieh Regression (Safari 10.1): Pressing Return in a contenteditable no longer inserts a line break under certain conditions https://bugs.webkit.org/show_bug.cgi?id=167525 Reviewed by Ryosuke Niwa. Test: fast/events/input-events-insert-newlines-after-mutation.html Reverts an unintended change made while refactoring code for input events that caused input events to be dispatched immediately rather than on the scoped queue. Normally, input events are dispatched in CompositeEditCommand::apply after the end of the scope, but TypingCommands may fire input events *from within* the scope by calling typingAddedToOpenCommand. Instead, TypingCommands should always dispatch events synchronously after the end of the scoped queue in CompositeEditCommand::apply, but this is a riskier change than we should currently allow, so we should revert to our old behavior for the time being. * editing/Editor.cpp: 2017-02-02 Matthew Hanson Merge r211433. rdar://problem/30091558 2017-01-31 Simon Fraser REGRESSION (r209411): Scrolling to a fragment identifier in overflow:scroll inside position:fixed no longer works https://bugs.webkit.org/show_bug.cgi?id=167630 rdar://problem/30091558 Reviewed by Zalan Bujtas. r209411 added special handling for scrolling inside position:fixed, but cut off all scrolling, breaking overflow:scroll inside position:fixed. Fix by only handling the position:fixed case when we get to the root layer, which is where we scroll the document. Test: fast/overflow/scroll-anchor-in-overflow-in-position-fixed.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::getRectToExpose): 2017-02-01 Matthew Hanson Merge r211502. rdar://problem/30298722 2017-02-01 Brent Fulgham Correct "filesHaveSameVolume" predicate https://bugs.webkit.org/show_bug.cgi?id=167696 Reviewed by David Kilzer. We are passing %-encoded strings to the underlying operating system's file system APIs. This doesn't work. Instead, we need to present a decoded version of the file path that matches what the system APIs expect. Tested by new TestWebKitAPI Test. * platform/FileSystem.cpp: (WebCore::filesHaveSameVolume): Make sure the file paths we give to the underlying operating system are not percent encoded. * platform/FileSystem.h: Export 'filesHaveSameVolume' for use by testing system. 2017-01-31 Matthew Hanson Merge r211387. rdar://problem/29500273 2017-01-30 Simon Fraser [iOS] position:fixed inside touch-scrollable overflow is mispositioned https://bugs.webkit.org/show_bug.cgi?id=167604 rdar://problem/29500273 Reviewed by Zalan Bujtas. For layers inside touch-scrollable overflow, RenderLayerBacking::computeParentGraphicsLayerRect() needs to account for the offset from the ancestor compositing layer's origin, to handle scrollable elements with box-shadow, for example. Also make the compositing log output a little easier to read. Test: compositing/scrolling/fixed-inside-scroll.html * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::computeParentGraphicsLayerRect): * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::logLayerInfo): 2017-01-31 Matthew Hanson Merge r211386. rdar://problem/30204866 2017-01-30 Jer Noble NULL-deref crash at PlatformMediaSession::endInterruption https://bugs.webkit.org/show_bug.cgi?id=167595 Reviewed by Eric Carlson. Use the same, NULL-aware forEachSession() iterator rather than iterating over m_sessions directly. * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::beginInterruption): (WebCore::PlatformMediaSessionManager::endInterruption): 2017-01-31 Matthew Hanson Merge r211337. rdar://problem/30126535 2017-01-28 Zalan Bujtas Resolve beforeChild's render tree position before calling addChildIgnoringContinuation. https://bugs.webkit.org/show_bug.cgi?id=167540 Reviewed by Simon Fraser. Use the actual render tree position for the beforeChild when inside a flow thread. Test: fast/multicol/assert-on-continuation-with-spanner.html * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::addChild): * rendering/RenderInline.cpp: (WebCore::RenderInline::addChild): * rendering/RenderMultiColumnFlowThread.cpp: (WebCore::RenderMultiColumnFlowThread::resolveMovedChild): 2017-01-31 Matthew Hanson Merge r211309. rdar://problem/30240378 2017-01-27 Michael Saboff JSCustomElementInterface::invokeCallback can be called with a null callback because Weak<> https://bugs.webkit.org/show_bug.cgi?id=167522 Reviewed by Filip Pizlo. Added all provided callbacks to the global object with a private name the same way that the constructor was added. This will keep these callbacks from being GC'ed. * bindings/js/JSCustomElementRegistryCustom.cpp: (WebCore::JSCustomElementRegistry::define): 2017-01-31 Matthew Hanson Merge r211305. rdar://problem/29320059 2017-01-27 Simon Fraser Element with a backdrop-filter and a mask may not correctly mask the backdrop https://bugs.webkit.org/show_bug.cgi?id=167456 rdar://problem/29320059 Reviewed by Antoine Quint. If a layer had a backdrop filter, but also corner radii that triggered using a mask layer, then the call to updateClippingStrategy() in GraphicsLayerCA::updateBackdropFiltersRect() would set the backdrop layer's mask, but GraphicsLayerCA::updateMaskLayer() would promptly then set the mask layer back to nil. Fix by having GraphicsLayerCA::updateMaskLayer() put the mask on the structural layer, if there is one. We always have a structural layer with backdrops, so this will mask both the layer and the backdrop. Test: css3/filters/backdrop/backdrop-filter-uneven-corner-radii.html * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::updateMaskLayer): * platform/graphics/mac/WebLayer.mm: (-[CALayer _descriptionWithPrefix:]): Dump the mask layer. 2017-01-31 Matthew Hanson Merge r211249. rdar://problem/29539389 2017-01-26 Jeremy Jones Page should be able to request pointer lock without user gesture if it relinquished it without a user gesture https://bugs.webkit.org/show_bug.cgi?id=167126 Reviewed by Jon Lee. Enabled pointer-lock/locked-element-removed-from-dom.html for WK2. Not enable in WK1 because of https://bugs.webkit.org/show_bug.cgi?id=167127 This change allows a page to lock the pointer again without a user gesture if it was unlocked by the page and not by the user. See https://www.w3.org/TR/2016/REC-pointerlock-20161027/ 5.1 Methods * page/PointerLockController.cpp: When a document acquires pointer lock with a user gesture, that document is allowed to request pointer lock again until the user takes an action to end pointer lock. We know it is a user action because user actions always call requestPointerUnlockAndForceCursorVisible(). When the page requests a pointer unlock (via requestPointerUnlock), that document is allowed to continue to relock the page. This continues until there is either an unlock request form the user via requestPointerUnlockAndForceCursorVisible or a didLosePointerLock without a pointer unlock request. (WebCore::PointerLockController::PointerLockController): (WebCore::PointerLockController::requestPointerLock): (WebCore::PointerLockController::requestPointerUnlock): (WebCore::PointerLockController::requestPointerUnlockAndForceCursorVisible): (WebCore::PointerLockController::elementRemoved): (WebCore::PointerLockController::documentDetached): (WebCore::PointerLockController::didAcquirePointerLock): (WebCore::PointerLockController::didLosePointerLock): (WebCore::PointerLockController::clearElement): * page/PointerLockController.h: 2017-01-31 Matthew Hanson Merge r211240. rdar://problem/30247467b 2017-01-26 Jer Noble Autoplay muted videos stop playback of any streaming app in the background https://bugs.webkit.org/show_bug.cgi?id=163993 Reviewed by Eric Carlson. Added test in TestWebKitAPI, WebKit1.AudioSessionCategoryIOS. Previously, we would set the audio session category to "playback" if there was a media- element-type media session, and if there was a session capable of playing audio. But because this was an "or" operation, we would incorrectly set the category to "playback" if there was a video element incapable of rendering audio (due to being muted, without an audio track, etc.), and also a session capable of producing audio, such as WebAudio. With this change, this turns into an "and" operation; there must be a media element capable of rendering audio in order to switch the audio session category to "playback". Additionally, we no longer cache the value of "canProduceAudio()"; it's queried directly whenever updateSessionState() is called. * Modules/webaudio/AudioContext.cpp: (WebCore::AudioContext::constructCommon): * Modules/webaudio/AudioContext.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::insertedInto): (WebCore::HTMLMediaElement::loadResource): (WebCore::HTMLMediaElement::setMuted): (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): (WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged): (WebCore::HTMLMediaElement::clearMediaPlayer): (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): (WebCore::HTMLMediaElement::presentationType): (WebCore::HTMLMediaElement::characteristics): (WebCore::HTMLMediaElement::canProduceAudio): * html/HTMLMediaElement.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::activeAudioSessionRequired): (WebCore::PlatformMediaSession::canProduceAudio): (WebCore::PlatformMediaSession::canProduceAudioChanged): (WebCore::PlatformMediaSession::setCanProduceAudio): Deleted. * platform/audio/PlatformMediaSession.h: (WebCore::PlatformMediaSessionClient::canProduceAudio): (WebCore::PlatformMediaSession::canProduceAudio): Deleted. * platform/audio/cocoa/MediaSessionManagerCocoa.cpp: (PlatformMediaSessionManager::updateSessionState): 2017-01-31 Matthew Hanson Merge r210217. rdar://problem/30260068 Committed on behalf of Chris Dumez. * bindings/js/JSStorageCustom.cpp: (WebCore::JSStorage::nameGetter): Early-return false if an item has an exception (after propagating it.) 2017-01-27 Ryan Haddad Merge r211285. 2017-01-27 Ryan Haddad Rebaseline bindings tests after r211238. Unreviewed test gardening. * bindings/scripts/test/JS/JSTestDOMJIT.cpp: (WebCore::JSTestDOMJIT::visitChildren): * bindings/scripts/test/JS/JSTestEventTarget.cpp: (WebCore::JSTestEventTarget::visitChildren): * bindings/scripts/test/JS/JSTestNode.cpp: (WebCore::JSTestNode::visitChildren): 2017-01-26 Matthew Hanson Merge r211244. rdar://problem/29956321 2017-01-26 Dean Jackson WebGL content in Safari sticks to GPU that it was started on, sometimes causing extra battery drain and difficulty interacting with UI https://bugs.webkit.org/show_bug.cgi?id=167477 Reviewed by Tim Horton. We were not implementing the recommended approach to properly handle GPU switching, causing some contexts to remain on a GPU and slow down the machine's UI. It also could stop the discrete GPU from turning off. Register for CGL's display reconfiguration notification, so that we can alert any active CGLContexts and cause them to update. The code change here doesn't lend itself to automated testing because it is specific to hardware with multiple GPUs, relies on some separate tools to detect which GPU is active, and an external method of triggering a GPU switch. It's best tested by the manual workflow in Radar. * platform/graphics/GraphicsContext3D.h: Add a macOS-specific update call. * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::displayWasReconfigured): The callback for display reconfigurations. (WebCore::addActiveContext): Helper to keep track of active contexts, so we can register/unregister the callback when necessary. (WebCore::removeActiveContext): (WebCore::GraphicsContext3D::create): Use the new helpers. (WebCore::GraphicsContext3D::~GraphicsContext3D): (WebCore::GraphicsContext3D::updateCGLContext): Tell the CGLContextRef to update. 2017-01-26 Matthew Hanson Merge r211242. rdar://problem/29957753 2017-01-26 Commit Queue Unreviewed, rolling out r210328. https://bugs.webkit.org/show_bug.cgi?id=167476 Blocking bug is fixed (Requested by keith_miller on #webkit). Reverted changeset: "Disable smooth playhead animation for main content media in the Touch Bar" https://bugs.webkit.org/show_bug.cgi?id=166715 http://trac.webkit.org/changeset/210328 2017-01-26 Matthew Hanson Merge r211241. rdar://problem/30099051 2017-01-26 Joseph Pecoraro Web Inspector: iOS: Memory timeline shows impossible values for Page size (underflowed) https://bugs.webkit.org/show_bug.cgi?id=167468 Reviewed by Andreas Kling. * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::vmPageSize): This value matches the sysctl value we were attempting to access, and is the most appropriate when dealing with mach APIs, as we are using here. 2017-01-26 Matthew Hanson Merge r211235. rdar://problem/30058933 2017-01-26 Jeremy Jones Pointer lock events should be delivered directly to the target element https://bugs.webkit.org/show_bug.cgi?id=167134 Reviewed by Jon Lee. pointer-lock/mouse-event-delivery.html: Enabled for mac, added wheel event tests. When pointer is locked on an element, route mouse events directly to the target element, instead of doing the normal event disptach. * page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): (WebCore::EventHandler::handleMouseDoubleClickEvent): (WebCore::EventHandler::handleMouseMoveEvent): (WebCore::EventHandler::handleMouseReleaseEvent): (WebCore::EventHandler::handleMouseForceEvent): (WebCore::EventHandler::handleWheelEvent): * page/PointerLockController.cpp: (WebCore::PointerLockController::isLocked): Added. (WebCore::PointerLockController::dispatchLockedWheelEvent): Added. * page/PointerLockController.h: 2017-01-26 Matthew Hanson Merge r211233. rdar://problem/30220959 2017-01-26 Chris Dumez Fix CPU / Memory diagnostic logging in PerformanceMonitor https://bugs.webkit.org/show_bug.cgi?id=167469 Reviewed by Alex Christensen. Fix CPU / Memory diagnostic logging in PerformanceMonitor to use logDiagnosticMessage() instead of logDiagnosticMessageWithValue(). logDiagnosticMessageWithValue() should only be used with numeric values but we already take care of the bucketing on our side. * page/DiagnosticLoggingClient.h: * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::postPageBackgroundingCPUUsageKey): (WebCore::DiagnosticLoggingKeys::postPageBackgroundingMemoryUsageKey): (WebCore::DiagnosticLoggingKeys::postPageLoadCPUUsageKey): (WebCore::DiagnosticLoggingKeys::postPageLoadMemoryUsageKey): (WebCore::DiagnosticLoggingKeys::foregroundCPUUsageToDiagnosticLoggingKey): (WebCore::DiagnosticLoggingKeys::backgroundCPUUsageToDiagnosticLoggingKey): (WebCore::DiagnosticLoggingKeys::postPageBackgroundingKey): Deleted. (WebCore::DiagnosticLoggingKeys::postPageLoadKey): Deleted. (WebCore::DiagnosticLoggingKeys::memoryUsageKey): Deleted. * page/DiagnosticLoggingKeys.h: * page/PerformanceMonitor.cpp: (WebCore::PerformanceMonitor::measurePostLoadCPUUsage): (WebCore::PerformanceMonitor::measurePostLoadMemoryUsage): (WebCore::PerformanceMonitor::measurePostBackgroundingMemoryUsage): (WebCore::PerformanceMonitor::measurePostBackgroundingCPUUsage): 2017-01-26 Matthew Hanson Merge r211231. rdar://problem/30217518 2017-01-26 Brady Eidson Gamepads: Some DPads are still not exposed in the HID backend. rdar://problem/30217518 and https://bugs.webkit.org/show_bug.cgi?id=167465 Reviewed by Alex Christensen. No new tests (Currently unable to test HID backend directly) * platform/gamepad/mac/HIDGamepad.cpp: (WebCore::HIDGamepad::maybeAddButton): Allow GenericDesktop paged elements that are DPads to be buttons. 2017-01-26 Matthew Hanson Merge r211230. rdar://problem/30009849 2017-01-26 Commit Queue Unreviewed, rolling out r210095. https://bugs.webkit.org/show_bug.cgi?id=167464 broke tiling on mac (Requested by thorton on #webkit). Reverted changeset: "TileGrid revalidates tiles twice during flush, first with wrong visible rect" https://bugs.webkit.org/show_bug.cgi?id=166406 http://trac.webkit.org/changeset/210095 2017-01-26 Matthew Hanson Merge r211229. rdar://problem/30216981 2017-01-26 Chris Dumez Fix WebGL diagnostic logging https://bugs.webkit.org/show_bug.cgi?id=167463 Reviewed by Alex Christensen. Fix WebGL diagnostic logging so that it no longer uses logDiagnosticMessageWithValue(). This is because the value apparently needs to be numeric on Mac. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::checkForContextLossHandling): * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::pageHandlesWebGLContextLossKey): (WebCore::WebCore::DiagnosticLoggingKeys::webGLStateKey): (WebCore::DiagnosticLoggingKeys::stateKey): Deleted. (WebCore::DiagnosticLoggingKeys::handlesContextLossKey): Deleted. (WebCore::WebCore::DiagnosticLoggingKeys::webGLKey): Deleted. * page/DiagnosticLoggingKeys.h: 2017-01-26 Matthew Hanson Merge r211220. rdar://problem/29578619 2017-01-26 Brady Eidson Gamepad support shows wrong values for PS4 controllers (D-pad is missing). and https://bugs.webkit.org/show_bug.cgi?id=165588 Reviewed by Alex Christensen. No new tests (Currently unable to test HID backend directly) DPads report their HID type as "a button", but their HID usage is "Hatswitch". This patch adds a new element type that maps a "hatswitch" value to 4 additional buttons. * platform/gamepad/mac/HIDGamepad.cpp: (WebCore::HIDGamepad::initElements): (WebCore::HIDGamepad::initElementsFromArray): (WebCore::HIDGamepad::maybeAddButton): (WebCore::HIDGamepad::maybeAddDPad): (WebCore::HIDGamepad::maybeAddAxis): (WebCore::fillInButtonValues): (WebCore::HIDGamepad::valueChanged): * platform/gamepad/mac/HIDGamepad.h: (WebCore::HIDGamepadElement::isDPad): (WebCore::HIDGamepadDPad::HIDGamepadDPad): (WebCore::HIDGamepadDPad::normalizedValue): 2017-01-26 Matthew Hanson Merge r211201. rdar://problem/30134866 2017-01-25 Ryosuke Niwa Crash under DOMSelection::deleteFromDocument() https://bugs.webkit.org/show_bug.cgi?id=167232 Reviewed by Chris Dumez. The crash was caused by DOMSelection's deleteFromDocument() mutating contents inside the user-agent shadow tree of an input element when the text field is readonly. Fixed the bug by exiting early whenever the selection is inside a shadow tree since getSelection().getRangeAt(0) always returns a range outside the input element or any shadow tree for that matter. New behavior matches that of Gecko. The working draft spec of which I'm the editor states that deleteFromDocument() must invoke Range's deleteContents() on the associated range, which is the collapsed range returned by getSelection().getRangeAt(0) in the spec: https://www.w3.org/TR/2016/WD-selection-api-20160921/#widl-Selection-deleteFromDocument-void And Range's deleteContents() immediately terminates in step 1 when start and end are identical: https://dom.spec.whatwg.org/commit-snapshots/6b7621282c2e3b222ac585650e484abf4c0a416b/ Note that Range's DOM mutating methods are not available inside an user-agent shadow tree because WebKit never returns a Range whose end boundary points are inside the tree to author scripts. Editing commands (ones executable from document.execCommand) that mutate DOM like this check whether the content is editable or not. Since VisibleSelection's validate() function makes sure the selection is either entirely within or outside of an root editable element (editing host in the W3C spec lingo), editing commands should never mutate a random node inside an user-agent shadow tree. Test: editing/selection/deleteFromDocument-shadow-tree-crash.html * page/DOMSelection.cpp: (WebCore::DOMSelection::deleteFromDocument): 2017-01-26 Matthew Hanson Merge r211238. rdar://problem/30216742 2017-01-26 Filip Pizlo EventTarget should visit the JSEventListeners using visitAdditionalChildren https://bugs.webkit.org/show_bug.cgi?id=167462 Reviewed by Michael Saboff. No new tests because this is already caught by existing testing. This would show up as ASSERTs in debug, and we suspect it might be at fault for null deref crashes. Previously, EventTarget would have its event listeners visited by its subclasses' visitChildren methods. Every subclass of EventTarget would call EventTarget's visitJSEventListeners. For example, this means that if JSFoo has seven classes between it and JSEventTarget in the JSCell class hierarchy, then JSFoo::visitChildren would end up calling visitJSEventListeners seven extra times. Also, the weird way that visitJSEventListeners was called meant that it was not part of the GC's output constraint processing. This meant that it would not be called when the GC tried to terminate. So, if something about the event listener changes during a GC cycle, the GC would potentially fail to mark one of the references. Both problems can be solved by simply moving the call to visitJSEventListeners into visitAdditionalChildren. * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::visitAdditionalChildren): * bindings/js/JSEventTargetCustom.cpp: (WebCore::JSEventTarget::visitAdditionalChildren): * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): * dom/EventTarget.idl: 2017-01-26 Andreas Kling Branch-specific fix for a crash seen after merging r201777. Reviewed by Andy Estes. Add null checking of the FrameView in Document::destroyRenderTree() before calling functions on it. This is not necessary in trunk, as the FrameView is guaranteed to be present there. FrameView can be missing on the branch, since render trees for page cached documents are destroyed when leaving the page cache, not when entering it (trunk behavior.) When leaving the page cache, the FrameView is already detached, hence the bug. * dom/Document.cpp: (WebCore::Document::destroyRenderTree): 2017-01-25 Matthew Hanson Merge r211151. rdar://problem/30171195 2017-01-25 Chris Dumez Measure how common it is for content to deal with WebGL context loss https://bugs.webkit.org/show_bug.cgi?id=166866 Reviewed by Alex Christensen. Add diagnostic logging to measure how common it is for sites to handle WebGL context loss via the webglcontextlost & webglcontextrestored events. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): (WebCore::WebGLRenderingContextBase::checkForContextLossHandling): * html/canvas/WebGLRenderingContextBase.h: * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::noKey): (WebCore::DiagnosticLoggingKeys::yesKey): (WebCore::DiagnosticLoggingKeys::handlesContextLossKey): * page/DiagnosticLoggingKeys.h: 2017-01-25 Matthew Hanson Merge 210777. rdar://problem/30186526 2017-01-15 Andreas Kling FrameView shouldn't keep dangling pointers into dead render trees. Reviewed by Antti Koivisto. Added some pretty paranoid assertions to FrameView that verify all of its raw pointers into the render tree are gone after the render tree has been destroyed. They immediately caught two bugs, also fixed in this patch. * page/FrameView.h: * page/FrameView.cpp: (WebCore::FrameView::willDestroyRenderTree): (WebCore::FrameView::didDestroyRenderTree): Added these two callbacks for before/after Document tears down its render tree. The former clears the layout root, and detaches custom scrollbars. The latter contains a bunch of sanity assertions that pointers into the now-destroyed render tree are gone. * dom/Document.cpp: (WebCore::Document::destroyRenderTree): Notify FrameView before/after teardown. * page/animation/AnimationController.h: * page/animation/AnimationController.cpp: (WebCore::AnimationController::hasAnimations): Added a helper to check if there are any composite animations around, as these contain raw pointers to renderers. * rendering/RenderElement.cpp: (WebCore::RenderElement::willBeRemovedFromTree): (WebCore::RenderElement::willBeDestroyed): Moved slow repaint object unregistration from willBeRemovedFromTree() to willBeDestroyed(). The willBeRemovedFromTree() callback is skipped as an optimization during full tree teardown, but willBeDestroyed() always gets called. This fixes a bug where we'd fail to remove dangling pointers. 2017-01-25 Matthew Hanson Merge r211126. rdar://problem/30174873 2017-01-24 Simon Fraser [iOS WK2] Avoid IOSurface readback for snapshot creation https://bugs.webkit.org/show_bug.cgi?id=167397 rdar://problem/30174873 Reviewed by Tim Horton. Export sinkIntoImage(). * platform/graphics/cocoa/IOSurface.h: 2017-01-25 Matthew Hanson Merge r211120. rdar://problem/30151767 2017-01-24 Andreas Kling Add memory footprint reporting using diagnostic logging. Reviewed by Chris Dumez. Add some basic logging of physical memory footprint post-load and post-backgrounding. The logging works similarly to the CPU usage logging, though with slightly longer delays to allow the measurement to stabilize. * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::memoryUsageKey): (WebCore::DiagnosticLoggingKeys::memoryUsageToDiagnosticLoggingKey): * page/DiagnosticLoggingKeys.h: * page/PerformanceLogging.cpp: (WebCore::PerformanceLogging::physicalFootprint): * page/PerformanceLogging.h: * page/PerformanceMonitor.cpp: (WebCore::PerformanceMonitor::PerformanceMonitor): (WebCore::PerformanceMonitor::didFinishLoad): (WebCore::PerformanceMonitor::activityStateChanged): (WebCore::PerformanceMonitor::measurePostLoadMemoryUsage): (WebCore::PerformanceMonitor::measurePostBackgroundingMemoryUsage): * page/PerformanceMonitor.h: * page/Settings.h: (WebCore::Settings::isPostLoadMemoryUsageMeasurementEnabled): (WebCore::Settings::isPostBackgroundingMemoryUsageMeasurementEnabled): * page/cocoa/PerformanceLoggingCocoa.mm: (WebCore::PerformanceLogging::physicalFootprint): 2017-01-25 Matthew Hanson Merge r211125. rdar://problem/30074665 2017-01-24 Brent Fulgham Bug 167392: REGRESSION(r210531): Relax same-volume display requirement for iOS https://bugs.webkit.org/show_bug.cgi?id=167392 Reviewed by Brady Eidson. * page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::canDisplay): Exclude the new check when building on iOS. 2017-01-25 Matthew Hanson Merge r211137. rdar://problem/29896656 2017-01-24 Alex Christensen REGRESSION (r208902): URLWithUserTypedString returns nil with file URLs https://bugs.webkit.org/show_bug.cgi?id=167402 Reviewed by Ryosuke Niwa. Covered by a new API test. * platform/mac/WebCoreNSURLExtras.mm: (WebCore::mapHostNameWithRange): uidna_IDNToASCII succeeds when length is 0. uidna_nameToASCII fails when length is 0. This causes bad things to happen with file URLs, which have no host, so their host length is 0. This makes us match behavior before r208902. 2017-01-25 Dean Jackson Disable Variation fonts on this branch. * Configurations/FeatureDefines.xcconfig: 2017-01-25 Matthew Hanson Merge r211114. rdar://problem/29857388 2017-01-24 Anders Carlsson When Safari reloads pages with Flash objects after Flash is installed, placeholders don't paint (but do work!) https://bugs.webkit.org/show_bug.cgi?id=167391 rdar://problem/29857388 Reviewed by Sam Weinig. * page/Page.cpp: (WebCore::Page::refreshPlugins): Remove an unused variable. * plugins/PluginInfoProvider.cpp: (WebCore::PluginInfoProvider::refresh): Make sure to call refreshPlugins(). Instead of reloading subframes, just reload all the main frames with subframes that contain plug-ins. 2017-01-25 Matthew Hanson Merge r211052. rdar://problem/29857388 2017-01-20 Anders Carlsson When Safari reloads pages with Flash objects after Flash is installed, placeholders don't paint (but do work!) https://bugs.webkit.org/show_bug.cgi?id=167268 rdar://problem/29857388 Reviewed by Sam Weinig. * page/Page.cpp: (WebCore::Page::refreshPlugins): Call PluginInfoProvider::refresh instead. (WebCore::Page::clearPluginData): Add new setter. * page/Page.h: Declare new members. * plugins/PluginInfoProvider.cpp: (WebCore::PluginInfoProvider::refresh): Put the logic to clear plug-in data and reload frames here. * plugins/PluginInfoProvider.h: Add new members. 2017-01-24 Matthew Hanson Merge r211067. rdar://problem/29319962 2017-01-23 Alex Christensen URLParser should fail to parse percent-encoded invalid UTF-8 sequences https://bugs.webkit.org/show_bug.cgi?id=167330 Reviewed by Tim Horton. Covered by new API tests. * platform/URLParser.cpp: (WebCore::containsOnlyASCII): (WebCore::URLParser::parseHostAndPort): If UTF-8 decoding fails after percent-decoding the host, fail to parse. This matches Chrome and Firefox, and it was proposed to the spec in https://github.com/whatwg/url/issues/215 2017-01-24 Matthew Hanson Merge r211058. rdar://problem/29526875 2017-01-23 Alex Christensen Make URLs with non-special schemes and a query or fragment but no slash after the host more compatible https://bugs.webkit.org/show_bug.cgi?id=167317 Reviewed by Sam Weinig. This is currently being added to the URL spec in https://github.com/whatwg/url/issues/212 Covered by new API tests. * platform/URLParser.cpp: (WebCore::URLParser::parse): Only add a slash if there wasn't one if the URL has a special scheme. This new behavior matches the old behavior of URL::parse. 2017-01-24 Matthew Hanson Merge r211045. rdar://problem/29486368 2017-01-23 Jer Noble REGRESSION (r208149): Video details does not apear and missing scrubber in Control Center https://bugs.webkit.org/show_bug.cgi?id=167233 Reviewed by Alex Christensen. Test: In TestWebKitAPI, NowPlayingControlsTests.NowPlayingControlsIOS In r208149, we introduced a new media type, Video, and renamed the old type to VideoAudio (to be able to distinguish between video-with-audio and silent-video). But we missed one place where that type needs to be renamed. For testing purposes, overload methods from PlatformMediaSessionManager which WebKit2 uses to report the current now playing session and it's information. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): (WebCore::MediaSessionManageriOS::updateNowPlayingInfo): 2017-01-24 Matthew Hanson Merge r211028. rdar://problem/30060378 2017-01-20 Dean Jackson [WebGL] Do not allow GPU muxing on some old Mac hardware https://bugs.webkit.org/show_bug.cgi?id=167259 Reviewed by Simon Fraser and Darin Adler. Some old Macbook Pro models should never use the integrated GPU for WebGL, because they are unstable when swapping between that and the discrete GPU. Unfortunately this hardware configuration isn't in our testing infrastructure, so it was confirmed manually. Meanwhile, our existing tests make sure this patch doesn't break anything elsewhere. * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::attachToAppleGraphicsControl): Helper function to get a mach port that talks to Apple's Graphics Control system. (WebCore::hasMuxCapability): Decides whether a system can do live GPU switching, based on whether or not it has a muxable GPU, and if that GPU is not the old hardware we know is problematic. (WebCore::hasMuxableGPU): Helper to return the static hasMuxCapability value. (WebCore::setPixelFormat): Only request the integrated card when the GPU is muxable. 2017-01-24 Matthew Hanson Merge r211007. rdar://problem/28620919 2017-01-20 Brady Eidson Require a button press on a gamepad for them to be exposed to the DOM. and https://bugs.webkit.org/show_bug.cgi?id=167272 Reviewed by Alex Christensen. Test: gamepad/gamepad-visibility-1.html * Modules/gamepad/GamepadManager.cpp: (WebCore::GamepadManager::platformGamepadInputActivity): * Modules/gamepad/GamepadManager.h: * platform/gamepad/GamepadProvider.cpp: (WebCore::GamepadProvider::dispatchPlatformGamepadInputActivity): * platform/gamepad/GamepadProvider.h: (WebCore::GamepadProvider::~GamepadProvider): Deleted. (WebCore::GamepadProvider::isMockGamepadProvider): Deleted. * platform/gamepad/GamepadProviderClient.h: * platform/gamepad/cocoa/GameControllerGamepad.h: * platform/gamepad/cocoa/GameControllerGamepad.mm: (WebCore::GameControllerGamepad::setupAsExtendedGamepad): (WebCore::GameControllerGamepad::setupAsGamepad): * platform/gamepad/cocoa/GameControllerGamepadProvider.h: * platform/gamepad/cocoa/GameControllerGamepadProvider.mm: (WebCore::GameControllerGamepadProvider::gamepadHadInput): (WebCore::GameControllerGamepadProvider::inputNotificationTimerFired): * platform/gamepad/mac/HIDGamepad.cpp: (WebCore::HIDGamepad::valueChanged): * platform/gamepad/mac/HIDGamepad.h: * platform/gamepad/mac/HIDGamepadProvider.cpp: (WebCore::HIDGamepadProvider::valuesChanged): (WebCore::HIDGamepadProvider::inputNotificationTimerFired): * platform/gamepad/mac/HIDGamepadProvider.h: * testing/MockGamepadProvider.cpp: (WebCore::MockGamepadProvider::setMockGamepadButtonValue): (WebCore::MockGamepadProvider::gamepadInputActivity): * testing/MockGamepadProvider.h: 2017-01-20 Matthew Hanson Merge r210951. rdar://problem/29562247 2017-01-19 Said Abou-Hallawa REGRESSION(r206156): Animated images are repeated one extra iteration than the value which is saved in the image file https://bugs.webkit.org/show_bug.cgi?id=167174 Reviewed by Simon Fraser. Before r206156, BitmapImage::repetitionCount() used to return zero for the case loopCount = 1, -1 for loopCount = Infinity and loopCount for all other cases. Having repetitionCount() return zero for loopCount = 1 makes the condition if (++m_repetitionsComplete > repetitionCount()) break the animation loop after one iteration. But it was wrong for all loopCount > 1. It was causing an extra iteration to be played for the animated image. After r206156, BitmapImage::repetitionCount() returns loopCount for all cases loopCount != Infinity. Keeping the same condition causes the extra iteration to be played even for loopCount = 1. Test: fast/images/animated-image-loop-count.html * platform/graphics/BitmapImage.cpp: (WebCore::BitmapImage::internalStartAnimation): 2017-01-20 Matthew Hanson Merge r210949. rdar://problem/30108531 2017-01-19 Chris Dumez iterable<> should be enabled on WK1 https://bugs.webkit.org/show_bug.cgi?id=167221 Reviewed by Youenn Fablet. * Modules/fetch/FetchHeaders.idl: * bindings/scripts/test/JS/JSTestNode.cpp: (WebCore::JSTestNodePrototype::finishCreation): * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObjPrototype::finishCreation): * bindings/scripts/test/TestNode.idl: * bindings/scripts/test/TestObj.idl: * css/FontFaceSet.idl: * dom/NodeList.idl: 2017-01-20 Matthew Hanson Merge r210945. rdar://problem/28745101 2017-01-19 Jer Noble CRASH at WebCore::TrackListBase::remove https://bugs.webkit.org/show_bug.cgi?id=167217 Reviewed by Brent Fulgham. Test: media/media-source/media-source-error-crash.html In very specific conditions, a HTMLMediaElement backed by a MediaSource can try to remove the same track from its track list twice. If there are two SourceBuffers attached to a HTMLMediaElement, and one has not yet been initialized, when the second fails to parse an appended buffer after receiving an initialization segment, the HTMLMediaElement will remove all its tracks in mediaLoadingFailed(), then MediaSource object itself will attempt remove the same track in removeSourceBuffer(). Solving this the safest way possible: bail early from TrackListBase if asked to remove a track which the list does not contain. * html/track/TrackListBase.cpp: (TrackListBase::remove): 2017-01-20 Matthew Hanson Merge r210936. rdar://problem/30058349 2017-01-19 Chris Dumez Implement per activity state CPU usage reporting using diagnostic logging https://bugs.webkit.org/show_bug.cgi?id=167163 Reviewed by Andreas Kling. Implement per activity state CPU usage reporting using diagnostic logging. * WebCore.xcodeproj/project.pbxproj: * page/ActivityState.h: * page/ChromeClient.h: * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::nonVisibleStateKey): (WebCore::DiagnosticLoggingKeys::visibleNonActiveStateKey): (WebCore::DiagnosticLoggingKeys::visibleAndActiveStateKey): (WebCore::DiagnosticLoggingKeys::foregroundCPUUsageToDiagnosticLogginKey): (WebCore::DiagnosticLoggingKeys::backgroundCPUUsageToDiagnosticLogginKey): * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::isUtilityPageChromeClient): (WebCore::Page::Page): (WebCore::Page::~Page): (WebCore::Page::didStartProvisionalLoad): (WebCore::Page::didFinishLoad): (WebCore::Page::isUtilityPage): (WebCore::Page::setActivityState): (WebCore::Page::setIsVisibleInternal): * page/Page.h: (WebCore::Page::activityState): (WebCore::Page::isUtilityPage): * page/PerformanceMonitor.cpp: Added. (WebCore::activityStateForCPUSampling): (WebCore::PerformanceMonitor::PerformanceMonitor): (WebCore::PerformanceMonitor::didStartProvisionalLoad): (WebCore::PerformanceMonitor::didFinishLoad): (WebCore::PerformanceMonitor::activityStateChanged): (WebCore::PerformanceMonitor::measurePostLoadCPUUsage): (WebCore::PerformanceMonitor::measurePostBackgroundingCPUUsage): (WebCore::PerformanceMonitor::measurePerActivityStateCPUUsage): (WebCore::stringForCPUSamplingActivityState): (WebCore::PerformanceMonitor::measureCPUUsageInActivityState): * page/PerformanceMonitor.h: Copied from Source/WebCore/page/ActivityState.h. * page/Settings.cpp: * page/Settings.h: (WebCore::Settings::isPostLoadCPUUsageMeasurementEnabled): (WebCore::Settings::isPostBackgroundingCPUUsageMeasurementEnabled): (WebCore::Settings::isPerActivityStateCPUUsageMeasurementEnabled): 2017-01-20 Matthew Hanson Merge r210473. rdar://problem/29204422 2017-01-06 Jer Noble Crash in WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sizeWillChangeAtTime(const MediaTime&, const FloatSize&)::block_invoke https://bugs.webkit.org/show_bug.cgi?id=166738 Reviewed by Eric Carlson. AVFoundation can potentially call the same boundary time observer multiple times, and in that case, it's possible that the observer queue will be empty when we attempt to remove the first item from the queue. There's an ASSERT() in Deque for this case, but we need to explicitly protect against this case. Drive-by fix: Explicitly unregister the observer before releasing it. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::sizeWillChangeAtTime): 2017-01-20 Matthew Hanson Merge r210939. rdar://problem/29885052 2017-01-19 Chris Dumez Make sure HTML validation bubble gets dismissed when its associated element's frame gets detached https://bugs.webkit.org/show_bug.cgi?id=167215 Reviewed by Andreas Kling. Make sure HTML validation bubble gets dismissed when its associated element's frame gets detached and that we do not crash. Tests: fast/forms/validation-message-detached-iframe.html fast/forms/validation-message-detached-iframe2.html * dom/Document.cpp: (WebCore::Document::prepareForDestruction): * page/ValidationMessageClient.h: 2017-01-18 Matthew Hanson Merge r210888. rdar://problem/30068195 2017-01-18 Michael Catanzaro REGRESSION(r210531): Broke local resource loads from custom local protocols https://bugs.webkit.org/show_bug.cgi?id=167058 Reviewed by Brent Fulgham. Allow local protocols to access resources on different volumes unless the protocol is "file". * page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::canDisplay): 2017-01-18 Matthew Hanson Merge r210862. rdar://problem/30055009 2017-01-18 Youenn Fablet [Streams API] ReadableStream generic reader constructor does not need to call ReadableStream getReader https://bugs.webkit.org/show_bug.cgi?id=167137 Reviewed by Xabier Rodriguez-Calvar. Test: streams/shadowing-getReader.html * bindings/js/JSReadableStreamPrivateConstructors.cpp: (WebCore::constructJSReadableStreamDefaultReader): Using private constructor instead of getReader. 2017-01-18 Matthew Hanson Merge r210860. rdar://problem/30080035 2017-01-18 Youenn Fablet Reject fetch promise in case of ReadableStream upload https://bugs.webkit.org/show_bug.cgi?id=167145 Reviewed by Alex Christensen. Covered by rebased tests. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::extract): Storing the fact that body data is represented as a ReadableStream. * Modules/fetch/FetchBody.h: (WebCore::FetchBody::isReadableStream): * Modules/fetch/FetchRequest.h: * Modules/fetch/FetchResponse.cpp: (WebCore::FetchResponse::fetch): Rejecting if request body data is a ReadableStream. 2017-01-18 Matthew Hanson Merge r210774. rdar://problem/30019773 2017-01-14 Chris Dumez Report CPU usage of tabs after they become non-visible using diagnostic logging https://bugs.webkit.org/show_bug.cgi?id=167019 Reviewed by Darin Adler. Report CPU usage of tabs after they become non-visible using diagnostic logging. We start measure CPU usage 5 seconds after a tab goes to the background, for 5 minutes and report how much CPU the tab used during those 5 minutes. We will not log if the tab gets closed or moved to the foreground during those 5 minutes. * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::postPageBackgroundingKey): * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::Page::Page): (WebCore::Page::didStartProvisionalLoad): (WebCore::Page::didFinishLoad): (WebCore::foregroundCPUUsageToDiagnosticLogginKey): (WebCore::Page::measurePostLoadCPUUsage): (WebCore::backgroundCPUUsageToDiagnosticLogginKey): (WebCore::Page::measurePostBackgroundingCPUUsage): (WebCore::Page::setIsVisibleInternal): * page/Page.h: * page/Settings.cpp: (WebCore::Settings::isPostBackgroundingCPUUsageMeasurementEnabled): * page/Settings.h: 2017-01-18 Matthew Hanson Merge r210733. rdar://problem/30014496 2017-01-13 Chris Dumez Report post-page load CPU usage using diagnostic logging https://bugs.webkit.org/show_bug.cgi?id=166950 Reviewed by Alex Christensen. Shortly after page load (5 seconds), we measure the WebContent process' CPU usage over 10 seconds and report the percentage back via release logging. We also log the percentage using diagnostic logging using the following buckets: - Below 10% - 10 to 20% - 20 to 40% - 60 to 80% - Over 80% The logging works on both Mac and iOS. I verified that I get results consistent with Activity Monitor or top. No new tests, no Web-facing behavior change, only extra logging. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * loader/FrameLoader.cpp: (WebCore::FrameLoader::checkLoadCompleteForThisFrame): * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::postPageLoadKey): (WebCore::DiagnosticLoggingKeys::cpuUsageKey): * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::Page::Page): (WebCore::Page::didFinishLoad): (WebCore::cpuUsageToDiagnosticLogginKey): (WebCore::Page::measurePostLoadCPUUsage): * page/Page.h: * page/Settings.cpp: (WebCore::Settings::isPostLoadCPUUsageMeasurementEnabled): * page/Settings.h: * platform/CPUTime.cpp: Added. (WebCore::getCPUTime): (WebCore::CPUTime::percentageCPUUsageSince): * platform/CPUTime.h: Added. * platform/cocoa/CPUTimeCocoa.mm: Added. (WebCore::timeValueToMicroseconds): (WebCore::getCPUTime): 2017-01-18 Matthew Hanson Merge r210762. rdar://problem/29883469 2017-01-13 Alex Christensen Fix WinCairo build after r210753. https://bugs.webkit.org/show_bug.cgi?id=166730 * platform/WebGLStateTracker.h: WTF::Function apparently needs to explicitly be differentiated from JSC::Attribute Function in PropertySlot.h. 2017-01-18 Matthew Hanson Merge r210753. rdar://problem/29883469 2017-01-13 Chris Dumez [WK2] Add diagnostic logging to measure WebGL usage https://bugs.webkit.org/show_bug.cgi?id=166730 Reviewed by Alex Christensen. Add diagnostic logging to measure high performance WebGL usage. We report at regular intervals in which WebGL state Safari is: - Inactive - ActiveInForegroundTab - ActiveInBackgroundTabOnly This should give us an estimate of: - What % of the time is Safari using high performance graphics - What % of this time is only due to background tabs No new tests, no Web-facing behavior change. * WebCore.xcodeproj/project.pbxproj: * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::create): (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): (WebCore::WebGLRenderingContextBase::registerWithWebGLStateTracker): * html/canvas/WebGLRenderingContextBase.h: * page/DiagnosticLoggingKeys.cpp: (WebCore::DiagnosticLoggingKeys::inactiveKey): (WebCore::DiagnosticLoggingKeys::activeInForegroundTabKey): (WebCore::DiagnosticLoggingKeys::activeInBackgroundTabOnlyKey): (WebCore::DiagnosticLoggingKeys::stateKey): (WebCore::WebCore::DiagnosticLoggingKeys::webGLKey): * page/DiagnosticLoggingKeys.h: * page/Page.cpp: (WebCore::Page::Page): * page/Page.h: (WebCore::Page::webGLStateTracker): * page/PageConfiguration.cpp: * page/PageConfiguration.h: * platform/WebGLStateTracker.cpp: Copied from Source/WebCore/platform/graphics/GraphicsContext3DAttributes.h. (WebCore::WebGLStateTracker::WebGLStateTracker): (WebCore::m_stateChangeHandler): (WebCore::WebGLStateTracker::updateWebGLState): * platform/WebGLStateTracker.h: Copied from Source/WebCore/platform/graphics/GraphicsContext3DAttributes.h. * platform/graphics/GraphicsContext3DAttributes.h: 2017-01-18 Matthew Hanson Merge r210748. rdar://problem/27745030 2017-01-13 Jer Noble Use a strong reference when calling callOnMainThread to schedule events in AudioScheduledSourceNode. https://bugs.webkit.org/show_bug.cgi?id=166983 Reviewed by Brent Fulgham. * Modules/webaudio/AudioScheduledSourceNode.cpp: (WebCore::AudioScheduledSourceNode::finish): * Modules/webaudio/AudioScheduledSourceNode.h: 2017-01-18 Matthew Hanson Merge r210831. rdar://problem/29057611 2017-01-17 Zalan Bujtas Editing nested RTL-LTR content makes the process unresponsive. https://bugs.webkit.org/show_bug.cgi?id=167140 rdar://problem/29057611 Reviewed by Ryosuke Niwa. Break out of the loop if we keep coming back to the same position. This is a workaround for the underlying editing/position bug -> webkit.org/b/167138. Test: editing/rtl-to-ltr-editing-word-move-spin.html * editing/VisibleUnits.cpp: (WebCore::visualWordPosition): 2017-01-18 Matthew Hanson Merge r210795. rdar://problem/24457632 2017-01-16 Antti Koivisto CrashTracer: com.apple.WebKit.WebContent at JavaScriptCore: WTF::StringImpl::containsOnlyWhitespace https://bugs.webkit.org/show_bug.cgi?id=167106 Reviewed by Tim Horton. Speculative fix. * editing/cocoa/DataDetection.mm: (WebCore::DataDetection::detectContentInRange): Test before casting to Text. 2017-01-18 Matthew Hanson Merge r210750. rdar://problem/29995070 2017-01-13 Brent Fulgham Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow https://bugs.webkit.org/show_bug.cgi?id=167030 Reviewed by Dean Jackson. Correct DOMWindow::scrollTo to match all other functions in the class so that the it checks that the current frame is valid before attempting to use it. * page/DOMWindow.cpp: (WebCore::DOMWindow::scrollTo): 2017-01-18 Matthew Hanson Merge r210727. rdar://problem/29668223 2017-01-12 Tim Horton Keyboard accessory bar can appear on top of full-screen video https://bugs.webkit.org/show_bug.cgi?id=166902 Reviewed by Darin Adler. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Increase the full-screen video window level to one above the keyboard, to ensure that the video is never obscured by the keyboard or its accessory views. 2017-01-18 Matthew Hanson Merge r210844. rdar://problem/29993906 2017-01-16 Filip Pizlo Make opaque root scanning truly constraint-based https://bugs.webkit.org/show_bug.cgi?id=165760 Reviewed by Geoffrey Garen. No new tests yet. I think that writing tests for this is a big investigation: https://bugs.webkit.org/show_bug.cgi?id=165808 Remove the previous advancing wavefront DOM write barrier. I don't think this will scale very well. It's super confusing. This change makes it so that visitAdditionalChildren can become a GC constraint that executes as part of the fixpoint. This changes all WebCore visitAdditionalChildren into output constraints by using new JSC API for Subspaces and MarkingConstraints. * ForwardingHeaders/heap/MarkedAllocatorInlines.h: Added. * ForwardingHeaders/heap/MarkedBlockInlines.h: Added. * ForwardingHeaders/heap/MarkingConstraint.h: Added. * ForwardingHeaders/heap/SubspaceInlines.h: Added. * ForwardingHeaders/heap/VisitingTimeout.h: Added. * WebCore.xcodeproj/project.pbxproj: * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): (WebCore::writeBarrierOpaqueRootSlow): Deleted. * bindings/js/CommonVM.h: (WebCore::writeBarrierOpaqueRoot): Deleted. * bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::finishCreation): (WebCore::JSDOMGlobalObject::scriptExecutionContext): * bindings/js/JSDOMWrapper.cpp: (WebCore::outputConstraintSubspaceFor): (WebCore::globalObjectOutputConstraintSubspaceFor): * bindings/js/JSDOMWrapper.h: * bindings/js/WebCoreJSClientData.cpp: Added. (WebCore::JSVMClientData::JSVMClientData): (WebCore::JSVMClientData::~JSVMClientData): (WebCore::JSVMClientData::getAllWorlds): (WebCore::initNormalWorldClientData): * bindings/js/WebCoreJSClientData.h: (WebCore::JSVMClientData::outputConstraintSpace): (WebCore::JSVMClientData::globalObjectOutputConstraintSpace): (WebCore::JSVMClientData::forEachOutputConstraintSpace): (WebCore::JSVMClientData::JSVMClientData): Deleted. (WebCore::JSVMClientData::~JSVMClientData): Deleted. (WebCore::JSVMClientData::getAllWorlds): Deleted. (WebCore::initNormalWorldClientData): Deleted. * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): (GenerateImplementation): * dom/ContainerNodeAlgorithms.cpp: (WebCore::notifyChildNodeInserted): (WebCore::notifyChildNodeRemoved): 2017-01-18 Matthew Hanson Merge r210829. rdar://problem/30044439 2017-01-16 Filip Pizlo JSCell::classInfo() shouldn't have a bunch of mitigations for being called during destruction https://bugs.webkit.org/show_bug.cgi?id=167066 Reviewed by Keith Miller and Michael Saboff. No new tests because no new behavior. It's now necessary to avoid jsCast in destructors and finalizers. This was an easy rule to introduce because this used to always be the rule. * bindings/js/JSCSSValueCustom.cpp: (WebCore::JSDeprecatedCSSOMValueOwner::finalize): * bindings/js/JSDOMIterator.h: (WebCore::IteratorTraits>::destroy): * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): 2017-01-18 Matthew Hanson Merge r210822. rdar://problem/15607819 2017-01-17 Joseph Pecoraro Crash when closing tab with debugger paused https://bugs.webkit.org/show_bug.cgi?id=161746 Reviewed by Brian Burg and Brent Fulgham. * page/Page.h: (WebCore::Page::incrementNestedRunLoopCount): (WebCore::Page::decrementNestedRunLoopCount): (WebCore::Page::insideNestedRunLoop): Keep track of whether or not this Page is inside of a nested run loop. Currently the only nested run loop we know about is EventLoop used by Web Inspector when debugging JavaScript. (WebCore::Page::whenUnnested): Callback that can be called when we are no longer inside of a nested run loop. (WebCore::Page::~Page): Ensure we are not in a known nested run loop when destructing, since that could be unsafe. * inspector/PageScriptDebugServer.cpp: (WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal): Increment and decrement as we go into or leave the nested runloop. * inspector/InspectorController.cpp: (WebCore::InspectorController::inspectedPageDestroyed): (WebCore::InspectorController::disconnectAllFrontends): Rework destruction to allow disconnectAllFrontends to happen earlier if necessary. WebKit clients may use this to disconnect remote frontends when closing a Page. 2017-01-12 Matthew Hanson Merge r210447. rdar://problem/29872292 2017-01-06 Chris Dumez [Form Validation] "character" in maxlength validation message should be singular when maxlength is 1 https://bugs.webkit.org/show_bug.cgi?id=166712 Reviewed by Darin Adler. Fix validation message to use singular form of "character" when maxLength value is 1. Test: fast/forms/validation-message-maxLength.html * English.lproj/Localizable.strings: * English.lproj/Localizable.stringsdict: Added. * WebCore.xcodeproj/project.pbxproj: * extract-localizable-strings.pl: * platform/LocalizedStrings.cpp: * platform/LocalizedStrings.h: * platform/cocoa/LocalizedStringsCocoa.mm: (WebCore::localizedNString): (WebCore::localizedString): (WebCore::validationMessageTooLongText): 2017-01-12 Matthew Hanson Merge r210474. rdar://problem/29762809 2017-01-06 Daniel Bates Ensure navigation only allowed for documents not in the page cache https://bugs.webkit.org/show_bug.cgi?id=166773 Reviewed by Brent Fulgham. It is wise to ensure that navigation is only allowed when initiated from a document that is not in- or about to be put in- the page cache. Such a navigation would surprise a person that had navigated away from the initiating document among other issues. * dom/Document.cpp: (WebCore::Document::canNavigate): Only allow navigation if the document is not in the page cache. * html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::handleClick): Ditto. * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::handleClick): Ditto. * loader/FrameLoader.cpp: (WebCore::FrameLoader::urlSelected): Assert triggering event's document is not in the page cache. (WebCore::FrameLoader::submitForm): Allow submission if the document is not in the page cache. (WebCore::FrameLoader::loadFrameRequest): Assert triggering event's document is not in the page cache. * mathml/MathMLElement.cpp: (WebCore::MathMLElement::defaultEventHandler): Only allow navigation if the document is not in the page cache. * svg/SVGAElement.cpp: (WebCore::SVGAElement::defaultEventHandler): Ditto. 2017-01-12 Matthew Hanson Merge r210536. rdar://problem/29939970 2017-01-09 Chris Dumez REGRESSION(r189555): ImageDocument title no longer includes the size of the image https://bugs.webkit.org/show_bug.cgi?id=166876 Reviewed by Tim Horton. ImageDocument title no longer included the size of the image after r189555. This is because Document::setTitle() is a no-op if the document does not have a element. To address the issue, we now include a element in ImageDocuments so that their title element properly gets added to it. Test: fast/images/imageDocument-title.html * html/ImageDocument.cpp: (WebCore::ImageDocument::createDocumentStructure): 2017-01-12 Matthew Hanson Merge r210689. rdar://problem/29985957 2017-01-12 Chris Dumez [iOS] HTML form validation popover sometimes does not go away https://bugs.webkit.org/show_bug.cgi?id=166990 Reviewed by Tim Horton. The issue was that [UIViewController presentViewController:] is asynchronous and that we sometimes tried to call [m_popoverController dismissViewControllerAnimated:] before presentViewController had completed. This is something that UIKit does not handle nicely and the popover just stays visible even though we have asked for the controller to be dismissed and destroyed the ValidationBubble object. To address the issue, I made ValidationBubble RefCounted and make sure the ValidationBubble object stays alive at least until the completion handler for [UIViewController presentViewController:] has been called. This is done via protecting the object using a RefPtr<> and capturing it in the lambda. Because dismissViewControllerAnimated is called in the destructor, it is no longer possible to call dismissViewControllerAnimated before the call to presentViewController has completed. No new tests, no easily testable since the popover was staying visible after being destroyed (held on by UIKit). * platform/ValidationBubble.h: (WebCore::ValidationBubble::create): * platform/ios/ValidationBubbleIOS.mm: (WebCore::ValidationBubble::show): 2017-01-12 Matthew Hanson Merge r210685. rdar://problem/29775711 2017-01-12 Chris Dumez Unreviewed EFL/GTK build fix after r210684. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): 2017-01-12 Matthew Hanson Merge r210684. rdar://problem/29775711 2017-01-12 Brady Eidson REGRESSION (r209977): Crash in UniqueIDBDatabase::executeNextDatabaseTask. https://bugs.webkit.org/show_bug.cgi?id=166984 Reviewed by Alex Christensen. No new tests (Unable to reproduce, speculative fix). * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): If we're not already prefetching for this cursor, starting doing so after holding a protector ref. (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): If we're now done prefetching for this cursor, schedule the protector ref to be destroyed on the main thread. * Modules/indexeddb/server/UniqueIDBDatabase.h: 2017-01-12 Matthew Hanson Merge r210679. rdar://problem/29910273 2017-01-12 Youenn Fablet OneDrive application crashes upon launch https://bugs.webkit.org/show_bug.cgi?id=166975 Reviewed by Brady Eidson. Checking whether load is terminated just after calling ResourceLoader::willSendRequestInternal. The reason is that delegate call may actually cancel the load at that point. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::willSendRequestInternal): 2017-01-12 Matthew Hanson Merge r210677. rdar://problem/21482487 2017-01-12 Jer Noble Protect MediaPlayer from being destroyed mid-load() https://bugs.webkit.org/show_bug.cgi?id=166976 Reviewed by Eric Carlson. It's possible for a message sent by MediaPlayer to HTMLMediaElement to cause MediaPlayer to be destroyed before MediaPlayer::load() completes. We have previously protected against this same problem in HTMLMediaElement::loadResource() by ref'ing at the beginning of the function and deref'ing on exit. To do the same in MediaPlayer, it must become RefCounted. To keep the same semantics about m_client in MediaPlayer (always available without requiring a null-check), make a new static MediaPlayerClient object which can replace the real (HTMLMediaElement) client when the MediaPlayer is invalidated. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::~HTMLMediaElement): (WebCore::HTMLMediaElement::clearMediaPlayer): (WebCore::HTMLMediaElement::createMediaPlayer): * html/HTMLMediaElement.h: * platform/graphics/MediaPlayer.cpp: (WebCore::nullMediaPlayerClient): (WebCore::MediaPlayer::create): (WebCore::MediaPlayer::MediaPlayer): (WebCore::MediaPlayer::invalidate): (WebCore::MediaPlayer::load): (WebCore::MediaPlayer::loadWithNextMediaEngine): (WebCore::MediaPlayer::inMediaDocument): (WebCore::MediaPlayer::fullscreenMode): (WebCore::MediaPlayer::requestedRate): (WebCore::MediaPlayer::currentPlaybackTargetIsWirelessChanged): (WebCore::MediaPlayer::networkStateChanged): (WebCore::MediaPlayer::readyStateChanged): (WebCore::MediaPlayer::volumeChanged): (WebCore::MediaPlayer::muteChanged): (WebCore::MediaPlayer::timeChanged): (WebCore::MediaPlayer::sizeChanged): (WebCore::MediaPlayer::repaint): (WebCore::MediaPlayer::durationChanged): (WebCore::MediaPlayer::rateChanged): (WebCore::MediaPlayer::playbackStateChanged): (WebCore::MediaPlayer::firstVideoFrameAvailable): (WebCore::MediaPlayer::characteristicChanged): (WebCore::MediaPlayer::cachedKeyForKeyId): (WebCore::MediaPlayer::keyNeeded): (WebCore::MediaPlayer::mediaKeysStorageDirectory): (WebCore::MediaPlayer::referrer): (WebCore::MediaPlayer::userAgent): (WebCore::MediaPlayer::graphicsDeviceAdapter): (WebCore::MediaPlayer::cachedResourceLoader): (WebCore::MediaPlayer::createResourceLoader): (WebCore::MediaPlayer::addAudioTrack): (WebCore::MediaPlayer::removeAudioTrack): (WebCore::MediaPlayer::addTextTrack): (WebCore::MediaPlayer::removeTextTrack): (WebCore::MediaPlayer::addVideoTrack): (WebCore::MediaPlayer::removeVideoTrack): (WebCore::MediaPlayer::outOfBandTrackSources): (WebCore::MediaPlayer::shouldWaitForResponseToAuthenticationChallenge): (WebCore::MediaPlayer::handlePlaybackCommand): (WebCore::MediaPlayer::sourceApplicationIdentifier): (WebCore::MediaPlayer::preferredAudioCharacteristics): (WebCore::MediaPlayer::doesHaveAttribute): (WebCore::MediaPlayer::mediaPlayerNetworkInterfaceName): (WebCore::MediaPlayer::getRawCookies): (WebCore::MediaPlayer::shouldDisableSleep): * platform/graphics/MediaPlayer.h: (WebCore::MediaPlayer::platformVolumeConfigurationRequired): (WebCore::MediaPlayer::client): 2017-01-12 Matthew Hanson Merge r210663. rdar://problem/29916484 2017-01-12 Said Abou-Hallawa [iOS][WK1] Fix initialization of CADisplayLink::preferredFramesPerSecond https://bugs.webkit.org/show_bug.cgi?id=166956 Reviewed by Tim Horton. Set this option to 60fps instead of leaving set to the default. * platform/graphics/ios/DisplayRefreshMonitorIOS.mm: (-[WebDisplayLinkHandler initWithMonitor:]): 2017-01-12 Matthew Hanson Merge r210616. rdar://problem/29971105 2017-01-11 Youenn Fablet Remove request.formData property until it gets implemented https://bugs.webkit.org/show_bug.cgi?id=166920 Reviewed by Chris Dumez. Covered by rebased tests. * Modules/fetch/FetchBody.idl: 2017-01-12 Matthew Hanson Merge r210609. rdar://problem/27896585 2017-01-11 Andreas Kling Crash when WebCore's GC heap grows way too large. Reviewed by Mark Lam. Cap the common WebCore VM at 4 GB of live JavaScript heap objects. * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): 2017-01-12 Matthew Hanson Merge r210599. rdar://problem/15307582 2017-01-11 Brent Fulgham File scheme should not allow access of a resource on a different volume. https://bugs.webkit.org/show_bug.cgi?id=158552 Reviewed by Alex Christensen. Revise SecurityOrigin to prevent files from one storage device (volume) from accessing content on a different storage device (volume) unless universal access is enabled. Pass the current file device as part of the NSURLRequest so that CFNetwork can reject loads where the device changes in the midst of a load. Also properly reflect that SecurityOrigin is never null by passing as a reference, rather than as a pointer. Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm * page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::canAccess): Pass argument as reference. (WebCore::SecurityOrigin::canDisplay): Add check that files share the same volume. (WebCore::SecurityOrigin::isSameSchemeHostPort): Pass argument as reference. * page/SecurityOrigin.h: * platform/FileSystem.cpp: (WebCore::filesHaveSameVolume): Added. * platform/FileSystem.h: * platform/network/cocoa/ResourceRequestCocoa.mm: (WebCore::ResourceRequest::doUpdatePlatformRequest): If loading a file URL, tell CFNetwork the storage device at the time of the start of the load so we can trigger a failure if this changes during the load operation. * platform/posix/FileSystemPOSIX.cpp: (WebCore::getFileDeviceId): Added. * platform/win/FileSystemWin.cpp: (WebCore::getFileDeviceId): Added. 2017-01-12 Matthew Hanson Merge r210593. rdar://problem/29970907 2017-01-11 Chris Dumez Iterating over URLSearchParams does not work https://bugs.webkit.org/show_bug.cgi?id=166921 Reviewed by Alex Christensen. Make URLSearchParams iterable, as per: - https://url.spec.whatwg.org/#urlsearchparams Test: fast/dom/DOMURL/searchparams-iterable.html * html/URLSearchParams.cpp: (WebCore::URLSearchParams::Iterator::next): (WebCore::URLSearchParams::Iterator::Iterator): * html/URLSearchParams.h: (WebCore::URLSearchParams::createIterator): * html/URLSearchParams.idl: 2017-01-12 Matthew Hanson Merge r210564. rdar://problem/29944582 2017-01-10 Ryosuke Niwa :active and :hover states may not be updated across slots https://bugs.webkit.org/show_bug.cgi?id=166881 Reviewed by Antti Koivisto. The bug was caused by updateHoverActiveState not updating :hover and :active states on elements when nodes are assigned to slots because they were walking up the tree using parentOrShadowHostElement and parentNode. Fixed the bug by using parentElementInComposedTree instead since :hover and :active states need to be updated in accordance with the render tree, which is created from the "flat tree" or the "composed tree" in WebKit's terminology (this is old terminology in the spec). Tests: fast/shadow-dom/clear-active-state-in-shadow.html fast/shadow-dom/hover-over-nested-slotted-content.html * dom/Document.cpp: (WebCore::Document::updateHoverActiveState): Fixed the bug. * dom/Node.cpp: (WebCore::Node::parentElementInComposedTree): Added. * dom/Node.h: 2017-01-12 Matthew Hanson Merge r210546. rdar://problem/29491188 2017-01-10 Youenn Fablet CachedScript cloning does not clone encodedSize https://bugs.webkit.org/show_bug.cgi?id=166865 Reviewed by Darin Adler. Covered by updated test. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::setBodyDataFrom): set encoded size based on being cloned resource. * loader/cache/CachedScript.cpp: (WebCore::CachedScript::script): (WebCore::CachedScript::setBodyDataFrom): Making use of CachedResource::setBodyDataFrom for complete cloning. 2017-01-12 Matthew Hanson Merge r210508. rdar://problem/29801059 2017-01-09 Daniel Bates Evaluating window named element may return wrong result https://bugs.webkit.org/show_bug.cgi?id=166792 Reviewed by Chris Dumez. * bindings/js/JSDOMWindowProperties.cpp: (WebCore::jsDOMWindowPropertiesGetOwnPropertySlotNamedItemGetter): 2017-01-12 Matthew Hanson Merge r210472. rdar://problem/29767412 2017-01-06 Joseph Pecoraro REGRESSION(r208886) Web Inspector: Toggling CSS Properties in Styles Sidebar (comment / uncomment) https://bugs.webkit.org/show_bug.cgi?id=166786 Reviewed by Brian Burg. * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyle::populateAllProperties): Match earlier behavior and don't send the frontend information about disabled (commented out) properties. Follow-up later to send this information when implementing proper handling of them in the frontend. 2017-01-12 Matthew Hanson Merge r210468. rdar://problem/29859121 2017-01-06 Chris Dumez Regression(r189230): DOM Callbacks may use wrong global object https://bugs.webkit.org/show_bug.cgi?id=166784 Reviewed by Mark Lam. DOM Callbacks could end up using the wrong global object after r189230 because we were getting the globalObject from the callback object instead of the one at the point the callback object was passed in by JavaScript. This patch fixes the issue. Test: fast/frames/frame-window-as-callback.html * bindings/js/JSCallbackData.cpp: (WebCore::JSCallbackData::invokeCallback): * bindings/js/JSCallbackData.h: (WebCore::JSCallbackData::globalObject): (WebCore::JSCallbackData::JSCallbackData): (WebCore::JSCallbackDataStrong::JSCallbackDataStrong): (WebCore::JSCallbackDataStrong::callback): (WebCore::JSCallbackDataStrong::invokeCallback): (WebCore::JSCallbackDataWeak::JSCallbackDataWeak): (WebCore::JSCallbackDataWeak::callback): (WebCore::JSCallbackDataWeak::invokeCallback): * bindings/scripts/CodeGeneratorJS.pm: (GenerateCallbackImplementationContent): 2017-01-12 Matthew Hanson Merge r210425. rdar://problem/29872021 2017-01-05 Chris Dumez [Form Validation] lengthy validation messages should be truncated with an ellipsis https://bugs.webkit.org/show_bug.cgi?id=166747 Reviewed by Simon Fraser. Lengthy HTML validation messages should be truncated with an ellipsis. Previously, they were truncated but there was no ellipsis. No new tests, not easily testable. Manually tested on - http://codepen.io/cdumez/full/zoOZmZ/ (last field) * platform/ios/ValidationBubbleIOS.mm: (WebCore::ValidationBubble::ValidationBubble): * platform/mac/ValidationBubbleMac.mm: (WebCore::ValidationBubble::ValidationBubble): 2017-01-12 Matthew Hanson Merge r210378. rdar://problem/29024384 2017-01-05 Zalan Bujtas Start hittesting a clean tree in RenderEmbeddedObject::isReplacementObscured https://bugs.webkit.org/show_bug.cgi?id=166743 Reviewed by Simon Fraser. Unable to reproduce. * rendering/RenderEmbeddedObject.cpp: (WebCore::RenderEmbeddedObject::isReplacementObscured): 2017-01-12 Matthew Hanson Merge r210376. rdar://problem/29763079 2017-01-04 Ryosuke Niwa Crash inside Editor::styleForSelectionStart https://bugs.webkit.org/show_bug.cgi?id=166710 Reviewed by Chris Dumez. Added a null pointer check. This crash can happen when the DOM is mutated as editorState tries to compute the style at the selection start. No new tests since there is no reproducible test case, and I couldn't come up with one either. This crash seems to retire some intricate dependency between when DOM is mutated, selection is updated, and then performPostLayoutTasks ends up updating the editor state in response to the element's editabilty changing. * editing/cocoa/EditorCocoa.mm: (WebCore::Editor::styleForSelectionStart): 2017-01-12 Matthew Hanson Merge r210147. rdar://problem/29675551 2016-12-23 Simon Fraser REGRESSION (r209299): Selection is broken when you zoom in webpage using trackpad https://bugs.webkit.org/show_bug.cgi?id=166472 rdar://problem/29675551 Reviewed by Tim Horton. r209299 broke autoscroll in zoomed pages because it changed RenderLayer::scrollRectToVisible() to shrink viewRect by page scale. This is incorrect for all callers of scrollRectToVisible, since the "absoluteRect" passed in is actually in zoomed document coordinates for all the callers I tested. This code is also fixed to account for headers and footers. getRectToExpose() takes rectangles in "scroll view contents" coordinates (i.e. including header, and zoomed document), so doesn't need the separate visibleRectRelativeToDocument parameter. Tests: fast/events/autoscroll-main-document.html fast/events/autoscroll-when-zoomed.html fast/events/drag-select-when-zoomed-with-header.html fast/events/drag-select-when-zoomed.html fast/scrolling/scroll-to-anchor-zoomed-header.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollRectToVisible): (WebCore::RenderLayer::getRectToExpose): * rendering/RenderLayer.h: 2017-01-12 Matthew Hanson Merge r210095. rdar://problem/29912221 2016-12-21 Tim Horton TileGrid revalidates tiles twice during flush, first with wrong visible rect https://bugs.webkit.org/show_bug.cgi?id=166406 Reviewed by Simon Fraser. No new tests; existing tests cover this code, this is just a perf win, specifically reducing the amount of layer churn during zooming. * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::setScale): Schedule a revalidation, which will happen later in the same flush, instead of doing it immediately. Doing it immediately is problematic, because we're currently in the middle of a GraphicsLayer tree flush, and don't have the complete picture of the new state yet. We're guaranteed to get the new scale *before* the flush calls revalidateTiles. 2017-01-12 Matthew Hanson Merge r210432. rdar://problem/29633667 2017-01-05 Ryosuke Niwa Finding text doesn't work across shadow boundary https://bugs.webkit.org/show_bug.cgi?id=158503 Reviewed by Antti Koivisto. Added a new TextIterator behavior flag, TextIteratorTraversesFlatTree, which makes TextIterator traverse the flat tree instead of the DOM tree, and made this behavior default in findPlainText. Also added a new find options flag, DoNotTraverseFlatTree, to suppress this behavior in window.find(~) and execCommand('FindString', false, ~) as they should not be able to peek information inside shadow trees. Unfortunately these APIs have been deprecated in the standards so there is no specification to follow. For now, we don't support finding a word or a keyword across a shadow boundary as this would require making rangeOfString and other related functions return a Range-like object that can cross shadow boundaries. Also added internals.rangeOfString to test Editor::rangeOfString, and replaced the bit-flag arguments to internals.countMatchesForText and internals.countFindMatches by an array of strings for better portability. Test: editing/text-iterator/find-string-on-flat-tree.html * editing/Editor.cpp: (WebCore::Editor::rangeOfString): Use the modern containingShadowRoot instead of nonBoundaryShadowTreeRootNode since the start container can be a shadow root, which nonBoundaryShadowTreeRootNode asserts not be the case. * editing/Editor.h: * editing/EditorCommand.cpp: (WebCore::executeFindString): Don't traverse across shadow boundaries. * editing/FindOptions.h: Added DoNotTraverseFlatTree. * editing/TextIterator.cpp: (WebCore::assignedAuthorSlot): Added. (WebCore::authorShadowRoot): Added. (WebCore::firstChildInFlatTreeIgnoringUserAgentShadow): Added. (WebCore::nextSiblingInFlatTreeIgnoringUserAgentShadow): Added. (WebCore::firstChild): Added. Traverses the flat tree when TextIteratorTraversesFlatTree is set. (WebCore::nextSibling): Ditto. (WebCore::parentNodeOrShadowHost): Ditto. (WebCore::TextIterator::advance): Don't set m_handledChildren to true when the current node has display: contents. (WebCore::findPlainText): Use TextIteratorTraversesFlatTree unless DoNotTraverseFlatTree is set. * editing/TextIteratorBehavior.h: Added TextIteratorTraversesFlatTree. * page/DOMWindow.cpp: (WebCore::DOMWindow::find): Don't traverse across shadow boundaries. * testing/Internals.cpp: (WebCore::parseFindOptions): Added. (WebCore::Internals::rangeOfString): Added. (WebCore::Internals::countMatchesForText): Replaced the find options by an array of strings instead of a bit mask. (WebCore::Internals::countFindMatches): Ditto. * testing/Internals.h: * testing/Internals.idl: Added rangeOfString, and replaced find options bit-flag in countMatchesForText and countFindMatches by an array of strings so that the tests themselves don't rely on a specific value of each bit flag. 2017-01-12 Matthew Hanson Merge r210131. rdar://problem/29633667 2016-12-23 Ryosuke Niwa Eliminate the use of lastChild in TextIterator https://bugs.webkit.org/show_bug.cgi?id=166456 Reviewed by Antti Koivisto. Just use the node we just existed in TextIterator::exitNode and in emitting additional new line to eliminate the use of Node::lastChild. Also initialize member variables in the declaration instead of the constructor to modernize the code. * editing/TextIterator.cpp: (WebCore::TextIterator::TextIterator): (WebCore::TextIterator::advance): (WebCore::TextIterator::exitNode): * editing/TextIterator.h: 2017-01-12 Matthew Hanson Merge r210094. rdar://problem/29912214 2016-12-21 Tim Horton TileGrid creates new tiles when there are recyclable tiles about to be removed https://bugs.webkit.org/show_bug.cgi?id=166408 Reviewed by Simon Fraser. No new tests; existing tests cover this code, this is just a perf win, specifically reducing the amount of layer churn during zooming. * platform/graphics/ca/TileGrid.cpp: (WebCore::TileGrid::revalidateTiles): Remove all the tiles that will be removed first, then add new tiles. Strictly ordering it this way means that tiles will be removed, go into the LayerPool, then be pulled back out of the LayerPool to sit in the newly-covered areas. Previously, we would sometimes make new layers for newly-covered areas, and then remove unneeded but otherwise recyclable tiles, which would then just go sit in the LayerPool (and often get pruned, wastefully). 2017-01-12 Matthew Hanson Merge r210078. rdar://problem/29633667 2016-12-21 Ryosuke Niwa Modernize findPlainText https://bugs.webkit.org/show_bug.cgi?id=166299 Reviewed by Sam Weinig. Modernized findPlainText by merging the static version of it into it and extracting the main nested loop out as findPlainTextOffset. No new tests since there should be no behavioral change. * editing/TextIterator.cpp: (WebCore::findPlainTextOffset): (WebCore::findPlainText): 2017-01-06 Matthew Hanson Merge r210221. rdar://problem/29449474 2017-01-01 Jeff Miller Update user-visible copyright strings to include 2017 https://bugs.webkit.org/show_bug.cgi?id=166278 Reviewed by Dan Bernstein. * Info.plist: 2017-01-05 Matthew Hanson Merge r210372. rdar://problem/29870033 2017-01-05 Chris Dumez Turn preferLowPowerWebGLRendering setting on by default https://bugs.webkit.org/show_bug.cgi?id=166737 Reviewed by Dean Jackson. Temporarily turn preferLowPowerWebGLRendering setting on by default until we deal better with WebGL content in background tabs. * page/Settings.in: 2017-01-05 Matthew Hanson Merge r210369. rdar://problem/29100419 2017-01-05 Zalan Bujtas Mark the dedicated root linebox for trailing floats in empty inlines dirty. https://bugs.webkit.org/show_bug.cgi?id=166732 Reviewed by Antti Koivisto. We normally attach floating boxes to the last root linebox. However when the floatbox is preceded by a
we generate a dedicated root linebox (TrailingFloatsRootInlineBox) for the floatbox. When this floatbox is a RenderInline descendant and this RenderInline does not generate lineboxes (it's ancestor RenderBlockFlow does) we have to make sure that this special root linebox gets marked dirty when the associated floatbox changes. (Unfortunately through the recursive calls on dirtyLinesFromChangedChild(), we lose the information about the "changed child" since the inlines propagates the marking logic to the RenderBlockFlow, see FIXME.) Test: fast/inline/trailing-floats-inline-crash2.html * rendering/RenderLineBoxList.cpp: (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): 2017-01-05 Matthew Hanson Merge r210368. rdar://problem/28908164 2017-01-05 Antoine Quint [Cocoa] Both modern-media-controls/images/iOS modern-media-controls/images/macOS are installed on both platforms https://bugs.webkit.org/show_bug.cgi?id=163871 Reviewed by Eric Carlson. We now only copy modern media controls images, if any, for the current platform. * WebCore.xcodeproj/project.pbxproj: 2017-01-05 Matthew Hanson Merge r210361. rdar://problem/29870245 2017-01-05 Chris Dumez Form validation: Align email validation with the latest HTML specification https://bugs.webkit.org/show_bug.cgi?id=166697 Reviewed by Alex Christensen. Align email validation with the latest HTML specification: - https://html.spec.whatwg.org/#valid-e-mail-address It particular, the following changes were made: - The first and last character of the domain now needs to be a letter or a digit - Parts of the domain can only be 63 characters in length No new tests, extended existing test. * html/EmailInputType.cpp: 2017-01-05 Matthew Hanson Merge r210360. rdar://problem/19595567 2017-01-05 Enrica Casucci Support File Promise during drag for macOS. https://bugs.webkit.org/show_bug.cgi?id=165204 rdar://problem/19595567 Reviewed by Tim Horton. Adds the support for handling File Promise type during drag. DragData now has the knowledge of the NSFilesPromisePboardType and checks for the data type during drag. * page/mac/DragControllerMac.mm: (WebCore::DragController::dragOperation): * platform/DragData.h: (WebCore::DragData::setFileNames): (WebCore::DragData::fileNames): * platform/mac/DragDataMac.mm: (WebCore::DragData::containsFiles): (WebCore::DragData::numberOfFiles): (WebCore::DragData::asFilenames): (WebCore::DragData::containsCompatibleContent): (WebCore::DragData::containsPromise): (WebCore::DragData::asURL): 2017-01-05 Matthew Hanson Merge r210359. rdar://problem/29882478 2017-01-05 Per Arne Vollan [Win] Compile error. https://bugs.webkit.org/show_bug.cgi?id=166726 Reviewed by Alex Christensen. Add include folder. * CMakeLists.txt: 2017-01-05 Matthew Hanson Merge r210328. rdar://problem/29870673 2017-01-05 Wenson Hsieh Disable smooth playhead animation for main content media in the Touch Bar https://bugs.webkit.org/show_bug.cgi?id=166715 Reviewed by Eric Carlson. Passing in a non-zero playback rate to WebPlaybackControlsManager's timing property causes unintended effects further down the stack. Please see the Radar for more details. * platform/mac/WebPlaybackSessionInterfaceMac.mm: (WebCore::WebPlaybackSessionInterfaceMac::updatePlaybackControlsManagerTiming): 2017-01-05 Matthew Hanson Merge r210288. rdar://problem/29741862 2016-01-04 Brent Fulgham Correct DOMWindow handling during FrameLoader::clear https://bugs.webkit.org/show_bug.cgi?id=166357 Reviewed by Andy Estes. Make sure that we always clean up the DOM window when clearing Window properties, even if the document will remain in the page cache. Since 'clearWindowShell' is only used in FrameLoader, divide it's beahvior into two steps: 1. Rename 'clearWindowShell' to 'clearWIndowShellsNotMatchingDOMWindow' to better describe its function. Switch to a modern C++ loop. Do not switch to the new DOMWindow here, but detach and clear existing DOMWindow connections. 2. Add a new method 'setDOMWindowForWindowShell'. Complete switch to the new DOMWindow. This change allows us to disconnect the old DOMWindow, perform the 'setDocument(nullptr)' operation, and then connect to the new Window without leaving the loader in an inconsistent state. * loader/bindings/js/ScriptController.cpp: (WebCore::clearWindowShellsNotMatchingDOMWindow): Renamed from 'clearWindowShell' (WebCore::setDOMWindowForWindowShell): Added. * loader/bindings/js/ScriptController.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Revise to use the new two-step DOMWindow switch logic. 2017-01-05 Matthew Hanson Merge r210284. rdar://problem/29865854 2017-01-04 Chris Dumez Assertion hit on redfin.com: ASSERTION FAILED: collection->length() > 1 https://bugs.webkit.org/show_bug.cgi?id=166687 Reviewed by Darin Adler. We were mistakenly calling Document::addWindowNamedItem() / Document::removeWindowNamedItem() for elements in Shadow DOMs. As a result, the windowNamedItem DocumentOrderedMap would contain elements in shadow DOMs. This would cause the assertion to be hit in window's named property getter because of the length mismatch between the windowNamedItem DocumentOrderedMap and the WindowNameCollection. Tests: fast/shadow-dom/document-named-property.html fast/shadow-dom/window-named-property.html * dom/Element.cpp: (WebCore::Element::updateNameForDocument): (WebCore::Element::updateIdForDocument): * html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::parseAttribute): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateDocNamedItem): 2017-01-05 Matthew Hanson Merge r210279. rdar://problem/29607569 2017-01-04 Joseph Pecoraro Web Inspector: Cross Origin importScripts() scripts lack source URL, causes issues with Inspector showing Resource https://bugs.webkit.org/show_bug.cgi?id=165569 Reviewed by Youenn Fablet. Test: http/tests/inspector/worker/blob-script-with-cross-domain-imported-scripts.html * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::didReceiveResponse): * loader/ThreadableLoader.cpp: (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): * loader/ThreadableLoader.h: * loader/WorkerThreadableLoader.cpp: (WebCore::LoaderTaskOptions::LoaderTaskOptions): Add a new ThreadableLoader option to avoid filtering the response. * workers/WorkerScriptLoader.cpp: (WebCore::WorkerScriptLoader::loadSynchronously): (WebCore::WorkerScriptLoader::loadAsynchronously): Disable filtering of the response. This is an internal load, we don't want to filter data that would be valuable later. 2017-01-05 Matthew Hanson Merge r210267. rdar://problem/29796608 2017-01-03 Ryosuke Niwa label element with tabindex >= 0 is not focusable https://bugs.webkit.org/show_bug.cgi?id=102780 Reviewed by Darin Adler. Fixed the bug by removing the override for HTMLLabelElement::isFocusable which always returned false. This is a behavior from r5532 but it doesn't match the latest HTML specification or that of Chrome and Firefox. Also fixed an existing bug in HTMLLabelElement::focus and HTMLLegendElement::focus which focused the associated form control when there is one even if the element itself is focusable. Without this fix, traversing from control with shift+tab would break since focusing the label would move the focus back to the input element inside the label element. Finally, fixed a bug in HTMLLegendElement::focus that we can call inFocus without updating layout first. The fix was inspired by https://chromium.googlesource.com/chromium/src/+/085ad8697b1be50c4f93e296797a25a43a79bcfb Test: fast/events/focus-label-legend-elements-with-tabindex.html * html/HTMLLabelElement.cpp: (WebCore::HTMLLabelElement::focus): (WebCore::HTMLLabelElement::isFocusable): Deleted. * html/HTMLLabelElement.h: * html/HTMLLegendElement.cpp: (WebCore::HTMLLegendElement::focus): 2017-01-05 Matthew Hanson Merge r210273. rdar://problem/29834093 2017-01-04 Tim Horton Provide a setting for clients to always prefer low-power WebGL https://bugs.webkit.org/show_bug.cgi?id=166675 Reviewed by Dan Bernstein. No new tests; as noted in r204664, we don't know how to reliably test automatic graphics switching. One could use the manual test introduced in that commit; after this commit, with the setting switched on, on a dual-GPU machine that is actively using integrated graphics, that test should return the same result for both contexts. * page/Settings.in: Add a setting to prefer low-power WebGL. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::create): If said setting is enabled, set preferLowPowerToHighPerformance. 2017-01-05 Matthew Hanson Merge r210266. rdar://problem/29447824 2017-01-03 Tim Horton NSSpellChecker's recordResponse isn't called for unseen automatic corrections https://bugs.webkit.org/show_bug.cgi?id=166450 Reviewed by Darin Adler. Test: editing/mac/spelling/accept-unseen-candidate-records-acceptance.html * editing/AlternativeTextController.cpp: (WebCore::AlternativeTextController::recordAutocorrectionResponse): (WebCore::AlternativeTextController::recordAutocorrectionResponseReversed): Deleted. * editing/AlternativeTextController.h: Add recordAutocorrectionResponse, which takes a AutocorrectionResponseType, instead of having a function specifically for reverted autocorrections. Also, get rid of the unnecessary indirection of the private overload of recordAutocorrectionResponseReversed, since there's only one caller. * editing/Editor.cpp: (WebCore::Editor::markAndReplaceFor): Call recordAutocorrectionResponse with Accepted when performing an auto-autocorrection. (WebCore::Editor::changeBackToReplacedString): Adopt recordAutocorrectionResponse. * page/AlternativeTextClient.h: Add an "AutocorrectionAccepted" response type. 2017-01-05 Matthew Hanson Merge r210142. rdar://problem/29109053 2016-12-23 Andreas Kling REGRESSION(r209865): Crash when navigating back to some pages with compositing layers. Reviewed by Darin Adler. Remove the old WK1-era clear/restoreBackingStores optimization from the page cache. When enabling it on non-iOS platforms, we started hitting lots of assertions, and none of our memory tests showed any significant improvement anyway. Test: compositing/page-cache-back-crash.html * history/CachedFrame.cpp: (WebCore::CachedFrameBase::CachedFrameBase): (WebCore::CachedFrameBase::restore): (WebCore::CachedFrame::CachedFrame): * history/CachedFrame.h: * page/FrameView.cpp: (WebCore::FrameView::restoreBackingStores): Deleted. * page/FrameView.h: 2017-01-05 Matthew Hanson Merge r210122. rdar://problem/29763012 2016-12-22 Brent Fulgham Nested calls to setDocument can omit firing 'unload' events https://bugs.webkit.org/show_bug.cgi?id=166422 Reviewed by Alex Christensen. Test: fast/loader/nested-document-handling.html Only allow a single document change to be taking place during a given runloop cycle. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): Block script changing the document when we are in the middle of changing the document. * page/Frame.cpp: (WebCore::Frame::setDocument): Keep track of document change state. * page/Frame.h: 2017-01-05 Matthew Hanson Merge r210120. rdar://problem/29772233 2016-12-22 Zalan Bujtas Do not destroy the RenderNamedFlowFragment as leftover anonymous block. https://bugs.webkit.org/show_bug.cgi?id=166436 rdar://problem/29772233 Reviewed by Simon Fraser. When as the result of certain style change, the generated anonymous block is not needed anymore, we move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc. Test: fast/regions/flow-fragment-as-anonymous-block-crash.html * rendering/RenderObject.h: (WebCore::RenderObject::isAnonymousBlock): 2017-01-05 Matthew Hanson Merge r210112. rdar://problem/29742039 2016-12-22 Daniel Bates Bypass pop-up blocker from cross-origin or sandboxed frame https://bugs.webkit.org/show_bug.cgi?id=166290 Reviewed by Darin Adler. Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html * page/DOMWindow.cpp: (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the target frame to navigate with respect to the active document just as we do in WebCore::createWindow(). 2017-01-05 Matthew Hanson Merge r210104. rdar://problem/29139619 2016-12-22 Jer Noble NULL-deref CRASH in WebCore::PlatformMediaSession::mediaType https://bugs.webkit.org/show_bug.cgi?id=166407 Reviewed by Darin Adler. In r207688, we added a facility in PlatformMediaSessionManager for safely walking through a list of PlatformMediaSessions by replacing entries of deleted sessions with nullptr. We now need to use those new iteration falicities in MediaSessionManageriOS. In addition to the existing iterators, add one which takes a predicate, and returns the first session which matches the predicate, or nullptr, if none do. * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::findSession): (WebCore::PlatformMediaSessionManager::anyOfSessions): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::sessions): Deleted. * platform/audio/ios/MediaSessionManagerIOS.mm: (WebCore::MediaSessionManageriOS::configureWireLessTargetMonitoring): (WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): (WebCore::MediaSessionManageriOS::externalOutputDeviceAvailableDidChange): (WebCore::MediaSessionManageriOS::applicationDidEnterBackground): (WebCore::MediaSessionManageriOS::applicationWillEnterForeground): 2017-01-05 Matthew Hanson Merge r210100. rdar://problem/28388000 2016-12-22 Jer Noble Muted media element playback should not interrupt other audio playback https://bugs.webkit.org/show_bug.cgi?id=166347 Reviewed by Eric Carlson. Test: TestWebKitAPI/WebKit/ios/AudioSessionCategoryIOS.mm * platform/audio/cocoa/MediaSessionManagerCocoa.cpp: (PlatformMediaSessionManager::updateSessionState): 2017-01-05 Matthew Hanson Merge r210083. rdar://problem/25391382 2016-12-21 Jiewen Tan WebKit should set Original URL of a download request correctly https://bugs.webkit.org/show_bug.cgi?id=166394 Reviewed by Alex Christensen. WebKit should set Original URL of a download request correctly if the download is initiated by clicking on a link with target=_blank. Manually tested as the requested test infrastructure doesn't exist yet. We need actual loading process for API test such that we could simulate the real situation which PolicyDownload is only set when we receive responds. Currently we can only set PolicyDownload in a NavigationDelegate when the load starts. Hence we cannot simulate the following process: load starts -> PolicyUse -> creates a new WebView -> respond receives -> PolicyDownload -> downloads. * loader/FrameLoader.cpp: (WebCore::FrameLoader::setOriginalURLForDownloadRequest): 2017-01-05 Matthew Hanson Merge r210061. rdar://problem/29763143 2016-12-21 Eric Carlson [MediaStream] MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer can be called before it has a media stream https://bugs.webkit.org/show_bug.cgi?id=166344 Reviewed by Jer Noble. There is a very narrow window during which a MediaStream player can be asked for its layer before it has a steam, resulting in a NULL dereference and crash. Don't do that. Unable to reproduce. * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): 2017-01-05 Matthew Hanson Merge r210059. rdar://problem/29727145 2016-12-21 Simon Fraser Fixed bars are positioned incorrectly when there are header and footer banners https://bugs.webkit.org/show_bug.cgi?id=166302 rdar://problem/29727145 Reviewed by Tim Horton. The computation of the visual viewport was wrong in the presence of header and footer banners. It needs to take into account the fact that "visibleContentRect" applies to the scroll view contents, which includes header and footer (unscaled), and the potentially scaled document, and we need to return a rectangle in unscaled document coordinates. Make a static method in FrameView to do this computation, and call it from FrameView::visualViewportRect() and ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition(). layoutViewportForScrollPosition() is only called on Mac, so remove the #ifdeffing related to scaling, and pass in an unscaled scroll position. Test: fast/visual-viewport/zoomed-fixed-header-and-footer.html * page/FrameView.cpp: (WebCore::FrameView::updateLayoutViewport): (WebCore::FrameView::maxStableLayoutViewportOrigin): (WebCore::FrameView::visibleDocumentRect): (WebCore::FrameView::visualViewportRect): * page/FrameView.h: * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition): * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPositionWithoutContentEdgeConstraints): 2017-01-05 Matthew Hanson Merge r210035. rdar://problem/29704862 2016-12-20 Zalan Bujtas SVG elements should inherit the root's flow thread state. https://bugs.webkit.org/show_bug.cgi?id=166173 rdar://problem/29704862 Reviewed by Simon Fraser. When the is not part of the multicolumn context (out of flow positioning), its descendants should not be in the flow either. Test: fast/multicol/svg-inside-multicolumn.html * rendering/RenderObject.cpp: (WebCore::RenderObject::computedFlowThreadState): * rendering/RenderObject.h: (WebCore::RenderObject::isProgress): (WebCore::RenderObject::isRenderSVGBlock): * rendering/svg/RenderSVGBlock.h: 2017-01-04 Matthew Hanson Merge r209990. rdar://problem/29705967 2016-12-18 Brent Fulgham Side effects while restting form elements https://bugs.webkit.org/show_bug.cgi?id=165959 Reviewed by Anders Carlsson. JavaScript logic can run while resetting FormElement objects. This can lead to unintended side-effets and other unwanted behavior. We should protect these elements during the reset. Test: fast/html/form-mutate.html * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::HTMLFormElement): Switch to C++11 initialization. (WebCore::HTMLFormElement::reset): Protect elements until the reset operation is finished. (WebCore::HTMLFormElement::resetAssociatedFormControlElements): Added to share code with 'resumeFromDocument'. (WebCore::HTMLFormElement::resumeFromDocument): Protect elements until the reset operation is finished. 2017-01-04 Matthew Hanson Merge r210045. rdar://problem/29560853 2016-12-20 Alex Christensen Remove initEvent quirk https://bugs.webkit.org/show_bug.cgi?id=166284 Reviewed by Dan Bernstein. We added this quirk in r207908 and expanded it in r209946 and r210034. Many web compatibility issues have been found, which leads us to believe that many more exist. This reverts the behavior to match how it was before r203848. This change was proposed to the spec in https://github.com/whatwg/dom/issues/387 * dom/Event.cpp: (WebCore::Event::initEventForBindings): Deleted. * dom/Event.h: * dom/Event.idl: * platform/RuntimeApplicationChecks.h: * platform/RuntimeApplicationChecks.mm: (WebCore::IOSApplication::isBaiduNuomi): Deleted. (WebCore::IOSApplication::isAutoNaviAMap): Deleted. (WebCore::IOSApplication::isFlipboard): Deleted. 2017-01-04 Matthew Hanson Merge r210034. rdar://problem/29560853 2016-12-20 Alex Christensen Fix yet another app that uses initEvent with fewer than 3 parameters https://bugs.webkit.org/show_bug.cgi?id=166257 Reviewed by Sam Weinig. * dom/Event.cpp: (WebCore::Event::initEventForBindings): * platform/RuntimeApplicationChecks.h: * platform/RuntimeApplicationChecks.mm: (WebCore::IOSApplication::isAutoNaviAMap): AutoNavi amap has content that uses initEvent with one parameter. This quirk is needed here, too. 2016-12-21 Babak Shafiei Roll out r209261. 2016-12-21 Babak Shafiei Roll out r209510. 2016-12-19 Dean Jackson Merge another patch for rdar://problem/29466493. 2016-12-19 Dean Jackson Disable some features on the safari-603-branch. * Configurations/FeatureDefines.xcconfig: * css/SelectorChecker.cpp: (WebCore::SelectorChecker::matchRecursively): * css/SelectorFilter.cpp: (WebCore::SelectorFilter::collectIdentifierHashes): * css/parser/CSSSelectorParser.cpp: (WebCore::isOnlyPseudoClassFunction): (WebCore::CSSSelectorParser::consumePseudo): (WebCore::CSSSelectorParser::consumeCombinator): * cssjit/SelectorCompiler.cpp: (WebCore::SelectorCompiler::fragmentRelationForSelectorRelation): 2016-12-19 Babak Shafiei Merge patch for rdar://problem/29466493. 2016-12-19 Dean Jackson Disable some features on the safari-603-branch. - Force the default state of experimental features to off. - Move some experimental features that should be enabled on this branch into the general feature list, so they can't be disabled. - Disable some features that are not ready. * Configurations/FeatureDefines.xcconfig: 2016-12-18 Brady Eidson IndexedDB 2.0: Prefetch cursor records in the server. https://bugs.webkit.org/show_bug.cgi?id=166014 Reviewed by Andy Estes. No new tests (Covered by existing LayoutTests and PerformanceTests). This patch implements the followng: 1 - After a backing store cursor completes a fetch in the server, it will schedule the next fetch even before the client requests one. It will do this up to a limited number of prefetches. 2 - Once a client request to advance the cursor comes in, we'll work our way through prefetched records instead of reading anything from disk, which might then cause us to continue prefetch. 3 - If any changes to the object store occur, it will throw away all previously fetched records (There's room for future improvement here) * Modules/indexeddb/server/IDBBackingStore.h: * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::postDatabaseTask): * Modules/indexeddb/server/MemoryIDBBackingStore.h: * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange): (WebCore::IDBServer::SQLiteIDBBackingStore::prefetchCursor): * Modules/indexeddb/server/SQLiteIDBBackingStore.h: * Modules/indexeddb/server/SQLiteIDBCursor.cpp: (WebCore::IDBServer::SQLiteIDBCursor::objectStoreRecordsChanged): (WebCore::IDBServer::SQLiteIDBCursor::prefetch): (WebCore::IDBServer::SQLiteIDBCursor::advance): * Modules/indexeddb/server/SQLiteIDBCursor.h: * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor): (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor): (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask): * Modules/indexeddb/server/UniqueIDBDatabase.h: 2016-12-18 Wenson Hsieh Changing text direction fires input events with null inputTypes and no data https://bugs.webkit.org/show_bug.cgi?id=166007 Reviewed by Sam Weinig. Adds support for the "formatSetInlineTextDirection" input type, triggered when using the context menu on Mac in an editable area (for both plain and rich text cases) to change paragraph direction. To do this, we add cases for EditActionSetWritingDirection in inputTypeNameForEditingAction and inputEventDataForEditingStyleAndAction. When changing text direction for a plaintext editable element, we have logic in Editor::setBaseWritingDirection that sets the focused element's dir attribute to the requested value (ltr or rtl). We add similar hooks here to dispatch input events and handle preventing default. Test: fast/events/before-input-events-prevent-text-direction.html * editing/EditCommand.cpp: (WebCore::inputTypeNameForEditingAction): Handle the EditActionSetWritingDirection case. * editing/Editor.cpp: (WebCore::inputEventDataForEditingStyleAndAction): (WebCore::Editor::applyParagraphStyle): Include input event data when dispatching an input event here. (WebCore::Editor::setBaseWritingDirection): * testing/Internals.cpp: (WebCore::Internals::setBaseWritingDirection): * testing/Internals.h: * testing/Internals.idl: Introduce an internal testing support hook for setting base writing direction (the same codepath taken when using the context menu to change paragraph direction). Currently, using testRunner.execCommand creates and applies style with an additional `unicode-bidi` attribute, and appears to also be intentionally disabled for plaintext editable elements. 2016-12-17 Simon Fraser Build fix: linking WebCore was failing: you can't export inline functions. * css/DeprecatedCSSOMPrimitiveValue.cpp: (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType): (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue): (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue): * css/DeprecatedCSSOMPrimitiveValue.h: (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType): Deleted. (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue): Deleted. (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue): Deleted. (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue): Deleted. (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue): Deleted. 2016-12-16 Dave Hyatt [CSS Values] Make separate wrapper classes for the deprecated CSS Values OM https://bugs.webkit.org/show_bug.cgi?id=165968 Reviewed by Andreas Kling. This patch changes the CSS OM for values to use distinct wrapper classes instead of cloning the existing classes. By actually wrapping values instead of cloning, we are freed up to change our CSS value hierarchy however we'd like (such as changing to match the new CSS Values OM that is coming soon). All of the CSS Values wrapper classes are prefixed with "DeprecatedCSSOM" to reflect our desire (ultimately) to remove this API from our tree. We're the only ones that support it, and it's not used on the Web, but it is part of the WebKitLegacy API and might be used internally. * CMakeLists.txt: * DerivedSources.cpp: * DerivedSources.make: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSCSSStyleDeclarationCustom.cpp: (WebCore::JSCSSStyleDeclaration::getPropertyCSSValue): * bindings/js/JSCSSValueCustom.cpp: (WebCore::JSDeprecatedCSSOMValueOwner::isReachableFromOpaqueRoots): (WebCore::JSDeprecatedCSSOMValueOwner::finalize): (WebCore::toJSNewlyCreated): (WebCore::toJS): (WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots): Deleted. (WebCore::JSCSSValueOwner::finalize): Deleted. * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): * css/CSSComputedStyleDeclaration.h: * css/CSSGridLineNamesValue.cpp: (WebCore::CSSGridLineNamesValue::cloneForCSSOM): Deleted. * css/CSSGridLineNamesValue.h: * css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::cloneForCSSOM): Deleted. * css/CSSImageSetValue.h: * css/CSSImageValue.cpp: (WebCore::CSSImageValue::createDeprecatedCSSOMWrapper): (WebCore::CSSImageValue::cloneForCSSOM): Deleted. * css/CSSImageValue.h: * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::createDeprecatedCSSOMPrimitiveWrapper): (WebCore::CSSPrimitiveValue::cloneForCSSOM): Deleted. * css/CSSPrimitiveValue.h: * css/CSSPrimitiveValue.idl: Removed. * css/CSSStyleDeclaration.h: * css/CSSStyleDeclaration.idl: * css/CSSValue.cpp: (WebCore::CSSValue::traverseSubresources): (WebCore::CSSValue::equals): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): (WebCore::CSSValue::createDeprecatedCSSOMWrapper): (): Deleted. (WebCore::CSSValue::cloneForCSSOM): Deleted. * css/CSSValue.h: (WebCore::CSSValue::CSSValue): (WebCore::CSSValue::setCssText): Deleted. (WebCore::CSSValue::isCSSOMSafe): Deleted. (WebCore::CSSValue::isSubtypeExposedToCSSOM): Deleted. * css/CSSValue.idl: Removed. * css/CSSValueList.cpp: (WebCore::CSSValueList::cloneForCSSOM): Deleted. * css/CSSValueList.h: (WebCore::CSSValueList::separator): * css/CSSValueList.idl: Removed. * css/Counter.h: * css/Counter.idl: Removed. * css/DeprecatedCSSOMCounter.h: Added. * css/DeprecatedCSSOMCounter.idl: Copied from Source/WebCore/css/Counter.idl. * css/DeprecatedCSSOMPrimitiveValue.cpp: Added. (WebCore::DeprecatedCSSOMPrimitiveValue::getCounterValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getRectValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getRGBColorValue): * css/DeprecatedCSSOMPrimitiveValue.h: Added. (WebCore::DeprecatedCSSOMPrimitiveValue::create): (WebCore::DeprecatedCSSOMPrimitiveValue::equals): (WebCore::DeprecatedCSSOMPrimitiveValue::cssValueType): (WebCore::DeprecatedCSSOMPrimitiveValue::cssText): (WebCore::DeprecatedCSSOMPrimitiveValue::primitiveType): (WebCore::DeprecatedCSSOMPrimitiveValue::setFloatValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getFloatValue): (WebCore::DeprecatedCSSOMPrimitiveValue::setStringValue): (WebCore::DeprecatedCSSOMPrimitiveValue::getStringValue): (WebCore::DeprecatedCSSOMPrimitiveValue::stringValue): (WebCore::DeprecatedCSSOMPrimitiveValue::DeprecatedCSSOMPrimitiveValue): * css/DeprecatedCSSOMPrimitiveValue.idl: Copied from Source/WebCore/css/CSSPrimitiveValue.idl. * css/DeprecatedCSSOMRGBColor.h: Added. * css/DeprecatedCSSOMRGBColor.idl: Copied from Source/WebCore/css/RGBColor.idl. * css/DeprecatedCSSOMRect.h: Added. * css/DeprecatedCSSOMRect.idl: Copied from Source/WebCore/css/Rect.idl. * css/DeprecatedCSSOMValue.cpp: Added. (WebCore::compareCSSOMValues): (WebCore::DeprecatedCSSOMValue::equals): (WebCore::DeprecatedCSSOMValue::destroy): (WebCore::DeprecatedCSSOMValue::cssValueType): (WebCore::DeprecatedCSSOMValue::cssText): * css/DeprecatedCSSOMValue.h: Added. (WebCore::DeprecatedCSSOMValue::deref): (WebCore::DeprecatedCSSOMValue::setCssText): (WebCore::DeprecatedCSSOMValue::operator==): (WebCore::DeprecatedCSSOMValue::isComplexValue): (WebCore::DeprecatedCSSOMValue::isPrimitiveValue): (WebCore::DeprecatedCSSOMValue::isValueList): (WebCore::DeprecatedCSSOMValue::classType): (WebCore::DeprecatedCSSOMValue::DeprecatedCSSOMValue): (WebCore::DeprecatedCSSOMValue::~DeprecatedCSSOMValue): (WebCore::DeprecatedCSSOMComplexValue::create): (WebCore::DeprecatedCSSOMComplexValue::equals): (WebCore::DeprecatedCSSOMComplexValue::cssText): (WebCore::DeprecatedCSSOMComplexValue::cssValueType): (WebCore::DeprecatedCSSOMComplexValue::DeprecatedCSSOMComplexValue): * css/DeprecatedCSSOMValue.idl: Copied from Source/WebCore/css/CSSValue.idl. * css/DeprecatedCSSOMValueList.cpp: Added. (WebCore::DeprecatedCSSOMValueList::equals): (WebCore::DeprecatedCSSOMValueList::cssText): * css/DeprecatedCSSOMValueList.h: Added. (WebCore::DeprecatedCSSOMValueList::create): (WebCore::DeprecatedCSSOMValueList::cssValueType): (WebCore::DeprecatedCSSOMValueList::length): (WebCore::DeprecatedCSSOMValueList::item): (WebCore::DeprecatedCSSOMValueList::DeprecatedCSSOMValueList): * css/DeprecatedCSSOMValueList.idl: Copied from Source/WebCore/css/CSSValueList.idl. * css/LengthRepeat.h: * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue): (WebCore::PropertySetCSSStyleDeclaration::wrapForDeprecatedCSSOM): (WebCore::StyleRuleCSSStyleDeclaration::didMutate): (WebCore::InlineCSSStyleDeclaration::didMutate): (WebCore::PropertySetCSSStyleDeclaration::cloneAndCacheForCSSOM): Deleted. * css/PropertySetCSSStyleDeclaration.h: * css/RGBColor.cpp: (WebCore::RGBColor::red): Deleted. (WebCore::RGBColor::green): Deleted. (WebCore::RGBColor::blue): Deleted. (WebCore::RGBColor::alpha): Deleted. * css/RGBColor.h: * css/RGBColor.idl: Removed. * css/Rect.h: (WebCore::RectBase::RectBase): * css/Rect.idl: Removed. * svg/SVGElement.cpp: (WebCore::SVGElement::getPresentationAttribute): * svg/SVGElement.h: * svg/SVGElement.idl: 2016-12-17 Philippe Normand Unreviewed, rollout r209860 OWR player shouldn't be selected for normal video playback * platform/GStreamer.cmake: * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp: (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr): (WebCore::MediaPlayerPrivateGStreamerOwr::play): (WebCore::MediaPlayerPrivateGStreamerOwr::pause): (WebCore::MediaPlayerPrivateGStreamerOwr::load): (WebCore::MediaPlayerPrivateGStreamerOwr::stop): (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded): (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged): (WebCore::MediaPlayerPrivateGStreamerOwr::setSize): * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h: * platform/mediastream/openwebrtc/MediaEndpointOwr.cpp: (WebCore::MediaEndpointOwr::createMutedRemoteSource): * platform/mediastream/openwebrtc/RealtimeAudioSourceOwr.h: Removed. * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp: (WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable): * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.cpp: Removed. * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h: * platform/mediastream/openwebrtc/RealtimeVideoSourceOwr.h: Removed. 2016-12-17 Michael Catanzaro warning: the compiler can assume that the address of 'thisObject' will always evaluate to 'true' [-Waddress] in WebCore::JSHTMLDocument::getOwnPropertySlot https://bugs.webkit.org/show_bug.cgi?id=165987 Reviewed by Mark Lam. Work around the warning by passing the JSObject pointer this function receives directly to ASSERT_GC_OBJECT_INHERITS, instead of casting it to a reference and then taking the address of that, to avoid the -Waddress warning. * bindings/js/JSHTMLDocumentCustom.cpp: (WebCore::JSHTMLDocument::getOwnPropertySlot): 2016-12-17 Jer Noble Add implementation for navigator.requestMediaKeySystemAccess() https://bugs.webkit.org/show_bug.cgi?id=165850 Reviewed by Eric Carlson. Test: media/encrypted-media/mock-navigator-requestMediaKeySystemAccess.html Add an implementation of NavigatorEME::requestMediaKeySystemAccess() as well as the CDM object on which it depends. * Modules/encryptedmedia/CDM.cpp: Added. (WebCore::cdmFactories): (WebCore::createCDMPrivateForKeySystem): (WebCore::CDM::registerCDMFactory): (WebCore::CDM::unregisterCDMFactory): (WebCore::CDM::supportsKeySystem): (WebCore::CDM::create): (WebCore::CDM::CDM): (WebCore::CDM::getSupportedConfiguration): (WebCore::CDM::doSupportedConfigurationStep): (WebCore::CDM::isPersistentType): (WebCore::CDM::getSupportedCapabilitiesForAudioVideoType): (WebCore::CDM::getConsentStatus): * Modules/encryptedmedia/CDM.h: Added. (WebCore::CDMFactory::~CDMFactory): (WebCore::CDM::keySystem): (WebCore::CDM::createWeakPtr): * Modules/encryptedmedia/CDMPrivate.h: Added. (WebCore::CDMPrivate::~CDMPrivate): * Modules/encryptedmedia/NavigatorEME.cpp: (WebCore::NavigatorEME::requestMediaKeySystemAccess): (WebCore::tryNextSupportedConfiguration): * Modules/encryptedmedia/NavigatorEME.h: * Modules/encryptedmedia/NavigatorEME.idl: To aid in testing, a new Internals object is added, MockCDMFactory, which can be controlled by LayoutTests to change the behavior of the Mock objects it creates. * testing/Internals.cpp: (WebCore::Internals::registerMockCDM): * testing/Internals.h: * testing/Internals.idl: * testing/MockCDMFactory.cpp: Added. (WebCore::MockCDMFactory::MockCDMFactory): (WebCore::MockCDMFactory::~MockCDMFactory): (WebCore::MockCDMFactory::unregister): (WebCore::MockCDMFactory::supportsKeySystem): (WebCore::MockCDMFactory::createCDM): (WebCore::MockCDM::MockCDM): (WebCore::MockCDM::supportsInitDataType): (WebCore::MockCDM::supportsConfiguration): (WebCore::MockCDM::supportsConfigurationWithRestrictions): (WebCore::MockCDM::supportsSessionTypeWithConfiguration): (WebCore::MockCDM::supportsRobustness): (WebCore::MockCDM::distinctiveIdentifiersRequirement): (WebCore::MockCDM::persistentStateRequirement): (WebCore::MockCDM::distinctiveIdentifiersAreUniquePerOriginAndClearable): * testing/MockCDMFactory.h: Added. (WebCore::MockCDMFactory::create): (WebCore::MockCDMFactory::supportedDataTypes): (WebCore::MockCDMFactory::setSupportedDataTypes): (WebCore::MockCDMFactory::supportedRobustness): (WebCore::MockCDMFactory::setSupportedRobustness): (WebCore::MockCDMFactory::distinctiveIdentifiersRequirement): (WebCore::MockCDMFactory::setDistinctiveIdentifiersRequirement): (WebCore::MockCDMFactory::persistentStateRequirement): (WebCore::MockCDMFactory::setPersistentStateRequirement): * testing/MockCDMFactory.idl: Added. Move the MediaKeySessionType definition out of the MediaKeys.idl file and into its own. Move the MediaKeysRequiriment definition out of the MediaKeySystemConfiguration.idl file and into its own. Generally fix up the .idl files so that they properly work with their implementation files. * Modules/encryptedmedia/MediaKeySessionType.idl: Added. * Modules/encryptedmedia/MediaKeySystemAccess.cpp: (WebCore::MediaKeySystemAccess::create): (WebCore::MediaKeySystemAccess::MediaKeySystemAccess): (WebCore::MediaKeySystemAccess::keySystem): Deleted. (WebCore::MediaKeySystemAccess::getConfiguration): Deleted. * Modules/encryptedmedia/MediaKeySystemAccess.h: (WebCore::MediaKeySystemAccess::keySystem): (WebCore::MediaKeySystemAccess::getConfiguration): (WebCore::MediaKeySystemAccess::create): Deleted. * Modules/encryptedmedia/MediaKeySystemAccess.idl: * Modules/encryptedmedia/MediaKeySystemConfiguration.h: * Modules/encryptedmedia/MediaKeySystemConfiguration.idl: * Modules/encryptedmedia/MediaKeySystemMediaCapability.idl: * Modules/encryptedmedia/MediaKeys.idl: * Modules/encryptedmedia/MediaKeysRequirement.idl: Added. * Modules/encryptedmedia/MediaKeysRestrictions.h: Added. * bindings/js/JSMediaKeySystemAccessCustom.cpp: Removed. As some of these enums are referenced in the Internals project, they need to be exported from WebCore correctly. Teach the code generator how to export the symbols generated by enums. * bindings/scripts/CodeGeneratorJS.pm: (GenerateEnumerationHeaderContent): Add new files to the project. * CMakeLists.txt: * DerivedSources.make: * WebCore.xcodeproj/project.pbxproj: 2016-12-17 Darin Adler Remove WebCore::Dictionary, which is now unused https://bugs.webkit.org/show_bug.cgi?id=165988 Reviewed by Andreas Kling. * CMakeLists.txt: Removed the files. * WebCore.xcodeproj/project.pbxproj: Ditto. * bindings/js/Dictionary.cpp: Removed. * bindings/js/Dictionary.h: Removed. * bindings/js/JSBindingsAllInOne.cpp: Removed include of Dictionary.cpp. 2016-12-17 Youenn Fablet Cloned CachedResource should not have an empty response https://bugs.webkit.org/show_bug.cgi?id=165947 Reviewed by Sam Weinig. Test: http/tests/loading/reusing-cached-stylesheet-from-different-domain.html * loader/cache/CachedResource.cpp: (WebCore::CachedResource::setBodyDataFrom): Copying the response to the cloned resource. Even though the issue is appearing for stylesheets only, it is safer to do that for all cloned ressources. 2016-12-16 Brady Eidson IndexedDB: Refactor SQLiteIDBCursor to prepare for cursor prefetching. https://bugs.webkit.org/show_bug.cgi?id=165978 Reviewed by Alex Christensen. No new tests (Refactor, no behavior change). In preparation for cursor prefetching, we need to shift the cursor off of keeping "the current record" and onto keeping "a deque of fetched records", the first of which is "the current record". This patch does just that, but with no behavior change; The deque only ever holds 0 or 1 records. * Modules/indexeddb/server/SQLiteIDBCursor.cpp: (WebCore::IDBServer::SQLiteIDBCursor::currentData): (WebCore::IDBServer::SQLiteIDBCursor::objectStoreRecordsChanged): (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement): (WebCore::IDBServer::SQLiteIDBCursor::prefetch): (WebCore::IDBServer::SQLiteIDBCursor::advance): (WebCore::IDBServer::SQLiteIDBCursor::fetch): (WebCore::IDBServer::SQLiteIDBCursor::fetchNextRecord): (WebCore::IDBServer::SQLiteIDBCursor::markAsErrored): (WebCore::IDBServer::SQLiteIDBCursor::internalFetchNextRecord): (WebCore::IDBServer::SQLiteIDBCursor::iterate): (WebCore::IDBServer::SQLiteIDBCursor::currentKey): (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey): (WebCore::IDBServer::SQLiteIDBCursor::currentValue): (WebCore::IDBServer::SQLiteIDBCursor::didComplete): (WebCore::IDBServer::SQLiteIDBCursor::didError): (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID): (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::advanceOnce): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce): Deleted. * Modules/indexeddb/server/SQLiteIDBCursor.h: (WebCore::IDBServer::SQLiteIDBCursor::SQLiteCursorRecord::isTerminalRecord): (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::currentKey): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::currentValue): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::didComplete): Deleted. (WebCore::IDBServer::SQLiteIDBCursor::didError): Deleted. 2016-12-16 Darin Adler Remove all custom bindings from media streams, using dictionaries instead https://bugs.webkit.org/show_bug.cgi?id=165943 Reviewed by Sam Weinig. * CMakeLists.txt: Added and removed files. * DerivedSources.make: Ditto. * Modules/mediastream/DoubleRange.h: Added. Moved dictionary here so it can be shared by both MediaStreamTrack and MediaTrackSupportedConstraints. * Modules/mediastream/DoubleRange.idl: Ditto. * Modules/mediastream/LongRange.h: Ditto. * Modules/mediastream/LongRange.idl: Ditto. * Modules/mediastream/MediaDevices.cpp: (WebCore::MediaDevices::getSupportedConstraints): Changed to return a struct instead of a reference counted object. * Modules/mediastream/MediaDevices.h: Updated for the above. * Modules/mediastream/MediaDevices.idl: Added a conditional on the dictionary in this file; not needed because the conditional on the interface automatically affects the entire fiel, but for now the style seems to be to put these on all the dictionaries. * Modules/mediastream/MediaSourceSettings.cpp: Removed. * Modules/mediastream/MediaSourceSettings.h: Removed. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::getSettings): Changed to return a struct instead of a reference counted object. (WebCore::capabilityDoubleRange): Added. Helper for getCapabilities. (WebCore::capabilityIntRange): Ditto. (WebCore::capabilityStringVector): Ditto. (WebCore::capabilityBooleanVector): Ditto. (WebCore::MediaStreamTrack::getCapabilities): Changed to return a struct instead of a reference counted object. * Modules/mediastream/MediaStreamTrack.h: Updated for the above changes. Also defined the structs here in the class. * Modules/mediastream/MediaStreamTrack.idl: Defined the two dictionaries here and changed the functions to return them and not use [Custom] any more. * Modules/mediastream/MediaTrackConstraints.h: Moved DoubleRange and LongRange out of this file and into their own headers. Also removed the currently unimplemented latency and channelCount; there are FIXME comments in the IDL file about eventually adding these to match the specification. * Modules/mediastream/MediaTrackConstraints.idl: Added conditionals, and removed the unimplemented latency and channelCount. style of marking everything consistently. * Modules/mediastream/MediaTrackSupportedConstraints.h: Replaced this class with a struct. * Modules/mediastream/MediaTrackSupportedConstraints.idl: Replaced this interface with a dictionary. * WebCore.xcodeproj/project.pbxproj: Added and removed files. * bindings/js/JSMediaStreamTrackCustom.cpp: Removed. * bindings/js/JSMediaTrackSupportedConstraintsCustom.cpp: Removed. * platform/mediastream/MediaStreamTrackPrivate.cpp: Removed include of the MediaSourceSettings.h header. * platform/mediastream/MediaStreamTrackPrivate.h: Removed forward declaration of the MediaSourceSettings class. 2016-12-16 Zalan Bujtas Possible nullptr dereference when applying pagination to viewport https://bugs.webkit.org/show_bug.cgi?id=165926 Reviewed by Simon Fraser. Static analysis found a code path where a null dereference could occur. * page/FrameView.cpp: (WebCore::FrameView::applyPaginationToViewport): 2016-12-16 Ryan Haddad Fix the Windows build. Unreviewed build fix. * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp: 2016-12-16 Ryan Haddad Yet another attempt to fix the Windows build after r209936. Unreviewed build fix. * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h: 2016-12-16 Alex Christensen Use initEvent quirk added in r207908 for Flipboard https://bugs.webkit.org/show_bug.cgi?id=165974 Reviewed by Chris Dumez. * dom/Event.cpp: (WebCore::Event::initEventForBindings): * platform/RuntimeApplicationChecks.h: * platform/RuntimeApplicationChecks.mm: (WebCore::IOSApplication::isFlipboard): Flipboard also has JavaScript content that calls initEvent with not enough arguments. 2016-12-16 Chris Dumez [iOS] Align HTML from validation popover style with Copy/Paste callout bar https://bugs.webkit.org/show_bug.cgi?id=165973 Reviewed by Simon Fraser. Tweak font size and padding of the HTML from validation popover to match the style of the Copy/Paste callout bar on iOS. * platform/ios/ValidationBubbleIOS.mm: (WebCore::ValidationBubble::ValidationBubble): 2016-12-16 Ryan Haddad Another attempt to fix the Windows build after r209936. Unreviewed build fix. * CMakeLists.txt: 2016-12-16 Andy Estes Add a setting to suppress keyboard input during provisional navigation https://bugs.webkit.org/show_bug.cgi?id=165830 Reviewed by Brent Fulgham. Added a setting that suppresses keyboard input during provisional navigation. When the setting is enabled, DOM propogation of keyboard input events (KeyboardEvents, CompositionEvents, InputEvents, and some TextEvents) is suppressed, and text insertion is disabled in the editor. Non-editing default event handling still occurs, for instance keyboard scrolling, access keys, and focus navigation. Test: http/tests/navigation/keyboard-events-during-provisional-navigation.html * dom/CompositionEvent.h: Added a type trait specialization. * dom/EventDispatcher.cpp: (WebCore::shouldSuppressEventDispatchInDOM): Added. Returns true if the event is trusted, FrameLoader::shouldSuppressKeyboardInput() returns true, and the event is a CompositionEvent, InputEvent, KeyboardEvent, or keyboard/composition TextEvent. (WebCore::EventDispatcher::dispatchEvent): Called stopPropogation() on the event if shouldSuppressEventDispatchInDOM() returns true. * dom/InputEvent.h: Removed the inline no-op destructor so that DataTransfer does not need to be a complete type in every translation unit that includes this header. Added a type trait specialization. * dom/TextEvent.h: Added isKeyboard() to determine if m_inputType is TextEventInputKeyboard. * editing/Editor.cpp: (WebCore::Editor::shouldInsertText): Returned false if FrameLoader::shouldSuppressKeyboardInput() returns true and the action is EditorInsertActionTyped. * loader/FrameLoader.cpp: (WebCore::FrameLoader::shouldSuppressKeyboardInput): Added. Returns true if Settings::shouldSuppressKeyboardInputDuringProvisionalNavigation() returns true and the state is FrameStateProvisional. * loader/FrameLoader.h: Declared shouldSuppressKeyboardInput(). * page/EventHandler.h: Exported accessKeyModifiers(). * page/Settings.in: Defined shouldSuppressKeyboardInputDuringProvisionalNavigation with an initial value of false. * testing/Internals.cpp: (WebCore::Internals::accessKeyModifiers): Added. Returns a vector of strings representing the access key modifiers. * testing/Internals.h: Declared accessKeyModifiers(). * testing/Internals.idl: Exposed accessKeyModifiers() on the internals object. 2016-12-16 Brady Eidson More SQLiteIDBCursor refactoring. https://bugs.webkit.org/show_bug.cgi?id=165956 Reviewed by Tim Horton. No new tests (No behavior change). This is a simple patch that encapsulates the current state of the cursor in one structure which will allow for storing multiple-such states in the future (to support prefetching). * Modules/indexeddb/server/SQLiteIDBCursor.cpp: (WebCore::IDBServer::SQLiteIDBCursor::currentData): (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement): (WebCore::IDBServer::SQLiteIDBCursor::advance): (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique): (WebCore::IDBServer::SQLiteIDBCursor::markAsErrored): (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce): (WebCore::IDBServer::SQLiteIDBCursor::iterate): * Modules/indexeddb/server/SQLiteIDBCursor.h: (WebCore::IDBServer::SQLiteIDBCursor::currentRecordRowID): (WebCore::IDBServer::SQLiteIDBCursor::currentKey): (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey): (WebCore::IDBServer::SQLiteIDBCursor::currentValue): (WebCore::IDBServer::SQLiteIDBCursor::didComplete): (WebCore::IDBServer::SQLiteIDBCursor::didError): 2016-12-16 Jer Noble Follow-up build fix after r209936; also rename MockCDM -> LegacyMockCDM in CMakeLists.txt. * CMakeLists.txt: 2016-12-16 Sam Weinig [Bindings] Remove use of Dictionary/ArrayValue in CDMSessionClearKey https://bugs.webkit.org/show_bug.cgi?id=165961 Reviewed by Darin Adler. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSBindingsAllInOne.cpp: Remove ArrayValue.h/cpp * bindings/js/ArrayValue.cpp: Removed. * bindings/js/ArrayValue.h: Removed. * bindings/js/Dictionary.cpp: * bindings/js/Dictionary.h: Remove support for ArrayValue. * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.cpp: (WebCore::CDMSessionClearKey::update): Replace use of Dictionary/ArrayValue with direct JSObject functions. This should really be replaced with a JSON parser that does not require round tripping through JavaScript objects. 2016-12-13 Jer Noble Move existing CDM* implementations into modules/encryptedmedia/legacy https://bugs.webkit.org/show_bug.cgi?id=165823 Rubber-stamped by Sam Weinig. * Modules/encryptedmedia/legacy/LegacyCDM.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDM.cpp. (WebCore::CDMFactory::CDMFactory): (WebCore::installedCDMFactories): (WebCore::CDM::registerCDMFactory): (WebCore::CDMFactoryForKeySystem): (WebCore::CDM::supportsKeySystem): (WebCore::CDM::keySystemSupportsMimeType): (WebCore::CDM::create): (WebCore::CDM::CDM): (WebCore::CDM::~CDM): (WebCore::CDM::supportsMIMEType): (WebCore::CDM::createSession): (WebCore::CDM::mediaPlayer): * Modules/encryptedmedia/legacy/LegacyCDM.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDM.h. (WebCore::CDMClient::~CDMClient): (WebCore::CDM::keySystem): (WebCore::CDM::client): (WebCore::CDM::setClient): * Modules/encryptedmedia/legacy/LegacyCDMPrivate.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivate.h. (WebCore::CDMPrivateInterface::CDMPrivateInterface): (WebCore::CDMPrivateInterface::~CDMPrivateInterface): * Modules/encryptedmedia/legacy/LegacyCDMPrivateClearKey.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateClearKey.cpp. (WebCore::CDMPrivateClearKey::supportsKeySystem): (WebCore::CDMPrivateClearKey::supportsKeySystemAndMimeType): (WebCore::CDMPrivateClearKey::supportsMIMEType): (WebCore::CDMPrivateClearKey::createSession): * Modules/encryptedmedia/legacy/LegacyCDMPrivateClearKey.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateClearKey.h. (WebCore::CDMPrivateClearKey::CDMPrivateClearKey): (WebCore::CDMPrivateClearKey::~CDMPrivateClearKey): * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp. (WebCore::CDMPrivateMediaPlayer::supportsKeySystem): (WebCore::CDMPrivateMediaPlayer::supportsKeySystemAndMimeType): (WebCore::CDMPrivateMediaPlayer::supportsMIMEType): (WebCore::CDMPrivateMediaPlayer::createSession): * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMPrivateMediaPlayer.h. (WebCore::CDMPrivateMediaPlayer::CDMPrivateMediaPlayer): (WebCore::CDMPrivateMediaPlayer::~CDMPrivateMediaPlayer): (WebCore::CDMPrivateMediaPlayer::cdm): * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.cpp: Renamed from Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp. (WebCore::clearKeyVM): (WebCore::CDMSessionClearKey::CDMSessionClearKey): (WebCore::CDMSessionClearKey::~CDMSessionClearKey): (WebCore::CDMSessionClearKey::generateKeyRequest): (WebCore::CDMSessionClearKey::releaseKeys): (WebCore::CDMSessionClearKey::update): (WebCore::CDMSessionClearKey::cachedKeyForKeyID): * Modules/encryptedmedia/legacy/LegacyCDMSessionClearKey.h: Renamed from Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.h. * Modules/encryptedmedia/legacy/WebKitMediaKeySession.h: * Modules/encryptedmedia/legacy/WebKitMediaKeys.h: * WebCore.xcodeproj/project.pbxproj: * platform/graphics/LegacyCDMSession.h: Renamed from Source/WebCore/platform/graphics/CDMSession.h. (WebCore::CDMSessionClient::~CDMSessionClient): (WebCore::CDMSession::CDMSession): (WebCore::CDMSession::~CDMSession): (WebCore::CDMSession::type): (WebCore::CDMSession::cachedKeyForKeyID): * platform/graphics/MediaPlayer.h: * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.h: * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm: * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h: * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm: * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm: * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h: * testing/Internals.cpp: * testing/LegacyMockCDM.cpp: Renamed from Source/WebCore/testing/MockCDM.cpp. (WebCore::MockCDMSession::~MockCDMSession): (WebCore::MockCDM::supportsKeySystem): (WebCore::MockCDM::supportsKeySystemAndMimeType): (WebCore::MockCDM::supportsMIMEType): (WebCore::MockCDM::createSession): (WebCore::initDataPrefix): (WebCore::keyPrefix): (WebCore::keyRequest): (WebCore::generateSessionId): (WebCore::MockCDMSession::MockCDMSession): (WebCore::MockCDMSession::generateKeyRequest): (WebCore::MockCDMSession::releaseKeys): (WebCore::MockCDMSession::update): * testing/LegacyMockCDM.h: Renamed from Source/WebCore/testing/MockCDM.h. (WebCore::MockCDM::MockCDM): (WebCore::MockCDM::~MockCDM): 2016-12-16 Andreas Kling Subframes going into page cache don't need to resetScrollbars(). Reviewed by Antti Koivisto. The main frame is the only frame that switches its FrameView when using the page cache, subframes just suspend their DOM and wait around to be either killed or restored. Thus there is no reason for subframes to reset their FrameView's scrollbars when going into page cache, since nothing affects them while cached, and their layout should end up identical when restoring. This was causing some flakiness with subframe scrollbars jumping between different sizes in when restoring from page cache in macOS/WK1. This change makes the behavior consistent in both WK1 and WK2, and removes the flakiness. * dom/Document.cpp: (WebCore::Document::setPageCacheState): 2016-12-16 Wenson Hsieh Visual viewports: carets and selection UI are incorrectly positioned when editing fixed elements https://bugs.webkit.org/show_bug.cgi?id=165767 Reviewed by Simon Fraser. When changing the layout viewport override, mark viewport-constrained objects as needing layout. If only the width and height of the old and new layout viewports are compared, EditorState info (namely selection and caret rects) that depends on the document location of fixed elements may be stale immediately after the layout viewport override changes and before layout occurs. This caused one of the tests (fixed-caret-position-after-scroll.html) to occasionally fail. Tests: editing/caret/ios/absolute-caret-position-after-scroll.html editing/caret/ios/fixed-caret-position-after-scroll.html editing/selection/ios/absolute-selection-after-scroll.html editing/selection/ios/fixed-selection-after-scroll.html * page/FrameView.cpp: (WebCore::FrameView::setLayoutViewportOverrideRect): 2016-12-14 Sam Weinig [ApplePay] Remove remaining custom bindings from the ApplePay code https://bugs.webkit.org/show_bug.cgi?id=165860 Reviewed by Darin Adler. * DerivedSources.make: Add new IDL files. * WebCore.xcodeproj/project.pbxproj: Add/remove files. * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp: Removed. * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp: Removed. * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp: Removed. * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp: Removed. Remove custom bindings. * Modules/applepay/ApplePayLineItem.h: Added. * Modules/applepay/ApplePayLineItem.idl: Added. * Modules/applepay/ApplePayPayment.h: Added. * Modules/applepay/ApplePayPayment.idl: Added. * Modules/applepay/ApplePayPaymentContact.h: Added. * Modules/applepay/ApplePayPaymentContact.idl: Added. * Modules/applepay/ApplePayPaymentMethod.h: Added. * Modules/applepay/ApplePayPaymentMethod.idl: Added. * Modules/applepay/ApplePayPaymentPass.h: Added. * Modules/applepay/ApplePayPaymentPass.idl: Added. * Modules/applepay/ApplePayPaymentRequest.h: Added. * Modules/applepay/ApplePayPaymentRequest.idl: Added. * Modules/applepay/ApplePayShippingMethod.h: Added. * Modules/applepay/ApplePayShippingMethod.idl: Added. Split out dictionaries and enums into separate files where needed. * Modules/applepay/ApplePayPaymentAuthorizedEvent.cpp: (WebCore::ApplePayPaymentAuthorizedEvent::ApplePayPaymentAuthorizedEvent): * Modules/applepay/ApplePayPaymentAuthorizedEvent.h: * Modules/applepay/ApplePayPaymentAuthorizedEvent.idl: Convert the 'payment' property to return an ApplePayPayment dictionary, removing the need for custom bindings. * Modules/applepay/ApplePayPaymentMethodSelectedEvent.cpp: (WebCore::ApplePayPaymentMethodSelectedEvent::ApplePayPaymentMethodSelectedEvent): * Modules/applepay/ApplePayPaymentMethodSelectedEvent.h: * Modules/applepay/ApplePayPaymentMethodSelectedEvent.idl: Convert the 'paymentMethod' property to return an ApplePayPaymentMethod dictionary, removing the need for custom bindings. * Modules/applepay/ApplePaySession.cpp: (WebCore::convertAndValidate): (WebCore::ApplePaySession::create): (WebCore::ApplePaySession::ApplePaySession): (WebCore::ApplePaySession::completeShippingMethodSelection): (WebCore::ApplePaySession::completeShippingContactSelection): (WebCore::ApplePaySession::completePaymentMethodSelection): (WebCore::ApplePaySession::didSelectShippingMethod): * Modules/applepay/ApplePaySession.h: Update for new names, remove need for ExecState in the create function, and simplify billingContact and shippingContact now that they are strongly typed. * Modules/applepay/ApplePaySession.idl: Move dictionaries and enums to their own files. * Modules/applepay/ApplePayShippingContactSelectedEvent.cpp: (WebCore::ApplePayShippingContactSelectedEvent::ApplePayShippingContactSelectedEvent): * Modules/applepay/ApplePayShippingContactSelectedEvent.h: * Modules/applepay/ApplePayShippingContactSelectedEvent.idl: Convert the 'shippingContact' property to return an ApplePayPaymentContact dictionary, removing the need for custom bindings. * Modules/applepay/ApplePayShippingMethodSelectedEvent.cpp: * Modules/applepay/ApplePayShippingMethodSelectedEvent.h: * Modules/applepay/ApplePayShippingMethodSelectedEvent.idl: Convert the 'shippingMethod' property to return an ApplePayShippingMethod dictionary, removing the need for custom bindings. * Modules/applepay/Payment.h: * Modules/applepay/PaymentContact.h: * Modules/applepay/PaymentMethod.h: * Modules/applepay/cocoa/PaymentCocoa.mm: * Modules/applepay/cocoa/PaymentContactCocoa.mm: * Modules/applepay/cocoa/PaymentMethodCocoa.mm: Replace toJS/fromJS functions with ones that convert to/from the associated dictionary type. * bindings/generic/IDLTypes.h: (WebCore::IDLJSON::nullValue): (WebCore::IDLJSON::isNullValue): (WebCore::IDLJSON::extractValueFromNullable): * bindings/js/JSDOMConvert.h: (WebCore::Converter::convert): (WebCore::JSConverter::convert): Add a new custom type, JSON, which converts from a String to a JS object. * bindings/scripts/CodeGenerator.pm: * bindings/scripts/CodeGeneratorJS.pm: Add support for the new JSON type, and improve scoped naming to allow for enums in dictionary only IDL files. * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp: Update test result for improved scoped naming. 2016-12-16 Zalan Bujtas Defer certain accessibility callbacks until after layout is finished. https://bugs.webkit.org/show_bug.cgi?id=165861 rdar://problem/29646301 Reviewed by Chris Fleizach. Currently with certain AXObjectCache callbacks, we can end up in a layout while the render tree is being mutated. This patch ensures that such callbacks are deferred until after tree mutation/layout is finished. Test: accessibility/accessibility-crash-with-dynamic-inline-content.html * accessibility/AXObjectCache.cpp: (WebCore::AXObjectCache::remove): (WebCore::AXObjectCache::performDeferredIsIgnoredChange): (WebCore::AXObjectCache::insertDeferredIsIgnoredChange): * accessibility/AXObjectCache.h: * page/FrameView.cpp: (WebCore::FrameView::performPostLayoutTasks): * rendering/RenderBlock.cpp: (WebCore::RenderBlock::deleteLines): * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlockFlow::createAndAppendRootInlineBox): 2016-12-16 Ryan Haddad Rebaseline bindings tests after r209897. Unreviewed test gardening. * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObj::visitChildren): * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp: (WebCore::JSTestSerializedScriptValueInterface::visitChildren): 2016-12-15 Brent Fulgham Arguments called in wrong order https://bugs.webkit.org/show_bug.cgi?id=165923 Reviewed by Simon Fraser. Correct the ordering of several function calls. * Modules/mediasource/SourceBuffer.cpp: (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample): The 'nearestToPresentationStartTime' argument is being checked for validity, but 'nearestToPresentationEndTime' is being used in the calculation. This seems like a copy/paste error. * page/PrintContext.cpp: (WebCore::PrintContext::outputLinkedDestinations): FloatPoint::expandedTo returns a new object that has been expanded. This code continued using the 'unexpanded' point. * platform/graphics/GraphicsContext3D.cpp: (WebCore::GraphicsContext3D::computeImageSizeInBytes): The 'bytesPerComponent' and 'componentsPerPixel' variables were being passed in the wrong order. * platform/network/CacheValidation.cpp: The 'last-modified' header string was being concatenated with the following string, resulting in an incorrect 'last-modifiedproxy-authenticate' string value. * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::firstGlyph): The ASSERT was assigning to the (by-value) input parameter 'codePoint', rather than comparing it to the firstGlyph value's codePoint. 2016-12-16 Youenn Fablet [Fetch API] Improve resource loading console logging https://bugs.webkit.org/show_bug.cgi?id=160546 Reviewed by Alex Christensen. Covered by rebased tests. Adding support for logging of resource loading failures in ThreadableLoader. This will allow doing consistent logging for clients such as fetch, XHR, event source... Doing logging for Fetch API only at the moment in ThreadableLoader. Future patches should migrate XHR to this logging system. Logging routine is implemented in ThreadableLoader. It is used directly by DocumentThreadableLoader before calling didFail client callback. DocumentThreadableLoader has a new option to not log errors, in the case the client is WorkerThreadableLoader::MainBridge. In that case, the logging is done in the worker context within WorkerThreadableLoader::MainBridge::didFail * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Enable logging. (WebCore::DocumentThreadableLoader::create): Passing logging parameter to constructor. (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Adding initialization of logging parameter. (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Making use of the new logErrorAndFail helper routine. (WebCore::DocumentThreadableLoader::cancel): No need to log error if it is being cancelled. (WebCore::DocumentThreadableLoader::redirectReceived): Made the reportXX routines methods of DocumentThreadableLoaders and using logErrorAndFail internally. (WebCore::DocumentThreadableLoader::didFail): Wrapper around logErrorAndFail since cancel is not calling it anymore. (WebCore::DocumentThreadableLoader::preflightFailure): (WebCore::DocumentThreadableLoader::loadRequest): (WebCore::DocumentThreadableLoader::reportRedirectionWithBadScheme): (WebCore::DocumentThreadableLoader::reportContentSecurityPolicyError): (WebCore::DocumentThreadableLoader::reportCrossOriginResourceSharingError): (WebCore::DocumentThreadableLoader::logErrorAndFail): (WebCore::reportContentSecurityPolicyError): Deleted. (WebCore::reportCrossOriginResourceSharingError): Deleted. (WebCore::reportRedirectionWithBadScheme): Deleted. * loader/DocumentThreadableLoader.h: * loader/ThreadableLoader.cpp: (WebCore::ThreadableLoader::logError): * loader/ThreadableLoader.h: * loader/ThreadableLoaderClientWrapper.h: (WebCore::ThreadableLoaderClientWrapper::create): (WebCore::ThreadableLoaderClientWrapper::initiator): (WebCore::ThreadableLoaderClientWrapper::ThreadableLoaderClientWrapper): * loader/WorkerThreadableLoader.cpp: (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): (WebCore::WorkerThreadableLoader::MainThreadBridge::didFail): 2016-12-16 Enrique Ocaña González [GStreamer][MSE] Fix build warning in MediaPlayerPrivateGStreamer.cpp using gcc 6.2 https://bugs.webkit.org/show_bug.cgi?id=165900 Reviewed by Žan Doberšek. * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp: (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs): Move the variable asignation out of the if condition. 2016-12-16 Romain Bellessort [Readable Streams API] Implement ReadableByteStreamController cancel internal method https://bugs.webkit.org/show_bug.cgi?id=165798 Reviewed by Youenn Fablet. Implemented cancel method of ReadableByteStreamController. Also fixed small inconsistency in readableByteStreamControllerClose. Added one test to check cancel behaviour. More tests may be added as the API is implemented. * Modules/streams/ReadableByteStreamInternals.js: (privateInitializeReadableByteStreamController): Define cancel internal method. (readableByteStreamControllerCancel): Added. (readableByteStreamControllerClose): Fixed behaviour (no value should be dequeued). * bindings/js/WebCoreBuiltinNames.h: Removed bytesFilled (previous addition was not needed). 2016-12-16 Youenn Fablet svg/as-image/svg-image-with-data-uri-use-data-uri.svg is flaky after r207754 https://bugs.webkit.org/show_bug.cgi?id=163887 Reviewed by Alex Christensen. Test: http/tests/security/cross-origin-cached-images-with-memory-pressure.html With the introduction of cached resource cloning, an Image may be referenced by several CachedImage. This did not work well with Image observer system as it mandates a one-to-one relationship. Introducing CachedImageObserver to restore the one-to-one relationship between Image and its observer. CachedImageObserver can keep references for more than one CachedImage. In the future, it might be better to split more clearly CachedImageObserver and its API from CachedImage. Or remove the concept of CachedResource cloning and find new ways to provide CachedResource origin information to clients. * loader/cache/CachedImage.cpp: (WebCore::CachedImage::load): Moved boolean image observer fields to CachedImageObserver. (WebCore::CachedImage::setBodyDataFrom): Keeping a reference of the image observer when cloning the resource. (WebCore::CachedImage::createImage): Creating the observer when creating the image. (WebCore::CachedImage::CachedImageObserver::CachedImageObserver): (WebCore::CachedImage::CachedImageObserver::decodedSizeChanged): (WebCore::CachedImage::CachedImageObserver::didDraw): (WebCore::CachedImage::CachedImageObserver::animationAdvanced): (WebCore::CachedImage::CachedImageObserver::changedInRect): (WebCore::CachedImage::clearImage): * loader/cache/CachedImage.h: * loader/cache/CachedResource.cpp: (WebCore::CachedResource::setBodyDataFrom): Now that each cached image receives decodedSizeChanged callback, we need to set its size correctly. 2016-12-15 Joonghun Park [EFL] Fix debug build break since r209873. Unreviewed. https://bugs.webkit.org/show_bug.cgi?id=165945 No new tests, no new behaviours. Use Primitive System Data Type uint64_t instead of unsigned long long. * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::openInternal): * Modules/indexeddb/IDBFactory.h: 2016-12-15 Zalan Bujtas text-align: justify and word-spacing combine to overflow column https://bugs.webkit.org/show_bug.cgi?id=165796 rdar://problem/29672168 Reviewed by Myles C. Maxfield. The value of the word-spacing property is not applied on the inline-tree boxes (normal line layout) with kerning enabled. It causes hittest failures and selection/rendering glitches. We normally use the pre-computed 'WordMeasurements' values to figure out the run widths. However with kerning on, in some cases we need to re-measure a certain part of the text by calling RenderText::width(). This function omits the word-spacing value for leading whitespace, so when this text fragment starts with a whitespace, (while it's not at the beginning of the run) we have to manually add the word-spacing value back. r146087 added this logic with the restriction of applying it only to whitespace-only runs. Test: fast/css/word-spacing-with-normal-layout.html * rendering/RenderBlockLineLayout.cpp: (WebCore::setLogicalWidthForTextRun): 2016-12-15 Myles C. Maxfield Stop reinterpret_casting UBreakIterators to the undefined type TextBreakIterator https://bugs.webkit.org/show_bug.cgi?id=165931 Reviewed by Alex Christensen. No new tests because there is no behavior change. * dom/CharacterData.cpp: (WebCore::CharacterData::parserAppendData): * editing/TextCheckingHelper.cpp: (WebCore::findMisspellings): * editing/VisibleUnits.cpp: (WebCore::wordBreakIteratorForMinOffsetBoundary): (WebCore::wordBreakIteratorForMaxOffsetBoundary): (WebCore::isLogicalStartOfWord): (WebCore::islogicalEndOfWord): (WebCore::visualWordPosition): (WebCore::startSentenceBoundary): (WebCore::endSentenceBoundary): (WebCore::previousSentencePositionBoundary): (WebCore::nextSentencePositionBoundary): * html/HTMLInputElement.cpp: * html/HTMLTextAreaElement.cpp: * html/InputType.cpp: * html/TextFieldInputType.cpp: * html/TextInputType.cpp: * platform/graphics/StringTruncator.cpp: (WebCore::textBreakAtOrPreceding): (WebCore::boundedTextBreakFollowing): (WebCore::rightClipToWordBuffer): * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::offsetForPosition): * platform/text/TextBoundaries.cpp: (WebCore::findNextWordFromIndex): (WebCore::findWordBoundary): (WebCore::findEndWordBoundary): * platform/text/mac/TextBoundaries.mm: (WebCore::findNextWordFromIndex): * rendering/BreakLines.h: (WebCore::nextBreakablePositionNonLoosely): (WebCore::nextBreakablePositionLoosely): * rendering/RenderBlock.cpp: * rendering/RenderText.cpp: (WebCore::makeCapitalized): (WebCore::RenderText::previousOffset): (WebCore::RenderText::previousOffsetForBackwardDeletion): (WebCore::RenderText::nextOffset): * rendering/SimpleLineLayoutTextFragmentIterator.h: * rendering/line/LineBreaker.h: 2016-12-15 Darin Adler Use asString instead of toWTFString, toString, or getString when we already checked isString https://bugs.webkit.org/show_bug.cgi?id=165895 Reviewed by Yusuke Suzuki. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::extract): Use asString/value instead of toWTFString. * Modules/mediastream/SDPProcessor.cpp: (WebCore::SDPProcessor::callScript): Use asString/value instead of getString. * bindings/js/ArrayValue.cpp: (WebCore::ArrayValue::get): Use asString/value instead of toWTFString. * bindings/js/IDBBindingUtilities.cpp: (WebCore::get): Use asString/length instead of toString/length. (WebCore::createIDBKeyFromValue): Use asString/value instead of toWTFString. * bindings/js/JSCryptoAlgorithmDictionary.cpp: (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier): Ditto. * bindings/js/JSDataCueCustom.cpp: (WebCore::constructJSDataCue): Use asString/value instead of getString. * bindings/js/JSInspectorFrontendHostCustom.cpp: (WebCore::populateContextMenuItems): Use asString/value instead of toWTFString. * bindings/js/ScriptController.cpp: (WebCore::jsValueToModuleKey): Use asString/toIdentifier instead of jsCast/value/Identifier::fromString. * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): Streamline by getting rid of local variable. * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::getDomainList): Use asString instead of jsCast. (WebCore::ContentExtensions::loadTrigger): Use asString/value instead of toWTFString. (WebCore::ContentExtensions::loadAction): Ditto. * css/FontFace.cpp: (WebCore::FontFace::create): Use asString/value instead of getString. 2016-12-15 Zalan Bujtas Change ::computeLogicalHeight's computedValues out argument to the return value. https://bugs.webkit.org/show_bug.cgi?id=165789 Reviewed by Simon Fraser. No change in functionality. * html/shadow/SliderThumbElement.cpp: (WebCore::RenderSliderContainer::computeLogicalHeight): * html/shadow/mac/ImageControlsButtonElementMac.cpp: (WebCore::RenderImageControlsButton::computeLogicalHeight): * html/shadow/mac/ImageControlsRootElementMac.cpp: (WebCore::RenderImageControls::computeLogicalHeight): * rendering/RenderBlock.cpp: (WebCore::RenderBlock::computeBlockPreferredLogicalWidths): (WebCore::RenderBlock::estimateRegionRangeForBoxChild): * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange): * rendering/RenderBox.cpp: (WebCore::RenderBox::updateLogicalHeight): (WebCore::RenderBox::computeLogicalHeight): (WebCore::RenderBox::computePercentageLogicalHeight): (WebCore::RenderBox::computeReplacedLogicalHeightUsing): (WebCore::RenderBox::availableLogicalHeightUsing): * rendering/RenderBox.h: (WebCore::RenderBox::ComputedMarginValues::ComputedMarginValues): Deleted. (WebCore::RenderBox::LogicalExtentComputedValues::LogicalExtentComputedValues): Deleted. * rendering/RenderFlexibleBox.cpp: (WebCore::RenderFlexibleBox::mainAxisContentExtent): * rendering/RenderFlowThread.cpp: (WebCore::RenderFlowThread::computeLogicalHeight): * rendering/RenderFlowThread.h: * rendering/RenderListBox.cpp: (WebCore::RenderListBox::computeLogicalHeight): * rendering/RenderListBox.h: * rendering/RenderMeter.cpp: (WebCore::RenderMeter::computeLogicalHeight): * rendering/RenderMeter.h: * rendering/RenderMultiColumnFlowThread.cpp: (WebCore::RenderMultiColumnFlowThread::computeLogicalHeight): * rendering/RenderMultiColumnFlowThread.h: * rendering/RenderMultiColumnSet.cpp: (WebCore::RenderMultiColumnSet::computeLogicalHeight): * rendering/RenderMultiColumnSet.h: * rendering/RenderProgress.cpp: (WebCore::RenderProgress::computeLogicalHeight): * rendering/RenderProgress.h: * rendering/RenderTextControl.cpp: (WebCore::RenderTextControl::computeLogicalHeight): * rendering/RenderTextControl.h: * rendering/RenderView.cpp: (WebCore::RenderView::computeLogicalHeight): * rendering/RenderView.h: * rendering/svg/RenderSVGForeignObject.cpp: (WebCore::RenderSVGForeignObject::computeLogicalHeight): * rendering/svg/RenderSVGForeignObject.h: 2016-12-15 Chris Dumez Make sure HTML validation bubble's state is updated after layout https://bugs.webkit.org/show_bug.cgi?id=165922 Reviewed by Simon Fraser. Make sure HTML validation bubble's state is updated after layout. In particular, if the validation bubble's associated element has moved or is no longer visible, we now hide the bubble. Tests: fast/forms/validation-bubble-disappears-when-input-detached.html fast/forms/validation-bubble-disappears-when-input-moved.html fast/forms/validation-bubble-disappears-when-input-no-longer-visible.html * page/FrameView.cpp: (WebCore::FrameView::viewportContentsChanged): * page/Page.cpp: (WebCore::Page::updateValidationBubbleStateIfNeeded): * page/Page.h: * page/ValidationMessageClient.h: 2016-12-15 Sam Weinig [WebIDL] Remove use of Dictionary from JSCryptoAlgorithmDictionary https://bugs.webkit.org/show_bug.cgi?id=165919 Reviewed by Darin Adler. * bindings/js/JSCryptoAlgorithmDictionary.cpp: * bindings/js/JSCryptoAlgorithmDictionary.h: * bindings/js/JSCryptoOperationData.cpp: * bindings/js/JSCryptoOperationData.h: * bindings/js/JSWebKitSubtleCryptoCustom.cpp: Replace simplistic use of Dictionary with simplistic use of direct JSObject functions. Also, pass the ExecState by reference. 2016-12-15 Filip Pizlo Get rid of HeapRootVisitor and make SlotVisitor less painful to use https://bugs.webkit.org/show_bug.cgi?id=165911 Reviewed by Geoffrey Garen. No new tests because no new behavior. This updates WebCore code to new JSC API. * bindings/js/JSDOMBinding.cpp: (WebCore::DOMConstructorJSBuiltinObject::visitChildren): * bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::visitChildren): * bindings/js/JSDOMPromise.h: (WebCore::DeferredPromise::visitAggregate): * bindings/js/JSEventListener.cpp: (WebCore::JSEventListener::visitJSFunction): * bindings/js/JSWorkerGlobalScopeBase.cpp: (WebCore::JSWorkerGlobalScopeBase::visitChildren): * bindings/scripts/CodeGeneratorJS.pm: (GenerateImplementation): 2016-12-15 Myles C. Maxfield Sort Xcode project files https://bugs.webkit.org/show_bug.cgi?id=165937 Reviewed by Simon Fraser. No new tests because there is no behavior change. * WebCore.xcodeproj/project.pbxproj: 2016-12-15 Chris Dumez Move charCode / keyCode / which attributes from UIEvent to KeyboardEvent https://bugs.webkit.org/show_bug.cgi?id=165904 Reviewed by Sam Weinig. Move 'charCode' / 'keyCode' attributes from UIEvent to KeyboardEvent and add 'which' to KeyboardEvent to match the specification: - https://w3c.github.io/uievents/#legacy-interface-KeyboardEvent We keep a 'which' attribute on UIEvent even though the specification does not say we should because Firefox and Chrome have 'which' on UIEvent still. Specification: - 'charCode' / 'keyCode' / 'which' on KeyboardEvent only Firefox: - 'charCode' / 'keyCode' on KeyboardEvent only - 'which' on UIEvent only Chrome: - 'charCode' / 'keyCode' / 'which' on KeyboardEvent - 'which' on UIEvent as well Old WebKit behavior: - 'charCode' / 'keyCode' / 'which' on UIEvent only New WebKit behavior: - 'charCode' / 'keyCode' / 'which' on KeyboardEvent - 'which' on UIEvent as well Our new behavior is identical to Chrome, much closer to the specification, and closer to Firefox as well. No new tests, updated / rebaselined existing tests. * dom/KeyboardEvent.cpp: (WebCore::KeyboardEvent::KeyboardEvent): (WebCore::KeyboardEvent::keyCode): (WebCore::KeyboardEvent::charCode): (WebCore::KeyboardEvent::which): * dom/KeyboardEvent.h: * dom/KeyboardEvent.idl: * dom/MouseEvent.cpp: (WebCore::MouseEvent::which): * dom/UIEvent.cpp: * dom/UIEvent.h: * dom/UIEvent.idl: 2016-12-15 Brady Eidson IndexedDB: Add an "IDBCursorRecord" struct. https://bugs.webkit.org/show_bug.cgi?id=165929 Reviewed by Alex Christensen. No new tests (Refactor, no behavior change). * Modules/indexeddb/server/SQLiteIDBCursor.cpp: (WebCore::IDBServer::SQLiteIDBCursor::currentData): (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement): (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique): (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce): (WebCore::IDBServer::SQLiteIDBCursor::iterate): * Modules/indexeddb/server/SQLiteIDBCursor.h: (WebCore::IDBServer::SQLiteIDBCursor::currentKey): (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey): (WebCore::IDBServer::SQLiteIDBCursor::currentValue): * Modules/indexeddb/shared/IDBCursorRecord.h: Added. (WebCore::IDBCursorRecord::encode): (WebCore::IDBCursorRecord::decode): * WebCore.xcodeproj/project.pbxproj: 2016-12-15 Keith Rollin Refactor Document::suspend/resume https://bugs.webkit.org/show_bug.cgi?id=165921 Reviewed by Chris Dumez. Update Document::suspend to call Document::suspendScheduledTasks rather than duplicating the latter's code within itself. Similar treatment of Document::resume and Document::resumeScheduledTasks. No new tests -- no new functionality, just refactoring existing code. * dom/Document.cpp: (WebCore::Document::suspend): (WebCore::Document::resume): 2016-12-15 Alex Christensen Remove flex and bison build dependencies; commit generated XPath parser https://bugs.webkit.org/show_bug.cgi?id=165783 Reviewed by Brent Fulgham. flex and bison are annoying to install and use, especially on Windows. Since only XPathGrammar uses them and that's not actively developed, let's just check in the one generated file and make building WebKit easier forever! * CMakeLists.txt: * DerivedSources.make: * WebCore.xcodeproj/project.pbxproj: * css/makegrammar.pl: Removed. * xml/XPathGrammar.cpp: Added. (xpathyylex): (xpathyyerror): (yysyntax_error): * xml/XPathGrammar.h: Added. * xml/XPathGrammar.y: Rename TEXT to TEXT_ to fix a build error on Windows. TEXT is already defined. 2016-12-15 Brady Eidson Enhance some of the logging statements just added for IndexedDB Operation scheduling. Rubberstamped by Tim Horton. No new tests (No behavior change). * Modules/indexeddb/IDBTransaction.cpp: (WebCore::IDBTransaction::iterateCursor): (WebCore::IDBTransaction::requestGetRecord): (WebCore::IDBTransaction::requestIndexRecord): (WebCore::IDBTransaction::requestPutOrAdd): * Modules/indexeddb/shared/IDBCursorInfo.cpp: (WebCore::IDBCursorInfo::loggingString): * Modules/indexeddb/shared/IDBIterateCursorData.cpp: (WebCore::IDBIterateCursorData::loggingString): 2016-12-15 Myles C. Maxfield [Cocoa] Implement font-synthesis: small-caps https://bugs.webkit.org/show_bug.cgi?id=165892 Reviewed by David Hyatt. The CSS Fonts level 4 spec adds a new value to the "font-synthesis" property which controls whether or not small-caps is allowed to be synthesized. Luckily, we already have an implementation of this straightforward, so the implementation is quite simple. Tests: css3/font-synthesis-small-caps.html fast/text/font-synthesis-parsing.html * css/CSSComputedStyleDeclaration.cpp: (WebCore::fontSynthesisFromStyle): * css/StyleBuilderConverter.h: (WebCore::StyleBuilderConverter::convertFontSynthesis): * css/parser/CSSPropertyParser.cpp: (WebCore::consumeFontSynthesis): * platform/graphics/FontCache.h: (WebCore::FontDescriptionKey::makeFlagsKey): * platform/graphics/FontDescription.cpp: (WebCore::FontDescription::FontDescription): * platform/graphics/FontDescription.h: (WebCore::FontCascadeDescription::initialFontSynthesis): * platform/graphics/mac/ComplexTextController.cpp: (WebCore::shouldSynthesize): (WebCore::ComplexTextController::collectComplexTextRuns): 2016-12-15 Brady Eidson Add a new Logging Channel for IndexedDB Operation scheduling. https://bugs.webkit.org/show_bug.cgi?id=165912 Reviewed by Alex Christensen. No new tests (No behavior change). * Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::transaction): * Modules/indexeddb/IDBFactory.cpp: (WebCore::IDBFactory::openInternal): (WebCore::IDBFactory::deleteDatabase): * Modules/indexeddb/IDBTransaction.cpp: (WebCore::IDBTransaction::internalAbort): (WebCore::IDBTransaction::commit): (WebCore::IDBTransaction::createObjectStore): (WebCore::IDBTransaction::renameObjectStore): (WebCore::IDBTransaction::createIndex): (WebCore::IDBTransaction::renameIndex): (WebCore::IDBTransaction::doRequestOpenCursor): (WebCore::IDBTransaction::iterateCursor): (WebCore::IDBTransaction::requestGetAllObjectStoreRecords): (WebCore::IDBTransaction::requestGetAllIndexRecords): (WebCore::IDBTransaction::requestGetRecord): (WebCore::IDBTransaction::requestIndexRecord): (WebCore::IDBTransaction::requestCount): (WebCore::IDBTransaction::requestDeleteRecord): (WebCore::IDBTransaction::requestClearObjectStore): (WebCore::IDBTransaction::requestPutOrAdd): (WebCore::IDBTransaction::deleteObjectStore): (WebCore::IDBTransaction::deleteIndex): * Modules/indexeddb/shared/IDBCursorInfo.cpp: (WebCore::IDBCursorInfo::loggingString): * Modules/indexeddb/shared/IDBCursorInfo.h: * Modules/indexeddb/shared/IDBGetAllRecordsData.cpp: (WebCore::IDBGetAllRecordsData::loggingString): * Modules/indexeddb/shared/IDBGetAllRecordsData.h: * Modules/indexeddb/shared/IDBGetRecordData.cpp: (WebCore::IDBGetRecordData::loggingString): * Modules/indexeddb/shared/IDBGetRecordData.h: * Modules/indexeddb/shared/IDBIndexInfo.cpp: (WebCore::IDBIndexInfo::condensedLoggingString): * Modules/indexeddb/shared/IDBIndexInfo.h: * Modules/indexeddb/shared/IDBIterateCursorData.cpp: (WebCore::IDBIterateCursorData::loggingString): * Modules/indexeddb/shared/IDBIterateCursorData.h: * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp: (WebCore::IDBObjectStoreInfo::condensedLoggingString): * Modules/indexeddb/shared/IDBObjectStoreInfo.h: * platform/Logging.h: 2016-12-15 Konstantin Tokarev Added missing override and final specifiers https://bugs.webkit.org/show_bug.cgi?id=165903 Reviewed by Darin Adler. No new tests needed. * Modules/mediastream/OverconstrainedErrorEvent.h: * bindings/js/JSCallbackData.h: * bindings/js/JSCustomXPathNSResolver.h: * bindings/js/JSErrorHandler.h: * css/StyleRuleImport.h: * dom/SecurityPolicyViolationEvent.h: * editing/CreateLinkCommand.h: * editing/DeleteSelectionCommand.h: * editing/DictationCommand.h: * editing/Editor.cpp: * editing/FormatBlockCommand.h: * editing/IndentOutdentCommand.h: * editing/InsertLineBreakCommand.h: * editing/InsertParagraphSeparatorCommand.h: * editing/ModifySelectionListLevel.h: * editing/MoveSelectionCommand.h: * editing/RemoveFormatCommand.h: * editing/RemoveNodePreservingChildrenCommand.h: * editing/ReplaceSelectionCommand.h: * editing/SimplifyMarkupCommand.h: * editing/SplitTextNodeContainingElementCommand.h: * editing/UnlinkCommand.h: * fileapi/FileReaderLoader.h: * html/canvas/ANGLEInstancedArrays.h: * html/canvas/WebGLVertexArrayObjectBase.h: * loader/SinkDocument.h: * loader/archive/mhtml/MHTMLArchive.h: * page/animation/CSSPropertyAnimation.cpp: * platform/audio/MultiChannelResampler.cpp: * platform/audio/SincResampler.cpp: * platform/audio/gstreamer/AudioDestinationGStreamer.h: * platform/audio/gstreamer/AudioSourceProviderGStreamer.h: * platform/graphics/TextTrackRepresentation.cpp: * platform/graphics/displaylists/DisplayListItems.h: * platform/graphics/filters/FEBlend.h: * platform/graphics/filters/FEColorMatrix.h: * platform/graphics/filters/FEComponentTransfer.h: * platform/graphics/filters/FEConvolveMatrix.h: * platform/graphics/filters/FEDiffuseLighting.h: * platform/graphics/filters/FEDropShadow.h: * platform/graphics/filters/FEGaussianBlur.h: * platform/graphics/filters/FELighting.h: * platform/graphics/filters/FEMerge.h: * platform/graphics/filters/FEMorphology.h: * platform/graphics/filters/FEOffset.h: * platform/graphics/filters/FESpecularLighting.h: * platform/graphics/filters/FETile.h: * platform/graphics/filters/FETurbulence.h: * platform/graphics/filters/SourceAlpha.h: * platform/graphics/filters/SourceGraphic.h: * platform/graphics/opengl/Extensions3DOpenGL.h: * platform/graphics/opengl/Extensions3DOpenGLCommon.h: * platform/graphics/texmap/TextureMapperBackingStore.h: * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h: * platform/mock/GeolocationClientMock.h: * platform/text/TextCodecICU.h: * platform/text/TextCodecLatin1.h: * platform/text/TextCodecUTF16.h: * platform/text/TextCodecUTF8.h: * platform/text/TextCodecUserDefined.h: * rendering/RenderFullScreen.cpp: * storage/StorageEvent.h: * svg/properties/SVGListProperty.h: * svg/properties/SVGStaticListPropertyTearOff.h: * svg/properties/SVGStaticPropertyTearOff.h: * xml/NativeXPathNSResolver.h: * xml/XMLHttpRequestProgressEvent.h: * xml/XMLHttpRequestProgressEventThrottle.h: * xml/XPathVariableReference.h: * xml/XSLImportRule.h: 2016-12-15 Chris Dumez Inline Document::existingAXObjectCache() https://bugs.webkit.org/show_bug.cgi?id=165906 Reviewed by Darin Adler. Inline Document::existingAXObjectCache() to avoid paying function call cost in the common case where AX is disabled. * dom/Document.cpp: (WebCore::Document::existingAXObjectCacheSlow): (WebCore::Document::existingAXObjectCache): Deleted. * dom/Document.h: (WebCore::Document::existingAXObjectCache): 2016-12-15 Ryan Haddad Rebaseline bindings tests after r209864. Unreviewed test gardening. * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp: (WebCore::convertDictionary): 2016-12-15 Andreas Kling Always clear RenderLayer backing stores when going into page cache. Reviewed by Simon Fraser. We were already doing this for the iOS and GTK+ ports, let's do it everywhere for consistency, and a bit of memory usage improvement. This patch just removes the setting and always calls FrameView::clearBackingStores() when there is composited content going into page cache. * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): * history/PageCache.h: (WebCore::PageCache::shouldClearBackingStores): Deleted. (WebCore::PageCache::setShouldClearBackingStores): Deleted. 2016-12-15 Darin Adler Remove custom binding for MediaDevices https://bugs.webkit.org/show_bug.cgi?id=165894 Reviewed by Eric Carlson. Removes the explicit code to parse the MediaStreamConstraints and MediaTrackConstraints. Next step could be to change the internal code to use the structs from bindings directly so we don't need code to convert to an internal format. * CMakeLists.txt: Added MediaTrackConstraints.idl and MediaTrackConstraints.cpp, removed JSMediaDevicesCustom.cpp. * DerivedSources.make: Added MediaTrackConstraints.idl. Also sorted list of IDL files and fixed use of tabs. * Modules/mediastream/MediaDevices.cpp: (WebCore::createMediaConstraintsImpl): Added. (WebCore::MediaDevices::getUserMedia): Changed this function to take arguments that are generated by the bindings script, and call createMediaConstraintsImpl to convert into the internal data structure. * Modules/mediastream/MediaDevices.h: Added StreamConstraints struct and changed getUserMedia to take that as specified in the IDL. * Modules/mediastream/MediaDevices.idl: Added definition of the MediaStreamConstraints dictionary. Removed [Custom] from getUserMedia. * Modules/mediastream/MediaStream.cpp: (WebCore::MediaStream::MediaStream): Pass a reference to addObserver. (WebCore::MediaStream::~MediaStream): Pass a rference to removeObserver. (WebCore::MediaStream::internalAddTrack): Ditto. (WebCore::MediaStream::internalRemoveTrack): Ditto. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::createMediaConstraintsImpl): Added. (WebCore::MediaStreamTrack::applyConstraints): Changed to take an optional MediaTrackConstraints argument and call createMediaConstraintsImpl to convert into the internal data structure. Also merged the multiple overloads of this all into a single function, used auto to make the code easier to read, and moved the code that stores new constrains into the success handling, since the specification says that's the only case where we should store it. (WebCore::MediaStreamTrack::addObserver): Take a reference instead of a pointer. (WebCore::MediaStreamTrack::removeObserver): Ditto. * Modules/mediastream/MediaStreamTrack.h: Removed many unneeded includes. Changed getConstraints to return const MediaTrackConstraints&, applyConstraints to take an optional MediaTrackConstraints, add/removeObserver to take a reference rather than a pointer, and changed m_constraints to be a MediaTrackConstraints instead of a RefPtr. * Modules/mediastream/MediaStreamTrack.idl: Removed [Custom] from getConstraints and applyConstraints. * Modules/mediastream/MediaTrackConstraints.cpp: Added. (WebCore::set): Overloaded function to set constriaints in a MediaTrackConstraintSetMap. (WebCore::convertToInternalForm): Helper function that takes a MediaTrackConstraintSet and turns it into a MediaTrackConstraintSetMap. (WebCore::convertAdvancedToInternalForm): More of the same, but for vectors. (WebCore::createMediaConstraintsImpl): Top level function. Calls the other functions and then MediaConstraintsImpl::create. * Modules/mediastream/MediaTrackConstraints.h: Added. Contains all the structures and type definitions for the dictionaries defined in the IDL file, and also the createMediaConstraintsImpl function declaration. * Modules/mediastream/MediaTrackConstraints.idl: Added. Contains the MediaTrackConstraints and all the other dictionaries and typedefs that are needed to define that dictionary. * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::start): Changed to not depend on MediaDevices::Promise. (WebCore::UserMediaRequest::UserMediaRequest): Ditto. (WebCore::isSecure): Rearranged to be easier to understand. (WebCore::UserMediaRequest::start): Removed a local variable for simplicity. (WebCore::UserMediaRequest::document): Removed a redundant null check. * Modules/mediastream/UserMediaRequest.h: Reduced includes, changed to not depend on MediaDevices::Promise, removing the reason to include MediaDevices.h. * WebCore.xcodeproj/project.pbxproj: Updated to remove old files and add new ones. * bindings/js/JSBindingsAllInOne.cpp: Removed JSMediaDevicesCustom.cpp. * bindings/js/JSMediaDevicesCustom.cpp: Removed. * bindings/js/JSMediaDevicesCustom.h: Removed. * bindings/js/JSMediaStreamTrackCustom.cpp: (WebCore::JSMediaStreamTrack::applyConstraints): Deleted. (WebCore::JSMediaStreamTrack::getConstraints): Deleted. * bindings/scripts/CodeGenerator.pm: (ProcessDocument): Updated to allow multiple standalone dictionaries, as long as the name of one of the dictionaries matches the name of the file. * bindings/scripts/CodeGeneratorJS.pm: (GenerateDictionary): Added "other dictionaries" argument so we can support files with multiple dictionaries in them. (GenerateDictionariesHeaderContent): Completed support for dictionaries that are not named after a top level interface by added one more check for a missing $interface in a place that otherwise would not handle it correctly. (GenerateImplementation): Removed code that set $currentCachedAttribute and $cacheIndex, since no was reading the value of either any longer. (GenerateDictionaryHeader): Added "other dictionaries". (GenerateDictionaryImplementation): Ditto. (WriteData): Removed unnnecessarily indirect code that was using FileNamePrefix and a local variable named $prefix instead of just writing "JS". * bindings/scripts/generate-bindings.pl: Corrected the use of the fileparse function from the Path::Basename module; after reading the documentation for this it is clear that there is no need to first call basename, and fileparse should also be used instead of basename. * platform/mediastream/MediaConstraints.h: Removed unneeded includes. (WebCore::StringConstraint::appendExact): Removed an incorrect use of clear here that would mess up cases where there is supposed to be more than one exact value. * platform/mediastream/MediaStreamTrackPrivate.cpp: Remvoed unneeded includes. (WebCore::MediaStreamTrackPrivate::clone): Removed code to copy m_constraints. (WebCore::MediaStreamTrackPrivate::constraints): Deleted. * platform/mediastream/MediaStreamTrackPrivate.h: Removed the constraints function member and the m_constraints data member. 2016-12-15 Dave Hyatt [CSS Parser] Enable CSS Deferred Parsing https://bugs.webkit.org/show_bug.cgi?id=165869 Reviewed by Sam Weinig. Enable CSS deferred parsing once again. It's now behind a pref, so it's easy to flip off and on. To address the memory regression that caused the previous rollout, the tokenizer is no longer retained. Instead the sheet text and escaped strings are retained by CSSDeferredParser, and then DeferredStyleProperties and DeferredStyleGroupRuleList make copies of the tokens from the original tokenization process. As the rules get parsed, these tokens get thrown away. This means that instead of the entire set of tokens staying in memory as long as even one unparsed rule remained, now only the tokens that still need parsing will remain alive. Unparsed rules will consume slightly more memory than parsed rules, but the more unparsed rules you have, the bigger the performance win as well, so this is a tradeoff. Given that the parsing speed is going up by anywhere from 25-40% on cold loads of pages (where all stylesheets have to parse), this seems worth it to me. * css/parser/CSSParserMode.h: * page/Settings.in: 2016-12-15 Alejandro G. Castro [OWR] Unskip fast/mediastream/MediaStream-video-element-track-stop.html https://bugs.webkit.org/show_bug.cgi?id=165316 Reviewed by Philippe Normand. Fixed the ended support of the video element in the OWR player and fixed the videoTracks support. Now the OW player properly adds and removes the audio and video tracks. Added the getSettings support to the mediastream interface. Solved also the size handling in some of the enable/muted situations. Unskipping fast/mediastream/MediaStream-video-element-track-stop.html. * platform/GStreamer.cmake: Added the new RealtimeMediaSourceOwr.cpp with the new code handling the settings. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp: (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr): Release the new video and audio maps that creates a relationship of the mediastream tracks with the mediatracks of the video element. (WebCore::MediaPlayerPrivateGStreamerOwr::play): Set ended to false when we start playing. (WebCore::MediaPlayerPrivateGStreamerOwr::load): Create the media tracks to the player so that the videoTracks API returns it, and add an entry in the map to be able to restore it using the mediastream track. (WebCore::MediaPlayerPrivateGStreamerOwr::disableMediaTracks): Move some part of the stop function to this one in order to use it in pause method and avoid changing the video selection in that case. (WebCore::MediaPlayerPrivateGStreamerOwr::stop): Now we call the function disableMediaTracks and we also change teh selected videoTrack. (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded): For videoTrack reset the size and the selected element. In case there is no media playing we Make sure we set the ended variable to true and call the timeChange to modify the state of the player. (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged): Handle properly the situation when the user changed the enabled value, we disable the media. (WebCore::MediaPlayerPrivateGStreamerOwr::setSize): Modify the size of the source. (WebCore::MediaPlayerPrivateGStreamerOwr::naturalSize): Overrided to make sure we return a size even when the sample is not ready for gst. * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h: Added the ended attribute and the maps. * platform/mediastream/openwebrtc/MediaEndpointOwr.cpp: (WebCore::MediaEndpointOwr::createMutedRemoteSource): Use the new realtime video and audio sources classes, this new classes implement the settings of each type of media element. * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp: (WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable): Use the new audio and video source classes instead of the general one in order to handle the settings properly. * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.cpp: Added (WebCore::RealtimeMediaSourceOwr::settings): Initialize using the subclass and return the new currentSettings attribute. (WebCore::RealtimeMediaSourceOwr::supportedConstraints): Call the subclass initialization of the supportedSettings. * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h: (WebCore::RealtimeMediaSourceOwr::initializeSettings): Added to initialize the settings before returning the value. Implemented in the subclass. (WebCore::RealtimeMediaSourceOwr::initializeSupportedConstraints): Added to initialize the supported settings of the media. Implemented in the subclass. (WebCore::RealtimeMediaSourceOwr::settings): Moved to the cpp file, implemented using the initialize functions of the subclass * platform/mediastream/openwebrtc/RealtimeVideoSourceOwr.h: Added this new class to handle the settings of the video elements. The class initializes the settings and the supportedSettings. * platform/mediastream/openwebrtc/RealtimeAudioSourceOwr.h: Added this new class to handle the settings of the audio elements. The class initializes the settings and the supportedSettings. 2016-12-15 Alex Christensen REGRESSION (r208902) Null pointer dereference in wkIsPublicSuffix https://bugs.webkit.org/show_bug.cgi?id=165885 Reviewed by Darin Adler. wkIsPublicSuffix crashes if you give it a nil NSString*. This was possible before IDN2008 adoption, but it's more common now because domains like "r4---asdf.example.com" fail in uidna_nameToASCII but not in uidna_IDNToASCII. decodeHostName can return a nil NSString. We can't use it unchecked, so instead we use an algorithm that allows for decoding failures while still finding top privately controlled domains correctly. Tested by new API tests which crash before this change and verify the behavior matches behavior before r208902. * platform/mac/PublicSuffixMac.mm: (WebCore::isPublicSuffix): (WebCore::topPrivatelyControlledDomain): 2016-12-15 Alex Christensen Fix Windows WebGL build after r209832 * CMakeLists.txt: 2016-12-14 Hunseop Jeong Unreviewed build fix after r209832 * platform/graphics/PlatformDisplay.cpp: (WebCore::PlatformDisplay::sharedDisplay): Added the guard for the clang 2016-12-14 Yusuke Suzuki [GTK] Support latest SubtleCrypto HMAC APIs https://bugs.webkit.org/show_bug.cgi?id=165863 Reviewed by Sam Weinig. SubtleCrypto spec is updated, and new delegate implementations are required to support these interfaces. This patch implements platformSign and platformVerify with WorkQueues for gcrypt backend. * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp: (WebCore::calculateSignature): (WebCore::CryptoAlgorithmHMAC::platformSign): (WebCore::CryptoAlgorithmHMAC::platformVerify): 2016-12-14 Chris Dumez Unreviewed, rolling out r209415. This workaround is no longer needed now that has been fixed Reverted changeset: "Add HTML interactive form validation blacklist for some WebKit-specific sites" https://bugs.webkit.org/show_bug.cgi?id=165470 http://trac.webkit.org/changeset/209415 2016-12-14 Dean Jackson Update prefers-reduced-motion syntax https://bugs.webkit.org/show_bug.cgi?id=165880 Reviewed by Sam Weinig. After discussion in: https://github.com/w3c/csswg-drafts/issues/442 ... the syntax of prefers-reduced-motion was changed to accept "reduce" or "no-preference". Updated the tests in fast/media. * css/CSSValueKeywords.in: Add no-preference keyword. * css/MediaQueryEvaluator.cpp: (WebCore::prefersReducedMotionEvaluate): 2016-12-14 Sam Weinig REGRESSION (204679): Google notifications never load (expecting DOMStringList rather than JS array for Location.ancestorOrigins) https://bugs.webkit.org/show_bug.cgi?id=165872 Reviewed by Chris Dumez. Revert the Location.ancestorOrigins part of r204679 because google.com is relying on it returning a DOMStringList (or at least something with a .item() function), rather than a frozen javascript array. Spec changes are tracked with https://github.com/whatwg/html/issues/2179. * page/Location.cpp: (WebCore::Location::ancestorOrigins): * page/Location.h: * page/Location.idl: Change Location.ancestorOrigins back to returning a DOMStringList. 2016-12-14 Dave Hyatt [CSS Parser] Rename StyleKeyframe to StyleRuleKeyframe https://bugs.webkit.org/show_bug.cgi?id=165876 Reviewed by Simon Fraser. * css/CSSKeyframeRule.cpp: (WebCore::StyleRuleKeyframe::StyleRuleKeyframe): (WebCore::StyleRuleKeyframe::~StyleRuleKeyframe): (WebCore::StyleRuleKeyframe::mutableProperties): (WebCore::StyleRuleKeyframe::keyText): (WebCore::StyleRuleKeyframe::setKeyText): (WebCore::StyleRuleKeyframe::cssText): (WebCore::CSSKeyframeRule::CSSKeyframeRule): (WebCore::StyleKeyframe::StyleKeyframe): Deleted. (WebCore::StyleKeyframe::~StyleKeyframe): Deleted. (WebCore::StyleKeyframe::mutableProperties): Deleted. (WebCore::StyleKeyframe::keyText): Deleted. (WebCore::StyleKeyframe::setKeyText): Deleted. (WebCore::StyleKeyframe::cssText): Deleted. * css/CSSKeyframeRule.h: * css/CSSKeyframesRule.cpp: (WebCore::StyleRuleKeyframes::keyframes): (WebCore::StyleRuleKeyframes::parserAppendKeyframe): (WebCore::StyleRuleKeyframes::wrapperAppendKeyframe): (WebCore::CSSKeyframesRule::appendRule): (WebCore::CSSKeyframesRule::item): * css/CSSKeyframesRule.h: * css/StyleResolver.cpp: (WebCore::StyleResolver::styleForKeyframe): (WebCore::StyleResolver::keyframeStylesForAnimation): * css/StyleResolver.h: * css/StyleRule.cpp: (WebCore::StyleRuleBase::destroy): * css/StyleRule.h: * css/parser/CSSParser.cpp: (WebCore::CSSParser::parseKeyframeRule): * css/parser/CSSParser.h: * css/parser/CSSParserImpl.cpp: (WebCore::CSSParserImpl::parseDeferredKeyframeList): (WebCore::CSSParserImpl::consumeKeyframesRule): (WebCore::CSSParserImpl::consumeKeyframeStyleRule): * css/parser/CSSParserImpl.h: 2016-12-14 Dave Hyatt [CSS Parser] Make deferred parsing retain the sheet text. Fix invalidation to avoid deferred parsing. https://bugs.webkit.org/show_bug.cgi?id=165868 Reviewed by Simon Fraser. With this new model of token copying, the sheet text needs to be retained. The tokenizer did this, but we're no longer keeping it around. StyleInvalidation is also aggressively crawling media rules, even unsupported ones, so fix it to avoid deferred parsing. * css/StyleInvalidationAnalysis.cpp: (WebCore::shouldDirtyAllStyle): * css/parser/CSSDeferredParser.cpp: (WebCore::CSSDeferredParser::CSSDeferredParser): * css/parser/CSSDeferredParser.h: (WebCore::CSSDeferredParser::create): * css/parser/CSSParserImpl.cpp: (WebCore::CSSParserImpl::CSSParserImpl): 2016-12-14 Ryosuke Niwa iOS: An element with tabindex is not focusable unless there is no mouse event handler https://bugs.webkit.org/show_bug.cgi?id=165843 Reviewed by Antti Koivisto. The bug was caused by ancestorRespondingToClickEvents not checking the precense of tabindex attribute. Check that condition along with event listeners. Test: fast/events/focusing-element-with-tabindex-by-tap-or-click.html * page/ios/FrameIOS.mm: (WebCore::ancestorRespondingToClickEvents): 2016-12-14 Alex Christensen Progress towards using ANGLE to do WebGL rendering https://bugs.webkit.org/show_bug.cgi?id=165864 Reviewed by Dean Jackson. No new tests, no change in behavior. Just compile fixes for a configuration that will soon be standard that can be landed now without breaking anything. * platform/graphics/PlatformDisplay.cpp: (WebCore::PlatformDisplay::sharedDisplay): Ignore some clang warnings that will cause problems when this is compiled on Mac. 2016-12-14 Dean Jackson [iOS] MediaDocuments have controls on the bottom of the page https://bugs.webkit.org/show_bug.cgi?id=165865 Reviewed by Jon Lee. MediaDocuments on iOS are incorrectly placing the controls at the bottom of the page. This is due to the element makes short columns https://bugs.webkit.org/show_bug.cgi?id=164891 Reviewed by Darin Adler and David Hyatt. Currently when the body has auto height, we use the height of the viewport as the available height for the columns defined on the body element. This is the desired behaviour for paginated content. However in case of a simple, non-paginated multicolumn context, we should let the columns grow beyond the viewport vertically. This is also what other browsers do. This patch sets the available height on columns (in non-paginated context) only if the logical height is defined (we are right before layout, so applying non-defined values does not make much sense anyway). The reason why it is only broken on the is because it stretches to the viewport by default (see stretchesToViewport()) while other block renderers do not. Test: fast/multicol/columns-on-body.html * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::checkForPaginationLogicalHeightChange): 2016-12-09 Dean Jackson Autoplay isn't working in iPhone MediaDocuments https://bugs.webkit.org/show_bug.cgi?id=165710 Reviewed by Darin Adler. Our silent video autoplay detection disabled autoplay of videos in MediaDocuments. Test: media/ios/autoplay-only-in-main-document.html * html/MediaElementSession.cpp: (WebCore::MediaElementSession::playbackPermitted): Return true if we're in a top-level media document. 2016-12-12 Zan Dobersek Unreviewed. Fixing build breakage in GStreamer's WebKitCommonEncryptionDecryptorGStreamer. * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp: (webkitMediaCommonEncryptionDecryptTransformInPlace): WTF::Seconds should be used instead of std::chrono::seconds. 2016-12-11 Simon Fraser REGRESSION (r200283): Transform, overflow hidden and filter combination completely hides the element https://bugs.webkit.org/show_bug.cgi?id=161509 Reviewed by David Hyatt. When the filter painting code needs to recompute a paintDirtyRect, it was using selfClipRect() which is obviously wrong because it returns a rect in absolute coordinates. Use code factored out of localClipRect() instead, which returns a rect relative to the painting root. Test: css3/filters/filter-on-overflow-hidden.html * rendering/RenderLayer.cpp: (WebCore::RenderLayer::paintLayerContents): 2016-12-11 Saam Barati We should be able to throw exceptions from Wasm code and when Wasm frames are on the stack https://bugs.webkit.org/show_bug.cgi?id=165429 Reviewed by Keith Miller. * bindings/js/JSDOMBinding.cpp: (WebCore::GetCallerGlobalObjectFunctor::operator()): 2016-12-11 Darin Adler Remove uses of Dictionary in WebRTC IDL files https://bugs.webkit.org/show_bug.cgi?id=165736 Reviewed by Sam Weinig. Also removed quite a bit of unused code. There were some mocks that were out of date and no longer matched the types used in the real code, that also were no longer hooked up, and other types of dead code. We will have to implement anew when we want to restore tests like the ones these were intended to enable. * CMakeLists.txt: Updated for all the removed files. * Modules/mediastream/MediaEndpointPeerConnection.cpp: Moved some types in here that don't need to be in the header. (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection): Use make_unique. (WebCore::MediaEndpointPeerConnection::setConfiguration): Changed argument type, obviating the need for most of the code that was here. * Modules/mediastream/MediaEndpointPeerConnection.h: Updated for the above. Made more things private and final. Marked the constructor explicit. Removed unneeded includes. * Modules/mediastream/PeerConnectionBackend.h: Removed unneeded includes and forward declarations. Changed the argument type for setConfiguration (see above). * Modules/mediastream/RTCConfiguration.cpp: Removed. None of the code here was needed except for the ICE server validation, and that was moved into RTCPeerConnection::setConfiguration. * Modules/mediastream/RTCConfiguration.h: Changed this from a class to a struct since this is now a dictionary rather than an interface. * Modules/mediastream/RTCConfiguration.idl: Changed this from an interface to a dictionary. * Modules/mediastream/RTCDTMFSender.cpp: Removed some of the code from this file. This class currently isn't implemented, but was depending on RTCPeerConnectionHandler. I removed some of the dead code. Someone will have to straighten this out so we can turn it back on. * Modules/mediastream/RTCDTMFSender.h: Ditto. * Modules/mediastream/RTCDataChannel.cpp: Updated includes. * Modules/mediastream/RTCIceCandidate.cpp: (WebCore::RTCIceCandidate::create): Removed most of the code, since this now takes a structure rather than a WebCore::Dictionary, and so the bindings take care of the work. * Modules/mediastream/RTCIceCandidate.h: Updated for the above. * Modules/mediastream/RTCIceCandidate.idl: Changed the constructor to take a RTCIceCandidateInit instead of a Dictionary. * Modules/mediastream/RTCIceServer.h: Changed this from a class to a struct since this is now a dictionary rather than an interface. * Modules/mediastream/RTCIceServer.idl: Changed this from an interface to a dictionary. * Modules/mediastream/RTCPeerConnection.cpp: (WebCore::RTCPeerConnection::initializeWith): Take an RTCConfiguration rather than a Dictionary. (WebCore::RTCPeerConnection::getConfiguration): Moved to header, now an inline. (WebCore::RTCPeerConnection::setConfiguration): Use the configuration dictionary now instead of the configuration class. Also moved validation of server URLs here, formerly in the RTCConfiguration RTCConfiguration::initialize function. Also moved code to convert from RTCConfiguration to MediaEndpointConfiguration here, formerly in MediaEndpointPeerConnection::setConfiguration. * Modules/mediastream/RTCPeerConnection.h: Updated for the above. * Modules/mediastream/RTCPeerConnection.idl: Changed argument to initializeWith and setConfiguration from Dictionary to RTCConfiguration. * Modules/mediastream/RTCSessionDescription.cpp: (WebCore::parseTypeString): Deleted. (WebCore::RTCSessionDescription::create): Changed to take struct instead of Dictionary. * Modules/mediastream/RTCSessionDescription.h: Added Init struct and changed create to take it. * Modules/mediastream/RTCSessionDescription.idl: Changed constructor argument to take RTCSessionDescriptionInit dictionary instead of Dictionary. * Modules/webaudio/MediaStreamAudioDestinationNode.cpp: Updated includes. * WebCore.xcodeproj/project.pbxproj: Updated for all the removed files. * bindings/scripts/CodeGeneratorJS.pm: (GenerateDictionaryImplementationContent): Fixed convertDictionaryToJS to work with other nullable types besides RefPtr. * bindings/scripts/test/JS/JSTestObj.cpp: Regenerated. * platform/mediastream/RTCConfigurationPrivate.h: Removed. * platform/mediastream/RTCIceServerPrivate.h: Removed. * platform/mediastream/RTCPeerConnectionHandler.cpp: Removed. * platform/mediastream/RTCPeerConnectionHandler.h: Removed. * platform/mock/RTCDTMFSenderHandlerMock.cpp: Removed. * platform/mock/RTCDTMFSenderHandlerMock.h: Removed. * platform/mock/RTCDataChannelHandlerMock.h: Updated includes, made more things private and final. * platform/mock/RTCPeerConnectionHandlerMock.cpp: Removed. * platform/mock/RTCPeerConnectionHandlerMock.h: Removed. * testing/Internals.cpp: (WebCore::Internals::Internals): Removed call to enableMockRTCPeerConnectionHandler. (WebCore::Internals::enableMockRTCPeerConnectionHandler): Deleted. 2016-12-11 Darin Adler Use std::vsnprintf instead of vasprintf https://bugs.webkit.org/show_bug.cgi?id=165740 Reviewed by Sam Weinig. * platform/FileHandle.cpp: (WebCore::FileHandle::printf): Use vsnprintf, including StringExtras.h to ensure compatibility with older versions of the Visual Studio library, and Vector for the buffer. Use inline capacity in the vector so we normally don't need to allocate any memory on the heap. * xml/XSLTUnicodeSort.cpp: (xsltTransformErrorTrampoline): Ditto. * xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::XMLDocumentParser::error): Ditto. 2016-12-11 Darin Adler Make some refinements to HTMLPlugInImageElement https://bugs.webkit.org/show_bug.cgi?id=165742 Reviewed by Sam Weinig. * html/HTMLPlugInImageElement.cpp: Removed many unneeded includes. (WebCore::titleText): Use HashMap::ensure, correct argument types. (WebCore::subtitleText): Ditto. (WebCore::HTMLPlugInImageElement::HTMLPlugInImageElement): Moved initialization of most scalars to the class definition. (WebCore::HTMLPlugInImageElement::isImageType): Use auto. (WebCore::HTMLPlugInImageElement::wouldLoadAsPlugIn): Removed unneeded local variable and if statement. (WebCore::HTMLPlugInImageElement::willDetachRenderers): Use auto. (WebCore::HTMLPlugInImageElement::updateSnapshot): Do not call renderer twice unnecessarily. (WebCore::plugInImageElementIsolatedWorld): Use auto. (WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot): Use auto. (WebCore::HTMLPlugInImageElement::partOfSnapshotOverlay): Use auto. (WebCore::HTMLPlugInImageElement::restartSimilarPlugIns): Got rid of unnecessary typedef. (WebCore::HTMLPlugInImageElement::userDidClickSnapshot): Take a reference rather than PassRefPtr. (WebCore::documentHadRecentUserGesture): Removed unneeded if. (WebCore::HTMLPlugInImageElement::checkSizeChangeForSnapshotting): Use auto. (WebCore::isSmallerThanTinySizingThreshold): Use auto. (WebCore::HTMLPlugInImageElement::isTopLevelFullPagePlugin): Use auto. (WebCore::HTMLPlugInImageElement::checkSnapshotStatus): Use auto. (WebCore::HTMLPlugInImageElement::subframeLoaderWillCreatePlugIn): Got rid of unnecessary local variable. Use auto. (WebCore::HTMLPlugInImageElement::requestObject): Got rid of unnecessary local variable. * html/HTMLPlugInImageElement.h: Updated for the above. Removed incorrect use of const. Initialized all scalars. Made function private and final. * rendering/RenderSnapshottedPlugIn.cpp: (WebCore::RenderSnapshottedPlugIn::handleEvent): Pass reference instead of pointer. 2016-12-11 Joseph Pecoraro Web Inspector: Cleanup some InspectorInstrumentation network loading notifications https://bugs.webkit.org/show_bug.cgi?id=165688 Reviewed by Brian Burg. Eliminate InspectorInstrumentation::willReceiveResourceResponse by folding it into InspectorInstrumentation::didReceiveResourceResponse. Simplify other related InspectorInstrumentation calls by using references and using more consistent InspectorInstrumentation patterns. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::didReceiveResourceResponseImpl): (WebCore::InspectorInstrumentation::willReceiveResourceResponseImpl): Deleted. (WebCore::InspectorInstrumentation::didReceiveResourceResponseButCanceledImpl): Deleted. (WebCore::InspectorInstrumentation::continueAfterXFrameOptionsDeniedImpl): Deleted. (WebCore::InspectorInstrumentation::continueWithPolicyDownloadImpl): Deleted. (WebCore::InspectorInstrumentation::continueWithPolicyIgnoreImpl): Deleted. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::didReceiveResourceResponse): (WebCore::InspectorInstrumentation::continueAfterXFrameOptionsDenied): (WebCore::InspectorInstrumentation::continueWithPolicyDownload): (WebCore::InspectorInstrumentation::continueWithPolicyIgnore): (WebCore::InspectorInstrumentation::willReceiveResourceResponse): Deleted. * loader/CrossOriginPreflightChecker.cpp: (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied): (WebCore::DocumentLoader::continueAfterContentPolicy): * loader/ResourceLoadNotifier.cpp: (WebCore::ResourceLoadNotifier::dispatchDidReceiveResponse): * loader/appcache/ApplicationCacheGroup.cpp: (WebCore::ApplicationCacheGroup::didReceiveResponse): 2016-12-11 Eric Carlson [MediaStream] Protect MediaDevicesRequest during callback https://bugs.webkit.org/show_bug.cgi?id=165711 Reviewed by Sam Weinig. No new tests, I was unable to create a reproducible test but this fix avoids an occasional crash in existing tests. * Modules/mediastream/MediaDevicesEnumerationRequest.cpp: (WebCore::MediaDevicesEnumerationRequest::start): Take a reference to the object before calling the controller in case the completion handler is called synchronously. 2016-12-09 Filip Pizlo The DOM should have an advancing wavefront opaque root barrier https://bugs.webkit.org/show_bug.cgi?id=165712 Reviewed by Yusuke Suzuki. No new tests because this was covered by crashing tests. Consider these two cases: Removal: 1) DOM at start: D->X->Y 2) Mark X, X->visitChildren, addOpaqueRoot(D) 3) remove X 4) Y thinks it's not reachable (its opaque root, X, is not in the set). Insertion: 1) DOM at start: D, X->Y 2) Mark X, X->visitChildren, addOpaqueRoot(X) 3) insert X into D 4) Y thinks it's not reachable (its opaque root, D, is not in the set). We can fix this with two barriers: Removal: add X (the removed child) to the opaque root set. Insertion: add D (the insertion point) to the opaque root set. Thanks Rysosuke for coming up with this idea! Both barriers advance the wavefront. We could consider retreating wavefront barriers in the future (where we cause visitChildren to be called again on wrappers that belonged to roots that got affected by insertion/removal) but those would probably require more bookkeeping. To make this barrier very fast, the WebCore caches the JSC VM's barrier state in its own global variable for very fast access. This variable will be false most of the time. It's false when there is no VM, so triggering the barrier won't cause the VM to be created. It's only true when GC is running, which is rare by design. To make that caching more sensible, I finally gave WebCore a central header for the common VM (CommonVM.h). * CMakeLists.txt: * Modules/mediastream/SDPProcessor.cpp: (WebCore::SDPProcessor::callScript): * WebCore.xcodeproj/project.pbxproj: * bindings/js/CommonVM.cpp: Added. (WebCore::commonVMSlow): (WebCore::writeBarrierOpaqueRootSlow): * bindings/js/CommonVM.h: Added. (WebCore::commonVM): (WebCore::writeBarrierOpaqueRoot): * bindings/js/DOMWrapperWorld.cpp: (WebCore::mainThreadNormalWorld): * bindings/js/GCController.cpp: (WebCore::collect): (WebCore::GCController::garbageCollectSoon): (WebCore::GCController::garbageCollectNow): (WebCore::GCController::garbageCollectNowIfNotDoneRecently): (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled): (WebCore::GCController::deleteAllCode): (WebCore::GCController::deleteAllLinkedCode): * bindings/js/JSCustomXPathNSResolver.cpp: (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI): * bindings/js/JSDOMBinding.cpp: (WebCore::addImpureProperty): * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow): (WebCore::JSDOMWindowBase::commonVM): Deleted. * bindings/js/JSDOMWindowBase.h: * bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::setWindow): * bindings/js/JSNodeCustom.h: (WebCore::root): * bindings/js/ScriptCachedFrameData.cpp: (WebCore::ScriptCachedFrameData::ScriptCachedFrameData): (WebCore::ScriptCachedFrameData::restore): (WebCore::ScriptCachedFrameData::clear): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::~ScriptController): (WebCore::ScriptController::createWorld): (WebCore::ScriptController::getAllWorlds): (WebCore::ScriptController::clearWindowShell): (WebCore::ScriptController::cacheableBindingRootObject): (WebCore::ScriptController::bindingRootObject): (WebCore::ScriptController::windowScriptNPObject): (WebCore::ScriptController::jsObjectForPluginElement): (WebCore::ScriptController::clearScriptObjects): * dom/CollectionIndexCache.cpp: (WebCore::reportExtraMemoryAllocatedForCollectionIndexCache): * dom/ContainerNode.cpp: * dom/ContainerNodeAlgorithms.cpp: (WebCore::notifyChildNodeInserted): (WebCore::notifyChildNodeRemoved): * dom/Document.cpp: (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): * dom/Node.h: (WebCore::Node::opaqueRoot): * dom/ScriptExecutionContext.cpp: (WebCore::ScriptExecutionContext::vm): * html/HTMLImageLoader.cpp: (WebCore::HTMLImageLoader::notifyFinished): * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::pauseAfterDetachedTask): (WebCore::HTMLMediaElement::ensureIsolatedWorld): * html/HTMLPlugInImageElement.cpp: (WebCore::plugInImageElementIsolatedWorld): * inspector/InspectorController.cpp: (WebCore::InspectorController::vm): * inspector/PageScriptDebugServer.cpp: (WebCore::PageScriptDebugServer::PageScriptDebugServer): * page/PerformanceLogging.cpp: (WebCore::PerformanceLogging::memoryUsageStatistics): (WebCore::PerformanceLogging::javaScriptObjectCounts): * page/ResourceUsageThread.cpp: (WebCore::ResourceUsageThread::createThreadIfNeeded): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::reportApproximateMemoryCost): * testing/MemoryInfo.h: (WebCore::MemoryInfo::MemoryInfo): 2016-12-11 Dan Bernstein [Cocoa] NSAttributedString representation of text copied from -webkit-nbsp-mode:space element contains non-breaking space characters, but shouldn’t https://bugs.webkit.org/show_bug.cgi?id=165515 Reviewed by Darin Adler. Test: platform/mac/fast/text/attributed-substring-from-range.html * editing/cocoa/HTMLConverter.mm: (HTMLConverter::_processText): Emit a space instead of a non-breaking space if the text node is styled with -webkit-nbsp-mode:space. (WebCore::editingAttributedStringFromRange): Replace all non-breaking spaces with spaces if they come from a text node with -webkit-nbsp-mode:space. 2016-12-11 Konstantin Tokarev Unreviewed, add KHR include dir to fix ANGLE build after r209665 https://bugs.webkit.org/show_bug.cgi?id=165686 * CMakeLists.txt: 2016-12-10 Dave Hyatt Rolling out 165737, since it broke layout tests. I need to find a different place to put the init. * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::isValidSelector): 2016-12-10 Simon Fraser Support the deprecated dictionary constructor for DOMPointReadOnly and DOMPoint https://bugs.webkit.org/show_bug.cgi?id=165732 Reviewed by Sam Weinig. For compatibility with other browsers, support the DOMPointInit constructor to DOMPoint and DOMPointReadOnly per Extended geometry/DOMPoint-001.html to test. * dom/DOMPoint.h: * dom/DOMPoint.idl: * dom/DOMPointReadOnly.h: (WebCore::DOMPointReadOnly::create): * dom/DOMPointReadOnly.idl: 2016-12-10 Dave Hyatt [CSS Parser] Make sure content extensions initialize AtomicString https://bugs.webkit.org/show_bug.cgi?id=165737 Reviewed by Simon Fraser. Fixes two broken tests in TestWebkitAPI. * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::isValidSelector): 2016-12-10 Simon Fraser Animation followed by transition doesn't always fire transitionend event https://bugs.webkit.org/show_bug.cgi?id=165731 rdar://problem/28471240 Reviewed by Zalan Bujtas. After r200047, a keyframe animation of an accelerated property followed by a transition didn't always fire a transitionend event. This happened if CompositeAnimation::timeToNextService() happend to be called when the transitions's timeToNextService() returned a positive value, but the keyframe animation still existed, but its timeToNextService() returned -1. In this case that -1 would clobber the positing minT. Fix by just continuing in each loop when the timeToNextService() returns -1. This code should probably be rewritten to use std::optional rather than magic values. Test: animations/animation-followed-by-transition.html * page/animation/CompositeAnimation.cpp: (WebCore::CompositeAnimation::timeToNextService): * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::addAnimation): (WebCore::GraphicsLayerCA::pauseAnimation): (WebCore::GraphicsLayerCA::removeAnimation): (WebCore::GraphicsLayerCA::platformCALayerAnimationStarted): (WebCore::GraphicsLayerCA::platformCALayerAnimationEnded): 2016-12-10 Sam Weinig [WebIDL] Merge JSDictionary into Dictionary, and remove unused bits https://bugs.webkit.org/show_bug.cgi?id=165641 Reviewed by Dan Bernstein. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSBindingsAllInOne.cpp: Remove JSDictionary.h/cpp * Modules/mediastream/RTCDataChannel.cpp: Remove unused #include of Dictionary.h * Modules/mediastream/RTCPeerConnection.cpp: * Modules/mediastream/RTCPeerConnection.h: Replace unnecessary #include of Dictionary in a header with forward declaration. * bindings/js/Dictionary.cpp: (WebCore::Dictionary::Dictionary): (WebCore::Dictionary::tryGetProperty): (WebCore::Dictionary::getOwnPropertyNames): (WebCore::Dictionary::convertValue): (WebCore::Dictionary::asJSObject): Deleted. (WebCore::Dictionary::getOwnPropertiesAsStringHashMap): Deleted. (WebCore::Dictionary::getWithUndefinedOrNullCheck): Deleted. * bindings/js/Dictionary.h: (WebCore::Dictionary::isObject): (WebCore::Dictionary::isUndefinedOrNull): (WebCore::Dictionary::execState): (WebCore::Dictionary::initializerObject): (WebCore::Dictionary::isValid): (WebCore::Dictionary::convertValue): (WebCore::Dictionary::get): (WebCore::Dictionary::tryGetPropertyAndResult): (WebCore::Dictionary::getEventListener): Deleted. Merge JSDictionary into Dictionary. Remove all unused functions (some getters, lots of convertValue overrides). Modernize to taste. * bindings/js/JSCryptoAlgorithmDictionary.cpp: (WebCore::JSCryptoAlgorithmDictionary::getAlgorithmIdentifier): (WebCore::getHashAlgorithm): (WebCore::createHmacParams): (WebCore::createHmacKeyParams): (WebCore::createRsaKeyGenParams): (WebCore::createRsaOaepParams): (WebCore::createRsaSsaParams): Update for rename. JSDictionary is now Dictionary. * bindings/js/JSDictionary.cpp: Removed. * bindings/js/JSDictionary.h: Removed. * dom/MutationObserver.cpp: Remove unused #include of Dictionary.h 2016-12-10 Dave Hyatt [CSS Parser] Move CSSParserValues.h/.cpp to CSSParserSelector.h/.cpp https://bugs.webkit.org/show_bug.cgi?id=165730 Reviewed by Simon Fraser. * WebCore.xcodeproj/project.pbxproj: * css/CSSCustomPropertyValue.cpp: * css/CSSPrimitiveValue.cpp: * css/CSSSelectorList.cpp: * css/makeSelectorPseudoClassAndCompatibilityElementMap.py: * css/parser/CSSParserImpl.cpp: * css/parser/CSSParserSelector.cpp: Copied from Source/WebCore/css/parser/CSSParserValues.cpp. * css/parser/CSSParserSelector.h: Copied from Source/WebCore/css/parser/CSSParserValues.h. * css/parser/CSSParserValues.cpp: Removed. * css/parser/CSSParserValues.h: Removed. * css/parser/CSSSelectorParser.h: 2016-12-10 Dave Hyatt [CSS Parser] Remove the pseudoclass/element hacks https://bugs.webkit.org/show_bug.cgi?id=165729 Reviewed by Sam Weinig. * css/SelectorPseudoClassAndCompatibilityElementMap.in: * css/SelectorPseudoElementTypeMap.in: * css/parser/CSSSelectorParser.cpp: (WebCore::CSSSelectorParser::consumePseudo): 2016-12-09 Sam Weinig [WebIDL] Remove custom bindings for Geolocation https://bugs.webkit.org/show_bug.cgi?id=165625 Reviewed by Alex Christensen. * CMakeLists.txt: * DerivedSources.cpp: * DerivedSources.make: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSBindingsAllInOne.cpp: Add/remove files. * Modules/geolocation/GeoNotifier.cpp: (WebCore::GeoNotifier::GeoNotifier): (WebCore::GeoNotifier::hasZeroTimeout): (WebCore::GeoNotifier::startTimerIfNeeded): * Modules/geolocation/GeoNotifier.h: (WebCore::GeoNotifier::create): (WebCore::GeoNotifier::options): Update to store PositionOptions as a value, and pass the PositionCallback as a Ref, rather than a RefPtr, since it is not optional. * Modules/geolocation/Geolocation.cpp: (WebCore::createGeoposition): Use auto, to get the good type for Coordinates (Ref). (WebCore::Geolocation::getCurrentPosition): (WebCore::Geolocation::watchPosition): (WebCore::Geolocation::haveSuitableCachedPosition): (WebCore::Geolocation::startUpdating): * Modules/geolocation/Geolocation.h: Update to pass PositionOptions itself now that it is a plain struct. * Modules/geolocation/Geolocation.idl: Remove [Custom] extended attribute and add FIXME about nullable annotation. * Modules/geolocation/Geoposition.h: Pass/store Coordinates as a Ref. * Modules/geolocation/PositionOptions.h: Convert to be a simple struct. * Modules/geolocation/PositionOptions.idl: Added. * bindings/js/JSGeolocationCustom.cpp: Removed. 2016-12-09 Dave Hyatt [CSS Parser] Remove the old CSS Parser https://bugs.webkit.org/show_bug.cgi?id=165645 Reviewed by Daniel Bates. Remove the old CSS parser code. In doing so, code that used documentless CSSParserContexts is now going through the new parser. This resulted in some additional changes. These include: (1) Canvas color parsing switched to new parser's code. This resulted in progressions on canvas tests. (2) Support for CSSNamespaceRule in the CSS OM, since the Inspector's creation of CSS OM wrappers made it necessary to add this in. The old parser did not create style rules for namespaces, but the new one (and other browsers) did. (3) now uses the new parser's font-family parsing code. This change was made in createFontFaceValue in CSSValuePool. (4) FontFace now uses a new function on the new parser called parseFontFaceDescriptor. This function sets things up so that parsing occurs as though you are inside a @font-face. The old parser let you call parseValue to parse "properties", but descriptors need to be handled differently in the new parser. (5) Illegal CSS rules in mediaControlsApple/ios.css forced me to add a quirk to handle chained shadow DOM pseudo-elements. This should not be allowed, but for now it is. * CMakeLists.txt: * DerivedSources.make: * WebCore.xcodeproj/project.pbxproj: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJSNewlyCreated): * bindings/js/JSCSSStyleDeclarationCustom.cpp: * css/CSSCalculationValue.cpp: (WebCore::unitCategory): (WebCore::hasDoubleValue): (WebCore::checkDepthAndIndexDeprecated): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseCalc): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::operatorValue): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValue): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueTerm): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueMultiplicativeExpression): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseAdditiveValueExpression): Deleted. (WebCore::CSSCalcExpressionNodeParserDeprecated::parseValueExpression): Deleted. * css/CSSCalculationValue.h: * css/CSSComputedStyleDeclaration.cpp: (WebCore::specifiedValueForGridTrackSize): * css/CSSCustomPropertyValue.cpp: (WebCore::CSSCustomPropertyValue::checkVariablesForCycles): (WebCore::CSSCustomPropertyValue::resolveVariableReferences): * css/CSSCustomPropertyValue.h: * css/CSSFunctionValue.cpp: (WebCore::CSSFunctionValue::CSSFunctionValue): (WebCore::CSSFunctionValue::customCSSText): (WebCore::CSSFunctionValue::append): (WebCore::CSSFunctionValue::buildParserValueSubstitutingVariables): Deleted. * css/CSSFunctionValue.h: * css/CSSGrammar.y.in: Removed. * css/CSSGrammar.y.includes: Removed. * css/CSSGroupingRule.cpp: (WebCore::CSSGroupingRule::insertRule): * css/CSSKeyframeRule.h: * css/CSSKeyframesRule.cpp: (WebCore::CSSKeyframesRule::appendRule): * css/CSSNamespaceRule.cpp: Added. (WebCore::CSSNamespaceRule::CSSNamespaceRule): (WebCore::CSSNamespaceRule::~CSSNamespaceRule): (WebCore::CSSNamespaceRule::namespaceURI): (WebCore::CSSNamespaceRule::prefix): (WebCore::CSSNamespaceRule::cssText): (WebCore::CSSNamespaceRule::reattach): * css/CSSNamespaceRule.h: Added. * css/CSSNamespaceRule.idl: Added. * css/CSSPrimitiveValue.cpp: (WebCore::isValidCSSUnitTypeForDoubleConversion): (WebCore::isStringType): (WebCore::CSSPrimitiveValue::cleanup): (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText): (WebCore::CSSPrimitiveValue::cloneForCSSOM): (WebCore::CSSPrimitiveValue::equals): (WebCore::CSSPrimitiveValue::buildParserValue): Deleted. * css/CSSPrimitiveValue.h: * css/CSSRule.h: * css/CSSRule.idl: * css/CSSStyleSheet.cpp: (WebCore::CSSStyleSheet::insertRule): * css/CSSValue.cpp: (WebCore::CSSValue::equals): (WebCore::CSSValue::cssText): (WebCore::CSSValue::destroy): * css/CSSValue.h: (WebCore::CSSValue::isCustomPropertyValue): (WebCore::CSSValue::hasVariableReferences): (WebCore::CSSValue::isVariableDependentValue): Deleted. (WebCore::CSSValue::isVariableValue): Deleted. * css/CSSValueList.cpp: (WebCore::CSSValueList::customCSSText): (WebCore::CSSValueList::containsVariables): Deleted. (WebCore::CSSValueList::checkVariablesForCycles): Deleted. (WebCore::CSSValueList::buildParserValueSubstitutingVariables): Deleted. (WebCore::CSSValueList::buildParserValueListSubstitutingVariables): Deleted. * css/CSSValueList.h: (WebCore::CSSValueList::createSlashSeparated): (WebCore::CSSValueList::createFromParserValueList): Deleted. * css/CSSValuePool.cpp: (WebCore::CSSValuePool::createFontFaceValue): * css/CSSVariableData.cpp: * css/CSSVariableDependentValue.cpp: Removed. * css/CSSVariableDependentValue.h: Removed. * css/CSSVariableValue.cpp: Removed. * css/CSSVariableValue.h: Removed. * css/DOMCSSNamespace.cpp: * css/FontFace.cpp: (WebCore::FontFace::parseString): * css/InspectorCSSOMWrappers.cpp: * css/MediaQueryExp.cpp: (WebCore::isFeatureValidWithIdentifier): Deleted. (WebCore::isFeatureValidWithNonNegativeLengthOrNumber): Deleted. (WebCore::isFeatureValidWithDensity): Deleted. (WebCore::isFeatureValidWithNonNegativeInteger): Deleted. (WebCore::isFeatureValidWithNonNegativeNumber): Deleted. (WebCore::isFeatureValidWithZeroOrOne): Deleted. (WebCore::isFeatureValidWithNumberWithUnit): Deleted. (WebCore::isFeatureValidWithNumber): Deleted. (WebCore::isSlash): Deleted. (WebCore::isPositiveIntegerValue): Deleted. * css/MediaQueryExp.h: * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::PropertySetCSSStyleDeclaration::setCssText): (WebCore::PropertySetCSSStyleDeclaration::setProperty): * css/SelectorPseudoTypeMap.h: * css/StyleProperties.cpp: (WebCore::StyleProperties::getPropertyValue): (WebCore::StyleProperties::getPropertyCSSValue): (WebCore::MutableStyleProperties::setCustomProperty): (WebCore::MutableStyleProperties::parseDeclaration): (WebCore::StyleProperties::asText): * css/StyleProperties.h: * css/StyleResolver.cpp: (WebCore::StyleResolver::applyProperty): * css/StyleResolver.h: * css/StyleRule.cpp: (WebCore::StyleRuleBase::createCSSOMWrapper): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::parseAuthorStyleSheet): (WebCore::StyleSheetContents::parseString): (WebCore::StyleSheetContents::completeURL): (WebCore::StyleSheetContents::parseStringAtPosition): Deleted. * css/StyleSheetContents.h: * css/WebKitCSSMatrix.cpp: * css/makeSelectorPseudoClassAndCompatibilityElementMap.py: * css/parser/CSSParser.cpp: (WebCore::CSSParserContext::CSSParserContext): (WebCore::CSSParser::CSSParser): (WebCore::CSSParser::parseSheet): (WebCore::CSSParser::parseRule): (WebCore::CSSParser::parseKeyframeRule): (WebCore::CSSParser::parseSupportsCondition): (WebCore::CSSParser::parseColor): (WebCore::CSSParser::parseSystemColor): (WebCore::CSSParser::parseSingleValue): (WebCore::CSSParser::parseValue): (WebCore::CSSParser::parseCustomPropertyValue): (WebCore::CSSParser::parseSelector): (WebCore::CSSParser::parseInlineStyleDeclaration): (WebCore::CSSParser::parseDeclaration): (WebCore::CSSParser::parseValueWithVariableReferences): (WebCore::CSSParser::parseKeyframeKeyList): (WebCore::CSSParser::parseFontFaceDescriptor): (WebCore::equalLettersIgnoringASCIICase): Deleted. (WebCore::hasPrefix): Deleted. (WebCore::createPrimitiveValuePair): Deleted. (WebCore::AnimationParseContext::commitFirstAnimation): Deleted. (WebCore::AnimationParseContext::hasCommittedFirstAnimation): Deleted. (WebCore::AnimationParseContext::commitAnimationPropertyKeyword): Deleted. (WebCore::AnimationParseContext::animationPropertyKeywordAllowed): Deleted. (WebCore::AnimationParseContext::hasSeenAnimationPropertyKeyword): Deleted. (WebCore::AnimationParseContext::sawAnimationPropertyKeyword): Deleted. (): Deleted. (WebCore::convertToASCIILowercaseInPlace): Deleted. (WebCore::CSSParserString::convertToASCIILowercaseInPlace): Deleted. (WebCore::CSSParser::setupParser): Deleted. (WebCore::isColorPropertyID): Deleted. (WebCore::CSSParser::isValidSystemColorValue): Deleted. (WebCore::validPrimitiveValueColor): Deleted. (WebCore::parseColorValue): Deleted. (WebCore::isSimpleLengthPropertyID): Deleted. (WebCore::parseSimpleLength): Deleted. (WebCore::parseSimpleLengthValue): Deleted. (WebCore::isValidKeywordPropertyAndValue): Deleted. (WebCore::isUniversalKeyword): Deleted. (WebCore::isKeywordPropertyID): Deleted. (WebCore::parseKeywordValue): Deleted. (WebCore::parseTransformTranslateArguments): Deleted. (WebCore::parseTranslateTransformValue): Deleted. (WebCore::CSSParser::parseFontFaceValue): Deleted. (WebCore::CSSParser::parseColorFromString): Deleted. (WebCore::CSSParser::parseDeclarationDeprecated): Deleted. (WebCore::filterProperties): Deleted. (WebCore::CSSParser::createStyleProperties): Deleted. (WebCore::CSSParser::addProperty): Deleted. (WebCore::CSSParser::rollbackLastProperties): Deleted. (WebCore::CSSParser::clearProperties): Deleted. (WebCore::CSSParser::completeURL): Deleted. (WebCore::CSSParser::validateCalculationUnit): Deleted. (WebCore::CSSParser::shouldAcceptUnitLessValues): Deleted. (WebCore::CSSParser::validateUnit): Deleted. (WebCore::CSSParser::createPrimitiveNumericValue): Deleted. (WebCore::CSSParser::createPrimitiveStringValue): Deleted. (WebCore::isComma): Deleted. (WebCore::isForwardSlashOperator): Deleted. (WebCore::CSSParser::isValidSize): Deleted. (WebCore::CSSParser::parseValidPrimitive): Deleted. (WebCore::CSSParser::addExpandedPropertyForValue): Deleted. (WebCore::isImageSetFunctionValue): Deleted. (WebCore::CSSParser::addFillValue): Deleted. (WebCore::isContentDistributionKeyword): Deleted. (WebCore::isContentPositionKeyword): Deleted. (WebCore::isBaselinePositionKeyword): Deleted. (WebCore::isAlignmentOverflowKeyword): Deleted. (WebCore::isItemPositionKeyword): Deleted. (WebCore::CSSParser::parseLegacyPosition): Deleted. (WebCore::CSSParser::parseContentDistributionOverflowPosition): Deleted. (WebCore::CSSParser::parseItemPositionOverflowPosition): Deleted. (WebCore::parseBackgroundClip): Deleted. (WebCore::CSSParser::useLegacyBackgroundSizeShorthandBehavior): Deleted. (WebCore::CSSParser::parseNonElementSnapPoints): Deleted. (WebCore::CSSParser::parseScrollSnapPositions): Deleted. (WebCore::CSSParser::parseScrollSnapDestination): Deleted. (WebCore::CSSParser::parseScrollSnapCoordinate): Deleted. (WebCore::CSSParser::parseFillShorthand): Deleted. (WebCore::CSSParser::addAnimationValue): Deleted. (WebCore::CSSParser::parseAnimationShorthand): Deleted. (WebCore::CSSParser::parseColumnWidth): Deleted. (WebCore::CSSParser::parseColumnCount): Deleted. (WebCore::CSSParser::parseColumnsShorthand): Deleted. (WebCore::CSSParser::parseTransitionShorthand): Deleted. (WebCore::CSSParser::parseShorthand): Deleted. (WebCore::CSSParser::parse4Values): Deleted. (WebCore::CSSParser::parsePage): Deleted. (WebCore::CSSParser::parseSize): Deleted. (WebCore::CSSParser::parseSizeParameter): Deleted. (WebCore::CSSParser::parseQuotes): Deleted. (WebCore::CSSParser::parseAlt): Deleted. (WebCore::CSSParser::parseCustomPropertyDeclaration): Deleted. (WebCore::CSSParser::parseContent): Deleted. (WebCore::CSSParser::parseAttr): Deleted. (WebCore::CSSParser::parseBackgroundColor): Deleted. (WebCore::CSSParser::parseFillImage): Deleted. (WebCore::CSSParser::parsePositionX): Deleted. (WebCore::CSSParser::parsePositionY): Deleted. (WebCore::CSSParser::parseFillPositionComponent): Deleted. (WebCore::isValueConflictingWithCurrentEdge): Deleted. (WebCore::isFillPositionKeyword): Deleted. (WebCore::CSSParser::parse4ValuesFillPosition): Deleted. (WebCore::CSSParser::parse3ValuesFillPosition): Deleted. (WebCore::CSSParser::isPotentialPositionValue): Deleted. (WebCore::CSSParser::parseFillPosition): Deleted. (WebCore::CSSParser::parse2ValuesFillPosition): Deleted. (WebCore::CSSParser::parseFillRepeat): Deleted. (WebCore::CSSParser::parseFillSize): Deleted. (WebCore::CSSParser::parseFillProperty): Deleted. (WebCore::CSSParser::parseAnimationDelay): Deleted. (WebCore::CSSParser::parseAnimationDirection): Deleted. (WebCore::CSSParser::parseAnimationDuration): Deleted. (WebCore::CSSParser::parseAnimationFillMode): Deleted. (WebCore::CSSParser::parseAnimationIterationCount): Deleted. (WebCore::CSSParser::parseAnimationName): Deleted. (WebCore::CSSParser::parseAnimationPlayState): Deleted. (WebCore::CSSParser::parseAnimationTrigger): Deleted. (WebCore::CSSParser::parseAnimationProperty): Deleted. (WebCore::CSSParser::parseTransformOriginShorthand): Deleted. (WebCore::CSSParser::isSpringTimingFunctionEnabled): Deleted. (WebCore::CSSParser::parseCubicBezierTimingFunctionValue): Deleted. (WebCore::CSSParser::parseSpringTimingFunctionValue): Deleted. (WebCore::CSSParser::parseAnimationTimingFunction): Deleted. (WebCore::isValidGridPositionCustomIdent): Deleted. (WebCore::CSSParser::parseIntegerOrCustomIdentFromGridPosition): Deleted. (WebCore::CSSParser::parseGridPosition): Deleted. (WebCore::gridMissingGridPositionValue): Deleted. (WebCore::CSSParser::parseGridItemPositionShorthand): Deleted. (WebCore::CSSParser::parseGridGapShorthand): Deleted. (WebCore::CSSParser::parseGridTemplateColumns): Deleted. (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Deleted. (WebCore::CSSParser::parseGridTemplateShorthand): Deleted. (WebCore::parseImplicitAutoFlow): Deleted. (WebCore::CSSParser::parseGridShorthand): Deleted. (WebCore::CSSParser::parseGridAreaShorthand): Deleted. (WebCore::CSSParser::parseSingleGridAreaLonghand): Deleted. (WebCore::CSSParser::parseGridLineNames): Deleted. (WebCore::isGridTrackFixedSized): Deleted. (WebCore::CSSParser::parseGridTrackList): Deleted. (WebCore::CSSParser::parseGridTrackRepeatFunction): Deleted. (WebCore::CSSParser::parseGridTrackSize): Deleted. (WebCore::CSSParser::parseGridBreadth): Deleted. (WebCore::isValidGridAutoFlowId): Deleted. (WebCore::CSSParser::parseGridAutoFlow): Deleted. (WebCore::skipCommaInDashboardRegion): Deleted. (WebCore::CSSParser::parseDashboardRegions): Deleted. (WebCore::parseGridTemplateAreasColumnNames): Deleted. (WebCore::CSSParser::parseGridTemplateAreasRow): Deleted. (WebCore::CSSParser::parseGridTemplateAreas): Deleted. (WebCore::CSSParser::parseCounterContent): Deleted. (WebCore::CSSParser::parseClipShape): Deleted. (WebCore::completeBorderRadii): Deleted. (WebCore::CSSParser::parseInsetRoundedCorners): Deleted. (WebCore::CSSParser::parseBasicShapeInset): Deleted. (WebCore::CSSParser::parseShapeRadius): Deleted. (WebCore::CSSParser::parseBasicShapeCircle): Deleted. (WebCore::CSSParser::parseBasicShapeEllipse): Deleted. (WebCore::CSSParser::parseBasicShapePolygon): Deleted. (WebCore::CSSParser::parseBasicShapePath): Deleted. (WebCore::isBoxValue): Deleted. (WebCore::CSSParser::parseBasicShapeAndOrBox): Deleted. (WebCore::CSSParser::parseShapeProperty): Deleted. (WebCore::CSSParser::parseClipPath): Deleted. (WebCore::CSSParser::parseBasicShape): Deleted. (WebCore::CSSParser::parseFont): Deleted. (WebCore::CSSParser::parseSystemFont): Deleted. (WebCore::FontFamilyValueBuilder::FontFamilyValueBuilder): Deleted. (WebCore::FontFamilyValueBuilder::add): Deleted. (WebCore::FontFamilyValueBuilder::commit): Deleted. (WebCore::valueIsCSSKeyword): Deleted. (WebCore::CSSParser::parseFontFamily): Deleted. (WebCore::CSSParser::parseLineHeight): Deleted. (WebCore::CSSParser::parseFontSize): Deleted. (WebCore::createFontWeightValueKeyword): Deleted. (WebCore::CSSParser::parseFontWeight): Deleted. (WebCore::CSSParser::parseFontSynthesis): Deleted. (WebCore::CSSParser::parseFontFaceSrcURI): Deleted. (WebCore::CSSParser::parseFontFaceSrcLocal): Deleted. (WebCore::CSSParser::parseFontFaceSrc): Deleted. (WebCore::CSSParser::parseFontFaceUnicodeRange): Deleted. (WebCore::checkForValidDouble): Deleted. (WebCore::parseDouble): Deleted. (WebCore::parseColorIntOrPercentage): Deleted. (WebCore::isTenthAlpha): Deleted. (WebCore::parseAlphaValue): Deleted. (WebCore::mightBeRGBA): Deleted. (WebCore::mightBeRGB): Deleted. (WebCore::fastParseColorInternal): Deleted. (WebCore::CSSParser::fastParseColor): Deleted. (WebCore::CSSParser::parsedDouble): Deleted. (WebCore::CSSParser::isCalculation): Deleted. (WebCore::isPercent): Deleted. (WebCore::CSSParser::parseColorInt): Deleted. (WebCore::CSSParser::parseColorDouble): Deleted. (WebCore::CSSParser::parseRGBParameters): Deleted. (WebCore::CSSParser::parseColorFunctionParameters): Deleted. (WebCore::CSSParser::parseHSLParameters): Deleted. (WebCore::CSSParser::parseColorFromValue): Deleted. (WebCore::ShadowParseContext::ShadowParseContext): Deleted. (WebCore::ShadowParseContext::allowLength): Deleted. (WebCore::ShadowParseContext::commitValue): Deleted. (WebCore::ShadowParseContext::commitLength): Deleted. (WebCore::ShadowParseContext::commitColor): Deleted. (WebCore::ShadowParseContext::commitStyle): Deleted. (WebCore::CSSParser::parseShadow): Deleted. (WebCore::CSSParser::parseReflect): Deleted. (WebCore::CSSParser::parseFlex): Deleted. (WebCore::BorderImageParseContext::BorderImageParseContext): Deleted. (WebCore::BorderImageParseContext::canAdvance): Deleted. (WebCore::BorderImageParseContext::setCanAdvance): Deleted. (WebCore::BorderImageParseContext::allowCommit): Deleted. (WebCore::BorderImageParseContext::allowImage): Deleted. (WebCore::BorderImageParseContext::allowImageSlice): Deleted. (WebCore::BorderImageParseContext::allowRepeat): Deleted. (WebCore::BorderImageParseContext::allowForwardSlashOperator): Deleted. (WebCore::BorderImageParseContext::requireWidth): Deleted. (WebCore::BorderImageParseContext::requireOutset): Deleted. (WebCore::BorderImageParseContext::commitImage): Deleted. (WebCore::BorderImageParseContext::commitImageSlice): Deleted. (WebCore::BorderImageParseContext::commitForwardSlashOperator): Deleted. (WebCore::BorderImageParseContext::commitBorderWidth): Deleted. (WebCore::BorderImageParseContext::commitBorderOutset): Deleted. (WebCore::BorderImageParseContext::commitRepeat): Deleted. (WebCore::BorderImageParseContext::commitWebKitBorderImage): Deleted. (WebCore::BorderImageParseContext::commitBorderImage): Deleted. (WebCore::BorderImageParseContext::commitBorderImageProperty): Deleted. (WebCore::CSSParser::parseBorderImage): Deleted. (WebCore::isBorderImageRepeatKeyword): Deleted. (WebCore::CSSParser::parseBorderImageRepeat): Deleted. (WebCore::BorderImageSliceParseContext::BorderImageSliceParseContext): Deleted. (WebCore::BorderImageSliceParseContext::allowNumber): Deleted. (WebCore::BorderImageSliceParseContext::allowFill): Deleted. (WebCore::BorderImageSliceParseContext::allowFinalCommit): Deleted. (WebCore::BorderImageSliceParseContext::top): Deleted. (WebCore::BorderImageSliceParseContext::commitNumber): Deleted. (WebCore::BorderImageSliceParseContext::commitFill): Deleted. (WebCore::BorderImageSliceParseContext::commitBorderImageSlice): Deleted. (WebCore::CSSParser::parseBorderImageSlice): Deleted. (WebCore::BorderImageQuadParseContext::BorderImageQuadParseContext): Deleted. (WebCore::BorderImageQuadParseContext::allowNumber): Deleted. (WebCore::BorderImageQuadParseContext::allowFinalCommit): Deleted. (WebCore::BorderImageQuadParseContext::top): Deleted. (WebCore::BorderImageQuadParseContext::commitNumber): Deleted. (WebCore::BorderImageQuadParseContext::setAllowFinalCommit): Deleted. (WebCore::BorderImageQuadParseContext::setTop): Deleted. (WebCore::BorderImageQuadParseContext::commitBorderImageQuad): Deleted. (WebCore::CSSParser::parseBorderImageQuad): Deleted. (WebCore::CSSParser::parseBorderImageWidth): Deleted. (WebCore::CSSParser::parseBorderImageOutset): Deleted. (WebCore::CSSParser::parseBorderRadius): Deleted. (WebCore::CSSParser::parseAspectRatio): Deleted. (WebCore::CSSParser::parseCounter): Deleted. (WebCore::parseDeprecatedGradientPoint): Deleted. (WebCore::parseDeprecatedGradientColorStop): Deleted. (WebCore::CSSParser::parseDeprecatedGradient): Deleted. (WebCore::valueFromSideKeyword): Deleted. (WebCore::parseGradientColorOrKeyword): Deleted. (WebCore::CSSParser::parseDeprecatedLinearGradient): Deleted. (WebCore::CSSParser::parseDeprecatedRadialGradient): Deleted. (WebCore::CSSParser::parseLinearGradient): Deleted. (WebCore::CSSParser::parseRadialGradient): Deleted. (WebCore::CSSParser::parseGradientColorStops): Deleted. (WebCore::CSSParser::isGeneratedImageValue): Deleted. (WebCore::CSSParser::parseGeneratedImage): Deleted. (WebCore::CSSParser::parseFilterImage): Deleted. (WebCore::CSSParser::parseCrossfade): Deleted. (WebCore::CSSParser::parseCanvas): Deleted. (WebCore::CSSParser::parseNamedImage): Deleted. (WebCore::CSSParser::parseImageResolution): Deleted. (WebCore::CSSParser::parseImageSet): Deleted. (WebCore::TransformOperationInfo::TransformOperationInfo): Deleted. (WebCore::TransformOperationInfo::type): Deleted. (WebCore::TransformOperationInfo::argCount): Deleted. (WebCore::TransformOperationInfo::unit): Deleted. (WebCore::TransformOperationInfo::unknown): Deleted. (WebCore::TransformOperationInfo::hasCorrectArgCount): Deleted. (WebCore::CSSParser::parseTransform): Deleted. (WebCore::CSSParser::parseTransformValue): Deleted. (WebCore::CSSParser::isBlendMode): Deleted. (WebCore::CSSParser::isCompositeOperator): Deleted. (WebCore::isValidPrimitiveFilterFunction): Deleted. (WebCore::CSSParser::parseBuiltinFilterArguments): Deleted. (WebCore::cssValueKeywordIDForFunctionName): Deleted. (WebCore::CSSParser::parseFilter): Deleted. (WebCore::validFlowName): Deleted. (WebCore::CSSParser::isTextAutosizingEnabled): Deleted. (WebCore::CSSParser::isCSSGridLayoutEnabled): Deleted. (WebCore::CSSParser::parseFlowThread): Deleted. (WebCore::CSSParser::parseRegionThread): Deleted. (WebCore::CSSParser::parseTransformOrigin): Deleted. (WebCore::CSSParser::parsePerspectiveOrigin): Deleted. (WebCore::CSSParser::addTextDecorationProperty): Deleted. (WebCore::CSSParser::parseTextDecoration): Deleted. (WebCore::CSSParser::parseTextDecorationSkip): Deleted. (WebCore::CSSParser::parseTextUnderlinePosition): Deleted. (WebCore::CSSParser::parseTextEmphasisStyle): Deleted. (WebCore::CSSParser::parseTextEmphasisPosition): Deleted. (WebCore::CSSParser::parseTextIndent): Deleted. (WebCore::CSSParser::parseHangingPunctuation): Deleted. (WebCore::CSSParser::parseLineBoxContain): Deleted. (WebCore::CSSParser::parseFontFeatureTag): Deleted. (WebCore::CSSParser::parseFontFeatureSettings): Deleted. (WebCore::CSSParser::parseFontVariationTag): Deleted. (WebCore::CSSParser::parseFontVariationSettings): Deleted. (WebCore::CSSParser::parseFontVariantLigatures): Deleted. (WebCore::CSSParser::parseFontVariantNumeric): Deleted. (WebCore::CSSParser::parseFontVariantEastAsian): Deleted. (WebCore::CSSParser::parseFontVariant): Deleted. (WebCore::isValidWillChangeAnimatableFeature): Deleted. (WebCore::CSSParser::parseWillChange): Deleted. (WebCore::CSSParser::parseCalculation): Deleted. (WebCore::isCSSLetter): Deleted. (WebCore::isCSSEscape): Deleted. (WebCore::isURILetter): Deleted. (WebCore::isIdentifierStartAfterDash): Deleted. (WebCore::isCustomPropertyIdentifier): Deleted. (WebCore::isEqualToCSSIdentifier): Deleted. (WebCore::isEqualToCSSCaseSensitiveIdentifier): Deleted. (WebCore::checkAndSkipEscape): Deleted. (WebCore::skipWhiteSpace): Deleted. (WebCore::CSSParserString::characters): Deleted. (WebCore::CSSParserString::characters): Deleted. (WebCore::CSSParser::currentCharacter): Deleted. (WebCore::CSSParser::currentCharacter): Deleted. (WebCore::CSSParser::currentCharacter16): Deleted. (WebCore::CSSParser::tokenStart): Deleted. (WebCore::CSSParser::tokenStart): Deleted. (WebCore::CSSParser::currentLocation): Deleted. (WebCore::CSSParser::isIdentifierStart): Deleted. (WebCore::checkAndSkipString): Deleted. (WebCore::CSSParser::parseEscape): Deleted. (WebCore::CSSParser::UnicodeToChars): Deleted. (WebCore::CSSParser::UnicodeToChars): Deleted. (WebCore::CSSParser::parseIdentifierInternal): Deleted. (WebCore::CSSParser::parseIdentifier): Deleted. (WebCore::CSSParser::parseStringInternal): Deleted. (WebCore::CSSParser::parseString): Deleted. (WebCore::CSSParser::findURI): Deleted. (WebCore::CSSParser::parseURIInternal): Deleted. (WebCore::CSSParser::parseURI): Deleted. (WebCore::CSSParser::parseUnicodeRange): Deleted. (WebCore::CSSParser::parseNthChild): Deleted. (WebCore::CSSParser::parseNthChildExtra): Deleted. (WebCore::CSSParser::detectFunctionTypeToken): Deleted. (WebCore::CSSParser::detectMediaQueryToken): Deleted. (WebCore::CSSParser::detectNumberToken): Deleted. (WebCore::CSSParser::detectDashToken): Deleted. (WebCore::CSSParser::detectAtToken): Deleted. (WebCore::CSSParser::detectSupportsToken): Deleted. (WebCore::CSSParser::realLex): Deleted. (WebCore::CSSParser::createImportRule): Deleted. (WebCore::CSSParser::createMediaRule): Deleted. (WebCore::CSSParser::createEmptyMediaRule): Deleted. (WebCore::CSSParser::createSupportsRule): Deleted. (WebCore::CSSParser::markSupportsRuleHeaderStart): Deleted. (WebCore::CSSParser::markSupportsRuleHeaderEnd): Deleted. (WebCore::CSSParser::popSupportsRuleData): Deleted. (WebCore::CSSParser::processAndAddNewRuleToSourceTreeIfNeeded): Deleted. (WebCore::CSSParser::addNewRuleToSourceTree): Deleted. (WebCore::CSSParser::popRuleData): Deleted. (WebCore::CSSParser::syntaxError): Deleted. (WebCore::CSSParser::isLoggingErrors): Deleted. (WebCore::CSSParser::logError): Deleted. (WebCore::CSSParser::createKeyframesRule): Deleted. (WebCore::CSSParser::createStyleRule): Deleted. (WebCore::CSSParser::createFontFaceRule): Deleted. (WebCore::CSSParser::addNamespace): Deleted. (WebCore::CSSParser::determineNameInNamespace): Deleted. (WebCore::CSSParser::rewriteSpecifiersWithNamespaceIfNeeded): Deleted. (WebCore::CSSParser::rewriteSpecifiersWithElementName): Deleted. (WebCore::CSSParser::rewriteSpecifiers): Deleted. (WebCore::CSSParser::createPageRule): Deleted. (WebCore::CSSParser::createSelectorVector): Deleted. (WebCore::CSSParser::recycleSelectorVector): Deleted. (WebCore::CSSParser::createRegionRule): Deleted. (WebCore::CSSParser::createMarginAtRule): Deleted. (WebCore::CSSParser::startDeclarationsForMarginBox): Deleted. (WebCore::CSSParser::endDeclarationsForMarginBox): Deleted. (WebCore::CSSParser::createKeyframe): Deleted. (WebCore::CSSParser::invalidBlockHit): Deleted. (WebCore::CSSParser::updateLastMediaLine): Deleted. (WebCore::fixUnparsedProperties): Deleted. (WebCore::CSSParser::fixUnparsedPropertyRanges): Deleted. (WebCore::CSSParser::markRuleHeaderStart): Deleted. (WebCore::CSSParser::setRuleHeaderEnd): Deleted. (WebCore::CSSParser::markRuleHeaderEnd): Deleted. (WebCore::CSSParser::markSelectorStart): Deleted. (WebCore::CSSParser::markSelectorEnd): Deleted. (WebCore::CSSParser::markRuleBodyStart): Deleted. (WebCore::CSSParser::markRuleBodyEnd): Deleted. (WebCore::CSSParser::markPropertyStart): Deleted. (WebCore::CSSParser::markPropertyEnd): Deleted. (WebCore::CSSParser::createViewportRule): Deleted. (WebCore::CSSParser::parseViewportProperty): Deleted. (WebCore::CSSParser::parseViewportShorthand): Deleted. (WebCore::isAppleLegacyCSSPropertyKeyword): Deleted. (WebCore::cssPropertyID): Deleted. (WebCore::cssPropertyNameIOSAliasing): Deleted. (WebCore::isAppleLegacyCSSValueKeyword): Deleted. (WebCore::cssValueKeywordID): Deleted. (WebCore::isValidNthToken): Deleted. * css/parser/CSSParser.h: (): Deleted. (WebCore::CSSParser::ValueWithCalculation::ValueWithCalculation): Deleted. (WebCore::CSSParser::ValueWithCalculation::value): Deleted. (WebCore::CSSParser::ValueWithCalculation::operator CSSParserValue&): Deleted. (WebCore::CSSParser::ValueWithCalculation::calculation): Deleted. (WebCore::CSSParser::ValueWithCalculation::setCalculation): Deleted. (WebCore::CSSParser::hasProperties): Deleted. (WebCore::CSSParser::startNestedSelectorList): Deleted. (WebCore::CSSParser::endNestedSelectorList): Deleted. (WebCore::CSSParser::resetPropertyRange): Deleted. (WebCore::CSSParser::isExtractingSourceData): Deleted. (WebCore::CSSParser::lex): Deleted. (WebCore::CSSParser::token): Deleted. (WebCore::CSSParser::markViewportRuleBodyStart): Deleted. (WebCore::CSSParser::markViewportRuleBodyEnd): Deleted. (WebCore::CSSParser::setCustomPropertyName): Deleted. (WebCore::CSSParser::is8BitSource): Deleted. (WebCore::CSSParser::setStyleSheet): Deleted. (WebCore::CSSParser::inStrictMode): Deleted. (WebCore::CSSParser::inQuirksMode): Deleted. (WebCore::CSSParser::setupParser): Deleted. (WebCore::CSSParser::inShorthand): Deleted. (WebCore::CSSParser::inViewport): Deleted. (WebCore::CSSParser::operator|): Deleted. (WebCore::CSSParser::validateUnit): Deleted. (WebCore::ShorthandScope::ShorthandScope): Deleted. (WebCore::ShorthandScope::~ShorthandScope): Deleted. (WebCore::CSSParser::setTokenStart): Deleted. (WebCore::CSSParser::setTokenStart): Deleted. (WebCore::CSSParser::tokenStartOffset): Deleted. (WebCore::CSSParser::currentCharacterOffset): Deleted. (WebCore::CSSParser::tokenStartChar): Deleted. (WebCore::isCustomPropertyName): Deleted. (WebCore::cssyylex): Deleted. * css/parser/CSSParserFastPaths.cpp: (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue): * css/parser/CSSParserMode.h: (WebCore::CSSParserContextHash::hash): * css/parser/CSSParserValues.cpp: (WebCore::CSSParserSelector::setSelectorList): (WebCore::destroy): Deleted. (WebCore::CSSParserValueList::~CSSParserValueList): Deleted. (WebCore::CSSParserValueList::addValue): Deleted. (WebCore::CSSParserValueList::insertValueAt): Deleted. (WebCore::CSSParserValueList::extend): Deleted. (WebCore::CSSParserValueList::containsVariables): Deleted. (WebCore::CSSParserValue::createCSSValue): Deleted. (WebCore::CSSParserSelector::parsePseudoElementSelector): Deleted. (WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector): Deleted. (WebCore::CSSParserSelector::parsePseudoElementSlottedFunctionSelector): Deleted. (WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector): Deleted. (WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector): Deleted. (WebCore::CSSParserSelector::setPseudoClassValue): Deleted. * css/parser/CSSParserValues.h: (WebCore::CSSParserString::init): Deleted. (WebCore::CSSParserString::clear): Deleted. (WebCore::CSSParserString::is8Bit): Deleted. (WebCore::CSSParserString::characters8): Deleted. (WebCore::CSSParserString::characters16): Deleted. (WebCore::CSSParserString::length): Deleted. (WebCore::CSSParserString::setLength): Deleted. (WebCore::CSSParserString::operator[]): Deleted. (WebCore::CSSParserString::operator String): Deleted. (WebCore::CSSParserString::operator AtomicString): Deleted. (WebCore::CSSParserString::toStringView): Deleted. (): Deleted. (WebCore::CSSParserValueList::CSSParserValueList): Deleted. (WebCore::CSSParserValueList::size): Deleted. (WebCore::CSSParserValueList::currentIndex): Deleted. (WebCore::CSSParserValueList::current): Deleted. (WebCore::CSSParserValueList::next): Deleted. (WebCore::CSSParserValueList::previous): Deleted. (WebCore::CSSParserValueList::setCurrentIndex): Deleted. (WebCore::CSSParserValueList::valueAt): Deleted. (WebCore::CSSParserValueList::clear): Deleted. (WebCore::CSSParserValue::setFromValueList): Deleted. (WebCore::equalLettersIgnoringASCIICase): Deleted. * css/parser/CSSPropertyParser.cpp: (WebCore::isCustomPropertyName): (WebCore::cssPropertyNameIOSAliasing): * css/parser/CSSPropertyParser.h: * css/parser/SVGCSSParser.cpp: Removed. * dom/InlineStyleSheetOwner.cpp: (WebCore::InlineStyleSheetOwner::createSheet): * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::ensureSourceData): (WebCore::InspectorStyleSheetForInlineStyle::ruleSourceData): * page/animation/AnimationController.cpp: * rendering/style/RenderStyle.cpp: * svg/SVGAnimateElementBase.cpp: * svg/SVGAnimationElement.cpp: * svg/SVGElement.cpp: 2016-12-10 Konstantin Tokarev [cmake] Include WTF, JSC, and WebCore headers automatically to targers using them https://bugs.webkit.org/show_bug.cgi?id=165686 Reviewed by Michael Catanzaro. This change reduces duplication of include path lists between modules, and reduces future need for fixes like r209605 (broken build because of WebCore header suddenly becoming used in WebKit2). No new tests needed. * CMakeLists.txt: * PlatformEfl.cmake: * PlatformGTK.cmake: * PlatformMac.cmake: * PlatformWinCairo.cmake: 2016-12-10 Ryosuke Niwa Replace isUnclosedNode by isClosedShadowHidden https://bugs.webkit.org/show_bug.cgi?id=165722 Reviewed by Antti Koivisto. Replaced Node::isUnclosedNode by Node::isClosedShadowHidden and negated the semantics as done in the spec: https://dom.spec.whatwg.org/#concept-closed-shadow-hidden https://github.com/whatwg/dom/pull/306 Also added a version which follows the spec text for a debug assertion. No new tests since this has no behavioral change. * dom/EventContext.h: (WebCore::EventContext::isUnreachableNode): * dom/EventPath.cpp: (WebCore::EventPath::computePathUnclosedToTarget): (WebCore::RelatedNodeRetargeter::checkConsistency): * dom/Node.cpp: (WebCore::isClosedShadowHiddenUsingSpecDefinition): Added to assert our implementation matches the spec text. (WebCore::Node::isClosedShadowHidden): Renamed from Node::isUnclosedNode and negated the return value. * dom/Node.h: 2016-12-10 Antti Koivisto CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebCore: WTF::match_constness::type& WTF::downcast + 65 https://bugs.webkit.org/show_bug.cgi?id=165652 rdar://problem/28465278 Reviewed by Darin Adler. No, test don't know how to get here. * css/StyleBuilderConverter.h: (WebCore::StyleBuilderConverter::convertContentAlignmentData): Add type checks. 2016-12-10 Jiewen Tan [WebCrypto] RSA algorithms should allow importing keys without usages https://bugs.webkit.org/show_bug.cgi?id=165680 Reviewed by Brent Fulgham. Tests: crypto/subtle/rsa-oaep-import-jwk-public-key-empty-usages.html crypto/subtle/rsa-oaep-import-spki-key-empty-usages.html crypto/subtle/rsaes-pkcs1-v1_5-import-jwk-public-key-empty-usages.html crypto/subtle/rsaes-pkcs1-v1_5-import-spki-key-empty-usages.html crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-public-key-empty-usages.html crypto/subtle/rsassa-pkcs1-v1_5-import-spki-key-empty-usages.html * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp: (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey): * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp: (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey): * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp: (WebCore::CryptoAlgorithmRSA_OAEP::importKey): 2016-12-10 Frederic Wang Add STIX Two Math to the list of math fonts in mathml.css https://bugs.webkit.org/show_bug.cgi?id=165676 Reviewed by Darin Adler. No new tests, this is just changing default style. * css/mathml.css: (math): 2016-12-09 Romain Bellessort [Readable Streams API] Implement ReadableByteStreamController desiredSize https://bugs.webkit.org/show_bug.cgi?id=165599 Reviewed by Darin Adler. Implemented ReadableByteStreamController attribute desiredSize. Added test to check desiredSize value. * Modules/streams/ReadableByteStreamController.js: (desiredSize): * Modules/streams/ReadableByteStreamInternals.js: (readableByteStreamControllerGetDesiredSize): 2016-12-09 Ryosuke Niwa document.pointerLockElement exposes a node inside a shadow tree https://bugs.webkit.org/show_bug.cgi?id=165702 Reviewed by Simon Fraser. Expose pointerLockElement on ShadowRoot as spec'ed (DocumentOrShadowRoot): https://w3c.github.io/pointerlock/#extensions-to-the-documentorshadowroot-mixin Use ancestorElementInThisScope to find the correct node in pointerLockElement. Tests: fast/shadow-dom/pointerlockelement-in-shadow-tree.html fast/shadow-dom/pointerlockelement-in-slot.html * dom/Document.cpp: (WebCore::Document::pointerLockElement): Moved to TreeScope. * dom/Document.h: * dom/Document.idl: Moved ointerLockElement to DocumentOrShadowRoot.idl. * dom/DocumentOrShadowRoot.idl: Ditto. * dom/TreeScope.cpp: (WebCore::TreeScope::focusedElementInScope): Use documentScope instead of acessing it via m_rootNode. (WebCore::TreeScope::pointerLockElement): Moved from Document. * dom/TreeScope.h: 2016-12-09 Daniel Bates Add reflected nonce attribute to HTML Link element IDL https://bugs.webkit.org/show_bug.cgi?id=165709 Reviewed by Ryosuke Niwa. Add the reflected nonce attribute to the HTML Link element IDL definition as per the HTML standard (9 December 2016). Test: fast/dom/nonce-attribute-reflection.html * html/HTMLLinkElement.idl: 2016-12-09 Eric Carlson Annotate MediaStream and WebRTC idl with EnabledAtRuntime flag https://bugs.webkit.org/show_bug.cgi?id=165251 Reviewed by Dean Jackson. Based on a patch by Dr Alex Gouaillard No new tests, covered by existing tests. * Modules/mediastream/MediaStreamEvent.idl: Add "EnabledAtRuntime". * Modules/mediastream/NavigatorMediaDevices.idl: Ditto. * Modules/mediastream/NavigatorUserMedia.idl: Ditto. * Modules/mediastream/RTCDTMFToneChangeEvent.idl: Ditto. * Modules/mediastream/RTCIceCandidate.idl: Ditto. * Modules/mediastream/RTCPeerConnection.idl: Ditto. * Modules/mediastream/RTCRtpReceiver.idl: Ditto. * Modules/mediastream/RTCRtpSender.idl: Ditto. * Modules/mediastream/RTCRtpTransceiver.idl: Ditto. * Modules/mediastream/RTCSessionDescription.idl: Ditto. * Modules/mediastream/RTCTrackEvent.idl: Ditto. * bindings/generic/RuntimeEnabledFeatures.cpp: (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Set m_isMediaStreamEnabled in the constructor instead of in reset() because the later is called by the Internals constructor, making it impossible to override the runtime flag from WTR or DRT. (WebCore::RuntimeEnabledFeatures::reset): Don't set m_isMediaStreamEnabled. * page/Settings.in: Add peerConnectionEnabled. 2016-12-09 Daniel Bates Remove QuickLook scheme from the list of secure schemes https://bugs.webkit.org/show_bug.cgi?id=165699 Reviewed by Andy Estes. Following r207155 we use a unique origin for QuickLook documents. Unique origins are not subject to mixed content restrictions. Prior to r207155 QuickLook documents used the origin from which they were served. We added the QuickLook scheme to the list of secure schemes as a workaround to avoid mixed content errors when loading subresources in a QuickLook document served over HTTPS. Now that we use a unique origin for QuickLook documents we no longer need this workaround. * platform/SchemeRegistry.cpp: (WebCore::secureSchemes): 2016-12-09 Brady Eidson Re-landing: Add _WKIconLoadingDelegate SPI. https://bugs.webkit.org/show_bug.cgi?id=164894 Reviewed by Alex Christensen. No new tests (Manual testing possible in MiniBrowser now, WKTR tests coming soon in https://bugs.webkit.org/show_bug.cgi?id=164895). With this client, WebCore will ask the FrameLoaderClient about each icon found in the . WebKit2 will then ask the embedding app - for each icon - if it wants that icon to load. For icons the app decides to load, WebKit will pass the data to the app without storing locally. * WebCore.xcodeproj/project.pbxproj: * dom/Document.cpp: (WebCore::Document::implicitClose): * html/LinkIconCollector.cpp: (WebCore::iconSize): (WebCore::compareIcons): * html/LinkIconCollector.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::startIconLoading): (WebCore::DocumentLoader::didGetLoadDecisionForIcon): (WebCore::DocumentLoader::finishedLoadingIcon): * loader/DocumentLoader.h: * loader/FrameLoaderClient.h: * loader/icon/IconLoader.cpp: (WebCore::IconLoader::IconLoader): (WebCore::IconLoader::startLoading): (WebCore::IconLoader::notifyFinished): * loader/icon/IconLoader.h: * platform/LinkIcon.h: Copied from Source/WebCore/html/LinkIconCollector.h. (WebCore::LinkIcon::encode): (WebCore::LinkIcon::decode): 2016-12-06 Jiewen Tan [Part 2 of 2] Add support for PKCS8 format while doing SubtleCrypto.importKey/exportKey https://bugs.webkit.org/show_bug.cgi?id=129978 Reviewed by Brent Fulgham. This is part 2 of Bug 129978. In this patch, it adds the PKCS8 format support for SubtleCrypto.importKey/exportKey. Currently support algorithms are RSAES-PKCS1-v1_5, RSASSA-PKCS1-v1_5 and RSA-OAEP. Tests: crypto/subtle/rsa-import-jwk-key-export-pkcs8-key.html crypto/subtle/rsa-import-pkcs8-key-export-jwk-key.html crypto/subtle/rsa-import-pkcs8-key-export-pkcs8-key.html crypto/subtle/rsa-oaep-generate-export-key-pkcs8.html crypto/subtle/rsa-oaep-import-pkcs8-key.html crypto/subtle/rsaes-pkcs1-v1_5-generate-export-key-pkcs8.html crypto/subtle/rsaes-pkcs1-v1_5-import-pkcs8-key.html crypto/subtle/rsassa-pkcs1-v1_5-generate-export-key-pkcs8.html crypto/subtle/rsassa-pkcs1-v1_5-import-pkcs8-key.html crypto/workers/subtle/rsa-export-pkcs8-key.html crypto/workers/subtle/rsa-import-pkcs8-key.html * bindings/js/JSSubtleCryptoCustom.cpp: (WebCore::toKeyData): * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp: (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::importKey): (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::exportKey): * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp: (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey): (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::exportKey): * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp: (WebCore::CryptoAlgorithmRSA_OAEP::importKey): (WebCore::CryptoAlgorithmRSA_OAEP::exportKey): * crypto/gnutls/CryptoKeyRSAGnuTLS.cpp: (WebCore::CryptoKeyRSA::importPkcs8): (WebCore::CryptoKeyRSA::exportPkcs8): * crypto/keys/CryptoKeyRSA.h: * crypto/mac/CryptoKeyRSAMac.cpp: (WebCore::CryptoKeyRSA::importSpki): (WebCore::CryptoKeyRSA::importPkcs8): (WebCore::CryptoKeyRSA::exportPkcs8): 2016-12-09 Geoffrey Garen Deploy OrdinalNumber in JSC::SourceCode https://bugs.webkit.org/show_bug.cgi?id=165687 Reviewed by Michael Saboff. Updated for interface changes. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::evaluateModule): * bindings/js/ScriptSourceCode.h: (WebCore::ScriptSourceCode::startLine): 2016-12-09 Joseph Pecoraro Web Inspector: Some resources fetched via Fetch API do not have data https://bugs.webkit.org/show_bug.cgi?id=165230 Reviewed by Alex Christensen. Tests: http/tests/inspector/network/fetch-response-body.html http/tests/inspector/network/xhr-response-body.html * platform/network/ResourceRequestBase.h: Distinguish Fetch requests. * Modules/fetch/FetchRequest.cpp: (WebCore::FetchRequest::initializeWith): Set the requester type as Fetch. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::didReceiveResponse): * loader/DocumentThreadableLoader.h: * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::didReceiveThreadableLoaderResponseImpl): (WebCore::InspectorInstrumentation::didReceiveXHRResponseImpl): Deleted. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::didReceiveResourceResponse): (WebCore::InspectorInstrumentation::didReceiveThreadableLoaderResponse): (WebCore::InspectorInstrumentation::didReceiveXHRResponse): Deleted. * inspector/InspectorNetworkAgent.cpp: (WebCore::InspectorNetworkAgent::didReceiveThreadableLoaderResponse): (WebCore::InspectorNetworkAgent::didFinishXHRLoading): (WebCore::InspectorNetworkAgent::didReceiveXHRResponse): Deleted. Add a generic way for a ThreadableLoader load to update the type of a network request. This will include both XHR and Fetch requests. * inspector/InspectorPageAgent.cpp: (WebCore::hasTextContent): (WebCore::createXHRTextDecoder): (WebCore::InspectorPageAgent::resourceTypeJson): (WebCore::InspectorPageAgent::cachedResourceType): (WebCore::InspectorPageAgent::createTextDecoder): (WebCore::textContentForCachedResource): * inspector/InspectorPageAgent.h: * inspector/NetworkResourcesData.cpp: (WebCore::createOtherResourceTextDecoder): Deleted. Share the logic that creates a Text Decoders for XHR with other non-buffered requests (like Fetch). This moves us to identical behavior for now. * platform/MIMETypeRegistry.cpp: (WebCore::MIMETypeRegistry::isSupportedJSONMIMEType): (WebCore::MIMETypeRegistry::isTextMIMEType): * platform/MIMETypeRegistry.h: Better detect different JSON content based on MIME Type. 2016-12-09 Ryosuke Niwa document.webkitFullscreenElement leaks elements inside a shadow tree https://bugs.webkit.org/show_bug.cgi?id=158471 Reviewed by Chris Dumez. Fixed the bug by calling the newly added ancestorElementInThisScope in webkitCurrentFullScreenElementForBindings and webkitFullscreenElementForBinding. The specification (https://fullscreen.spec.whatwg.org/#dom-document-fullscreenelement) uses "the result of retargeting fullscreen element" and returns null if the result is not in the same tree as the context object. This is equivalent to the algorithm implemented by ancestorElementInThisScope. Observe that the retargeting algorithm (https://dom.spec.whatwg.org/#retarget) finds the lowest common tree scope of the retargetee and the context object. There are two cases to consider. 1. The context object's tree scope is the lowest common tree scope: In this case, an ancestor shadow host or the retargetee itself is in this tree scope. It's sufficient traverse every shadow host to find the one that resides in the same tree scope as the context object. This is precisely what ancestorElementInThisScope does. 2. The context object's tree scope is not the lowest common tree scope: In this case, the context object is inside a shadow tree whose ancestor shadow host is in the lowest common tree scope. In this case, retargeting algorithm finds a node which is not in the same tree as the context object. Thus, the result is null. ancestorElementInThisScope traveres ancestor shadow hosts and returns null if no shadow host's tree scope matches that of the context object's tree scope. Thus, it would return null in this case as desired. Also renamed TreeScope::focusedElement to focusedElementInScope for clarity since Document which inherits from TreeScope also has a distinct member function named focusedElement called by TreeScope::focusedElement, and used ancestorElementInThisScope since it uses the same algorithm. Tests: fast/shadow-dom/activeElement-for-focused-element-in-another-shadow.html fast/shadow-dom/blur-on-shadow-host-with-focused-shadow-content.html fast/shadow-dom/fullscreen-in-shadow-fullscreenElement.html fast/shadow-dom/fullscreen-in-shadow-webkitCurrentFullScreenElement.html fast/shadow-dom/fullscreen-in-slot-fullscreenElement.html fast/shadow-dom/fullscreen-in-slot-webkitCurrentFullScreenElement.html * dom/Document.cpp: (WebCore::Document::removeFocusedNodeOfSubtree): (WebCore::Document::activeElement): * dom/Document.h: (WebCore::Document::webkitCurrentFullScreenElementForBindings): Added. (WebCore::Document::webkitFullscreenElementForBindings): Added. * dom/Document.idl: * dom/Element.cpp: (WebCore::Element::blur): * dom/ShadowRoot.h: (WebCore::ShadowRoot::activeElement): * dom/TreeScope.cpp: (WebCore::TreeScope::ancestorNodeInThisScope): Renamed from ancestorInThisScope for clarity. (WebCore::TreeScope::ancestorElementInThisScope): (WebCore::TreeScope::focusedElementInScope): Renamed from focusedElement to disambiguate it from Document's focusedElement. * dom/TreeScope.h: * editing/VisibleSelection.cpp: (WebCore::adjustPositionForEnd): (WebCore::adjustPositionForStart): * editing/htmlediting.cpp: (WebCore::comparePositions): (WebCore::firstEditablePositionAfterPositionInRoot): (WebCore::lastEditablePositionBeforePositionInRoot): * page/DOMSelection.cpp: (WebCore::selectionShadowAncestor): (WebCore::DOMSelection::shadowAdjustedNode): (WebCore::DOMSelection::shadowAdjustedOffset): * rendering/HitTestResult.cpp: (WebCore::HitTestResult::addNodeToRectBasedTestResult): Added a FIXME here since this is clearly wrong for shadow trees created by author scripts. 2016-12-09 Geoffrey Garen TextPosition and OrdinalNumber should be more like idiomatic numbers https://bugs.webkit.org/show_bug.cgi?id=165678 Reviewed by Filip Pizlo. * bindings/js/CachedScriptSourceProvider.h: (WebCore::CachedScriptSourceProvider::CachedScriptSourceProvider): * bindings/js/JSEventListener.h: (WebCore::JSEventListener::sourcePosition): * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::JSLazyEventListener): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::eventHandlerPosition): * bindings/js/ScriptSourceCode.h: (WebCore::ScriptSourceCode::ScriptSourceCode): * css/CSSStyleSheet.cpp: (WebCore::CSSStyleSheet::create): * dom/ScriptElement.h: * html/parser/HTMLTreeBuilder.cpp: (WebCore::uninitializedPositionValue1): * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::buildObjectForStyleSheetInfo): Adopt default construtor. * xml/XMLErrors.cpp: (WebCore::XMLErrors::XMLErrors): (WebCore::XMLErrors::handleError): * xml/XMLErrors.h: Use std::optional instead of belowRangePosition() because in-band signaling is harder to reason about. * xml/parser/XMLDocumentParserLibxml2.cpp: (WebCore::XMLDocumentParser::textPosition): Adopt default constructor. 2016-12-09 Chris Dumez [Cocoa] Validation message for required checkbox doesn’t conform the the Apple Style Guide https://bugs.webkit.org/show_bug.cgi?id=165661 Reviewed by Dan Bernstein. Update validation message as per Apple Style Guide. * English.lproj/Localizable.strings: * platform/LocalizedStrings.cpp: (WebCore::validationMessageValueMissingForCheckboxText): 2016-12-09 Zalan Bujtas ASSERTION FAILED: !beforeChild->isRubyRun() in WebCore::RenderRubyAsBlock::addChild https://bugs.webkit.org/show_bug.cgi?id=141433 Reviewed by Dean Jackson. Do not try to inject the list marker into a block ruby subtree. Have it as the sibling of the ruby instead (with an anonymous block wrapper ofc). Test: fast/ruby/assert-with-listitem-and-block-ruby.html * rendering/RenderListItem.cpp: (WebCore::getParentOfFirstLineBox): 2016-12-09 Antoine Quint [Modern Media Controls] Implement the pageScaleFactor property https://bugs.webkit.org/show_bug.cgi?id=165660 Reviewed by Dean Jackson. We implement the pageScaleFactor property on MediaController. This property is set by the HTMLMediaElement when the page scale factor changes, and we only choose to handle it on iOS by setting controlsDependOnPageScaleFactor to true on the MediaControlsHost. To do so, we now size the media controls by multiplying the layout size of the media by the page scale factor, and apply an inverse CSS zoom on the media controls themselves. Test: media/modern-media-controls/media-controller/media-controller-scale-factor.html * Modules/modern-media-controls/controls/media-controls.css: (.media-controls-container,): * Modules/modern-media-controls/controls/media-controls.js: (MediaControls.prototype.get scaleFactor): (MediaControls.prototype.set scaleFactor): (MediaControls.prototype.commitProperty): * Modules/modern-media-controls/media/media-controller.js: (MediaController): (MediaController.prototype.set pageScaleFactor): (MediaController.prototype._updateControlsSize): * html/HTMLMediaElement.cpp: (WebCore::controllerJSValue): (WebCore::HTMLMediaElement::setControllerJSProperty): We no longer hit a JSC assertion when trying to set the pageScaleFactor property before the JS controller was actually created. 2016-12-09 Daniel Bates Attempt to fix the Mac CMake build following (https://bugs.webkit.org/show_bug.cgi?id=165572) Add directory html/canvas to the list of forwarding headers directories so that the Legacy WebKit Objective-C DOM binding DOMHTMLCanvasElement.mm can ultimately include header WebGLContextAttributes.h. * PlatformMac.cmake: 2016-12-09 Brady Eidson LinkIconCollector refactoring. https://bugs.webkit.org/show_bug.cgi?id=165657 Reviewed by Dean Jackson. No new tests (Refactor, no behavior change) * WebCore.xcodeproj/project.pbxproj: * html/LinkIconCollector.cpp: (WebCore::iconSize): (WebCore::compareIcons): * html/LinkIconCollector.h: * platform/LinkIcon.h: Move outside of LinkIconCollector for future expandability. 2016-12-09 Ryan Haddad Unreviewed, rolling out r209574. This change broke the Windows build. Reverted changeset: "[WebIDL] Remove custom bindings for Geolocation" https://bugs.webkit.org/show_bug.cgi?id=165625 http://trac.webkit.org/changeset/209574 2016-12-09 Ryosuke Niwa Custom Elements from a different document are not customized when created with innerHTML https://bugs.webkit.org/show_bug.cgi?id=165617 Reviewed by Antti Koivisto. The bug was caused by a superflous null check on window in createHTMLElementOrFindCustomElementInterface. Removed the nullcheck to fix the bug. Test: fast/custom-elements/adopting-from-frameless-document.html * html/parser/HTMLConstructionSite.cpp: (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface): 2016-12-09 Daniel Bates [CSP] Policy of window opener not applied to about:blank window https://bugs.webkit.org/show_bug.cgi?id=165531 Reviewed by Brent Fulgham. Fixes an issue where the content security policy of the opener document was not applied to an about:blank window. An about:blank window inherits its security origin from its opener document. It should also copy (inherit) the ContentSecurityPolicy from its opener document. When copying the ContentSecurityPolicy state from the opener document to the about:blank document we must take care to avoid copying any upgrade-insecure-request directive because new windows should not inherit it by definition. With respect to upgrade-insecure-requests, new windows should only inherit the insecure navigation set from their opener document. Test: http/tests/security/contentSecurityPolicy/image-blocked-in-about-blank-window.html * dom/Document.cpp: (WebCore::Document::initContentSecurityPolicy): Copy the ContentSecurityPolicy state from the owner document to this document when it inherits its security origin from its owner. An about:blank window is one example of a document that inherits its security origin from its owner. * loader/WorkerThreadableLoader.cpp: (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom() to copy the upgrade insecure requests state from the owner document to the worker now that ContentSecurityPolicy::copyStateFrom() no longer does this. * page/csp/ContentSecurityPolicy.cpp: (WebCore::ContentSecurityPolicy::copyStateFrom): Do not copy the upgrade insecure request state. Callers are now responsible for calling ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom() to copy this state. * page/csp/ContentSecurityPolicyDirectiveList.cpp: (WebCore::ContentSecurityPolicyDirectiveList::parse): Ignore directive upgrade-insecure-requests when inheriting ContentSecurityPolicy state as this directive as the Upgrade Insecure Requests feature has its own inheritance semantics that differ from the semantics of copying a ContentSecurityPolicy object. * xml/XSLTProcessor.cpp: (WebCore::XSLTProcessor::createDocumentFromSource): Call ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom() to copy the upgrade insecure requests state from the original document to the transformed document now that ContentSecurityPolicy::copyStateFrom() no longer does this. 2016-12-09 Antoine Quint [Modern Media Controls] Remaining time label first appears way to the left https://bugs.webkit.org/show_bug.cgi?id=165637 Reviewed by Dean Jackson. We would sometimes see the remaining time label be laid out in an incorrect position when a video would start playing. This happened because the time label was being committed from a previous value before, in the same frame, we would call the layout() function of MacOSInlineMediaControls. This would set the newly computed location for the remaining time label, but because we would reset the list of dirty properties after calling all layout functions, the new value set in MacOSInlineMediaControls.layout() would be disregarded and the wrong, committed value would persist until it was reset in a much later frame. We now correctly clear the list of dirty nodes before laying them out, giving all nodes a chance to become dirty again during layout, and updated again in the next frame. Test: media/modern-media-controls/layout-node/node-made-dirty-during-layout.html * Modules/modern-media-controls/controls/layout-node.js: (performScheduledLayout): 2016-12-09 Per Arne Vollan Fix compile errors on Windows when building with .proj files. Unreviewed build fix. Fix include paths. * platform/graphics/win/IntPointWin.cpp: * platform/graphics/win/IntRectWin.cpp: * platform/graphics/win/IntSizeWin.cpp: 2016-12-09 Csaba Osztrogonác Unreviewed buildfix after r209570. * bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::addBuiltinGlobals): 2016-12-01 Sergio Villar Senin [css-grid] Pass Grid as argument to items' placement methods https://bugs.webkit.org/show_bug.cgi?id=165250 Reviewed by Darin Adler. In order to constify computeIntrinsicLogicalWidths() it is required to constify placeItemsOnGrid() first, which is the base method of the grid items' positioning logic. The first step is to constify all the methods invoked by the latter, which basically means to pass the Grid as argument to all of them instead of directly using the m_grid attribute from RenderGrid. As this is an intermediate step, a new const_cast<> was required in the intrinsic size computation. However it will be promptly removed after the const-ification of placeItemsOnGrid(). After this, only the methods used by the track sizing algorithm will directly access m_grid. All those would get a reference to the Grid via GridSizingData, but that's a matter of a follow up patch. Apart from that, m_gridIsDirty was removed because it was always too confusing. It was replaced by Grid's m_needsItemsPlacement which is much more concise. The clearGrid() call was indeed only forcing a new placement of the grid items. No new tests as this is a refactoring. * rendering/RenderGrid.cpp: (WebCore::RenderGrid::Grid::setNeedsItemsPlacement): New method to flag the Grid whenever grid items' placement algorithm needs to be run. (WebCore::RenderGrid::canPerformSimplifiedLayout): (WebCore::RenderGrid::layoutBlock): (WebCore::RenderGrid::computeIntrinsicLogicalWidths): (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): (WebCore::RenderGrid::placeItemsOnGrid): (WebCore::RenderGrid::populateExplicitGridAndOrderIterator): Constified. Got Grid as argument. (WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid): Ditto. (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid): Ditto. (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Ditto. (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid): Ditto. (WebCore::RenderGrid::clearGrid): (WebCore::RenderGrid::offsetAndBreadthForPositionedChild): (WebCore::RenderGrid::numTracks): * rendering/RenderGrid.h: 2016-12-09 Gavin Barraclough Revert - Add _WKIconLoadingDelegate SPI https://bugs.webkit.org/show_bug.cgi?id=164894 Unreviewed rollout due to performance regression. * WebCore.xcodeproj/project.pbxproj: * dom/Document.cpp: (WebCore::Document::implicitClose): * html/LinkIconCollector.cpp: (WebCore::iconSize): (WebCore::compareIcons): * html/LinkIconCollector.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::startIconLoading): Deleted. (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Deleted. (WebCore::DocumentLoader::finishedLoadingIcon): Deleted. * loader/DocumentLoader.h: * loader/FrameLoaderClient.h: * loader/icon/IconLoader.cpp: (WebCore::IconLoader::IconLoader): (WebCore::IconLoader::startLoading): (WebCore::IconLoader::notifyFinished): * loader/icon/IconLoader.h: * platform/LinkIcon.h: Removed. 2016-12-08 Jiewen Tan [WebCrypto] Remove NoInterfaceObject attribute from SubtleCrypto Interface https://bugs.webkit.org/show_bug.cgi?id=165629 Reviewed by Chris Dumez. Covered by existing tests. * crypto/SubtleCrypto.idl: 2016-12-08 Keith Rollin FileHandle::printf doesn't build on Windows https://bugs.webkit.org/show_bug.cgi?id=165642 Reviewed by Ryosuke Niwa. Fix the build -- vasprintf does not exist on Windows, so make FileHandle::printf a no-op on that platform. No new tests -- affected facility is currently only used in testing code and is not user reachable. * platform/FileHandle.cpp: (WebCore::FileHandle::printf): 2016-12-08 Antoine Quint [Modern Media Controls] Exiting fullscreen with paused media shows the start button https://bugs.webkit.org/show_bug.cgi?id=165640 Reviewed by Dean Jackson. Like all supporting objects, the StartSupport instance gets recreated when creating controls for new layout traits, which happens when going from fullscreen to inline. Due to this, the "_isPlayed" property is not longer set to true, even if the media has played prior to being paused in fullscreen. We now also check the media's played range to identify whether media has been played. * Modules/modern-media-controls/media/start-support.js: (StartSupport.prototype._shouldShowStartButton): (StartSupport): 2016-12-08 Myles C. Maxfield ASSERTION FAILED: locale in WebCore::lastHyphenLocation https://bugs.webkit.org/show_bug.cgi?id=164182 Reviewed by Zalan Bujtas. Our hyphenation code assumes the locale is in a small set of known locales. However, web content can put whatever string it wants in the locale field. Test: fast/text/hyphenation-unknown-locale.html * platform/text/cf/HyphenationCF.cpp: (WebCore::lastHyphenLocation): * rendering/RenderText.cpp: (WebCore::maxWordFragmentWidth): When computing the minimum preferred width of an element, we want to know the size of the widest nonbreakable unit. When hyphenation is enabled, we have to measure the width of each fragment of each word (where "fragment" is determined by a substring between two successive hyphenation points, appended with a hyphen character). A hyphenation point at string offset 0 is irrelevant for this purpose, because it would lead to an empty fragment. Therefore, skip this situation. 2016-12-08 David Kilzer Always check the return value of pthread_key_create() Reviewed by Darin Adler. * platform/ios/wak/WebCoreThread.mm: (InitThreadContextKey): Call CRASH() if pthread_key_create() returns an error. The error code will be stored in a register available in a crash log, so no need to log the value explicitly. 2016-12-08 Alex Christensen Reduce PassRefPtr use in platform/graphics https://bugs.webkit.org/show_bug.cgi?id=165636 Reviewed by Dean Jackson. No change in behavior. * platform/graphics/GraphicsContext3D.h: * platform/graphics/mac/DisplayRefreshMonitorMac.h: (WebCore::DisplayRefreshMonitorMac::create): * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: (WebCore::GraphicsContext3D::createForCurrentGLContext): (WebCore::GraphicsContext3D::paintRenderingResultsToImageData): 2016-12-08 Keith Rollin Move FileHandle to WebCore FileHandle.h https://bugs.webkit.org/show_bug.cgi?id=165562 Reviewed by Alex Christensen. Add FileHandle, a small wrapper around FileSystem facilities to manage the lifetime of an open file and give the facilities a C++ interface. No new tests -- affected facility is currently only used in testing code and is not user reachable. * CMakeLists.txt: * WebCore.xcodeproj/project.pbxproj: * platform/FileHandle.cpp: Added. (WebCore::FileHandle::FileHandle): (WebCore::FileHandle::~FileHandle): (WebCore::FileHandle::operator=): (WebCore::FileHandle::operator bool): (WebCore::FileHandle::open): (WebCore::FileHandle::read): (WebCore::FileHandle::write): (WebCore::FileHandle::printf): (WebCore::FileHandle::close): * platform/FileHandle.h: Added. 2016-12-07 Ryosuke Niwa ASSERTION FAILED: m_items.isEmpty() in CustomElementReactionQueue destructor https://bugs.webkit.org/show_bug.cgi?id=162029 Reviewed by Chris Dumez. The bug was caused by Document::removedLastRef enqueuing disconnectedCallback during a tear down. Don't enqueue a disconnectedCallback while a document is getting torn down since that should not be observable to author scripts. The connected, adopted, and attributeChanged callbacks are immune from this problem since they don't happen during a document destruction. Note that this was also the case prior to this patch since the disconnectedCallback would have been added to the current CustomElementReactionQueue which will be destructed without invoking callbacks (or hit a release assertion added in r208785 and r209426 for now). Tests: fast/custom-elements/disconnected-callback-in-detached-iframe.html fast/custom-elements/element-queue-during-document-destruction.html * dom/CustomElementReactionQueue.cpp: (WebCore::CustomElementReactionQueue::enqueueConnectedCallbackIfNeeded): Added an assertion that document's refCount hasn't reached zero yet. (WebCore::CustomElementReactionQueue::enqueueDisconnectedCallbackIfNeeded): Fixed the bug. (WebCore::CustomElementReactionQueue::enqueueAdoptedCallbackIfNeeded): Added the same assertion. (WebCore::CustomElementReactionQueue::enqueueAttributeChangedCallbackIfNeeded): Ditto. 2016-12-08 Daniel Bates Add Strict Mixed Content Checking and Upgrade Insecure Requests to WebKit Feature Status dashboard https://bugs.webkit.org/show_bug.cgi?id=165635 Rubber-stamped by Ryosuke Niwa. * features.json: 2016-12-08 Daniel Bates Implement Strict Mixed Content Checking https://bugs.webkit.org/show_bug.cgi?id=165438 Reviewed by Brent Fulgham and Andy Estes. Add support for the CSP directive block-all-mixed-content to enable strict mixed content checking as per (2 August 2016). Currently WebKit only blocks blockable content as such content can contaminate the security origin that loaded it. Optionally-blockable content, including images, would be allowed to load as mixed content. When strict mixed content checking is enabled all mixed content is blocked. That is, both blockable and optionally-blockable content will be blocked. A web site can opt into strict mixed content checking by adding the directive block-all-mixed-content to their content security policy. Tests: http/tests/security/contentSecurityPolicy/block-all-mixed-content/data-url-iframe-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/duplicate-directive.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-blob-url-iframe-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-plugin-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe.html http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe.html * dom/Document.cpp: (WebCore::Document::initSecurityContext): Inherit strict mixed content checking mode from parent document. * dom/SecurityContext.h: (WebCore::SecurityContext::isStrictMixedContentMode): Added. (WebCore::SecurityContext::setStrictMixedContentMode): Added. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Check mixed content policy with respect to the current frame. The document in the current frame may have opted into strict mixed content checking or inherited it from its parent document. * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::begin): Inherit the strict mixed content checking mode from the owner document when loading a JavaScript URL in a frame (e.g.