ChangeLog   [plain text]


2017-08-15  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r217197. rdar://problem/33890636

    2017-05-21  Antti Koivisto  <antti@apple.com>

            matchMedia('print').addListener() fires in WK1 but never in WK2 when printing (breaks printing Google maps, QuickLooks)
            https://bugs.webkit.org/show_bug.cgi?id=172361
            <rdar://problem/28777408>

            Reviewed by Sam Weinig.

            Test: fast/media/matchMedia-print.html

            * page/FrameView.cpp:
            (WebCore::FrameView::layout):

                Evaluate matchMedia queries unconditionally. No idea why it wasn't like that.

            * testing/Internals.cpp:
            (WebCore::Internals::setPrinting):

                Add testing support. The existing ways to do printing testing were unable to hit this bug as
                they had too much additional gunk.

            * testing/Internals.h:
            * testing/Internals.idl:

2017-08-15  Matthew Hanson  <matthew_hanson@apple.com>

        Cherry-pick r220722. rdar://problem/33890575

    2017-08-14  Andy Estes  <aestes@apple.com>

            REGRESSION (r220456): Crash in PreviewLoader::shouldCreateForMIMEType() when a ResourceResponse has a null MIME type
            https://bugs.webkit.org/show_bug.cgi?id=175548
            <rdar://problem/33866206>

            Reviewed by Brady Eidson.

            New API test: QuickLook.ShouldCreateForMIMEType

            * WebCore.xcodeproj/project.pbxproj:
            * loader/ios/PreviewLoader.h:
            * loader/ios/PreviewLoader.mm:
            (WebCore::PreviewLoader::shouldCreateForMIMEType): Check if mimeType is a null String before
            calling HashSet::contains().

2017-08-14  Jason Marcell  <jmarcell@apple.com>

        Revert r217197. rdar://problem/33890636

2017-08-14  Jason Marcell  <jmarcell@apple.com>

        Revert r220112. rdar://problem/33890629

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220459. rdar://problem/33820787

    2017-08-09  Daniel Bates  <dabates@apple.com>

            REGRESSION (r219013): OAuth flows are broken when redirecting back to application after authentication
            https://bugs.webkit.org/show_bug.cgi?id=175247
            <rdar://problem/33679804>

            Reviewed by Brady Eidson.

            Add SPI so that Safari can differentiate between a form submission and a redirected form submission
            and have PolicyCheck notify the frame loader client if the navigation was in response to receiving a
            redirect response. This is the WebKit portion to fix an issue when a native app makes use of an OAuth
            OAuth flow that bounces to Safari for user login and then bounce back to the app. Microsoft Graph's
            OAuth flow is one example.

            Safari was differentiating between a form submission and a redirected form submission based on the
            nullity of WKNavigationAction.sourceFrame because in both cases the navigation type was WKNavigationTypeFormSubmitted.
            The navigation type is the same for both navigations because WebKit always used the navigation
            action from the original request for the redirect request when the original request redirected.
            Prior to r219013, WKNavigationAction.sourceFrame would be nil for a form submission that redirects.
            Following r219013, WKNavigationAction.sourceFrame is non-nil unless the navigation was initiated by
            API. In particular, WKNavigationAction.sourceFrame is non-nil for the redirect navigation corresponding
            to a form submission that redirects.

            * loader/EmptyClients.cpp:
            (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
            * loader/FrameLoaderClient.h:
            Have dispatchDecidePolicyForNavigationAction() take a boolean as to whether the navigation was in
            response to receiving a redirect response.
            * loader/PolicyChecker.cpp:
            (WebCore::PolicyChecker::checkNavigationPolicy): Notify the frame loader client whether the navigation
            is in response to receiving a redirect response.

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220456. rdar://problem/33805190

    2017-08-09  Andy Estes  <aestes@apple.com>

            [QuickLook] Use case-insensitive comparison of preview MIME types
            https://bugs.webkit.org/show_bug.cgi?id=175350
            <rdar://problem/33761159>

            Reviewed by Brady Eidson.

            MIME types are case-insensitive, but PreviewLoader was using a case-sensitive comparison to
            determine if a MIME type was supported by QLPreviewConverter. As a result we would fail to
            preview Excel macro-enabled workbooks, since CFNetwork would sniff a MIME type of
            "application/vnd.ms-excel.sheet.macroEnabled.12" but QuickLook contained
            "application/vnd.ms-excel.sheet.macroenabled.12" in its set of supported MIME type strings.

            Fix this by copying the QuickLook supported MIME type set into a HashSet using
            ASCIICaseInsensitiveHash and using that HashSet for MIME type checks.

            Test: quicklook/excel-macro-enabled.html

            * loader/ios/PreviewLoader.mm:
            (WebCore::PreviewLoader::shouldCreateForMIMEType):

2017-08-08  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220289. rdar://problem/33789085

    2017-08-04  Said Abou-Hallawa  <sabouhallawa@apple.com>

            RenderImageResourceStyleImage::image() should return the nullImage() if the image is not available
            https://bugs.webkit.org/show_bug.cgi?id=174874
            <rdar://problem/33530130>

            Reviewed by Simon Fraser.

            If an <img> element has a non-CachedImage content data, e.g. -webkit-named-image,
            RenderImageResourceStyleImage will be created and  attached to the RenderImage.
            RenderImageResourceStyleImage::m_cachedImage will be set to null at the
            beginning because the m_styleImage->isCachedImage() is false in this case.
            When ImageLoader finishes loading the url of the src attribute,
            RenderImageResource::setCachedImage() will be called to set m_cachedImage.

            A crash will happen when the RenderImage is destroyed. Destroying the
            RenderImage calls RenderImageResourceStyleImage::shutdown() which checks
            m_cachedImage and finds it not null, so it calls RenderImageResourceStyleImage::image()
            which ends up calling CSSNamedImageValue::image() which returns a null pointer
            because the size is empty. RenderImageResourceStyleImage::shutdown() calls
            image()->stopAnimation() without checking the return value of image().

            Another crash will happen later when deleting the CachedImage from the memory
            cache if CachedImage::canDestroyDecodedData() is called because the client
            it gets from m_clients is a freed pointer. This happens because RenderImageResourceStyleImage
            has m_styleImage of type StyleGeneratedImage but its m_cachedImage is set
            by RenderImageResource::setCachedImage(). When RenderImageResourceStyleImage::shutdown()
            is called, it calls  StyleGeneratedImage::removeClient() which does not
            know anything about RenderImageResourceStyleImage::m_cachedImage. So we
            end up having a freed pointer in the m_clients of the CachedImage.

            Test: fast/images/image-element-image-content-data.html

            * rendering/RenderImageResourceStyleImage.cpp:
            (WebCore::RenderImageResourceStyleImage::shutdown):  Revert back the changes
            of r208511 in this function. Add a call to image()->stopAnimation() without
            checking the return of image() since it will return the nullImage() if
            the image not available. There is no need to check m_cachedImage before
            calling image() because image() does not check or access m_cachedImage.

            If m_styleImage is not a CachedStyleImage but m_cachedImage is not null,
            we need to remove m_renderer from the set of the clients of this m_cachedImage.

            (WebCore::RenderImageResourceStyleImage::image const): The base class method
            RenderImageResource::image() returns the nullImage() if the image not
            available. This is because CachedImage::imageForRenderer() returns
            the nullImage() if the image is not available; see CachedImage.h. We should
            do the same for the derived class for consistency.

2017-08-04  Jason Marcell  <jmarcell@apple.com>

        Revert r219896. rdar://problem/33711000

2017-08-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220163. rdar://problem/33711018

    2017-08-02  Andy Estes  <aestes@apple.com>

            REGRESSION (r207155): Unable to switch sheets when previewing Numbers '09 spreadsheets
            https://bugs.webkit.org/show_bug.cgi?id=175098
            <rdar://problem/31416763>

            Reviewed by Daniel Bates.

            r207155 enabled sandboxing on the frame displaying a QuickLook preview. This restricted
            frames within the sandbox from navigating their sandboxed siblings or ancestors, which
            breaks the functionality of multi-sheet Numbers '09 spreadsheet previews. These previews
            contain a frameset with a table of contents frame and a content frame, and the table of
            contents frame needs to be able to navigate the content frame when the sheet selection
            changes.

            Fix this by disabling the SandboxNavigation flag in the QuickLook sandbox. Frames within the
            sandbox will be able to navigate each other, but will not be able to navigate the top frame
            (due to SandboxTopNavigation still being enabled), nor will they be able to navigate any
            other ancestor frame outside the sandbox (due to QuickLook previews being in a different
            origin than the hosting frame). These two cases are covered by existing tests.

            Test: quicklook/multi-sheet-numbers-09.html

            * dom/Document.cpp:
            (WebCore::Document::applyQuickLookSandbox): Added a call to
            disableSandboxFlags(SandboxNavigation) after applying the content security policy.
            * dom/SecurityContext.h:
            (WebCore::SecurityContext::disableSandboxFlags): Defined disableSandboxFlags().

2017-08-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220153. rdar://problem/33711038

    2017-08-02  Jer Noble  <jer.noble@apple.com>

            [MSE] Removing samples when presentation order does not match decode order can cause bad behavior.
            https://bugs.webkit.org/show_bug.cgi?id=175091

            Reviewed by Eric Carlson.

            Address follow-up comments to r219519.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::removeCodedFrames):

2017-08-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219896. rdar://problem/33711000

    2017-07-25  Andy Estes  <aestes@apple.com>

            [Apple Pay] Add "carteBancaire" as a supported payment network
            https://bugs.webkit.org/show_bug.cgi?id=174841
            <rdar://problem/31935596>

            Reviewed by Alex Christensen.

            Tests: http/tests/ssl/applepay/ApplePaySession.html
                   http/tests/ssl/applepay/ApplePaySessionV3.html

            * Modules/applepay/PaymentRequest.cpp:
            (WebCore::PaymentRequest::isValidSupportedNetwork):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220112. rdar://problem/33687415

    2017-08-01  Zalan Bujtas  <zalan@apple.com>

            REGRESSION (r217197): New Yorker website hangs for a long time on load, lots of blank tiles
            https://bugs.webkit.org/show_bug.cgi?id=175009
            <rdar://problem/33505791>

            Reviewed by Simon Fraser.

            This patch ensures that we report the desktop, non-frame-flattened frame size for media queries in subframes.
            Some websites don't expect the iframes to be expanded to the size of the content and when the media query
            callback mutates the content (triggering frame resize), they might end up getting into a never ending layout.

            Test: fast/frames/flattening/media-query-growing-content.html

            * css/MediaQueryEvaluator.cpp:
            (WebCore::orientationEvaluate):
            (WebCore::aspectRatioEvaluate):
            (WebCore::heightEvaluate):
            (WebCore::widthEvaluate):
            * page/FrameView.cpp:
            (WebCore::FrameView::layout):
            (WebCore::FrameView::layoutSizeForMediaQuery const):
            (WebCore::FrameView::evaluateMediaQueryList):
            * page/FrameView.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220085. rdar://problem/33687398

    2017-07-31  Matt Rajca  <mrajca@apple.com>

            Support quirk for letting media autoplay if the user interacted with at least one media element.
            https://bugs.webkit.org/show_bug.cgi?id=175005
            <rdar://problem/33476038>

            Reviewed by Eric Carlson.

            If the user has interacted with at least one media element, let other media elements auto-play
            as a quirk.

            * dom/Document.cpp:
            (WebCore::Document::updateIsPlayingMedia):
            * dom/Document.h:
            (WebCore::Document::noteUserInteractionWithMediaElement):
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture):
            * html/MediaElementSession.cpp:
            (WebCore::needsDocumentLevelMediaUserGestureQuirk):
            (WebCore::MediaElementSession::playbackPermitted const):
            * page/MediaProducer.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220084. rdar://problem/33687425

    2017-07-31  Nan Wang  <n_wang@apple.com>

            AX: CFEqual is failing on text markers with exact same data
            https://bugs.webkit.org/show_bug.cgi?id=175002
            <rdar://problem/33636985>

            Reviewed by Chris Fleizach.

            We should zero the memory of the TextMarkerData instance so that it
            can be tested for byte-equivalence.

            Made sure this change won't break any of the existing tests.

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220077. rdar://problem/33687398

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Propagate user gesture tokens when script elements are loaded.
            https://bugs.webkit.org/show_bug.cgi?id=174959

            Reviewed by Eric Carlson.

            Propagate user gesture tokens when script elements are loaded (i.e. between the time an
            element is created and its onload handler is invoked).

            * dom/ScriptElement.cpp:
            (WebCore::ScriptElement::ScriptElement):
            (WebCore::ScriptElement::dispatchLoadEventRespectingUserGestureIndicator):
            (WebCore::ScriptElement::executeScriptAndDispatchEvent):
            (WebCore::ScriptElement::executePendingScript):
            * dom/ScriptElement.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220035. rdar://problem/33687398

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Don't add autoplay restrictions to media elements created in response to user gestures.
            https://bugs.webkit.org/show_bug.cgi?id=174947

            Reviewed by Eric Carlson.

            Test: media/video-create-with-user-gesture.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):

2017-08-02  Matthew Hanson  <matthew_hanson@apple.com>

        Cherry-pick r219602. rdar://problem/33537767

    2017-07-17  Konstantin Tokarev  <annulen@yandex.ru>

            [cmake] Set library types before their targets are created
            https://bugs.webkit.org/show_bug.cgi?id=174600

            Reviewed by Michael Catanzaro.

            Since r219560 library targets are created before PlatformXXX.cmake
            files are processed, however library type must be passed in
            add_library() call and cannot be changed afterwards. Set these
            variables in OptionsXXX.cmake.

            No new tests needed.

            * PlatformMac.cmake:

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220048. rdar://problem/33619591

    2017-07-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

            RenderImageResourceStyleImage::image() should return the nullImage() if the image is not available
            https://bugs.webkit.org/show_bug.cgi?id=174874
            <rdar://problem/33530130>

            Reviewed by Darin Adler.

            If an <img> element has image content data for a none cached image, e.g.
            -webkit-named-image, RenderImageResourceStyleImage will be created and
            attached to the RenderImage. RenderImageResourceStyleImage::m_cachedImage
            will be set to null because the m_styleImage->isCachedImage() is false in
            this case. When ImageLoader finishes loading the url of the src attribute,
            RenderImageResource::setCachedImage() will be called to set m_cachedImage.

            A crash will happen when the RenderImage is destroyed. Destroying the
            RenderImage calls RenderImageResourceStyleImage::shutdown() which checks
            m_cachedImage and finds it not null, so it calls RenderImageResourceStyleImage::image()
            which ends up calling CSSNamedImageValue::image() which returns a null pointer
            because the size is empty. RenderImageResourceStyleImage::shutdown() calls
            image()->stopAnimation() without checking the return value of image().

            Like the base class virtual method RenderImageResource::image(),
            RenderImageResourceStyleImage::image() should return the nullImage() if
            the image is not available.

            Test: fast/images/image-element-image-content-data.html

            * css/CSSCrossfadeValue.cpp:
            * css/CSSFilterImageValue.cpp:
            * page/EventHandler.cpp:
            * page/PageSerializer.cpp:
            * rendering/RenderElement.cpp:
            * rendering/RenderImageResource.cpp:
            * rendering/RenderImageResourceStyleImage.cpp:
            (WebCore::RenderImageResourceStyleImage::initialize):

            (WebCore::RenderImageResourceStyleImage::shutdown): Revert back the changes
            of r208511 in this function. Add a call to image()->stopAnimation() without
            checking the return of image() since it will return the nullImage() if
            the image not available. There is no need to check m_cachedImage before
            calling image() because image() does not check or access m_cachedImage.

            (WebCore::RenderImageResourceStyleImage::image): The base class method
            RenderImageResource::image() returns the nullImage() if the image not
            available. This is because CachedImage::imageForRenderer() returns
            the nullImage() if the image is not available; see CachedImage.h. We should
            do the same for the derived class for consistency.

            * rendering/style/ContentData.cpp:
            * rendering/style/StyleCachedImage.cpp:
            * style/StylePendingResources.cpp:

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220042. rdar://problem/33619586

    2017-07-29  Nan Wang  <n_wang@apple.com>

            AX: findMatchingObjects doesn't work when the startObject is ignored
            https://bugs.webkit.org/show_bug.cgi?id=174965

            Reviewed by Chris Fleizach.

            findMatchingObjects would return a wrong element if we pass in an ignored
            start object. To fix this, we should use the closest accessible sibling as
            the start object.

            Test: accessibility/mac/search-predicate-from-ignored-element.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::appendChildrenToArray):

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220009. rdar://problem/33619585

    2017-07-28  Myles C. Maxfield  <mmaxfield@apple.com>

            [macOS] Reeder's defaults font is Times instead of San Francisco
            https://bugs.webkit.org/show_bug.cgi?id=174885
            <rdar://problem/33462483>

            Reviewed by Simon Fraser.

            Reeder uses explicit dot-prefixed names in its source code. Within Core Text,
            dot-prefixed names cannot be matched case insensitively. The solution is to
            not case-fold these family names, and to make our caches case sensitive for
            these special names.

            Tests: fast/text/font-lookup-dot-prefix-case-sensitive-2.html
                   fast/text/font-lookup-dot-prefix-case-sensitive.html

            * platform/graphics/FontCache.cpp:
            (WebCore::FontPlatformDataCacheKey::operator==):
            (WebCore::FontPlatformDataCacheKeyHash::hash):
            * platform/graphics/FontCascade.cpp:
            (WebCore::keysMatch):
            (WebCore::computeFontCascadeCacheHash):
            * platform/graphics/FontDescription.cpp:
            (WebCore::FontCascadeDescription::familyNamesAreEqual):
            (WebCore::FontCascadeDescription::familyNameHash):
            (WebCore::FontCascadeDescription::foldedFamilyName):
            * platform/graphics/FontDescription.h:
            * platform/graphics/cocoa/FontCacheCoreText.cpp:
            (WebCore::FontDatabase::fontForPostScriptName):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220003. rdar://problem/33595572

    2017-07-28  Myles C. Maxfield  <mmaxfield@apple.com>

            REGRESSION(r216944): Fallback fonts erroneously visible when the primary font is loading
            https://bugs.webkit.org/show_bug.cgi?id=174772
            <rdar://problem/33267643>

            Reviewed by Simon Fraser.

            During a font load, we try pretty hard to find a font to use that isn't the
            last resort font (which happens to be Times). We do this by iterating through
            all the fonts in the font-family list, as well as through all the relevant
            @font-face blocks which share the requested font family name.

            Unfortunately, if we find one of these fallback fonts, we were simply using it
            directly, which means that it was being drawn as visible (because the
            visibility setting lives inside the Font object). Instead, we should carry the
            invisibility setting from the interstitial font to this used fallback font.

            This patch is an extension of r219221, which fixed the problem only for system
            fallback fonts. This patch adopts the same methodology to all fallback fonts.

            Test: http/tests/webfont/font-loading-system-fallback-visibility-FontRanges.html

            * platform/graphics/FontCascadeFonts.cpp:
            (WebCore::FontCascadeFonts::glyphDataForVariant):
            (WebCore::glyphPageFromFontRanges):
            * platform/graphics/FontRanges.cpp:
            (WebCore::FontRanges::glyphDataForCharacter):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219998. rdar://problem/33595610

    2017-07-28  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS DnD] [WK1] Snapshots generated using -[DOMRange renderImageForcingBlackText:] are upside down
            https://bugs.webkit.org/show_bug.cgi?id=174928
            <rdar://problem/33584280>

            Reviewed by Tim Horton.

            Pulls the implementation of createDragImageForRange out into DragImageIOS, and use TextIndicator to generate a
            snapshot instead of FrameSelection's snapshotting utilities. This makes snapshotting a DOMRange behave the same
            way as snapshotting a dragged selection.

            No way of testing TextIndicator-based snapshotting yet.

            * platform/DragImage.cpp:

            Guard createDragImageForRange for !PLATFORM(IOS).

            * platform/ios/DragImageIOS.mm:
            (WebCore::createDragImageForSelection):

            Add a FIXME to point out that having an additional context flip inside the UIGraphicsImageRenderer block results
            in an upside-down drag image being returned from createDragImageFromImage. This image is being flipped elsewhere
            in drag initiation code, which eventually results in the correct orientation; we'll need further investigation
            to remove this extraneous flip.

            (WebCore::createDragImageForRange):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219992. rdar://problem/33595621

    2017-07-27  Jeremy Jones  <jeremyj@apple.com>

            Don't override _allowsMediaDocumentInlinePlayback in MediaDocument with playsinlineAttr.
            https://bugs.webkit.org/show_bug.cgi?id=174850
            rdar://problem/33449903

            Reviewed by Jon Lee.

            This change removes playsinlineAttr from MediaDocument so that it doesn't override the setting
            from _allowsMediaDocumentInlinePlayback. In its place is an update to requiresFullscreenForVideoPlayback
            that implements the details of exactly which media documents are still allowed to play inlne.

            Media documents always use a video element; but when there are no video tracks, it has behavior like
            an audio element. See media-controller.js isAudio().

            This change preserves this behavior with respect to fullscreen requirements for media document by
            mirroring the isAudio() check in requiresFullscreenForVideoPlayback.

            * html/MediaDocument.cpp:
            (WebCore::MediaDocumentParser::createDocumentStructure):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219991. rdar://problem/33595570

    2017-07-27  Jeremy Jones  <jeremyj@apple.com>

            MediaDocument fullscreen pinch gesture should trigger navigate back.
            https://bugs.webkit.org/show_bug.cgi?id=174914

            Reviewed by Jon Lee.

            No new tests because only effect is from interaction with platform.

            For media documents, pressing the "done" button on fullscreen video navigates back
            to the previous page. The same should happen for other gestures that pause playback
            when returning to inline. This allows the gesture to have the same behavior as the
            button.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219950. rdar://problem/33595459

    2017-07-26  Chris Dumez  <cdumez@apple.com>

            Pressing the Escape key should not be a valid user gesture to enter fullscreen
            https://bugs.webkit.org/show_bug.cgi?id=174864
            <rdar://problem/33009088>

            Reviewed by Geoffrey Garen.

            Pressing the Escape key should not be a valid user gesture to enter fullscreen since this
            is the gesture to exit fullscreen already.

            Test: fullscreen/requestFullscreen-escape-key.html

            * dom/Document.cpp:
            (WebCore::Document::requestFullScreenForElement):
            * dom/UserGestureIndicator.cpp:
            (WebCore::UserGestureIndicator::UserGestureIndicator):
            * dom/UserGestureIndicator.h:
            (WebCore::UserGestureToken::create):
            (WebCore::UserGestureToken::gestureType):
            (WebCore::UserGestureToken::UserGestureToken):
            * page/EventHandler.cpp:
            (WebCore::EventHandler::internalKeyEvent):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219949. rdar://problem/33595616

    2017-07-26  Nan Wang  <n_wang@apple.com>

            AX: Incorrect range from index and length in contenteditable with <p> tags
            https://bugs.webkit.org/show_bug.cgi?id=174856

            Reviewed by Chris Fleizach.

            When asking for the string inside a text control with a given range, we sometimes get
            a wrong string at the line boundary due to a bad plain range to text marker conversion.
            To fix this, we should use the exsisting method on text controls to avoid this issue.

            Updated the test to test the problematic case.

            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219906. rdar://problem/33595387

    2017-07-26  Nan Wang  <n_wang@apple.com>

            AX: should dispatch accessibilityPerformPressAction async on MacOS
            https://bugs.webkit.org/show_bug.cgi?id=174849

            Reviewed by Chris Fleizach.

            If performing the accessibility press action results in a modal alert being displayed,
            it can cause VoiceOver to hang. To fix it, we should dispatch the action asynchronously.

            Updated tests to adapt to this change.

            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper accessibilityPerformPressAction]):
            (-[WebAccessibilityObjectWrapper _accessibilityPerformPressAction]):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219891. rdar://problem/33595436

    2017-07-25  Per Arne Vollan  <pvollan@apple.com>

            Dragged links are blurry on 1x displays.
            https://bugs.webkit.org/show_bug.cgi?id=174831
            <rdar://problem/33519698>

            Reviewed by Simon Fraser.

            When the width and height of the drag image is a multiple of 2, the drag image is not blurry
            on a 1x display. This is a workaround which should be removed when <rdar://problem/33059739>
            is fixed.

            No new tests, since this is not straightforward to test with a layout test.

            * platform/mac/DragImageMac.mm:
            (WebCore::LinkImageLayout::LinkImageLayout):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219876. rdar://problem/33523847

    2017-07-25  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Async image decoding for large images should be disabled after the first time a tile is painted
            https://bugs.webkit.org/show_bug.cgi?id=174451
            <rdar://problem/31246421>

            Reviewed by Simon Fraser.

            Flashing because of DOM mutation can be fixed by disabling the asynchronous
            image decoding after the first time a tile was painted.

            We can detect this by consulting the tile repaintCount. If it is zero, then
            it is safe to use asynchronous image decoded. If the tile repaintCount is
            greater than zero, we are not sure if the renderer rectangle has an image
            drawn in it already or not. In this case we have to use the synchronous
            image decoding to avoid causing a flash.

            Tests: fast/images/async-image-background-change.html
                   fast/images/async-image-src-change.html
                   http/tests/multipart/multipart-async-image.html

            * html/shadow/MediaControlElements.cpp:
            (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
            * page/FrameView.cpp:
            (WebCore::FrameView::willPaintContents):
            (WebCore::FrameView::paintContentsForSnapshot):
            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::paintContents):
            * page/PageOverlayController.h:
            * page/linux/ResourceUsageOverlayLinux.cpp:
            * page/mac/ServicesOverlayController.h:
            * page/mac/ServicesOverlayController.mm:
            (WebCore::ServicesOverlayController::Highlight::paintContents):
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::draw):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::paintGraphicsLayerContents):
            * platform/graphics/GraphicsLayer.h:
            * platform/graphics/GraphicsLayerClient.h:
            (WebCore::GraphicsLayerClient::paintContents):
            * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
            (WebCore::LayerClient::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.h:
            * platform/graphics/ca/PlatformCALayer.h:
            * platform/graphics/ca/PlatformCALayerClient.h:
            (WebCore::PlatformCALayerClient::platformCALayerRepaintCount):
            * platform/graphics/ca/TileCoverageMap.cpp:
            (WebCore::TileCoverageMap::platformCALayerPaintContents):
            * platform/graphics/ca/TileCoverageMap.h:
            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::platformCALayerPaintContents):
            (WebCore::TileGrid::platformCALayerRepaintCount):
            * platform/graphics/ca/TileGrid.h:
            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWin.cpp:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
            (PlatformCALayerWinInternal::displayCallback):
            * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:
            (WebTiledBackingLayerWin::displayCallback):
            * platform/graphics/mac/WebLayer.mm:
            (-[WebLayer drawInContext:]):
            (-[WebSimpleLayer drawInContext:]):
            * rendering/PaintPhase.h:
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
            * rendering/RenderElement.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::paintLayerContents):
            (WebCore::RenderLayer::paintForegroundForFragments):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::paintContents):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::paintContents):
            * rendering/RenderLayerCompositor.h:
            * rendering/RenderWidget.cpp:
            (WebCore::RenderWidget::paintContents):
            * testing/Internals.cpp:
            (WebCore::imageFromImageElement):
            (WebCore::bitmapImageFromImageElement):
            (WebCore::Internals::imageFrameIndex):
            (WebCore::Internals::setImageFrameDecodingDuration):
            (WebCore::Internals::resetImageAnimation):
            (WebCore::Internals::isImageAnimating):
            (WebCore::Internals::setClearDecoderAfterAsyncFrameRequestForTesting):
            (WebCore::Internals::imageDecodeCount):
            (WebCore::Internals::setLargeImageAsyncDecodingEnabledForTesting):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219620. rdar://problem/33523847

    2017-07-18  Matt Lewis  <jlewis3@apple.com>

            Unreviewed, rolling out r219610.

            This caused an api failure on all platforms for the test
            SnapshotImageLargeAsyncDecoding

            Reverted changeset:

            "Async image decoding for large images should be disabled
            after the first time a tile is painted"
            https://bugs.webkit.org/show_bug.cgi?id=174451
            http://trac.webkit.org/changeset/219610

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219762. rdar://problem/33523889

    2017-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r219045): A partially loaded image may not be repainted when its complete frame finishes decoding
            https://bugs.webkit.org/show_bug.cgi?id=174230

            Reviewed by Simon Fraser.

            Because of r219045, we now only repaint the CachedImageClinets which tried
            to draw the image but they could not because they have to wait for the image
            decoding to finish. This was done by keeping a HashSet of these clients
            and make CachedImage own it. This HashSet is cleared once the image frame
            finishes decoding and all the waited clients are repainted.

            But Multiple asynchronous image decoding requests are allowed for the same
            frame if new data is added to the image source. If we tried to draw the
            same image twice before it finishes decoding the first request, we will
            not be to record this second request since the HashSet will not add the
            same client twice. When he second request finishes decoding, CachedImage
            will not repaint any client since its HashSet is empty.

            To fix this problem we can do the following. When an image frame finishes
            decoding, CachedImage will keep its HashSet of pending drawing clients as
            long as the image frame is a partially loaded frame.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::CachedImageObserver::imageFrameAvailable):
            (WebCore::CachedImage::imageFrameAvailable):
            * loader/cache/CachedImage.h:
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::destroyDecodedData):
            (WebCore::BitmapImage::dataChanged):
            (WebCore::BitmapImage::setCurrentFrameDecodingStatusIfNecessary):
            (WebCore::BitmapImage::draw):
            (WebCore::BitmapImage::internalStartAnimation):
            (WebCore::BitmapImage::internalAdvanceAnimation):
            (WebCore::BitmapImage::imageFrameAvailableAtIndex):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/ImageFrame.cpp:
            (WebCore::ImageFrame::decodingStatus):
            * platform/graphics/ImageFrame.h: Move DecodingStatus out of this class
            to ImageTypes.h to avoid adding other header files to ImageObvsever.h
            * platform/graphics/ImageFrameCache.cpp:
            (WebCore::ImageFrameCache::setNativeImage):
            (WebCore::ImageFrameCache::cacheMetadataAtIndex):
            (WebCore::ImageFrameCache::cacheNativeImageAtIndex):
            (WebCore::ImageFrameCache::cacheNativeImageAtIndexAsync):
            (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex):
            (WebCore::ImageFrameCache::frameDecodingStatusAtIndex):
            * platform/graphics/ImageFrameCache.h:
            * platform/graphics/ImageObserver.h:
            * platform/graphics/ImageSource.h:
            (WebCore::ImageSource::frameDecodingStatusAtIndex):
            * platform/graphics/ImageTypes.h:
            * platform/image-decoders/bmp/BMPImageReader.cpp:
            (WebCore::BMPImageReader::decodeBMP):
            * platform/image-decoders/gif/GIFImageDecoder.cpp:
            (WebCore::GIFImageDecoder::frameComplete):
            (WebCore::GIFImageDecoder::initFrameBuffer):
            * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
            (WebCore::JPEGImageDecoder::outputScanlines):
            (WebCore::JPEGImageDecoder::jpegComplete):
            * platform/image-decoders/png/PNGImageDecoder.cpp:
            (WebCore::PNGImageDecoder::rowAvailable):
            (WebCore::PNGImageDecoder::pngComplete):
            (WebCore::PNGImageDecoder::frameComplete):
            * platform/image-decoders/webp/WEBPImageDecoder.cpp:
            (WebCore::WEBPImageDecoder::decode):
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219738. rdar://problem/33523826

    2017-07-21  Said Abou-Hallawa  <sabouhallawa@apple.com>

            [CG] An image should not invoke many system calls before confirming its format is supported
            https://bugs.webkit.org/show_bug.cgi?id=174692

            Reviewed by Tim Horton.

            We should be careful when invoking system calls before confirming that the
            image type is available and it is one of the whitelist formats. Otherwise
            we will be calling the parsers of the unsupported formats.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::setImageDataBuffer): The check isAllowedImageUTI()
            is now done in ImageDecoder::encodedDataStatus() which will return Error
            if there is an error in the data or "isAllowedImageUTI() returns false."

            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::dataChanged): Avoid calling canUseAsyncDecodingForLargeImages()
            before confirming the image type is available and it's supported by WebKit.
            canUseAsyncDecodingForLargeImages() tries to cache the first frame of the
            image to know its size. Asking the ImageFrameCache to destroy its decoded
            frames is not needed unless ImageFrameCache::decodedSize() is not zero.

            * platform/graphics/cg/ImageDecoderCG.cpp:
            (WebCore::ImageDecoder::encodedDataStatus): Avoid calling CGImageSourceGetStatus()
            before knowing the UTI of the image. When knowing it, we call CGImageSourceGetStatus()
            and if it returns kCGImageStatusIncomplete or kCGImageStatusComplete, we
            check whether isAllowedImageUTI() or not. If isAllowedImageUTI() returns
            false, return Error which will make the CachedImage cancel loading the
            rest of the image.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219829. rdar://problem/33523803

    2017-07-24  Simon Fraser  <simon.fraser@apple.com>

            Change "client" coordinates back to match scrolling coordinates
            https://bugs.webkit.org/show_bug.cgi?id=174734
            rdar://problem/33336930

            Reviewed by Tim Horton.

            Baidu.com (which uses jQuery), and various iOS apps make the assumption that getBoundingClientRect() returns a rectangle
            that can be used to set or compare with the scroll position. With visual viewports, that assumption is no longer valid
            when the page is zoomed, or when the keyboard has caused the visual viewport to detach from the layout viewport.

            At this point the compatibility cost of shipping layout viewport-based client rects seems higher than the gain, so revert
            to the shipping behavior. This reverts r216803, and will re-introduce bugs that occurred on zoomed pages on macOS,
            many of which are noted in webkit.org/b/170981.

            * page/FrameView.cpp:
            (WebCore::FrameView::documentToClientOffset):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219761. rdar://problem/33523829

    2017-07-22  Timothy Horton  <timothy_horton@apple.com>

            Drag and Drop preview image for Twitter link is the wrong shape
            ​https://bugs.webkit.org/show_bug.cgi?id=174731
            <rdar://problem/33335616>

            * dom/Range.cpp:
            (WebCore::Range::absoluteRectsForRangeInText):
            * page/TextIndicator.cpp:
            (WebCore::initializeIndicator):
            Apply some post-landing review feedback for r219756.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219756. rdar://problem/33523829

    2017-07-21  Timothy Horton  <timothy_horton@apple.com>

            Drag and Drop preview image for Twitter link is the wrong shape
            https://bugs.webkit.org/show_bug.cgi?id=174731
            <rdar://problem/33335616>

            Reviewed by Zalan Bujtas.

            TextIndicator uses Range::borderAndTextQuads and ::absoluteTextRects
            in order to get the rects of the indicated text. Currently, these
            functions do not respect clipping, so clipped-out text (e.g. as seen
            inside links on Twitter) generates lots of meaningless indicated rects.

            * page/TextIndicator.cpp:
            (WebCore::estimatedBackgroundColorForRange):
            (WebCore::hasAnyIllegibleColors):
            Change adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary
            to instead be hasAnyIllegibleColors, and referred to in the same place
            as hasNonInlineOrReplacedElements, so that it follows the same
            upgrade path (leaving textRects empty, so that it is later filled in
            with the absoluteBoundingRect). This was a mistake in r219033, which
            instead would end up painting all content, but filling in textRects
            with the actual individual text rects.

            This alone changes the behavior on Twitter from lots of jagged misplaced
            rects to a too-large bounding rect. Combined with the following changes,
            the bounding rect is reduced to the right size:

            (WebCore::initializeIndicator):
            Adopt the new Range::borderAndTextQuads and ::absoluteTextRects parameter
            and opt-in to respecting clipping for text rects.

            * dom/DOMRectList.cpp:
            (WebCore::DOMRectList::DOMRectList):
            * dom/DOMRectList.h:
            (WebCore::DOMRectList::create):
            Add a DOMRectList constructor and create() that take FloatRects, similar
            to the one that takes FloatQuads, but without the boundingRect() calls.

            * dom/Document.h:
            * dom/Document.cpp:
            (WebCore::Document::convertAbsoluteToClientRects):
            Add convertAbsoluteToClientRects, similar to covertAbsoluteToClientQuads,
            except acting on rects instead of quads.

            * dom/Range.cpp:
            (WebCore::Range::absoluteRectsForRangeInText):
            (WebCore::Range::absoluteTextRects):
            (WebCore::Range::getClientRects):
            (WebCore::Range::borderAndTextRects):
            (WebCore::Range::boundingRect):
            (WebCore::Range::absoluteBoundingRect):
            (WebCore::Range::borderAndTextQuads): Deleted.
            * dom/Range.h:
            Replace borderAndTextQuads with borderAndTextRects, because all callers
            just ended up calling boundingBox() on the quads.

            Factor absoluteRectsForRangeInText out of absoluteTextRects and
            borderAndTextQuads, and teach it to optionally intersect the text rects
            with their renderer's absoluteClippedOverflowRect.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219755. rdar://problem/33523843

    2017-07-21  Per Arne Vollan  <pvollan@apple.com>

            Round-tripping stroke-width styles through getComputedStyle cause the text to gain a stroke.
            https://bugs.webkit.org/show_bug.cgi?id=174701
            <rdar://problem/32903679>

            Reviewed by Simon Fraser.

            The initial value of stroke-color should be transparent, see https://www.w3.org/TR/fill-stroke-3/#stroke-color.
            Also, there is no need to set the graphics context in text stroke mode, if the stroke color is not visible.

            Test: fast/css/round-trip-stroke-width-using-computed-style.html

            * rendering/TextPaintStyle.cpp:
            (WebCore::updateGraphicsContext):
            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::initialStrokeWidth):
            (WebCore::RenderStyle::initialStrokeColor):
            * rendering/style/StyleRareInheritedData.cpp:
            (WebCore::StyleRareInheritedData::StyleRareInheritedData):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219752. rdar://problem/33524766

    2017-07-21  Timothy Horton  <timothy_horton@apple.com>

            TextIndicator::estimatedTextColorsForRange asserts inside HashSet code (inserting reserved value)
            https://bugs.webkit.org/show_bug.cgi?id=174733

            Reviewed by Wenson Hsieh.

            * page/TextIndicator.cpp:
            (WebCore::estimatedTextColorsForRange):
            (WebCore::adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary):
            RGBA32 isn't a valid hash key, because we have no traits that define the
            empty or deleted values, nor do we have any bits we could feasibly
            use -- the full range of RGBA32 is easy to reach with various colors.

            Instead, hash Color directly.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219751. rdar://problem/33523861

    2017-07-21  Nan Wang  <n_wang@apple.com>

            AX: Expose form validation on iOS as hint
            https://bugs.webkit.org/show_bug.cgi?id=174722
            <rdar://problem/33459761>

            Reviewed by Chris Fleizach.

            Adding the validation message to the hint of the form control element.

            Test: accessibility/ios-simulator/form-control-validation-message.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::isShowingValidationMessage):
            (WebCore::AccessibilityObject::validationMessage):
            * accessibility/AccessibilityObject.h:
            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper accessibilityHint]):
            (-[WebAccessibilityObjectWrapper accessibilityIsShowingValidationMessage]):
            * html/HTMLFormControlElement.cpp:
            (WebCore::HTMLFormControlElement::isShowingValidationMessage):
            * html/HTMLFormControlElement.h:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219742. rdar://problem/33523798

    2017-07-21  Zalan Bujtas  <zalan@apple.com>

            iBooks: Overlapping/missing content at beginning/end of paragraph.
            https://bugs.webkit.org/show_bug.cgi?id=174717
            <rdar://problem/33117912>

            Reviewed by Simon Fraser.

            By definiton simple and normal line layout should always produce the exact same lineboxes. It enables us not
            to force repaint while swapping between these 2 line layouts.
            However in certain cases (font size pixel rounding as an example) they don't agree on how much content fits the line and
            that could result in missing/overlapping content due to the lack of repaint.

            Unable to test.

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::ensureLineBoxes):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219737. rdar://problem/33523854

    2017-07-21  Jeremy Jones  <jeremyj@apple.com>

            AudioTrackPrivateMediaStreamCocoa shouldn't set AudioSession::setPreferredBufferSize
            https://bugs.webkit.org/show_bug.cgi?id=174707
            rdar://problem/33446809

            Reviewed by Eric Carlson.

            Manually tested for audio side effects.

            AudioChannel::copyFrom fails when AudioChannel lengths don't match.

            This happens because PlatformMediaSessionManager::updateSessionState() owns and sets
            AudioSession::setPreferredBufferSize().

            However, AudioTrackPrivateMediaStreamCocoa::createAudioUnit, when it creates an input
            audio unit is setting AudioSession::setPreferredBufferSize() directly to its own arbitrary value.

            AudioSession::setPreferredBufferSize() should be managed by the higher level
            PlatformMediaSessionManager, and not modified by audio unit creation, in order to keep harmony
            within the audio pipeline.

            * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
            (WebCore::AudioTrackPrivateMediaStreamCocoa::createAudioUnit):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219736. rdar://problem/33523835

    2017-07-21  Jeremy Jones  <jeremyj@apple.com>

            Noise when AudioChannel lengths don't match.
            https://bugs.webkit.org/show_bug.cgi?id=174706
            rdar://problem/33389856

            Reviewed by Eric Carlson.

            When AudioChannel lengths don't match, copyFrom() returns early leaving uninitialized data in the audio buffer.
            This change zeros out the data, so there isn't objectionable noise sent to the speaker.

            * platform/audio/AudioChannel.cpp:
            (WebCore::AudioChannel::copyFrom):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219638. rdar://problem/33523787

    2017-07-18  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION(r218910): Crash when password field changes to text field
            https://bugs.webkit.org/show_bug.cgi?id=174560

            Reviewed by Zalan Bujtas.

            The crash was caused by textMarkerDataForFirstPositionInTextControl accessing a nullptr returned by getOrCreate.
            Unfortunately, in order to this fix bug while preserving the exact behavior would require synchronously creating
            a renderer for the editing host when the input type changed since we can't create an accessbility object out of
            a renderer-less node.

            Instead, revert back to pre-r218910 behavior of always using the text control element's axID when notifying
            the value change. While this is inconsistent with the way editing commands report content changes, I've since
            learned that VoiceOver has code to deal with this exact situation.

            Test: accessibility/mac/input-type-change-crash-2.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219610. rdar://problem/33523847

    2017-07-18  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Async image decoding for large images should be disabled after the first time a tile is painted
            https://bugs.webkit.org/show_bug.cgi?id=174451

            Reviewed by Simon Fraser.

            Flashing because of DOM mutation can be fixed by disabling the asynchronous
            image decoding after the first time a tile was painted.

            We can detect this by consulting the tile repaintCount. If it is zero, then
            it is safe to use asynchronous image decoded. If the tile repaintCount is
            greater than zero, we are not sure if the renderer rectangle has an image
            drawn in it already or not. In this case we have to use the synchronous
            image decoding to avoid causing a flash.

            Tests: fast/images/async-image-background-change.html
                   fast/images/async-image-src-change.html
                   http/tests/multipart/multipart-async-image.html

            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::paintContents):
            * page/PageOverlayController.h:
            * page/linux/ResourceUsageOverlayLinux.cpp:
            * page/mac/ServicesOverlayController.h:
            * page/mac/ServicesOverlayController.mm:
            (WebCore::ServicesOverlayController::Highlight::paintContents):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::paintGraphicsLayerContents):
            * platform/graphics/GraphicsLayer.h:
            * platform/graphics/GraphicsLayerClient.h:
            (WebCore::GraphicsLayerClient::paintContents):
            * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
            (WebCore::LayerClient::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.h:
            * platform/graphics/ca/PlatformCALayer.h:
            * platform/graphics/ca/PlatformCALayerClient.h:
            (WebCore::PlatformCALayerClient::platformCALayerRepaintCount):
            * platform/graphics/ca/TileCoverageMap.cpp:
            (WebCore::TileCoverageMap::platformCALayerPaintContents):
            * platform/graphics/ca/TileCoverageMap.h:
            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::platformCALayerPaintContents):
            (WebCore::TileGrid::platformCALayerRepaintCount):
            * platform/graphics/ca/TileGrid.h:
            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWin.cpp:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
            (PlatformCALayerWinInternal::displayCallback):
            * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:
            (WebTiledBackingLayerWin::displayCallback):
            * platform/graphics/mac/WebLayer.mm:
            (-[WebLayer drawInContext:]):
            (-[WebSimpleLayer drawInContext:]):
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
            * rendering/RenderElement.h:
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::paintContents):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::paintContents):
            * rendering/RenderLayerCompositor.h:
            * testing/Internals.cpp:
            (WebCore::imageFromImageElement):
            (WebCore::bitmapImageFromImageElement):
            (WebCore::Internals::imageFrameIndex):
            (WebCore::Internals::setImageFrameDecodingDuration):
            (WebCore::Internals::resetImageAnimation):
            (WebCore::Internals::isImageAnimating):
            (WebCore::Internals::setClearDecoderAfterAsyncFrameRequestForTesting):
            (WebCore::Internals::imageDecodeCount):
            (WebCore::Internals::setLargeImageAsyncDecodingEnabledForTesting):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Revert r219342. rdar://problem/33523803

2017-07-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219665.

    2017-07-19  Myles C. Maxfield  <mmaxfield@apple.com>

            Setting the minimum font size preference doesn’t affect absolute line-height values, so lines overlap
            https://bugs.webkit.org/show_bug.cgi?id=174406

            Reviewed by Simon Fraser.
            <rdar://problem/10139227>

            Reviewed by NOBODY.

            When the minimumFontSize API preference is set, we will increase the font size without increasing
            the line height. If the content specifies line-height as an absolute value, there can be two
            unfortunate results:

            - Adjacent lines in a paragraph can overlap
            - If the paragraph (or containin block or whatever) uses overflow: hidden, the first and last lines
            can be cut off and potentially indecipherable.

            Instead, we should use the minimum font size preference as a signal that we should increase the
            line-height as well as the font-size. Eventually, we will want to increase it by an amount
            proportional to the increase in font-size (which can be due to minimumFontSize, minimumLogicalFontSize,
            text autosizing, etc.). However, because minimumLogicalFontSize is on by default, this would cause
            a behavior change on many webpages which use small text, so such a change would be too risky right now.
            Instead, we can pretend that minimumFontSize is the only cause that text increases, and use this as the
            only signal to boost the corresponding line-height.

            Tests: fast/text/line-height-minimumFontSize-text-zoom.html
                   fast/text/line-height-minimumFontSize-visual.html
                   fast/text/line-height-minimumFontSize-zoom.html
                   fast/text/line-height-minimumFontSize.html
                   fast/text/line-height-minimumFontSize-autosize.html

            * css/StyleBuilderCustom.h:
            (WebCore::computeBaseSpecifiedFontSize):
            (WebCore::computeLineHeightMultiplierDueToFontSize):
            (WebCore::StyleBuilderCustom::applyValueLineHeight):
            (WebCore::StyleBuilderCustom::applyValueFill):
            (WebCore::StyleBuilderCustom::applyValueStroke):
            (WebCore::StyleBuilderCustom::applyValueContent):
            * rendering/TextAutoSizing.cpp:

2017-07-18  Myles C. Maxfield  <mmaxfield@apple.com>

        Setting the minimum font size preference doesn’t affect absolute line-height values, so lines overlap
        https://bugs.webkit.org/show_bug.cgi?id=174406
        <rdar://problem/10139227>

        Reviewed by Simon Fraser.

        When the minimumFontSize API preference is set, we will increase the font size without increasing
        the line height. If the content specifies line-height as an absolute value, there can be two
        unfortunate results:

        - Adjacent lines in a paragraph can overlap
        - If the paragraph (or containin block or whatever) uses overflow: hidden, the first and last lines
        can be cut off and potentially indecipherable.

        Instead, we should use the minimum font size preference as a signal that we should increase the
        line-height as well as the font-size. Eventually, we will want to increase it by an amount
        proportional to the increase in font-size (which can be due to minimumFontSize, minimumLogicalFontSize,
        text autosizing, etc.). However, because minimumLogicalFontSize is on by default, this would cause
        a behavior change on many webpages which use small text, so such a change would be too risky right now.
        Instead, we can pretend that minimumFontSize is the only cause that text increases, and use this as the
        only signal to boost the corresponding line-height.

        Tests: fast/text/line-height-minimumFontSize-text-zoom.html
               fast/text/line-height-minimumFontSize-visual.html
               fast/text/line-height-minimumFontSize-zoom.html
               fast/text/line-height-minimumFontSize.html
               fast/text/line-height-minimumFontSize-autosize.html

        * css/StyleBuilderCustom.h:
        (WebCore::computeBaseSpecifiedFontSize):
        (WebCore::computeLineHeightMultiplierDueToFontSize):
        (WebCore::StyleBuilderCustom::applyValueLineHeight):
        (WebCore::StyleBuilderCustom::applyValueFill):
        (WebCore::StyleBuilderCustom::applyValueStroke):
        (WebCore::StyleBuilderCustom::applyValueContent):
        * rendering/TextAutoSizing.cpp:

2017-07-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219571. rdar://problem/33464710

    2017-07-17  Simon Fraser  <simon.fraser@apple.com>

            clientX/clientY on TouchEvent.touches are wrong
            https://bugs.webkit.org/show_bug.cgi?id=174561
            rdar://problem/33336041

            Reviewed by Tim Horton.

            Do some refactoring so that WebKitAdditions code that computes Touch coordinates can use
            the same code that MouseRelatedEvent uses.

            There is no behavior change in this patch, but the test exercises a behavior change in
            WebKitAdditions code.

            Test: fast/events/touch/ios/touches-client-coords-after-zoom.html

            * dom/MouseRelatedEvent.cpp:
            (WebCore::MouseRelatedEvent::init):
            (WebCore::MouseRelatedEvent::frameViewFromDOMWindow):
            (WebCore::MouseRelatedEvent::pagePointToClientPoint):
            (WebCore::MouseRelatedEvent::pagePointToAbsolutePoint):
            (WebCore::MouseRelatedEvent::initCoordinates):
            (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor):
            (WebCore::MouseRelatedEvent::computePageLocation):
            (WebCore::MouseRelatedEvent::locationInRootViewCoordinates):
            (WebCore::MouseRelatedEvent::frameView): Deleted.
            * dom/MouseRelatedEvent.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219662. rdar://problem/33464110

    2017-07-19  Antoine Quint  <graouts@apple.com>

            [iOS] REGRESSION: Scrubbing media using built-in controls does not pause media
            https://bugs.webkit.org/show_bug.cgi?id=174650
            <rdar://problem/33401877>

            Reviewed by Dean Jackson.

            We would only pause when scrubbing on macOS because we only listened to "mousedown" events on the
            scrubber's backing <input> element to identify that the user had started interacting with the
            scrubber.

            Implementing the same technique on iOS required a little more work than just listening to "touchstart"
            events on the same element. On top of that, we needed to make sure that we would only respond to
            "touchstart" events on the slider's thumb, and not on the track, since only on macOS should the user
            be able to click anywhere on the track to scrub. So we turn off pointer-events for the <input> on iOS
            only, and turn them back on specifically for the thumb.

            There is also some finessing when dealing with touch events where we need to track the identifier of
            the touch that started the user interaction. So we keep track of it in an ivar and wait until we get
            a "touchend" event where the changedTouches list contains a touch with that same identifier to ensure
            the same touch that initiates and ends the scrubbing interaction.

            Finally, we fix another issue that was uncovered while turning back on the ScrubbingSupport tests
            where we would not trash the cached _value ivar when we initiated scrubbing, which was important since
            we would mistakenly use the pre-srubbing value during a scrub.

            * Modules/modern-media-controls/controls/slider.css:
            (.ios .slider > input):
            (.slider > input::-webkit-slider-thumb):
            * Modules/modern-media-controls/controls/slider.js:
            (Slider.prototype.handleEvent):
            (Slider.prototype._handleMousedownEvent):
            (Slider.prototype._interactionEndTarget):
            (Slider.prototype._handleTouchstartEvent):
            (Slider.prototype._valueWillStartChanging):
            (Slider.prototype._valueDidStopChanging):
            (Slider.prototype._handleMouseupEvent):
            (Slider.prototype._handleTouchendEvent):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219711. rdar://problem/33465715

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Hook up ITP quirks to the needsSiteSpecificQuirks setting
            https://bugs.webkit.org/show_bug.cgi?id=174691

            Reviewed by Darin Adler.

            Hook up ITP quirks to the needsSiteSpecificQuirks setting to make it easier for
            Web-developers to test their fixes.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::shouldEnableSiteSpecificQuirks):
            (WebCore::areDomainsAssociated):
            (WebCore::ResourceLoadObserver::logFrameNavigation):
            (WebCore::resourceNeedsSSOQuirk):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):
            (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219709. rdar://problem/33462692

    2017-07-20  David Quesada  <david_quesada@apple.com>

            Add SPI to notify WKNavigationDelegate about client redirects
            https://bugs.webkit.org/show_bug.cgi?id=174680
            rdar://problem/33184886

            Reviewed by Brady Eidson.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::performClientRedirect):
            * loader/FrameLoader.h:
            Add a convenience method for NavigationScheduler that handles a FrameLoadRequest
            as a client redirect. Currently this means loading the request and informing the
            client about it.

            * loader/FrameLoaderClient.h:
            Add FrameLoaderClient::dispatchDidPerformClientRedirect() to inform the client when
            a client redirect occurs.

            * loader/NavigationScheduler.cpp:
            Removed ScheduledURLNavigation::fire(). This class was never instantiated directly,
            and all subclasses override fire(), so this was unused code.
            For ScheduledRedirects and ScheduledLocationChange, use FrameLoader's new method to
            load the request as a client redirect.

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219703. rdar://problem/33462696

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Regression(ITP): May get frequently logged out of wsj.com
            https://bugs.webkit.org/show_bug.cgi?id=174661
            <rdar://problem/32343256>

            Reviewed by Geoffrey Garen.

            Add the concept of associated domains in the ResourceLoadObserver. We
            previously ignore loads to and from the same domains. We now do the same
            if the to and from domains are associated (i.e. owned by the same entity).

            For now, only add domains owned by Dow Jones & Company, Inc. to the list,
            to address login issues on wsj.com.

            No new tests, verified manually on wsj.com.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::areDomainsAssociated):
            (WebCore::ResourceLoadObserver::logFrameNavigation):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):
            (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219701. rdar://problem/33465715

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Regression(ITP): Can no longer log in on abc.go.com
            https://bugs.webkit.org/show_bug.cgi?id=174533
            <rdar://problem/33325881>

            Reviewed by Geoffrey Garen.

            Add quirk for sp.auth.adobe.com which is used for SSO by web sites such as
            abc.go.com. This would otherwise cause adobe.com to be identified as a
            tracker and log in on abc.go.com would break.

            No new tests, tested manually on abc.go.com.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::resourceNeedsSSOQuirk):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219683. rdar://problem/33464463

    2017-07-20  Brady Eidson  <beidson@apple.com>

            WKHTTPCookieStore API tests fail on High Sierra.
            <rdar://problem/33410271> and https://bugs.webkit.org/show_bug.cgi?id=174666

            Reviewed by Andy Estes.

            Covered by existing API tests.

            In r219567 I'd moved cookie storage observation off of NSHTTPCookieStorage and NSNotificationCenter
            to CFHTTPCookieStorage observation callbacks.

            This is because notifications were only sent for the default [NSHTTPCookieStorage sharedHTTPCookieStorage]
            and not any of the other ones we keep in flight.

            Unfortunately that SPI has been disabled in High Sierra.
            Fortunately we found a way we can get non-shared NSHTTPCookieStorages to send notifications that works everywhere.

            * platform/network/cocoa/CookieStorageObserver.h:
            * platform/network/cocoa/CookieStorageObserver.mm:
            (-[WebCookieObserverAdapter initWithObserver:]):
            (-[WebCookieObserverAdapter cookiesChangedNotificationHandler:]):
            (WebCore::CookieStorageObserver::create):
            (WebCore::CookieStorageObserver::CookieStorageObserver):
            (WebCore::CookieStorageObserver::~CookieStorageObserver):
            (WebCore::CookieStorageObserver::startObserving): Use a trick to call some SPI on non-shared NSHTTPCookieStorages
              to get them to send notifications.
            (WebCore::CookieStorageObserver::stopObserving):
            (WebCore::cookiesChanged): Deleted.

            * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
            (WebCore::NetworkStorageSession::cookieStorageObserver):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219668. rdar://problem/33462676

    2017-07-19  Simon Fraser  <simon.fraser@apple.com>

            getBoundingClientRects not updated for programmatic scrolls
            https://bugs.webkit.org/show_bug.cgi?id=174538
            rdar://problem/33049012

            Reviewed by Tim Horton.

            Baidu.com has two event handlers on its <input>, and both query the input location with getBoundingClientRect()
            and the current pageYOffset (via jQuery), then try to scroll the input to the top of the screen. The bug is that
            programmatic scrolls did not immediately update the layout viewport rect, so the second call to
            getBoundingClientRect() would return stale coordinates, triggering an extra scroll.

            To fix this, undo the fix for r219320 which tried to keep getBoundingClientRect() current during unstable scroll
            updates by adding a shadow layout viewport rect. Instead, almost always update the layout viewport rect on
            FrameView, even during unstable visible rect updates, but not if content insets are being changed interactively,
            since changing viewport heights cause problems with bottom-fixed elements. Also, we need to compute a new layout
            viewport rect in FrameView::updateLayoutViewport() for programmatic scrolls.

            However, always updating the layout viewport triggered issues with the scrolling tree. The scrolling state tree
            fossilizes layer positions relative to a specific viewport rect, and that relationship has to be maintained.
            There are code paths that recompute fixed/sticky viewport constraints when the layout viewport has changed but
            we haven't done layout or recomputed layer positions (e.g. updating viewport-constrained layers via
            updateScrollCoordinatedLayersAfterFlush()) and in these cases using a new layout viewport for those computations
            results in an inconsistent scrolling tree.

            Fix this by not updating scrolling constraints every time we have to re-register scrolling nodes.
            updateScrollCoordinatedLayersAfterFlush() only needs to update the layer on the scrolling node (to handle
            tiled/non-tiled switches), so make updateScrollCoordinatedLayer() a little more fine-grained, and only update
            constraints when we've just computed layer geometry. This allows for different scrolling nodes to have
            constraints computed at different times, with different layout viewports, which happens.

            Two additional fixes were required to make bottom-fixed bars behave correctly.

            First, FrameView::computeLayoutViewportOrigin() had a bug where rounding of half-pixel values would cause it to
            fall into the if (visualViewport.height() > layoutViewport.height()) clause, but then fail to clamp for
            rubber-banding.

            Second, the FrameView::unscaledMaximumScrollPosition() was wrong after zooming on iOS, since it uses visibleSize()
            which is affected by page scale on iOS only (and the function wants scale-independent values). Fix with a hack that
            should be cleaned up via webkit.org/b/174648.

            Tested by existing tests.

            * page/FrameView.cpp:
            (WebCore::FrameView::computeUpdatedLayoutViewportRect):
            (WebCore::FrameView::computeLayoutViewportOrigin):
            (WebCore::FrameView::setLayoutViewportOverrideRect):
            (WebCore::FrameView::updateLayoutViewport):
            (WebCore::FrameView::unscaledMaximumScrollPosition):
            (WebCore::FrameView::documentToClientOffset):
            (WebCore::FrameView::setUnstableLayoutViewportRect): Deleted.
            * page/FrameView.h:
            * page/scrolling/AsyncScrollingCoordinator.cpp:
            (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
            (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
            (WebCore::AsyncScrollingCoordinator::reconcileViewportConstrainedLayerPositions):
            (WebCore::AsyncScrollingCoordinator::updateNodeLayer):
            (WebCore::AsyncScrollingCoordinator::updateNodeViewportConstraints):
            (WebCore::AsyncScrollingCoordinator::updateViewportConstrainedNode): Deleted.
            * page/scrolling/AsyncScrollingCoordinator.h:
            * page/scrolling/ScrollingCoordinator.cpp:
            (WebCore::operator<<):
            * page/scrolling/ScrollingCoordinator.h:
            (WebCore::ScrollingCoordinator::reconcileScrollingState):
            (WebCore::ScrollingCoordinator::updateNodeLayer):
            (WebCore::ScrollingCoordinator::updateNodeViewportConstraints):
            (WebCore::ScrollingCoordinator::updateViewportConstrainedNode): Deleted.
            * page/scrolling/ScrollingStateFixedNode.cpp:
            (WebCore::ScrollingStateFixedNode::updateConstraints):
            * page/scrolling/ScrollingStateStickyNode.cpp:
            (WebCore::ScrollingStateStickyNode::updateConstraints):
            (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect):
            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::commitTreeState):
            * page/scrolling/mac/ScrollingTreeFixedNode.mm:
            (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):
            * page/scrolling/mac/ScrollingTreeStickyNode.mm:
            (WebCore::ScrollingTreeStickyNode::updateLayersAfterAncestorChange):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateGeometry):
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayersAfterFlush):
            (WebCore::RenderLayerCompositor::updateBacking):
            (WebCore::RenderLayerCompositor::fixedRootBackgroundLayerChanged):
            (WebCore::RenderLayerCompositor::requiresCompositingForPosition):
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedStatus):
            (WebCore::RenderLayerCompositor::computeFixedViewportConstraints):
            (WebCore::RenderLayerCompositor::computeStickyViewportConstraints):
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
            (WebCore::RenderLayerCompositor::didAddScrollingLayer):
            * rendering/RenderLayerCompositor.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219666. rdar://problem/33464328

    2017-07-19  Megan Gardner  <megan_gardner@apple.com>

            Don't write file URLs to iOS Pasteboard
            https://bugs.webkit.org/show_bug.cgi?id=174647
            <rdar://problem/33199730>

            Reviewed by Wenson Hsieh.

            Tests updated to reflect the changes. We are no longer vending file URLs in Drag & Drop and Copy/Paste.

            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::writeImageToPasteboard):
            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::write):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219661. rdar://problem/33465132

    2017-07-19  Nan Wang  <n_wang@apple.com>

            AX: Web page reloaded when a node is labelling multiple childnodes
            https://bugs.webkit.org/show_bug.cgi?id=174655

            Reviewed by Chris Fleizach.

            When we are asking for the aria-labelledby attribute of a node and its
            sibling is also labelled by the same node, we get into an infinite loop
            in textUnderElement since we only ignore one child. Added checks for
            siblings to avoid such loop.

            Test: accessibility/mac/aria-labelledby-multiple-child-crash.html

            * accessibility/AccessibilityNodeObject.cpp:
            (WebCore::AccessibilityNodeObject::textUnderElement):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219645. rdar://problem/33464440

    2017-07-18  Zalan Bujtas  <zalan@apple.com>

            Media controls are missing content in fullscreen when document has scroll offset.
            https://bugs.webkit.org/show_bug.cgi?id=174644
            <rdar://problem/32415323>

            Reviewed by Simon Fraser.

            If a non-user initiated scrolling (result of resize for example) is processed asynchronously, it might
            leapfrog other, programatic scrollings and trigger unintentional scroll offsets (and turn into unwanted clippings).
            This patch ensures that both resize and top content inset change are translated into programatic scrolling.

            Unable to test full screen video.

            * page/FrameView.cpp:
            (WebCore::FrameView::setFrameRect):
            (WebCore::FrameView::topContentInsetDidChange):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219641. rdar://problem/33464325

    2017-07-18  Chris Dumez  <cdumez@apple.com>

            HysteresisActivity cannot be used in the UIProcess
            https://bugs.webkit.org/show_bug.cgi?id=174643
            <rdar://problem/33086442>

            Reviewed by Tim Horton.

            Port HysteresisActivity to RunLoop::Timer so that it can safely be used in
            the UIProcess as well.

            * platform/HysteresisActivity.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219625. rdar://problem/33465689

    2017-07-18  Antoine Quint  <graouts@apple.com>

            [macOS] Mouse pointer does not hide during fullscreen playback
            https://bugs.webkit.org/show_bug.cgi?id=174638
            <rdar://problem/33244399>

            Reviewed by Dean Jackson.

            Test: media/modern-media-controls/css/webkit-cursor-visibility-auto-hide.html

            The user-agent stylesheet sets the "-webkit-cursor-visibility" to "auto-hide" for fullscreen <video>
            elements. Since we reset the page styles, including UA styles, on .media-controls-container, we need
            to explicitly inherit this style property from the page to ensure the mouse pointer automatically
            hides in fullscreen.

            * Modules/modern-media-controls/controls/media-controls.css:
            (.media-controls-container):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219621. rdar://problem/33465059

    2017-07-18  Antoine Quint  <graouts@apple.com>

            [iOS] WebKit media controls are sometimes shown after exiting full screen on vimeo.com
            https://bugs.webkit.org/show_bug.cgi?id=174627
            <rdar://problem/33301005>

            Reviewed by Dean Jackson, provisionally reviewed by Jeremy Jones.

            On iOS 11, both the WebKit media controls and the Vimeo custom controls would appear sometimes when exiting
            from fullscreen when the video was playing and the user would tap the X button, which would pause the video
            as well as exit fullscreen.

            The reason this happens is that the ControlsVisibilitySupport object, which governs whether the WebKit media
            controls should be displayed for a given video, woud listen to "pause" and "webkitfullscreenchange" events
            and determine whether to show the WebKit media controls. We listen to the "pause" event because when media
            pauses, and the video has the "controls" attribute set, we should show the controls and suspend the controls
            auto-hide timer. And we're interested in knowing when we enter and exit fullscreen because we want to override
            the "controls" attribute not being set when we enter fullscreen.

            However, on iOS 11, it appears that the "webkitfullscreenchange" event is not reliably fired as the user enters
            and exits fullscreen, which is tracked by webkit.org/b/174626. So, when the user exits fullscreen, we would be
            informed of the video being paused via a "pause" event, but not of the video exiting fullscreen. And because
            media events are asynchronous, the "pause" event would sometimes be fired before we exited fullscreen, and when
            the _updateControls() would run, we would sometimes determine that we are in fullscreen still and determine
            that the WebKit media controls should be shown.

            Of course, on iOS, the WebKit media controls are not shown and instead we delegate to AVKit to display media controls.
            So we could simply disregard this whole logic in iOS. But we choose to instead use the "webkitpresentationmodechanged"
            when the presentation mode API is supported, as is the case on iOS 11, to determine changes of media fullscreen state.
            This way, should we ever choose to support fullscreen media controls provided by WebKit on iOS, this logic is already
            correct and we write less platform-specific code.

            This, alas, cannot be tested since we can't force the X button to be tapped within the AVKit fullscreen controls.

            * Modules/modern-media-controls/media/controls-visibility-support.js:
            (ControlsVisibilitySupport.prototype.get mediaEvents):
            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController):
            * Modules/modern-media-controls/media/start-support.js:
            (StartSupport.prototype.get mediaEvents):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219591. rdar://problem/33464112

    2017-07-17  Brady Eidson  <beidson@apple.com>

            REGRESSION(r219298): imported/w3c/IndexedDB-private-browsing/idbfactory_open.html is crashing occassionaly (UniqueIDBDatabase being taken from the IDBServer set twice).
            <rdar://problem/33294987> and https://bugs.webkit.org/show_bug.cgi?id=174354

            Reviewed by Alex Christensen.

            No new tests (Covered by existing tests).

            * Modules/indexeddb/server/IDBServer.cpp:
            (WebCore::IDBServer::IDBServer::postDatabaseTaskReply): Remove a now invalid ASSERT

            * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
            (WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose): Add a RELEASE_ASSERT.
            (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Instead of an ad-hoc main thread dispatch, use the "schedule task reply" system
              to keep dispatch ordering in tact.
            (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply): Remove a now invalid ASSERT
            (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Only take the owning pointer if the object doesn't already own itself.

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219585. rdar://problem/33465177

    2017-07-17  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS DnD] Web process uses too much memory when beginning a drag on a very large image
            https://bugs.webkit.org/show_bug.cgi?id=174585
            <rdar://problem/33302541>

            Reviewed by Tim Horton.

            Currently, attempting to drag a very large image fails, either due to us telling CoreGraphics to create an image
            buffer that is too large, or because the web process exceeds its memory limit and gets jetsamed. There are two
            places where we can optimize our memory use during the drag initialization sequence, and this patch improves
            both.

            First, on iOS, we attempt to encode and send over a WebCore::Image in the PasteboardImage when writing to the
            item providers upon starting a drag. Currently, this Image is only used in the drag and drop codepath, in
            PlatformPasteboard::writeObjectRepresentations, to grab the size of the image being written for the purpose of
            specifying estimated display size. Serializing and deserializing an Image calls into Image::nativeImage, which
            attempts to draw the contents of the image into a buffer so that it can be shipped across to the UI process.
            Instead, we can simply compute the size in the web process while we already have the Image, and simply send that
            across. For copy/paste, this doesn't result in any behavior change, since we don't use the PasteboardImage's
            image in the first place.

            Secondly, when starting a drag, we try to allocate create an image buffer the size of the WebCore::Image for the
            purpose of generating the drag preview. Instead, this patch establishes a limit on the size of this drag preview
            image, such that if the Image's size is larger, we'll scale down the drag preview image to be the maximum
            allowed size.

            Test: DataInteractionTests.CanStartDragOnEnormousImage.

            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::writeImageToPasteboard):
            * platform/Pasteboard.h:
            * platform/graphics/GeometryUtilities.cpp:
            (WebCore::sizeWithAreaAndAspectRatio):

            Introduce a new helper function to compute a size with the given aspect ratio and area.

            * platform/graphics/GeometryUtilities.h:
            * platform/ios/DragImageIOS.mm:
            (WebCore::createDragImageFromImage):
            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::writeObjectRepresentations):

2017-07-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219413. rdar://problem/33337335

    2017-06-29  Dean Jackson  <dino@apple.com>

            Disable some features on this release branch.
            <rdar://problem/32913370>

            * Configurations/FeatureDefines.xcconfig:
            * page/Settings.in:

2017-07-17  Brady Eidson  <beidson@apple.com>

        WKHTTPCookieStore observing only works on the default cookie store.
        <rdar://problem/33330724> and https://bugs.webkit.org/show_bug.cgi?id=174580

        Reviewed by Sam Weinig.

        Covered by new API tests.
        
        startObservingCookieChanges and stopObservingCookieChanges are passed a NetworkStorageSession to observe.
        On Mac/iOS, the passed-in storage session was ignored and the shared cookie storage was assumed.
        Let's fix that.
        
        Also, since using NSNotification based observing only works reliably for the shared cookie storage,
        switch to direct CFHTTPCookieStorageRef observing.

        * WebCore.xcodeproj/project.pbxproj:
        
        * platform/network/NetworkStorageSession.h:
        
        * platform/network/cocoa/CookieStorageObserver.h: Added.
        * platform/network/cocoa/CookieStorageObserver.mm: Added.
        (WebCore::cookiesChanged):
        (WebCore::CookieStorageObserver::create):
        (WebCore::CookieStorageObserver::CookieStorageObserver):
        (WebCore::CookieStorageObserver::~CookieStorageObserver):
        (WebCore::CookieStorageObserver::startObserving):
        (WebCore::CookieStorageObserver::stopObserving):
        (WebCore::CookieStorageObserver::cookiesDidChange):
        
        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
        (WebCore::NetworkStorageSession::cookieStorageObserver):
        
        * platform/network/mac/CookieStorageMac.mm:
        (WebCore::startObservingCookieChanges):
        (WebCore::stopObservingCookieChanges):
        (-[WebCookieStorageObjCAdapter notifyCookiesChangedOnMainThread]): Deleted.
        (-[WebCookieStorageObjCAdapter cookiesChangedNotificationHandler:]): Deleted.
        (-[WebCookieStorageObjCAdapter startListeningForCookieChangeNotificationsWithCallback:]): Deleted.
        (-[WebCookieStorageObjCAdapter stopListeningForCookieChangeNotifications]): Deleted.
        
        * platform/spi/cf/CFNetworkSPI.h:

2017-07-17  Sam Weinig  <sam@webkit.org>

        [WebIDL] Rename JSCSSValueCustom.cpp to JSDeprecatedCSSOMValueCustom.cpp to match the underlying class
        https://bugs.webkit.org/show_bug.cgi?id=174550

        Reviewed by Brady Eidson.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSCSSValueCustom.cpp: Removed.
        * bindings/js/JSDeprecatedCSSOMValueCustom.cpp: Renamed from bindings/js/JSCSSValueCustom.cpp.
        Rename file and update references.

2017-07-17  Antoine Quint  <graouts@apple.com>

        REGRESSION: order of AirPlay and volume controls is inconsistent between <audio> and <video>
        https://bugs.webkit.org/show_bug.cgi?id=174581
        <rdar://problem/33297519>

        Reviewed by Sam Weinig.

        We had an inconsistency between <audio> and <video> controls for the relative order of the
        volume and AirPlay buttons. The <video> layout was correct (volume first and AirPlay after)
        and the <audio> layout now is the same.

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype._rightContainerButtons):

2017-07-17  Konstantin Tokarev  <annulen@yandex.ru>

        [CMake] Create targets before WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS is called
        https://bugs.webkit.org/show_bug.cgi?id=174557

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * CMakeLists.txt:

2017-07-17  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, rolling out r219556.

        Broke build without WebCrypto

        Reverted changeset:

        "[CMake] Clean up Web Crypto build targets"
        https://bugs.webkit.org/show_bug.cgi?id=174253
        http://trac.webkit.org/changeset/219556

2017-07-17  Antoine Quint  <graouts@apple.com>

        Media controls draw behind captions
        https://bugs.webkit.org/show_bug.cgi?id=174579
        <rdar://problem/33295427>

        Reviewed by Dean Jackson.

        Ensure the captions container is added as a previous sibling to the controls container.

        Test: media/modern-media-controls/media-controls/media-controls-display-above-captions.html

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):

2017-07-17  Zan Dobersek  <zdobersek@igalia.com>

        [CMake] Clean up Web Crypto build targets
        https://bugs.webkit.org/show_bug.cgi?id=174253

        Reviewed by Michael Catanzaro.

        Gather the common WebCrypto source files in CMakeLists.txt, including them
        in the build unconditionally and instead relying on ENABLE_SUBTLE_CRYPTO
        build guards to exclude the code from compilation if the feature is disabled.

        PlatformGTK.cmake, PlatformMac.cmake and PlatformWPE.cmake can then remove
        duplicated build targets. PlatformMac.cmake still lists all the Mac-specific
        Web Crypto build targets.

        PlatformGTK.cmake and PlatformWPE.cmake now include GCrypt.cmake if the build
        was configured to enable the use of libgcrypt. The new CMake file adds the
        libgcrypt-specific Web Crypto build targets to the build if the feature was
        enabled, and also sets up libgcrypt include directiories and libraries.

        No new tests -- no change in behavior.

        * CMakeLists.txt:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * platform/GCrypt.cmake: Added.

2017-07-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        -Wreorder warning caused by GraphicsContext3D cleanup
        https://bugs.webkit.org/show_bug.cgi?id=174511

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):

2017-07-16  Antoine Quint  <graouts@apple.com>

        Dismissing the captions panel using the mouse is too eager to remove the captions panel and media controls
        https://bugs.webkit.org/show_bug.cgi?id=174571
        <rdar://problem/33294968>

        Reviewed by Eric Carlson.

        We did several things wrong when dismissing the tracks panel:

            - we did not check whether we were hosted in a shadow root when figuring if a click was on the tracks panel
            - we did not check whether we clicked over the media when dismissing the tracks panel
            - we did not check whether auto-hide was on before fading the media controls out when we clicked outside
              the media controls bounds

        We now correctly account for all of those cases and implement the following behavior when clickng as the tracks
        panel is presented:
        
            - dismiss the panel if the click is outside of the panel
            - dismiss the panel and the media controls if the click is outside the video and the media controls have
              auto-hide on (ie. media is playing)
            - dismiss the panel and the media controls after the track selection animation is finished if a track is selected

        Tests: media/modern-media-controls/tracks-panel/tracks-panel-up-click-outside-media-does-not-dimiss-media-controls-when-media-is-paused.html
               media/modern-media-controls/tracks-panel/tracks-panel-up-click-over-media-does-not-dimiss-media-controls-when-media-is-playing.html

        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.hideTracksPanel): Only hide the media controls if we clicked outside of the media
        controls bounds and if we have auto-hide on when idle (ie. the media is playing).
        (MediaControls.prototype.isPointInControls): Add an option to specify whether the container should be
        considered when checking if a point is contained within the media controls bounds.
        * Modules/modern-media-controls/controls/tracks-panel.js:
        (TracksPanel.prototype._handleMousedown):
        (TracksPanel.prototype._isPointInTracksPanel): Correctly check whether the element that we started pressing
        on is contained within the tracks panel, accounting for the case where we are presented within a shadow root
        (ie. always when runing inside a Web page).

2017-07-16  Ali Juma  <ajuma@chromium.org>

        DisallowUserAgentShadowContent moves out of non-UA shadow roots
        https://bugs.webkit.org/show_bug.cgi?id=165647

        Reviewed by Ryosuke Niwa.

        Make rect-based hit-testing include nodes in non-UA shadow trees when the
        HitTestRequest has type DisallowUserAgentShadowContent.

        Test: fast/dom/nodesFromRect/nodesFromRect-shadow.html

        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::addNodeToRectBasedTestResult):
        * testing/Internals.cpp:
        (WebCore::Internals::nodesFromRect):
        * testing/Internals.h:

2017-07-16  Antoine Quint  <graouts@apple.com>

        Clicking edges of media control buttons changes visual state of button (pressed) but doesn't execute action
        https://bugs.webkit.org/show_bug.cgi?id=174565
        <rdar://problem/33294833>

        Reviewed by Dean Jackson.

        WebCore doesn't dispatch a "click" event to a parent element when a child that was the original target when
        the "mousedown" occured is no longer hit-testing at the location where the mouse pointer is at when the "mouseup"
        occurs (see webkit.org/b/174564). Since button icons, which are a <picture> element that is a child of the
        <button> element for media controls buttons, shrink to 89% of their size when the ":active" pseudo-class matches,
        clicking on the edges of the media controls buttons would not trigger the expected action.

        Test: media/modern-media-controls/button/button-click-on-edges.html

        * Modules/modern-media-controls/controls/button.css:
        (button > picture):

2017-07-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Make the decision for asynchronously decoding an image be in one place
        https://bugs.webkit.org/show_bug.cgi?id=174479

        Reviewed by Tim Horton.

        Move all the logic of whether a large image should be asynchronously decoded 
        or not be in one place: RenderBoxModelObject::decodingModeForImageDraw().

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::addPendingImageDrawingClient): Fixing unrelated 
        spelling error.
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isIBooks):
        (WebCore::IOSApplication::isIBooksStorytime):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings): Remove reading the setting
        largeImageAsyncDecodingEnabled from this function because it will be read
        by RenderBoxModelObject::decodingModeForImageDraw().
        (WebCore::BitmapImage::dataChanged):
        (WebCore::BitmapImage::draw):
        (WebCore::BitmapImage::shouldAnimate):
        (WebCore::BitmapImage::canAnimate):
        (WebCore::BitmapImage::canUseAsyncDecodingForLargeImages):
        (WebCore::BitmapImage::shouldUseAsyncDecodingForAnimatedImages):
        (WebCore::BitmapImage::canDestroyDecodedData):
        (WebCore::BitmapImage::shouldUseAsyncDecodingForLargeImages): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::canUseAsyncDecoding): It is okay to keep the 
        decoded frame if canUseAsyncDecodingForLargeImages() is true by the setting
        largeImageAsyncDecodingEnabled is false.
        (WebCore::ImageSource::shouldUseAsyncDecoding): Deleted.
        * platform/graphics/ImageSource.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::decodingModeForImageDraw): The plan is to
        add a new Internal settings to force asynchronous image decoding regardless
        of the image size and the settings.
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):

2017-07-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        [CMake] Raise minimum CMake requirement
        https://bugs.webkit.org/show_bug.cgi?id=174545

        Reviewed by Konstantin Tokarev.

        * WebCoreMacros.cmake:

2017-07-15  Brady Eidson  <beidson@apple.com>

        Make sure all CFHTTPCookieStorageRefs we create are scheduled.
        <rdar://problem/33221110> and https://bugs.webkit.org/show_bug.cgi?id=174513

        Reviewed by Tim Horton.

        * platform/spi/cf/CFNetworkSPI.h:

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Rename RenderStyle::fontSize() to RenderStyle::computedFontPixelSize()
        https://bugs.webkit.org/show_bug.cgi?id=174509

        Reviewed by Simon Fraser.

        We have three font size functions:
        - computedFontSize(): returns a float
        - specifiedFontSize(): also returns a float
        - fontSize(): returns the rounded computedFontSize()

        FontDescription uses the convention of labelling rounded values as "pixel",
        so a better name font fontSize() is computedFontPixelSize().

        Also, because font sizes can never be negative, switch the type from an int
        to an unsigned.

        No new tests because there is no behavior change.

        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (getAttributeSetForAccessibilityObject):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * platform/graphics/FontDescription.h:
        (WebCore::FontDescription::computedPixelSize):
        (WebCore::FontDescription::fontSelectionRequest):
        * rendering/RenderBlock.cpp:
        (WebCore::styleForFirstLetter):
        * rendering/RenderRubyRun.cpp:
        (WebCore::shouldOverhang):
        (WebCore::RenderRubyRun::getOverhang):
        * rendering/RenderRubyText.cpp:
        (WebCore::RenderRubyText::adjustInlineDirectionLineBounds):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::paintSearchFieldIcon):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustCheckboxStyle):
        (WebCore::RenderThemeIOS::adjustRadioStyle):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::controlSizeForFont):
        (WebCore::RenderThemeMac::controlSizeForSystemFont):
        (WebCore::RenderThemeMac::paintMenuListButtonDecorations):
        (WebCore::RenderThemeMac::popupInternalPaddingBox):
        (WebCore::RenderThemeMac::adjustMenuListButtonStyle):
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsButtonStyle):
        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::paintTextDecoration):
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::computeLineVerticalStretch):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::computedFontPixelSize):
        (WebCore::RenderStyle::computedLineHeight):
        (WebCore::RenderStyle::fontSize): Deleted.
        * rendering/style/RenderStyle.h:
        * style/InlineTextBoxStyle.cpp:
        (WebCore::visualOverflowForDecorations):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveElement):
        * svg/SVGLengthContext.cpp:
        (WebCore::SVGLengthContext::convertValueFromUserUnitsToEMS):
        (WebCore::SVGLengthContext::convertValueFromEMSToUserUnits):

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        line-height: <number> gets visually applied twice when text autosizing is in effect
        https://bugs.webkit.org/show_bug.cgi?id=174536
        <rdar://problem/33338259>

        Reviewed by Simon Fraser.

        StyleBuilderConverter::convertLineHeight() converts line-height: <number> into a
        "percentage" length. Then, when layout needs to know what the computed value of
        line-height is, RenderStyle::computedLineHeight() multiplies this percentage by
        the computed font size.

        With autosizing, the computed font size already incorporates the autosizing
        multiplier, so we shouldn't also incorporate this multiplier into the percentage
        value itself. getComputedStyle()'s lineHeightFromStyle() was compensating for
        this double application by multiplying the percentage by the font-size's specified
        value instead of its computed value, which is incorrect.

        Test: fast/text-autosizing/line-height-number.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::lineHeightFromStyle):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLineHeight):

2017-07-15  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS WK2] Presenting an action sheet on an image map prevents selection UI from updating
        https://bugs.webkit.org/show_bug.cgi?id=174539
        <rdar://problem/33307395>

        Reviewed by Darin Adler.

        Currently, if TextIndicator fails to take a snapshot in TextIndicator::createWithRange, we will enter an
        inconsistent state in the web process where Editor will continue to ignore selection changes until the next time
        Editor::setIgnoreSelectionChanges(false) is called. This causes us to indefinitely defer EditorState updates to
        the UI process, which leads to selection UI appearing unresponsive.

        To fix this, we introduce a new TemporarySelectionChange object to simplify selection changes and/or
        EditorState-update-ignoring behaviors within the scope of a single function. The constructor applies these
        temporary changes, and the destructor reverts them as needed to their prior values.

        This patch only adopts TemporarySelectionChange in order to fix this bug, but future patches will replace the
        remaining places where we temporarily change selection and/or ignore selection with this helper.

        Test: ActionSheetTests.ImageMapDoesNotDestroySelection.

        * editing/Editor.cpp:
        (WebCore::TemporarySelectionChange::TemporarySelectionChange):
        (WebCore::TemporarySelectionChange::~TemporarySelectionChange):
        * editing/Editor.h:
        * editing/FrameSelection.h:
        (WebCore::FrameSelection::isUpdateAppearanceEnabled):
        * page/TextIndicator.cpp:
        (WebCore::TextIndicator::createWithRange):

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Clean up line-height and minimumFontSize functions
        https://bugs.webkit.org/show_bug.cgi?id=174535

        Reviewed by Simon Fraser.

        No behavior change.

        No new tests because there is no behavior change.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLineHeight):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::adjustRenderStyle):
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        (WebCore::StyleResolver::applyMatchedProperties):
        (WebCore::StyleResolver::cascadedPropertiesForRollback):
        (WebCore::StyleResolver::applyProperty):
        (WebCore::StyleResolver::checkForZoomChange):
        (WebCore::StyleResolver::createFilterOperations):
        (WebCore::StyleResolver::CascadedProperties::set):
        (WebCore::StyleResolver::applyCascadedProperties):
        * style/StyleFontSizeFunctions.cpp:
        (WebCore::Style::computedFontSizeFromSpecifiedSize):
        (WebCore::Style::computedFontSizeFromSpecifiedSizeForSVGInlineText):
        (): Deleted.

2017-07-14  Jonathan Bedard  <jbedard@apple.com>

        Add iOS 11 SPI
        https://bugs.webkit.org/show_bug.cgi?id=174430
        <rdar://problem/33269288>

        Reviewed by Tim Horton.

        * WebCore.xcodeproj/project.pbxproj: Add sqlite3SPI.h header.
        * platform/ios/PlatformPasteboardIOS.mm: Move UIKit SPI to UIKitSPI.h.
        * platform/ios/WebItemProviderPasteboard.mm: Ditto.
        * platform/network/cf/FormDataStreamCFNet.cpp: Explicitly define fnfErr and remove
        MacErrors.h header for iOS.
        * platform/spi/cocoa/IOSurfaceSPI.h: IOSurface is no longer SPI in iOS 11.
        * platform/spi/cocoa/PassKitSPI.h: Do not re-define setRequiredShippingContactFields
        and setRequiredBillingContactFields in iOS 11.
        * platform/spi/cocoa/QuartzCoreSPI.h: Added QuartzCoreSPI used in iOS 11.
        * platform/spi/ios/UIKitSPI.h: Add drag-and-drop SPI.
        * platform/spi/ios/sqlite3SPI.h: Define required sqlite3 macros.
        * platform/sql/SQLiteFileSystem.cpp: Use sqlite3SPI.h.

2017-07-14  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA PKCS#8 exports
        https://bugs.webkit.org/show_bug.cgi?id=173697

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 import operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::exportPkcs8(), we bail early with an invalid access exception if
        this export is not being done for a private key. Otherwise, we start with creating
        the `RSAPrivateKey` ASN.1 structure, writing out '0' under the `version` element
        and then retrieving the modulus, public and private exponent and both primes.
        MPI data for those parameters is written out into corresponding elements in the
        `RSAPrivateKey` structure. We then manually compute values of both exponents and
        the coefficient parameters, using the private exponent's and both primes' MPI
        values. The p and q parameters (i.e. the primes) are switched in libgcrypt,
        deviating from the standard practice, so we have to operate with those two
        accordingly. We eliminate the optional `otherPrimeInfos` attribute on the
        `RSAPrivateKey` structure. Support for this attribute will be added later.

        We then create the `PrivateKeyInfo` ASN.1 structure, and write out '0' under the
        `version` element. The id-rsaEncryption object identifier is written out under
        the `algorithm.algorithm` element. In the future, an object identifier that
        matches this key's algorithm will have to be written out here (id-RSASSA-PSS or
        id-RSAES-OAEP), along with the appropriate parameters structure, but no test in
        WebKit or the web-platform-tests suite covers this detail. For now, a null value
        is written out under the `algorithm.parameters` element.

        Data for the `RSAPrivateKey` structure is retrieved and written out under the
        `privateKey` element.  The optional `attributes` element on the `PrivateKeyInfo`
        structure is eliminated.

        Data that was encoded through the `PrivateKeyInfo` structure is then retrieved
        and returned from the exportPkcs8() method.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::exportPkcs8):

2017-07-14  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA PKCS#8 imports
        https://bugs.webkit.org/show_bug.cgi?id=173696

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 import operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::importPkcs8(), the provided key data is decoded against the
        'PrivateKeyInfo` ASN.1 structure. We then validate the `version` element and
        check that the `privateKeyAlgorithm.algorithm` element contains a supported
        object identifier. This check is for now mostly superficial, only ensuring
        that the object identifier is either id-rsaEncryption, id-RSAES-OAEP or
        id-RSASSA-PSS. This has to be further extended to also check the
        id-sha{1,256,384,512}WithRSAEncryption identifiers as well as decoding the
        `privateKeyAlgorithm.parameters` element against a specific ASN.1 structure, if
        necessary (RSASSA-PSS-params or RSAES-OAEP-params), and cross-checking the
        specified digest algorithm with the algorithm that's specified through the main
        object identifier or the structure contained in `privateKeyAlgorithm.parameters`.
        This is avoided for now because no test in WebKit or the web-platform-tests
        suite covers this detail of the specification.

        Data under the `privateKey` element is decoded against the `RSAPrivateKey` ASN.1
        structure, and the `version` element of that structure is validated. We then
        retrieve data from that structure for the modulus, public exponent, private
        exponent, both primes, both exponents and the coefficient parameters, bailing if
        any of them is missing. Because libgcrypt switches the use of p and q parameters,
        deviating from the standard use, we have to recompute the u parameter (the
        coefficient). With that calculated, we're then able to construct the `private-key`
        s-expression, embedding into it all the necessary parameters, and transferring
        the ownership of this object to the new CryptoKeyRSA object that's then returned
        from the importPkcs8() method.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::importPkcs8):

2017-07-14  Chris Dumez  <cdumez@apple.com>

        Possible crash in ~UserGestureIndicator() when on non-main thread
        https://bugs.webkit.org/show_bug.cgi?id=174522
        <rdar://problem/30283071>

        Reviewed by Sam Weinig.

        UserGestureIndicator objects may be constructed / destructed in worker thread
        (e.g. in DOMTimer::fired()). The UserGestureIndicator constructor / destructor
        are supposed to be no-op on non-main threads so that it is safe. However,
        we were mistakenly initializing m_previousToken data member in the constructor
        on background thread, which meant that we could crash later on in the
        UserGestureIndicator destructor when destroying m_previousToken.

        Test: fast/workers/worker-user-gesture.html

        * dom/UserGestureIndicator.cpp:
        (WebCore::currentToken):
        (WebCore::UserGestureIndicator::UserGestureIndicator):

2017-07-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219516.

        This caused an API failure on macOS.

        Reverted changeset:

        "Make sure all CFHTTPCookieStorageRefs we create are
        scheduled."
        https://bugs.webkit.org/show_bug.cgi?id=174513
        http://trac.webkit.org/changeset/219516

2017-07-14  Jer Noble  <jer.noble@apple.com>

        Allow clients to override their own hardware media requirements where no fallback media exists.
        https://bugs.webkit.org/show_bug.cgi?id=174426
        <rdar://problem/32537704>

        Reviewed by Eric Carlson.

        Add a new setting which allows clients to specify their own mediaContentTypesRequiringHardwareSupport should be
        ignared in the case where no fallback exists, such as the case of a single <source> element, or setting the src
        attribute directly.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::havePotentialSourceChild):
        (WebCore::HTMLMediaElement::selectNextSourceChild):
        (WebCore::HTMLMediaElement::sourceWasAdded):
        (WebCore::HTMLMediaElement::sourceWasRemoved):
        (WebCore::HTMLMediaElement::mediaPlayerShouldCheckHardwareSupport):
        * html/HTMLMediaElement.h:
        * page/Settings.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::shouldCheckHardwareSupport):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerShouldCheckHardwareSupport):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::assetStatus):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):

2017-07-14  Chris Dumez  <cdumez@apple.com>

        Possible crash under NetworkSocketStream::didFailSocketStream()
        https://bugs.webkit.org/show_bug.cgi?id=174526
        <rdar://problem/32831441>

        Reviewed by Brent Fulgham.

        Call m_client.didFailSocketStream() asynchronously in the constructor as our
        caller (the client) is also being initialized at this point.

        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):

2017-07-14  Youenn Fablet  <youenn@apple.com>

        WebRTC: silence data not sent for disabled audio track
        https://bugs.webkit.org/show_bug.cgi?id=174456
        <rdar://problem/33284623>

        Reviewed by Eric Carlson.

        Test: webrtc/audio-muted-stats.html
              webrtc/audio-muted-stats2.html

        Adding a timer-based approach to send 10ms of silence every second.
        This is consistent with how muted video tracks are implemented.
        In case the audio track is muted at the time it is added, no silence data is sent.

        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::RealtimeOutgoingAudioSource):
        (WebCore::RealtimeOutgoingAudioSource::initializeConverter):
        (WebCore::RealtimeOutgoingAudioSource::stop):
        (WebCore::RealtimeOutgoingAudioSource::sourceMutedChanged):
        (WebCore::RealtimeOutgoingAudioSource::sourceEnabledChanged):
        (WebCore::RealtimeOutgoingAudioSource::handleMutedIfNeeded):
        (WebCore::RealtimeOutgoingAudioSource::sendSilence):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:

2017-07-14  Michael Catanzaro  <mcatanzaro@igalia.com>

        [CMake] Unclear distinction between WebKitHelpers and WebKitMacros
        https://bugs.webkit.org/show_bug.cgi?id=153189

        Reviewed by Antonio Gomes.

        * CMakeLists.txt: Include WebCoreMacros.cmake.
        * WebCoreMacros.cmake: Added.

2017-07-14  Jeremy Jones  <jeremyj@apple.com>

        Fix style for name of class alloc function in WebVideoFullscreenInterfaceAVKit.
        https://bugs.webkit.org/show_bug.cgi?id=174476

        Reviewed by Alex Christensen.

        No new tests because no behavior change.

        This is a rename for per style requirements.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (allocWebAVPictureInPicturePlayerLayerViewInstance):
        (WebAVPlayerLayerView_pictureInPicturePlayerLayerView):
        (allocWebAVPlayerLayerViewInstance):
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen):
        (getWebAVPictureInPicturePlayerLayerViewClass): Deleted.
        (getWebAVPlayerLayerViewClass): Deleted.

2017-07-14  Jer Noble  <jer.noble@apple.com>

        [MSE] Removing samples when presentation order does not match decode order can cause bad behavior.
        https://bugs.webkit.org/show_bug.cgi?id=174514

        Reviewed by Sam Weinig.

        Test: media/media-source/media-source-remove-decodeorder-crash.html

        Fix the algorithm in removeCodedFrames() so that it's not possible to have a removePresentationStart >
        removePresentationEnd (and also removeDecodeStart > removeDecodeEnd).

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::PresentationOrderSampleMap::findSampleContainingOrAfterPresentationTime):
        (WebCore::PresentationOrderSampleMap::findSampleStartingAfterPresentationTime):
        * Modules/mediasource/SampleMap.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removeCodedFrames):

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Increase CoreAudio render audio buffer sizes for WebRTC
        https://bugs.webkit.org/show_bug.cgi?id=174508

        Reviewed by Eric Carlson.

        Covered by manually testing audio rendering through WebRTC sites.

        * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
        (WebCore::AudioTrackPrivateMediaStreamCocoa::createAudioUnit): Setting audio buffer size equivalent to 20 ms.

2017-07-14  Brady Eidson  <beidson@apple.com>

        Make sure all CFHTTPCookieStorageRefs we create are scheduled.
        <rdar://problem/33221110> and https://bugs.webkit.org/show_bug.cgi?id=174513

        Reviewed by Tim Horton.

        * platform/spi/cf/CFNetworkSPI.h:

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Remove CoreAudioCaptureSource speaker configuration
        https://bugs.webkit.org/show_bug.cgi?id=174512

        Reviewed by Eric Carlson.

        Covered by manually testing audio rendering through WebRTC sites.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::setupAudioUnit):

2017-07-14  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Limit the number of remote video samples queued
        https://bugs.webkit.org/show_bug.cgi?id=174505
        <rdar://problem/33223015>

        Reviewed by Youenn Fablet.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::removeOldSamplesFromPendingQueue): Only
        enqueue a fixed number of frames with invalid or negative decode times.

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Report CoreAudioCaptureSource failure in case shared unit stops working properly
        https://bugs.webkit.org/show_bug.cgi?id=174494

        Reviewed by Eric Carlson.

        Manual test by interrupting an audio capture on Mac.

        This patch adds a timer to CoreAudioSharedUnit.
        In case the capture callback is not called after one second, the shared unit is said to fail.
        Each source is notified that capture is failing.
        This will in turn trigger onend track event so that web pages can remedy capture failure.

        Timer starts with 10 seconds for audio data to start being captured.
        It is then decreased to 2 seconds.

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::captureFailed):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::CoreAudioSharedUnit):
        (WebCore::CoreAudioSharedUnit::processMicrophoneSamples):
        (WebCore::CoreAudioSharedUnit::startInternal):
        (WebCore::CoreAudioSharedUnit::verifyIsCapturing):
        (WebCore::CoreAudioSharedUnit::stopInternal):

2017-07-14  Jer Noble  <jer.noble@apple.com>

        Adding the 'autoplay' attribute to a media element during a user gesture should remove user gesture restrictions.
        https://bugs.webkit.org/show_bug.cgi?id=174373

        Reviewed by Eric Carlson.

        Test: media/video-add-autoplay-user-gesture.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2017-07-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219500.

        The test is consistently failing on iOS simulator.

        Reverted changeset:

        "AX: VoiceOver silent or skipping over time values on media
        player."
        https://bugs.webkit.org/show_bug.cgi?id=174324
        http://trac.webkit.org/changeset/219500

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] error 'm_compositorTexture': undeclared identifier since Bug 174345
        https://bugs.webkit.org/show_bug.cgi?id=174493

        Reviewed by Alex Christensen.

        Compilation errors are reported by the code using a member
        m_compositorTexture of GraphicsContext3D which exists only if
        USE(COORDINATED_GRAPHICS_THREADED). WinCairo port doesn't use it.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        Use m_compositorTexture only if USE(COORDINATED_GRAPHICS_THREADED).
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Ditto.
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        Ditto. Fix the wrong indentation level.

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [HarfBuzz] Decomposed Vietnamese characters are rendered incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=174418

        Reviewed by Michael Catanzaro.

        HarfBuzzShaper should normalize the input text before collecting
        HarfBuzzRuns. Actually, HarfBuzzShaper::setNormalizedBuffer does
        the task. But, this function hasn't been called from anywhere
        since Bug 108077.

        Test: fast/text/international/vietnamese-nfd.html

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzShaper):
        Call setNormalizedBuffer instead of normalizeCharacters.
        (WebCore::normalizeCharacters): Deleted.

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] Build broken "Cannot open include file: 'GL/glext.h'" since Bug 172104
        https://bugs.webkit.org/show_bug.cgi?id=174492

        Reviewed by Žan Doberšek.

        WinCairo port uses GLES. OpenGLShims.h shouldn't be included.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        Include "OpenGLShims.h" only if !USE(OPENGL_ES_2) instead of USE(OPENGL).

2017-07-14  Chris Dumez  <cdumez@apple.com>

        PageCache::removeAllItemsForPage(Page&) may reenter itself and cause crashes
        https://bugs.webkit.org/show_bug.cgi?id=174473
        <rdar://problem/32177485>

        Reviewed by Antti Koivisto.

        This could happen when a Page containing an SVGImage is removed from PageCache and
        this resulted in the destruction of the SVGImage. Because the SVGImage has an internal
        utility Page, it will also call PageCache::removeAllItemsForPage(WebCore::Page&) upon
        destruction, causing us to reenter.

        Address the issue by not calling PageCache::removeAllItemsForPage() for utility pages
        since those cannot be in PageCache in the first place.

        Also add assertions to make sure:
        1. We never insert a utility page into PageCache
        2. PageCache::removeAllItemsForPage() does not reenter

        No new tests, because I was unable to write a test which reproduced the crash. This
        is in theory testable using an API test which enables PageCache, loads a page
        containing an SVGImage, navigates away from this page so that it goes into PageCache,
        and then calls [WebView _close]. However, when I tried writing such test, I could
        not get the SVGImage to get destroyed while PageCache::removeAllItemsForPage() is
        called for the top-level page for some reason. Something seems to be keeping the
        SVGImage alive longer. I tried disabling the MemoryCache but it did not help.

        * history/PageCache.cpp:
        (WebCore::PageCache::addIfCacheable):
        (WebCore::PageCache::removeAllItemsForPage):
        * history/PageCache.h:
        * page/Page.cpp:
        (WebCore::Page::~Page):

2017-07-14  Aaron Chu  <aaron_chu@apple.com>

        AX: VoiceOver silent or skipping over time values on media player.
        https://bugs.webkit.org/show_bug.cgi?id=174324
        <rdar://problem/32021784>

        Reviewed by Antoine Quint.

        Added role attribute to modern media controls time lable class so that VoiceOver can access the time label when the media is playing.

        Updated: media/modern-media-controls/time-label/time-label.html

        * Modules/modern-media-controls/controls/time-label.js:

2017-07-13  Michael Catanzaro  <mcatanzaro@igalia.com>

        Fix compiler warnings when building with GCC 7
        https://bugs.webkit.org/show_bug.cgi?id=174463

        Reviewed by Darin Adler.

        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setShouldManageAudioSessionCategory):

2017-07-13  Michael Catanzaro  <mcatanzaro@igalia.com>

        Incorrect call to StyledElement::setInlineStyleProperty in ImageDocument::createDocumentStructure
        https://bugs.webkit.org/show_bug.cgi?id=174470

        Reviewed by Darin Adler.

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::createDocumentStructure):

2017-07-13  Dean Jackson  <dino@apple.com>

        Fix iOS build.

        * platform/graphics/GraphicsContext3D.h:

2017-07-12  Dean Jackson  <dino@apple.com>

        Rename GraphicsContext[3D]Mac to Cocoa and move things into graphics/cocoa
        https://bugs.webkit.org/show_bug.cgi?id=174453
        <rdar://problem/33281481>

        Reviewed by Simon Fraser.

        Two renames, two moves:
        graphics/mac/GraphicsContext3DMac.mm -> graphics/cocoa/GraphicsContext3DCocoa.mm
        graphics/mac/GraphicsContext.mm -> graphics/cocoa/GraphicsContextCocoa.mm
        graphics/mac/WebGLLayer.h -> graphics/cocoa/WebGLLayer.h
        graphics/mac/WebGLLayer.mm -> graphics/cocoa/WebGLLayer.mm

        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: Renamed from Source/WebCore/platform/graphics/mac/GraphicsContext3DMac.mm.
        * platform/graphics/cocoa/GraphicsContextCocoa.mm: Renamed from Source/WebCore/platform/graphics/mac/GraphicsContextMac.mm.
        * platform/graphics/cocoa/WebGLLayer.h: Renamed from Source/WebCore/platform/graphics/mac/WebGLLayer.h.
        * platform/graphics/cocoa/WebGLLayer.mm: Renamed from Source/WebCore/platform/graphics/mac/WebGLLayer.mm.

2017-07-12  Dean Jackson  <dino@apple.com>

        Clean-up some things in GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=174452
        <rdar://problem/33281257>

        Reviewed by Simon Fraser.

        General clean-up in GC3D.

        Covered by existing tests.

        * platform/graphics/GraphicsContext3D.h: Use initial values where possible.
        (WebCore::GraphicsContext3D::GraphicsContext3DState::GraphicsContext3DState): Deleted.
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D): Nearly everything can come from the
        initial values now.
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Remove code that won't be enabled
        on this platform.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::paintRenderingResultsToCanvas): While unlikely to happen,
        and possibly harmless in this case, add some checked arithmetic to make sure we don't overflow
        when working out how big a buffer to create.
        (WebCore::GraphicsContext3D::paintRenderingResultsToImageData): Ditto.
        (WebCore::GraphicsContext3D::reshape): Do nothing if we are ever given negative
        width or height. Again unlikely.

2017-07-13  Dean Jackson  <dino@apple.com>

        Avoid unnecessary copy of framebuffer into WebGL Layer
        https://bugs.webkit.org/show_bug.cgi?id=174345
        <rdar://problem/33228950>

        Reviewed by Sam Weinig.

        On macOS, we're unnecessarily copying the framebuffer into another
        texture before pushing it into the compositing layer. Instead we
        should simply render the FBO into the CALayer we use to draw on
        the screen.

        Covered by the existing WebGL tests.

        * platform/graphics/GraphicsContext3D.h:
        (WebCore::GraphicsContext3D::platformTexture): Return the FBO texture instead.
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D): No need to have a compositing
        texture.
        (WebCore::GraphicsContext3D::~GraphicsContext3D):
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture): Don't copy the pixels from
        the FBO into the compositing texture

2017-07-13  Mark Lam  <mark.lam@apple.com>

        Implementors of memoryCost() need to be thread-safe.
        https://bugs.webkit.org/show_bug.cgi?id=172738
        <rdar://problem/32474881>

        Reviewed by Keith Miller.

        No new tests. This patch fixes a race condition bug that can result in random
        crashes (and other unpredictable behavior), and is very difficult to test for.

        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::releaseMemory):
        (WebCore::AudioBuffer::memoryCost):
        * Modules/webaudio/AudioBuffer.h:
        * dom/ChildNodeList.h:
        * dom/CollectionIndexCache.h:
        (WebCore::CollectionIndexCache::memoryCost):
        * dom/LiveNodeList.h:
        * html/CachedHTMLCollection.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::memoryCost):
        (WebCore::HTMLCanvasElement::externalMemoryCost):
        (WebCore::HTMLCanvasElement::setImageBuffer):
        * html/HTMLCanvasElement.h:
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::invalidateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::CollectionNamedElementCache::memoryCost):
        (WebCore::HTMLCollection::memoryCost):
        (WebCore::HTMLCollection::setNamedItemCache):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::memoryCost):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::memoryCost):
        (WebCore::ImageBuffer::externalMemoryCost):

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Fix style. Use #pragma once in VideoFullscreen and PlaybackSession headers.
        https://bugs.webkit.org/show_bug.cgi?id=174448

        Reviewed by Eric Carlson.

        No behavior change.

        * platform/cocoa/WebPlaybackSessionInterface.h:
        * platform/cocoa/WebVideoFullscreenChangeObserver.h:
        * platform/cocoa/WebVideoFullscreenModel.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        * platform/ios/WebPlaybackSessionInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenControllerAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/mac/WebVideoFullscreenInterfaceMac.h:

2017-07-13  Alex Christensen  <achristensen@webkit.org>

        Deleting last URLSearchParams key should remove trailing ? in associated URL
        https://bugs.webkit.org/show_bug.cgi?id=174465

        Reviewed by Chris Dumez.

        This makes us match the behavior of Chrome and Firefox, and the spec after https://github.com/whatwg/url/issues/332 is approved.
        This will be covered by an upcoming web platform test, and I updated fast/dom/DOMURL/searchparams.html to cover it now.

        * platform/URLParser.cpp:
        (WebCore::URLParser::serialize):
        If there are no tuples, serialize to the null string instead of a non-null empty string.
        This makes it so URL::setQuery removes the ?

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Style fix. Replace strongThis with protectedThis.
        https://bugs.webkit.org/show_bug.cgi?id=174444

        Reviewed by Eric Carlson.

        Rename, no behavior change.

        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::finish):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData):
        (WebCore::WebCoreDecompressionSession::enqueueSample):
        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
        (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):
        (WebCore::WebCoreDecompressionSession::requestMediaDataWhenReady):
        (WebCore::WebCoreDecompressionSession::flush):

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Fix block style in WebVideoFullscreen classes.
        https://bugs.webkit.org/show_bug.cgi?id=174446

        Reviewed by Eric Carlson.

        No behavior change.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setVideoLayerFrame):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerLayer layoutSublayers]):
        (getWebAVPictureInPicturePlayerLayerViewClass):
        (getWebAVPlayerLayerViewClass):

2017-07-13  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unused and untested Page domain commands
        https://bugs.webkit.org/show_bug.cgi?id=174429

        Reviewed by Timothy Hatcher.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::disable):
        (WebCore::InspectorPageAgent::didClearWindowObjectInWorld):
        (WebCore::InspectorPageAgent::addScriptToEvaluateOnLoad): Deleted.
        (WebCore::InspectorPageAgent::removeScriptToEvaluateOnLoad): Deleted.
        * inspector/InspectorPageAgent.h:

2017-07-13  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA SPKI exports
        https://bugs.webkit.org/show_bug.cgi?id=173695

        Reviewed by Jiewen Tan.

        Implement the SPKI export operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::exportSpki(), we bail early with an invalid access exception if
        this export is not being done for a public key. Otherwise, we start with creating
        the `RSAPublicKey` ASN.1 structure, filling in the modulus and public exponent
        data that's retrieved from the `public-key` s-expression in the signed MPI format.

        We then create the `SubjectPublicKeyInfo` ASN.1 structure and fill it out with
        the necessary data. The id-rsaEncryption object identifier is written out under
        the `algorithm.algorithm` element, and a null value is written out under the
        `algorithm.parameters` element. This doesn't follow the specification at the
        moment, since id-RSASSA-PSS would have to be written for the RSA-PSS algorithm,
        and id-RSAES-OAEP for the RSA-OAEP algorithm, along with specific parameter
        structures. But no test in WebKit or the web-platform-tests suite covers this,
        so this deviation should be addressed later.

        Data of the previously-constructed `RSAPublicKey` structure is retrieved and
        written out under the `subjectPublicKey` element, before finally retrieving
        data of the `SubjectPublicKeyInfo` structure and returning that to the caller.

        A helper mpiSignedData() function is added, providing overloads for gcry_mpi_t
        and gcry_sexp_t parameters. MPI data for that parameter is retrieved and the
        first byte of that data is tested, inserting an additional 0x00 byte at the
        beginning of the Vector if that first byte has the first bit set, avoiding this
        data accidentally being interpreted as a signed integer.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::exportSpki):
        * crypto/gcrypt/GCryptUtilities.h:
        (WebCore::mpiSignedData):

2017-07-13  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA SPKI imports
        https://bugs.webkit.org/show_bug.cgi?id=173694

        Reviewed by Jiewen Tan.

        Implement the SPKI import operation for RSA keys for platforms that use
        libgcrypt.

        The passed-in key data is decoded against the `SubjectPublicKeyInfo` ASN.1
        structure. We then validate the `algorithm.algorithm` element, ensuring that
        the value under that represents a supported object identifier. This check is
        for now mostly superficial, only ensuring that the object identifier is either
        id-rsaEncryption, id-RSAES-OAEP or id-RSASSA-PSS. This has to be further extended
        to also check the id-sha{1,256,384,512}WithRSAEncryption identifiers as well as
        decoding the `algorithm.parameters` element against a specific ASN.1 structure,
        if necessary (RSASSA-PSS-params or RSAES-OAEP-params), and cross-checking the
        specified digest algorithm with the algorithm that's specified through the main
        object identifier or the structure contained in `algorithm.parameters`. This is
        avoided for now because no test in WebKit or the web-platform-tests suite covers
        this detail of the specification.

        After the algorithm is identified as supported, we proceed with decoding the
        `subjectPublicKey` data against the `RSAPublicKey` ASN.1 structure. From there,
        we retrieve the `modulus` and `publicExponent` data from which we can construct
        an RSA `public-key` s-expression that can be used through libgcrypt. A new
        CryptoKeyRSA object is then created, taking over ownership of the `public-key`
        s-expression, and returned.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::supportedAlgorithmIdentifier):
        (WebCore::CryptoKeyRSA::importSpki):

2017-07-12  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        REGRESSION(r219332): [GTK] 9 new failures on fast/forms spinbutton related tests
        https://bugs.webkit.org/show_bug.cgi?id=174395

        Reviewed by Carlos Garcia Campos.

        Covered by existing tests.

        Before r219332 the height of the spin button widget was
        calculated as the maximum value between the individual button
        ( the [+] or [-] ) width (33 pixels) and height (16 pixels).
        And r219332 caused the height of the widget to be calculated as
        the height of the button (16 pixels), which was incorrect as
        each button should be first expanded vertically to fit the
        preferred size of the widget.

        Fix this by making the calculations about the spin button widget
        on a new function spinButtonSize() that takes this into account,
        and use this values both for adjusting the style of the input
        field and the spin button widget itself.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::spinButtonSize):
        (WebCore::RenderThemeGtk::adjustTextFieldStyle):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):

2017-07-13  Miguel Gomez  <magomez@igalia.com>

        [GTK][WPE] border-radius with non visible border doesn't work on images that have their own RenderLayer
        https://bugs.webkit.org/show_bug.cgi?id=174157

        Reviewed by Carlos Garcia Campos.

        Do not allow direct compositing of images when they have a border-radius property on WebKitGTK+ and WPE.
        These platforms don't support clipping using rounded rectangles during composition, which is required
        when using border-radius and the border is not visible. Due to this, they need to perform the clippping
        with cairo.

        This is a temporal fix, until appropriate clipping is implemented in the TextureMapper.

        No new tests.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2017-07-13  Chris Fleizach  <cfleizach@apple.com>

        AX: WebView crashes app after opening VoiceOver context box menu from modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=163999
        <rdar://problem/28949013>

        Reviewed by Joanmarie Diggs.

        Protect when m_object goes away.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityShowContextMenu]):

2017-07-12  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Async image decoding for large images should be disabled by default
        https://bugs.webkit.org/show_bug.cgi?id=174432

        Reviewed by Simon Fraser.

        -- Rename GraphicsLayerPaintFlags::Snapshotting to AllowAsyncImageDecoding.
        -- Replace every reference to GraphicsLayerPaintFlags::Snapshotting by
           GraphicsLayerPaintFlags::None and every GraphicsLayerPaintFlags::None
           by AllowAsyncImageDecoding.
        -- Rename PaintBehaviorSnapshotting to PaintBehaviorAllowAsyncImageDecoding.
        -- Propagate PaintBehaviorAllowAsyncImageDecoding from a parent view to 
           a child view instead of propagating PaintBehaviorSnapshotting.
        -- Remove setting the bit PaintBehaviorSnapshotting in any new PaintBehavoir.
        -- Replace setting the bit PaintBehaviorSnapshotting in an existing PaintBehavoir
           by resetting the bit PaintBehaviorAllowAsyncImageDecoding.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::paintContentsForSnapshot):
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/GraphicsLayerClient.h:
        * platform/graphics/mac/WebLayer.mm:
        (-[WebLayer drawInContext:]):
        (-[WebSimpleLayer drawInContext:]):
        * rendering/PaintPhase.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintForegroundForFragments):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintContents):
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::paintContents): We need to propagate the 
        PaintBehaviorAllowAsyncImageDecoding from RenderWidget to the FrameView.
        We did not need to do that for PaintBehaviorSnapshotting because 
        FrameView was setting it in its m_paintBehavior if (document->printing())
        in FrameView::willPaintContents().

2017-07-12  Timothy Hatcher  <timothy@hatcher.name>

        REGRESSION(r219391): Broke the USE(OPENGL_ES_2) build
        https://bugs.webkit.org/show_bug.cgi?id=174442

        Unreviewed build fix.

        * platform/graphics/egl/GLContextEGL.cpp: Fix typo of OPENGL_ES2.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Recreate the AudioUnit when restarting capture
        https://bugs.webkit.org/show_bug.cgi?id=174439

        Reviewed by Jer Noble.

        Sometimes other applications in the system like FaceTime may make the audio unit not functional.
        Reloading the tab capturing audio will trigger a call to stop the audio shared unit.
        When the tab requests again audio, the shared unit will restart.
        At that time, the AudioUnit shared unit will be fully recreated.

        Manually tested by doing a webrtc call and then doing a FaceTime call.
        Remote WebRTC endpoints may not receive any audio.
        With the patch, reloading the web page will get back the audio.
        Previously, restarting the UIProcess was the only way.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::startProducingData): Cleaning the audio unit when starting to produce data if there is a preexisting audio unit.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Accessing localDescription, remoteDescription, etc. after setTimeout raises EXC_BAD_ACCESS
        https://bugs.webkit.org/show_bug.cgi?id=174323
        <rdar://problem/33267876>

        Reviewed by Eric Carlson.

        Test: webrtc/calling-peerconnection-once-closed.html

        In case the libwebrtc backend is null, we should not use it to get description from it.
        Return null in that case.

        Adding ASSERT to other calls where the layer above LibWebRTCMediaEndpoint should protect
        from calling a function on a null libwebrtc backend.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::currentLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::currentRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::pendingLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::pendingRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::localDescription):
        (WebCore::LibWebRTCMediaEndpoint::remoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::doSetLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::doSetRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::addTrack):
        (WebCore::LibWebRTCMediaEndpoint::removeTrack):
        (WebCore::LibWebRTCMediaEndpoint::doCreateOffer):
        (WebCore::LibWebRTCMediaEndpoint::doCreateAnswer):
        (WebCore::LibWebRTCMediaEndpoint::createDataChannel):

2017-07-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219176.
        https://bugs.webkit.org/show_bug.cgi?id=174436

        "Can cause infinite recursion on iOS" (Requested by mlam on
        #webkit).

        Reverted changeset:

        "WTF::Thread should have the threads stack bounds."
        https://bugs.webkit.org/show_bug.cgi?id=173975
        http://trac.webkit.org/changeset/219176

2017-07-12  Nan Wang  <n_wang@apple.com>

        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
        https://bugs.webkit.org/show_bug.cgi?id=174393
        <rdar://problem/33248006>

        Reviewed by Chris Fleizach.

        Used the existing findClosestPlainText function to search the range on iOS.
        Also exposed a function on the iOS wrapper to return the selection rects of
        the result range from the searching. 

        Test: accessibility/ios-simulator/text-marker-range-matches-text.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::visiblePositionForPositionWithOffset):
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
        * accessibility/AXObjectCache.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219409.

        The revision caused the Windows builds to fail.

        Reverted changeset:

        "AX: [iOS] Implement a way to retrieve a text marker range
        with desired text that is closest to a position"
        https://bugs.webkit.org/show_bug.cgi?id=174393
        http://trac.webkit.org/changeset/219409

2017-07-12  Alicia Boya García  <aboya@igalia.com>

        [FreeType] Enable BCI on webfonts
        https://bugs.webkit.org/show_bug.cgi?id=174403

        Reviewed by Michael Catanzaro.

        The FreeType BCI hinter used to be disabled on webfonts in favor of
        the autohinter.

        FreeType BCI hinter has improved considerably in the past and now most
        other browsers enable it too. Given the old reasons no longer apply,
        the BCI has now been enabled in order to get better text rendering when
        embedded hints are available.

        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::FontCustomPlatformData):

2017-07-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219361.
        https://bugs.webkit.org/show_bug.cgi?id=174434

        Huge PLUM memory regression on iOS (Requested by kling on
        #webkit).

        Reverted changeset:

        "[WebIDL] Convert MutationCallback to be a normal generate
        callback"
        https://bugs.webkit.org/show_bug.cgi?id=174140
        http://trac.webkit.org/changeset/219361

2017-07-12  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] a capture source failure should end the MediaStreamTrack
        https://bugs.webkit.org/show_bug.cgi?id=174375

        Reviewed by Youenn Fablet.

        Test: fast/mediastream/media-stream-track-source-failure.html

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::captureFailed): New, signal observers that the source has ended.
        * platform/mediastream/RealtimeMediaSource.h:

        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::setupSession): Call captureFailed if setupCaptureSession fails.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::setupCaptureSession): Return false on failure.
        (WebCore::AVVideoCaptureSource::shutdownCaptureSession): Delete unused instance variable.
        (WebCore::AVVideoCaptureSource::processNewFrame): Ditto.

        * testing/Internals.cpp:
        (WebCore::Internals::endMediaStreamTrackCaptureSource): Call track.source.captureFailed().
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-12  Timothy Hatcher  <timothy@hatcher.name>

        Improve font matching with FontConfig and FreeType
        https://bugs.webkit.org/show_bug.cgi?id=174374

        Reviewed by Michael Catanzaro.

        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::createFontPlatformData): Loop through all family name matches from FcFontMatch.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Reactivate audio ducking when restarting the shared unit
        https://bugs.webkit.org/show_bug.cgi?id=174428

        Reviewed by Eric Carlson.

        Currently, when another application ducks WebKit, there is no other way than to quit the UIProcess and restart it.
        By again audio ducking when starting the audio unit, reloading the page will be enough.
        Testing by launching a tab with audio capture and audio playing.
        Then make a FaceTime call and hear the tab volume go down.
        End the call to FaceTime and the tab volume remains low.
        Reload the tab and the volume has a normal level.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::setupAudioUnit):
        (WebCore::CoreAudioSharedUnit::startInternal):

2017-07-12  Antoine Quint  <graouts@apple.com>

        Playback controls should not hide while AirPlay is active
        https://bugs.webkit.org/show_bug.cgi?id=174422
        <rdar://problem/33011477>

        Reviewed by Eric Carlson.

        We now also track changes in AirPlay playback status and account for it when identifying whether we
        ought to let media controls automatically hide, which should only happen if the media is playing and
        not playing back through AirPlay.

        * Modules/modern-media-controls/media/controls-visibility-support.js:
        (ControlsVisibilitySupport.prototype.get mediaEvents):
        (ControlsVisibilitySupport.prototype._updateControls):
        (ControlsVisibilitySupport):

2017-07-12  Daniel Bates  <dabates@apple.com>

        Attempt to fix the build following <https://trac.webkit.org/changeset/219407>
        (https://bugs.webkit.org/show_bug.cgi?id=174386)

        Fix bad merge after <https://trac.webkit.org/changeset/219404>.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoader.h:

2017-07-12  Nan Wang  <n_wang@apple.com>

        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
        https://bugs.webkit.org/show_bug.cgi?id=174393
        <rdar://problem/33248006>

        Reviewed by Chris Fleizach.

        Used the existing findClosestPlainText function to search the range on iOS.
        Also exposed a function on the iOS wrapper to return the selection rects of
        the result range from the searching. 

        Test: accessibility/ios-simulator/text-marker-range-matches-text.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::visiblePositionForPositionWithOffset):
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
        * accessibility/AXObjectCache.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):

2017-07-12  Daniel Bates  <dabates@apple.com>

        NavigationAction should track whether the navigation was initiated by the main frame
        https://bugs.webkit.org/show_bug.cgi?id=174386
        <rdar://problem/33245267>

        Reviewed by Brady Eidson.

        Although we added state to NavigationAction to track whether the navigation was
        initiated by the main frame in r219170 it is not possible to initialize this state
        when instantiating a NavigationAction. Having NavigationAction track this state
        will be useful to ensure that we can always compute the source frame information
        when asking the embedding client whether to allow a navigation. We will make use
        of it in the fix for <https://bugs.webkit.org/show_bug.cgi?id=174385>.

        No behavior changed. So, no new tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL): Pass whether the load was initiated by the main frame
        when instantiating the NavigationAction.
        (WebCore::FrameLoader::load): For now, pass InitiatedByMainFrame::Unknown when instantiating
        the NavigationAction as we do not know if the load was initiated by the main frame.
        (WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
        (WebCore::FrameLoader::reload): Ditto
        (WebCore::FrameLoader::loadDifferentDocumentItem): Ditto.
        (WebCore::createWindow): Pass whether the load was initiated by the main frame when
        instantiating the NavigationAction.
        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction): Modified to take argument of type InitiatedByMainFrame
        that indicates whether the navigation was initiated by the main frame.
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): For now, pass InitiatedByMainFrame::Unknown
        when instantiating the NavigationAction as we do not know if the load was initiated by the
        main frame.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow): Pass whether the load was initiated by the main frame when
        instantiating the NavigationAction.

2017-07-12  Daniel Bates  <dabates@apple.com>

        Rename NavigationInitiatedByMainFrame to InitiatedByMainFrame
        https://bugs.webkit.org/show_bug.cgi?id=174427

        Rubber-stamped by Brady Eidson.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::initiatedByMainFrame):
        (WebCore::FrameLoadRequest::navigationInitiatedByMainFrame): Deleted.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::shouldOpenExternalURLsPolicyToApply):
        (WebCore::applyShouldOpenExternalURLsPolicyToNewDocumentLoader):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoader.h:
        * loader/FrameLoaderTypes.h:
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::initiatedByMainFrame):
        (WebCore::NavigationAction::navigationInitiatedByMainFrame): Deleted.
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::initiatedByMainFrame):
        (WebCore::NavigationScheduler::scheduleLocationChange):
        (WebCore::ScheduledNavigation::navigationInitiatedByMainFrame): Deleted.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219401.

        This revision rolled out the previous patch, but after talking
        with reviewer, a rebaseline is what was needed.Rolling back in
        before rebaseline.

        Reverted changeset:

        "Unreviewed, rolling out r219379."
        https://bugs.webkit.org/show_bug.cgi?id=174400
        http://trac.webkit.org/changeset/219401

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219379.

        This revision caused a consistent failure in the test
        fast/dom/Window/property-access-on-cached-window-after-frame-
        removed.html.

        Reverted changeset:

        "Remove NAVIGATOR_HWCONCURRENCY"
        https://bugs.webkit.org/show_bug.cgi?id=174400
        http://trac.webkit.org/changeset/219379

2017-07-12  Zalan Bujtas  <zalan@apple.com>

        Paginated mode: Infinite recursion in RenderTable::layout
        https://bugs.webkit.org/show_bug.cgi?id=174413

        Reviewed by Simon Fraser.

        This patch is a workaround for avoiding infinite recursion when the table layout does not stabilize.
        Apparently we leak some context (computed padding in this case) from the current to the subsequent layout.
        The subsequent layouts always end up producing different line heights for some of the cells in the <thead>.
        In paginated mode, when the section moves (<thead>, <tbody> etc) we call layout again recursively.
        This could lead to infinite recursion for unstable table layout.

        Unable to come up with a reduction yet.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):
        * rendering/RenderTable.h:

2017-07-12  Youenn Fablet  <youenn@apple.com>

        WebRTC: Incorrect sdpMLineIndex for video breaks Firefox interop
        https://bugs.webkit.org/show_bug.cgi?id=173530

        Reviewed by Alex Christensen.

        Test: webrtc/ice-candidate-sdpMLineIndex.html

        Reading missing parameter from libwebrtc backend and setting it when firing the RTCIceCandidate event.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::disableICECandidateFiltering):
        (WebCore::PeerConnectionBackend::newICECandidate):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::OnIceCandidate):

2017-07-12  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC PKCS#8 exports
        https://bugs.webkit.org/show_bug.cgi?id=173648

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 export operation for EC keys for platforms that use
        libgcrypt.

        First, the `ECParameters` and the `ECPrivateKey` ASN.1 structures are created
        and filled out accordingly. For the former, the appropriate object identifier
        is written under the `namedCurve` element of the structure. For the latter, we
        write out '1' under `version`, and eliminate the optional `parameters` element.
        An libgcrypt EC context is then used to retrieve the private and public key
        MPIs that are then written out under the `privateKey` and `publicKey` elements,
        respectively.

        After that, we can proceed to create and fill out the `PrivateKeyInfo` structure.
        0 is written out under the `version` element, and the id-ecPublicKey object
        identifier is written out under the `privateKeyAlgorithm.algorithm` element. This
        doesn't strictly follow the specification, since the id-ecDH identifier should be
        used for ECDH keys, but no test in WebKit or the web-platform-tests suite covers
        this, so this specific detail should be revisited later.

        Data of the previously-constructed `ECParameters` structure is retrieved and
        written out under the `privateKeyAlgorithm.parameters` element. Similarly is done
        for the `ECPrivateKey` structure, writing out its data under the `privateKey`
        element. Finally, the optional `attributes` element of the `PrivateKeyInfo`
        structure is eliminated, and the encoded data of this structure is retrieved and
        returned.

        No new tests -- relevant tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::CryptoKeyEC::platformExportPkcs8):

2017-07-12  Zan Dobersek  <zdobersek@igalia.com>

        [WPE] Use libepoxy
        https://bugs.webkit.org/show_bug.cgi?id=172104

        Reviewed by Michael Catanzaro.

        No new tests -- no changes in behavior.

        Implement the proper libepoxy header inclusion for ports that enable it.

        The library acts as a loading facility working on top of the system-provided
        OpenGL and EGL libraries, with the headers providing a complete collection of
        specification-defined OpenGL and EGL types, constants and entrypoints.

        Support is added through the USE(LIBEPOXY) build guard. Note that this guard
        isn't exclusive with USE(OPENGL), USE(OPENGL_ES_2) or USE(EGL), so the
        USE(LIBEPOXY) condition is tested before those.

        In case of OpenGL headers, the <epoxy/gl.h> header is included, and in
        case of EGL headers, the <epoxy/egl.h> header. <epoxy/egl.h> includes
        <epoxy/gl.h> on its own, so in some cases the inclusion of the latter is
        omitted.

        EpoxyShims.h header is added, doing a job similar to OpenGLESShims.h. The
        EXT-suffixed GL entrypoints are redefined to the non-suffixed versions.
        No suffixed constants are defined because those are defined by the libepoxy
        headers to the well-known values.

        * CMakeLists.txt:
        * PlatformWPE.cmake:
        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/EpoxyShims.h: Added.
        * platform/graphics/GLContext.cpp:
        (WebCore::initializeOpenGLShimsIfNeeded):
        * platform/graphics/GraphicsContext3DPrivate.cpp:
        * platform/graphics/PlatformDisplay.cpp:
        * platform/graphics/cairo/CairoUtilities.cpp:
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::create):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        * platform/graphics/egl/GLContextEGL.cpp:
        * platform/graphics/egl/GLContextEGLWPE.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLES.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        * platform/graphics/opengl/TemporaryOpenGLSetting.cpp:
        * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp:
        * platform/graphics/wpe/PlatformDisplayWPE.cpp:

2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        ImageDecoder: Gifs with infinite animation only play once very often
        https://bugs.webkit.org/show_bug.cgi?id=173403

        Reviewed by Michael Catanzaro.

        It doesn't always happen, it's easier to reproduce when loading big files from the network, but it also depends
        on every file. The problem is that ImageFrameCache is caching the repetition count value always when the size is
        already available. In the case of gif files, the loop count value can be at any point of the image stream, so
        having the size available doesn't mean we also have the loop count. So, if the value is queried before it's
        available, the default value is cached (repeat once) and then always used. We should clear the cached value when
        new data is added to the decoder, like we do with other cached values that can change when more data is decoded.

        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::clearMetadata): Clear m_repetitionCount.

2017-07-12  Adrian Perez de Castro  <aperez@igalia.com>

        [SOUP] Do not use C linkage for functions using C++ features
        https://bugs.webkit.org/show_bug.cgi?id=174392

        Reviewed by Michael Catanzaro.

        No new tests because there is no behavior change.

        * platform/network/soup/WebKitSoupRequestGeneric.h: Move G_END_DECLS
        to leave functions which use C++ features outside of the block it
        delimits.

2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
        https://bugs.webkit.org/show_bug.cgi?id=174161

        Reviewed by Michael Catanzaro.

        It seems selection data could contain an empty string, in which case gtk_selection_data_get_data() returns a
        valid pointer, but gtk_selection_data_get_length() returns 0. When this happens we end up trying to split an
        empty string resulting in an empty vector, but we unconditionally access the first element of the vector.

        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::selectionDataToUTF8String): Return a null string in case selection data length is 0.
        (WebCore::PasteboardHelper::fillSelectionData): Return early if selection data length is 0, instead of checking
        the selection data pointer.

2017-07-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][WPE] Enable FILE_LOCK and implement lockFile and unlockFile
        https://bugs.webkit.org/show_bug.cgi?id=174357

        Reviewed by Michael Catanzaro.

        Implement lockFile and unlockFile using flock().

        * PlatformWPE.cmake:
        * platform/glib/FileSystemGlib.cpp:
        (WebCore::lockFile):
        (WebCore::unlockFile):

2017-07-11  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use FastAllocator in STL containers
        https://bugs.webkit.org/show_bug.cgi?id=174366

        Rubber stamped by Sam Weinig.

        This patch uses FastAllocator for STL containers including std::set and std::map.
        STL can take a template parameter to be used as allocator for containers.
        We prepare FastAllocator, which uses fastMalloc for allocation.
        This allows us to use bmalloc (if supported) for STL containers which offers
        functionalities that is not supported in WTF containers.

        * Modules/indexeddb/IDBKeyData.h:
        * Modules/indexeddb/server/IndexValueEntry.cpp:
        (WebCore::IDBServer::IndexValueEntry::IndexValueEntry):
        (WebCore::IDBServer::IndexValueEntry::Iterator::Iterator):
        (WebCore::IDBServer::IndexValueEntry::reverseFind):
        * Modules/indexeddb/server/IndexValueEntry.h:
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::lowestIteratorInRange):
        (WebCore::IDBServer::IndexValueStore::highestReverseIteratorInRange):
        (WebCore::IDBServer::IndexValueStore::Iterator::Iterator):
        * Modules/indexeddb/server/IndexValueStore.h:
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreCleared):
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::replaceKeyValueStore):
        (WebCore::IDBServer::MemoryObjectStore::addRecord):
        (WebCore::IDBServer::MemoryObjectStore::updateCursorsForPutRecord):
        * Modules/indexeddb/server/MemoryObjectStore.h:
        (WebCore::IDBServer::MemoryObjectStore::orderedKeys):
        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setFirstInRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setForwardIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setReverseIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementForwardIterator):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):
        * Modules/indexeddb/server/MemoryObjectStoreCursor.h:
        * Modules/mediasource/SampleMap.h:
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::deferTestsForReason):
        (WebCore::dumpState):
        * page/WheelEventTestTrigger.h:
        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::enumToStringMap):
        * rendering/OrderIterator.h:

2017-07-11  Per Arne Vollan  <pvollan@apple.com>

        [Win] Build error when building WebKit.dll from WebKit.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174410

        Reviewed by Brent Fulgham.

        Copy required header files to forwarding headers folder.

        * PlatformWin.cmake:

2017-07-11  Dean Jackson  <dino@apple.com>

        Remove NAVIGATOR_HWCONCURRENCY
        https://bugs.webkit.org/show_bug.cgi?id=174400

        Reviewed by Sam Weinig.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Removed.

2017-07-11  Youenn Fablet  <youenn@apple.com>

        RealtimeOutgoingAudioSource should not push more audio data if the WebRTC thread is not able to process it
        https://bugs.webkit.org/show_bug.cgi?id=174383

        Reviewed by Eric Carlson.

        This patch adds support to check for pending-processing audio data.
        If the amount of audio data is bigger than a high water mark of 0.5 seconds,
        we stop pushing new audio data until buffered audio data is lower than a low water mark of 0.1 seconds.
        Patch is tested by adding breakpoints to trigger the high water mark, verifying that low water mark is triggered
        and receiving audio is fine on the other connection endpoint.

        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataHighLimit):
        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataLowLimit):
        (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:

2017-07-11  Dean Jackson  <dino@apple.com>

        Rolling out r219372.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency):
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Added.

2017-07-11  Dean Jackson  <dino@apple.com>

        Remove NAVIGATOR_HWCONCURRENCY
        https://bugs.webkit.org/show_bug.cgi?id=174400

        Reviewed by Sam Weinig.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Removed.

2017-07-11  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] CryptoKeyECMac::Custom OpenSSL tag is actually tagged type [1]
        https://bugs.webkit.org/show_bug.cgi?id=174382
        <rdar://problem/33244871>

        Reviewed by Brent Fulgham.

        No change of behaviour.

        * crypto/mac/CryptoKeyECMac.cpp:
        (WebCore::CryptoKeyEC::platformImportPkcs8):
        (WebCore::CryptoKeyEC::platformExportPkcs8):
        Replace CustomECParameters with TaggedType1 according to X.690(08/2015) section 8.14:
        https://www.itu.int/rec/T-REC-X.690-201508-I/en
        and RFC 5915 Appendix A:
        http://www.ietf.org/rfc/rfc5915.txt.

2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r219045): The <body> element does not get repainted when its background image finishes decoding
        https://bugs.webkit.org/show_bug.cgi?id=174376

        Reviewed by Simon Fraser.

        When adding a CachedImageClient to CachedImage::m_pendingImageDrawingClients
        and the CachedImageClient is not one of the CachedImage::m_clients, we
        should cancel the repaint optimization in CachedImage::imageFrameAvailable().
        This can be done by adding all the CachedImage::m_clients to CachedImage::
        m_pendingImageDrawingClients.

        Test: fast/images/async-image-body-background-image.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::addPendingImageDrawingClient):

2017-07-11  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix Windows build after r219355.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::addCrossOriginWindowPropertyNames):
        (WebCore::addCrossOriginWindowOwnPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):
        (WebCore::addCrossOriginPropertyNames): Deleted.
        (WebCore::addCrossOriginOwnPropertyNames): Deleted.
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::addCrossOriginLocationPropertyNames):
        (WebCore::addCrossOriginLocationOwnPropertyNames):
        (WebCore::JSLocation::getOwnPropertyNames):
        (WebCore::addCrossOriginPropertyNames): Deleted.
        (WebCore::addCrossOriginOwnPropertyNames): Deleted.

2017-07-10  Sam Weinig  <sam@webkit.org>

        [WebIDL] Convert MutationCallback to be a normal generate callback
        https://bugs.webkit.org/show_bug.cgi?id=174140

        Reviewed by Chris Dumez.

        To make this work more nicely, I:
        - Added the ability to for non-nullable interfaces in sequences to be passed
          via a Ref<> rather than a RefPtr<> as a parameter to a callback function.
          (e.g. callback MyCallback = void (sequence<Foo> foos) will now have the 
          signature, CallbackResult<void> handleEvent(const Vector<Ref<Foo>>&) rather
          than CallbackResult<void> handleEvent(const Vector<RefPtr<Foo>>&).
        - Added a new extended attribute for callback functions called [CallbackNeedsCanInvoke]
          that adds a virtual function called canInvoke() to the generated callback.
          All it does is forward to ActiveDOMCallback's canInvokeCallback, but it
          allows the implementation to get to it. We may one day want to move the 
          inheritance of ActiveDOMCallback from the generated source to the base class.
        - Added a new extended attribute for callback functions called [CallbackThisObject=Type]
          which allows you to specify that the callback needs a this object in addition
          to its arguments. When specified, the first argument of the C++ implementation
          function will now correspond to the this object, with the remaining arguments
          shifted over one.

        * DerivedSources.make:
        Add MutationCallback.

        * WebCore.xcodeproj/project.pbxproj:
        Remove non-generated JSMutationCallback.cpp, and add generated JSMutationCallback.cpp.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::filterDeviceList):
        (WebCore::MediaDevicesRequest::start):
        * Modules/mediastream/MediaDevicesRequest.h:
        Switch to using Ref.

        * bindings/IDLTypes.h:
        Add InnerParameterType and NullableInnerParameterType type hooks
        and specialize wrappers to use Ref for InnerParameterType, and RefPtr
        for NullableInnerParameterType.

        * bindings/js/JSCallbackData.cpp:
        * bindings/js/JSCallbackData.h:
        Add support for passing a this object.

        * bindings/js/JSMutationCallback.cpp: Removed.
        * bindings/js/JSMutationCallback.h: Removed.
        Remove custom callback code.

        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver): Deleted.
        Remove no longer needed custom constructor.

        * bindings/scripts/CodeGenerator.pm:
        (ParseType):
        Add helper to parse a type and cache the result.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallbackHeaderContent):
        (GenerateCallbackImplementationContent):
        Add support for [CallbackNeedsCanInvoke] and [CallbackThisObject]. When [CallbackThisObject]
        is not specified, use jsUndefined() as the this object as specified by WebIDL.

        * bindings/scripts/IDLAttributes.json:
        Add [CallbackNeedsCanInvoke] and [CallbackThisObject].

        * bindings/scripts/IDLParser.pm:
        (ParseType):
        Add entry point to parse a single type.

        * css/FontFaceSet.h:
        Switch to using Ref.

        * dom/MutationCallback.h:
        Update signatures.

        * dom/MutationCallback.idl: Added.
    
        * dom/MutationObserver.cpp:
        (WebCore::MutationObserver::canDeliver):
        (WebCore::MutationObserver::deliver):
        Switch to new signatures.

        * dom/MutationObserver.idl:
        Remove CustomConstructor.

        * page/IntersectionObserverCallback.h:
        Switch to using Ref.

        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.cpp: Added.
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.h: Added.
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        Add / update bindings tests.

2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>

        RenderImage should not add itself as a RelevantRepaintedObject if its image frame is being decoded
        https://bugs.webkit.org/show_bug.cgi?id=174336

        Reviewed by Simon Fraser.

        Since nothing will be drawn till the image frame finishes decoding we should
        treat returning ImageDrawResult::DidRequestDecoding from BitmapImage::draw
        the same as we do when the image is still loading.

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderImage.h:

2017-07-11  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Hanging under LibWebRTCMediaEndpoint::getStats
        https://bugs.webkit.org/show_bug.cgi?id=174377

        Reviewed by Eric Carlson.

        No change of behavior.
        Moving calls to libwebrtc getStats in the signalling thread since doing it in the main thread
        would block the main thread until the signalling thread is ready to handle getStats.
        Reducing stat logging since this may be too much for some devices.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::getStats):
        (WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging):
        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered):
        (WebCore::LibWebRTCMediaEndpoint::startLoggingStats):

2017-07-11  Michael Catanzaro  <mcatanzaro@igalia.com>

        Remove unused OpenGL files
        https://bugs.webkit.org/show_bug.cgi?id=174371

        Reviewed by Timothy Hatcher.

        * platform/graphics/opengl/GLPlatformContext.cpp: Removed.
        * platform/graphics/opengl/GLPlatformContext.h: Removed.
        * platform/graphics/opengl/GLPlatformSurface.h: Removed.

2017-07-11  Chris Dumez  <cdumez@apple.com>

        Window's [[OwnPropertyKeys]] is wrong for cross origin windows
        https://bugs.webkit.org/show_bug.cgi?id=174364
        <rdar://problem/33238056>

        Reviewed by Brent Fulgham.

        Window's [[OwnPropertyKeys]] should not list descendant frame names
        when the window is cross-origin:
        - https://github.com/whatwg/html/pull/2777

        This aligns our behavior with Firefox and Chrome.

        No new tests, updated existing test.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::addCrossOriginPropertyNames):
        (WebCore::addCrossOriginOwnPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):

2017-07-11  Timothy Hatcher  <timothy@hatcher.name>

        Fix broken build when ENABLE_VIDEO is disabled.
        https://bugs.webkit.org/show_bug.cgi?id=174368

        Reviewed by Alex Christensen.

        * dom/Document.cpp:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::texSubImage2D):
        (WebCore::WebGLRenderingContextBase::texImage2D):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::mediaResponseSources):
        (WebCore::Internals::mediaResponseContentRanges):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-11  Ali Juma  <ajuma@chromium.org>

        elementFromPoint() should consider x and y to be in client (layout viewport) coordinates
        https://bugs.webkit.org/show_bug.cgi?id=172019

        Reviewed by Simon Fraser.

        When visual viewports are enabled, this makes TreeScope::nodeFromPoint consider its
        input to be in client coordinates, and clips this input to the layout viewport. This change
        affects the behavior of document.elementFromPoint() and document.caretRangeFromPoint.

        No new tests. Modified an existing test, and made a previously-failing test pass on ios.

        * dom/TreeScope.cpp:
        (WebCore::TreeScope::nodeFromPoint):
        * page/FrameView.cpp:
        (WebCore::FrameView::layoutViewportToAbsoluteRect):
        (WebCore::FrameView::layoutViewportToAbsolutePoint):
        (WebCore::FrameView::clientToLayoutViewportPoint):
        * page/FrameView.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTest):

2017-07-11  Timothy Hatcher  <timothy@hatcher.name>

        Broken build when !USE(REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR)
        https://bugs.webkit.org/show_bug.cgi?id=174369

        Reviewed by Alex Christensen.

        * dom/ScriptedAnimationController.h: Include PlatformScreen.h.

2017-07-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        Address post-review feedback after http://trac.webkit.org/r219310
        https://bugs.webkit.org/show_bug.cgi?id=174300
        <rdar://problem/33030639>

        Reviewed by Simon Fraser.

        Removes pan-gesture-related plumbing introduced in r219310 that is no longer necessary.

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeWillStartPanGesture):
        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture): Deleted.

2017-07-11  Alex Christensen  <achristensen@webkit.org>

        Reduce URL size
        https://bugs.webkit.org/show_bug.cgi?id=174319

        Reviewed by Andreas Kling.

        m_fragmentEnd is redundant information. If a URL is valid, then it is always m_string.length().
        If a URL is not valid, then it is always 0. Rather than storing additional information,
        deduce the fragment end from the validity of the URL and the String's length.

        No change in behavior.  This reduces sizeof(URL) from 56 to 48 and reduces operations when parsing.

        * platform/URL.cpp:
        (WebCore::URL::invalidate):
        (WebCore::URL::fragmentIdentifier):
        (WebCore::URL::hasFragmentIdentifier):
        (WebCore::URL::removeFragmentIdentifier):
        * platform/URL.h:
        (WebCore::URL::encode):
        (WebCore::URL::decode):
        (WebCore::URL::hasFragment):
        * platform/URLParser.cpp:
        (WebCore::URLParser::urlLengthUntilPart):
        (WebCore::URLParser::copyURLPartsUntil):
        (WebCore::URLParser::parse):
        (WebCore::URLParser::allValuesEqual):
        (WebCore::URLParser::internalValuesConsistent):

2017-07-11  Alex Christensen  <achristensen@webkit.org>

        SharedBuffer::size should return a size_t
        https://bugs.webkit.org/show_bug.cgi?id=174328

        Reviewed by Andreas Kling.

        No change in behaviour.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::createTemplateDocumentData):
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::handleProvisionalLoadFailure):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::loadDataURL):
        * loader/ResourceLoader.h:
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::ApplicationCacheStorage::store):
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::script):
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::tryCreateArrayBuffer):
        * platform/SharedBuffer.h:

2017-07-11  Per Arne Vollan  <pvollan@apple.com>

        [Win] Build error when building WebCore from WebCore.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174330

        Reviewed by Brent Fulgham.

        The CMake variable PAL_DIR should be set in the project file.

        * WebCore.vcxproj/WebCore.proj:

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-11  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [GTK] Spin buttons on input type number appear over the value itself for small widths
        https://bugs.webkit.org/show_bug.cgi?id=173572

        Reviewed by Carlos Garcia Campos.

        When drawing the spin buttons, override the width of the input
        element to increment it with the width of the spin button.
        This ensures that we don't end up covering the input values with
        the spin buttons.

        Do this also for user controlled styles, because most web authors
        won't test how their site renders on WebKitGTK+, and they will
        assume spin buttons in the order of 13 pixels wide (that is what
        most browsers use), but the GTK+ spin button is much wider (66 pixels).

        Test: platform/gtk/fast/forms/number/number-size-spinbutton-nocover.html

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::adjustTextFieldStyle): Call the theme's adjustTextFieldStyle() also for user controlled styles.
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):

2017-07-11  Youenn Fablet  <youenn@apple.com>

        We should do ICE candidate filtering at the Document level
        https://bugs.webkit.org/show_bug.cgi?id=173861
        <rdar://problem/33122058>

        Reviewed by Eric Carlson.

        Tests: http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html
               http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html
               http/tests/webrtc/filtering-ice-candidate-same-origin-frame2.html
               webrtc/filtering-ice-candidate-after-reload.html

        Making UserMediaRequest disable the ICE candidate filtering for the page RTCController.
        All RTCPeerConnection of the page that are created on a document that are same-origin as the top document
        are now registered to the RTCController.
        This allows disabling filtering to only these RTCPeerConnection.

        The page keeps the default ICE candidate filtering policy.
        This policy allows disabling ICE candidate filtering for all RTCPeerConnection.

        When the top document is changing, the RTCController filtering policy is reset
        and its list of RTCPeerConnection is emptied.

        Internals no longer disables ICE candidate filtering by default.
        This allows finer grained testing.
        ICE candidate filtering is disabled for tests including testharnessreport.js
        to enable web-platform-tests to run without modifications.

        * Modules/mediastream/RTCController.cpp:
        (WebCore::RTCController::reset):
        * Modules/mediastream/RTCController.h:
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::allow):
        * page/Frame.cpp:
        (WebCore::Frame::setDocument):
        * page/Page.cpp:
        (WebCore::Page::disableICECandidateFiltering):
        * page/Page.h:
        (WebCore::Page::shouldEnableICECandidateFilteringByDefault):
        (WebCore::Page::disableICECandidateFiltering): Deleted.
        (WebCore::Page::enableICECandidateFiltering): Deleted.
        (WebCore::Page::isICECandidateFilteringEnabled): Deleted.
        * testing/Internals.cpp:
        (WebCore::Internals::Internals):
        (WebCore::Internals::setICECandidateFiltering):
        (WebCore::Internals::setEnumeratingAllNetworkInterfacesEnabled):
        (WebCore::Internals::isICECandidateFilteringEnabled): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-11  Sergio Villar Senin  <svillar@igalia.com>

        Unreviewed, rolling out r219325.

        The test is still flaky

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219325

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-10  Simon Fraser  <simon.fraser@apple.com>

        [WK2 iOS] REGRESSION (r216803) During momentum scroll, getBoundingClientRect returns wrong coordinates (missing images on pinterest, elle.com and many other sites)
        https://bugs.webkit.org/show_bug.cgi?id=174286
        rdar://problem/32864180

        Reviewed by Dean Jackson.

        r216803 made getBoundingClientRects relative to the layout viewport, but when scrolling we
        only update that on stable viewport updates (at the end of the scroll). This meant that during
        unstable updates, getBoundingClientRects() used a "frozen" viewport origin so things on-screen
        would appear to be off-screen, causing sites to fail to dynamically load images etc. when
        scrolling.

        Fix by pushing an optional "unstable" layout viewport rect onto FrameView, which gets used by
        FrameView::documentToClientOffset(). This is cleared when we do a stable update.

        This is a short-term solution. Longer term, I would prefer to always call setLayoutViewportOverrideRect(),
        but fix the scrolling tree logic to work correctly in this case.

        Add a bit more scrolling logging.

        Test: fast/visual-viewport/ios/get-bounding-client-rect-unstable.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setUnstableLayoutViewportRect):
        (WebCore::FrameView::documentToClientOffset):
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
        * page/scrolling/ScrollingStateFixedNode.cpp:
        (WebCore::ScrollingStateFixedNode::updateConstraints):
        (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):

2017-07-10  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Prune statistics in orders of importance
        https://bugs.webkit.org/show_bug.cgi?id=174215
        <rdar://problem/33164403>

        Reviewed by Chris Dumez.

        Test: http/tests/loading/resourceLoadStatistics/prune-statistics.html

        * loader/ResourceLoadObserver.cpp:
        (WebCore::reduceTimeResolution):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
            Now all set the new statistics field lastSeen.
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
            Handling of the new statistics field lastSeen.
        * loader/ResourceLoadStatistics.h:

2017-07-10  Devin Rousso  <drousso@apple.com>

        Web Inspector: Highlight matching CSS canvas clients when hovering contexts in the Resources tab
        https://bugs.webkit.org/show_bug.cgi?id=174279

        Reviewed by Matt Baker.

        Test: inspector/dom/highlightNodeList.html

        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::highlightNodeList):

2017-07-10  Javier Fernandez  <jfernandez@igalia.com>

        [css-align][css-flex][css-grid] 'auto' values of align-self and justify-self must not be resolved
        https://bugs.webkit.org/show_bug.cgi?id=172707

        Reviewed by Antti Koivisto.

        The CSS Box Alignment specification has been changed recently so that
        now all the propeties have the specificed value as computed value. The
        rationale of this change are at the associated W3C github issue [1].

        This change implies that we don't need to execute the StyleAdjuter
        logic we implemented specifically for supporting 'auto' values
        resolution for computed style. We can live now with resolution at
        layout time only.

        [1] https://github.com/w3c/csswg-drafts/issues/440

        No new tests, just updating the already defined tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle): Removed
        * css/StyleResolver.h:
        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerElement::resolveCustomStyle):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::columnFlexItemHasStretchAlignment):
        (WebCore::RenderBox::hasStretchedLogicalWidth):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::styleDidChange): Added
        (WebCore::RenderFlexibleBox::alignmentForChild):
        * rendering/RenderFlexibleBox.h:

2017-07-10  Wenson Hsieh  <wenson_hsieh@apple.com>

        [WK2] Ignore touch events that interrupt platform-driven momentum scrolling
        https://bugs.webkit.org/show_bug.cgi?id=174300
        <rdar://problem/33030639>

        Reviewed by Simon Fraser.

        See Source/WebKit2/ChangeLog for more detail.

        Tests: fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-mainframe.html
               fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-overflow.html
               fast/events/ios/touch-events-during-scroll-deceleration-in-overflow.html

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture):

2017-07-10  Jeremy Jones  <jeremyj@apple.com>

        Captions and subtitles not showing up in picture-in-picture for MSE content
        https://bugs.webkit.org/show_bug.cgi?id=174317
        rdar://problem/33188591

        Reviewed by Eric Carlson.

        Reverts a regression created by r218403.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):

2017-07-10  Per Arne Vollan  <pvollan@apple.com>

        [Win] Link error when building WTF from WTF.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174316
        <rdar://problem/33178200>

        Reviewed by Brent Fulgham.

        WTF_CPU_X86 cmake variable needs to be set for link libraries directories to be correct.

        * WebCore.vcxproj/WebCore.proj:

2017-07-10  Jeremy Jones  <jeremyj@apple.com>

        media element handle adding source immediately before src.
        https://bugs.webkit.org/show_bug.cgi?id=174284
        rdar://problem/33115439

        Reviewed by David Kilzer.

        Test: media/video-source-before-src.html

        Adding a source causes a selectMediaResource block to be enqueued.
        If dataLoadingPermitted prevents creating the m_player but sets the srcAttr, then
        the enqueued selectMediaResource will be in a bad state, with a srcAttr but no m_player.

        This fix prevents selectMediaResource from being called, if data loading is not permitted
        when adding a source element, to match how it prevents player creation when setting srcAttr.

        This fix also adds a debug assert to catch the problem earlier and adds an early return to
        prevent the crash in release builds.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::selectMediaResource):
        (WebCore::HTMLMediaElement::sourceWasAdded):

2017-07-10  Megan Gardner  <megan_gardner@apple.com>

        Add location to NavigationActionData
        https://bugs.webkit.org/show_bug.cgi?id=174233
        <rdar://problem/29165518>

        Reviewed by Simon Fraser.
        
        Add the root view location of a tap to a NavigationAction to vend to Safari.

        Test: small enough change to not be tested alone.

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::absoluteLocationConvertedToRootView):
        * dom/MouseRelatedEvent.h:

2017-07-10  Sam Weinig  <sam@webkit.org>

        [WebIDL] Move plugin object customization into the generator
        https://bugs.webkit.org/show_bug.cgi?id=174238

        Reviewed by Chris Dumez.

        - Added [Plugin] extended attribute to forward the necessary hooks
          for get/set/delete to the plugin code.
        - Removed [CustomNamedSetter] and replaced it's remaining uses
          [CustomPut] (formally called [CustomPutFunction]).
        - Renamed [CustomNamedGetterOnPrototype] to [CustomPutOnPrototype]
          because that is actually what it does.
        - Removed [CustomGetOwnPropertySlotByIndex] and made 
          [CustomGetOwnPropertySlot] imply it, as the other custom hooks
          do.
        - Renamed [CustomEnumerateProperty] to [CustomGetOwnPropertyNames]
          to conform with other attribute names.
        - Renamed [CustomCall] to [CustomGetCallData] to conform with other 
          attribute names.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSHTMLAppletElementCustom.cpp: Removed.
        * bindings/js/JSHTMLEmbedElementCustom.cpp: Removed.
        * bindings/js/JSHTMLObjectElementCustom.cpp: Removed.
        Remove custom bindings.

        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::putCommon):
        (WebCore::JSCSSStyleDeclaration::put):
        (WebCore::JSCSSStyleDeclaration::putByIndex):
        (WebCore::JSCSSStyleDeclaration::putDelegate): Deleted.
        Use [CustomPut] rather than [CustomNamedSetter] to allow us
        to get rid of [CustomNamedSetter]. Reuse put delegate as
        common code to share between put and putByIndex.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::getOwnPropertySlotCommon):
        (WebCore::JSLocation::getOwnPropertySlot):
        (WebCore::JSLocation::getOwnPropertySlotByIndex):
        Replace [CustomGetOwnPropertySlotAndDescriptor] with [CustomGetOwnPropertySlot]
        which is more clear and reduces the number of variants of this hook override
        we need.

        (WebCore::putCommon):
        (WebCore::JSLocation::put):
        (WebCore::JSLocation::putByIndex):
        Use [CustomPut] rather than [CustomNamedSetter] to allow us
        to get rid of [CustomNamedSetter]. Reuse put delegate as
        common code to share between put and putByIndex.

        (WebCore::JSLocationPrototype::put):
        [CustomPutOnPrototype] (which weirdly used incorrectly be called 
        [CustomNamedGetterOnPrototype]) now works like [CustomPut] meaning
        you need to call Base.

        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::pluginElementPropertyGetter):
        (WebCore::pluginElementCustomGetOwnPropertySlot):
        (WebCore::pluginElementCustomPut):
        * bindings/js/JSPluginElementFunctions.h:
        (WebCore::pluginElementCustomGetOwnPropertySlot): Deleted.
        Remove templatized pluginElementCustomGetOwnPropertySlot, which was 
        completely unnecessary and merge its functionality into the out of
        line overload. Remove pluginElementPropertyGetter from the header,
        since it is only used in implementation, and unify the naming and
        argument position (JSHTMLElement* comes first) of the hooks.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateIndexedGetter):
        (GenerateNamedGetter):
        (GenerateGetOwnPropertySlot):
        (GenerateGetOwnPropertySlotByIndex):
        (GenerateGetOwnPropertyNames):
        (GeneratePut):
        (GeneratePutByIndex):
        (GenerateDeleteProperty):
        (GenerateDeletePropertyByIndex):
        (GenerateNamedDeleterDefinition):
        (InstanceOverridesGetOwnPropertySlot):
        (InstanceOverridesGetOwnPropertyNames):
        (InstanceOverridesPut):
        (InstanceOverridesDeleteProperty):
        (GenerateHeader):
        (GenerateImplementation):
        (GenerateGetCallData):
        (GeneratePluginCall):
        (GenerateLegacyCallerDefinitions):
        (GenerateLegacyCallerDefinition):
        (GeneratePrototypeDeclaration):
        (InstanceOverridesGetCallData):
        (HeaderNeedsPrototypeDeclaration):
        - Add support for [Plugin]
        - Remove support for [CustomNamedSetter]
        - Replace [CustomGetOwnPropertySlotByIndex] with [CustomGetOwnPropertySlot]
        - Replace [CustomEnumerateProperty] with [CustomGetOwnPropertyNames]
        - Replace [CustomPutFunction] with [CustomPut].
        - Make subroutine names more consistent (remove a few Definition suffixes)

        * bindings/scripts/IDLAttributes.json:
        Update for new / removed attributes.

        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestPluginInterface.cpp: Added.
        * bindings/scripts/test/JS/JSTestPluginInterface.h: Added.
        * bindings/scripts/test/TestInterface.idl:
        * bindings/scripts/test/TestPluginInterface.idl: Added.
        Update / add tests.

        * css/CSSStyleDeclaration.idl:
        * html/HTMLAppletElement.idl:
        * html/HTMLEmbedElement.idl:
        * html/HTMLObjectElement.idl:
        * page/DOMWindow.idl:
        * page/Location.idl:
        * storage/Storage.idl:
        Update for new / renamed attributes.

2017-07-03  Brian Burg  <bburg@apple.com>

        Web Replay: remove some unused code
        https://bugs.webkit.org/show_bug.cgi?id=173903

        Rubber-stamped by Joseph Pecoraro.

        * CMakeLists.txt:
        * Configurations/FeatureDefines.xcconfig:
        * DerivedSources.make:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::lastModified):
        (WebCore::Document::inputCursor): Deleted.
        (WebCore::Document::setInputCursor): Deleted.
        * dom/Document.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::willDispatchEventImpl):
        (WebCore::InspectorInstrumentation::willDispatchEventOnWindowImpl):
        (WebCore::InspectorInstrumentation::frameDetachedFromParentImpl):
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::sessionCreatedImpl): Deleted.
        (WebCore::InspectorInstrumentation::sessionLoadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::sessionModifiedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentCreatedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentCompletedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentLoadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentUnloadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::captureStartedImpl): Deleted.
        (WebCore::InspectorInstrumentation::captureStoppedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackStartedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackPausedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackHitPositionImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackFinishedImpl): Deleted.
        (WebCore::InspectorInstrumentation::replayAgentEnabled): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::sessionCreated): Deleted.
        (WebCore::InspectorInstrumentation::sessionLoaded): Deleted.
        (WebCore::InspectorInstrumentation::sessionModified): Deleted.
        (WebCore::InspectorInstrumentation::segmentCreated): Deleted.
        (WebCore::InspectorInstrumentation::segmentCompleted): Deleted.
        (WebCore::InspectorInstrumentation::segmentLoaded): Deleted.
        (WebCore::InspectorInstrumentation::segmentUnloaded): Deleted.
        (WebCore::InspectorInstrumentation::captureStarted): Deleted.
        (WebCore::InspectorInstrumentation::captureStopped): Deleted.
        (WebCore::InspectorInstrumentation::playbackStarted): Deleted.
        (WebCore::InspectorInstrumentation::playbackPaused): Deleted.
        (WebCore::InspectorInstrumentation::playbackFinished): Deleted.
        (WebCore::InspectorInstrumentation::playbackHitPosition): Deleted.
        * inspector/InspectorReplayAgent.cpp: Removed.
        * inspector/InspectorReplayAgent.h: Removed.
        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorReplayAgent): Deleted.
        (WebCore::InstrumentingAgents::setInspectorReplayAgent): Deleted.
        * page/EventHandler.h:
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::replayController): Deleted.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::synchronousScrollingReasons):
        (WebCore::ScrollingCoordinator::replaySessionStateDidChange): Deleted.
        * page/scrolling/ScrollingCoordinator.h:
        * platform/Logging.h:
        * plugins/DOMMimeTypeArray.cpp:
        (WebCore::DOMMimeTypeArray::getPluginData):
        * plugins/DOMPluginArray.cpp:
        (WebCore::DOMPluginArray::pluginData):
        * replay/AllReplayInputs.h: Removed.
        * replay/CapturingInputCursor.cpp: Removed.
        * replay/CapturingInputCursor.h: Removed.
        * replay/EventLoopInput.cpp: Removed.
        * replay/EventLoopInput.h: Removed.
        * replay/EventLoopInputDispatcher.cpp: Removed.
        * replay/EventLoopInputDispatcher.h: Removed.
        * replay/FunctorInputCursor.h: Removed.
        * replay/MemoizedDOMResult.cpp: Removed.
        * replay/MemoizedDOMResult.h: Removed.
        * replay/ReplayController.cpp: Removed.
        * replay/ReplayController.h: Removed.
        * replay/ReplayInputCreationMethods.cpp: Removed.
        * replay/ReplayInputDispatchMethods.cpp: Removed.
        * replay/ReplaySession.cpp: Removed.
        * replay/ReplaySession.h: Removed.
        * replay/ReplaySessionSegment.cpp: Removed.
        * replay/ReplaySessionSegment.h: Removed.
        * replay/ReplayingInputCursor.cpp: Removed.
        * replay/ReplayingInputCursor.h: Removed.
        * replay/SegmentedInputStorage.cpp: Removed.
        * replay/SegmentedInputStorage.h: Removed.
        * replay/SerializationMethods.cpp: Removed.
        * replay/SerializationMethods.h: Removed.
        * replay/WebInputs.json: Removed.

2017-07-10  Brady Eidson  <beidson@apple.com>

        Cleanup lifetime issues of UniqueIDBDatabase and IDBBackingStore.
        <rdar://problem/32908525> and https://bugs.webkit.org/show_bug.cgi?id=174244

        Reviewed by David Kilzer and Alex Christensen. 

        No targeted test possible, implicitly covered by all IDB tests.

        The original idea behind UniqueIDBDatabase lifetime was that they are ThreadSafeRefCounted and
        we take protector Refs when any operation that needs it alive is in flight.
        
        This added variability to their lifetime which made it difficult to enforce a few different 
        design invariants, namely:
            - UniqueIBDDatabase objects are always created and destroyed only on the main thread.
            - IDBBackingStore objects are always created and destroyed only on the database thread.
        
        This patch removes the ref counting and instead ties UniqueIDBDatabase lifetime to a
        std::unique_ptr that is owned by the IDBServer.
        
        Whenever any operations on the UniqueIDBDatabase are in flight it is kept alive by virtue
        of that unique_ptr in the IDBServer. Once a UniqueIDBDatabase is completely done with all of
        its work, the following happens:
            - On the main thread the IDBServer removes the unique_ptr owning the UniqueIDBDatabase
              from its map.
            - It hands the unique_ptr to the UniqueIDBDatabase itself, which schedules one final 
              database thread task.
            - That database thread task is to destroy the IDBBackingStore, kill its message queues,
              and then message back to the main thread for one final task.
            - That main thread task is to release the unique_ptr, resulting in destruction of the
              UniqueIDBDatabase object.
        
        This is safe, predictable, solves the lifetime issues that r218516 originally tried to solve,
        and solves the lifetime issues that r218516 introduced.

        (This patch also adds many more assertions to cover various design invariants throughout the
        lifecycle of a particular UniqueIDBDatabase)

        ASSERT that IDBBackingStores are only ever created and destroyed on the background thread:
        * Modules/indexeddb/server/IDBBackingStore.h:
        (WebCore::IDBServer::IDBBackingStore::~IDBBackingStore):
        (WebCore::IDBServer::IDBBackingStore::IDBBackingStore):
        
        Transition UniqueIDBDatabase ownership from a RefPtr to a std::unique_ptr:
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::getOrCreateUniqueIDBDatabase):
        (WebCore::IDBServer::IDBServer::closeAndTakeUniqueIDBDatabase):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
        (WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase): Deleted.
        * Modules/indexeddb/server/IDBServer.h:
        
        Make all the other changes mentioned above:
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): Bulk up on ASSERTs
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection): 
        (WebCore::IDBServer::UniqueIDBDatabase::performUnconditionalDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::didShutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::activateTransactionInBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        (WebCore::IDBServer::UniqueIDBDatabase::create): Deleted.

2017-07-10  Chris Dumez  <cdumez@apple.com>

        Further WebResourceLoadStatisticsStore / ResourceLoadStatisticsStore clean up
        https://bugs.webkit.org/show_bug.cgi?id=174301

        Reviewed by Brent Fulgham.

        Moved some generic file system utility functions down to platform's FileSystem.h.

        * platform/FileSystem.cpp:
        (WebCore::openAndLockFile):
        (WebCore::unlockAndCloseFile):
        * platform/FileSystem.h:

2017-07-10  Andreas Kling  <akling@apple.com>

        REGRESSION(r210226): Keyboard-focused element not preserved when navigating back through page cache, causing multiple elements to have focus
        https://bugs.webkit.org/show_bug.cgi?id=174302
        <rdar://problem/33204273>

        Reviewed by Antti Koivisto.

        Don't clear the active/hovered/focused elements when destroying the render tree,
        since we might need to reconstruct it later, and would like to remember which
        elements those were.

        Only the focused state actually stuck when going in and out of the page cache,
        but this patch removes all the element pointer clearing for consistency.

        Test: fast/history/page-cache-element-state-focused.html

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-07-10  Daniel Bates  <dabates@apple.com>

        REGRESSION (r218616): Cannot build WebCore for macOS 10.12 with macOS 10.13 SDK
        https://bugs.webkit.org/show_bug.cgi?id=173939

        Reviewed by Dan Bernstein.

        (The code in this change was either suggested or written by Dan Bernstein with a very
        minor adjustment to get it to build).

        Allow WebCore to link even though CTFontCreatePhysicalFontForCharactersWithLanguage() is
        undefined when building against the macOS 10.13 SDK targeting macOS 10.12. Let the dynamic
        linker resolve the undefined symbol.

        For completeness the SPI CTFontCreatePhysicalFontForCharactersWithLanguage() was removed
        from the macOS 10.13 SDK.

        * Configurations/WebCore.xcconfig: Tell the linker that CTFontCreatePhysicalFontForCharactersWithLanguage()
        can be undefined when building against macOS 10.13 or later SDK.
        * platform/spi/cocoa/CoreTextSPI.h: Annotate CTFontCreatePhysicalFontForCharactersWithLanguage()
        with its availability information.

2017-07-10  Zalan Bujtas  <zalan@apple.com>

        Block of text is missing in iBooks sample books.
        https://bugs.webkit.org/show_bug.cgi?id=174295
        <rdar://problem/32955620>

        Reviewed by Antti Koivisto.

        In the simple line layout context, translating y coordinate to a line index is
        normally just a (y / line height) operation. However in case of strut offsets (pagination)
        we need to take these extra paddings into account while resolving the line index.
        This patch fixes the boundary checking for a given line by using the font size only
        when the font is taller than the line.

        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::RunResolver::adjustLineIndexForStruts):

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] SoupCookieJar is never released (resulting in sqlite temp files lying around)
        https://bugs.webkit.org/show_bug.cgi?id=166029

        Reviewed by Michael Catanzaro.

        Add clearSoupNetworkSessionAndCookieStorage() to clear the SoupNetworkSession and cookie storage of the main
        network session, ensuring the cookies database is properly closed.

        * platform/network/NetworkStorageSession.h:
        * platform/network/soup/NetworkStorageSessionSoup.cpp:
        (WebCore::NetworkStorageSession::clearSoupNetworkSessionAndCookieStorage):

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        Move make-js-file-arrays.py from WebCore to JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=174024

        Reviewed by Michael Catanzaro.

        * CMakeLists.txt: Explicitly add files generated by MAKE_JS_FILE_ARRAYS to the build, since the macro no longer
        does it.
        * DerivedSources.make: Updated to use make-js-file-arrays.py from JavaScriptCore. It's no longer needed to set
        PYTHON_PATH to find jsmin.py.

2017-07-10  Charlie Turner  <cturner@igalia.com>

        [GTK] http/tests/media/video-redirect.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=174260

        Reviewed by Carlos Garcia Campos.

        Make sure we're testing new URLs within the same security origin.

        Covered by existing tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::convertToInternalProtocol): Factor out setting our
        internal URL schema.
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Use the
        refactored helper.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Use
        refactored helper to ensure both URLs have the same origin.

2017-07-08  John Wilander  <wilander@apple.com>

        Resource Load Statistics: User interaction should always go to top document
        https://bugs.webkit.org/show_bug.cgi?id=174120
        <rdar://problem/33117899>

        Reviewed by Chris Dumez.

        Test: http/tests/loading/resourceLoadStatistics/user-interaction-in-cross-origin-sub-frame.html

        * dom/UserGestureIndicator.cpp:
        (WebCore::UserGestureIndicator::UserGestureIndicator):
            Now logs user interaction for the top document.
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::setThrottledObserverNotifications):
            Test infrastructure.
        (WebCore::ResourceLoadObserver::setNotificationCallback):
            Callback now takes a ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logFrameNavigation):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
            Submits the configured ResourceLoadObserver::NotificationType.
        * loader/ResourceLoadObserver.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
            Resets to throttled notifications.
        (WebCore::Internals::setResourceLoadStatisticsThrottledObserverNotifications):
            Test infrastructure.
        * testing/Internals.h:
        * testing/Internals.idl:
            Added internals.setResourceLoadStatisticsThrottledObserverNotifications().

2017-07-09  Brady Eidson  <beidson@apple.com>

        Remove some obsolete WebKitVersionChecks.
        https://bugs.webkit.org/show_bug.cgi?id=174294

        Reviewed by Dan Bernstein.

        No new tests (No change to testable behavior)

        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::dispatchErrorEvent):
        
        * page/Settings.in:
        
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isOkCupid): Deleted.
        (WebCore::IOSApplication::isFacebook): Deleted.
        
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::layoutOverflowRectForPropagation):

2017-07-08  Brady Eidson  <beidson@apple.com>

        Remove some obsolete RuntimeApplicationChecks.
        https://bugs.webkit.org/show_bug.cgi?id=174293

        Reviewed by Dan Bernstein.

        No new tests (No change to testable behavior)

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parametersForPlugin):
        (WebCore::shouldNotPerformURLAdjustment): Deleted.

        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isDaijisenDictionary): Deleted.
        (WebCore::IOSApplication::isNASAHD): Deleted.
        (WebCore::IOSApplication::isTheEconomistOnIphone): Deleted.

        * platform/ios/wak/WebCoreThread.h:
        * platform/ios/wak/WebCoreThread.mm:
        (StartWebThread):
        (WebThreadSetDelegateSourceRunLoopMode): Deleted.

2017-07-08  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Safe access and life cycle management of bare Curl handle
        by wrapping with C++ class
        https://bugs.webkit.org/show_bug.cgi?id=174002

        Reviewed by Alex Christensen.

        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::CurlContext):
        (WebCore::CurlContext::~CurlContext):
        (WebCore::CurlContext::initCookieSession):
        (WebCore::CurlShareHandle::CurlShareHandle):
        (WebCore::CurlShareHandle::~CurlShareHandle):
        (WebCore::CurlShareHandle::lockCallback):
        (WebCore::CurlShareHandle::unlockCallback):
        (WebCore::CurlShareHandle::mutexFor):
        (WebCore::CurlMultiHandle::CurlMultiHandle):
        (WebCore::CurlMultiHandle::~CurlMultiHandle):
        (WebCore::CurlMultiHandle::addHandle):
        (WebCore::CurlMultiHandle::removeHandle):
        (WebCore::CurlMultiHandle::getFdSet):
        (WebCore::CurlMultiHandle::perform):
        (WebCore::CurlMultiHandle::readInfo):
        (WebCore::CurlHandle::CurlHandle):
        (WebCore::CurlHandle::~CurlHandle):
        (WebCore::CurlHandle::perform):
        (WebCore::CurlHandle::pause):
        (WebCore::CurlHandle::enableShareHandle):
        (WebCore::CurlHandle::setPrivateData):
        (WebCore::CurlHandle::setUrl):
        (WebCore::CurlHandle::clearUrl):
        (WebCore::CurlHandle::clearRequestHeaders):
        (WebCore::CurlHandle::appendRequestHeader):
        (WebCore::CurlHandle::enableRequestHeaders):
        (WebCore::CurlHandle::enableHttpGetRequest):
        (WebCore::CurlHandle::enableHttpHeadRequest):
        (WebCore::CurlHandle::enableHttpPostRequest):
        (WebCore::CurlHandle::setPostFields):
        (WebCore::CurlHandle::setPostFieldLarge):
        (WebCore::CurlHandle::enableHttpPutRequest):
        (WebCore::CurlHandle::setInFileSizeLarge):
        (WebCore::CurlHandle::setHttpCustomRequest):
        (WebCore::CurlHandle::enableAcceptEncoding):
        (WebCore::CurlHandle::enableAllowedProtocols):
        (WebCore::CurlHandle::enableFollowLocation):
        (WebCore::CurlHandle::enableAutoReferer):
        (WebCore::CurlHandle::enableHttpAuthentication):
        (WebCore::CurlHandle::setHttpAuthUserPass):
        (WebCore::CurlHandle::enableCAInfoIfExists):
        (WebCore::CurlHandle::setSslVerifyPeer):
        (WebCore::CurlHandle::setSslVerifyHost):
        (WebCore::CurlHandle::setSslCert):
        (WebCore::CurlHandle::setSslCertType):
        (WebCore::CurlHandle::setSslKeyPassword):
        (WebCore::CurlHandle::enableCookieJarIfExists):
        (WebCore::CurlHandle::setCookieList):
        (WebCore::CurlHandle::getCookieList):
        (WebCore::CurlHandle::clearCookieList):
        (WebCore::CurlHandle::enableProxyIfExists):
        (WebCore::CurlHandle::enableTimeout):
        (WebCore::CurlHandle::setHeaderCallbackFunction):
        (WebCore::CurlHandle::setWriteCallbackFunction):
        (WebCore::CurlHandle::setReadCallbackFunction):
        (WebCore::CurlHandle::setSslCtxCallbackFunction):
        (WebCore::CurlHandle::getEffectiveURL):
        (WebCore::CurlHandle::getPrimaryPort):
        (WebCore::CurlHandle::getResponseCode):
        (WebCore::CurlHandle::getContentLenghtDownload):
        (WebCore::CurlHandle::getHttpAuthAvail):
        (WebCore::CurlHandle::getTimes):
        (WebCore::CurlHandle::maxCurlOffT):
        (WebCore::CurlHandle::expectedSizeOfCurlOffT):
        (WebCore::CurlHandle::enableVerboseIfUsed):
        (WebCore::CurlHandle::enableStdErrIfUsed):
        (WebCore::CurlContext::getEffectiveURL): Deleted.
        (WebCore::CurlContext::createMultiHandle): Deleted.
        (WebCore::CurlContext::mutexFor): Deleted.
        (WebCore::CurlContext::lock): Deleted.
        (WebCore::CurlContext::unlock): Deleted.
        * platform/network/curl/CurlContext.h:
        (WebCore::CurlGlobal::CurlGlobal):
        (WebCore::CurlGlobal::~CurlGlobal):
        (WebCore::CurlShareHandle::handle):
        (WebCore::CurlContext::shareHandle):
        (WebCore::CurlHandle::handle):
        (WebCore::CurlHandle::url):
        (WebCore::CurlContext::curlShareHandle): Deleted.
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::~CurlDownload):
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::getUrl):
        (WebCore::CurlDownload::addHeaders):
        (WebCore::CurlDownload::didReceiveHeader):
        (WebCore::CurlDownload::writeCallback):
        * platform/network/curl/CurlDownload.h:
        * platform/network/curl/CurlJobManager.cpp:
        (WebCore::CurlJobManager::CurlJobManager):
        (WebCore::CurlJobManager::~CurlJobManager):
        (WebCore::CurlJobManager::addToCurl):
        (WebCore::CurlJobManager::removeFromCurl):
        (WebCore::CurlJobManager::workerThread):
        * platform/network/curl/CurlJobManager.h:
        (WebCore::CurlJobManager::getMultiHandle): Deleted.
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandleInternal::~ResourceHandleInternal):
        (WebCore::ResourceHandle::platformSetDefersLoading):
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
        (WebCore::calculateWebTimingInformations):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::writeCallback):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::readCallback):
        (WebCore::setupFormData):
        (WebCore::ResourceHandle::setupPUT):
        (WebCore::ResourceHandle::setupPOST):
        (WebCore::ResourceHandle::dispatchSynchronousJob):
        (WebCore::ResourceHandle::applyAuthentication):
        (WebCore::ResourceHandle::initialize):
        (WebCore::ResourceHandle::handleCurlMsg):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::removeFromCurl):
        (WebCore::ResourceHandleManager::startJob):
        * platform/network/curl/ResourceHandleManager.h:
        * platform/network/curl/SSLHandle.cpp:
        (WebCore::setSSLClientCertificate):
        (WebCore::certVerifyCallback):
        (WebCore::setSSLVerifyOptions):

2017-07-08  Antoine Quint  <graouts@apple.com>

        REGRESSION: "visibility:hidden" does not hide play button for video elements
        https://bugs.webkit.org/show_bug.cgi?id=174258
        <rdar://problem/33181452>

        Reviewed by Dean Jackson.

        In order to not have most styles from the page affect the shadow root, we set "all: initial" on the
        media controls container. However, we need to still make the "visibility" property inherit from its
        host such that "visibility: hidden" on the host won't be overridden by setting the property back to
        its initial value, which is "visible".

        Test: media/modern-media-controls/css/visibility-hidden.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container):

2017-07-08  Yusuke Suzuki  <utatane.tea@gmail.com>

        Drop NOSNIFF compile flag
        https://bugs.webkit.org/show_bug.cgi?id=174289

        Reviewed by Michael Catanzaro.

        * Configurations/FeatureDefines.xcconfig:
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::notifyLoadedSheet):
        * dom/LoadableClassicScript.cpp:
        (WebCore::LoadableClassicScript::notifyFinished):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::mimeTypeAllowedByNosniff):
        (WebCore::CachedCSSStyleSheet::canUseSheet):
        * loader/cache/CachedCSSStyleSheet.h:
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseContentTypeOptionsHeader):
        * platform/network/HTTPParsers.h:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::isScriptAllowedByNosniff):
        * platform/network/ResourceResponseBase.h:
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::didReceiveResponse):

2017-07-07  Brent Fulgham  <bfulgham@apple.com>

        [WK2] Use a rolling 30-day uptime for processing statistics
        https://bugs.webkit.org/show_bug.cgi?id=174235
        <rdar://problem/33164381>

        Reviewed by Chris Dumez.

        Add a KeyedDecoder specialization for Deque.

        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeObjects):

2017-07-07  Daniel Bates  <dabates@apple.com>

        [AppCache] Ignore fallback entries whose namespace is not prefixed with manifest path
        https://bugs.webkit.org/show_bug.cgi?id=174273
        <rdar://problem/33011682>

        Reviewed by Brent Fulgham.

        As per <https://html.spec.whatwg.org/multipage/offline.html#parsing-cache-manifests> (07/06/2017)
        we should ignore fallback entires whose fallback namespace URL is not prefixed with
        the manifest path. For now we only apply this policy when the manifest is served with
        a non-standard Content-Type to minimize web compatibility risk.

        Test: http/tests/appcache/fallback-namespace-outside-manifest-path.html

        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::didFinishLoadingManifest): Pass the MIME type of the manifest.
        * loader/appcache/ManifestParser.cpp:
        (WebCore::manifestPath): Computes the manifest path from a manifest URL.
        (WebCore::parseManifest): Modified to take the MIME type of the manifest. If the MIME type is
        non-standard (i.e. not text/cached-manifest) then skip fallback entries whose namespace is not
        prefixed with the manifest path. Otherwise, process fallback entries as we do now. Also cleaned
        up the code a bit while I was here, including renaming a local variable to be more descriptive
        and using a const character array for the manifest signature to avoid the need to document the
        length of the manifest signature in a comment.
        * loader/appcache/ManifestParser.h:

2017-07-07  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] For cross-app drags, 'drop' event handlers are never invoked if dataTransfer.dropEffect is not set while dragging
        https://bugs.webkit.org/show_bug.cgi?id=174219
        <rdar://problem/32083177>

        Reviewed by Ryosuke Niwa.

        Currently, in DragController.cpp, defaultOperationForDrag maps a drag source operation mask of
        DragOperationGeneric to DragOperationMove across all platforms. However, on iOS, where cross-app drag moves do
        not trigger a drop, this means drop handlers won't fire unless the dropEffect is explicitly set to copy.

        To fix this, we introduce DragController::platformGenericDragOperation(), which returns DragOperationCopy on iOS
        and DragOperationMove (the existing behavior) elsewhere. defaultOperationForDrag then maps a drag source
        operation mask of DragOperationGeneric to platformGenericDragOperation().

        Tests:  DataInteractionTests.ExternalSourceHTMLToUploadArea
                DataInteractionTests.ExternalSourceImageAndHTMLToUploadArea
                DataInteractionTests.ExternalSourceMoveOperationNotAllowed

        * page/DragController.cpp:
        (WebCore::DragController::platformGenericDragOperation):
        (WebCore::defaultOperationForDrag):
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::platformGenericDragOperation):

2017-07-07  Devin Rousso  <drousso@apple.com>

        Web Inspector: Show all elements currently using a given CSS Canvas
        https://bugs.webkit.org/show_bug.cgi?id=173965

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/css-canvas-clients.html

        * css/CSSImageGeneratorValue.cpp:
        (WebCore::CSSImageGeneratorValue::addClient):
        (WebCore::CSSImageGeneratorValue::removeClient):
        * css/CSSImageGeneratorValue.h:
        (WebCore::CSSImageGeneratorValue::clients):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::addObserver):
        (WebCore::HTMLCanvasElement::removeObserver):
        (WebCore::HTMLCanvasElement::cssCanvasClients):
        Each time an observer is added/removed for a given HTMLCanvasElement, send an event to the
        inspector frontend that the CSS canvas client nodes have changed. Additionally, anytime a
        client/use is added/removed from one of the observing CSSCanvasValue, fire the same event.

        * css/CSSCanvasValue.h:
        (isType):
        * html/HTMLCanvasElement.h:
        (WebCore::CanvasObserver::isCSSCanvasValueObserver):
        Allows type traits to distinguish CanvasObserver from CSSCanvasValue::CanvasObserverProxy.

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestCSSCanvasClientNodes):
        (WebCore::InspectorCanvasAgent::didChangeCSSCanvasClientNodes):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodes):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodesImpl):
        Notify the frontend that the list of client nodes has changed for the given canvas. Let the
        frontend request the actual list of node IDs when it needs, possibly at a later time.

2017-07-07  Jer Noble  <jer.noble@apple.com>

        AVPlayer can continue to be active after released by MediaPlayerPrivateAVFoundationObjC.
        https://bugs.webkit.org/show_bug.cgi?id=174264

        Reviewed by Eric Carlson.

        If the AVPlayer is retained (by an autorelease pool, or internally by other objects in
        AVFoundation), releasing the AVPlayer is not enough to cancel loading or playback. So before
        releasing the AVPlayer, make sure to disassociate the current AVPlayerItem, which should
        cancel all activity in the AVPlayer.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad):

2017-07-07  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Remove data url handler for async load
        https://bugs.webkit.org/show_bug.cgi?id=174263

        data url is handled by ResourceLoader. No need for specific handling
        in platform dependent layer.

        Reviewed by Alex Christensen.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::startJob):

2017-07-07  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219257.

        The test added in the revision was still extreamly flaky on
        all testers.

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219257

2017-07-07  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219238, r219239, and r219241.
        https://bugs.webkit.org/show_bug.cgi?id=174265

        "fast/workers/dedicated-worker-lifecycle.html is flaky"
        (Requested by yusukesuzuki on #webkit).

        Reverted changesets:

        "[WTF] Implement WTF::ThreadGroup"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219238

        "Unreviewed, build fix after r219238"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219239

        "Unreviewed, CLoop build fix after r219238"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219241

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-07  Charlie Turner  <cturner@igalia.com>

        [GStreamer] vid.me videos do not play
        https://bugs.webkit.org/show_bug.cgi?id=172240

        Reviewed by Xabier Rodriguez-Calvar.

        In r142251, code to hide the WK HTTP source elements from elsewhere in
        the pipeline was removed. This has the nasty side-effect of
        auto-plugging the WK HTTP source into things it really should not be
        used in, especially the adaptive streaming demuxers. The reasons this
        is bad are documented in several places on Bugzilla, see the parent
        bug report for more details. The high-level issue is that the WK HTTP
        source and its use of WebCore is not thread-safe. Although work has
        been recently done to improve this situation, it's still not perfect.

        Another issue is the interface hlsdemux expects its HTTP source to
        implement, specifically seeking in READY.

        This does rely on HTTP context sharing being available in GStreamer,
        upstream bug is here:
        https://bugzilla.gnome.org/show_bug.cgi?id=761099. The failing case
        can be demonstrated with
        https://github.com/thiagoss/adaptive-test-server but manual testing on
        popular video hosting sites, including vid.me, shows that this doesn't
        bite us at the moment, just something else to fix in the future.

        There are some QoS issues with the adaptive streaming code in
        GStreamer, but it seems much better to offer a below par QoS in lieu
        of crashing/livelocking when playing certain streams, and issues can be
        raised upstream when they arise.

        This patch does take us further away from the future goal of having all
        networking operations go through the network process, but in return it
        solves some nasty crashes and livelocks that have been irritating
        users for some time. With the pressure off on this issue, work can be
        planned to consider how to make the WK HTTP source a better citizen
        inside the GStreamer pipeline when we migrate the netcode to go
        through the network process.

        A new test is added to check that the single file HLS playlists
        (new in version 4) can be played, which was the primary cause of
        this bug report.

        Test: http/tests/media/hls/range-request.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Perform
        some trickery to make sure that we only ever fetch URLs handed to
        us by WebCore. Any further URLs discovered inside the pipeline
        will not get WKWS auto-plugged, since they'll be plain https?
        schemas.
        (WebCore::MediaPlayerPrivateGStreamer::load): Refactor to use the
        setPlaybinURL helper method.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Add
        the setPlaybinURL helper method.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcGetProtocols): Only advertise webkit+https?, this
        ensures we won't get auto-plugged by pipeline elements asking for
        an element to fetch https? resources (like adaptive demuxers).
        (convertPlaybinURI): Undo the trick when another element asks us
        for our URI.

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Implement WTF::ThreadGroup
        https://bugs.webkit.org/show_bug.cgi?id=174081

        Reviewed by Mark Lam.

        * page/ResourceUsageThread.h:

2017-07-06  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Clean up StringStatics.cpp by using LazyNeverDestroyed<> for Atoms
        https://bugs.webkit.org/show_bug.cgi?id=174150

        Reviewed by Mark Lam.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::captionDisplayMode):
        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::binaryType):
        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):
        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::language):
        (WebCore::AccessibilityObject::defaultLiveRegionStatusForRole):
        (WebCore::AccessibilityObject::actionVerb):
        (WebCore::AccessibilityObject::getAttribute):
        (WebCore::AccessibilityObject::placeholderValue):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::accessKey):
        (WebCore::AccessibilityObject::ariaLiveRegionRelevant):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::accessKey):
        (WebCore::AccessibilityRenderObject::actionVerb):
        * bindings/js/JSCustomElementInterface.cpp:
        (WebCore::JSCustomElementInterface::constructElementWithFallback):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::JSCustomElementRegistry::define):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDefaultValue):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsEmptyStringBody):
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::selectorText):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::valueName):
        * css/CSSSelector.cpp:
        (WebCore::simpleSelectorSpecificityInternal):
        (WebCore::CSSSelector::specificityForPage):
        (WebCore::CSSSelector::RareData::RareData):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::argument):
        * css/CSSSelectorList.cpp:
        (WebCore::SelectorNeedsNamespaceResolutionFunctor::operator()):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):
        (WebCore::RuleSet::addRule):
        * css/SelectorChecker.cpp:
        (WebCore::tagMatches):
        * css/SelectorFilter.cpp:
        (WebCore::collectDescendantSelectorIdentifierHashes):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertStringOrAuto):
        (WebCore::StyleBuilderConverter::convertStringOrNone):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueWebkitLocale):
        (WebCore::StyleBuilderCustom::applyValueWebkitTextEmphasisStyle):
        (WebCore::StyleBuilderCustom::applyValueContent):
        (WebCore::StyleBuilderCustom::applyValueAlt):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::namespaceURIFromPrefix):
        * css/makeprop.pl:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parsePageSelector):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumeCompoundSelector):
        (WebCore::CSSSelectorParser::consumeName):
        (WebCore::CSSSelectorParser::consumeAttribute):
        (WebCore::CSSSelectorParser::defaultNamespace):
        (WebCore::CSSSelectorParser::determineNamespace):
        (WebCore::CSSSelectorParser::prependTypeSelectorIfNeeded):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::attributeNameTestingRequiresNamespaceRegister):
        (WebCore::SelectorCompiler::equalTagNames):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName):
        * dom/Attr.cpp:
        (WebCore::Attr::setPrefix):
        (WebCore::Attr::attachToElement):
        * dom/Attribute.h:
        (WebCore::Attribute::nameMatchesFilter):
        * dom/ConstantPropertyMap.cpp:
        (WebCore::ConstantPropertyMap::nameForProperty):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByTagNameNS):
        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionQueue::enqueuePostUpgradeReactions):
        * dom/DatasetDOMStringMap.cpp:
        (WebCore::convertPropertyNameToAttributeName):
        * dom/Document.cpp:
        (WebCore::createUpgradeCandidateElement):
        (WebCore::Document::createElementForBindings):
        (WebCore::Document::importNode):
        (WebCore::Document::hasValidNamespaceForElements):
        (WebCore::Document::processBaseElement):
        (WebCore::Document::dir):
        (WebCore::Document::bgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::vlinkColor):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::setBooleanAttribute):
        (WebCore::Element::synchronizeAttribute):
        (WebCore::Element::getAttribute):
        (WebCore::Element::getAttributeNS):
        (WebCore::Element::setAttribute):
        (WebCore::Element::parserSetAttributes):
        (WebCore::Element::didMoveToNewDocument):
        (WebCore::Element::setPrefix):
        (WebCore::Element::insertedInto):
        (WebCore::Element::removedFrom):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttributeNS):
        (WebCore::Element::getAttributeNodeNS):
        (WebCore::Element::hasAttributeNS):
        (WebCore::Element::computeInheritedLanguage):
        (WebCore::Element::updateNameForDocument):
        (WebCore::Element::updateIdForDocument):
        (WebCore::Element::didAddAttribute):
        (WebCore::Element::didRemoveAttribute):
        (WebCore::Element::cloneAttributesFromElement):
        * dom/Element.h:
        (WebCore::Element::attributeWithoutSynchronization):
        (WebCore::Element::idForStyleResolution):
        (WebCore::Element::getIdAttribute):
        (WebCore::Element::getNameAttribute):
        * dom/EventTarget.cpp:
        (WebCore::legacyType):
        * dom/MutationRecord.h:
        (WebCore::MutationRecord::attributeName):
        (WebCore::MutationRecord::attributeNamespace):
        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::removeNamedItemNS):
        * dom/Node.cpp:
        (WebCore::Node::prefix):
        (WebCore::Node::localName):
        (WebCore::Node::namespaceURI):
        (WebCore::Node::checkSetPrefix):
        (WebCore::locateDefaultNamespace):
        (WebCore::Node::isDefaultNamespace):
        (WebCore::Node::lookupNamespaceURI):
        (WebCore::locateNamespacePrefix):
        (WebCore::Node::lookupPrefix):
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::addCachedCollection):
        (WebCore::NodeListsNodeData::cachedCollection):
        (WebCore::NodeListsNodeData::removeCacheWithAtomicName):
        (WebCore::NodeListsNodeData::removeCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::removeCachedCollection):
        * dom/PseudoElement.cpp:
        (WebCore::pseudoElementTagName):
        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::init):
        (WebCore::nullQName):
        (WebCore::createQualifiedName):
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::hasPrefix):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeSingleTagNameSelectorData):
        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromAttributeValue):
        * dom/SlotAssignment.h:
        (WebCore::SlotAssignment::defaultSlotName):
        (WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost):
        (WebCore::ShadowRoot::didChangeDefaultSlot):
        * dom/TagCollection.cpp:
        (WebCore::TagCollection::TagCollection):
        (WebCore::HTMLTagCollection::HTMLTagCollection):
        * dom/TagCollection.h:
        (WebCore::TagCollectionNS::elementMatches):
        * dom/make_names.pl:
        (printNamesCppFile):
        (printDefinitions):
        (printFactoryCppFile):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNodeAttribute):
        * editing/Editing.cpp:
        (WebCore::createHTMLElement):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
        (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
        (WebCore::MarkupAccumulator::shouldAddNamespaceAttribute):
        (WebCore::MarkupAccumulator::appendNamespace):
        (WebCore::MarkupAccumulator::appendOpenTag):
        (WebCore::MarkupAccumulator::appendAttribute):
        * editing/gtk/EditorGtk.cpp:
        (WebCore::elementURL):
        * editing/markup.cpp:
        (WebCore::AttributeChange::AttributeChange):
        * html/Autocapitalize.cpp:
        (WebCore::stringForAutocapitalizeType):
        * html/Autofill.cpp:
        (WebCore::AutofillData::createFromHTMLFormControlElement):
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::item):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::name):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::formControlType):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::toggleOpen):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::isCaseSensitiveAttribute):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::eventNameForEventHandlerAttribute):
        (WebCore::toValidDirValue):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::name):
        (WebCore::HTMLInputElement::updateType):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::name):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setMultiple):
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::scope):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::~LabelsNodeList):
        * html/MediaController.cpp:
        (MediaController::playbackState):
        (eventNameForReadyState):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        * html/parser/AtomicHTMLToken.h:
        (WebCore::AtomicHTMLToken::initializeAttributes):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createElement):
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces):
        (WebCore::parseHTMLHashNameReference):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createForeignAttributesMap):
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::id):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::captionMenuOffItem):
        (WebCore::TextTrack::captionMenuAutomaticItem):
        * html/track/TrackBase.cpp:
        (WebCore::MediaTrackBase::setKindInternal):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        * html/track/WebVTTElement.cpp:
        (WebCore::nodeTypeToTagName):
        * html/track/WebVTTElement.h:
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::StartTag):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        * loader/FrameLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::clearFailedLoadURL):
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::showModalDialog):
        * page/EventHandler.cpp:
        (WebCore::eventNameForTouchPointState):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::setName):
        (WebCore::FrameTree::clearName):
        * page/Page.cpp:
        (WebCore::Page::groupName):
        * platform/graphics/ComplexTextController.cpp:
        (WebCore::ComplexTextController::offsetForPosition):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::alternateFamilyName):
        * platform/graphics/FontDescription.h:
        (WebCore::FontCascadeDescription::initialLocale):
        * platform/graphics/FontGenericFamilies.cpp:
        (WebCore::genericFontFamilyForScript):
        * platform/graphics/InbandTextTrackPrivate.h:
        (WebCore::InbandTextTrackPrivate::inBandMetadataTrackDispatchType):
        * platform/graphics/TrackPrivateBase.h:
        (WebCore::TrackPrivateBase::id):
        (WebCore::TrackPrivateBase::label):
        (WebCore::TrackPrivateBase::language):
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        (WebCore::AVTrackPrivateAVFObjCImpl::id):
        (WebCore::AVTrackPrivateAVFObjCImpl::label):
        (WebCore::AVTrackPrivateAVFObjCImpl::language):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::label):
        (WebCore::InbandTextTrackPrivateAVCF::language):
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVCF::label):
        (WebCore::InbandTextTrackPrivateLegacyAVCF::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::label):
        (WebCore::InbandTextTrackPrivateAVFObjC::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::label):
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::language):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::metadataType):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::create):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/mediastream/AudioTrackPrivateMediaStream.h:
        * platform/mediastream/RealtimeMediaSourceSettings.cpp:
        (WebCore::RealtimeMediaSourceSettings::facingMode):
        * platform/mediastream/VideoTrackPrivateMediaStream.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::linkSuggestedFilename):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::markerText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffset):
        (WebCore::RenderText::nextOffset):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::textEmphasisMarkString):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::initialHyphenationString):
        (WebCore::RenderStyle::initialTextEmphasisCustomMark):
        (WebCore::RenderStyle::initialContentAltText):
        (WebCore::RenderStyle::initialLineGrid):
        (WebCore::RenderStyle::initialFlowThread):
        (WebCore::RenderStyle::initialRegionThread):
        * style/StyleScope.cpp:
        (WebCore::Style::Scope::collectActiveStyleSheets):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::getPresentationAttribute):
        * svg/SVGElement.h:
        (WebCore::SVGAttributeHashTranslator::hash):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::transferSizeAttributesToTargetClone):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::constructAttributeName):
        * testing/MockCDMFactory.cpp:
        (WebCore::MockCDMInstance::requestLicense):
        * xml/XMLErrors.cpp:
        (WebCore::createXHTMLParserErrorHeader):
        * xml/XPathStep.cpp:
        (WebCore::XPath::nodeMatchesBasicTest):
        (WebCore::XPath::Step::nodesInAxis):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::handleNamespaceAttributes):
        (WebCore::handleElementAttributes):

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Drop unnecessary uses of targetStatistics.dataRecordsRemoved in ResourceLoadObserver
        https://bugs.webkit.org/show_bug.cgi?id=174234

        Reviewed by Brent Fulgham.

        Drop unnecessary uses of targetStatistics.dataRecordsRemoved in ResourceLoadObserver. It is
        always 0 since this member is only initialized later on, in the UIProcess.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-06  Yoav Weiss  <yoav@yoav.ws>

        [preload] Avoid reflecting "video" and "audio" when they are not supported `as` value
        https://bugs.webkit.org/show_bug.cgi?id=174199

        Reviewed by Youenn Fablet.

        No new tests as video/audio is supported in tests. I tested this manually.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::as): Make sure "video" and "audio" will not be reflected when they are not supported.

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Drop unused ResourceLoadStatistics members
        https://bugs.webkit.org/show_bug.cgi?id=174226

        Reviewed by Brent Fulgham.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::isPrevalentResource): Deleted.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
        * loader/ResourceLoadStatistics.h:

2017-07-06  Youenn Fablet  <youenn@apple.com>

        Rendering of WebRTC audio in AudioSampleDataSource may trigger crackles
        https://bugs.webkit.org/show_bug.cgi?id=174223

        Reviewed by Eric Carlson.

        We try reading too quickly and need to back off a little bit if we do not enough data.
        This only affects real audio and not web audio, hence validated through manual testing only.

        * platform/audio/mac/AudioSampleDataSource.mm:
        (WebCore::AudioSampleDataSource::pullSamplesInternal):

2017-07-06  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for WebGL code dealing with WebGL extensions
        https://bugs.webkit.org/show_bug.cgi?id=174186

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Update files. Categorize some of the remaining custom bindings into groups.

        * bindings/IDLTypes.h:
        Add a IDLWebGLExtension type, to model the special WebGLExtension type. In
        the future, WebGLExtension can probably be replaced by a Variant.
        
        * bindings/js/JSDOMConvertWebGL.cpp: Added.
        Move WebGLAny's convertToJSValue and add a convertToJSValue for WebGLExtension.

        * bindings/js/JSDOMConvertWebGL.h:
        (WebCore::convertToJSValue):
        Since WebGLExtension is a wrapper type, we need both a pointer and reference variant
        of the conversion.

        (WebCore::JSConverter<IDLWebGLExtension>::convert):
        Added.

        * bindings/js/JSWebGL2RenderingContextCustom.cpp:
        (WebCore::toJS): Deleted.
        (WebCore::JSWebGL2RenderingContext::getExtension): Deleted.
        Remove custom operation and converter.

        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::toJS): Deleted.
        (WebCore::JSWebGLRenderingContext::getExtension): Deleted.
        Remove custom operation and converter.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Add support for IDLWebGLExtension.

        * html/canvas/WebGLAny.cpp: Removed.
        * html/canvas/WebGLAny.h:
        Moved convertToJSValue to the bindings where it belongs.

        * html/canvas/WebGLRenderingContextBase.idl:
        Annotate getExtension with [OverrideIDLType=IDLWebGLExtension].

2017-07-06  Joseph Pecoraro  <pecoraro@apple.com>

        [Cocoa] CTParagraphStyle leak under WebCore::LinkImageLayout::LinkImageLayout
        https://bugs.webkit.org/show_bug.cgi?id=174228

        Reviewed by Andreas Kling.

        * platform/mac/DragImageMac.mm:
        (WebCore::LinkImageLayout::LinkImageLayout):

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Improve performance of font lookups
        https://bugs.webkit.org/show_bug.cgi?id=173960
        <rdar://problem/31996891>

        Reviewed by Darin Adler.

        Looking up kCTFontPostScriptNameAttribute is faster than kCTFontNameAttribute.

        No new tests because there is no behavior change.

        * platform/spi/cocoa/CoreTextSPI.h:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontDatabase::fontForPostScriptName):

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(r216944): Font loads can cause Chinese characters to draw as .notdef
        https://bugs.webkit.org/show_bug.cgi?id=173962
        <rdar://problem/32925318>

        Reviewed by Simon Fraser.

        Previously, there was no signalling between our font loading code
        which determined whether or not a font should be invisible (because
        its in the middle of loading) and our system fallback code which
        created fonts when we fall off the end of the fallback list. Because
        of this, we were doing two things wrong:

        1. When we started downloading a font, we would try to use a fallback
        font. However, if the fallback font didn't suppor the character we're
        trying to render, we would just bail and draw .notdef
        2. Even if we continued down the fallback list, and fell of the end,
        we wouldn't realize that the system fallback font should also be drawn
        as invisible.

        This patch solves these two problems by:
        1. Performing a search to find the best (local) fallback font with
        which to fall systemFallbackFontForCharacter(). This way, if you say
        "font-family: 'RemoteFont', 'Helvetica'" we will use Helvetica as
        the lookup to ask the system to search for.
        2. Give the Font class an accessor which can create a duplicate, but
        invisible font. Give FontCascadeFonts::glyphDataForVariant() the
        correct tracking to know when to use this invisible duplicate.

        Tests: fast/text/font-loading-system-fallback.html
               http/tests/webfont/font-loading-system-fallback-visibility.html

        * platform/graphics/Font.cpp:
        (WebCore::Font::invisibleFont):
        * platform/graphics/Font.h:
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::findBestFallbackFont):
        (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
        (WebCore::FontCascadeFonts::glyphDataForVariant):
        * platform/graphics/FontCascadeFonts.h:

2017-07-06  Chris Dumez  <cdumez@apple.com>

        FileMonitor should not be ref counted
        https://bugs.webkit.org/show_bug.cgi?id=174166

        Reviewed by Brent Fulgham.

        Update FileMonitor to no longer be refcounted. It was previously easy to leak it
        because the object would ref itself in various lambdas. The client would have to
        explicitely call FileMonitor::stopMonitoring() which was fragile.

        This patch also simplifies the code and API a bit since no longer actually
        requires startMonitoring() / stopMonitoring() API.

        No new tests, covered by API tests.

        * platform/FileMonitor.cpp:
        (WebCore::FileMonitor::FileMonitor):
        (WebCore::FileMonitor::~FileMonitor):
        (WebCore::FileMonitor::create): Deleted.
        (WebCore::FileMonitor::startMonitoring): Deleted.
        (WebCore::FileMonitor::stopMonitoring): Deleted.
        * platform/FileMonitor.h:
        * platform/cocoa/FileMonitorCocoa.mm:
        (WebCore::FileMonitor::FileMonitor):
        (WebCore::FileMonitor::~FileMonitor):
        (WebCore::FileMonitor::startMonitoring): Deleted.
        (WebCore::FileMonitor::stopMonitoring): Deleted.

2017-07-06  Matt Rajca  <mrajca@apple.com>

        Fix build with VIDEO support disabled.
        https://bugs.webkit.org/show_bug.cgi?id=174217

        Unreviewed build fix.

        * page/Page.cpp:

2017-07-06  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219193.

        The tests added with this revision were extreamly flaky on all
        platforms.

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219193

2017-07-06  Zalan Bujtas  <zalan@apple.com>

        Use WTFLogAlways for debug logging so that it shows up in device system logs
        https://bugs.webkit.org/show_bug.cgi?id=173450

        Reviewed by Simon Fraser.

        If you want to showRenderTree() on-device, the result doesn't show in system log so you can't see it.
        Switch to WTFLogAlways to fix this, for showRenderTree and its dependencies.
        
        * platform/text/TextStream.cpp:
        (WebCore::writeIndent):
        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::showLineTreeAndMark):
        (WebCore::InlineBox::showLineBox):
        * rendering/InlineBox.h:
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::showLineTreeAndMark):
        * rendering/InlineFlowBox.h:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::showLineBox):
        * rendering/InlineTextBox.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::showLineTreeAndMark):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderObject.cpp:
        (WebCore::showRenderTreeLegend):
        (WebCore::RenderObject::showRenderTreeForThis):
        (WebCore::RenderObject::showLineTreeForThis):
        (WebCore::RenderObject::showRegionsInformation):
        (WebCore::RenderObject::showRenderObject):
        (WebCore::RenderObject::showRenderSubTreeAndMark):
        * rendering/RenderObject.h:
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::printPrefix):
        (WebCore::SimpleLineLayout::showLineLayoutForFlow):
        * rendering/SimpleLineLayoutFunctions.h:

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Unify FontCascadeFonts::glyphDataForVariant() and FontCascadeFonts::glyphDataForNormalVariant()
        https://bugs.webkit.org/show_bug.cgi?id=174213

        Reviewed by Zalan Bujtas.

        They have almost identical code. This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=173962

        No new tests because there is no behavior change.

        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::FontCascadeFonts::glyphDataForVariant):
        (WebCore::FontCascadeFonts::glyphDataForCharacter):
        (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Deleted.
        * platform/graphics/FontCascadeFonts.h:

2017-07-06  Don Olmstead  <don.olmstead@sony.com>

        [PAL] Move KillRing into PAL
        https://bugs.webkit.org/show_bug.cgi?id=173900

        Reviewed by Myles C. Maxfield.

        No new tests. No change in functionality.

        * Configurations/WebCore.xcconfig:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::Editor):
        * editing/Editor.h:
        (WebCore::Editor::killRing):
        * editing/EditorCommand.cpp:

2017-07-06  Devin Rousso  <drousso@apple.com>

        Web Inspector: Support getting the content of WebGL/WebGL2 contexts
        https://bugs.webkit.org/show_bug.cgi?id=173569
        <rdar://problem/33112420>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/requestContent-2d.html
               inspector/canvas/requestContent-webgl.html
               inspector/canvas/requestContent-webgl2.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::clearIfComposited):
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::WebGLRenderingContextBase::preventBufferClearForInspector):
        (WebCore::WebGLRenderingContextBase::setPreventBufferClearForInspector):
        Add a flag that will prevent the context buffer from being cleared, allowing it to be copied
        within a toDataURL call. This is currently only used by InspectorCanvasAgent::requestContent.

        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestContent):
        Since toDataURL attempts to force the canvas to redraw, we can preserve the buffer after it
        finishes drawing so that it can be copied, instead of it normally being swapped out.

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Move ResourceLoadObserver notification throttling logic from WebProcess class to ResourceLoadObserver
        https://bugs.webkit.org/show_bug.cgi?id=174194

        Reviewed by Brent Fulgham.

        Move ResourceLoadObserver notification throttling logic from WebProcess class to
        ResourceLoadObserver. This makes more sense and decreases the complexity of the
        WebProcess class.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::setNotificationCallback):
        (WebCore::ResourceLoadObserver::ResourceLoadObserver):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::scheduleNotificationIfNeeded):
        (WebCore::ResourceLoadObserver::notificationTimerFired):
        * loader/ResourceLoadObserver.h:

2017-07-06  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r208511): RenderImageResourceStyleImage should not assume image() won't return null if its m_cachedImage is valid
        https://bugs.webkit.org/show_bug.cgi?id=174168

        Reviewed by Simon Fraser.

        RenderImageResourceStyleImage::image() may return a null pointer even if
        its m_cachedImage is not null. The revision r208511, changed the function
        RenderImageResourceStyleImage::shutdown() so it calls Image::stopAnimation().
        But this change assumes that if m_cachedImage is not null then image() will
        return a valid pointer. This is not true because StyleCachedImage::isPending()
        can return true and hence, RenderImageResourceStyleImage::image() will return
        a null pointer.

        * rendering/RenderImageResourceStyleImage.cpp:
        (WebCore::RenderImageResourceStyleImage::image): Like what RenderImageResource
        does, return Image::nullImage() if m_styleImage->isPending().

2017-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219201.
        https://bugs.webkit.org/show_bug.cgi?id=174211

        "Causes crashes on Release builds and API tests" (Requested by
        ddkilzer on #webkit).

        Reverted changeset:

        "Add release assert to explore crash for
        <rdar://problem/32908525>"
        http://trac.webkit.org/changeset/219201

2017-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219194.
        https://bugs.webkit.org/show_bug.cgi?id=174207

        it broke some layout tests (Requested by clopez on #webkit).

        Reverted changeset:

        "[GStreamer] vid.me videos do not play"
        https://bugs.webkit.org/show_bug.cgi?id=172240
        http://trac.webkit.org/changeset/219194

2017-07-06  David Kilzer  <ddkilzer@apple.com>

        Add release assert to explore crash for <rdar://problem/32908525>

        Reviewed by Brady Eidson.

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): Add
        release assert to catch cases when the IDBBackingStore is not
        deleted before the UniqueIDBDatabase is destroyed.  The
        IDBBackingStore should always be released on the database
        thread.

2017-07-06  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219178.

        This caused a consistent failure with the API test
        StringBuilderTest.ToAtomicStringOnEmpty on all Debug testers.

        Reverted changeset:

        "[WTF] Clean up StringStatics.cpp by using
        LazyNeverDestroyed<> for Atoms"
        https://bugs.webkit.org/show_bug.cgi?id=174150
        http://trac.webkit.org/changeset/219178

2017-07-06  Charlie Turner  <cturner@igalia.com>

        [GStreamer] vid.me videos do not play
        https://bugs.webkit.org/show_bug.cgi?id=172240

        Reviewed by Xabier Rodriguez-Calvar.

        In r142251, code to hide the WK HTTP source elements from elsewhere in
        the pipeline was removed. This has the nasty side-effect of
        auto-plugging the WK HTTP source into things it really should not be
        used in, especially the adaptive streaming demuxers. The reasons this
        is bad are documented in several places on Bugzilla, see the parent
        bug report for more details. The high-level issue is that the WK HTTP
        source and its use of WebCore is not thread-safe. Although work has
        been recently done to improve this situation, it's still not perfect.

        Another issue is the interface hlsdemux expects its HTTP source to
        implement, specifically seeking in READY.

        This does rely on HTTP context sharing being available in GStreamer,
        upstream bug is here:
        https://bugzilla.gnome.org/show_bug.cgi?id=761099. The failing case
        can be demonstrated with
        https://github.com/thiagoss/adaptive-test-server but manual testing on
        popular video hosting sites, including vid.me, shows that this doesn't
        bite us at the moment, just something else to fix in the future.

        There are some QoS issues with the adaptive streaming code in
        GStreamer, but it seems much better to offer a below par QoS in lieu
        of crashing/livelocking when playing certain streams, and issues can be
        raised upstream when they arise.

        This patch does take us further away from the future goal of having all
        networking operations go through the network process, but in return it
        solves some nasty crashes and livelocks that have been irritating
        users for some time. With the pressure off on this issue, work can be
        planned to consider how to make the WK HTTP source a better citizen
        inside the GStreamer pipeline when we migrate the netcode to go
        through the network process.

        A new test is added to check that the single file HLS playlists
        (new in version 4) can be played, which was the primary cause of
        this bug report.

        Test: http/tests/media/hls/range-request.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Perform
        some trickery to make sure that we only ever fetch URLs handed to
        us by WebCore. Any further URLs discovered inside the pipeline
        will not get WKWS auto-plugged, since they'll be plain https?
        schemas.
        (WebCore::MediaPlayerPrivateGStreamer::load): Refactor to use the
        setPlaybinURL helper method.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Add
        the setPlaybinURL helper method.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcGetProtocols): Only advertise webkit+https?, this
        ensures we won't get auto-plugged by pipeline elements asking for
        an element to fetch https? resources (like adaptive demuxers).
        (convertPlaybinURI): Undo the trick when another element asks us
        for our URI.

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-05  Don Olmstead  <don.olmstead@sony.com>

        [WTF] Move SoftLinking.h into WTF
        https://bugs.webkit.org/show_bug.cgi?id=174000

        Reviewed by Alex Christensen.

        No new tests. No change in functionality

        * Modules/applepay/PaymentRequest.cpp:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.cpp:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/EditorCocoa.mm:
        * editing/cocoa/HTMLConverter.mm:
        * editing/ios/EditorIOS.mm:
        * page/CaptionUserPreferencesMediaAF.cpp:
        * page/cocoa/SettingsCocoa.mm:
        * page/ios/UserAgentIOS.mm:
        * page/mac/ServicesOverlayController.mm:
        * platform/audio/ios/AudioDestinationIOS.cpp:
        * platform/audio/ios/AudioFileReaderIOS.cpp:
        * platform/audio/ios/AudioSessionIOS.mm:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:
        * platform/cf/MediaAccessibilitySoftLink.cpp:
        * platform/cf/MediaAccessibilitySoftLink.h:
        * platform/cocoa/ContentFilterUnblockHandlerCocoa.mm:
        * platform/cocoa/CoreVideoSoftLink.cpp:
        * platform/cocoa/CoreVideoSoftLink.h:
        * platform/cocoa/DataDetectorsCoreSoftLink.h:
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        * platform/cocoa/ParentalControlsContentFilter.mm:
        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
        * platform/cocoa/VideoToolboxSoftLink.cpp:
        * platform/cocoa/VideoToolboxSoftLink.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        * platform/gamepad/cocoa/GameControllerGamepadProvider.mm:
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        * platform/graphics/avfoundation/MediaPlaybackTargetMac.mm:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        * platform/graphics/cv/PixelBufferConformerCV.cpp:
        * platform/graphics/ios/FontCacheIOS.mm:
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        * platform/graphics/mac/FontCacheMac.mm:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        * platform/graphics/mac/MediaTimeQTKit.mm:
        * platform/graphics/mac/PDFDocumentImageMac.mm:
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        * platform/ios/DragImageIOS.mm:
        * platform/ios/PlatformPasteboardIOS.mm:
        * platform/ios/PlatformScreenIOS.mm:
        * platform/ios/PlatformSpeechSynthesizerIOS.mm:
        * platform/ios/QuickLookSoftLink.h:
        * platform/ios/QuickLookSoftLink.mm:
        * platform/ios/RemoteCommandListenerIOS.mm:
        * platform/ios/ThemeIOS.mm:
        * platform/ios/ValidationBubbleIOS.mm:
        * platform/ios/WebCoreMotionManager.mm:
        * platform/ios/WebItemProviderPasteboard.mm:
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        * platform/mac/DragImageMac.mm:
        * platform/mac/MediaRemoteSoftLink.cpp:
        * platform/mac/MediaRemoteSoftLink.h:
        * platform/mac/SerializedPlatformRepresentationMac.mm:
        * platform/mac/WebPlaybackControlsManager.mm:
        * platform/mac/WebVideoFullscreenController.mm:
        * platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:
        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.mm:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        * platform/network/cf/CookieJarCFNet.cpp:
        * platform/network/ios/NetworkStateNotifierIOS.mm:
        * platform/network/ios/PreviewConverter.mm:
        * platform/network/mac/BlobDataFileReferenceMac.mm:
        * platform/spi/cocoa/AVKitSPI.h:
        (-[AVTouchBarPlaybackControlsControlling NS_ENUM]): Deleted.
        * platform/spi/cocoa/NSAttributedStringSPI.h:
        * platform/spi/ios/DataDetectorsUISPI.h:
        * platform/spi/mac/AVFoundationSPI.h:
        * platform/spi/mac/DataDetectorsSPI.h:
        * platform/spi/mac/LookupSPI.h:
        * platform/spi/mac/TUCallSPI.h:
        * platform/win/ScrollbarThemeWin.cpp:
        * rendering/RenderThemeCocoa.mm:
        * rendering/RenderThemeIOS.mm:
        * rendering/RenderThemeWin.cpp:
        * testing/Internals.mm:
        * xml/XSLStyleSheetLibxslt.cpp:
        * xml/XSLTExtensions.cpp:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/XSLTUnicodeSort.cpp:

2017-07-05  Zalan Bujtas  <zalan@apple.com>

        REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books.
        https://bugs.webkit.org/show_bug.cgi?id=174144
        <rdar://problem/32781038>

        Reviewed by Simon Fraser.

        We set the start/end margin on the ruby renderer to support overhanging content. The margins ensure that
        adjacent boxes on the line are placed properly respecting the overhanging content.
        The line breaking algorithm also takes this value into account as it affects the line's available width.
        We need to reset this value before laying out the lines, otherwise we might end up using this value on the line twice;
        first as the renderer's margins (as the result of the previous layout) and second as the renderer's overhanging value.
        Since this is not strictly part of the renderer's layout context (i.e. we set them during the line layout and not at
        RenderRubyRun::layout) we can't rely on the ruby's layout logic to reset them.

        Test: fast/ruby/ruby-overhang-margin-crash.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::layoutLineBoxes):

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        Upgrade GCC baseline
        https://bugs.webkit.org/show_bug.cgi?id=174155

        Reviewed by Michael Catanzaro.

        Remove workaround for old GCC.

        * CMakeLists.txt:

2017-07-05  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix iOS build after r219177.

        * page/ios/UserAgentIOS.mm:
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix iOS build after r219177.

        * page/ios/UserAgentIOS.mm:
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use std::lock_guard instead of std::unique_lock if move semantics and try_lock is not necessary
        https://bugs.webkit.org/show_bug.cgi?id=174148

        Reviewed by Mark Lam.

        * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
        (WebCore::AudioSourceProviderAVFObjC::~AudioSourceProviderAVFObjC):

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Clean up StringStatics.cpp by using LazyNeverDestroyed<> for Atoms
        https://bugs.webkit.org/show_bug.cgi?id=174150

        Reviewed by Mark Lam.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::captionDisplayMode):
        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::binaryType):
        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):
        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::language):
        (WebCore::AccessibilityObject::defaultLiveRegionStatusForRole):
        (WebCore::AccessibilityObject::actionVerb):
        (WebCore::AccessibilityObject::getAttribute):
        (WebCore::AccessibilityObject::placeholderValue):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::accessKey):
        (WebCore::AccessibilityObject::ariaLiveRegionRelevant):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::accessKey):
        (WebCore::AccessibilityRenderObject::actionVerb):
        * bindings/js/JSCustomElementInterface.cpp:
        (WebCore::JSCustomElementInterface::constructElementWithFallback):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::JSCustomElementRegistry::define):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDefaultValue):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsEmptyStringBody):
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::selectorText):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::valueName):
        * css/CSSSelector.cpp:
        (WebCore::simpleSelectorSpecificityInternal):
        (WebCore::CSSSelector::specificityForPage):
        (WebCore::CSSSelector::RareData::RareData):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::argument):
        * css/CSSSelectorList.cpp:
        (WebCore::SelectorNeedsNamespaceResolutionFunctor::operator()):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):
        (WebCore::RuleSet::addRule):
        * css/SelectorChecker.cpp:
        (WebCore::tagMatches):
        * css/SelectorFilter.cpp:
        (WebCore::collectDescendantSelectorIdentifierHashes):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertStringOrAuto):
        (WebCore::StyleBuilderConverter::convertStringOrNone):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueWebkitLocale):
        (WebCore::StyleBuilderCustom::applyValueWebkitTextEmphasisStyle):
        (WebCore::StyleBuilderCustom::applyValueContent):
        (WebCore::StyleBuilderCustom::applyValueAlt):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::namespaceURIFromPrefix):
        * css/makeprop.pl:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parsePageSelector):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumeCompoundSelector):
        (WebCore::CSSSelectorParser::consumeName):
        (WebCore::CSSSelectorParser::consumeAttribute):
        (WebCore::CSSSelectorParser::defaultNamespace):
        (WebCore::CSSSelectorParser::determineNamespace):
        (WebCore::CSSSelectorParser::prependTypeSelectorIfNeeded):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::attributeNameTestingRequiresNamespaceRegister):
        (WebCore::SelectorCompiler::equalTagNames):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName):
        * dom/Attr.cpp:
        (WebCore::Attr::setPrefix):
        (WebCore::Attr::attachToElement):
        * dom/Attribute.h:
        (WebCore::Attribute::nameMatchesFilter):
        * dom/ConstantPropertyMap.cpp:
        (WebCore::ConstantPropertyMap::nameForProperty):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByTagNameNS):
        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionQueue::enqueuePostUpgradeReactions):
        * dom/DatasetDOMStringMap.cpp:
        (WebCore::convertPropertyNameToAttributeName):
        * dom/Document.cpp:
        (WebCore::createUpgradeCandidateElement):
        (WebCore::Document::createElementForBindings):
        (WebCore::Document::importNode):
        (WebCore::Document::hasValidNamespaceForElements):
        (WebCore::Document::processBaseElement):
        (WebCore::Document::dir):
        (WebCore::Document::bgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::vlinkColor):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::setBooleanAttribute):
        (WebCore::Element::synchronizeAttribute):
        (WebCore::Element::getAttribute):
        (WebCore::Element::getAttributeNS):
        (WebCore::Element::setAttribute):
        (WebCore::Element::parserSetAttributes):
        (WebCore::Element::didMoveToNewDocument):
        (WebCore::Element::setPrefix):
        (WebCore::Element::insertedInto):
        (WebCore::Element::removedFrom):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttributeNS):
        (WebCore::Element::getAttributeNodeNS):
        (WebCore::Element::hasAttributeNS):
        (WebCore::Element::computeInheritedLanguage):
        (WebCore::Element::updateNameForDocument):
        (WebCore::Element::updateIdForDocument):
        (WebCore::Element::didAddAttribute):
        (WebCore::Element::didRemoveAttribute):
        (WebCore::Element::cloneAttributesFromElement):
        * dom/Element.h:
        (WebCore::Element::attributeWithoutSynchronization):
        (WebCore::Element::idForStyleResolution):
        (WebCore::Element::getIdAttribute):
        (WebCore::Element::getNameAttribute):
        * dom/EventTarget.cpp:
        (WebCore::legacyType):
        * dom/MutationRecord.h:
        (WebCore::MutationRecord::attributeName):
        (WebCore::MutationRecord::attributeNamespace):
        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::removeNamedItemNS):
        * dom/Node.cpp:
        (WebCore::Node::prefix):
        (WebCore::Node::localName):
        (WebCore::Node::namespaceURI):
        (WebCore::Node::checkSetPrefix):
        (WebCore::locateDefaultNamespace):
        (WebCore::Node::isDefaultNamespace):
        (WebCore::Node::lookupNamespaceURI):
        (WebCore::locateNamespacePrefix):
        (WebCore::Node::lookupPrefix):
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::addCachedCollection):
        (WebCore::NodeListsNodeData::cachedCollection):
        (WebCore::NodeListsNodeData::removeCacheWithAtomicName):
        (WebCore::NodeListsNodeData::removeCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::removeCachedCollection):
        * dom/PseudoElement.cpp:
        (WebCore::pseudoElementTagName):
        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::init):
        (WebCore::nullQName):
        (WebCore::createQualifiedName):
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::hasPrefix):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeSingleTagNameSelectorData):
        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromAttributeValue):
        * dom/SlotAssignment.h:
        (WebCore::SlotAssignment::defaultSlotName):
        (WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost):
        (WebCore::ShadowRoot::didChangeDefaultSlot):
        * dom/TagCollection.cpp:
        (WebCore::TagCollection::TagCollection):
        (WebCore::HTMLTagCollection::HTMLTagCollection):
        * dom/TagCollection.h:
        (WebCore::TagCollectionNS::elementMatches):
        * dom/make_names.pl:
        (printNamesCppFile):
        (printDefinitions):
        (printFactoryCppFile):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNodeAttribute):
        * editing/Editing.cpp:
        (WebCore::createHTMLElement):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
        (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
        (WebCore::MarkupAccumulator::shouldAddNamespaceAttribute):
        (WebCore::MarkupAccumulator::appendNamespace):
        (WebCore::MarkupAccumulator::appendOpenTag):
        (WebCore::MarkupAccumulator::appendAttribute):
        * editing/gtk/EditorGtk.cpp:
        (WebCore::elementURL):
        * editing/markup.cpp:
        (WebCore::AttributeChange::AttributeChange):
        * html/Autocapitalize.cpp:
        (WebCore::stringForAutocapitalizeType):
        * html/Autofill.cpp:
        (WebCore::AutofillData::createFromHTMLFormControlElement):
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::item):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::name):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::formControlType):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::toggleOpen):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::isCaseSensitiveAttribute):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::eventNameForEventHandlerAttribute):
        (WebCore::toValidDirValue):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::name):
        (WebCore::HTMLInputElement::updateType):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::name):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setMultiple):
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::scope):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::~LabelsNodeList):
        * html/MediaController.cpp:
        (MediaController::playbackState):
        (eventNameForReadyState):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        * html/parser/AtomicHTMLToken.h:
        (WebCore::AtomicHTMLToken::initializeAttributes):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createElement):
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces):
        (WebCore::parseHTMLHashNameReference):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createForeignAttributesMap):
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::id):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::captionMenuOffItem):
        (WebCore::TextTrack::captionMenuAutomaticItem):
        * html/track/TrackBase.cpp:
        (WebCore::MediaTrackBase::setKindInternal):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        * html/track/WebVTTElement.cpp:
        (WebCore::nodeTypeToTagName):
        * html/track/WebVTTElement.h:
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::StartTag):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        * loader/FrameLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::clearFailedLoadURL):
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::showModalDialog):
        * page/EventHandler.cpp:
        (WebCore::eventNameForTouchPointState):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::setName):
        (WebCore::FrameTree::clearName):
        * page/Page.cpp:
        (WebCore::Page::groupName):
        * platform/graphics/ComplexTextController.cpp:
        (WebCore::ComplexTextController::offsetForPosition):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::alternateFamilyName):
        * platform/graphics/FontDescription.h:
        (WebCore::FontCascadeDescription::initialLocale):
        * platform/graphics/FontGenericFamilies.cpp:
        (WebCore::genericFontFamilyForScript):
        * platform/graphics/InbandTextTrackPrivate.h:
        (WebCore::InbandTextTrackPrivate::inBandMetadataTrackDispatchType):
        * platform/graphics/TrackPrivateBase.h:
        (WebCore::TrackPrivateBase::id):
        (WebCore::TrackPrivateBase::label):
        (WebCore::TrackPrivateBase::language):
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        (WebCore::AVTrackPrivateAVFObjCImpl::id):
        (WebCore::AVTrackPrivateAVFObjCImpl::label):
        (WebCore::AVTrackPrivateAVFObjCImpl::language):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::label):
        (WebCore::InbandTextTrackPrivateAVCF::language):
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVCF::label):
        (WebCore::InbandTextTrackPrivateLegacyAVCF::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::label):
        (WebCore::InbandTextTrackPrivateAVFObjC::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::label):
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::language):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::metadataType):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::create):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/mediastream/AudioTrackPrivateMediaStream.h:
        * platform/mediastream/RealtimeMediaSourceSettings.cpp:
        (WebCore::RealtimeMediaSourceSettings::facingMode):
        * platform/mediastream/VideoTrackPrivateMediaStream.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::linkSuggestedFilename):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::markerText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffset):
        (WebCore::RenderText::nextOffset):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::textEmphasisMarkString):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::initialHyphenationString):
        (WebCore::RenderStyle::initialTextEmphasisCustomMark):
        (WebCore::RenderStyle::initialContentAltText):
        (WebCore::RenderStyle::initialLineGrid):
        (WebCore::RenderStyle::initialFlowThread):
        (WebCore::RenderStyle::initialRegionThread):
        * style/StyleScope.cpp:
        (WebCore::Style::Scope::collectActiveStyleSheets):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::getPresentationAttribute):
        * svg/SVGElement.h:
        (WebCore::SVGAttributeHashTranslator::hash):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::transferSizeAttributesToTargetClone):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::constructAttributeName):
        * testing/MockCDMFactory.cpp:
        (WebCore::MockCDMInstance::requestLicense):
        * xml/XMLErrors.cpp:
        (WebCore::createXHTMLParserErrorHeader):
        * xml/XPathStep.cpp:
        (WebCore::XPath::nodeMatchesBasicTest):
        (WebCore::XPath::Step::nodesInAxis):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::handleNamespaceAttributes):
        (WebCore::handleElementAttributes):

2017-07-05  Chris Dumez  <cdumez@apple.com>

        [iOS] User agent string incorrectly says "iPhone" instead of "iPad" on newer iPads
        https://bugs.webkit.org/show_bug.cgi?id=174182
        <rdar://problem/32868369>

        Reviewed by Tim Horton.

        In deviceNameForUserAgent() on iOS, we were forcefully returning "iPhone" if
        [UIApplication _isClassic] returns true. Update check to return "iPad" if
        [UIApplication _isClassic] returns true but [UIApplication _classMode] returns
        UIApplicationSceneClassicModeOriginalPad.

        * page/ios/UserAgentIOS.mm:
        (WebCore::isClassicPad):
        (WebCore::isClassicPhone):
        (WebCore::osNameForUserAgent):
        (WebCore::deviceNameForUserAgent):
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        WTF::Thread should have the threads stack bounds.
        https://bugs.webkit.org/show_bug.cgi?id=173975

        Reviewed by Keith Miller.

        When creating WebThread, we first allocate WebCore::ThreadGlobalData in UI thread
        and share it with WebThread.
        The problem is that WebCore::ThreadGlobalData has CachedResourceRequestInitiators.
        It allocates AtomicString, which requires WTFThreadData.

        Before this patch, it was OK because WTFThreadData does not touch threading related
        things except for ThreadSpecific<>. However, after this patch, it touches
        WTF::Thread::current() which requires WTF::initializeThreading().

        In this patch, we call WTF::initializeThreading() before allocating WebCore::ThreadGlobalData.
        And we also call AtomicString::init() before calling WebCore::ThreadGlobalData since
        WebCore::ThreadGlobalData allocates AtomicString.

        This fixes crashes in the iOS web threading environment (UIWebView).

        * platform/ios/wak/WebCoreThread.mm:
        (StartWebThread):

2017-07-05  Myles C. Maxfield  <mmaxfield@apple.com>

        CSSFontStyleValue::isItalic seems a bit bogus.
        https://bugs.webkit.org/show_bug.cgi?id=174149

        Reviewed by Tim Horton.

        Simple typo.

        Test: editing/execCommand/italicizeByCharacter-normal.html

        * css/CSSFontStyleValue.h:

2017-07-05  Brady Eidson  <beidson@apple.com>

        Allow navigations in subframes to get a ShouldOpenExternalURLsPolicy of "ShouldAllow".
        <rdar://problem/22485589> and https://bugs.webkit.org/show_bug.cgi?id=174178

        Reviewed by Alex Christensen.

        Test: loader/navigation-policy/should-open-external-urls/subframe-navigated-programatically-by-main-frame.html

        This patch introduces a new flag to FrameLoadRequest to track when it is known with certainty that a 
        FrameLoadRequest originates from the main frame.
        
        Later, when calculating the final ShouldOpenExternalURLsPolicy, main frames navigating iframes get to propagate
        their permissions to the iframe.
        
        * bindings/js/CommonVM.cpp:
        (WebCore::lexicalFrameFromCommonVM): Helper to grab the current frame associated with the current JS callstack.
        * bindings/js/CommonVM.h:

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):

        Add the new flag to FrameLoadRequest (and force almost everybody to explicitly include the flag):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::navigationInitiatedByMainFrame):

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::shouldOpenExternalURLsPolicyToApply): Helper that takes the new flag into account when deciding
          what the final ShouldOpenExternalURLsPolicy will be.
        (WebCore::applyShouldOpenExternalURLsPolicyToNewDocumentLoader):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        (WebCore::createWindow):
        (WebCore::FrameLoader::applyShouldOpenExternalURLsPolicyToNewDocumentLoader): Deleted.
        * loader/FrameLoader.h:

        * loader/FrameLoaderTypes.h:

        * loader/NavigationAction.h:
        (WebCore::NavigationAction::navigationInitiatedByMainFrame):
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation): Grab the "initiating frame" at the time the 
          ScheduledNavigation is created, as it dictates the policy we decide later.
        (WebCore::ScheduledNavigation::navigationInitiatedByMainFrame):
        (WebCore::NavigationScheduler::scheduleLocationChange):

        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Another build fix, for Mac.

        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceID):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Further attempts to fix the iOS public SDK build.

        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceID):
        * platform/spi/cocoa/IOSurfaceSPI.h:

2017-07-05  Don Olmstead  <don.olmstead@sony.com>

        [WinCairo] Consolidate CMake code related to CURL
        https://bugs.webkit.org/show_bug.cgi?id=170860

        Reviewed by Alex Christensen.

        No new tests. No change in functionality.

        * PlatformWinCairo.cmake:
        * platform/Curl.cmake: Added.

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove copy of ICU headers from WebKit
        https://bugs.webkit.org/show_bug.cgi?id=116407

        Reviewed by Alex Christensen.

        Use WTF's copy of ICU headers.

        No new tests because there is no behavior change.

        * Configurations/WebCore.xcconfig:
        * icu/unicode/bytestream.h: Removed.
        * icu/unicode/localpointer.h: Removed.
        * icu/unicode/parseerr.h: Removed.
        * icu/unicode/platform.h: Removed.
        * icu/unicode/ptypes.h: Removed.
        * icu/unicode/putil.h: Removed.
        * icu/unicode/rep.h: Removed.
        * icu/unicode/std_string.h: Removed.
        * icu/unicode/strenum.h: Removed.
        * icu/unicode/stringpiece.h: Removed.
        * icu/unicode/ubrk.h: Removed.
        * icu/unicode/uchar.h: Removed.
        * icu/unicode/ucnv.h: Removed.
        * icu/unicode/ucnv_err.h: Removed.
        * icu/unicode/ucol.h: Removed.
        * icu/unicode/uconfig.h: Removed.
        * icu/unicode/ucurr.h: Removed.
        * icu/unicode/uenum.h: Removed.
        * icu/unicode/uiter.h: Removed.
        * icu/unicode/uloc.h: Removed.
        * icu/unicode/umachine.h: Removed.
        * icu/unicode/unistr.h: Removed.
        * icu/unicode/unorm.h: Removed.
        * icu/unicode/unorm2.h: Removed.
        * icu/unicode/uobject.h: Removed.
        * icu/unicode/urename.h: Removed.
        * icu/unicode/uscript.h: Removed.
        * icu/unicode/uset.h: Removed.
        * icu/unicode/ustring.h: Removed.
        * icu/unicode/utext.h: Removed.
        * icu/unicode/utf.h: Removed.
        * icu/unicode/utf16.h: Removed.
        * icu/unicode/utf8.h: Removed.
        * icu/unicode/utf_old.h: Removed.
        * icu/unicode/utypes.h: Removed.
        * icu/unicode/uvernum.h: Removed.
        * icu/unicode/uversion.h: Removed.
        * platform/graphics/FontCache.h:
        (WebCore::FontDescriptionKey::makeFlagsKey):

2017-07-05  Wenson Hsieh  <wenson_hsieh@apple.com>

        When dragging a selection, clearing the selection in dragstart should not crash the web process
        https://bugs.webkit.org/show_bug.cgi?id=174142
        <rdar://problem/33067501>

        Reviewed by Tim Horton.

        Currenly, if the page clears the current selection after dragging starts on selected content, the web process
        will crash while attempting to write pasteboard data for a nonexistent selection. This patch adds a trivial
        check for this case, bailing if no DHTML dragging data was specified by the page during a selection drag and the
        selection has been cleared.

        Also removes some unused code for estimating the bounds of the current selection. On iOS, dragging was actually
        crashing earlier, in this codepath. However, this information isn't even used anymore, since the drag anchor
        point is no longer necessary on iOS.

        Test: DataInteractionTests.DoNotCrashWhenSelectionIsClearedInDragStart

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Try to fix iOS 10.3 public SDK builds.

        * platform/spi/cocoa/IOSurfaceSPI.h:

2017-07-05  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r217522): "Show My Relationship" link in familysearch.org does not work.
        https://bugs.webkit.org/show_bug.cgi?id=174070
        <rdar://problem/32940653>

        Reviewed by Simon Fraser.

        Decouple in- and out-of-flow computed position values. Now we match blink's implementation on
        in-flow values.
        This also fixes the flickering content while scrolling on hbr.org.  

        Covered by existing test cases.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::positionOffsetValue):

2017-07-05  Devin Rousso  <drousso@apple.com>

        Web Inspector: Allow users to log any tracked canvas context
        https://bugs.webkit.org/show_bug.cgi?id=173397
        <rdar://problem/33111581>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/resolveCanvasContext-2d.html
               inspector/canvas/resolveCanvasContext-webgl.html
               inspector/canvas/resolveCanvasContext-webgl2.html
               inspector/canvas/resolveCanvasContext-webgpu.html

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::contextAsScriptValue):
        (WebCore::InspectorCanvasAgent::resolveCanvasContext):

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        Style sharing check for fullscreen element seems bogus.
        https://bugs.webkit.org/show_bug.cgi?id=160196

        Reviewed by Antti Koivisto.

        No new tests (no easy way to test this reliably).

        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Add a logging channel for IOSurface allocations
        https://bugs.webkit.org/show_bug.cgi?id=174167

        Reviewed by Tim Horton.

        Add an "IOSurface" log channel, make IOSurface TextStream-loggable, and log cached
        and new IOSurface allocations. Do some namespace-related cleanup.

        * platform/Logging.h:
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::WebCore::IOSurface::create):
        (WebCore::WebCore::IOSurface::surfaceID):
        (WebCore::operator<<):

2017-07-05  Antti Koivisto  <antti@apple.com>

        Low memory notification shouldn't cause style recalc
        https://bugs.webkit.org/show_bug.cgi?id=173574
        <rdar://problem/32616997>

        Reviewed by Andreas Kling.

        Patch mostly by Myles.

        When we receive a low memory warning, we clear the style resolver. Previously, we were using
        this as an opportunity to also purge the CSSFontSelector. However, purging the font selector
        is wasteful, since the exact same set of CSSFontFace objects will be recreated as soon as the
        CSSFontSelector is recreated. It's also harmful because this purge operation causes fonts to
        be removed from the document's working set, and therefore triggers a relayout. Instead, this
        call should be softened to only delete any transitory caches the CSSFontSelector owns.

        We can simply delay the rebuild of the CSSFontSelector to
        StyleResolver::appendAuthorStyleSheets(), when it's really needed. This way, we can sidestep
        this whole problem.

        There's also an added benefit: Now, buildStarted() doesn't have to be idempotent, so we can
        enforce a stricter calling sequence with ASSERT()s.

        * css/CSSFontFaceSet.cpp:
        (WebCore::CSSFontFaceSet::emptyCaches):
        * css/CSSFontFaceSet.h:
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::emptyCaches):

            Add a separate function to clear font selector caches.

        (WebCore::CSSFontSelector::buildStarted):
        (WebCore::CSSFontSelector::buildCompleted):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::CSSFontSelector::fontModified):

            No need to invalidate while building.

        (WebCore::CSSFontSelector::fontRangesForFamily):
        * css/CSSFontSelector.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::StyleResolver):
        (WebCore::StyleResolver::addCurrentSVGFontFaceRules):

            Factor into a function from the constructor.

        (WebCore::StyleResolver::appendAuthorStyleSheets):

            Font selector build is now started and finished by StyleScope.

        * css/StyleResolver.h:
        * dom/Document.cpp:
        (WebCore::Document::resolveStyle):

            Call FrameView::styleDidChange() to update any custom scrollbars.
            This bug was hidden by spurious style recalcs, tested by fast/css/scrollbar-dynamic-style-change.html

        (WebCore::Document::userAgentShadowTreeStyleResolver):
        (WebCore::Document::didClearStyleResolver):

            Don't start the font selector rebuild after clearing the resolver. It would cause style recalc trashing.
            Instead the build starts when the new resolver is constructed.

        * page/MemoryRelease.cpp:
        (WebCore::releaseCriticalMemory):

            Release font selector caches.

        * style/StyleScope.cpp:
        (WebCore::Style::Scope::resolver):

2017-07-05  Brent Fulgham  <bfulgham@apple.com>

        [WK2] Prevent ResourceLoadStatistics from triggering a cascade of read/write events
        https://bugs.webkit.org/show_bug.cgi?id=174062\
        <rdar://problem/33086744>

        Reviewed by Chris Dumez.

        Treat DISPATCH_VNODE_DELETE, DISPATCH_VNODE_RENAME, and DISPATCH_VNODE_REVOKE as equivalent
        "file is unavailable" events, and act as though the file was deleted. Don't listen for
        DISPATCH_VNODE_EXTEND, since we always get a DISPATCH_VNODE_WRITE as well, and we only
        want to read once.

        Finally, add some logging to support future investigations.

        * platform/FileMonitor.h:
        (WebCore::FileMonitor::platformMonitor): Expose dispatch_source_t for logging purposes.
        * platform/cocoa/FileMonitorCocoa.mm:
        (WebCore::FileMonitor::startMonitoring): Add logging.
        (WebCore::FileMonitor::stopMonitoring): Ditto.

2017-07-05  Jonathan Bedard  <jbedard@apple.com>

        Add WebKitPrivateFrameworkStubs for iOS 11
        https://bugs.webkit.org/show_bug.cgi?id=173988

        Reviewed by David Kilzer.

        * Configurations/WebCore.xcconfig: iphoneos and iphonesimulator should use the
        same directory for private framework stubs.

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        Don't resolve an extra computed style for getComputedStyle in a display: none subtree.
        https://bugs.webkit.org/show_bug.cgi?id=174145

        Before this, we were also resolving the first ancestor's style as
        inheriting from itself, which felt pretty wrong (though I think it's
        not observable).

        Reviewed by Antti Koivisto.

        No new tests (non-observable behavior).

        * dom/Element.cpp:
        (WebCore::Element::resolveComputedStyle):

2017-07-05  Frederic Wang  <fwang@igalia.com>

        Move ScrolledContentsLayer property to ScrollingStateScrollingNode
        https://bugs.webkit.org/show_bug.cgi?id=174134

        Reviewed by Simon Fraser.

        ScrollingStateFrameScrollingNode and ScrollingStateOverflowScrollingNode both use a
        ScrolledContentsLayer property for the same purpose. This commit moves that property into
        their parent class ScrollingStateScrollingNode, so that more code is shared between the two
        classes. This will also help the refactoring in bug 174130.

        No new tests, only dumped tree may change a bit.

        * page/scrolling/ScrollingStateFrameScrollingNode.cpp: Remove scrolled contents layer.
        (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
        (WebCore::ScrollingStateFrameScrollingNode::setScrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateFrameScrollingNode.h: Ditto.
        * page/scrolling/ScrollingStateOverflowScrollingNode.cpp: Ditto.
        (WebCore::ScrollingStateOverflowScrollingNode::ScrollingStateOverflowScrollingNode):
        (WebCore::ScrollingStateOverflowScrollingNode::dumpProperties):
        (WebCore::ScrollingStateOverflowScrollingNode::setScrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateOverflowScrollingNode.h: Ditto.
        (): Deleted.
        (WebCore::ScrollingStateOverflowScrollingNode::scrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateScrollingNode.cpp: Add scrolled contents layer.
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setScrolledContentsLayer):
        (WebCore::ScrollingStateScrollingNode::dumpProperties): Use the label from the overflow class
        which is different from the frame class. The dumping order may change a bit too.
        * page/scrolling/ScrollingStateScrollingNode.h: Add ScrolledContentsLayer to the enum and
        scrolled contents layer.
        (WebCore::ScrollingStateScrollingNode::scrolledContentsLayer):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateBeforeChildren): Adjust enum value
        to use ScrollingStateScrollingNode::ScrolledContentsLayer.

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        ProcessingInstruction::clearExistingCachedSheet doesn't really exist.
        https://bugs.webkit.org/show_bug.cgi?id=174146

        Reviewed by Chris Dumez.

        No new tests (no functionality change).

        * dom/ProcessingInstruction.h: Remove dead declaration.

2017-07-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219128.

        Spoke with engineer who originally submitted, Patch for APi
        test to follow.

        Reverted changeset:

        "Unreviewed, rolling out r219070."
        https://bugs.webkit.org/show_bug.cgi?id=174082
        http://trac.webkit.org/changeset/219128

2017-07-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219070.

        This revision caused consistent failures of the API test
        UIPasteboardTests.DoNotPastePlainTextAsURL on iOS.

        Reverted changeset:

        "Pasting single words copied to UIPasteboard inserts URLs in
        editable areas"
        https://bugs.webkit.org/show_bug.cgi?id=174082
        http://trac.webkit.org/changeset/219070

2017-07-05  Youenn Fablet  <youenn@apple.com>

        Receiving tracks should be ended when peer connection is being closed
        https://bugs.webkit.org/show_bug.cgi?id=174109

        Reviewed by Eric Carlson.

        Test: webrtc/peer-connection-track-end.html

        As per https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close, tracks should be ended when peer connection is closed.
        Also updating transceiver stopped state.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::doClose):
        * Modules/mediastream/RTCRtpReceiver.cpp:
        (WebCore::RTCRtpReceiver::stop):
        * Modules/mediastream/RTCRtpReceiver.h:

2017-07-04  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Unreviewed, review follow-up after r218961

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings):

2017-07-04  Antti Koivisto  <antti@apple.com>

        RenderThemeCocoa::mediaControlsFormattedStringForDuration is leaking NSDateComponentsFormatters
        https://bugs.webkit.org/show_bug.cgi?id=174138

        Reviewed by Ryosuke Niwa.

        Saw a random spin here during media playback. Looks like we are leaking.

        * rendering/RenderThemeCocoa.h:
        * rendering/RenderThemeCocoa.mm:
        (WebCore::RenderThemeCocoa::mediaControlsFormattedStringForDuration):

            Reuse NSDateComponentsFormatter.

2017-07-04  Antti Koivisto  <antti@apple.com>

        FrameView should not set RenderView::logicalWidth directly for printing
        https://bugs.webkit.org/show_bug.cgi?id=174135

        Reviewed by Zalan Bujtas.

        Renderer logicalWidth should be set by layout. Direct override by RenderView when printing means
        that we don't layout children in all cases when the width changes. This is currently mostly hidden
        by spurious layouts but causes problems when trying to fix other things that reduces those.

        * page/FrameView.cpp:
        (WebCore::FrameView::forceLayoutForPagination):

            Instead of calling setLogicalWidth directly call the new setPageLogicalSize that sets both the width
            and the height uniformly.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::updateLogicalWidth):

            Use pageLogicalSize->width() in printing state instead of skipping the logical width update entirely.
            This ensures that the layout will progress to children when the page logical width changes.

        (WebCore::RenderView::initializeLayoutState):
        (WebCore::RenderView::layout):
        (WebCore::RenderView::pageOrViewLogicalHeight):
        (WebCore::RenderView::setPageLogicalSize):
        * rendering/RenderView.h:

            Replace the existing m_pageLogicalHeight with std::optional m_pageLogicalSize.

2017-07-04  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [EME] Solve a couple of compiler warnings
        https://bugs.webkit.org/show_bug.cgi?id=174020

        Reviewed by Michael Catanzaro.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::isPersistentType): Added default return and
        assertion.
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::updateKeyStatuses): This warning was
        already solved but I think adding an assertion for the default
        case can help catch errors in the future.

2017-07-04  Joseph Pecoraro  <pecoraro@apple.com>

        Cleanup some StringBuilder use
        https://bugs.webkit.org/show_bug.cgi?id=174118

        Reviewed by Andreas Kling.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::filterICECandidate):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        * contentextensions/ContentExtension.cpp:
        (WebCore::ContentExtensions::ContentExtension::compileGlobalDisplayNoneStyleSheet):
        * css/CSSFontStyleRangeValue.cpp:
        (WebCore::CSSFontStyleRangeValue::customCSSText):
        * css/CSSFontStyleValue.cpp:
        (WebCore::CSSFontStyleValue::customCSSText):
        * css/CSSGridAutoRepeatValue.cpp:
        (WebCore::CSSGridAutoRepeatValue::customCSSText):
        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceDescriptor):
        * dom/Attr.cpp:
        * html/canvas/WebGPURenderingContext.cpp:
        * html/parser/HTMLParserIdioms.cpp:
        * platform/network/ParsedContentType.cpp:
        * platform/network/cocoa/CookieCocoa.mm:
        * platform/text/mac/LocaleMac.mm:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::getAllResponseHeaders):

2017-07-03  Andreas Kling  <akling@apple.com>

        Null RenderLayer* deref in FrameView::adjustTiledBackingCoverage()
        https://bugs.webkit.org/show_bug.cgi?id=174106
        <rdar://problem/33085838>

        Reviewed by Tim Horton.

        I haven't been able to reproduce this crash locally, but I have seen
        video of someone who can, so here's a null check for the RenderView::layer()
        which could be null if we're called between RenderView construction
        and the first callback to RenderLayerModelObject::styleDidChange().

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustTiledBackingCoverage):

2017-07-03  Matt Rajca  <mrajca@apple.com>

        Add/remove appropriate media element behavior restrictions when updateWebsitePolicies is called
        https://bugs.webkit.org/show_bug.cgi?id=174103

        Reviewed by Alex Christensen.

        Test: Added API test.

        Added support for updating rate change behavior restrictions on media elements that have already
        been created.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateRateChangeRestrictions):
        * html/HTMLMediaElement.h:
        * page/Page.cpp:
        (WebCore::Page::updateMediaElementRateChangeRestrictions):
        * page/Page.h:

2017-07-03  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219103.

        Caused multiple build failures.

        Reverted changeset:

        "Remove copy of ICU headers from WebKit"
        https://bugs.webkit.org/show_bug.cgi?id=116407
        http://trac.webkit.org/changeset/219103

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove copy of ICU headers from WebKit
        https://bugs.webkit.org/show_bug.cgi?id=116407

        Reviewed by Alex Christensen.

        Use WTF's copy of ICU headers.

        No new tests because there is no behavior change.

        * Configurations/WebCore.xcconfig:
        * icu/unicode/bytestream.h: Removed.
        * icu/unicode/localpointer.h: Removed.
        * icu/unicode/parseerr.h: Removed.
        * icu/unicode/platform.h: Removed.
        * icu/unicode/ptypes.h: Removed.
        * icu/unicode/putil.h: Removed.
        * icu/unicode/rep.h: Removed.
        * icu/unicode/std_string.h: Removed.
        * icu/unicode/strenum.h: Removed.
        * icu/unicode/stringpiece.h: Removed.
        * icu/unicode/ubrk.h: Removed.
        * icu/unicode/uchar.h: Removed.
        * icu/unicode/ucnv.h: Removed.
        * icu/unicode/ucnv_err.h: Removed.
        * icu/unicode/ucol.h: Removed.
        * icu/unicode/uconfig.h: Removed.
        * icu/unicode/ucurr.h: Removed.
        * icu/unicode/uenum.h: Removed.
        * icu/unicode/uiter.h: Removed.
        * icu/unicode/uloc.h: Removed.
        * icu/unicode/umachine.h: Removed.
        * icu/unicode/unistr.h: Removed.
        * icu/unicode/unorm.h: Removed.
        * icu/unicode/unorm2.h: Removed.
        * icu/unicode/uobject.h: Removed.
        * icu/unicode/urename.h: Removed.
        * icu/unicode/uscript.h: Removed.
        * icu/unicode/uset.h: Removed.
        * icu/unicode/ustring.h: Removed.
        * icu/unicode/utext.h: Removed.
        * icu/unicode/utf.h: Removed.
        * icu/unicode/utf16.h: Removed.
        * icu/unicode/utf8.h: Removed.
        * icu/unicode/utf_old.h: Removed.
        * icu/unicode/utypes.h: Removed.
        * icu/unicode/uvernum.h: Removed.
        * icu/unicode/uversion.h: Removed.

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(Variation Fonts): Specifying Skia by PostScript name does not yield the expected result
        https://bugs.webkit.org/show_bug.cgi?id=174079
        <rdar://problem/33040854>

        Reviewed by Alex Christensen.

        Because Skia is a variation font, its PostScript name contains values to apply to its variation
        axes. However, WebKit's variation code was overwriting these intrinsive values with ones specified
        by CSS. Therefore, the intrinsic ones were being ignored. The solution is just to pass a flag from
        the lookup code to the variations code describing if the font was created via a PostScript name,
        and to not apply the CSS properties to it if it was.

        Test: fast/text/variations/skia-postscript-name.html

        * platform/graphics/FontCache.h:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::preparePlatformFont):
        (WebCore::platformFontLookupWithFamily):
        (WebCore::fontWithFamily):

2017-07-03  Brady Eidson  <beidson@apple.com>

        Switch all WebKit API related to favicons from WebIconDatabase over to new WebCore::IconLoader mechanism.
        https://bugs.webkit.org/show_bug.cgi?id=174073

        Reviewed by Andy Estes.

        Covered by existing API test.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading):
        * loader/EmptyClients.cpp:
        * loader/FrameLoaderClient.h:

2017-07-03  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove more unnecessary uses of the preprocessor in idl files
        https://bugs.webkit.org/show_bug.cgi?id=174083

        Reviewed by Alex Christensen.

        Purge as much preprocessor use as possible.

        * Configurations/FeatureDefines.xcconfig:
        Add ENABLE_NAVIGATOR_STANDALONE.

        * animation/Animatable.idl:
        Remove unnecessary check for LANGUAGE_OBJECTIVE_C. We no longer generate those bindings.

        * html/MediaError.idl:
        Use [Conditional] rather than the preprocessor.

        * page/Navigator.idl:
        Use [Conditional] rather than the preprocessor with the new ENABLE_NAVIGATOR_STANDALONE.

        * testing/Internals.cpp:
        * testing/Internals.h:
        Expose setQuickLookPassword on all platforms, as it doesn't hurt since it is only for testing,
        but make the implementation do nothing.

        * testing/Internals.idl:
        Use [Conditional] rather than the preprocessor.

2017-07-03  Daewoong Jang  <daewoong.jang@navercorp.com>

        [Curl] Fix compilation errors
        https://bugs.webkit.org/show_bug.cgi?id=174085

        Reviewed by Alex Christensen.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::initCookieSession):
        * platform/network/curl/CurlContext.h:

2017-07-03  Youenn Fablet  <youenn@apple.com>

        WebAudioSourceProviderAVFObjC should not reconfigure for each data call
        https://bugs.webkit.org/show_bug.cgi?id=174101

        Reviewed by Eric Carlson.

        Covered by manual testing, in particular
        https://webrtc.github.io/samples/src/content/peerconnection/webaudio-output/
        and https://webrtc.github.io/samples/src/content/getusermedia/volume/.
        Also improved LayoutTests web audio peer connection tests to make them more robust.

        Before the patch, reconfiguration of the web audio provider was happening for every audioSamplesAvailable call.
        It is now happening only when the format of the audio samples is changing.
        Changed some member fields from uinque_ptr to optional as a minor improvement.

        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
        (WebCore::WebAudioSourceProviderAVFObjC::provideInput):
        (WebCore::WebAudioSourceProviderAVFObjC::prepare):
        (WebCore::WebAudioSourceProviderAVFObjC::unprepare):
        (WebCore::WebAudioSourceProviderAVFObjC::audioSamplesAvailable):

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        Stop using dispatch_async in ResourceHandleCFURLConnectionDelegateWithOperationQueue
        https://bugs.webkit.org/show_bug.cgi?id=174059

        Reviewed by Andy Estes.

        Use dispatch_async_f and callOnMainThread instead.
        No change in behavior.
        This will allow me to use this code on Windows.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):

2017-07-03  Andy Estes  <aestes@apple.com>

        [Xcode] Add an experimental setting to build with ccache
        https://bugs.webkit.org/show_bug.cgi?id=173875

        Reviewed by Tim Horton.

        * Configurations/DebugRelease.xcconfig: Included ccache.xcconfig.

2017-07-02  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r218910): Crash inside textMarkerDataForFirstPositionInTextControl
        https://bugs.webkit.org/show_bug.cgi?id=174077
        <rdar://problem/33083972>

        Reviewed by Chris Fleizach.

        The bug was caused by textMarkerDataForFirstPositionInTextControl assuming that
        there is always a root editable element (a.k.a. editing host) in the text control.
        When the text control is readonly or disabled, this is not the case.

        Fixed the bug by adding an early exit when there is no editing host.

        Test: accessibility/mac/input-type-change-crash.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-07-03  Devin Rousso  <drousso@apple.com>

        Web Inspector: Support listing WebGL2 and WebGPU contexts
        https://bugs.webkit.org/show_bug.cgi?id=173396

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/create-context-2d.html
               inspector/canvas/create-context-webgl.html
               inspector/canvas/create-context-webgl2.html
               inspector/canvas/create-context-webgpu.html

        Split "inspector/canvas/create-canvas-contexts.html" into a test for each context type.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContextWebGPU):
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):

2017-07-03  Alex Christensen  <achristensen@webkit.org>

        REGRESSION(r215096) Queries of URLs with non-special schemes should not percent-encode single quotes
        https://bugs.webkit.org/show_bug.cgi?id=174051

        Reviewed by Tim Horton.

        In r215096 I added ' to the set of characters to be percent-encoded in queries,
        but for interoperability and compatibility we need to do this only for special schemes, like http.

        Covered by new API tests.

        * platform/URLParser.cpp:
        (WebCore::isC0Control):
        (WebCore::shouldPercentEncodeQueryByte):
        (WebCore::URLParser::utf8QueryEncode):
        (WebCore::URLParser::encodeQuery):

2017-07-03  Chris Fleizach  <cfleizach@apple.com>

        AX: role="none" (or presentation) does not work on iframes
        https://bugs.webkit.org/show_bug.cgi?id=173930
        <rdar://problem/33034347>

        Reviewed by Ryosuke Niwa.

        Support setting a presentational role on an iframe so that the AXWebArea disappears from the hierarchy.
        Accomplish this by adding children for attachment and scroll view elements the way other children are added.
        That is, only add the non-ignored children directly (which means move the addChild logic into AccessibilityObject.)

        Test: accessibility/presentation-role-iframe.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::AccessibilityNodeObject):
        (WebCore::AccessibilityNodeObject::insertChild): Deleted.
        (WebCore::AccessibilityNodeObject::addChild): Deleted.
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::AccessibilityObject):
        (WebCore::AccessibilityObject::insertChild):
        (WebCore::AccessibilityObject::addChild):
        (WebCore::nodeHasPresentationRole):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::addChild): Deleted.
        (WebCore::AccessibilityObject::insertChild): Deleted.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::webAreaIsPresentational):
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        (WebCore::AccessibilityRenderObject::addAttachmentChildren):
        * accessibility/AccessibilityScrollView.cpp:
        (WebCore::AccessibilityScrollView::addChildren):

2017-07-03  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219024.

        This patch cause 3 didferent test to fail.

        Reverted changeset:

        "REGRESSION(r215096) Queries of URLs with non-special schemes
        should not percent-encode single quotes"
        https://bugs.webkit.org/show_bug.cgi?id=174051
        http://trac.webkit.org/changeset/219024

2017-07-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        Pasting single words copied to UIPasteboard inserts URLs in editable areas
        https://bugs.webkit.org/show_bug.cgi?id=174082
        <rdar://problem/33046992>

        Reviewed by Tim Horton.

        Currently, our heuristics for coercing plain text to URLs when reading URLs off of the UIPasteboard allows URLs
        to be created as long as -[UIPasteboard valuesForPasteboardType:inItemSet:] returns a non-null NSURL. However,
        UIPasteboard automatically coerces any NSString into an NSURL if it initializes an NSURL via +URLWithString:.
        Thus, single-word strings such as "hello" that are written to the pasteboard as "public.utf8-plain-text" can
        be read back as NSURLs for "public.url". This currently causes bugs in shipping software: e.g. copying and
        pasting a single word from an editable input or textarea and pasting into a rich contenteditable area using
        WebKit1 inserts a link. However, when combined with another change in WebKit that attempts to read "public.url"
        before "public.text" when reading plain text from the pasteboard, this now also affects pasting in plain text
        areas, where pasted plain-text strings that are not URLs will paste as URL-encoded strings anyways (for
        instance, replacing "[hello]" with "%5Bhello%5D").

        To fix this, and existing issues with pasting single words in contenteditables, we make
        PlatformPasteboard::readString and PlatformPasteboard::readURL only accept a coerced NSURL as an URL if it also
        parses as a valid URL in WebKit (otherwise, we return an empty string).

        Tests:
            UIPasteboardTests.DoNotPastePlainTextAsURL
            UIPasteboardTests.PastePlainTextAsURL
            UIPasteboardTests.PasteURLWithPlainTextAsURL

        * platform/PlatformPasteboard.h:
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::allowReadingURLAtIndex):

        Allow an URL to be read if either (1) an URL was explicitly specified in the UIPasteboard, or (2) the "proposed"
        URL returned from -valuesForPasteboardType: is valid.

        (WebCore::PlatformPasteboard::readString):
        (WebCore::PlatformPasteboard::readURL):

        Consult allowReadingURLAtIndex here (in the case of ::readString, only if the given pasteboard type is
        "public.url").

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard itemProviders]):
        (-[WebItemProviderPasteboard setItemProviders:]):

2017-07-03  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC SPKI exports
        https://bugs.webkit.org/show_bug.cgi?id=173646

        Reviewed by Jiewen Tan.

        No new tests -- affected tests are now passing and are unskipped.

        Implement libgcrypt-based support for SPKI exports of EC keys.

        Initially, the ECParameters structure is created so that it will be later embedded
        into the SubjectPublicKeyInfo structure. First the root element of this structure
        is written into, specifying namedCurve as the chosen member (even if other choices
        are not really available). We then write out the object identifier into this
        namedCurve member that properly represents this key's curve type.

        The SubjectPublicKeyInfo structure is created next. We write out id-ecPublicKey
        identifier as the chosen algorithm identifier. Web Crypto specification demands
        that the id-ecDH identifier is used in case of ECDH keys, but no existing test in
        the W3C test suite expects this, so this should be revisited later. Data of the
        previously-constructed ECParameters structure is written out into the
        AlgorithmIdentifier's parameters member.

        The `q` MPI data is then retrieved. Its size is validated, as well as the first
        byte of data in order to ensure the MPI represents an uncompressed EC point.
        The data is then written into the subjectPublicKey member.

        Finally the encoded SubjectPublicKeyInfo structure data is extracted and returned
        from the platformExportSpki() function, completion the export operation.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::curveIdentifier):
        (WebCore::CryptoKeyEC::platformExportSpki):

2017-07-02  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove special casing for RegExp which is no longer required by the spec
        https://bugs.webkit.org/show_bug.cgi?id=174025

        Reviewed by Chris Dumez.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDictionaryImplementationContent):
        (GenerateOverloadDispatcher):
        Remove special casing.

        * bindings/scripts/IDLParser.pm:
        (parseNonAnyType):
        Remove parsing of RegExp.

        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        Update test results.

2017-07-02  Youenn Fablet  <youenn@apple.com>

        RealtimeOutgoingVideoSource should pass frame timestamp
        https://bugs.webkit.org/show_bug.cgi?id=174055

        Reviewed by Eric Carlson.

        Covered by manual testing since this only affects video encoding quality.

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::sendFrame):

2017-07-01  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/33096441> r219055 broke non-iOS builds.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):

2017-07-01  Dan Bernstein  <mitz@apple.com>

        [iOS] Remove code only needed when building for iOS 9.x
        https://bugs.webkit.org/show_bug.cgi?id=174068

        Reviewed by Tim Horton.

        * Configurations/FeatureDefines.xcconfig:
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::isDataDetectorLink):
        (WebCore::DataDetection::shouldCancelDefaultAction):
        (WebCore::constructURLStringForResult):
        (WebCore::DataDetection::detectContentInRange):
        * page/cocoa/ResourceUsageThreadCocoa.mm:
        (WebCore::vmPageSize):
        * platform/cocoa/DataDetectorsCoreSoftLink.h:
        * platform/cocoa/DataDetectorsCoreSoftLink.mm:
        * platform/graphics/FontPlatformData.cpp:
        * platform/graphics/FontPlatformData.h:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (layerContentsFormat):
        (PlatformCALayerCocoa::updateContentsFormat):
        (PlatformCALayerCocoa::backingStoreBytesPerPixel):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::extendedSRGBColorSpaceRef):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::drawPDFPage):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::variantCapsSupportsCharacterForSynthesis):
        (WebCore::Font::platformWidthForGlyph):
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::ctFont):
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::sinkIntoImage):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::setTimebase):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::systemFontModificationAttributes):
        (WebCore::systemFontDescriptor):
        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat):
        * platform/ios/LegacyTileGridTile.mm:
        (WebCore::LegacyTileGridTile::LegacyTileGridTile):
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::screenSupportsExtendedColor):
        * platform/ios/RemoteCommandListenerIOS.mm:
        (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS):
        (WebCore::RemoteCommandListenerIOS::~RemoteCommandListenerIOS):
        (WebCore::RemoteCommandListenerIOS::updateSupportedCommands):
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cg/CoreGraphicsSPI.h:
        * platform/spi/cocoa/DataDetectorsCoreSPI.h:
        * platform/spi/cocoa/QuartzCoreSPI.h:
        * platform/spi/mac/AVFoundationSPI.h:

2017-07-01  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(r218371): Reeder's default font is Times instead of San Francisco
        https://bugs.webkit.org/show_bug.cgi?id=173617
        <rdar://problem/32969819>

        Reviewed by Simon Fraser.

        On systems where USE_PLATFORM_SYSTEM_FALLBACK_LIST is set to true, the code in
        platformFontWithFamilySpecialCase() is still used when @font-face blocks specify
        src:local(system-ui), which made the assertion erroneously fire.

        Unfortunately, our architecture is such that an @font-face block represents a
        single entry in the font-family fallback list, which means it would be quite
        difficult to make local(system-ui) in an @font-face block expand at the level
        of the font cascade. So, this patch simply reverts to the previous behavior for
        local(system-ui) (which doesn't include the entire Core Text cascade list).
        This means that "font-family: system-ui" and "src: local(system-ui)" have
        different behavior, which is undesirable, but architecturally difficult to
        solve. I've added some FIXMEs to the code in the relevant places and filed
        https://bugs.webkit.org/show_bug.cgi?id=174023.

        Test: fast/text/font-face-local-system.html

        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::systemFontDescriptor):
        (WebCore::platformFontWithFamilySpecialCase):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-07-01  Ryosuke Niwa  <rniwa@webkit.org>

        Frame.h doesn't need to include FrameLoader.h, IntRect.h, and NavigationScheduler.h
        https://bugs.webkit.org/show_bug.cgi?id=174004

        Reviewed by Simon Fraser.

        Made FrameLoader and NavigationScheduler UniqueRef in Frame so that we can forward declare them,
        and forward declared IntPoint and IntRect to avoid including FrameLoader.h, IntRect.h,
        and NavigationScheduler.h in Frame.h

        * Modules/mediastream/MediaStream.cpp:
        * Modules/webaudio/AudioContext.cpp:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect): Avoid calling loader().mixedContentChecker().canRunInsecureContent(~)
        on a nullptr even though this used to work because we weren't de-referencing it.
        * bindings/js/ScriptController.cpp:
        * dom/Document.cpp:
        * dom/EventDispatcher.cpp:
        * editing/Editor.cpp:
        * editing/cocoa/EditorCocoa.mm:
        * editing/ios/EditorIOS.mm:
        * editing/mac/EditorMac.mm:
        * history/CachedPage.cpp:
        * html/HTMLObjectElement.cpp:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::DocumentLoader::~DocumentLoader): Check !isLoading() before accessing frameLoader to avoid
        accessing m_frame->loader() inside ~FrameLoader.
        * html/parser/XSSAuditor.cpp:
        * html/parser/XSSAuditorDelegate.cpp:
        * inspector/InspectorInstrumentation.h:
        * loader/CrossOriginPreflightChecker.cpp:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setOpener): Avoid accessing this FrameLoader via m_opener->loader() when it's
        this FrameLoader inside ~FrameLoader since UniqueRef<FrameLoader> is clears itself before calling
        the destructor of FrameLoader.
        * loader/ImageLoader.cpp:
        * loader/LinkLoader.cpp:
        * loader/SubframeLoader.cpp:
        * loader/appcache/ApplicationCacheGroup.cpp:
        * loader/appcache/DOMApplicationCache.cpp:
        * mathml/MathMLElement.cpp:
        * page/DOMWindow.cpp:
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::init): Moved here from Frame.h
        (WebCore::Frame::setDocument):
        * page/Frame.h:
        (WebCore::Frame::loader):
        (WebCore::Frame::navigationScheduler):
        * page/History.cpp:
        * page/Location.cpp:
        * page/PerformanceLogging.cpp:
        * page/PerformanceNavigation.cpp:
        * page/UserContentProvider.cpp:
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::initWithSimpleHTMLDocument):
        * plugins/PluginInfoProvider.cpp:
        * replay/ReplayInputCreationMethods.cpp:
        * replay/UserInputBridge.cpp:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/parser/XMLDocumentParserLibxml2.cpp:

2017-07-01  Dan Bernstein  <mitz@apple.com>

        [macOS] Remove code only needed when building for OS X Yosemite
        https://bugs.webkit.org/show_bug.cgi?id=174067

        Reviewed by Tim Horton.

        * Configurations/Base.xcconfig:
        * Configurations/DebugRelease.xcconfig:
        * Configurations/FeatureDefines.xcconfig:
        * Configurations/Version.xcconfig:
        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::setEnhancedUserInterfaceAccessibility):
        * html/HTMLCanvasElement.cpp:
        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::create):
        * page/mac/WheelEventDeltaFilterMac.h:
        * page/mac/WheelEventDeltaFilterMac.mm:
        * page/scrolling/ScrollingMomentumCalculator.cpp:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.h:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm:
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (replacementDataFromDecisionInfo):
        (WebCore::NetworkExtensionContentFilter::initialize):
        (WebCore::NetworkExtensionContentFilter::willSendRequest):
        (WebCore::NetworkExtensionContentFilter::responseReceived):
        (WebCore::NetworkExtensionContentFilter::addData):
        (WebCore::NetworkExtensionContentFilter::finishedAddingData):
        (WebCore::NetworkExtensionContentFilter::unblockHandler):
        * platform/graphics/ComplexTextController.h:
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
        (PlatformCAAnimationCocoa::setTimingFunction):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::platformInit):
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::sinkIntoImage):
        * platform/graphics/cocoa/WebGPULayer.mm:
        (-[WebGPULayer initWithGPUDevice:]):
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
        * platform/graphics/mac/WebGLLayer.mm:
        (-[WebGLLayer initWithGraphicsContext3D:]):
        * platform/mac/BlacklistUpdater.mm:
        * platform/mac/PlatformScreenMac.mm:
        (WebCore::screenSupportsExtendedColor):
        * platform/mac/ValidationBubbleMac.mm:
        (WebCore::ValidationBubble::ValidationBubble):
        * platform/mac/WebGLBlacklist.mm:
        (WebCore::WebGLBlacklist::create):
        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        * platform/network/mac/CertificateInfoMac.mm:
        (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate):
        * platform/network/mac/CookieJarMac.mm:
        (WebCore::setCookiesFromDOM):
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cg/CoreGraphicsSPI.h:
        * platform/spi/cocoa/NEFilterSourceSPI.h:
        * platform/spi/cocoa/NSURLConnectionSPI.h:
        * platform/spi/cocoa/QuartzCoreSPI.h:
        * platform/spi/mac/NSScrollingInputFilterSPI.h:
        * platform/spi/mac/NSScrollingMomentumCalculatorSPI.h:
        * platform/spi/mac/TUCallSPI.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::levelIndicatorFor):
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendKERNTable):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

2017-06-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

        If an image appears more than once on a page, decoding for painting one instance repaints them all
        https://bugs.webkit.org/show_bug.cgi?id=169944

        Reviewed by Simon Fraser.

        Make the Image::draw*() and GraphicsContext::draw*() functions return an
        ImageDrawResult which indicates whether the image is drawn or has requested
        an asynchronous image decoding.

        If the image requested an asynchronous image decoding, the issuer of the
        Image::draw(), which is of type CachedImageClient, will add itself to a
        set of m_pendingImageDrawingClients, which owned by CachedImage.

        When receiving the imageFrameAvailable() notification for a lrage image 
        from the decoding thread, CachedImage will loop through the clients that
        are only in m_pendingImageDrawingClients to ask them to repaint their
        rectangles.

        Test: fast/images/async-image-multiple-clients-repaint.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::didRemoveClient):
        (WebCore::CachedImage::addPendingImageDrawingClient):
        (WebCore::CachedImage::allClientsRemoved):
        (WebCore::CachedImage::clear):
        (WebCore::CachedImage::imageFrameAvailable):
        * loader/cache/CachedImage.h:
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::draw):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/CrossfadeGeneratedImage.cpp:
        (WebCore::CrossfadeGeneratedImage::draw):
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/GeneratedImage.h:
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::draw):
        * platform/graphics/GradientImage.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        * platform/graphics/Image.h:
        * platform/graphics/ImageTypes.h:
        * platform/graphics/NamedImageGeneratedImage.cpp:
        (WebCore::NamedImageGeneratedImage::draw):
        * platform/graphics/NamedImageGeneratedImage.h:
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::draw):
        * platform/graphics/cg/PDFDocumentImage.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawForContainer):
        (WebCore::SVGImage::draw):
        * svg/graphics/SVGImage.h:
        * svg/graphics/SVGImageForContainer.cpp:
        (WebCore::SVGImageForContainer::draw):
        * svg/graphics/SVGImageForContainer.h:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r214194): Safari leaves a popup window open opened during before unload
        https://bugs.webkit.org/show_bug.cgi?id=174016

        Reviewed by Chris Dumez.

        Address Dan's review comments.

        * loader/NavigationDisabler.h:
        (WebCore::NavigationDisabler::NavigationDisabler):
        (WebCore::NavigationDisabler::~NavigationDisabler):

2017-06-30  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Text indicators for dragged links should always be legible if the link is legible
        https://bugs.webkit.org/show_bug.cgi?id=173860
        <rdar://problem/32974385>

        Reviewed by Tim Horton.

        Currently, TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges ensures that links backed by a
        RenderReplaced element don't render blank text indicators by additionally forcing the
        TextIndicatorOptionPaintAllContent option in order to capture the RenderReplaced content. If estimated
        background color is requested, this patch adds an additional path for "upgrading" the text indicator to paint
        all content: if the text color is not legible against the estimated background color, then it is likely that the
        background color estimate failed or the link itself was not legible in the first place; in the former case, to
        ensure that the link is still legible, we upgrade the given TextIndicatorOptions to paint all contents in the
        range.

        There is currently no way to test this, and also no simple way to introduce infrastructure to test text
        indicators.

        * page/TextIndicator.cpp:
        (WebCore::estimatedTextColorsForRange):

        Estimates all text colors that appear in a range by iterating over the text node renderers and consulting their
        render styles.

        (WebCore::adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary):

        If foreground text color is deemed not legible, force TextIndicatorOptionPaintAllContent instead of
        TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges.

        (WebCore::initializeIndicator):
        * rendering/TextPaintStyle.cpp:
        (WebCore::textColorIsLegibleAgainstBackgroundColor):
        (WebCore::adjustColorForVisibilityOnBackground):

        Allow other parts of WebCore to check the legibility of text against a background color.

        * rendering/TextPaintStyle.h:

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        REGRESSION(r215096) Queries of URLs with non-special schemes should not percent-encode single quotes
        https://bugs.webkit.org/show_bug.cgi?id=174051
        <rdar://problem/33002846>

        Reviewed by Tim Horton.

        In r215096 I added ' to the set of characters to be percent-encoded in queries,
        but for interoperability and compatibility we need to do this only for special schemes, like http.

        Covered by new API tests.

        * platform/URLParser.cpp:
        (WebCore::isC0Control):
        (WebCore::shouldPercentEncodeQueryByte):
        (WebCore::URLParser::utf8QueryEncode):
        (WebCore::URLParser::encodeQuery):

2017-06-30  Daniel Bates  <dabates@apple.com>

        Attempt to fix the build following <https://trac.webkit.org/changeset/219019>
        (https://bugs.webkit.org/show_bug.cgi?id=165160)

        Export the FrameLoadRequest move constructor and move operator so that they
        can be used from WebKit.

        * loader/FrameLoadRequest.h:

2017-06-30  Don Olmstead  <don.olmstead@sony.com>

        [WebCore] Update AXObjectCache for !HAVE(ACCESSIBILITY)
        https://bugs.webkit.org/show_bug.cgi?id=174045

        Reviewed by Konstantin Tokarev.

        No new tests. No change in behavior.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::checkedStateChanged):
        (WebCore::AXObjectCache::childrenChanged):
        (WebCore::AXObjectCache::deferRecomputeIsIgnored):
        (WebCore::AXObjectCache::deferTextChangedIfNeeded):
        (WebCore::AXObjectCache::focusAriaModalNodeTimerFired):
        (WebCore::AXObjectCache::handleAriaExpandedChange):
        (WebCore::AXObjectCache::handleAriaRoleChanged):
        (WebCore::AXObjectCache::handleAttributeChanged):
        (WebCore::AXObjectCache::handleScrollbarUpdate):
        (WebCore::AXObjectCache::liveRegionChangedNotificationPostTimerFired):
        (WebCore::AXObjectCache::notificationPostTimerFired):
        (WebCore::AXObjectCache::passwordNotificationPostTimerFired):
        (WebCore::AXObjectCache::performDeferredCacheUpdate):
        (WebCore::AXObjectCache::postNotification):
        (WebCore::AXObjectCache::postPlatformNotification):
        (WebCore::AXObjectCache::postTextReplacementNotification):
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl):
        (WebCore::AXObjectCache::postTextStateChangeNotification):
        (WebCore::AXObjectCache::recomputeIsIgnored):
        (WebCore::AXObjectCache::textChanged):
        (WebCore::AXObjectCache::updateCacheAfterNodeIsAttached):
        (WebCore::AXObjectCache::focusAriaModalNode): Deleted.

2017-06-30  Daniel Bates  <dabates@apple.com>

        Attempt to fix the Apple Windows build following <https://trac.webkit.org/changeset/219013>
        (https://bugs.webkit.org/show_bug.cgi?id=165160)

        Make FrameLoadRequest move constructor and move operator out-of-line so that callers
        do not need to include header SecurityOrigin.h.

        * loader/FrameLoadRequest.cpp:
        * loader/FrameLoadRequest.h:

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        Stop soft linking with CFNetwork
        https://bugs.webkit.org/show_bug.cgi?id=174029

        Reviewed by Jer Noble.

        We link directly with CFNetwork.  There's no reason to soft link, 
        and it is causing a problem with linking when doing interesting things with CFNetwork.

        * platform/spi/cf/CFNetworkSPI.h:

2017-06-30  Daniel Bates  <dabates@apple.com>

        API::FrameInfo should know the web page that contains the frame; add API property webView to WKFrameInfo
        https://bugs.webkit.org/show_bug.cgi?id=165160
        <rdar://problem/29451999>

        Reviewed by Brady Eidson.

        Pass the document that is requesting the load to the loader.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab): Pass the document when instantiating the FrameLoadRequest.
        Also use C++11 brace initialization to instantiate ResourceRequest.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate): Pass the document when instantiating the FrameLoadRequest.
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Moved from FrameLoadRequest.h.
        (WebCore::FrameLoadRequest::requester): Added.
        (WebCore::FrameLoadRequest::requesterSecurityOrigin): Added.
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Marked as WEBCORE_EXPORT and modified to take
        the document that requested the load.
        (WebCore::FrameLoadRequest::requester): Deleted; made out-of-line/moved to FrameLoadRequest.cpp.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected): Pass the document when instantiating the FrameLoadRequest. Also use C++11
        brace initialization to instantiate ResourceRequest.
        (WebCore::FrameLoader::loadURLIntoChildFrame): Pass the document when instantiating the FrameLoadRequest.
        (WebCore::FrameLoader::loadFrameRequest): Substitute FrameLoadRequest::requesterSecurityOrigin() for
        FrameLoadRequest::requester() as the former replaces the latter.
        (WebCore::FrameLoader::loadURL): Pass the document when instantiating the NavigationAction.
        (WebCore::FrameLoader::load): Ditto.
        (WebCore::FrameLoader::loadWithDocumentLoader): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        (WebCore::FrameLoader::reload): Ditto.
        (WebCore::FrameLoader::loadPostRequest): Ditto.
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Pass the document when instantiating the NavigationAction.
        (WebCore::FrameLoader::loadDifferentDocumentItem): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        (WebCore::createWindow): Pass the document when instantiating the NavigationAction.
        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction): Modified to take the source document.
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::isEmpty): Consider a NavigationAction empty if does not have a source document
        or the associated ResourceRequest has an empty URL.
        (WebCore::NavigationAction::sourceDocument): Added.
        (WebCore::NavigationAction::NavigationAction): Deleted; made out-of-line/moved to NavigationAction.cpp to
        avoid the need to include the header Document.h.
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Store the document that scheduled the navigation.
        Also use C++11 brace initialization to instantiate in the member initialization list.
        (WebCore::ScheduledURLNavigation::initiatingDocument): Added. Retrieves the document that scheduled the navigation.
        (WebCore::NavigationScheduler::scheduleLocationChange): Pass the document when instantiating the FrameLoadRequest.
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected): Pass the document when instantiating the FrameLoadRequest.
        Also use C++11 brace initialization syntax to instantiate the FrameLoadRequest.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow): Pass the document when instantiating the FrameLoadRequest.

2017-06-29  Jer Noble  <jer.noble@apple.com>

        Make Legacy EME API controlled by RuntimeEnabled setting.
        https://bugs.webkit.org/show_bug.cgi?id=173994

        Reviewed by Sam Weinig.

        Add a new RuntimeEnabledFeatures setting to control the availability of the WebKit prefixed EME APIs.

        * Configurations/FeatureDefines.xcconfig:
        * Modules/encryptedmedia/legacy/WebKitMediaKeyMessageEvent.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeyNeededEvent.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeySession.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeys.idl:
        * dom/Element.idl:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
        (WebCore::HTMLMediaElement::webkitSetMediaKeys):
        (WebCore::HTMLMediaElement::keyAdded):
        * html/HTMLMediaElement.idl:
        * html/WebKitMediaKeyError.idl:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setLegacyEncryptedMediaAPIEnabled):
        (WebCore::RuntimeEnabledFeatures::legacyEncryptedMediaAPIEnabled):

2017-06-30  Chris Dumez  <cdumez@apple.com>

        Move ResourceLoadStatisticsStore to WebKit2/UIProcess
        https://bugs.webkit.org/show_bug.cgi?id=174033

        Reviewed by Brent Fulgham.

        Move ResourceLoadStatisticsStore to WebKit2/UIProcess since it is only
        used in the WebKit2 UIProcess.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/ResourceLoadObserver.cpp:
        (WebCore::primaryDomain):
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::primaryDomain):
        * loader/ResourceLoadStatistics.h:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        Ran sort-Xcode-project-file.

        * WebCore.xcodeproj/project.pbxproj:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r214194): Safari leaves a popup window open opened during before unload
        https://bugs.webkit.org/show_bug.cgi?id=174016

        Reviewed by Chris Dumez.

        The bug was caused by WebKit allowing the opening of a new window via window.open but disallowing
        the initial navigation within the newly opened window while a beforeunload event is being dispatched.

        Because some websites which opens a window during a beforeunload event relies on the opened page
        to communicate back in order to close it. This resulted in a newly opened popup window with about:blank
        being left out on those websites.

        Fixed the bug by allowing the navigation of a new window as well as an existing another window.
        More concretely, we disallow navigations within the same frame tree as the one in which a beforeunload
        event is being dispatched, and allow navigations elsewhere (i.e. different window / page).
        During the destruction of a frame-less document, disallow all the navigations.

        Tests: fast/events/before-unload-navigate-different-window.html
               fast/events/before-unload-open-window.html
               fast/events/before-unload-sibling-frame.html

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::isNavigationAllowed):
        (WebCore::FrameLoader::shouldClose):
        * loader/NavigationDisabler.h: Added. Extracted from NavigationScheduler.h
        (WebCore::NavigationDisabler::NavigationDisabler): Increment the newly added counter on MainFrame unless
        the frame is null (during the destruction of a frameless document) in which case we increment the global
        disable count.
        (WebCore::NavigationDisabler::~NavigationDisabler): Ditto for decrementation.
        (WebCore::NavigationDisabler::isNavigationAllowed): Only allow the navigation when there is no frameless
        document in destruction, and none of the frame in the same frame tree as the one given is currently in
        the process of dispatching a beforeunload event.
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::shouldScheduleNavigation):
        * loader/NavigationScheduler.h:
        (WebCore::NavigationDisabler): Moved to NavigationDisabler.h.
        * page/MainFrame.h:
        (WebCore::MainFrame): Added s_globalNavigationDisableCount.

2017-06-30  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for conditionally read-write attributes
        https://bugs.webkit.org/show_bug.cgi?id=173993

        Reviewed by Alex Christensen.

        The MEDIA_SOURCE feature/conditional requires changing a few readonly
        attributes into read-write attributes. In the past we handled this with
        custom bindings. This patch adds a new extended attribute, ConditionallyReadWrite
        which achieves the same result.

        * WebCore.xcodeproj/project.pbxproj:
        Move a few custom binding to the "GC / Wrapping Only" group.

        * bindings/js/JSAudioTrackCustom.cpp:
        (WebCore::JSAudioTrack::setKind): Deleted.
        (WebCore::JSAudioTrack::setLanguage): Deleted.
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrack::setLanguage): Deleted.
        * bindings/js/JSVideoTrackCustom.cpp:
        (WebCore::JSVideoTrack::setKind): Deleted.
        (WebCore::JSVideoTrack::setLanguage): Deleted.
        Remove no longer needed custom bindings.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        (GenerateAttributeSetterDefinition):
        (GenerateCallbackImplementationContent):
        (GenerateHashTableValueArray):
        (GenerateHashTable):
        Pipe ConditionallyReadWrite through the generator.

        * bindings/scripts/IDLAttributes.json:
        Add ConditionallyReadWrite.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/TestObj.idl:
        Add tests for ConditionallyReadWrite.

        * html/track/AudioTrack.idl:
        * html/track/TextTrack.idl:
        * html/track/VideoTrack.idl:
        Replace [Custom] with [ConditionallyReadWrite].

2017-06-30  Chris Dumez  <cdumez@apple.com>

        ResourceLoadObserver does not need a ResourceLoadStatisticsStore
        https://bugs.webkit.org/show_bug.cgi?id=174013

        Reviewed by Brent Fulgham.

        ResourceLoadObserver does not need a ResourceLoadStatisticsStore. ResourceLoadStatisticsStore is too complicated for its needs.
        ResourceLoadStatisticsStore can then be moved to WebKit2/UIProcess in a follow-up.

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect):
        * dom/UserGestureIndicator.cpp:
        (WebCore::UserGestureIndicator::UserGestureIndicator):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadResourceSynchronously):
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::shared):
        (WebCore::ResourceLoadObserver::setNotificationCallback):
        (WebCore::ResourceLoadObserver::shouldLog):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::ensureResourceStatisticsForPrimaryDomain):
        (WebCore::ResourceLoadObserver::takeResourceStatisticsForPrimaryDomain):
        (WebCore::ResourceLoadObserver::isPrevalentResource):
        (WebCore::ResourceLoadObserver::statisticsForOrigin):
        (WebCore::ResourceLoadObserver::takeStatistics):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        * loader/ResourceLoadStatisticsStore.h:
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal):
        * testing/Internals.cpp:
        (WebCore::Internals::resourceLoadStatisticsForOrigin):

2017-06-30  Fujii Hironori  <Hironori.Fujii@sony.com>

        ASSERTION FAILED: !canAnimate() && !m_currentFrame
        https://bugs.webkit.org/show_bug.cgi?id=173089

        Reviewed by Said Abou-Hallawa.

        WebCore::BitmapImage::draw() has an assertion which ensures
        m_currentFrame is zero in case of async decoding. But, this
        assertion failed if an GIF animation image which have finished its
        animation was repainted. In that time, m_currentFrame was the last
        frame index of the image.

        Test: fast/images/animated-gif-paint-after-animation.html

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::draw): Assert m_currentFrame is zero or the animation finished.
        Call requestFrameAsyncDecodingAtIndex with m_currentFrame instead of zero.

2017-06-30  Ross Kirsling  <ross.kirsling@sony.com>

        [PAL] Move Sound into PAL
        https://bugs.webkit.org/show_bug.cgi?id=173999

        Reviewed by Alex Christensen.

        * Configurations/WebCore.xcconfig:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::cut):
        (WebCore::Editor::copy):
        (WebCore::Editor::performDelete):
        * editing/EditorCommand.cpp:
        (WebCore::executeSelectToMark):
        (WebCore::executeSwapWithMark):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::takeFindStringFromSelection):
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::beep):
        * platform/Sound.h: Removed.

2017-06-30  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Drag caret rect is incorrectly computed when dropping in editable content in iframes
        https://bugs.webkit.org/show_bug.cgi?id=174017
        <rdar://problem/32959782>

        Reviewed by Simon Fraser.

        We're currenly computing the drag caret rect (for the purposes of presentation at the client layers)
        incorrectly, in per-frame document coordinates instead of root view coordinates in the mainframe. This means
        drag caret geometry from embedded iframes in the document will show up in the content view with a rect in the
        coordinate space of the iframe.

        To fix this, we need to convert the drag caret rect to root view coordinates. This patch teaches
        DragCaretController to do this, and tweaks WebKit/WebKit2 to use caretRectInRootViewCoordinates.

        Test: DataInteractionTests.ExternalSourcePlainTextToIFrame

        * editing/FrameSelection.cpp:
        (WebCore::DragCaretController::caretRectInRootViewCoordinates):
        * editing/FrameSelection.h:

2017-06-30  Sam Weinig  <sam@webkit.org>

        [WebIDL] Replace use of __is_polymorphic with standard std::is_polymorphic<>::value
        https://bugs.webkit.org/show_bug.cgi?id=174012

        Reviewed by Alex Christensen.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Replace __is_polymorphic with standard std::is_polymorphic<>::value. Remove clang
        specific guard now that we are using something other compilers support.

        * bindings/scripts/test/JS/JSInterfaceName.cpp:
        * bindings/scripts/test/JS/JSMapLike.cpp:
        * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
        * bindings/scripts/test/JS/JSTestIterable.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestStringifier.cpp:
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        Update test results.

2017-06-30  Youenn Fablet  <youenn@apple.com>

       Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
       https://bugs.webkit.org/show_bug.cgi?id=169389

       Reviewed by Alex Christensen.

       Covered by manual testing (appr.tc and https://youennf.github.io/webrtc-tests/src/content/peerconnection/trickle-ice/).
       Updated test is showing some more failing but this is due to the fact that we are no longer totally lying on the configuration of the
        underlying libwebrtc backend.

        Previously, we were creating a libwebrtc peer connection and then setting its configuration.
        libwebrtc does not like the configuration to be changed and may refuse to set the configuration.
        Instead of doing that, we are now creating the libwebrtc peer connection with the provided configuration.

        ICE candidate pool size is disabled as it is creating issues with running tests on bots.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setConfiguration):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::initializeWith):
        (WebCore::iceServersFromConfiguration):
        (WebCore::RTCPeerConnection::initializeConfiguration):
        (WebCore::RTCPeerConnection::setConfiguration):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::LibWebRTCMediaEndpoint):
        (WebCore::LibWebRTCMediaEndpoint::setConfiguration):
        (WebCore::LibWebRTCMediaEndpoint::stop):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        (WebCore::LibWebRTCPeerConnectionBackend::setConfiguration):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:
        * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
        (WebCore::createActualPeerConnection):
        (WebCore::LibWebRTCProvider::createPeerConnection):
        * platform/mediastream/libwebrtc/LibWebRTCProvider.h:


2017-06-30  Antoine Quint  <graouts@apple.com>

        Top controls bars should invert with right-to-left user interface layout direction locale
        https://bugs.webkit.org/show_bug.cgi?id=173989
        <rdar://problem/32863552>

        Reviewed by Dean Jackson.

        When the user interface layout direction is set by the locale to be right-to-left, we now:

            - invert the two top controls bars
            - invert the layout order for the fullscreen / PiP controls bar
            - orient the volume button the opposite direction when presented in a top controls bar

        Test: media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-rtl.html

        * Modules/modern-media-controls/controls/icon-service.js: Add new RTL variants for the mute and unmute icons.
        * Modules/modern-media-controls/controls/inline-media-controls.css: Invert the position of the two top controls
        bars when we switch user interface layout direction.
        (.media-controls.inline.uses-ltr-user-interface-layout-direction > .controls-bar.top-left,):
        (.media-controls.inline.uses-ltr-user-interface-layout-direction > .controls-bar.top-right,):
        (.media-controls.inline > .controls-bar.top-left): Deleted.
        (.media-controls.inline > .controls-bar.top-right): Deleted.
        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype.layout): Default to using the LTR variant for the mute button icon since
        it should only use the RTL variant in case the locale requires it *and* we display the mute button in a
        top controls bar rather than the bottom controls bar (ie. when width becomes constrained).
        (InlineMediaControls.prototype._topLeftContainerButtons): Invert the order of the fullscreen and PiP
        buttons based on the user interface layout direction.
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        (InlineMediaControls):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.set usesLTRUserInterfaceLayoutDirection): Schedule a layout when the user interface
        layout direction changes.
        * Modules/modern-media-controls/controls/mute-button.js: Add a new "usesRTLIconVariant" property, false by
        default, to indicate we want to use the RTL variant of the button's icon.
        (MuteButton):
        (MuteButton.prototype.get muted):
        (MuteButton.prototype.set muted):
        (MuteButton.prototype.set usesRTLIconVariant):
        (MuteButton.prototype.layout):
        * Modules/modern-media-controls/images/iOS/Mute-RTL.svg: Added.
        * Modules/modern-media-controls/images/iOS/VolumeHi-RTL.svg: Added.
        * Modules/modern-media-controls/images/macOS/Mute-RTL.svg: Added.
        * Modules/modern-media-controls/images/macOS/VolumeHi-RTL.svg: Added.
        * Modules/modern-media-controls/media/media-controller.js: Use an ivar to track when it's worth notifying the
        media controls that the user interface layout direction has changed. This means we won't need to schedule a
        layout in case it's set to the current value.
        (MediaController):
        (MediaController.prototype.set usesLTRUserInterfaceLayoutDirection):

2017-06-29  Zalan Bujtas  <zalan@apple.com>

        BreakingContext::handleReplaced() should use replacedBox instead of m_current.renderer().
        https://bugs.webkit.org/show_bug.cgi?id=174011

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::handleReplaced):
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::applyOverhang):
        * rendering/line/LineWidth.h:

2017-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Web content process crashes when the selection is moved far offscreen in dragstart
        https://bugs.webkit.org/show_bug.cgi?id=174010
        <rdar://problem/32597802>

        Reviewed by Tim Horton.

        The TextIndicator snapshot generated in createDragImageForSelection is not guaranteed to succeed; this patch
        adds a null check following TextIndicator::createWithSelectionInFrame and bails early if the snapshot was not
        successful.

        Test: DataInteractionTests.DoNotCrashWhenSelectionMovesOffscreenAfterDragStart

        * platform/ios/DragImageIOS.mm:
        (WebCore::createDragImageForSelection):

2017-06-29  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/mac/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-28  Simon Fraser  <simon.fraser@apple.com>

        getBoundingClientRect returns wrong value for combination of page zoom and scroll
        https://bugs.webkit.org/show_bug.cgi?id=173841
        rdar://problem/32983841

        Reviewed by Dean Jackson.

        The layout viewport returned by FrameView::layoutViewportRect() is affected by page (Command-+) zooming,
        since it's computed using scroll positions, so when we use its origin to convert into client coordinates
        (which are zoom-agnostic), we need to account for page zoom, so fix FrameView::documentToClientOffset()
        to do this.

        Callers of documentToClientOffset() were checked, revealing that event client coordinates were also
        wrong with page zoom and are fixed in the same way. It was found that SimulatedClick was using an
        entirely wrong rect to compute its location: Element::clientRect() is NOT in client coordinates,
        so change this code to use getBoundingClientRect() instead.

        Minor refactoring in MouseRelatedEvent to make getting to the FrameView cleaner.

        Some geometry types enhanced to have non-mutating scale functions.

        Tests: fast/events/simulated-click-zoomed.html
               fast/visual-viewport/client-rects-relative-to-layout-viewport-zoomed.html

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::init):
        (WebCore::MouseRelatedEvent::initCoordinates):
        (WebCore::MouseRelatedEvent::frameView):
        (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor):
        (WebCore::MouseRelatedEvent::computePageLocation):
        (WebCore::MouseRelatedEvent::computeRelativePosition):
        (WebCore::pageZoomFactor): Deleted.
        (WebCore::frameScaleFactor): Deleted.
        * dom/MouseRelatedEvent.h:
        (WebCore::MouseRelatedEvent::absoluteLocation):
        (WebCore::MouseRelatedEvent::setAbsoluteLocation): Deleted.
        * dom/SimulatedClick.cpp:
        * page/FrameView.cpp:
        (WebCore::FrameView::layoutViewportRect): baseLayoutViewportSize() is the same as the old code.
        (WebCore::FrameView::documentToAbsoluteScaleFactor):
        (WebCore::FrameView::absoluteToDocumentScaleFactor):
        (WebCore::FrameView::absoluteToDocumentPoint):
        (WebCore::FrameView::documentToClientOffset):
        * page/FrameView.h:
        * platform/graphics/FloatPoint.h:
        (WebCore::FloatPoint::scale):
        (WebCore::FloatPoint::scaled):
        * platform/graphics/FloatSize.h:
        (WebCore::FloatSize::scaled):
        * platform/graphics/LayoutPoint.h:
        (WebCore::LayoutPoint::scaled):

2017-06-29  Megan Gardner  <megan_gardner@apple.com>

        Unreviewed, fixing Window's build after r218976

        * rendering/ScrollAlignment.cpp:
        (WebCore::operator<<):

2017-06-29  Megan Gardner  <megan_gardner@apple.com>

        Add TextStream operators for Range, VisiblePosition, VisibleSelection, and ScrollAlignment
        https://bugs.webkit.org/show_bug.cgi?id=173997

        Reviewed by Simon Fraser.

        Adding logging that can be used with TextStream-based LOG_WITH_STREAM.

        * dom/Range.cpp:
        (WebCore::operator<<):
        * dom/Range.h:
        * editing/VisiblePosition.h:
        * editing/VisibleSelection.cpp:
        (WebCore::operator<<):
        * editing/VisibleSelection.h:
        * rendering/ScrollAlignment.cpp:
        (WebCore::operator<<):
        * rendering/ScrollAlignment.h:

2017-06-29  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218903.

        This patch and its fix cause immediate flakiness on all WK2
        testers

        Reverted changeset:

        "Support PeerConnectionStates::BundlePolicy::MaxBundle when
        setting rtc configuration"
        https://bugs.webkit.org/show_bug.cgi?id=169389
        http://trac.webkit.org/changeset/218903

2017-06-29  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218963.

        This patch and its fix cause immediate flakiness on all WK2
        testers

        Reverted changeset:

        "Support PeerConnectionStates::BundlePolicy::MaxBundle when
        setting rtc configuration"
        https://bugs.webkit.org/show_bug.cgi?id=169389
        http://trac.webkit.org/changeset/218963

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Split ResourceLoadObserver into 2 classes: one for WebCore and one for the UIProcess
        https://bugs.webkit.org/show_bug.cgi?id=173990

        Reviewed by Brent Fulgham.

        Split ResourceLoadObserver into 2 classes: one for WebCore and one for the UIProcess.
        They really have different API and there is therefore close to no code duplication.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::primaryDomain):
        (WebCore::ResourceLoadObserver::setStatisticsQueue):
        (WebCore::ResourceLoadObserver::shouldLog):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::primaryDomain):
        * loader/ResourceLoadStatisticsStore.h:
        * platform/URL.h:

2017-06-29  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom binding for UserMessageHandlersNamespace
        https://bugs.webkit.org/show_bug.cgi?id=173956

        Reviewed by Darin Adler.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSUserMessageHandlersNamespaceCustom.cpp: Removed.
        Remove JSUserMessageHandlersNamespaceCustom.cpp

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateNamedGetterLambda):
        Add support for calling named getters with additional arguments from [CallWith].

        (GenerateAttributeGetterBodyDefinition):
        (GenerateAttributeSetterBodyDefinition):
        (GenerateCallWithUsingReferences):
        (GenerateCallWithUsingPointers):
        (GenerateConstructorCallWithUsingPointers):
        (GenerateCallWith):
        (GenerateParametersCheck):
        Update arguments to GenerateCallWith(Using...) to no longer pass an operation,
        which was only needed for the no longer used ScriptArguments, pass a thisObject
        reference, and optionally pass an indentation.

        * bindings/scripts/IDLAttributes.json:
        Remove no longer used ScriptArguments and CallStack, add World.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjWithScriptArgumentsAndCallStackAttributeGetter): Deleted.
        (WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute): Deleted.
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttributeSetter): Deleted.
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute): Deleted.
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStackBody): Deleted.
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack): Deleted.
        * bindings/scripts/test/TestObj.idl:
        Remove tests of ScriptArguments and CallStack.

        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: Added.
        * bindings/scripts/test/TestNamedGetterCallWith.idl: Added.
        * bindings/scripts/test/TestNamedGetterNoIdentifier.idl: Added.
        * bindings/scripts/test/TestNamedGetterWithIdentifier.idl: Added.
        Add basic named getter tests and a specific test of named getters using CallWith.

        * page/UserMessageHandlersNamespace.cpp:
        (WebCore::UserMessageHandlersNamespace::supportedPropertyNames):
        (WebCore::UserMessageHandlersNamespace::namedItem):
        (WebCore::UserMessageHandlersNamespace::handler): Deleted.
        * page/UserMessageHandlersNamespace.h:
        Rename handler to namedItem, matching convention and the expectations of the
        bindings generator and swap the order of the arguments for the same reason.

        * page/UserMessageHandlersNamespace.idl:
        Remove CustomGetOwnPropertySlotAndDescriptor, and add the anonymous named getter.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Avoid copying ResourceLoadStatistics objects
        https://bugs.webkit.org/show_bug.cgi?id=173972

        Reviewed by Brent Fulgham.

        Avoid copying ResourceLoadStatistics objects given that they are big. Make the type move-only
        to avoid such mistakes in the future.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::ResourceLoadStatistics):

2017-06-29  John Wilander  <wilander@apple.com>

        Fix for intermittent Layout Test fail http/tests/loading/resourceLoadStatistics/telemetry-generation.html
        https://bugs.webkit.org/show_bug.cgi?id=173940
        <rdar://problem/33018125>

        Reviewed by Brent Fulgham.

        No new tests. This change enables the exiting test to pass.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
            Added an assert.

2017-06-29  Youenn Fablet  <youenn@apple.com>

        Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
        https://bugs.webkit.org/show_bug.cgi?id=169389

        Unreviewed.

        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration): Reactivating CPU overuse detection as it might be the cause of the bots regressions.

2017-06-29  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] ResourceHandleManager violate the class responsibility of ResourceHandle
        https://bugs.webkit.org/show_bug.cgi?id=173630

        Reviewed by Alex Christensen.

        * platform/network/ResourceHandle.h:
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        (WebCore::calculateWebTimingInformations):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::writeCallback):
        (WebCore::isHttpInfo):
        (WebCore::isHttpRedirect):
        (WebCore::isHttpAuthentication):
        (WebCore::isHttpNotModified):
        (WebCore::isAppendableHeader):
        (WebCore::removeLeadingAndTrailingQuotes):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::readCallback):
        (WebCore::getFormElementsCount):
        (WebCore::setupFormData):
        (WebCore::ResourceHandle::setupPUT):
        (WebCore::ResourceHandle::setupPOST):
        (WebCore::ResourceHandle::handleDataURL):
        (WebCore::ResourceHandle::dispatchSynchronousJob):
        (WebCore::ResourceHandle::applyAuthentication):
        (WebCore::ResourceHandle::initialize):
        (WebCore::ResourceHandle::handleCurlMsg):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::startJob):
        (WebCore::calculateWebTimingInformations): Deleted.
        (WebCore::isHttpInfo): Deleted.
        (WebCore::isHttpRedirect): Deleted.
        (WebCore::isHttpAuthentication): Deleted.
        (WebCore::isHttpNotModified): Deleted.
        (WebCore::handleLocalReceiveResponse): Deleted.
        (WebCore::writeCallback): Deleted.
        (WebCore::isAppendableHeader): Deleted.
        (WebCore::removeLeadingAndTrailingQuotes): Deleted.
        (WebCore::getProtectionSpace): Deleted.
        (WebCore::headerCallback): Deleted.
        (WebCore::readCallback): Deleted.
        (WebCore::getFormElementsCount): Deleted.
        (WebCore::setupFormData): Deleted.
        (WebCore::ResourceHandleManager::setupPUT): Deleted.
        (WebCore::ResourceHandleManager::setupPOST): Deleted.
        (WebCore::handleDataURL): Deleted.
        (WebCore::ResourceHandleManager::dispatchSynchronousJob): Deleted.
        (WebCore::ResourceHandleManager::applyAuthenticationToRequest): Deleted.
        (WebCore::ResourceHandleManager::initializeHandle): Deleted.
        * platform/network/curl/ResourceHandleManager.h:

2017-06-29  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Async image decoding should be disabled for iBooks on tvOS
        https://bugs.webkit.org/show_bug.cgi?id=173945

        Reviewed by Simon Fraser.

        The iBooks on tvOS is an AppStore application. We need to disable async
        image decoding for iBooks on tvOS permanently through WebKit.

        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isIBooks):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings):

2017-06-29  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add a new extended attribute to model the forced return value optimization used on Node and Crypto
        https://bugs.webkit.org/show_bug.cgi?id=173961

        Reviewed by Darin Adler.

        Node and Crypto were both using custom bindings to implement an optimization
        for operations that always returned one one of the arguments passed in. The
        optimization directly returns the JSValue argument, avoiding wrapping and 
        unwrapping, and all the cache lookups that might entail. This allows that 
        optimization to work without custom bindings by adding a new extended attribute
        [ReturnValue] that can annotate an argument. When used, the implementation
        function is expected to return either void or ExceptionOr<void>.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSCryptoCustom.cpp: Removed.
        Remove JSCryptoCustom.cpp.

        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::insertBefore): Deleted.
        (WebCore::JSNode::replaceChild): Deleted.
        (WebCore::JSNode::removeChild): Deleted.
        (WebCore::JSNode::appendChild): Deleted.
        Remove custom functions.

        * bindings/scripts/CodeGeneratorJS.pm:
        (OperationHasForcedReturnValue):
        Add helper to determine if an operation has [ReturnValue] on any argument.

        (NeedsExplicitPropagateExceptionCall):
        We must treat operations with a [ReturnValue] argument like we do operations
        returning void, and explicitly check for exceptions.

        (GenerateParametersCheck):
        Pull out the argument in a variable called 'returnValue' if it is annotated
        with [ReturnValue].

        (GenerateImplementationFunctionCall):
        Special case operations with a [ReturnValue] argument to return the previously
        set aside 'returnValue' variable.

        * bindings/scripts/IDLAttributes.json:
        Add [ReturnValue].

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimization):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationWithException):
        * bindings/scripts/test/TestObj.idl:
        Add tests for [ReturnValue].

        * dom/Node.idl:
        * page/Crypto.idl:
        Add [ReturnValue] annotations and remove [Custom] annotations.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r218944.

        Optimization is incorrect

        Reverted changeset:

        "Avoid copying ResourceLoadStatistics objects"
        https://bugs.webkit.org/show_bug.cgi?id=173972
        http://trac.webkit.org/changeset/218944

2017-06-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218896): ASSERT in WebPageProxy::dataCallback
        https://bugs.webkit.org/show_bug.cgi?id=173968

        Reviewed by Michael Catanzaro.

        The problem is that WebPageProxy::getLoadDecisionForIcon() sends 0 as callback ID when the decision is to not
        load the icon. Since r218896 we always notify the client even when the decision is to not load the icon, in
        which case the UI doesn't really expect a callback. When WebPageProxy::dataCallback is called with a 0 callback ID,
        CallbackMap::take() crashes in RELEASE_ASSERT(callbackID).

        Fixes several GTK+ unit tests that are crashing.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Return earlier if decision is false or frame is nullptr.
        (WebCore::DocumentLoader::finishedLoadingIcon): Move RELEASE_ASSERT to notifyFinishedLoadingIcon().
        (WebCore::DocumentLoader::notifyFinishedLoadingIcon): Assert if callbackIdentifier is 0 or m_frame is nullptr,
        since it's no longer expected to happen.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        statistics.mostRecentUserInteraction should be of type WallTime
        https://bugs.webkit.org/show_bug.cgi?id=173974

        Reviewed by Brent Fulgham.

        statistics.mostRecentUserInteraction should be of type WallTime for clarity.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteraction):
        (WebCore::ResourceLoadObserver::clearUserInteraction):
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::mostRecentUserInteractionTime): Deleted.
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::shouldPartitionCookies):
        (WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):

2017-06-29  JF Bastien  <jfbastien@apple.com>

        WebAssembly: disable some APIs under CSP
        https://bugs.webkit.org/show_bug.cgi?id=173892
        <rdar://problem/32914613>

        Reviewed by Daniel Bates.

        This does the basic separation of eval-blocked and
        WebAssembly-blocked, but currently only blocks neither or both. I
        think we'll eventually consider allowing one to be blocked but not
        the other, so this separation makes sense and means that when we
        want to do the change it'll be tiny. At a minimum we want a
        different error message, which this patch provides (a lot of the
        code ties blocking to the error message).

        Tests: http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::enableWebAssembly):
        (WebCore::ScriptController::disableWebAssembly):
        * bindings/js/ScriptController.h:
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::disableWebAssembly):
        * bindings/js/WorkerScriptController.h:
        * dom/Document.cpp:
        (WebCore::Document::disableWebAssembly):
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::didCreateWindowProxy):
        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext):
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::create):
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        (WebCore::ContentSecurityPolicyDirectiveList::webAssemblyDisabledErrorMessage):
        (WebCore::ContentSecurityPolicyDirectiveList::setWebAssemblyDisabledErrorMessage):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::disableWebAssembly):
        * workers/WorkerGlobalScope.h:

2017-06-29  Zalan Bujtas  <zalan@apple.com>

        Make InlineBox::m_topLeft and m_logicalWidth protected.
        https://bugs.webkit.org/show_bug.cgi?id=173973

        Reviewed by Simon Fraser.

        I don't think this reasoning from 10 years ago is valid anymore -> 
          "FIXME: Would like to make this protected, but methods are accessing these members over in the part."
        (comment was conveniently removed in a later commit).

        No change in functionality.

        * rendering/InlineBox.h:
        (WebCore::InlineBox::InlineBox):

2017-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Adopt +objectWithItemProviderData: for serializing NSItemProviderReading-conformant objects
        https://bugs.webkit.org/show_bug.cgi?id=173971
        <rdar://problem/33006605>

        Reviewed by Tim Horton.

        Moves off of a very-recently-deprecated API, in favor of its replacement. Guarded by a runtime check and staging
        declarations. No change in behavior.

        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard valuesForPasteboardType:inItemSet:]):

2017-06-29  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Separate global curl settings from ResourceHandleManager as CurlContext class
        https://bugs.webkit.org/show_bug.cgi?id=173629

        Reviewed by Alex Christensen.

        * PlatformWinCairo.cmake:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlContext.cpp: Added.
        (WebCore::certificatePath):
        (WebCore::cookieJarPath):
        (WebCore::CurlContext::CurlContext):
        (WebCore::CurlContext::~CurlContext):
        (WebCore::CurlContext::initCookieSession):
        (WebCore::CurlContext::ProxyInfo::url):
        (WebCore::CurlContext::setProxyInfo):
        (WebCore::CurlContext::getEffectiveURL):
        (WebCore::CurlContext::createMultiHandle):
        (WebCore::CurlContext::mutexFor):
        (WebCore::CurlContext::lock):
        (WebCore::CurlContext::unlock):
        * platform/network/curl/CurlContext.h: Added.
        (WebCore::CurlContext::singleton):
        (WebCore::CurlContext::curlShareHandle):
        (WebCore::CurlContext::getCookieJarFileName):
        (WebCore::CurlContext::setCookieJarFileName):
        (WebCore::CurlContext::getCertificatePath):
        (WebCore::CurlContext::shouldIgnoreSSLErrors):
        (WebCore::CurlContext::proxyInfo):
        (WebCore::CurlContext::setProxyInfo):
        (WebCore::CurlContext::getLogFile):
        (WebCore::CurlContext::isVerbose):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::didReceiveHeader):
        * platform/network/curl/CurlDownload.h:
        * platform/network/curl/CurlJobManager.cpp: Renamed from Source/WebCore/platform/network/curl/CurlManager.cpp.
        (WebCore::CurlJobManager::CurlJobManager):
        (WebCore::CurlJobManager::~CurlJobManager):
        (WebCore::CurlJobManager::add):
        (WebCore::CurlJobManager::remove):
        (WebCore::CurlJobManager::getActiveCount):
        (WebCore::CurlJobManager::getPendingCount):
        (WebCore::CurlJobManager::startThreadIfNeeded):
        (WebCore::CurlJobManager::stopThread):
        (WebCore::CurlJobManager::stopThreadIfIdle):
        (WebCore::CurlJobManager::updateHandleList):
        (WebCore::CurlJobManager::addToCurl):
        (WebCore::CurlJobManager::removeFromCurl):
        (WebCore::CurlJobManager::workerThread):
        * platform/network/curl/CurlJobManager.h: Renamed from Source/WebCore/platform/network/curl/CurlManager.h.
        (WebCore::CurlJobManager::singleton):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::initializeHandle):
        (WebCore::certificatePath): Deleted.
        (WebCore::cookieJarPath): Deleted.
        (WebCore::ResourceHandleManager::setCookieJarFileName): Deleted.
        (WebCore::ResourceHandleManager::getCookieJarFileName): Deleted.
        (WebCore::ResourceHandleManager::setProxyInfo): Deleted.
        (WebCore::ResourceHandleManager::initCookieSession): Deleted.
        * platform/network/curl/ResourceHandleManager.h:
        (): Deleted.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Avoid copying ResourceLoadStatistics objects
        https://bugs.webkit.org/show_bug.cgi?id=173972

        Reviewed by Geoffrey Garen.

        Avoid copying ResourceLoadStatistics objects given that they are big. Make the type move-only
        to avoid such mistakes in the future.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::ResourceLoadStatistics):

2017-06-29  Antoine Quint  <graouts@apple.com>

        Full stop shows to the right of the picture-in-picture localised string in Hebrew
        https://bugs.webkit.org/show_bug.cgi?id=173966
        <rdar://problem/32847376>

        Reviewed by Dean Jackson.

        We manually set the CSS "direction" property to "rtl" when we're not using an LTR language for a placard.

        Test: media/modern-media-controls/placard/placard-ltr.html

        * Modules/modern-media-controls/controls/placard.css:
        (.media-controls:not(.uses-ltr-user-interface-layout-direction) .placard):

2017-06-29  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed Apple CMake build after r218901

        I did not add 'cocoa/FileMonitorCocoa.mm' to the PlatformMac.cmake file as part of r218901.):

        * PlatformMac.cmake:

2017-06-29  Frederic Wang  <fwang@igalia.com>

        Small improvement of calls to RenderLayerBacking members
        https://bugs.webkit.org/show_bug.cgi?id=173969

        Reviewed by Simon Fraser.

        No new tests, behavior unchanged.

        * page/FrameView.cpp:
        (WebCore::FrameView::tiledBacking): Access the member with RenderLayerBacking::tiledBacking.
        (WebCore::FrameView::updateTilesForExtendedBackgroundMode): Ditto.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::usesCompositedScrolling): Use RenderLayerBacking::hasScrollingLayer as
        it better matches the intention of the check here.

2017-06-29  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Fix ReadableStream "strategy" argument handling
        https://bugs.webkit.org/show_bug.cgi?id=172716

        Reviewed by Xabier Rodriguez-Calvar.

        Aligned default strategy parameter with spec, as defined in [1].
        
        [1] https://streams.spec.whatwg.org/#rs-constructor

        Added new tests and updated some existing ones based on the newly
        expected behavior. Also updated expectations for WPT streams tests.

        * Modules/streams/ReadableStream.js:
        (initializeReadableStream): Fixed initialization of strategy.

2017-06-29  Antti Koivisto  <antti@apple.com>

        REGRESSION(r215347): NAS4Free Pop-down menus fail to appear
        https://bugs.webkit.org/show_bug.cgi?id=173967
        <rdar://problem/32690114>

        Reviewed by Andreas Kling.

        Menus on this configuration page operate by mutating visibility. We fail to trigger required
        compositing updates when visibility changes on non-composited layer. Visibility of a non-composited
        descendant may affect geometry of the composited ancestor layer.

        Test: compositing/backing/non-composited-visibility-change.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::layerStyleChanged):
        (WebCore::RenderLayerCompositor::needsCompositingUpdateForStyleChangeOnNonCompositedLayer): Added.

            Trigger compositing update for non-composited layers on visibility change.
            Factor tests into function.

        * rendering/RenderLayerCompositor.h:

2017-06-28  Frederic Wang  <fwang@igalia.com>

        Align Document::canNavigate on the HTM5 specification
        https://bugs.webkit.org/show_bug.cgi?id=173162

        Reviewed by Chris Dumez.

        Currently when a frame A with a sandboxed navigation flag tries and navigates another frame B
        then Document::canNavigate verifies the cases where we try to navigate A's top frame (in
        that case the allow-top-navigation flag is needed) or not (in that case, B must be a
        descendant of A). This patch refines that a bit to check the case where B is a popup (in that
        case navigation is permitted if A is the opener of B). This change aligns on the HTML5
        specification and allows to pass more W3C Web Platform tests.
        See https://html.spec.whatwg.org/multipage/browsers.html#allowed-to-navigate

        Tests: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html
               imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3.html

        * dom/Document.cpp:
        (WebCore::Document::canNavigate): This refines the case where the document's frame has the
        sandbox navigation flag set in order to handle popup navigation. New comments referring to
        the HTML5 specification are also added.

2017-06-28  Myles C. Maxfield  <mmaxfield@apple.com>

        Only apply font features for the particular type of font they are being applied to
        https://bugs.webkit.org/show_bug.cgi?id=172661
        <rdar://problem/31534119>
        <rdar://problem/32799624>

        Reviewed by Simon Fraser.

        There are two types of font formats which support features: AAT and OTF. Each of them has
        a different idea about what the identity of a feature is. We were specifying both types
        of feature identities to Core Text; however, this is causing Core Text to get confused.
        Instead, we should only apply AAT features to AAT fonts and OTF features to OTF fonts.

        Test: Un-marking these tests as failure on High Sierra:
              css3/font-variant-petite-caps-synthesis-coverage.html
              css3/font-variant-small-caps-synthesis-coverage.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontType::FontType):
        (WebCore::preparePlatformFont):
        (WebCore::variationCapabilitiesForFontDescriptor):
        (WebCore::isGXVariableFont): Deleted.

2017-06-28  Chris Dumez  <cdumez@apple.com>

        [ResourceLoadStatistics] Simplify PrevalentResourceTelemetry struct
        https://bugs.webkit.org/show_bug.cgi?id=173953

        Reviewed by Sam Weinig.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
        * loader/ResourceLoadStatisticsStore.h:
        (WebCore::PrevalentResourceTelemetry::PrevalentResourceTelemetry): Deleted.

2017-06-28  Ryosuke Niwa  <rniwa@webkit.org>

        Crash in WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange
        https://bugs.webkit.org/show_bug.cgi?id=173958

        Reviewed by Simon Fraser.

        The crashed is most likely caused by updateLayersAfterAncestorChange calling [CALayer setPosition]
        with a CGPoint which contains the x coordinate or the y coordinate of NaN.

        Simon and I inpected the code but we couldn't figure out how we get there. Detect this case and bail out.
        Also log the relevant values and debug assert when this condition is hit to help identifying the root cause.

        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):

2017-06-28  Chris Dumez  <cdumez@apple.com>

        ResourceLoadObserver clean up
        https://bugs.webkit.org/show_bug.cgi?id=173955

        Reviewed by Sam Weinig and Brent Fulgham.

        ResourceLoadObserver clean up: Modernize code a bit and get rid of unused variables.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::clearInMemoryStore):
        (WebCore::ResourceLoadObserver::clearInMemoryAndPersistentStore):
        (WebCore::ResourceLoadObserver::shouldLog):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteraction):
        (WebCore::ResourceLoadObserver::setSubframeUnderTopFrameOrigin):
        (WebCore::ResourceLoadObserver::setSubresourceUnderTopFrameOrigin):
        (WebCore::ResourceLoadObserver::setSubresourceUniqueRedirectTo):
        (WebCore::ResourceLoadObserver::fireDataModificationHandler):
        (WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler):
        (WebCore::ResourceLoadObserver::primaryDomain):
        (WebCore::ResourceLoadObserver::statisticsForOrigin):

2017-06-28  Zalan Bujtas  <zalan@apple.com>

        Move RenderEmbeddedObject::isReplacementObscured to HTMLPlugInElement
        https://bugs.webkit.org/show_bug.cgi?id=173802
        <rdar://problem/32884389>

        Reviewed by Simon Fraser.

        Hittesting could potentially destroy "this" renderer so calling it inside RenderEmbeddedObject
        could leave the caller with a stale pointer.
        This patch protects the plugin element from getting destroyed and checks if the renderer got
        deleted during the hittest to avoid nullptr dereference.

        Speculative fix.

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::isReplacementObscured):
        * html/HTMLPlugInElement.h:
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::isReplacementObscured): Deleted.
        * rendering/RenderEmbeddedObject.h:
        * testing/Internals.cpp:
        (WebCore::Internals::isPluginUnavailabilityIndicatorObscured):

2017-06-28  Chris Dumez  <cdumez@apple.com>

        Avoid copying statistics in ResourceLoadStatisticsStore::readDataFromDecoder()
        https://bugs.webkit.org/show_bug.cgi?id=173951

        Reviewed by Ryosuke Niwa.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):

2017-06-28  Ryosuke Niwa  <rniwa@webkit.org>

        Safari's Speedometer score massively regresses when accessibility is enabled
        https://bugs.webkit.org/show_bug.cgi?id=173912

        Reviewed by Chris Fleizach.

        The bug was caused by HTMLTextFormControlElement::setInnerTextValue triggering a synchronous layout
        via constructing VisiblePosition when the accessibility tree is present.

        Added AXObjectCache::postTextReplacementNotificationForTextControl which avoids the construction of
        VisiblePosition and other means of triggering a synchronous layout. This patch also fixes a subtle bug
        that HTMLTextFormControlElement was creating TextMarkerData with axID set to that of the text control
        element instead of the root editable element inside its shadow tree even though the typing command uses
        axID of the root editable element. While I couldn't find any user-visible behavioral change from this
        code change, new code is more self-consistent.

        Also added LayoutDisallowedScope which asserts that no synchronous layout happens in setInnerTextValue
        so that we don't introduce a new performance regression like this in the future.

        No new tests. Existing tests in accessibility directory covers this.

        * CMakeLists.txt: Added LayoutDisallowedScope.cpp.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl): Added.
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition): Modernized. Returns optional<TextMarkerData>
        instead of taking TextMarkerData as an out-argument, and returning with axID of 0.
        (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl): Added. This specialized version
        constructs TextMarkerData for the first position inside the editable region in a text control without
        triggering a synchronous layout.

        * accessibility/AXObjectCache.h:
        (WebCore::TextMarkerData): Initialize each member automatically.
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl):

        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postTextReplacementPlatformNotificationForTextControl): Added.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker textMarkerWithVisiblePosition:cache:]):

        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::addTextMarkerFor): Extracted from textReplacementChangeDictionary. Added a new variant which
        takes a text form control instead.
        (WebCore::textReplacementChangeDictionary): Templatized this function to either take VisiblePosition
        and call textMarkerForVisiblePosition or take HTMLTextFormControlElement and call
        textMarkerForFirstPositionInTextControl.
        (WebCore::postUserInfoForChanges): Extracted from postTextReplacementPlatformNotification.
        (WebCore::AXObjectCache::postTextReplacementPlatformNotification): 
        (WebCore::AXObjectCache::postTextReplacementPlatformNotificationForTextControl): Added.

        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.h:

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (textMarkerForVisiblePosition):
        (-[WebAccessibilityObjectWrapper textMarkerForFirstPositionInTextControl:]): Added.

        * dom/Document.cpp:
        (WebCore::Document::updateLayout): Assert that LayoutDisallowedScope is not in the stack frame.

        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::setInnerTextValue): Call postTextReplacementNotificationForTextControl
        to avoid triggering a synchronous layout. Also create LayoutDisallowedScope to avoid a similar performance
        regression from being introduced in the future in this function. Finally, made innerText a RefPtr for extra
        safety since we're using it after updating the DOM tree.

        * rendering/LayoutDisallowedScope.cpp: Added.
        * rendering/LayoutDisallowedScope.h: Added.
        (WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::~LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::isLayoutAllowed):

2017-06-27  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Cannot italicize or bold text rendered with text styles
        https://bugs.webkit.org/show_bug.cgi?id=173634

        Reviewed by Darin Adler.

        r218616 enabled the new cascade list codepath for "system-ui," but didn't do it for the named
        text styles (like "font: -apple-system-tall-body;"). This new codepath is better because it
        correctly specifies weights and italics (using kCTFontWeightTrait and kCTFontSlantTrait) instead
        of using symbolic traits, and because it correctly handles fonts in the Core Text fallback chain.
        This patch migrates the named text styles to this new codepath.

        Test: fast/text/ipad/bold-tall-body-text-style.html

        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParametersHash::equal):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::convertArray):
        (WebCore::convertArray):
        (WebCore::makeNeverDestroyed):
        (WebCore::isUIFontTextStyle):
        (WebCore::systemFontParameters):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash): Deleted.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal): Deleted.
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-06-28  Devin Rousso  <drousso@apple.com>

        Web Inspector: Instrument active pixel memory used by canvases
        https://bugs.webkit.org/show_bug.cgi?id=173087
        <rdar://problem/32719261>

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/memory.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::setImageBuffer):
        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::didChangeCanvasMemory):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorInstrumentation.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didChangeCanvasMemory):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemoryImpl):

2017-06-28  Alex Christensen  <achristensen@webkit.org>

        Prevent displaying URLs with small capital letters
        https://bugs.webkit.org/show_bug.cgi?id=173949
        <rdar://problem/32952058>

        Reviewed by Brent Fulgham.

        Covered by new API tests.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter):

2017-06-28  Youenn Fablet  <youenn@apple.com>

        Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
        https://bugs.webkit.org/show_bug.cgi?id=169389

        Reviewed by Alex Christensen.

        Covered by manual testing (appr.tc and https://youennf.github.io/webrtc-tests/src/content/peerconnection/trickle-ice/).
        Previously, we were creating a libwebrtc peer connection and then setting its configuration.
        libwebrtc does not like the configuration to be changed and may refuse to set the configuration.
        Instead of doing that, we are now creating the libwebrtc peer connection with the provided configuration.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setConfiguration):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::initializeWith):
        (WebCore::iceServersFromConfiguration):
        (WebCore::RTCPeerConnection::initializeConfiguration):
        (WebCore::RTCPeerConnection::setConfiguration):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::LibWebRTCMediaEndpoint):
        (WebCore::LibWebRTCMediaEndpoint::setConfiguration):
        (WebCore::LibWebRTCMediaEndpoint::stop):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        (WebCore::LibWebRTCPeerConnectionBackend::setConfiguration):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:
        * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
        (WebCore::createActualPeerConnection):
        (WebCore::LibWebRTCProvider::createPeerConnection):
        * platform/mediastream/libwebrtc/LibWebRTCProvider.h:

2017-06-28  Brent Fulgham  <bfulgham@apple.com>

        Teach ResourceLoadStatistics to recognize changes in the file system
        https://bugs.webkit.org/show_bug.cgi?id=173800
        <rdar://problem/32937842>

        Reviewed by Chris Dumez.

        We want to support the case where multiple UI processes choose to share the same
        statistics file. To support this, update the ResourceLoadStatistics logic to be aware
        that the statistics data file might change underneath it, and to take appropriate
        action when it does.

        * WebCore.xcodeproj/project.pbxproj: Update for new sources.
        * WebCore/CMakeLists.txt: Update for new FileMonitor source file.
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent): Use the new deletion
        handler for the data file instead of writing out an empty file.
        (WebCore::ResourceLoadStatisticsStore::setDeletePersistentStoreCallback): Added.
        * loader/ResourceLoadStatisticsStore.h:
        * platform/FileMonitor.cpp: Added.
        (WebCore::FileMonitor::create):
        (WebCore::FileMonitor::FileMonitor): Register handlers and begin monitoring file.
        (WebCore::FileMonitor::~FileMonitor): Stop any active file monitoring.
        (WebCore::FileMonitor::startMonitoringPath): Stub implementation.
        (WebCore::FileMonitor::stopMonitoring): Ditto.
        * platform/FileMonitor.h: Added.
        * platform/FileSystem.h: Export files needed by WebKit2. Add support for O_EVTONLY
        Darwin file handles.
        * platform/Logging.h: Add 'ResourceLoadStatistics' category.
        * platform/cocoa/FileMonitorCocoa.mm: Added.
        (WebCore::FileMonitor::startMonitoringPath): Create a new VNODE type dispatch_source
        to receive notifications when the specified file changes.
        (WebCore::FileMonitor::stopMonitoring): Cancel the dispatch_source when we are done
        monitoring the file.
        * platform/posix/FileSystemPOSIX.cpp: Update 'openFile' to understand the O_EVTONLY
        mode of file handles (Darwin-only). 

2017-06-28  Brady Eidson  <beidson@apple.com>

        DocumentLoader should always notify the client if there are pending icon loads when the load is stopped.
        https://bugs.webkit.org/show_bug.cgi?id=173874

        Reviewed by Alex Christensen.

        Covered by API tests.

        Patch started by Carlos Garcia Campos, finished by me.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading): Make all of the callbacks for cancelled IconLoaders.
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Make the callback even if there's no IconLoader.
        (WebCore::DocumentLoader::finishedLoadingIcon):
        (WebCore::DocumentLoader::notifyFinishedLoadingIcon):
        * loader/DocumentLoader.h:

2017-06-28  Antoine Quint  <graouts@apple.com>

        Volume controls should be hidden when AirPlay is active
        https://bugs.webkit.org/show_bug.cgi?id=173933
        <rdar://problem/33011931>

        Reviewed by Dean Jackson.

        Ensure we don't show any volume controls during AirPlay. We set the mute button's enabled state to "false"
        when AirPlay is active and key off this enabled stated to control the display of all volume-related controls
        throughout the UI.

        Tests: media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-volume-controls-hidden-when-mute-button-disabled.html
               media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-top-right-controls-bar-hidden-when-mute-button-disabled.html

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        (InlineMediaControls):
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.layout):
        * Modules/modern-media-controls/media/airplay-support.js:
        (AirplaySupport.prototype.syncControl):
        (AirplaySupport):

2017-06-28  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive includes from WebCore/css sources
        https://bugs.webkit.org/show_bug.cgi?id=173919

        Reviewed by Simon Fraser.

        No new tests needed.

        * css/CSSCanvasValue.cpp:
        * css/CSSComputedStyleDeclaration.cpp:
        * css/CSSContentDistributionValue.cpp:
        * css/CSSCrossfadeValue.cpp:
        * css/CSSCursorImageValue.cpp:
        * css/CSSCustomPropertyValue.cpp:
        * css/CSSDefaultStyleSheets.cpp:
        * css/CSSFilterImageValue.cpp:
        * css/CSSFontFace.cpp:
        * css/CSSFontFaceSet.cpp:
        * css/CSSFontFaceSource.cpp:
        * css/CSSFontFaceSrcValue.cpp:
        * css/CSSFontFeatureValue.cpp:
        * css/CSSFontSelector.cpp:
        * css/CSSFontValue.cpp:
        * css/CSSImageGeneratorValue.cpp:
        * css/CSSImageSetValue.cpp:
        * css/CSSImageValue.cpp:
        * css/CSSImportRule.cpp:
        * css/CSSKeyframesRule.cpp:
        * css/CSSMediaRule.cpp:
        * css/CSSNamedImageValue.cpp:
        * css/CSSPrimitiveValue.cpp:
        * css/CSSProperty.cpp:
        * css/CSSPropertySourceData.cpp:
        * css/CSSReflectValue.cpp:
        * css/CSSRuleList.cpp:
        * css/CSSSegmentedFontFace.cpp:
        * css/CSSSelector.cpp:
        * css/CSSStyleRule.cpp:
        * css/CSSStyleSheet.cpp:
        * css/CSSSupportsRule.cpp:
        * css/CSSToStyleMap.cpp:
        * css/CSSValueList.cpp:
        * css/CSSValuePool.cpp:
        * css/CSSVariableData.cpp:
        * css/ElementRuleCollector.cpp:
        * css/InspectorCSSOMWrappers.cpp:
        * css/MediaList.cpp:
        * css/MediaQueryEvaluator.cpp:
        * css/MediaQueryExpression.cpp:
        * css/PropertySetCSSStyleDeclaration.cpp:
        * css/RGBColor.cpp:
        * css/SelectorChecker.cpp:
        * css/StyleProperties.cpp:
        * css/StyleResolver.cpp:
        * css/StyleRule.cpp:
        * css/StyleSheetContents.cpp:
        * css/TransformFunctions.cpp:
        * css/ViewportStyleResolver.cpp:
        * css/WebKitCSSRegionRule.cpp:
        * css/parser/CSSParser.cpp:
        * css/parser/CSSParserFastPaths.cpp:
        * css/parser/CSSParserIdioms.cpp:
        * css/parser/CSSParserSelector.cpp:
        * css/parser/CSSParserToken.cpp:
        * css/parser/CSSPropertyParser.cpp:
        * css/parser/CSSSelectorParser.cpp:
        * css/parser/MediaQueryParser.cpp:

2017-06-28  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:

2017-06-28  Antoine Quint  <graouts@apple.com>

        Remove unnecessary `const double` method arguments
        https://bugs.webkit.org/show_bug.cgi?id=173925

        Reviewed by Dean Jackson.

        Addressing post-landing feedback from webkit.org/b/173858.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::formattedStringForDuration):
        * Modules/mediacontrols/MediaControlsHost.h:
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::mediaControlsFormattedStringForDuration):
        * rendering/RenderThemeCocoa.h:

2017-06-28  Zalan Bujtas  <zalan@apple.com>

        Unreviewed, rolling out r218373.

        Output is not right

        Reverted changeset:

        "Use WTFLogAlways for debug logging so that it shows up in
        device system logs"
        https://bugs.webkit.org/show_bug.cgi?id=173450
        http://trac.webkit.org/changeset/218373

2017-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Some web pages disappear immediately after rendering
        https://bugs.webkit.org/show_bug.cgi?id=173768

        Reviewed by Xabier Rodriguez-Calvar.

        This is happening with websites having a "hidden" class in HTML tag when a media element is added. In the GTK+
        port the media controls CSS contains the following code:

        .hidden {
            display: none !important;
        }

        That causes the whole HTML document to become display: none. That's why we just render a white page, and also
        the reason why it only happens with the GTK+ port and only with some specific websites. We should limit the
        scope of the hidden class to the media control elements.

        * css/mediaControlsGtk.css:
        (audio::-webkit-media-controls-panel.hidden,):
        (audio::-webkit-media-controls-panel div.mute-box.hidden,):
        (audio::-webkit-media-controls-current-time-display.hidden,):
        (audio::-webkit-media-controls-timeline.hidden,):
        (audio::-webkit-media-controls-toggle-closed-captions-button, video::-webkit-media-controls-toggle-closed-captions-button):
        (audio::-webkit-media-controls-toggle-closed-captions-button.hidden,):
        (video::-webkit-media-controls-closed-captions-container.hidden):
        (audio::-webkit-media-controls-fullscreen-button.hidden,):
        (.hidden): Deleted.

2017-06-28  Antoine Quint  <graouts@apple.com>

        Media controls volume glyph does not have the correct material
        https://bugs.webkit.org/show_bug.cgi?id=173918
        <rdar://problem/33012697>

        Reviewed by Eric Carlson.

        Test: media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-mute-button-in-bottom-or-top-right-controls-bar.html

        All buttons were hosted in a ControlsBar save for the MuteButton, so we now host it in a controls bar as well
        to ensure compositing is similar to all other buttons.

        * Modules/modern-media-controls/controls/inline-media-controls.css:
        (.media-controls.inline > .controls-bar.top-right):
        (.media-controls.inline > button.mute): Deleted.
        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls):
        (InlineMediaControls.prototype.layout):
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        * Modules/modern-media-controls/controls/macos-inline-media-controls.js:
        (MacOSInlineMediaControls.prototype.handleEvent):

2017-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218799): [GTK][WPE] Critical warning at exit
        https://bugs.webkit.org/show_bug.cgi?id=173907

        Reviewed by Konstantin Tokarev.

        GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

        This is now always happening when closing the MeiniBrowser and it's causing a lot of unit tests to fail. In
        r218799, GRefPtrGtk.h include was removed from PasteboardHelper.h that contains a GRefPtr<GtkTargetList>. The
        targets are destroyed at exit, but now trying to use g_object_unref instead of gtk_target_list_unref(). I've
        found two more cases like this in r218799, that removes GUniquePtrSoup.h from ResourceHandleInternal.h and
        ResourceRequest.h that have GUniquePtr<SoupBuffer> and GUniquePtr<SoupURI>.

        Fixes several GTK+ and WPE unit tests.

        * platform/gtk/PasteboardHelper.h: Bring back GRefPtrGtk.h.
        * platform/network/ResourceHandleInternal.h: Bring back GUniquePtrSoup.h.
        * platform/network/soup/ResourceRequest.h: Ditto.

2017-06-27  Chris Dumez  <cdumez@apple.com>

        [ResourceLoadStatistics] Update minimumTimeBetweeenDataRecordsRemoval to 1 hour instead of 1 minute
        https://bugs.webkit.org/show_bug.cgi?id=173895
        <rdar://problem/32984366>

        Reviewed by Brent Fulgham.

        Update minimumTimeBetweeenDataRecordsRemoval to 1 hour instead of 1 minute to save battery.
        Also port code to modern time types.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::reduceTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::setTimeToLiveUserInteraction):
        (WebCore::ResourceLoadObserver::setTimeToLiveCookiePartitionFree):
        (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
        (WebCore::ResourceLoadObserver::setReducedTimestampResolution):
        (WebCore::ResourceLoadObserver::setGrandfatheringTime):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::mostRecentUserInteractionTime):
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
        (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
        (WebCore::shouldPartitionCookies):
        (WebCore::ResourceLoadStatisticsStore::setTimeToLiveUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::setTimeToLiveCookiePartitionFree):
        (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
        (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
        (WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
        (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
        (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
        (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
        * loader/ResourceLoadStatisticsStore.h:

2017-06-27  Chris Dumez  <cdumez@apple.com>

        Port HysteresisActivity to Seconds type
        https://bugs.webkit.org/show_bug.cgi?id=173902

        Reviewed by Simon Fraser.

        * platform/HysteresisActivity.h:
        (WebCore::HysteresisActivity::HysteresisActivity):
        (WebCore::HysteresisActivity::stop):
        * platform/ios/WebSQLiteDatabaseTrackerClient.mm:

2017-06-27  Jeremy Jones  <jeremyj@apple.com>

        MediaPlayerPrivate m_private may not yet be created when setPrivateBrowsingMode is called.
        https://bugs.webkit.org/show_bug.cgi?id=173893
        rdar://problem/32986872
        
        Reviewed by Ryosuke Niwa.

        No new tests because no reproducable case.

        setPrivateBrowsingMode can be called on MediaPlayer before the MediaPlayerPrivate is created.
        The value should only be pushed down the m_private if it has been created.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setPrivateBrowsingMode):

2017-06-27  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support dragging out of contenteditable areas without a prior selection
        https://bugs.webkit.org/show_bug.cgi?id=173854
        <rdar://problem/32236827>

        Reviewed by Ryosuke Niwa and Tim Horton.

        Allows elements to be dragged from contenteditable areas for both WebKit1 and WebKit2 iOS. There are two main
        changes in WebCore: move the touch point adjustment code into EventHandler::tryToBeginDataInteractionAtPoint, so
        that the clientPosition specified will be adjusted to an appropriate clickable node if needed. This is necessary
        because UIWebDocumentView and WKContentView no longer send adjusted points to WebCore when requesting drag
        start. See <https://bugs.webkit.org/show_bug.cgi?id=173855> for a followup regarding the globalPosition and
        clientPositions passed in to the MouseEvents when performing a drag or synthetic click.

        Secondly, image elements in Mail's contenteditable area are not draggable unless the heuristic in
        DragController::draggableElement is tweaked to not reject image dragging across the board if the
        loadsImagesAutomatically setting is turned off. Instead, even if images are not automatically loaded, allow the
        image drag to commence if the image renderer already has a cached image.

        Test: DataInteractionTests.DragImageFromContentEditable

        * page/DragController.cpp:
        (WebCore::imageElementIsDraggable):
        (WebCore::DragController::draggableElement):
        * page/ios/EventHandlerIOS.mm:
        (WebCore::EventHandler::tryToBeginDataInteractionAtPoint):

2017-06-27  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Accessibility labels should be formatted using NSDateComponentsFormatter
        https://bugs.webkit.org/show_bug.cgi?id=173858
        <rdar://problem/32643171>

        Reviewed by Dean Jackson.

        We shouldn't be manually trying to create a formatted string for media controls and instead rely
        on NSDateComponentsFormatter to perform this task for us. So we remove the ad-hoc code in the JS
        media controls code and instead add a new MediaControlsHost method to format durations which calls
        into RenderTheme to provide a formatted duration string relevant to the current platform and locale.

        * English.lproj/modern-media-controls-localized-strings.js:
        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::formattedStringForDuration):
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl:
        * Modules/modern-media-controls/controls/slider.js:
        (Slider.prototype.set inputAccessibleLabel):
        * Modules/modern-media-controls/controls/time-label.js:
        (TimeLabel.prototype.commitProperty):
        * Modules/modern-media-controls/main.js:
        (createControls):
        (formattedStringForDuration):
        (formatTimeToString): Deleted.
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::mediaControlsFormattedStringForDuration):
        * rendering/RenderThemeCocoa.h:
        * rendering/RenderThemeCocoa.mm:
        (WebCore::RenderThemeCocoa::mediaControlsFormattedStringForDuration):

2017-06-27  Eric Carlson  <eric.carlson@apple.com>

        r218647 causes getUserMedia to fail on some machines
        https://bugs.webkit.org/show_bug.cgi?id=173894

        Reviewed by Youenn Fablet.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::isFrameRateSupported): Change frame rate epsilon from 0.00001
        to 0.001.

2017-06-27  Antoine Quint  <graouts@apple.com>

        Placard icons act like buttons (can get keyboard focus and shows up in VoiceOver)
        https://bugs.webkit.org/show_bug.cgi?id=173891
        <rdar://problem/33011855>

        Reviewed by Dean Jackson.

        Ensure that we disable buttons inside placards as they're only decorative and should
        not be interactive.

        * Modules/modern-media-controls/controls/placard.js:
        (Placard.):

2017-06-27  Jeremy Jones  <jeremyj@apple.com>

        Disable m_temporarilyAllowingInlinePlaybackAfterFullscreen on pause
        https://bugs.webkit.org/show_bug.cgi?id=173843
        rdar://problem/32982431

        Reviewed by Eric Carlson.

        Test: media/media-fullscreen-pause-inline.html

        Some pages may not have a fullscreen button, so disabled m_temporarilyAllowingInlinePlaybackAfterFullscreen on pause.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pause):

2017-06-27  Chris Dumez  <cdumez@apple.com>

        [iOS] Avoid taking / releasing process assertions too quickly due to database activity
        https://bugs.webkit.org/show_bug.cgi?id=173879
        <rdar://problem/32412701>

        Reviewed by Antti Koivisto.

        Add HysteresisActivity to WebSQLiteDatabaseTrackerClient to avoid taking / releasing
        process assertion too quickly due to database activity.

        * platform/ios/WebSQLiteDatabaseTrackerClient.h:
        * platform/ios/WebSQLiteDatabaseTrackerClient.mm:
        (WebCore::WebSQLiteDatabaseTrackerClient::WebSQLiteDatabaseTrackerClient):
        (WebCore::WebSQLiteDatabaseTrackerClient::willBeginFirstTransaction):
        (WebCore::WebSQLiteDatabaseTrackerClient::didFinishLastTransaction):
        (WebCore::WebSQLiteDatabaseTrackerClient::hysteresisUpdated):

2017-06-27  Youenn Fablet  <youenn@apple.com>

        Using public logging for WebRTC release logging
        https://bugs.webkit.org/show_bug.cgi?id=173881

        Reviewed by Eric Carlson.

        No change of behavior.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::PeerConnectionBackend::createOfferFailed):
        (WebCore::PeerConnectionBackend::createAnswerSucceeded):
        (WebCore::PeerConnectionBackend::createAnswerFailed):
        (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
        (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
        (WebCore::PeerConnectionBackend::addIceCandidateFailed):
        (WebCore::PeerConnectionBackend::newICECandidate):
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::queuedSetLocalDescription):
        (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
        (WebCore::RTCPeerConnection::queuedAddIceCandidate):
        (WebCore::RTCPeerConnection::updateIceGatheringState):
        (WebCore::RTCPeerConnection::updateIceConnectionState):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered):

2017-06-27  Don Olmstead  <don.olmstead@sony.com>

        [PAL] Add symbol export macros for PAL
        https://bugs.webkit.org/show_bug.cgi?id=171519

        Reviewed by Konstantin Tokarev.

        No new tests. No change in behavior.

        * CMakeLists.txt:
        * config.h:
        * platform/PlatformExportMacros.h:

2017-06-27  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Add telemetry
        https://bugs.webkit.org/show_bug.cgi?id=173499
        <rdar://problem/32826094>

        Reviewed by Brent Fulgham.

        Test: http/tests/loading/resourceLoadStatistics/telemetry-generation.html

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::fireTelemetryHandler):
            Test infrastructure.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::setFireTelemetryCallback):
        (WebCore::ResourceLoadStatisticsStore::fireTelemetryHandler):
            Test infrastructure.
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
            Convenience function for telemetry.
        * loader/ResourceLoadStatisticsStore.h:
            Added struct WebCore::PrevalentResourceTelemetry.
        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::resourceLoadStatisticsTelemetryKey):
            Added.
        * page/DiagnosticLoggingKeys.h:

2017-06-27  Ting-Wei Lan  <lantw44@gmail.com>

        Add missing includes to fix compilation error on FreeBSD
        https://bugs.webkit.org/show_bug.cgi?id=172919

        Reviewed by Mark Lam.

        No new tests needed.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        * platform/audio/ReverbAccumulationBuffer.cpp:

2017-06-27  Zalan Bujtas  <zalan@apple.com>

        Add RenderEmbeddedObject::getReplacementTextGeometry helper.
        https://bugs.webkit.org/show_bug.cgi?id=173847

        Reviewed by Simon Fraser.

        ...and remove getReplacementTextGeometry's redundant return value. 

        No change in functionality.

        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintReplaced):
        (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
        (WebCore::RenderEmbeddedObject::unavailablePluginIndicatorBounds):
        (WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator):
        * rendering/RenderEmbeddedObject.h:

2017-06-27  Wenson Hsieh  <wenson_hsieh@apple.com>

        Refactor drag start codepaths to plumb a DragItem to client layers
        https://bugs.webkit.org/show_bug.cgi?id=173832
        Work towards <rdar://problem/32236827>

        Reviewed by Ryosuke Niwa and Tim Horton.

        Refactor drag start logic in WebCore to set up a DragItem and propagate it to WebDragClient. No change in behavior.

        * loader/EmptyClients.cpp:
        * page/DragClient.h:
        * page/DragController.cpp:
        (WebCore::DragController::startDrag):
        (WebCore::DragController::doImageDrag):
        (WebCore::DragController::doSystemDrag):

        Refactor to pass along a DragItem. Also, remove unused drag image anchor computation.

        * page/DragController.h:
        * platform/DragImage.h:
        * platform/DragItem.h:

        Add additional information needed to begin a drag on iOS.

        (WebCore::DragItem::encode):
        (WebCore::DragItem::decode):

        Add IPC serialization/deserialization support for DragItem.

        * platform/PasteboardWriterData.cpp:
        (WebCore::PasteboardWriterData::isEmpty):
        * platform/PasteboardWriterData.h:

2017-06-27  Frederic Wang  <fwang@igalia.com>

        Some tests to verify forbidden frame navigation time out
        https://bugs.webkit.org/show_bug.cgi?id=173657

        Reviewed by Chris Dumez.

        Currently some tests try and perform a forbidden frame navigation and verify the
        corresponding console error. However, WebKit does not raise any exception for such error so
        the tests have to wait until the timeout limit to complete, which makes execution slow.
        This patch modifies the setters of window.location for which such error may happen in order
        to raise an exception so the tests behave as expected.

        No new tests, already covered by existing tests.

        * page/Location.cpp: Adjust Location::setLocation to return a security exception and pass it
        to the callers.
        (WebCore::Location::setHref): Adjust function to possibly return an exception.
        (WebCore::Location::setProtocol): Ditto.
        (WebCore::Location::setHost): Ditto.
        (WebCore::Location::setHostname): Ditto.
        (WebCore::Location::setPort): Ditto.
        (WebCore::Location::setPathname): Ditto.
        (WebCore::Location::setSearch): Ditto.
        (WebCore::Location::setHash): Ditto.
        (WebCore::Location::assign): Ditto.
        (WebCore::Location::setLocation): FrameLoader::findFrameForNavigation is really only used
        to verify whether navigating m_frame is permitted so it is more simple and clearer to do it
        directly. When navigation is not permitted, this function now raises a security exception.
        * page/Location.h: Modify some setters to return an ExceptionOr<void>.
        * page/Location.idl: Allow some setters to raise an exception.

2017-06-26  Fujii Hironori  <Hironori.Fujii@sony.com>

        [GTK] Layout Test webrtc/video.html issues "stack smashing detected"
        https://bugs.webkit.org/show_bug.cgi?id=173862

        Reviewed by Carlos Garcia Campos.

        Tests: webrtc/video.html

        Passing a bool variable to g_object_get causes out-of-bound write.
        gboolean should be used, which is 4 bytes while bool is one byte.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::muted): Use gboolean instead of bool.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded): Ditto.

2017-06-26  Chris Dumez  <cdumez@apple.com>

        WebsiteDataStore::fetchDataForTopPrivatelyControlledDomains() is inefficient
        https://bugs.webkit.org/show_bug.cgi?id=173850

        Reviewed by Ryosuke Niwa.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
        * loader/ResourceLoadStatisticsStore.h:

2017-06-26  Antti Koivisto  <antti@apple.com>

        REGRESSION (AsyncImageDecoding): A tab with the WWDC keynote paused is killed for using excessive power (Image thrashing)
        https://bugs.webkit.org/show_bug.cgi?id=173804
        <rdar://problem/32623745>

        Reviewed by Simon Fraser.

        When under memory pressure MemoryCache::singleton().pruneLiveResources(true) is called inFrameView::didPaintContents()
        after top level paint. We end up decoding and pruning bitmaps repeatedly for each tile, which is not great.

        Situation gets worse with async decoding. Painting now doesn’t actually decode the image, it just starts the decoding.
        When it completes we trigger another paint to get the bits to the tiles. The paint for the first tile then calls
        pruneLiveResources and loses the bitmap and the second tile triggers another round of async decoding. We have code
        that prevents pruning of visible images but non-visible images in tiling area can hit this bug easily.

        Test: fast/images/low-memory-decode.html

        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):

            Eliminate synchronous pruning during painting. This is an obsolete mechanism from early iOS times.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::imageFrameAvailableAtIndex):
        (WebCore::BitmapImage::decodeCountForTesting):

            Testing support.

        * platform/graphics/BitmapImage.h:
        * testing/Internals.cpp:
        (WebCore::Internals::imageDecodeCount):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-26  Chris Dumez  <cdumez@apple.com>

        ImageFrameCache::startAsyncDecodingQueue() unsafely passes Strings across threads
        https://bugs.webkit.org/show_bug.cgi?id=173842

        Reviewed by Simon Fraser.

        The URL string was passed across thread without isolated copy.

        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::startAsyncDecodingQueue):

2017-06-26  Jonathan Bedard  <jbedard@apple.com>

        Unreviewed, rolling out r218783.

        Causing accessibility/mac/setting-attributes-is-
        asynchronous.html to crash consistently on mac-wk2 Debug

        Reverted changeset:

        "AX: Cannot call setValue() on contenteditable or ARIA text
        controls"
        https://bugs.webkit.org/show_bug.cgi?id=173520
        http://trac.webkit.org/changeset/218783

2017-06-26  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Drop Thread::create(obsolete things) API since we can use lambda
        https://bugs.webkit.org/show_bug.cgi?id=173825

        Reviewed by Saam Barati.

        No behavior change.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::IDBServer):
        (WebCore::IDBServer::IDBServer::databaseThreadEntry): Deleted.
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/webaudio/AsyncAudioDecoder.cpp:
        (WebCore::AsyncAudioDecoder::AsyncAudioDecoder):
        (WebCore::AsyncAudioDecoder::threadEntry): Deleted.
        * Modules/webaudio/AsyncAudioDecoder.h:
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::startRendering):
        (WebCore::OfflineAudioDestinationNode::offlineRenderEntry): Deleted.
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        * Modules/webdatabase/DatabaseThread.cpp:
        (WebCore::DatabaseThread::start):
        (WebCore::DatabaseThread::databaseThreadStart): Deleted.
        * Modules/webdatabase/DatabaseThread.h:
        * bindings/js/GCController.cpp:
        (WebCore::collect):
        (WebCore::GCController::gcTimerFired):
        (WebCore::GCController::garbageCollectOnAlternateThreadForDebugging):
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::open):
        (WebCore::IconDatabase::iconDatabaseSyncThreadStart): Deleted.
        * loader/icon/IconDatabase.h:
        * page/ResourceUsageThread.cpp:
        (WebCore::ResourceUsageThread::createThreadIfNeeded):
        (WebCore::ResourceUsageThread::threadCallback): Deleted.
        * page/ResourceUsageThread.h:
        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::createThreadIfNeeded):
        (WebCore::ScrollingThread::threadCallback): Deleted.
        (WebCore::ScrollingThread::threadBody): Deleted.
        * page/scrolling/ScrollingThread.h:
        * platform/audio/HRTFDatabaseLoader.cpp:
        (WebCore::HRTFDatabaseLoader::loadAsynchronously):
        (WebCore::databaseLoaderEntry): Deleted.
        * platform/audio/HRTFDatabaseLoader.h:
        * platform/audio/ReverbConvolver.cpp:
        (WebCore::ReverbConvolver::ReverbConvolver):
        (WebCore::backgroundThreadEntry): Deleted.
        * platform/audio/ReverbConvolver.h:
        (WebCore::ReverbConvolver::useBackgroundThreads):
        * platform/network/cf/LoaderRunLoopCF.cpp:
        (WebCore::loaderRunLoop):
        (WebCore::runLoaderThread): Deleted.
        * platform/network/curl/CurlManager.cpp:
        (WebCore::CurlManager::startThreadIfNeeded):
        (WebCore::CurlManager::workerThread):
        * platform/network/curl/CurlManager.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::start):
        (WebCore::WorkerThread::workerThreadStart): Deleted.
        * workers/WorkerThread.h:

2017-06-26  Joanmarie Diggs  <jdiggs@igalia.com>

        [ATK] Add support for aria-details and aria-errormessage
        https://bugs.webkit.org/show_bug.cgi?id=172588

        Reviewed by Chris Fleizach.

        Add methods to retrieve elements referenced by or referencing the new
        aria-details and aria-errormessage attributes. Include aria-details and
        aria-errormessage in AccessibilityObject::supportsARIAAttributes() to ensure
        elements with these attributes will be included in the accessibility tree.

        New test cases added to accessibility/gtk/relation-types.html.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAAttributes):
        (WebCore::AccessibilityObject::ariaDetailsElements):
        (WebCore::AccessibilityObject::ariaDetailsReferencingElements):
        (WebCore::AccessibilityObject::ariaErrorMessageElements):
        (WebCore::AccessibilityObject::ariaErrorMessageReferencingElements):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (setAtkRelationSetFromCoreObject):
        * html/HTMLAttributeNames.in:

2017-06-26  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{Modules,animation,crypto,domjit}
        https://bugs.webkit.org/show_bug.cgi?id=173824

        Reviewed by Darin Adler.

        No new tests needed.

        * Modules/credentials/CredentialCreationOptions.h:
        * Modules/credentials/PasswordCredential.h:
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchBodyOwner.h:
        * Modules/gamepad/GamepadManager.h:
        * Modules/geolocation/Coordinates.h:
        * Modules/geolocation/Geoposition.h:
        * Modules/indexeddb/IDBActiveDOMObject.h:
        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBDatabase.h:
        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        * Modules/indexeddb/IDBObjectStore.cpp:
        * Modules/indexeddb/IDBObjectStore.h:
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        * Modules/indexeddb/shared/InProcessIDBServer.h:
        * Modules/indexeddb/shared/IndexKey.h:
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediasession/WebMediaSessionManager.h:
        * Modules/mediasource/SourceBufferList.h:
        * Modules/mediasource/VideoPlaybackQuality.h:
        * Modules/notifications/Notification.h:
        * Modules/quota/WorkerNavigatorStorageQuota.h:
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioContext.h:
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioParamTimeline.h:
        * Modules/webaudio/ConvolverNode.cpp:
        * Modules/webaudio/MediaStreamAudioSource.h:
        * Modules/webaudio/MediaStreamAudioSourceNode.h:
        * Modules/webaudio/PannerNode.h:
        * Modules/webaudio/PeriodicWave.h:
        * Modules/webaudio/ScriptProcessorNode.h:
        * Modules/webdatabase/DatabaseManager.h:
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/webdatabase/SQLTransaction.h:
        * Modules/webdatabase/SQLTransactionBackend.h:
        * Modules/webdatabase/SQLTransactionStateMachine.h:
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WebSocketDeflater.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * animation/AnimationEffect.h:
        * crypto/CryptoKeyPair.h:
        * crypto/parameters/CryptoAlgorithmEcdhKeyDeriveParams.h:
        * dom/ScriptExecutionContext.h:
        * domjit/DOMJITHelpers.h:
        * domjit/DOMJITIDLConvert.h:
        * domjit/DOMJITIDLType.h:

2017-06-26  Konstantin Tokarev  <annulen@yandex.ru>

        [GTK] Unreviewed, added missing includes to fix debug build

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/platform
        https://bugs.webkit.org/show_bug.cgi?id=173822

        Reviewed by Tim Horton.

        No new tests needed.

        * html/ColorInputType.h:
        * html/MediaElementSession.h:
        * page/SecurityOriginData.cpp:
        * platform/CalculationValue.cpp:
        * platform/CalculationValue.h:
        * platform/ColorChooserClient.h:
        * platform/ContentType.h:
        * platform/LogMacros.h:
        * platform/PODRedBlackTree.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/PopupMenuStyle.h:
        * platform/ScrollAnimator.h:
        * platform/Theme.h:
        * platform/ThreadGlobalData.h:
        * platform/animation/AnimationList.h:
        * platform/audio/AudioArray.h:
        * platform/audio/AudioChannel.h:
        * platform/audio/DynamicsCompressor.h:
        * platform/audio/DynamicsCompressorKernel.h:
        * platform/audio/FFTFrame.h:
        * platform/audio/HRTFDatabaseLoader.cpp:
        * platform/audio/HRTFDatabaseLoader.h:
        * platform/audio/HRTFElevation.h:
        * platform/audio/MultiChannelResampler.h:
        * platform/audio/PlatformMediaSession.h:
        * platform/audio/ReverbConvolver.h:
        * platform/audio/ReverbConvolverStage.cpp:
        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/BitmapImage.h:
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/FloatPolygon.h:
        * platform/graphics/FloatSizeHash.h:
        * platform/graphics/Font.h:
        * platform/graphics/FontMetrics.h:
        * platform/graphics/FontPlatformData.h:
        * platform/graphics/FontRanges.h:
        * platform/graphics/FontTaggedSettings.h:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/GraphicsLayerClient.h:
        * platform/graphics/Image.cpp:
        * platform/graphics/ImageFrame.h:
        * platform/graphics/ImageFrameCache.h:
        * platform/graphics/ImageSource.h:
        * platform/graphics/IntRectHash.h:
        * platform/graphics/IntSizeHash.h:
        * platform/graphics/MediaPlaybackTargetClient.h:
        * platform/graphics/Pattern.h:
        * platform/graphics/PlatformTimeRanges.h:
        * platform/graphics/TextRun.h:
        * platform/graphics/TiledBacking.h:
        * platform/graphics/cairo/FontCustomPlatformData.h:
        * platform/graphics/filters/FEConvolveMatrix.h:
        * platform/graphics/filters/FELighting.h:
        * platform/graphics/filters/SourceAlpha.h:
        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/harfbuzz/HarfBuzzShaper.h:
        * platform/graphics/opengl/Extensions3DOpenGL.h:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        * platform/graphics/texmap/TextureMapperGL.cpp:
        * platform/graphics/texmap/TextureMapperGL.h:
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
        * platform/graphics/texmap/TextureMapperTile.h:
        * platform/graphics/texmap/coordinated/Tile.h:
        * platform/graphics/texmap/coordinated/TiledBackingStore.h:
        * platform/graphics/transforms/TransformState.h:
        * platform/gtk/PasteboardHelper.h:
        * platform/gtk/ScrollbarThemeGtk.h:
        * platform/image-decoders/ImageDecoder.h:
        * platform/network/BlobData.h:
        * platform/network/BlobDataFileReference.h:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/SocketStreamHandleClient.h:
        * platform/network/soup/ResourceRequest.h:
        * platform/network/soup/SocketStreamHandleImpl.h:
        * platform/network/soup/SoupNetworkSession.h:
        * platform/sql/SQLiteFileSystem.h:
        * platform/text/LocaleICU.h:

2017-06-25  Youenn Fablet  <youenn@apple.com>

        Remove use of mock webrtc backend factory at injected bundle reset time
        https://bugs.webkit.org/show_bug.cgi?id=173817

        Reviewed by Darin Adler.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Resetting the peer connection backend.
        * testing/MockLibWebRTCPeerConnection.cpp: Doing some clean-up
        (WebCore::useRealRTCPeerConnectionFactory):
        (WebCore::MockLibWebRTCPeerConnectionFactory::MockLibWebRTCPeerConnectionFactory):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreatePeerConnection):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreateVideoTrack):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreateAudioTrack):
        * testing/MockLibWebRTCPeerConnection.h:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=173812

        Reviewed by Darin Adler.

        No new tests needed.

        * Modules/indexeddb/IDBObjectStore.cpp:
        * bindings/js/JSDOMPromiseDeferred.h:
        * bindings/js/JSLazyEventListener.cpp:
        * bindings/js/JSMainThreadExecState.h:
        * bindings/js/ReadableStreamDefaultController.cpp:
        * bindings/js/ScriptGlobalObject.cpp:
        * bindings/js/SerializedScriptValue.cpp:
        * bridge/NP_jsobject.cpp:
        * dom/ScriptExecutionContext.cpp:
        * html/HTMLPlugInImageElement.cpp:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{rendering,style,svg}
        https://bugs.webkit.org/show_bug.cgi?id=173773

        Reviewed by Darin Adler.

        No new tests needed.

        * css/StyleBuilderConverter.h:
        * editing/TextIterator.cpp:
        * rendering/CounterNode.h:
        * rendering/FlexibleBoxAlgorithm.h:
        * rendering/HitTestLocation.h:
        * rendering/HitTestResult.h:
        * rendering/HitTestingTransformState.h:
        * rendering/OrderIterator.h:
        * rendering/RenderButton.h:
        * rendering/RenderCombineText.h:
        * rendering/RenderFlowThread.h:
        * rendering/RenderFullScreen.h:
        * rendering/RenderGeometryMap.h:
        * rendering/RenderListItem.h:
        * rendering/RenderMediaControlElements.cpp:
        * rendering/RenderMediaControlElements.h:
        * rendering/RenderMediaControls.h:
        * rendering/RenderMeter.h:
        * rendering/RenderMultiColumnSet.cpp:
        * rendering/RenderObject.h:
        * rendering/RenderRegion.h:
        * rendering/RenderRegionSet.cpp:
        * rendering/RenderRegionSet.h:
        * rendering/RenderTheme.h:
        * rendering/RenderVTTCue.cpp:
        * rendering/RenderVTTCue.h:
        * rendering/SimpleLineLayoutFunctions.h:
        * rendering/SimpleLineLayoutResolver.h:
        * rendering/line/BreakingContext.h:
        * rendering/line/LineBreaker.h:
        * rendering/mathml/MathMLStyle.h:
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/shapes/RectangleShape.h:
        * rendering/style/BasicShapes.h:
        * rendering/style/BorderData.h:
        * rendering/style/CounterDirectives.h:
        * rendering/style/GridArea.h:
        * rendering/style/KeyframeList.h:
        * rendering/style/RenderStyle.h:
        * rendering/style/SVGRenderStyle.h:
        * rendering/style/ShapeValue.h:
        * rendering/style/StyleCachedImage.h:
        * rendering/style/StyleMultiColData.h:
        * rendering/style/StyleRareNonInheritedData.h:
        * rendering/style/WillChangeData.h:
        * rendering/svg/RenderSVGBlock.h:
        * rendering/svg/RenderSVGRect.h:
        * rendering/svg/RenderSVGResource.h:
        * rendering/svg/RenderSVGResourceContainer.h:
        * rendering/svg/RenderSVGResourceMarker.h:
        * rendering/svg/RenderSVGResourceMasker.h:
        * rendering/svg/RenderSVGResourcePattern.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGRootInlineBox.h:
        * rendering/svg/SVGTextChunk.cpp:
        * rendering/svg/SVGTextChunk.h:
        * rendering/svg/SVGTextChunkBuilder.cpp:
        * rendering/svg/SVGTextLayoutEngine.cpp:
        * rendering/svg/SVGTextLayoutEngineSpacing.h:
        * style/RenderTreePosition.cpp:
        * style/RenderTreePosition.h:
        * style/RenderTreeUpdater.h:
        * style/StyleFontSizeFunctions.h:
        * style/StyleInvalidator.h:
        * style/StyleResolveForDocument.h:
        * style/StyleScope.h:
        * style/StyleTreeResolver.cpp:
        * style/StyleTreeResolver.h:
        * style/StyleUpdate.h:
        * svg/SVGAnimationElement.h:
        * svg/SVGFEBlendElement.cpp:
        * svg/SVGFEBlendElement.h:
        * svg/SVGFEComponentTransferElement.h:
        * svg/SVGFEFloodElement.cpp:
        * svg/SVGFEFloodElement.h:
        * svg/SVGFEImageElement.h:
        * svg/SVGFEMergeElement.cpp:
        * svg/SVGFEMergeElement.h:
        * svg/SVGFEOffsetElement.cpp:
        * svg/SVGFEOffsetElement.h:
        * svg/SVGFETileElement.cpp:
        * svg/SVGFETileElement.h:
        * svg/SVGParserUtilities.h:
        * svg/SVGPathByteStream.h:
        * svg/SVGPathElement.cpp:
        * svg/SVGPolyElement.cpp:
        * svg/SVGSVGElement.cpp:
        * svg/SVGTRefElement.cpp:
        * svg/SVGTextPathElement.cpp:
        * svg/SVGUseElement.cpp:
        * svg/animation/SMILTimeContainer.h:
        * svg/graphics/SVGImageCache.h:
        * svg/graphics/filters/SVGFilter.h:

2017-06-25  Antoine Quint  <graouts@apple.com>

        Remove rAf suspension logging
        https://bugs.webkit.org/show_bug.cgi?id=173821

        Reviewed by Tim Horton.

        Now that webkit.org/b/173628 is fixed, we can remove the logging code we added.

        * dom/Document.cpp:
        (WebCore::Document::requestAnimationFrame):
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::suspend):
        (WebCore::ScriptedAnimationController::resume):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        (WebCore::Page::setIsVisibleInternal):
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::MacApplication::isDumpRenderTree): Deleted.

2017-06-24  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add complete support for stringifier
        https://bugs.webkit.org/show_bug.cgi?id=173724

        Reviewed by Darin Adler.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddStringifierOperationIfNeeded):
        Update AddStringifierOperationIfNeeded to support stringifier on operations and be more
        strict about the allowed types. Also copies over all extended attributes to the synthetic
        operation.

        * bindings/scripts/IDLParser.pm:
        (parseInterfaceMember):
        (parseOperationOrReadWriteAttributeOrMaplike):
        (parseReadOnlyMember):
        (parseStringifier):
        (parseStaticMember):
        (parseAttributeOrOperationForStringifierOrStatic):
        (parseReadWriteAttribute):
        (parseAttributeRest):
        (parseOperation):
        (parseSpecialOperation):
        (parseMapLikeProperties):
        (parseOperationRest):
        (parseAttributeOrOperationOrIterator): Deleted.
        (parseQualifier): Deleted.
        (parseAttributeOrOperationRest): Deleted.
        (parseAttribute): Deleted.
        (parseOperationOrIterator): Deleted.
        - Update parser to more closely resemble the WebIDL grammar, splitting out parseStringifier and
          parseStaticMember into their own subroutines. 
        - Move those and parseSerializer, parseStringifier, parseStaticMember, parseIterableRest and a split out
          parseReadOnlyMembers up into parseInterfaceMember to make it clearer that they are top level members
          and match the grammar.
        - Rename parseAttributeOrOperationOrIterator to parseOperationOrReadWriteAttributeOrMaplike to match the
          grammar language and make it clear what it does.
        - Add parseAttributeOrOperationForStringifierOrStatic which contains most of the logic for parsing stringifiers
          and static members, which have almost identical grammars.
        - Remove creator special which no longer exists in the spec.

        * css/DOMMatrixReadOnly.idl:
        * css/WebKitCSSMatrix.idl:
        * dom/Range.idl:
        * html/URLSearchParams.idl:
        Fix FIXMEs by switching to use stringifier.

        * bindings/scripts/test/JS/JSTestStringifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifier.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.h: Added.
        * bindings/scripts/test/TestStringifier.idl: Added.
        * bindings/scripts/test/TestStringifierAnonymousOperation.idl: Added.
        * bindings/scripts/test/TestStringifierNamedOperation.idl: Added.
        * bindings/scripts/test/TestStringifierOperationImplementedAs.idl: Added.
        * bindings/scripts/test/TestStringifierOperationNamedToString.idl: Added.
        * bindings/scripts/test/TestStringifierReadOnlyAttribute.idl: Added.
        * bindings/scripts/test/TestStringifierReadWriteAttribute.idl: Added.
        Add new tests.

2017-06-24  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/mac/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-23  Simon Fraser  <simon.fraser@apple.com>

        Attempt to fix an internal build after r218755.

        * bindings/js/JSMainThreadExecStateInstrumentation.h:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
        https://bugs.webkit.org/show_bug.cgi?id=173792

        Reviewed by Ryosuke Niwa.

        Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
        as this could cause HashTable corruption on WebPageProxy side.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::finishedLoadingIcon):

2017-06-23  Youenn Fablet  <youenn@apple.com>

        webrtc::WebRtcSession is not handling correctly its state when setLocalDescription fails and is called again
        https://bugs.webkit.org/show_bug.cgi?id=173783

        Reviewed by Alex Christensen.

        Test: webrtc/libwebrtc/setLocalDescriptionCrash.html

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::doSetLocalDescription): Fail early if there is no pending remote description and description is for an answer.

2017-06-23  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream macOS] enumerateDevices should only return valid audio capture devices
        https://bugs.webkit.org/show_bug.cgi?id=173790
        <rdar://problem/32260334>

        Reviewed by Youenn Fablet.

        * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp:
        (WebCore::isValidCaptureDevice): A valid device has a name and is not an aggregate device
        created by VPIO.
        (WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices):

2017-06-23  Jer Noble  <jer.noble@apple.com>

        [WK2] Support -[WebAVPlayerController setMuted:]
        https://bugs.webkit.org/show_bug.cgi?id=173777

        Reviewed by Eric Carlson.

        Have -[WebAVPlayerController setMuted:] pass the request to its delegate (the model)
        rather than just storing the value.

        * platform/cocoa/WebPlaybackSessionModel.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
        (WebCore::WebPlaybackSessionModelMediaElement::toggleMuted):
        (WebCore::WebPlaybackSessionModelMediaElement::setMuted):
        * platform/ios/WebAVPlayerController.h:
        * platform/ios/WebAVPlayerController.mm:
        (-[WebAVPlayerController isMuted]):
        (-[WebAVPlayerController setMuted:]):
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setMuted):

2017-06-23  Frederic Wang  <fwang@igalia.com>

        Make RenderLayer::handleTouchEvent use usesAcceleratedScrolling()
        https://bugs.webkit.org/show_bug.cgi?id=173763

        Reviewed by Simon Fraser.

        No new tests, behavior is unchanged.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::handleTouchEvent): Call usesAcceleratedScrolling() instead of
        hasTouchScrollableOverflow() for clarity.

2017-06-23  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{bindings,css,dom}
        https://bugs.webkit.org/show_bug.cgi?id=173766

        Reviewed by Simon Fraser.

        No new tests needed.

        * ForwardingHeaders/runtime/ThrowScope.h: Added.
        * Modules/plugins/QuickTimePluginReplacement.mm:
        * bindings/js/CachedScriptSourceProvider.h:
        * bindings/js/JSCommandLineAPIHostCustom.cpp:
        * bindings/js/JSCustomXPathNSResolver.cpp:
        * bindings/js/JSDOMConstructorNotConstructable.h:
        * bindings/js/JSDOMConvertBase.h:
        * bindings/js/JSDOMConvertBufferSource.h:
        * bindings/js/JSDOMConvertInterface.h:
        * bindings/js/JSDOMConvertStrings.h:
        * bindings/js/JSDOMConvertUnion.h:
        * bindings/js/JSDOMConvertVariadic.h:
        * bindings/js/JSDOMConvertWebGL.h:
        * bindings/js/JSDOMExceptionHandling.h:
        * bindings/js/JSDOMIterator.h:
        * bindings/js/JSDOMMapLike.h:
        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSDOMWindowCustom.cpp:
        * bindings/js/JSDOMWindowCustom.h:
        * bindings/js/JSDOMWindowProperties.h:
        * bindings/js/JSDOMWrapperCache.h:
        * bindings/js/JSLazyEventListener.cpp:
        * bindings/js/JSMainThreadExecStateInstrumentation.h:
        * bindings/js/JSMediaListCustom.h:
        * bindings/js/JSNodeCustom.h:
        * bindings/js/JSNodeListCustom.h:
        * bindings/js/JSVideoTrackListCustom.cpp:
        * bindings/js/ScheduledAction.h:
        * bindings/js/ScriptSourceCode.h:
        * bindings/js/SerializedScriptValue.h:
        * bindings/js/WebCoreJSClientData.h:
        * css/CSSFontFeatureValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSStyleSheet.h:
        * css/CSSValue.h:
        * css/StyleBuilderCustom.h:
        * dom/ContainerNodeAlgorithms.h:
        * dom/DataTransfer.h:
        * dom/Node.h:
        * dom/NodeRareData.h:
        * dom/Position.h:
        * dom/RenderedDocumentMarker.h:

2017-06-23  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        Fix broken WinCairo build

        [Curl] Extract CurlDownloadManager as shared background task handler
        https://bugs.webkit.org/show_bug.cgi?id=173557

        Reviewed by Joseph Pecoraro.

        * platform/network/curl/CurlManager.h:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        [iOS] Potential crash under WebCore::notifyLowPowerModeChanged(WebCore::LowPowerModeNotifier*, bool)
        https://bugs.webkit.org/show_bug.cgi?id=173755
        <rdar://problem/32940942>

        Reviewed by Mark Lam.

        The crash was happening because the WebLowPowerModeObserver would dispatch
        a lambda to the main thread but the LowPowerModeNotifier object could be
        dead by the time we get to the main thread.

        To address the issue, keep a strong ref to the WebLowPowerModeObserver in
        the lambda we dispatch to the main thread to make sure it stays alive until
        we execute the lambda. In the LowPowerModeNotifier destructor, we now reset
        the WebLowPowerModeObserver's notifier pointer to nil and I added a null
        check for this notifier in the lambda.

        * platform/LowPowerModeNotifier.cpp:
        (WebCore::LowPowerModeNotifier::~LowPowerModeNotifier):
        * platform/LowPowerModeNotifier.h:
        * platform/ios/LowPowerModeNotifierIOS.mm:
        (-[WebLowPowerModeObserver initWithNotifier:]):
        (-[WebLowPowerModeObserver _didReceiveLowPowerModeChange]):
        (WebCore::LowPowerModeNotifier::LowPowerModeNotifier):
        (WebCore::LowPowerModeNotifier::~LowPowerModeNotifier):
        (WebCore::notifyLowPowerModeChanged):

2017-06-23  Alex Christensen  <achristensen@webkit.org>

        Add SPI to WKURLSchemeTask for redirection
        https://bugs.webkit.org/show_bug.cgi?id=173730

        Reviewed by Brady Eidson.

        * platform/network/CacheValidation.cpp:
        (WebCore::computeFreshnessLifetimeForHTTPFamily):
        Asserting that redirects are always http/https URLs is no longer valid.
        If there's a custom scheme redirect, give it no freshness lifetime in the cache.

2017-06-23  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{editing,fileapi,history,html,loader,page}
        https://bugs.webkit.org/show_bug.cgi?id=173769

        Reviewed by Simon Fraser.

        No new tests needed.

        * css/CSSFontFaceSource.cpp:
        * editing/DictationCommand.cpp:
        * editing/Editor.h:
        * editing/VisiblePosition.h:
        * editing/VisibleUnits.h:
        * fileapi/BlobBuilder.h:
        * history/PageCache.h:
        * html/DOMURL.h:
        * html/HTMLCollection.h:
        * html/HTMLMediaElement.cpp:
        * html/HTMLMediaElement.h:
        * html/HTMLPlugInImageElement.cpp:
        * html/StepRange.h:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/parser/HTMLDocumentParser.cpp:
        * html/parser/HTMLElementStack.h:
        * html/parser/HTMLInputStream.h:
        * html/shadow/MediaControlElements.cpp:
        * html/shadow/MediaControls.cpp:
        * html/shadow/MediaControls.h:
        * html/track/TrackListBase.h:
        * html/track/VTTCue.h:
        * html/track/WebVTTParser.cpp:
        * html/track/WebVTTParser.h:
        * loader/CrossOriginPreflightChecker.cpp:
        * loader/DocumentThreadableLoader.cpp:
        * loader/FrameLoaderClient.h:
        * loader/LinkPreloadResourceClients.h:
        * loader/LoadTiming.h:
        * loader/ThreadableLoaderClientWrapper.h:
        * loader/WorkerThreadableLoader.h:
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedResourceRequest.h:
        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedTextTrack.h:
        * loader/icon/IconLoader.cpp:
        * page/AlternativeTextClient.h:
        * page/CaptionUserPreferences.cpp:
        * page/CaptionUserPreferences.h:
        * page/ContextMenuClient.h:
        * page/MainFrame.h:
        * page/Page.h:
        * page/PageGroup.h:
        * page/PerformanceEntry.h:
        * page/PerformanceResourceTiming.h:
        * page/ResourceUsageOverlay.cpp:
        * page/ResourceUsageOverlay.h:
        * page/UserContentController.h:
        * page/UserContentProvider.h:
        * page/animation/AnimationBase.h:
        * page/animation/CSSPropertyAnimation.h:
        * page/animation/CompositeAnimation.h:
        * page/scrolling/ScrollingCoordinator.h:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/parser/XMLDocumentParserLibxml2.cpp:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        [mac-wk1] requestAnimationFrame callbacks may not get serviced
        https://bugs.webkit.org/show_bug.cgi?id=173628

        Reviewed by Simon Fraser.

        Page::setIsVisibleInternal() was firing the 'visibilitychange' event
        synchronously while in the middle of updating its visibility/activity
        state. This allowed the JavaScript to re-enter the method by calling
        testRunner.setPageVisibility() / resetPageVisiblity() and we would
        end up in an inconsistent state.

        No new tests, extended existing test.

        * dom/Document.cpp:
        (WebCore::Document::visibilityStateChanged):
        Do no fire the visibilitychange event synchronously as we are in the
        middle of updating the page's activity state. Instead fire the
        event asynchronously.

        * page/Page.cpp:
        (WebCore::Page::setIsVisibleInternal):
        Move the calling of Document::visibilityStateChanged() until after we're
        done updating the page's visibility state.

        * testing/Internals.cpp:
        (WebCore::Internals::scriptedAnimationsAreSuspended):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add test infrastructure to check if scripted animations are suspended.

2017-06-23  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Respond to AudioSession interruption and resume
        https://bugs.webkit.org/show_bug.cgi?id=173718
        <rdar://problem/32925263>

        Reviewed by Youenn Fablet.

        Tested manually.

        * WebCore.xcodeproj/project.pbxproj: Add CoreAudioCaptureSourceIOS.mm/.h

        * platform/mediastream/RealtimeMediaSource.h: Make createWeakPtr protected so derived classes
        can use it.

        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.h: Added.
        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.mm: Added.
        (-[WebCoreAudioCaptureSourceIOSListener initWithCallback:]):
        (-[WebCoreAudioCaptureSourceIOSListener invalidate]):
        (-[WebCoreAudioCaptureSourceIOSListener handleInterruption:]):
        (-[WebCoreAudioCaptureSourceIOSListener sessionMediaServicesWereReset:]):
        (WebCore::CoreAudioCaptureSourceIOS::CoreAudioCaptureSourceIOS):
        (WebCore::CoreAudioCaptureSourceIOS::~CoreAudioCaptureSourceIOS):

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::suspended): 
        (WebCore::CoreAudioSharedUnit::setupAudioUnit): Clear m_suspended.
        (WebCore::CoreAudioSharedUnit::suspend): Don't clear sources or uninitialize the audio unit,
        suspend is temporary. Set m_suspended.
        (WebCore::CoreAudioSharedUnit::resume): New, restart the audio unit.
        (WebCore::CoreAudioCaptureSource::create): Create the correct object.
        (WebCore::CoreAudioCaptureSource::scheduleReconfiguration): Dispatch to main thread if necessary.
        (WebCore::CoreAudioCaptureSource::beginInterruption): New, suspend from main thread.
        (WebCore::CoreAudioCaptureSource::endInterruption): New, resume/reconfigure from main thread.
        (WebCore::CoreAudioCaptureSource::interrupted):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:

2017-06-23  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Drop the AES-CFB support
        https://bugs.webkit.org/show_bug.cgi?id=173547

        Reviewed by Jiewen Tan.

        No new tests -- relevant test baselines are updated.

        Stop registering the AES-CFB algorithm as something that's supported by
        the libgcrypt implementation. This algorithm was previously included in
        the Web Crypto API specification, but has since been dropped from it.

        Conveniently, libgcrypt only recently gained support for the CFB8 AES
        cipher mode that's required by the specification, meaning we could only
        support this algorithm with future releases of the libgcrypt library.

        * crypto/gcrypt/CryptoAlgorithmRegistryGCrypt.cpp:
        (WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):

2017-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [WPE] Enable PUBLIC_SUFFIX_LIST
        https://bugs.webkit.org/show_bug.cgi?id=173758

        Reviewed by Žan Doberšek.

        * PlatformWPE.cmake: Add PublicSuffixSoup.cpp to the build.

2017-06-22  Antti Koivisto  <antti@apple.com>

        REGRESSION(r217695): Offscreen/overflowed items not being rendered while translating in-frame
        https://bugs.webkit.org/show_bug.cgi?id=173732

        Reviewed by Simon Fraser.

        If an accelerated animation starts completely outside the view we fail to create backing for it
        when it moves into view.

        Fix by computing the full extent rect of the animation when it starts and doing the viewport overlap
        testing with that.

        Test: compositing/backing/transform-transition-from-outside-view.html

        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::animationExtent):
        (WebCore::GraphicsLayer::setAnimationExtent):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect):

            Return the current animation transformation matrix so we can use it elsewhere without recomputing.

        (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

            If we have animation extent use it instead of bounds for visibility testing.

        (WebCore::GraphicsLayerCA::recursiveCommitChanges):

            Track if theres is a visible ancestor layer with a transition animation.

        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::updateCoverage):

            For simplicity create backing for all sublayers of a visible transform animated layer.

        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::VisibleAndCoverageRects::VisibleAndCoverageRects): Deleted.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):

            Pass the animation extent (including descendants) to GraphicsLayer.

2017-06-22  Chris Dumez  <cdumez@apple.com>

        ResourceLoadStatisticsStore should be ThreadSafeRefCounted
        https://bugs.webkit.org/show_bug.cgi?id=173753
        <rdar://problem/32939326>

        Reviewed by Andreas Kling.

        ResourceLoadStatisticsStore should be ThreadSafeRefCounted as it is ref'd/deref'd
        from different threads.

        * loader/ResourceLoadStatisticsStore.h:

2017-06-22  Myles C. Maxfield  <mmaxfield@apple.com>

        @font-face rules with invalid primary fonts never download their secondary fonts
        https://bugs.webkit.org/show_bug.cgi?id=173138
        <rdar://problem/32554450>

        Reviewed by Simon Fraser.

        We have logic in CSSFontAccessor::font() which disallows downloading a CSSFontFace if that CSSFontFace
        is already in the Succeeded state. However, it was possible for a succeeded CSSFontFace to still fail
        to create a font. In this situation, we wouldn't be able to use the downloaded font, and we wouldn't
        try to download the next item in the src: list because the CSSFontFace is succeeded.

        This patch strengthens the meaning of the Succeeded state. Previously, it just meant that the bytes
        in the file were downloaded successfully. This patch extends this to also mean that the bytes in the
        file can be successfully interpreted as a font. This way, the CSSFontFace in the example above won't be
        set to the Succeeded state, so we will continue follow the src: list and download the secondary fonts.

        This has an added benefit that the CSS Font Loading API's promises will be called more appropriately.
        The transition to the Succeeded state will trigger a resolve of the promise. Now, these promises will
        only be resolved if the fonts are actually parsed and understood by our text system.

        Test: fast/text/font-fallback-invalid-load.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::fontLoaded): Move to the failed state if we can't understand the font
        data. This is the crux of this patch.
        (WebCore::CSSFontFaceSource::font): This function should only be called if we are in the Succeeded
        state, which means now we know we should always be able to understand the bytes of the file. Therefore,
        we can change some if statements into ASSERT()s.
        * loader/cache/CachedSVGFont.cpp:
        (WebCore::CachedSVGFont::createFont): Ditto.
        (WebCore::CachedSVGFont::ensureCustomFontData): Similarly to CSSFontFaceSource::fontLoaded(), this
        adds another check to our criteria for transitioning into the Succeeded state, which will guarantee that
        later we will always be able to create the font object.

2017-06-22  Andreas Kling  <akling@apple.com>

        Rename MemoryPressureHandler::setTabCount to setPageCount
        https://bugs.webkit.org/show_bug.cgi?id=173750

        Reviewed by Daniel Bates.

        * page/Page.cpp:
        (WebCore::Page::~Page):

2017-06-22  Antoine Quint  <graouts@apple.com>

        Modern media controls localised strings are out of sync with used strings in code
        https://bugs.webkit.org/show_bug.cgi?id=173752

        Reviewed by Dean Jackson.

        Remove strings we no longer use and add strings we use but failed to add previously.

        * English.lproj/modern-media-controls-localized-strings.js:

2017-06-22  Antoine Quint  <graouts@apple.com>

        Log when scripted animations get suspended and resumed
        https://bugs.webkit.org/show_bug.cgi?id=173751

        Reviewed by Dean Jackson.

        More work toward understanding why rAF callbacks are not serviced on bots (webkit.org/b/173628).

        * dom/Document.cpp:
        (WebCore::Document::requestAnimationFrame):
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::suspend):
        (WebCore::ScriptedAnimationController::resume):
        (WebCore::ScriptedAnimationController::logSuspendCount): Deleted.
        * dom/ScriptedAnimationController.h:
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        (WebCore::Page::setIsVisibleInternal):

2017-06-22  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r214712): Infinite recursion in RenderTable::layout in paginated mode
        https://bugs.webkit.org/show_bug.cgi?id=173731
        <rdar://problem/32237775>

        Reviewed by Antti Koivisto.

        We should just skip bottom captions to check if section is moved, since they don't affect
        the section position (bottom <caption> is preceded by <tfoot>).

        Test: fast/table/caption-bottom-with-pagination.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):

2017-06-22  Dean Jackson  <dino@apple.com>

        REGRESSION (r215809): 50% regression 14E305 -> 15A293a in MotionMark Suits test
        https://bugs.webkit.org/show_bug.cgi?id=173728
        <rdar://problem/32526744>

        Reviewed by Tim Horton.

        It turns out that CGGradientCreateWithColors is much slower than
        CGGradientCreateWithColorComponents, even without colorspace variations.
        Update the gradient creation code to only use this slower path
        when it has extended colors.

        * platform/graphics/Color.h: Add a FIXME about renaming some methods.
        * platform/graphics/cg/GradientCG.cpp: Use CGGradientCreateWithColorComponents
        if we have stops that are not extended colors.
        (WebCore::Gradient::platformGradient):

2017-06-22  Youenn Fablet  <youenn@apple.com>

        Fix memory leak in LibWebRTCMediaEndpoint
        https://bugs.webkit.org/show_bug.cgi?id=173717

        Reviewed by Eric Carlson.

        No chnage of behavior.
        Making sure SessionDescription pointer get properly released.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::createSessionDescriptionSucceeded):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * testing/MockLibWebRTCPeerConnection.cpp: Allocating description.

2017-06-22  Daniel Bates  <dabates@apple.com>

        Make FrameLoadRequest a move-only type
        https://bugs.webkit.org/show_bug.cgi?id=173682

        Reviewed by Alex Christensen and Darin Adler.

        A FrameLoadRequest groups together the information to perform a load into a single object
        that is more manageable to pass around than its constituent parts. Code that receives a
        FrameLoadRequest is expected to extract out the information it needs to complete its task.
        And it does not make sense to re-use the same FrameLoadRequest object for more than one
        load. Therefore, it is sufficient to make FrameLoadRequest a move-only type.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        * loader/FrameLoadRequest.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::changeLocation):
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::createWindow):
        * loader/FrameLoader.h:
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::scheduleLocationChange):
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):
        * replay/UserInputBridge.cpp:
        (WebCore::UserInputBridge::loadRequest):
        * replay/UserInputBridge.h:

2017-06-22  Jer Noble  <jer.noble@apple.com>

        REGRESSION (r217223): [iOS] Video keeps playing after application is backgrounded
        https://bugs.webkit.org/show_bug.cgi?id=173727

        Reviewed by Eric Carlson.

        Only override media element visibility if it is in picture-in-picture mode (not fullscreen generally).

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::visibilityStateChanged):

2017-06-22  Joseph Pecoraro  <pecoraro@apple.com>

        Follow-up to r218662. Only log backtraces for DumpRenderTree.

        Rubber-stamped by Antoine Quint.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):

2017-06-22  Charlie Turner  <cturner@igalia.com>

        [GTK] Spreaker live shows won't play
        https://bugs.webkit.org/show_bug.cgi?id=173306

        Reviewed by Xabier Rodriguez-Calvar.

        This was due to removing the code that negotiated caps for Icecast
        streams based on the response headers in r191947. The problem is that
        the typefind element can sometimes squint hard enough and see an MP3
        stream and attempt to play it, resulting in garbled audio playback. More
        commonly typefind fails to recognize the Icecast stream and bails,
        resulting in no playback at all.

        r191947 also removed the emission of metadata into the pipeline. This
        patch also leaves that out since we have no use for it within WebKit.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (StreamingClient::handleResponseReceived):

2017-06-22  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218633.

        The test is failing frequently on Sierra Debug and Windows

        Reverted changeset:

        "AX: Cannot call setValue() on contenteditable or ARIA text
        controls"
        https://bugs.webkit.org/show_bug.cgi?id=173520
        http://trac.webkit.org/changeset/218633

2017-06-22  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement ReadableStreamBYOBReader read()
        https://bugs.webkit.org/show_bug.cgi?id=172714

        Reviewed by Youenn Fablet.

        Implemented read() method of ReadableStreamBYOBReader [1]. Also added code related 
        to BYOB features that were previously described as FIXMEs and that now become reachable.

        In addition, WPT tests that involve read() have allowed to identify 2 bugs not directly 
        related to read() (172716 and 172717). They will be fixed distinctly. Once done, all WPT
        tests should pass.

        [1] https://streams.spec.whatwg.org/#byob-reader-read

        WPT tests (web-platform-tests/streams/readable-byte-streams/general.js) already cover
        most cases for read() usage. Corresponding expectations have been updated. In addition,
        1 test has been added to WebKit tests (in streams/readable-stream-byob-reader.js) to 
        check that read() can only be applied to a ReadableStreamBYOBReader.

        * Modules/streams/ReadableByteStreamInternals.js:
        (readableByteStreamControllerClearPendingPullIntos): Implemented.
        (readableByteStreamControllerEnqueue): Updated with support for BYOBReader.
        (readableByteStreamControllerPullInto): Added.
        (readableStreamAddReadIntoRequest): Added.
        * Modules/streams/ReadableStreamBYOBReader.js:
        (read): Added.

2017-06-22  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Prevent capturing at unconventional resolutions when using the SW encoder on Mac
        https://bugs.webkit.org/show_bug.cgi?id=172602
        <rdar://problem/32407693>

        Reviewed by Eric Carlson.

        Test: platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html

        Add internal API to switch on/off hardware H264 encoder.
        Add checks for standard size. If using a software encoder and frame size is not standard,
        the session is destroyed and no frame is sent at all.

        Added tests based on captureStream.
        Fixed the case of capturing a canvas which size is changing.

        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.h:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        (WebCore::H264VideoToolboxEncoder::setHardwareEncoderForWebRTCAllowed):
        (WebCore::H264VideoToolboxEncoder::hardwareEncoderForWebRTCAllowed):
        (WebCore::isUsingSoftwareEncoder):
        (WebCore::H264VideoToolboxEncoder::CreateCompressionSession):
        (isStandardFrameSize): Added.
        (isUsingSoftwareEncoder): Added.
        * testing/Internals.cpp:
        (WebCore::Internals::setH264HardwareEncoderAllowed):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-21  Youenn Fablet  <youenn@apple.com>

        [Fetch API] TypeError when called with body === {}
        https://bugs.webkit.org/show_bug.cgi?id=173295
        <rdar://problem/32746733>

        Reviewed by Sam Weinig.

        Test: fetch/body-init.html

        Handling body of Request and Response using binding generator to correctly handle unions.
        The biggest change is that any value that is not a specific type in the union will match a String.
        This is matching WebIDL spec and Firefox behavior.

        Handling of ReadableStream bodies remains in JS builtin for Response.
        This allows easier handling cloning and consumption of body.
        Adding setBodyAsReadableStream since this is no longer handled by extractBody.

        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::extract): Using Variant instead of JSC::JSValue.
        (WebCore::FetchBody::readableStreamBody): Introduced to handle the
        case of readable stream bodies.
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchBodyOwner.cpp:
        (WebCore::FetchBodyOwner::extractBody):
        * Modules/fetch/FetchBodyOwner.h:
        (WebCore::FetchBodyOwner::setBody):
        * Modules/fetch/FetchRequest.cpp:
        (WebCore::FetchRequest::setBody): Splitting setBody for ease of readability.
        (WebCore::FetchRequest::setBodyFromInputRequest):
        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchRequest.idl:
        * Modules/fetch/FetchRequest.js:
        (initializeFetchRequest):
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::initializeWith):
        (WebCore::FetchResponse::setBodyAsReadableStream):
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/FetchResponse.idl:
        * Modules/fetch/FetchResponse.js:
        (initializeFetchResponse):
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2017-06-21  Simon Fraser  <simon.fraser@apple.com>

        Add z-index to compositing logging output
        https://bugs.webkit.org/show_bug.cgi?id=173684

        Reviewed by Zalan Bujtas.

        Show z-index, which is often useful to find negative z-index items.

        Log "+foreground" rather than "foreground" to indicate that this layer has an
        additional foreground/background layer, and fix spacing.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::logLayerInfo):

2017-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix Window Debug build after r218660.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):

2017-06-21  Andreas Kling  <akling@apple.com>

        Increase memory kill limits for WebContent processes that manage multiple tabs.
        https://bugs.webkit.org/show_bug.cgi?id=173674

        Reviewed by Geoffrey Garen.

        Plumb the non-utility Page count down to WTF::MemoryPressureHandler.

        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::~Page):

2017-06-21  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] Restore ordering of CryptoAlgorithmIdentifier in SerializedScriptValue
        https://bugs.webkit.org/show_bug.cgi?id=173678
        <rdar://problem/32879314>

        Reviewed by Sam Weinig.

        r218030 reorders the ordering of CryptoAlgorithmIdentifier in SerializedScriptValue,
        which introduces backward compatibility issues with CryptoKey objects stored in the
        IndexedDB. Hence, we should restore it back.

        No tests.

        * bindings/js/SerializedScriptValue.cpp:

2017-06-21  Daniel Bates  <dabates@apple.com>

        Change FrameLoadRequest from a struct to a class

        FrameLoadRequest is underutilizing the purpose of a struct - default visibility of
        members is public, as FrameLoadRequest explicitly groups its members under public:
        or private: sections. Maybe in the future we can make FrameLoadRequest a struct
        with only public members. For now, we should consider FrameLoadRequest a class.

        * loader/FormSubmission.h:
        * loader/FrameLoadRequest.h:
        * loader/FrameLoader.h:
        * page/Chrome.h:
        * page/ChromeClient.h:
        * replay/UserInputBridge.h:

2017-06-21  Daewoong Jang  <daewoong.jang@navercorp.com>

        Compiler error while building with !HAVE(ACCESSIBILITY)
        https://bugs.webkit.org/show_bug.cgi?id=173670

        Reviewed by Chris Fleizach.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::getOrCreate):
        (WebCore::AXObjectCache::childrenChanged):

2017-06-21  Antoine Quint  <graouts@apple.com>

        Build fix.

        Reviewed by Tim "Mr. T" Horton.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):

2017-06-21  Antoine Quint  <graouts@apple.com>

        Ensure DRT always logs rAF suspension debugging code
        https://bugs.webkit.org/show_bug.cgi?id=173681

        Reviewed by Tim "Mr. T" Horton.

        Instead of using a setting to check whether we should log information related to rAF
        callbacks being suspended with WK1, we now check whether we're using in DRT to avoid
        any potential issue with settings being in the incorrect state when a test is run.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        * page/Settings.in:
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::MacApplication::isDumpRenderTree):

2017-06-21  Chris Dumez  <cdumez@apple.com>

        Allow constructing a WTF:Function from a function pointer
        https://bugs.webkit.org/show_bug.cgi?id=173660

        Reviewed by Alex Christensen.

        Construct WTF:Function directly from a function pointer when possible
        instead of constructing a lambda to do so.

        * Modules/encryptedmedia/InitDataRegistry.cpp:
        (WebCore::InitDataRegistry::InitDataRegistry):
        * page/Page.cpp:
        * page/mac/PageMac.mm:
        (WebCore::Page::platformInitialize):
        * platform/cf/MainThreadSharedTimerCF.cpp:
        (WebCore::setupPowerObserver):
        * platform/mac/WebCoreNSURLExtras.mm:
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        * workers/Worker.cpp:
        (WebCore::Worker::Worker):

2017-06-21  Antoine Quint  <graouts@apple.com>

        CSS text properties affect <video> shadow root
        https://bugs.webkit.org/show_bug.cgi?id=173664
        <rdar://problem/32904328>

        Reviewed by Dean Jackson.

        Ensure that we reset all inheritable styles back to their initial value for media shadow roots.

        Test: media/modern-media-controls/time-label/time-label-inherited-text-indent.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container):

2017-06-20  Simon Fraser  <simon.fraser@apple.com>

        Remove WILL_REVEAL_EDGE_EVENTS code
        https://bugs.webkit.org/show_bug.cgi?id=173632

        Reviewed by Sam Weinig, Beth Dakin.

        Remove will-reveal-edge events, which never took off.

        * dom/Document.cpp:
        (WebCore::Document::clearScriptedAnimationController):
        (WebCore::Document::sendWillRevealEdgeEventsIfNeeded): Deleted.
        * dom/Document.h:
        * dom/GlobalEventHandlers.idl:
        * html/HTMLBodyElement.idl:
        * html/HTMLFrameSetElement.idl:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2017-06-21  Daniel Bates  <dabates@apple.com>

        Cleanup FrameLoadRequest
        https://bugs.webkit.org/show_bug.cgi?id=173564
        <rdar://problem/32903570>

        Reviewed by Brent Fulgham.

        FrameLoadRequest has too many constructors. Use default values to reduce the number of
        constructors. Have FrameLoadRequest hold a Ref<SecurityOrigin> instead of a RefPtr<SecurityOrigin>
        as FrameLoadRequest must always hold a valid SecurityOrigin, the security origin of the
        document that initiated the request.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab): Explicitly pass the null-string for
        the target frame name as we do not have one. Use C++11 brace initialization syntax and ASCIILiteral().
        Rename local variable from request to frameLoadRequest to better describe its purpose. Fix up
        FIXME comment added in r105600 to better describe the issue we should fix as the code as
        changed since the FIXME was added.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate): No need to pass ShouldReplaceDocumentIfJavaScriptURL::ReplaceDocumentIfJavaScriptURL
        now that the FrameLoadRequests constructor uses this policy by default. Use C++11 brace
        initialization syntax and ASCIILiteral(). Rename local variable from frameRequest to frameLoadRequest
        to better describe its purpose.
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Use C++11 brace initialization syntax.
        * loader/FrameLoadRequest.h: Remove many constructor overloads. Changed m_requester from
        RefPtr<SecurityOrigin> to Ref<SecurityOrigin> as we can never be instantiated with a null
        SecurityOrigin. Moved m_shouldCheckNewWindowPolicy to be under ShouldOpenExternalURLsPolicy
        to reduce the size of the class by 8 bytes.
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Added copy constructor as we must use Ref::copyRef()
        to copy the Ref<SecurityOrigin>.
        (WebCore::FrameLoadRequest::requester): Return a const SecurityOrigin& instead of a const SecurityOrigin*.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected): Update now that the order of the ShouldReplaceDocumentIfJavaScriptURL
        and ShouldOpenExternalURLsPolicy arguments in the FrameLoadRequest constructor has changed.
        (WebCore::FrameLoader::loadURLIntoChildFrame): Ditto. Also use C++11 brace initialization syntax
        and ASCIILiteral().
        (WebCore::FrameLoader::loadFrameRequest): Update code now that FrameLoadRequest::requester() returns a
        SecurityOrigin& instead of a SecurityOrigin*. Use C++11 brace initialization syntax.
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::scheduleLocationChange): Use C++11 brace initialization syntax.
        Rename local variable from frameRequest to frameLoadRequest to better describe its purpose.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected): ove FrameLoadRequest instantiation
        into a local variable and use C++11 brace initialization syntax to make it easier to identify
        the arguments passed to FrameLoader::loadFrameRequest().
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow): Update now that the order of the ShouldReplaceDocumentIfJavaScriptURL
        and ShouldOpenExternalURLsPolicy arguments in the FrameLoadRequest constructor has changed.
        Use C++11 brace initialization syntax and ASCIILiteral(). Rename some local variables to better
        describe their purpose.

2017-06-20  Simon Fraser  <simon.fraser@apple.com>

        svgPath.getTotalLength() freezes webkit
        https://bugs.webkit.org/show_bug.cgi?id=173566
        <rdar://problem/32866731>

        Reviewed by Dean Jackson.

        Ensure that curveLength() progresses by making split() return a bool indicating
        whether either of the resulting curves are the same as the original. This can happen
        when midPoint() on two close points returns a point that is the same as one of the
        arguments because of floating-point precision limitations.

        Test: svg/custom/path-getTotalLength-hang.html

        * platform/graphics/PathTraversalState.cpp:
        (WebCore::QuadraticBezier::operator ==):
        (WebCore::QuadraticBezier::split):
        (WebCore::CubicBezier::operator ==):
        (WebCore::CubicBezier::split):
        (WebCore::curveLength):

2017-06-21  Youenn Fablet  <youenn@apple.com>

        Fix AVVideoCaptureSource frameRate setter and getter
        https://bugs.webkit.org/show_bug.cgi?id=173637

        Reviewed by Eric Carlson.

        Covered by manual testing.

        Using activeVideoMaxFrameDuration to get the frame rate.
        Setting the frame rate according the given vale if in the allowed range.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::updateSettings):
        (WebCore::AVVideoCaptureSource::applyFrameRate):
        (WebCore::AVVideoCaptureSource::applySizeAndFrameRate):
        (WebCore::AVVideoCaptureSource::shutdownCaptureSession):
        (WebCore::AVVideoCaptureSource::processNewFrame):
        (WebCore::AVVideoCaptureSource::updateFramerate): Deleted.

2017-06-21  Youenn Fablet  <youenn@apple.com>

        Refresh libwebrtc code up to a87675d4a160e2c49c3e754cd9ca291d6c8f36ae
        https://bugs.webkit.org/show_bug.cgi?id=173602

        Reviewed by Eric Carlson.

        No feature change.

        Updated according small libwebrtc API changes.

        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
        (WebCore::RealtimeIncomingVideoSource::pixelBufferFromVideoFrame):
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::sendBlackFramesIfNeeded):
        (WebCore::RealtimeOutgoingVideoSource::videoSampleAvailable):

2017-06-21  Sam Weinig  <sam@webkit.org>

        Add support for structured serialization of CSS Geometry types
        https://bugs.webkit.org/show_bug.cgi?id=173631

        Reviewed by Simon Fraser.

        Tests: imported/w3c/web-platform-tests/css/geometry-1/structured-serialization.html

        Adds support for serializing the new geometry types as specified by:
        https://drafts.fxtf.org/geometry-1/#structured-serialization

        * WebCore.xcodeproj/project.pbxproj:
        Move a few custom bindings into the "GC / Wrapping Only" since they have no more custom operations or attributes.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpDOMPoint):
        (WebCore::CloneSerializer::dumpDOMRect):
        (WebCore::CloneSerializer::dumpDOMMatrix):
        (WebCore::CloneSerializer::dumpDOMQuad):
        (WebCore::CloneSerializer::dumpIfTerminal):
        (WebCore::CloneDeserializer::getJSValue):
        (WebCore::CloneDeserializer::readDOMPoint):
        (WebCore::CloneDeserializer::readDOMMatrix):
        (WebCore::CloneDeserializer::readDOMRect):
        (WebCore::CloneDeserializer::readDOMPointInit):
        (WebCore::CloneDeserializer::readDOMQuad):
        (WebCore::CloneDeserializer::readTerminal):
        Add serialization/deserialization of the geometry types.

        * css/DOMMatrix.cpp:
        (WebCore::DOMMatrix::DOMMatrix):
        * css/DOMMatrix.h:
        (WebCore::DOMMatrix::create):
        * css/DOMMatrixReadOnly.cpp:
        (WebCore::DOMMatrixReadOnly::DOMMatrixReadOnly):
        * css/DOMMatrixReadOnly.h:
        (WebCore::DOMMatrixReadOnly::create):
        Add create functions and constructors that take a TransformationMatrix by r-value reference
        so they can be moved into the DOM type.

2017-06-21  Andreas Kling  <akling@apple.com>

        [iOS] Ensure that GraphicsServices is initialized before calling GSFontPurgeFontCache().
        https://bugs.webkit.org/show_bug.cgi?id=173616
        <rdar://problem/30780050>

        Reviewed by Chris Dumez.

        Fix for crash in GSFontPurgeFontCache() seen in apps embedding WebKit.
        Ensure GSFontInitialize() has been called first, since the former depends on state
        set up by this function.

        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        * platform/spi/ios/GraphicsServicesSPI.h:

2017-06-21  Antoine Quint  <graouts@apple.com>

        Add logging to identify when the Page suspends scripted animations
        https://bugs.webkit.org/show_bug.cgi?id=173626

        Reviewed by Tim Horton.

        We have a longstanding issue that some media/modern-media-controls tests time out due to
        requestAnimationFrame callbacks not being serviced, which is tracked by webkit.org/b/173628.
        We added some logging to identify when ScriptedAnimationController would get suspended in
        webkit.org/b/173326. This logging points to the fact that the reason rAF callbacks aren't
        serviced is because Document::requestAnimationFrame() suspends rAF when the page reports
        that scripted animations ought to be suspended, which is true when m_scriptedAnimationsSuspended
        is true. This patch adds logging that tracks when this flag is set, provided a new setting
        shouldLogScriptedAnimationControllerSuspensionChange is true.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        * page/Settings.in:

2017-06-21  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Extract CurlDownloadManager as shared background task handler
        https://bugs.webkit.org/show_bug.cgi?id=173557

        Curl resource handling should be shared by other part of Curl
        network stack. CurlDownloadManager is extracted as stand alone
        CurlManager singleton class to be ready for others
        (i.e. ResourceHandle).

        Reviewed by Alex Christensen.

        * PlatformWinCairo.cmake:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::didReceiveHeader):
        (WebCore::CurlDownload::handleCurlMsg):
        (WebCore::CurlDownloadManager::CurlDownloadManager): Deleted.
        (WebCore::CurlDownloadManager::~CurlDownloadManager): Deleted.
        (WebCore::CurlDownloadManager::add): Deleted.
        (WebCore::CurlDownloadManager::remove): Deleted.
        (WebCore::CurlDownloadManager::getActiveDownloadCount): Deleted.
        (WebCore::CurlDownloadManager::getPendingDownloadCount): Deleted.
        (WebCore::CurlDownloadManager::startThreadIfNeeded): Deleted.
        (WebCore::CurlDownloadManager::stopThread): Deleted.
        (WebCore::CurlDownloadManager::stopThreadIfIdle): Deleted.
        (WebCore::CurlDownloadManager::updateHandleList): Deleted.
        (WebCore::CurlDownloadManager::addToCurl): Deleted.
        (WebCore::CurlDownloadManager::removeFromCurl): Deleted.
        (WebCore::CurlDownloadManager::downloadThread): Deleted.
        * platform/network/curl/CurlDownload.h:
        (WebCore::CurlDownloadManager::getMultiHandle): Deleted.
        (WebCore::CurlDownloadManager::runThread): Deleted.
        (WebCore::CurlDownloadManager::setRunThread): Deleted.
        * platform/network/curl/CurlManager.cpp: Added.
        (WebCore::CurlManager::CurlManager):
        (WebCore::CurlManager::~CurlManager):
        (WebCore::CurlManager::add):
        (WebCore::CurlManager::remove):
        (WebCore::CurlManager::getActiveCount):
        (WebCore::CurlManager::getPendingCount):
        (WebCore::CurlManager::startThreadIfNeeded):
        (WebCore::CurlManager::stopThread):
        (WebCore::CurlManager::stopThreadIfIdle):
        (WebCore::CurlManager::updateHandleList):
        (WebCore::CurlManager::addToCurl):
        (WebCore::CurlManager::removeFromCurl):
        (WebCore::CurlManager::workerThread):
        (WebCore::CurlUtils::getEffectiveURL):
        (WebCore::CurlSharedResources::mutexFor):
        (WebCore::CurlSharedResources::lock):
        (WebCore::CurlSharedResources::unlock):
        * platform/network/curl/CurlManager.h: Added.
        (WebCore::CurlManager::singleton):
        (WebCore::CurlManager::getCurlShareHandle):
        (WebCore::CurlManager::getMultiHandle):
        (WebCore::CurlManager::runThread):
        (WebCore::CurlManager::setRunThread):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::getCurlEffectiveURL): Deleted.
        (WebCore::sharedResourceMutex): Deleted.
        (WebCore::curl_lock_callback): Deleted.
        (WebCore::curl_unlock_callback): Deleted.
        (WebCore::ResourceHandleManager::getCurlShareHandle): Deleted.
        * platform/network/curl/ResourceHandleManager.h:

2017-06-21  Jeremy Jones  <jeremyj@apple.com>

        Include audio/vnd.wave as a valid mime-type for wav files.
        https://bugs.webkit.org/show_bug.cgi?id=173635
        rdar://problem/32656568

        Reviewed by Eric Carlson.

        audio/vnd.wave is a valid mime-type for wav files per https://tools.ietf.org/html/rfc2361

        Updated test and test results:
        LayoutTests/media/media-can-play-wav-audio.html

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes):
        (WebCore::mimeTypeAssociationMap):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::staticMIMETypeList):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::mimeTypeSet):

2017-06-21  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-20  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC SPKI imports
        https://bugs.webkit.org/show_bug.cgi?id=172927

        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.

        No new tests -- affected tests are now passing and are unskipped.

        Implement libgcrypt-based support for SPKI imports of EC keys.

        Using libtasn1 through the utility functions and wrappers, the given key data
        is decoded against the SubjectPublicKeyInfo ASN.1 definition. The algorithm
        member is then properly validated, making sure that the key algorithm idenfitier
        is supported and that the algorithm parameters specify the correct EC curve.

        The public key bit string is then retrieved and validated, ensuring it represents
        an uncompressed EC point that is of valid size for the specified EC curve. The
        point is then tested through an EC context to make sure it's positioned on the
        specified EC curve.

        Finally, the curve name and uncompressed point data are embedded into a
        `public-key` s-expression that will be used through the libgcrypt API. This is
        then used, along with other information, to create a valid CryptoKeyEC object.

        * PlatformGTK.cmake: Use LIBTASN1_INCLUDE_DIRECTORIES and LIBTASN1_LIBRARIES.
        * PlatformWPE.cmake: Ditto.
        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::supportedAlgorithmIdentifier):
        (WebCore::curveForIdentifier):
        (WebCore::CryptoKeyEC::platformImportSpki):

2017-06-20  Devin Rousso  <drousso@apple.com>

        WebGPU contexts should have a back reference to the canvas element
        https://bugs.webkit.org/show_bug.cgi?id=173633

        Reviewed by Jon Lee.

        No tests added, as this is already implemented within other canvas types.

        * html/canvas/WebGPURenderingContext.idl:

2017-06-20  Youenn Fablet  <youenn@apple.com>

        WebAudioSourceProvider should be thread safe ref counted
        https://bugs.webkit.org/show_bug.cgi?id=173623

        Reviewed by Eric Carlson.

        No observable change of behavior.

        * platform/mediastream/WebAudioSourceProvider.h:

2017-06-20  Yoav Weiss  <yoav@yoav.ws>

        [preload] Turn on preload's feature flag by default.
        https://bugs.webkit.org/show_bug.cgi?id=173139

        Reviewed by Youenn Fablet.

        Turn on the runtime enabled feature flag for link preload by default.

        No new tests as this just turns on a feature that was already on-by-default for tests.

        * page/RuntimeEnabledFeatures.h:

2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Disable font variations on macOS Sierra and iOS 10
        https://bugs.webkit.org/show_bug.cgi?id=173618
        <rdar://problem/32879164>

        Reviewed by Jon Lee.

        On macOS Sierra and iOS 10, there are some platform problems involved with font variations. They
        were previously enabled on those OSes just as a preview development tool. These platform bugs have
        been fixed in macOS High Sierra and iOS 11, so we should align our feature flags with the eventual
        configurations.

        * Configurations/FeatureDefines.xcconfig:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::defaultVariationValues):
        (WebCore::preparePlatformFont):

2017-06-20  Devin Rousso  <drousso@apple.com>

        Web Inspector: Send context attributes for tracked canvases
        https://bugs.webkit.org/show_bug.cgi?id=173327

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/context-attributes.html

        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):

2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] The system Japanese font cannot be italicized
        https://bugs.webkit.org/show_bug.cgi?id=173300
        <rdar://problem/31805407>

        Reviewed by Ryosuke Niwa.

        Items in the system font cascade list may lie about whether or not they support italics.
        In order to get the truth, we need to use the physical font underlying the font in question,
        because this one won't lie. Then, we can interrogate this physical font about its traits
        in order to synthesize italics correctly.

        Test: fast/text/system-font-japanese-synthetic-italic.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):

2017-06-20  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in more places in WebCore/
        https://bugs.webkit.org/show_bug.cgi?id=173583

        Reviewed by Darin Adler.

        Use WTF::Function instead of std::function in more places in WebCore/ to
        reduce copying.

        * page/Page.cpp:
        * platform/HysteresisActivity.h:
        (WebCore::HysteresisActivity::HysteresisActivity):
        * platform/Logging.cpp:
        (WebCore::registerNotifyCallback):
        * platform/Logging.h:
        * platform/MainThreadSharedTimer.cpp:
        (WebCore::MainThreadSharedTimer::setFiredFunction):
        * platform/MainThreadSharedTimer.h:
        * platform/PlatformPasteboard.h:
        * platform/ScopeGuard.h:
        (WebCore::ScopeGuard::ScopeGuard):
        (WebCore::ScopeGuard::enable):
        * platform/ScrollAnimationSmooth.cpp:
        (WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
        * platform/ScrollAnimationSmooth.h:
        * platform/SharedTimer.h:
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::currentSessionsMatching):
        * platform/audio/PlatformMediaSessionManager.h:
        * platform/cf/MainThreadSharedTimerCF.cpp:
        (WebCore::setupPowerObserver):
        * platform/cf/RunLoopObserver.h:
        (WebCore::RunLoopObserver::RunLoopObserver):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::traverse):
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::addMediaEngine):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/Path.h:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::seekCompleted):
        (WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):
        (WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::Notification):
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::function):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::runWithoutAnimations):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::convertToFormat):
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        * platform/graphics/gstreamer/MediaPlayerRequestInstallMissingPluginsCallback.h:
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::create):
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::MediaPlayerRequestInstallMissingPluginsCallback):
        * platform/graphics/win/GraphicsContextDirect2D.cpp:
        (WebCore::GraphicsContext::drawWithoutShadow):
        (WebCore::GraphicsContext::drawWithShadow):
        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::ClipboardSetData::ClipboardSetData):
        (WebCore::PasteboardHelper::writeClipboardContents):
        * platform/gtk/PasteboardHelper.h:
        * platform/gtk/PlatformPasteboardGtk.cpp:
        (WebCore::PlatformPasteboard::writeToClipboard):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::preparedToReturnToInline):
        (WebVideoFullscreenInterfaceAVKit::fullscreenMayReturnToInline):
        * platform/mac/PowerObserverMac.cpp:
        (WebCore::PowerObserver::PowerObserver):
        * platform/mac/PowerObserverMac.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isSecondLevelDomainNameAllowedByTLDRules):
        * platform/mediastream/CaptureDeviceManager.cpp:
        (CaptureDeviceManager::addCaptureDeviceChangedObserver):
        * platform/mediastream/CaptureDeviceManager.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::scheduleDeferredTask):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:
        (-[WebAVAudioSessionAvailableInputsListener initWithCallback:]):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:
        * platform/mock/ScrollAnimatorMock.cpp:
        (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
        * platform/mock/ScrollAnimatorMock.h:
        * platform/network/CookieStorage.h:
        * platform/network/NetworkStateNotifier.cpp:
        (WebCore::NetworkStateNotifier::addNetworkStateChangeListener):
        * platform/network/NetworkStateNotifier.h:
        * platform/network/NetworkStorageSession.cpp:
        (WebCore::NetworkStorageSession::forEach):
        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/CookieStorageCFNet.cpp:
        (WebCore::cookieChangeCallbackMap):
        (WebCore::startObservingCookieChanges):
        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::callOnMainThreadAndWait):
        * platform/network/mac/CookieStorageMac.mm:
        (-[WebCookieStorageObjCAdapter startListeningForCookieChangeNotificationsWithCallback:]):
        (WebCore::startObservingCookieChanges):
        * platform/network/soup/CookieStorageSoup.cpp:
        (WebCore::startObservingCookieChanges):
        * platform/network/soup/SoupNetworkSession.cpp:
        (WebCore::SoupNetworkSession::checkTLSErrors):
        * platform/network/soup/SoupNetworkSession.h:
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::destroyCollationFunction):
        (WebCore::callCollationFunction):
        (WebCore::SQLiteDatabase::setCollationFunction):
        * platform/sql/SQLiteDatabase.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::traverseVisibleNonCompositedDescendantLayers):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::paintItem):
        * rendering/RenderListBox.h:
        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::InlineIteratorHistory::push):
        (WebCore::BreakingContext::InlineIteratorHistory::update):
        * workers/Worker.cpp:
        (WebCore::Worker::Worker):
        * workers/WorkerRunLoop.cpp:

2017-06-20  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r218524.

        This change broke internal builds.

        Reverted changeset:

        "[Cocoa] The system Japanese font cannot be italicized"
        https://bugs.webkit.org/show_bug.cgi?id=173300
        http://trac.webkit.org/changeset/218524

2017-06-20  Daniel Bates  <dabates@apple.com>

        Have FrameLoadRequest takes a Frame& instead of a Frame*
        https://bugs.webkit.org/show_bug.cgi?id=173614
        <rdar://problem/32884890>

        Reviewed by Brent Fulgham.

        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::handleProvisionalLoadFailure):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        * page/DragController.cpp:
        (WebCore::DragController::performDragOperation):

2017-06-20  Daniel Bates  <dabates@apple.com>

        Skip Content Security Policy check for a media request using standard schemes initiated from
        an element in user agent shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=155505
        <rdar://problem/25169452>

        Reviewed by Brent Fulgham.

        This change makes the following tests pass on iOS 11:
            http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
            http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html

        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::requestResource):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading):

2017-06-20  Andreas Kling  <akling@apple.com>

        Remove no-op calls to purge SQLite caches on memory pressure.
        <https://webkit.org/b/173604>

        Reviewed by Chris Dumez.

        The implementation of _sqlite3_purgeEligiblePagerCacheMemory() is empty
        since a few releases ago, so there's no point in calling it.

        * page/MemoryRelease.cpp:
        (WebCore::registerMemoryReleaseNotifyCallbacks):
        (WebCore::registerSQLiteMemoryPressureHandler): Deleted.
        * page/MemoryRelease.h:
        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        (WebCore::registerSQLiteMemoryPressureHandler): Deleted.
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::initializeSQLiteIfNecessary):

2017-06-20  Devin Rousso  <drousso@apple.com>

        Web Inspector: add console messages for WebGL shader compile and program link errors/warnings
        https://bugs.webkit.org/show_bug.cgi?id=143236
        <rdar://problem/20352149>

        Reviewed by Dean Jackson.

        Test: fast/canvas/webgl/shader-compile-logging.html

        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::checkFramebufferStatus):
        (WebCore::WebGLRenderingContextBase::compileShader):
        (WebCore::WebGLRenderingContextBase::recycleContext):
        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness):
        (WebCore::WebGLRenderingContextBase::printToConsole):
        (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
        (WebCore::WebGLRenderingContextBase::synthesizeGLError):
        (WebCore::WebGLRenderingContextBase::printGLErrorToConsole): Deleted.
        (WebCore::WebGLRenderingContextBase::printWarningToConsole): Deleted.
        (WebCore::WebGLRenderingContextBase::printGLWarningToConsole): Deleted.
        Unify console logging helper functions to all follow the same path. Additionally, errors
        now generate stack traces. Shader compilation errors are now logged as well.

        * dom/Document.h:
        * dom/Document.cpp:
        (WebCore::Document::addConsoleMessage):
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::AddConsoleMessageTask):
        * page/PageConsoleClient.h:
        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::addMessage):
        * workers/WorkerGlobalScope.h:
        Add new path for logging to the console that accepts a ConsoleMessage.

2017-06-20  Saam Barati  <sbarati@apple.com>

        Unreviewed. Try to fix the build after r218594.

        * dom/Document.h:

2017-06-20  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218530.

        This revision caused multiple media stream test crashes on
        Debug builds.

        Reverted changeset:

        "Merge MediaDevicesRequest and MediaDevicesEnumerationRequest
        to tighten up code and object lifetime"
        https://bugs.webkit.org/show_bug.cgi?id=173527
        http://trac.webkit.org/changeset/218530

2017-06-19  Antoine Quint  <graouts@apple.com>

        Media document experience with long-loading files is poor
        https://bugs.webkit.org/show_bug.cgi?id=173575
        <rdar://problem/32178119>

        Reviewed by Dean Jackson.

        In order to avoid showing media controls at a different size than that of the video when we've
        received enough information to determine whether it's audio or video and what the video frame size
        is, we do not show any UI until we have enough information to show the controls in their correct
        initial state. This works well with local files and fast-loading files, but does not work well with
        invalid files, which never load and fail to ever show any UI, and files that load slowly where there
        is no visible feedback that content will be visible.

        Instead, we now default to showing audio controls in their loading state, which provides a seamless
        transition if we will be loading an audio file since the controls are initially in the correct state,
        and at least provide feedback that data is loading even if we eventually transition to a video layout.

        Additionally, we remove the invalid placard background in case the media is invalid, showing only the
        crossed-out play icon in the center of the page in that state.

        Tests: media/modern-media-controls/media-documents/media-document-invalid.html
               media/modern-media-controls/media-documents/media-document-video-with-initial-audio-layout.html

        * Modules/modern-media-controls/controls/media-document.css:
        (:host(.media-document)): Remove "visibility: hidden" since we want the media controls to be visible
        at all times.
        (:host(.media-document.audio)): Add a little padding on the x-axis to ensure audio controls never snap
        directly to the edges of the window.
        (:host(.media-document.audio.iphone)): Remove the iPhone-specific styling since we moved it to the
        general case.
        (:host(.media-document.video.invalid) .placard): Remove the background from the invalid placard when
        showing invalid media.
        (:host(.media-document.ready)): Deleted.
        * Modules/modern-media-controls/media/audio-support.js:
        (AudioSupport.prototype.syncControl): Make sure we invalidate the media document layout when a media
        document's media type changes.
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController): Instantiate the controls prior to creating the MediaDocumentController since the
        MediaDocumentController will need to access the controls.
        * Modules/modern-media-controls/media/media-document-controller.js:
        (MediaDocumentController): Set the default layout for media controls for a media document to be audio
        and in the waiting state.
        (MediaDocumentController.prototype.layout): Toggle the "invalid", "audio" and "video" CSS classes for
        the next possible commit to the DOM, provided we have established the media document's media type.
        (MediaDocumentController.prototype.handleEvent): Deal with the "play" and "error" events to trigger
        a layout.
        (MediaDocumentController.prototype._mediaDocumentHasMetadata): Deleted.
        (MediaDocumentController.prototype._mediaDocumentHasSize): Deleted.

2017-06-20  Daniel Bates  <dabates@apple.com>

        NavigationAction has too many constructors
        https://bugs.webkit.org/show_bug.cgi?id=173484

        Reviewed by Brady Eidson.

        A NavigationAction object is an immutable object that represents the details of a
        navigation, including the type of a navigation (e.g. link click), what triggered
        the navigation, and the external URL policy to use for the navigation. Over time
        the number of NavigationAction constructor overloads (not including copy/move
        constructors) has grown to 12 to support different combinations of details.
        We can use default values to reduce the number of constructors to 2 (not including
        copy/move constructors).

        No behavior changed. So, no new tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Pass NavigationType::Other when
        instantiating NavigationAction.
        (WebCore::FrameLoader::loadDifferentDocumentItem): Fix order of arguments now that
        the constructor overload that takes a NavigationType takes the Event* as the fourth argument,
        not the third. Also, use C++11 brace initialization syntax when instantiating a NavigationAction.
        (WebCore::createWindow):
        * loader/NavigationAction.cpp: Remove unnecessary #include of header ScriptController.h.
        Include header Event.h.
        (WebCore::NavigationAction::NavigationAction):
        * loader/NavigationAction.h: Forward declare class Event and remove #include of header Event.h.
        Make copy constructor, copy assignment operator, move constructor, and move assignment operator
        out-of-line to avoid the need to include header Event.h. Export the copy constructor so that it
        can be used from WebKit on the Apple Windows port. Move ShouldOpenExternalURLsPolicy to be after
        NavigationType to reduce the size of the class by 8 bytes.
        (WebCore::NavigationAction::NavigationAction):
        * loader/PolicyChecker.cpp: Include header Event.h.
        * page/Performance.cpp: Ditto.
        * replay/ReplayController.cpp: Ditto.

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Rename OrientationNotifer.h to OrientationNotifier.h
        https://bugs.webkit.org/show_bug.cgi?id=173600

        Reviewed by Youenn Fablet.

        No new tests needed.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.h:
        * platform/OrientationNotifier.h: Renamed from Source/WebCore/platform/OrientationNotifer.h.
        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/MockRealtimeVideoSourceMac.h:
        * testing/Internals.h:

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WTF
        https://bugs.webkit.org/show_bug.cgi?id=173553

        Reviewed by Saam Barati.

        No new tests needed.

        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
        Added missing include directive.

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WebCore/dom
        https://bugs.webkit.org/show_bug.cgi?id=173591

        Reviewed by Darin Adler.

        No new tests needed.

        * bindings/js/JSCustomElementRegistryCustom.cpp:
        * dom/Attr.h:
        * dom/ChildListMutationScope.h:
        * dom/ContainerNodeAlgorithms.cpp:
        * dom/ContainerNodeAlgorithms.h:
        * dom/CustomElementRegistry.h:
        * dom/DOMRect.h:
        * dom/DocumentMarkerController.h:
        * dom/ElementIteratorAssertions.h:
        * dom/ElementRareData.h:
        * dom/EventContext.h:
        * dom/EventDispatcher.h:
        * dom/ExtensionStyleSheets.h:
        * dom/GenericEventQueue.h:
        * dom/LiveNodeList.h:
        * dom/LoadableClassicScript.h:
        * dom/LoadableScript.h:
        * dom/MutationCallback.h:
        * dom/NativeNodeFilter.h:
        * dom/NodeRareData.h:
        * dom/PromiseRejectionEvent.h:
        * dom/PseudoElement.h:
        * dom/Range.h:
        * dom/RegisteredEventListener.h:
        * dom/RejectedPromiseTracker.cpp:
        * dom/ScopedEventQueue.h:
        * dom/ScriptElement.h:
        * dom/ScriptExecutionContext.h:
        * dom/ScriptedAnimationController.cpp:
        * dom/ScriptedAnimationController.h:
        * dom/SelectorQuery.h:
        * dom/StaticNodeList.h:
        * dom/StaticRange.h:
        * dom/default/PlatformMessagePortChannel.h:
        * testing/Internals.cpp:
        * workers/WorkerGlobalScope.h:

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WebCore/css
        https://bugs.webkit.org/show_bug.cgi?id=173554

        Reviewed by Alex Christensen.

        No new tests needed.

        * css/CSSComputedStyleDeclaration.h:
        * css/CSSContentDistributionValue.h:
        * css/CSSCursorImageValue.h:
        * css/CSSFilterImageValue.h:
        * css/CSSFontFace.h:
        * css/CSSFontFeatureValue.h:
        * css/CSSFontStyleRangeValue.h:
        * css/CSSFontVariationValue.h:
        * css/CSSImageGeneratorValue.h:
        * css/CSSImageSetValue.h:
        * css/CSSInheritedValue.h:
        * css/CSSInitialValue.h:
        * css/CSSKeyframeRule.cpp:
        * css/CSSKeyframeRule.h:
        * css/CSSLineBoxContainValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSPrimitiveValueMappings.h:
        * css/CSSPropertySourceData.h:
        * css/CSSReflectValue.h:
        * css/CSSRevertValue.h:
        * css/CSSSelector.h:
        * css/CSSStyleSheet.h:
        * css/CSSToLengthConversionData.h:
        * css/CSSUnsetValue.h:
        * css/CSSValue.h:
        * css/CSSValuePool.h:
        * css/CSSVariableData.h:
        * css/DeprecatedCSSOMCounter.h:
        * css/DeprecatedCSSOMRGBColor.h:
        * css/DeprecatedCSSOMRect.h:
        * css/DeprecatedCSSOMValue.h:
        * css/RuleSet.h:
        * css/SelectorChecker.h:
        * css/StyleBuilderConverter.h:
        * css/StyleBuilderCustom.h:
        * css/StyleProperties.h:
        * css/StyleResolver.cpp:
        * css/StyleResolver.h:
        * css/StyleSheet.h:
        * css/StyleSheetContents.h:
        * css/ViewportStyleResolver.h:
        * css/parser/CSSDeferredParser.h:
        * css/parser/CSSParserIdioms.h:
        * css/parser/CSSParserImpl.cpp:
        * css/parser/CSSParserImpl.h:
        * css/parser/CSSParserObserver.h:
        * css/parser/CSSParserSelector.h:
        * css/parser/CSSPropertyParserHelpers.h:
        * css/parser/MediaQueryParser.cpp:
        * css/parser/MediaQueryParser.h:
        * css/parser/SizesAttributeParser.cpp:
        * css/parser/SizesAttributeParser.h:
        * html/BaseCheckableInputType.cpp:
        * html/MediaController.cpp:
        * html/track/TextTrack.cpp:
        * html/track/TextTrackCue.cpp:
        * html/track/VideoTrack.cpp:
        * loader/TextTrackLoader.cpp:

2017-06-20  Miguel Gomez  <magomez@igalia.com>

        [GTK] Layout Test fast/canvas/webgl/tex-image-and-sub-image-2d-with-video.html makes the subsequent test case flaky crash.
        https://bugs.webkit.org/show_bug.cgi?id=173459

        Reviewed by Carlos Garcia Campos.

        When destructing the VideoTextureCopierGStreamer, ensure that there's a previous gl context before trying
        to make it current again. There are situations where no previous context may exist, which can trigger a crash.
        Also, add DefaultImageOrientation to the switch that handles the video frame possible orientations, as it's the
        value used when no rotation needs to be performed, and it's currently triggering an assertion.

        Covered by existent tests.

        * platform/graphics/gstreamer/VideoTextureCopierGStreamer.cpp:
        (WebCore::VideoTextureCopierGStreamer::~VideoTextureCopierGStreamer):
        (WebCore::VideoTextureCopierGStreamer::updateTextureSpaceMatrix):

2017-06-19  Devin Rousso  <drousso@apple.com>

        Web Inspector: create canvas content view and details sidebar panel
        https://bugs.webkit.org/show_bug.cgi?id=138941
        <rdar://problem/19051672>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/requestContent.html
               inspector/canvas/requestNode.html

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestNode):
        Gets the node id of the backing canvas element.

        (WebCore::InspectorCanvasAgent::requestContent):
        Gets the current image content of the canvas.

        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        Minor fixes from r218376 <https://webkit.org/b/172623>.

        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        Optionally send the `nodeId` of the backing canvas element if it is available.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):

2017-06-19  Frederic Wang  <fwang@igalia.com>

        [iOS] Always include frames in the scrolling tree when async frame scrolling is enabled
        https://bugs.webkit.org/show_bug.cgi?id=173405

        Reviewed by Simon Fraser.

        Currently "async frame scrolling" is ignored on iOS. This commit changes that behavior to
        align on macOS and is a preliminary step to implement iframe scrolling on iOS (bug 149264).

        Test: compositing/iframes/compositing-for-scrollable-iframe.html
              fast/scrolling/scrolling-tree-includes-frame.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame): Do not require
        compositing when "async frame scrolling" is enabled on iOS.

2017-06-19  Frederic Wang  <fwang@igalia.com>

        [Mac] Add an experimental feature setting for async frame scrolling
        https://bugs.webkit.org/show_bug.cgi?id=173359

        Reviewed by Simon Fraser.

        The necessary work to use compositing for frames and include them in the scrolling tree on
        macOS was performed in r217726 and r217730. ScrollingTreeIncludesFrames was used to
        determine when this behavior should be enabled. However, this does not work well on iOS where
        ScrollingTreeIncludesFrames defaults to true and really means "include the frames in the
        scrolling tree when necessary". Hence we instead introduce a new "async frame scrolling"
        switch to enable the behavior on macOS, which will also be used in a follow-up commit on iOS.
        This new setting is also made an "experimental feature", so that it will be more convenient
        for developer to try it.

        Test: compositing/iframes/compositing-for-scrollable-iframe.html
              fast/scrolling/scrolling-tree-includes-frame.html

        * page/Settings.in: Declare new setting for async frame scrolling.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::coordinatesScrollingForFrameView): Also include frames in
        scrolling tree when async frame scrolling is enabled.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame): Rely on async frame
        scrolling to decide when compositing is needed.

2017-06-19  Zalan Bujtas  <zalan@apple.com>

        AX: Remove redundant AXObjectCache::textChanged(RenderObject*).
        https://bugs.webkit.org/show_bug.cgi?id=173579
        <rdar://problem/32865367>

        Reviewed by Antti Koivisto.

        All calls go through textChanged(Node*) method.

        * accessibility/AXObjectCache.cpp:
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::getOrCreate):

2017-06-19  Darin Adler  <darin@apple.com>

        Merge MediaDevicesRequest and MediaDevicesEnumerationRequest to tighten up code and object lifetime
        https://bugs.webkit.org/show_bug.cgi?id=173527

        Reviewed by Sam Weinig.

        * CMakeLists.txt: Removed MediaDevicesRequest.cpp.

        * Modules/mediastream/MediaDeviceInfo.cpp:
        (WebCore::MediaDeviceInfo::MediaDeviceInfo): Removed unneeded ScriptExecutionContext.
        (WebCore::MediaDeviceInfo::create): Ditto.
        * Modules/mediastream/MediaDeviceInfo.h: Removed unnecessary derivation from
        ContextDestructionObserver and ScriptExecutionContext arguments. Also removed
        unused MediaDeviceInfoVector typedef.
        * Modules/mediastream/MediaDeviceInfo.idl: Added ImplementationLacksVTable.

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::enumerateDevices): Call MediaDevicesEnumerationRequest
        directly here instead of going through MediaDevicesRequest.

        * Modules/mediastream/MediaDevicesEnumerationRequest.cpp: Moved code from
        MediaDevicesRequest in here. Put the typical counts at the top of the file.
        (WebCore::MediaDevicesEnumerationRequest::MediaDevicesEnumerationRequest):
        Marked inline and changed to take a DOM promise directly rather than having
        a separate class do the mapping to DOM promises.
        (WebCore::MediaDevicesEnumerationRequest::start): Replaced the create function
        with this. The caller doesn't actually keep a reference to the object.
        Added a FIXME about the behavior, not new, where we neither resolve nor reject
        the promise if there is no page object present. Updated to use the new version
        of UserMediaController::from.
        (WebCore::MediaDevicesEnumerationRequest::~MediaDevicesEnumerationRequest):
        Added a FIXME about the issue that we don't resolve or reject the promise if
        the client drops the last reference to the request without calling setDeviceInfo.
        (WebCore::MediaDevicesEnumerationRequest::document): Added. Private helper.
        Returns nullptr if the request is no longer active.
        (WebCore::MediaDevicesEnumerationRequest::frame): Added. For use by a caller
        that was getting to the frame. Uses the document function so it will return
        nullptr if the request is no longer active.
        (WebCore::MediaDevicesEnumerationRequest::userMediaDocumentOrigin): Changed
        to do the work using the document function.
        (WebCore::MediaDevicesEnumerationRequest::topLevelDocumentOrigin): Ditto.
        (WebCore::MediaDevicesEnumerationRequest::contextDestroyed): Simplified. We
        now can simply set a boolean when the context is destroyed, so there are no
        side effects and the code is simpler.
        (WebCore::removeAtypicalDevices): Renamed and tightened up the code a bit.
        (WebCore::MediaDevicesEnumerationRequest::setDeviceInfo): Moved the code
        here from MediaDevicesEnumerationRequest to pass the devices along.

        * Modules/mediastream/MediaDevicesEnumerationRequest.h: Made the
        ContextDestructionObserver use private inheritance. Cut down the includes
        and removed various unneeded functions.

        * Modules/mediastream/MediaDevicesRequest.cpp: Removed.
        * Modules/mediastream/MediaDevicesRequest.h: Removed.

        * Modules/mediastream/UserMediaController.cpp:
        (WebCore::UserMediaController::UserMediaController): Use reference rather
        than pointer for the client.
        (WebCore::UserMediaController::~UserMediaController): Ditto.
        (WebCore::provideUserMediaTo): Ditto.

        * Modules/mediastream/UserMediaController.h:
        Changed constructor to take a refeference, removed client function, and
        changed data member to be a reference rather than a pointer.
        (WebCore::UserMediaController::from): Take and return a reference rather
        than taking a pointer that is checked for null.
        (WebCore::UserMediaController::requestUserMediaAccess): Use reference.
        (WebCore::UserMediaController::cancelUserMediaAccessRequest): Ditto.
        (WebCore::UserMediaController::enumerateMediaDevices): Ditto.
        (WebCore::UserMediaController::cancelMediaDevicesEnumerationRequest): Ditto.

        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::start): Updated to use the new version
        of UserMediaController::from.

        * WebCore.xcodeproj/project.pbxproj: Updated for file removals.

        * testing/Internals.cpp: Removed unneeded include of UserMediaController.h.

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Move Touch related bindings in Document to their own IDL file
        https://bugs.webkit.org/show_bug.cgi?id=173521

        Reviewed by Alex Christensen.

        Rather than #including in the middle of an IDL file, this moves the touch related
        bindings in Document.idl to a new partial interface for Document in DocumentTouch.idl.
        While here, remove the custom binding for createTouchList.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::createTouchList): Deleted.
        Remove createTouchList. It can be generated now.

        * dom/Document.cpp:
        (WebCore::Document::createTouch): Deleted.
        * dom/Document.h:
        Move touch related bindings code to DocumentTouch.h/cpp.
        Remove DocumentIOSForward as it is no longer needed.

        * dom/Document.idl:
        Move touch related bindings to DocumentTouch.idl
        
        * dom/DocumentTouch.h: Added.
        * dom/DocumentTouch.cpp: Added.
        (WebCore::DocumentTouch::createTouch):
        Moved from Document.

        (WebCore::DocumentTouch::createTouchList):
        Added to aid generated binding.

        * dom/DocumentTouch.idl: Added.
        Moved operations from Document.h

        * dom/TouchList.h:
        (WebCore::TouchList::create):
        (WebCore::TouchList::TouchList):
        Added create that works with the bindings.

        * dom/ios/TouchEvents.cpp:
        Add DocumentTouchIOS.h and sort.

2017-06-19  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] The system Japanese font cannot be italicized
        https://bugs.webkit.org/show_bug.cgi?id=173300
        <rdar://problem/31805407>

        Reviewed by Ryosuke Niwa.

        Items in the system font cascade list may lie about whether or not they support italics.
        In order to get the truth, we need to use the physical font underlying the font in question,
        because this one won't lie. Then, we can interrogate this physical font about its traits
        in order to synthesize italics correctly.

        Test: fast/text/system-font-japanese-synthetic-italic.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):

2017-06-19  Daewoong Jang  <daewoong.jang@navercorp.com>

        [cURL] Move file scope static variables into function scopes
        https://bugs.webkit.org/show_bug.cgi?id=173567

        Reviewed by Alex Christensen.

        * platform/network/curl/SSLHandle.cpp:
        (WebCore::allowedHosts):
        (WebCore::allowedClientHosts):
        (WebCore::allowsAnyHTTPSCertificateHosts):
        (WebCore::addAllowedClientCertificate):
        (WebCore::setSSLClientCertificate):
        (WebCore::sslIgnoreHTTPSCertificate):
        (WebCore::certVerifyCallback):

2017-06-19  Darin Adler  <darin@apple.com>

        [Cocoa] implement URLSession:task:needNewBodyStream: delegate method
        https://bugs.webkit.org/show_bug.cgi?id=173551
        rdar://problem/32250512

        Reviewed by Alex Christensen.

        Covered by http/tests/misc/form-blob-challenge.html

        * WebCore.xcodeproj/project.pbxproj: Removed NSURLRequestSPI.h.

        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::createHTTPBodyCFReadStream): Factored this out from setHTTPBody.
        (WebCore::setHTTPBody): Factored out the function above.
        * platform/network/cf/FormDataStreamCFNet.h: Added createHTTPBodyCFReadStream.

        * platform/network/cocoa/ResourceRequestCocoa.mm: Use CFNetworkSPI.h.
        * platform/network/ios/ResourceRequestIOS.mm: Ditto.

        * platform/network/mac/FormDataStreamMac.h: Added createHTTPBodyNSInputStream.
        * platform/network/mac/FormDataStreamMac.mm:
        (WebCore::createHTTPBodyNSInputStream): Added/

        * platform/network/mac/ResourceHandleMac.mm: Use CFNetworkSPI.h.
        * platform/network/mac/ResourceRequestMac.mm: Ditto.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm: Ditto.
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: Ditto.

        * platform/network/mac/WebCoreURLResponse.h: Moved SPI declarations from
        here into CFNetworkSPI.h.

        * platform/spi/cf/CFNetworkSPI.h: Use #pragma once, consolidated SPI that was
        defined in scattered locations.

        * platform/spi/cocoa/NSURLRequestSPI.h: Removed. Superceded by CFNetworkSPI.h.

2017-06-19  Brady Eidson  <beidson@apple.com>

        Various IndexedDB crashes as an after effect of previous test.
        <rdar://problem/31418761> and https://bugs.webkit.org/show_bug.cgi?id=170436

        Reviewed by Chris Dumez.

        No new test (No consistent test possible, in practice covered by all existing IDB tests)

        This is timing related, where a UniqueIDBDatabase can be destroyed on the main thread while
        it still has one task left to try to execute on the IDBServer thread.
        
        The background thread tasks don't Ref<> the UniqueIDBDatabase, so even though task execution
        took a Ref<> protector, there was still a small window for a race.
        
        Should be closed up by making the background thread tasks themselves protect this.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for serializers that have members that are themselves serializers (or inherit being a serializer from a parent)
        https://bugs.webkit.org/show_bug.cgi?id=173395

        Reviewed by Simon Fraser.

        Test: fast/css/DOMQuad-serialization.html

        * bindings/scripts/CodeGenerator.pm:
        (InheritsSerializable):
        Helper to determine if an interface inherits from any interfaces
        that are serializable. This is necessary because an attribute is
        serializable even if its interface is not marked as serializable. 

        (IsSerializableAttribute):
        Check ancestor interfaces as well to determine serializability.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateSerializerDefinition):
        Specialize attributes that are serializable interfaces to call its interfaces
        serialize function, thus allowing nested objects to be serialized.

        * dom/DOMQuad.idl:
        Add serializer.

        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp: Added.
        * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.h: Added.
        * bindings/scripts/test/TestSerialization.idl:
        * bindings/scripts/test/TestSerializationIndirectInheritance.idl: Added.
        Add and update tests.

2017-06-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218505.
        https://bugs.webkit.org/show_bug.cgi?id=173563

        "It would break internal builds" (Requested by youenn on
        #webkit).

        Reverted changeset:

        "[WebRTC] Prevent capturing at unconventional resolutions when
        using the SW encoder on Mac"
        https://bugs.webkit.org/show_bug.cgi?id=172602
        http://trac.webkit.org/changeset/218505

2017-06-19  Zalan Bujtas  <zalan@apple.com>

        Opening certain mails brings up a mail that grows indefinitely.
        https://bugs.webkit.org/show_bug.cgi?id=173562
        <rdar://problem/32766579>

        Reviewed by Tim Horton.

        This reverts the logic where m_autoSizeContentSize always reflects the final layout's.
        When the ICB's height is 100%, it causes infinite recursion.
        See also webkit.org/b/173561.

        * page/FrameView.cpp:
        (WebCore::FrameView::autoSizeIfEnabled):

2017-06-19  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support .zip archives for file uploads via drag and drop
        https://bugs.webkit.org/show_bug.cgi?id=173511
        <rdar://problem/32521025>

        Reviewed by Tim Horton.

        Allows dropped .zip archives to be uploaded as files by accepting types conforming to either
        "public.zip-archive" or "public.content" as potential file types. Initially, I opted to accept the more general
        "public.data" type; however, this includes UTIs such as "public.url" that should not be represented as files, so
        this is a more targeted fix that allows us to very easily add additional content types in the future by adding
        more types to supportedFileUploadPasteboardTypes.

        Tests:
        DataInteractionTests.ExternalSourceZIPArchiveToUploadArea
        DataInteractionTests.ExternalSourceZIPArchiveAndURLToSingleFileInput

        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        * platform/Pasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::supportedWebContentPasteboardTypes):
        (WebCore::Pasteboard::supportedFileUploadPasteboardTypes):

        Rename supportedPasteboardTypes to supportedWebContentPasteboardTypes, and also introduce
        supportedFileUploadPasteboardTypes which returns an list of types, such that if a type conforms to any type in
        this array, that type may be represented as a file. So far, this list contains "public.content" and
        "public.zip-archive".

        (WebCore::Pasteboard::types):
        (WebCore::Pasteboard::supportedPasteboardTypes): Deleted.
        * platform/ios/WebItemProviderPasteboard.mm:
        (typeConformsToTypes):

        Remove -typeIsAppropriateForSupportedTypes: and replace it with typeConformsToTypes. Use this both when
        determining the number of files on the pasteboard, and when determining preferred UTIs to load when dropping.

        (-[WebItemProviderPasteboard numberOfFiles]):
        (-[WebItemProviderPasteboard typeIdentifierToLoadForRegisteredTypeIdentfiers:]):
        (-[WebItemProviderPasteboard typeIsAppropriateForSupportedTypes:]): Deleted.
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::containsFiles):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::supportedFileUploadPasteboardTypes):

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom binding for Document.getCSSCanvasContext()
        https://bugs.webkit.org/show_bug.cgi?id=173516

        Reviewed by Chris Dumez.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::visitAdditionalChildren):
        (WebCore::JSDocument::getCSSCanvasContext): Deleted.
        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasContext):
        * dom/Document.h:
        * dom/Document.idl:
        Use a Variant to pass the context and type to the bindings.

2017-06-19  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Prevent capturing at unconventional resolutions when using the SW encoder on Mac
        https://bugs.webkit.org/show_bug.cgi?id=172602
        <rdar://problem/32407693>

        Reviewed by Eric Carlson.

        Test: platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html

        Add internal API to switch on/off hardware H264 encoder.
        Add checks for standard size. If using a software encoder and frame size is not standard,
        the session is destroyed and no frame is sent at all.

        Added tests based on captureStream.
        Fixed the case of capturing a canvas which size is changing.

        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.h:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        (WebCore::H264VideoToolboxEncoder::setHardwareEncoderForWebRTCAllowed):
        (WebCore::H264VideoToolboxEncoder::hardwareEncoderForWebRTCAllowed):
        (WebCore::isUsingSoftwareEncoder):
        (WebCore::H264VideoToolboxEncoder::CreateCompressionSession):
        (isStandardFrameSize): Added.
        (isUsingSoftwareEncoder): Added.
        * testing/Internals.cpp:
        (WebCore::Internals::setH264HardwareEncoderAllowed):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-19  Brady Eidson  <beidson@apple.com>

        Cleanup IconLoader stuff when a DocumentLoader detaches from its frame.
        <rdar://problem/31418761> and https://bugs.webkit.org/show_bug.cgi?id=173473

        Reviewed by Alex Christensen.

        No new tests (No known change in behavior)

        I discovered the need to make these changes here due to a transient bug
        introduced in r218015 but already explicitly fixed in r218409.
        
        This change adds an assert to guard against a detached DocumentLoader having active IconLoaders.

        It also clears out all pending IconLoader and icon load decisions when stopLoading() is called, 
        as even attempting to start an icon load after detachment is a waste of cycles.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading): Also explicitly clear all IconLoaders and icons pending
          load decision.
        (WebCore::DocumentLoader::finishedLoadingIcon): Assert that this DocumentLoader is not detached.

2017-06-19  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in more places in WebCore/
        https://bugs.webkit.org/show_bug.cgi?id=173535

        Reviewed by Antti Koivisto.

        Use WTF::Function instead of std::function in more places in WebCore/ to avoid copying.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::matchedParent):
        * accessibility/AccessibilityObject.h:
        * animation/DocumentAnimation.cpp:
        (WebCore::DocumentAnimation::getAnimations):
        * animation/DocumentAnimation.h:
        (WebCore::DocumentAnimation::getAnimations):
        * contentextensions/CombinedURLFilters.cpp:
        (WebCore::ContentExtensions::CombinedURLFilters::processNFAs):
        * contentextensions/CombinedURLFilters.h:
        * contentextensions/DFACombiner.cpp:
        (WebCore::ContentExtensions::DFACombiner::combineDFAs):
        * contentextensions/DFACombiner.h:
        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::traverseSubresources):
        * css/CSSCrossfadeValue.h:
        * css/CSSFilterImageValue.cpp:
        (WebCore::CSSFilterImageValue::traverseSubresources):
        * css/CSSFilterImageValue.h:
        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::traverseSubresources):
        * css/CSSFontFaceSrcValue.h:
        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::traverseSubresources):
        * css/CSSImageSetValue.h:
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::traverseSubresources):
        * css/CSSImageValue.h:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::traverseSubresources):
        * css/CSSValue.h:
        * css/CSSValueList.cpp:
        (WebCore::CSSValueList::traverseSubresources):
        * css/CSSValueList.h:
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::traverseSubresources):
        * css/StyleProperties.h:
        * css/StyleSheetContents.cpp:
        (WebCore::traverseSubresourcesInRules):
        (WebCore::StyleSheetContents::traverseSubresources):
        * css/StyleSheetContents.h:
        * dom/Element.cpp:
        (WebCore::Element::getAnimations):
        * editing/TextIterator.cpp:
        (WebCore::findPlainTextMatches):
        (WebCore::findClosestPlainText):
        (WebCore::findPlainText):
        * editing/mac/DictionaryLookup.h:
        * editing/mac/DictionaryLookup.mm:
        (WebCore::showPopupOrCreateAnimationController):
        (WebCore::DictionaryLookup::showPopup):
        (WebCore::DictionaryLookup::animationControllerForPopup):
        * fileapi/AsyncFileStream.cpp:
        (WebCore::AsyncFileStream::perform):
        (WebCore::AsyncFileStream::getSize):
        (WebCore::AsyncFileStream::openForRead):
        (WebCore::AsyncFileStream::read):
        * fileapi/AsyncFileStream.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
        (WebCore::HTMLMediaElement::setVideoFullscreenLayer):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
        (WebCore::HTMLMediaElement::setVideoFullscreenLayer):
        * loader/EmptyClients.cpp:
        (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
        (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
        (WebCore::EmptyFrameLoaderClient::dispatchWillSubmitForm):
        * loader/FrameLoaderClient.h:
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create):
        * loader/archive/cf/LegacyWebArchive.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::forEachResource):
        (WebCore::MemoryCache::forEachSessionResource):
        * loader/cache/MemoryCache.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):
        (WebCore::DOMWindow::showModalDialog):
        * page/DOMWindow.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::applyRecursivelyWithVisibleRect):
        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):
        (WebCore::Page::decrementNestedRunLoopCount):
        (WebCore::Page::whenUnnested):
        * page/Page.h:
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::clearAllTestDeferrals):
        (WebCore::WheelEventTestTrigger::setTestCallbackAndStartNotificationTimer):
        (WebCore::WheelEventTestTrigger::triggerTestTimerFired):
        * page/WheelEventTestTrigger.h:
        * page/WindowFeatures.cpp:
        (WebCore::processFeaturesString):
        * page/WindowFeatures.h:
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::RingBuffer::forEach):
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        (WebCore::WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer):
        (WebCore::WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer):
        (WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setVideoFullscreenLayer):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayer::setVideoFullscreenLayer):
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer):

2017-06-19  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WebCore/Modules
        https://bugs.webkit.org/show_bug.cgi?id=173534

        Reviewed by Alex Christensen.

        Use WTF::Function instead of std::function in WebCore/Modules to avoid
        copying.

        * Modules/applepay/PaymentCoordinatorClient.h:
        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/legacy/LegacyCDM.cpp:
        (WebCore::CDMFactory::CDMFactory):
        (WebCore::CDM::registerCDMFactory):
        * Modules/encryptedmedia/legacy/LegacyCDM.h:
        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::changeActiveMediaElements):
        (WebCore::MediaSession::safelyIterateActiveMediaElements):
        * Modules/mediasession/MediaSession.h:
        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::matchTransceiver):
        * Modules/mediastream/MediaStreamRegistry.cpp:
        (WebCore::MediaStreamRegistry::forEach):
        * Modules/mediastream/MediaStreamRegistry.h:

2017-06-19  Youenn Fablet  <youenn@apple.com>

        A cloned MediaStreamTrack should mute independently other tracks using the same source
        https://bugs.webkit.org/show_bug.cgi?id=172831
        <rdar://problem/32518527>

        Reviewed by Eric Carlson.

        Test: webrtc/clone-audio-track.html

        Move enabled handling in MediaStreamTrackPrivate instead of RealtimeMediaSource.
        Move WebRTC and WebAudio customers of RealtimeMediaSource to MediaStreamTrackPrivate.
        Move creation of WebAudio provider to MediaStreamTrackPrivate.

        This allows changing some parameters of tracks having the same source independently.
        Using this for enabled track attribute.

        We no longer stop generating frames in case track is disabled.
        This should be added back as an optimization in a follow-up.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::addTrack):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::LibWebRTCPeerConnectionBackend::replaceTrack):
        * Modules/webaudio/MediaStreamAudioSource.cpp:
        * Modules/webaudio/MediaStreamAudioSource.h:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::create):
        (WebCore::MediaStreamTrackPrivate::~MediaStreamTrackPrivate):
        (WebCore::MediaStreamTrackPrivate::setEnabled):
        (WebCore::MediaStreamTrackPrivate::audioSourceProvider):
        (WebCore::MediaStreamTrackPrivate::videoSampleAvailable):
        (WebCore::MediaStreamTrackPrivate::audioSamplesAvailable):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        (WebCore::MediaStreamTrackPrivate::Observer::audioSamplesAvailable):
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::removeObserver):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioCaptureSource::startProducingData):
        (WebCore::CoreAudioCaptureSource::stopProducingData):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:
        * platform/mediastream/mac/MockRealtimeAudioSourceMac.h:
        * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
        (WebCore::MockRealtimeAudioSourceMac::render):
        * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
        (WebCore::RealtimeIncomingAudioSource::~RealtimeIncomingAudioSource):
        (WebCore::RealtimeIncomingAudioSource::OnData):
        * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
        * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
        (WebCore::RealtimeIncomingVideoSource::pixelBufferFromVideoFrame):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::RealtimeOutgoingAudioSource):
        (WebCore::RealtimeOutgoingAudioSource::setSource):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::RealtimeOutgoingVideoSource):
        (WebCore::RealtimeOutgoingVideoSource::setSource):
        (WebCore::RealtimeOutgoingVideoSource::initializeFromSource):
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
        (WebCore::WebAudioSourceProviderAVFObjC::create):
        (WebCore::WebAudioSourceProviderAVFObjC::WebAudioSourceProviderAVFObjC):
        (WebCore::WebAudioSourceProviderAVFObjC::setClient):
        (WebCore::WebAudioSourceProviderAVFObjC::audioSamplesAvailable):
        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::generateFrame):
        * platform/spi/cocoa/PassKitSPI.h:

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Properly model buffer source / typed arrays as their own IDL types
        https://bugs.webkit.org/show_bug.cgi?id=173513

        Reviewed by Alex Christensen.

        - Adds IDL type hierarchy for buffer source types.
        - Includes a special type, IDLArrayBufferView, which WebIDL defines as the union
          of DataView and all the typed array types, but we model as shared base class.
          This should not be observable, and allows us to avoid using a Variant for ArrayBufferView
          and instead use the existing base class.
        - Add builtin typedefs for BufferSource and DOMTimeStamp as defined in WebIDL. As noted
          above, rather than define a typedef of ArrayBufferView that maps to a union, we treat
          it as a special type.

        * bindings/IDLTypes.h:
        Add type hierarchy for buffer source types.
        - IDLBufferSource is the root
        - IDLArrayBuffer, IDLArrayBufferView, IDLDataView, IDLTypedArray derive from it.
        - And then the specific typed array types derive from IDLTypedArray, and are defined
          in JSDOMConvertBufferSource so we don't have to include a ton of typed array includes
          in this file, as they cannot be forward declared.

        * bindings/js/JSDOMConvertBufferSource.h:
        (WebCore::Detail::BufferSourceConverter::convert):
        (WebCore::Converter<IDLArrayBuffer>::convert):
        (WebCore::JSConverter<IDLArrayBuffer>::convert):
        (WebCore::Converter<IDLDataView>::convert):
        (WebCore::JSConverter<IDLDataView>::convert):
        (WebCore::Converter<IDLInt8Array>::convert):
        (WebCore::JSConverter<IDLInt8Array>::convert):
        (WebCore::Converter<IDLInt16Array>::convert):
        (WebCore::JSConverter<IDLInt16Array>::convert):
        (WebCore::Converter<IDLInt32Array>::convert):
        (WebCore::JSConverter<IDLInt32Array>::convert):
        (WebCore::Converter<IDLUint8Array>::convert):
        (WebCore::JSConverter<IDLUint8Array>::convert):
        (WebCore::Converter<IDLUint16Array>::convert):
        (WebCore::JSConverter<IDLUint16Array>::convert):
        (WebCore::Converter<IDLUint32Array>::convert):
        (WebCore::JSConverter<IDLUint32Array>::convert):
        (WebCore::Converter<IDLUint8ClampedArray>::convert):
        (WebCore::JSConverter<IDLUint8ClampedArray>::convert):
        (WebCore::Converter<IDLFloat32Array>::convert):
        (WebCore::JSConverter<IDLFloat32Array>::convert):
        (WebCore::Converter<IDLFloat64Array>::convert):
        (WebCore::JSConverter<IDLFloat64Array>::convert):
        (WebCore::Converter<IDLArrayBufferView>::convert):
        (WebCore::JSConverter<IDLArrayBufferView>::convert):
        Add native and javascript conversion for all the new types.

        * bindings/js/JSDOMConvertUnion.h:
        Add support for steps 7, 8, and 9 of the union conversion algorithm now that
        buffer source types are properly modeled.

        * bindings/js/JSSubtleCryptoCustom.cpp:
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        Replace use of now repurposed IDLBufferSource, with its definition, IDLUnion<IDLArrayBufferView, IDLArrayBuffer>.

        * bindings/scripts/CodeGenerator.pm:
        (IsBufferSourceType):
        Renamed from IsTypedArrayType.

        (IsNonPointerType): Deleted.
        Was only used by DumpRenderTree and WebKitTestRunner generators. They have 
        been switched to the equivalent IsPrimitiveType.

        (IsTypedArrayType): Deleted.
        Renamed to IsBufferSourceType.

        (IsRefPtrType): Deleted. Unused.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (AddClassForwardIfNeeded):
        (GetArgumentExceptionFunction):
        (GetAttributeExceptionFunction):
        (PassArgumentExpression):
        (GenerateDefaultValue):
        (GenerateOverloadDispatcher):
        (ShouldPassArgumentByReference):
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Update for rename of IsTypedArrayType -> IsBufferSourceType and remove specialized BufferSource
        condition.

        (GetBaseIDLType):
        Add mappings for new buffer source types.

        * bindings/scripts/IDLParser.pm:
        (Parse):
        Insert builtin typedefs to the typedef map before parsing.

        (addBuiltinTypedefs):
        Generate typedefs for BufferSource and DOMTimeStamp as specified by WebIDL.

        (applyTypedefs):
        Add support for applying typedefs to iterable and maplike, necessary now because BufferSource
        is used as the key to iterable in MediaKeyStatusMap.idl

        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.h:
        Update test results.

        * bindings/scripts/test/TestTypedefs.idl:
        Add tests for builtin typedefs.

        * Modules/geolocation/Geoposition.idl:
        * dom/Event.idl:
        * fileapi/Blob.idl:
        * fileapi/File.idl:
        * page/FrameView.h:
        * xml/XMLHttpRequest.idl:
        Remove typedef for DOMTimeStamp and BufferSource which are now automatically included.

2017-06-19  Adrian Perez de Castro  <aperez@igalia.com>

        Missing <functional> includes make builds fail with GCC 7.x
        https://bugs.webkit.org/show_bug.cgi?id=173544

        Unreviewed gardening.

        Fix compilation with GCC 7.

        * Modules/mediastream/MediaStreamRegistry.h:
        * animation/DocumentAnimation.h:
        * page/WheelEventTestTrigger.h:
        * page/csp/ContentSecurityPolicy.h:
        * platform/Timer.h:
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        * platform/network/NetworkStorageSession.h:

2017-06-19  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed build fix after r218484.

        Properly access the GCryptCipherOperation type (now CipherOperation)
        in the PAL::GCrypt namespace. This somehow worked in local builds.

        * crypto/gcrypt/CryptoAlgorithmAES_CTRGCrypt.cpp:
        (WebCore::callOperation):
        (WebCore::gcryptAES_CTR):

2017-06-19  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] AES_CTR support
        https://bugs.webkit.org/show_bug.cgi?id=171420

        Reviewed by Michael Catanzaro.

        Implement AES_CTR support for build configurations that use libgcrypt.

        Both encryption and decryption operations are handled in a single gcryptAES_CTR() function,
        with the specific operation being passed as the first argument. The appropriate AES
        algorithm is picked, and a gcry_cipher_hd_t object is created and has the given key set.
        This key will remain the same throughout the gcry_cipher_hd_t lifetime, even after
        gcry_cipher_reset() calls.

        The encrypt/decrypt operation is wrapped into a helper lambda functor that accepts the
        given counter and input data. It resets the cipher object, sets the counter data, and
        performs the specified operation, returning the output data.

        libgcrypt doesn't support setting counter data on a gcry_cipher_hd_t object with only
        part of that data being used as the actual counter, with the rest acting as a nonce, like
        the Web Crypto specification allows. We have to implement the support for that on our own.

        We compute the number of blocks we'll be processing and the upper exclusive limit for the
        given counter length. We immediately bail if the counter limit is less than the computed
        block count, since that would mean that the counter values would be repeated.

        We short-cut to a direct operation call if the counter length matches size of the counter
        data -- we don't have to adjust the counter data in any way if that's the case.

        Otherwise we move counter data into the MPI format. The nonce and the actual counter MPIs
        can split out of the counter data MPI with the modulus operation and the counter limit MPI.

        We take another shortcut straight to the operation call if we're able to determine that the
        'counter leeway' value, i.e. the difference between the initial counter MPI and the counter
        limit MPI, is larger or equal to the predicted block size -- if that's the case, the counter
        won't wrap around and change the nonce data.

        In worst-case scenario the counter data will wrap around and we have to address that. The
        current implementation takes the slowest possible path for the moment, encrypting/decrypting
        each block separately. For each step the counter is combined with the nonce, the resulting
        MPI data retrieved and passed to the operation function, and the returned block output
        appended to the final output vector. The counter MPI is then incremented and ran through the
        modulus operation, limiting the MPI value to the previously-computed counter limit.

        No new tests -- relevant tests are passing and are unskipped.

        * crypto/gcrypt/CryptoAlgorithmAES_CTRGCrypt.cpp:
        (WebCore::callOperation):
        (WebCore::gcryptAES_CTR):
        (WebCore::CryptoAlgorithmAES_CTR::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CTR::platformDecrypt):

2017-05-14 Frederic Wang  <fwang@igalia.com>

        Add heuristic to avoid flattening "fullscreen" iframes
        https://bugs.webkit.org/show_bug.cgi?id=171914

        Reviewed by Simon Fraser.

        Some authors implement fullscreen popups as out-of-flow iframes with size set to full viewport (using vw/vh CSS units).
        When iframe flattening is enabled, such iframes may unexpectedly become larger than the viewport.
        This commit adds a simple heuristic to avoid frame flattening in that case.
        It is experimented by introducing a "enable for non-fullscreen iframes" state for the frame
        flattening setting.
        The default frame flattening is still either disabled or (fully) enabled on all platforms.
        InternalSettings is also adjusted so that the tests can still set the frame flattening setting.

        Test: fast/frames/flattening/iframe-flattening-fullscreen.html

        * page/FrameView.cpp:
        (WebCore::FrameView::frameFlatteningEnabled): Use the frame flattening enum setting.
        * page/Settings.h: Define a frame flattening enum that includes a "enable for non-fullscreen
        iframes" state.
        * page/Settings.in: Redefine frame flattening using that enum.
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::flattenFrameSet): Use the frame flattening enum setting.
        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::isFullScreenIFrame): Add a heuristic when partial frame flattening
        is enabled setting is enabled.
        There is not a strict comparison against the viewport size since authors may not exactly use
        100vw/100vh.
        Anyway, it is hard to do such comparison using the resolved width & height on RenderStyle.
        (WebCore::RenderIFrame::flattenFrame): Add a comment for the existing "zero size" heuristic.
        Use isFullScreenIFrame heuristic.
        * rendering/RenderView.cpp:
        (WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower): Use the frame flattening enum setting.
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup): Add backup for frame flattening.
        (WebCore::InternalSettings::Backup::restoreTo): Ditto.
        (WebCore::internalSettingsToWebCoreValue): Helper function to cast the frame flattening values.
        (WebCore::InternalSettings::setFrameFlattening): Redefine setFrameFlattening to accept an enum.
        * testing/InternalSettings.h: Define new enum & setter for frame flattening as well as a backup value.
        * testing/InternalSettings.idl: Define new enum & setter for frame flattening.

2017-06-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218253): Infinite animated gifs no longer loop
        https://bugs.webkit.org/show_bug.cgi?id=173464

        Reviewed by Carlos Alberto Lopez Perez.

        After the first loop iteration we keep rendering the same frame all the time, so it looks like if the animation
        stopped. This is because in r218253 we changed to use SharedBuffer instead of a Vector in ImageBackingStore, but
        we are not correctly copying the data in the copy constructor. We are using SharedBuffer::copy() that doesn't
        actually copy the data of the segments.

        * platform/graphics/ImageBackingStore.h:
        (WebCore::ImageBackingStore::ImageBackingStore): Copy the data of the other SharedBuffer.

2017-06-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] MainThreadNotifier ASSERTION FAILED: m_boundThread == currentThread() in _WebKitWebSrcPrivate::~_WebKitWebSrcPrivate
        https://bugs.webkit.org/show_bug.cgi?id=152043

        Reviewed by Xabier Rodriguez-Calvar.

        Stop using a WeakPtr in MainThreadNotifier, because it's not thread safe, which causes a crash in debug builds when
        the notifier is destroyed in a different thread. Make MainThreadNotifier thread safe refcounted instead, and add
        an invalidate() method to mark it as invalid.

        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        (WebCore::InbandTextTrackPrivateGStreamer::handleSample):
        (WebCore::InbandTextTrackPrivateGStreamer::streamChanged):
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        (WebCore::MainThreadNotifier::MainThreadNotifier): Deleted.
        (WebCore::MainThreadNotifier::notify): Deleted.
        (WebCore::MainThreadNotifier::cancelPendingNotifications): Deleted.
        (WebCore::MainThreadNotifier::addPendingNotification): Deleted.
        (WebCore::MainThreadNotifier::removePendingNotification): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::muteChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::TrackPrivateBaseGStreamer):
        (WebCore::TrackPrivateBaseGStreamer::~TrackPrivateBaseGStreamer):
        (WebCore::TrackPrivateBaseGStreamer::disconnect):
        (WebCore::TrackPrivateBaseGStreamer::activeChangedCallback):
        (WebCore::TrackPrivateBaseGStreamer::tagsChanged):
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init):
        (webKitWebSrcDispose):
        (webKitWebSrcStop):
        (webKitWebSrcStart):
        (webKitWebSrcNeedData):
        (webKitWebSrcEnoughData):
        (webKitWebSrcSeek):

2017-06-18  Ryosuke Niwa  <rniwa@webkit.org>

        Meter element doesn't respect the writing direction
        https://bugs.webkit.org/show_bug.cgi?id=173507

        Reviewed by Sam Weinig.

        The bug was caused by NSLevelIndicatorCell no longer using the value of baseWritingDirection
        to determine the direction of rendering in macOS Sierra and later. It instead relies on
        the value of userInterfaceLayoutDirection.

        Fixed the bug by setting both values. Once we dropped the support for macOS El Capitan
        and earlier, we can remove the code to set baseWritingDirection.

        Test: fast/dom/HTMLMeterElement/meter-rtl.html

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::levelIndicatorFor):

2017-06-18  Dewei Zhu  <dewei_zhu@apple.com>

        Remove 'EditCommand::isEditCommandComposition'.
        https://bugs.webkit.org/show_bug.cgi?id=173525

        Reviewed by Wenson Hsieh.

        Should remove 'isEditCommandComposition' from 'EditCommand' for:
            1. 'EditCommandComposition' is no longer a subclass of EditCommand.
            2. 'isEditCommandComposition' is not used at all.

        * editing/EditCommand.h:
        (WebCore::EditCommand::isCompositeEditCommand):
        (WebCore::EditCommand::isEditCommandComposition): Deleted.

2017-06-18  Chris Dumez  <cdumez@apple.com>

        Crash when re-entering MediaDevicesEnumerationRequest::cancel()
        https://bugs.webkit.org/show_bug.cgi?id=173522
        <rdar://problem/31185739>

        Reviewed by Darin Adler.

        When a MediaDevicesRequest is started, it creates a MediaDevicesEnumerationRequest
        object and passes a completion handler to that MediaDevicesEnumerationRequest
        object. The completion handler holds a reference to the MediaDevicesRequest object
        so that its stays alive until the MediaDevicesEnumerationRequest either completes
        or is canceled. MediaDevicesRequest also holds a reference to the
        MediaDevicesEnumerationRequest object via its m_enumerationRequest data member.

        When the document is destroyed, both MediaDevicesRequest::contextDestroyed() and
        MediaDevicesEnumerationRequest::contextDestroyed() gets called and the other is not
        pre-determined. If MediaDevicesEnumerationRequest::contextDestroyed() gets called
        first then it calls MediaDevicesEnumerationRequest::cancel(). Calling cancel() ends
        up destroying the completion handler. Destroying the completion handler ends up
        dereferencing and destroying the MediaDevicesRequest object. The MediaDevicesRequest
        destructor would call MediaDevicesEnumerationRequest::cancel() again, causing us to
        re-enter it and assign nullptr to the completion callback again. Re-entering
        std::function's operator=(nullptr_t) is not safe because of the way it is implemented
        as we end up trying to destroy the lambda twice and crashing. Using a WTF::Function
        instead fixes this particular issue because re-entering WTF::Function's operator=(nullptr_t)
        is safe.

        However, this fix is not sufficient. Calling the MediaDevicesRequest destructor also
        dereferencing and destroys the MediaDevicesEnumerationRequest object. As a result,
        when MediaDevicesEnumerationRequest::contextDestroyed() returns from its call to cancel
        |this| is already dead when we call ContextDestructionObserver::contextDestroyed().
        To address this issue, we now protect |this| in MediaDevicesEnumerationRequest::contextDestroyed().

        Test: fast/mediastream/destroy-document-while-enumerating-devices.html

        * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
        (WebCore::MediaDevicesEnumerationRequest::contextDestroyed):
        Protect |this| as the call to cancel() may destroy |this| before calling
        ContextDestructionObserver::contextDestroyed() otherwise.

        * Modules/mediastream/MediaDevicesEnumerationRequest.h:
        Use WTF::Function instead of std::function for the completion handler as
        it is safer (in terms of re-entrency) and avoids unnecessary copying.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::~MediaDevicesRequest):
        Stop calling MediaDevicesEnumerationRequest::cancel(). When the destructor
        is called, the MediaDevicesEnumerationRequest has either completed or been
        canceled so there is no need to cancel again. I added an assertion to
        make sure it is the case. This avoids re-entering
        MediaDevicesEnumerationRequest::cancel() is some cases, which was risky.

        (WebCore::MediaDevicesRequest::start):
        Add comment for clarity and capture a Ref<> instead of a RefPtr<> now that
        we can since we use WTF::Function.

2017-06-18  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WTF/
        https://bugs.webkit.org/show_bug.cgi?id=173519

        Reviewed by Sam Weinig.

        Replace a few uses of std::function with WTF::Function in WebCore/
        as well. It was either this or including <functional> and I decided
        it made more sense to port the code.

        * platform/graphics/FontSelectionAlgorithm.h:
        (WebCore::FontSelectionAlgorithm::iterateActiveCapabilitiesWithReturn):
        * platform/mediastream/MediaConstraints.cpp:
        (WebCore::StringConstraint::find):
        (WebCore::MediaTrackConstraintSetMap::forEach):
        (WebCore::MediaTrackConstraintSetMap::filter):
        (WebCore::MediaConstraints::isConstraintSet):
        * platform/mediastream/MediaConstraints.h:
        (WebCore::NumericConstraint::find):
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::applyConstraint):

2017-06-18  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeking or entering fullscreen can cause extreme CPU usage
        https://bugs.webkit.org/show_bug.cgi?id=173505

        Reviewed by Tim Horton.

        When support for painting MSE to WebGL was added in r217185, the implementation of
        SourceBufferPrivateAVFObjC::isReadyForMoreSamples() was modified to support asking
        the decompression session if it was ready. That change, however, caused an extreme
        performance regression in the normal playback path, where WebKit will effectively
        append samples endlessly to the AVSampleBufferDisplayLayer, which admirably enqueued
        each of them for decoding. Eventually, the cost of iterating over the CMBufferQueue
        overwhelmed the cost of decoding, and caused the extreme lag seen when seeking.

        Make sure to property query the AVSampleBufferDisplayLayer for isReadyForMoreMediaData
        before enqueuing.

        A previous version of this patch exposed some errors which caused failing tests:

        In sourceBufferPrivateDidReceiveSample(), we were using local versions of
        presentationTimestamp and decodeTimestamp as keys to the decodeQueue; those local versions
        were floating point values (because MediaTime + float = float), but the sample itself uses
        non-floating point MediaTimes. This causes samples to be left in the queue when they should
        be removed.

        In didBecomeReadyForMoreSamples(), we were getting spurious assertions when a
        AVSampleBufferDisplayLayer or a AVSampleBufferAudioRenderer would fire a callback from
        -requestMediaDataWhenReadyOnQueue:usingBlock: even after it had been told to
        -stopRequestingMediaData. Apparently it's expected behavior and so an ASSERT_NOT_REACHED is
        inappropriate here.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples):
        (WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples):


2017-06-17  Zalan Bujtas  <zalan@apple.com>

        Addressing post-review comment after r218456.
        https://bugs.webkit.org/show_bug.cgi?id=173509

        Reviewed by Darin Adler.

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-06-17  Chris Dumez  <cdumez@apple.com>

        DOMQuad::getBounds() should return a Ref<>
        https://bugs.webkit.org/show_bug.cgi?id=173517

        Reviewed by Simon Fraser.

        DOMQuad::getBounds() should return a Ref<> as it cannot return
        null.

        * dom/DOMQuad.cpp:
        (WebCore::DOMQuad::getBounds):
        * dom/DOMQuad.h:

2017-06-17  Simon Fraser  <simon.fraser@apple.com>

        Implement DOMQuad
        https://bugs.webkit.org/show_bug.cgi?id=163534

        Reviewed by Sam Weinig.

        Implement DOMQuad per https://drafts.fxtf.org/geometry/#DOMQuad, other than serialization
        which requires some bindings changes.

        web-platform-tests/css/geometry-1/DOMRect-001.html tests against an older version of the spec,
        so has some failures. DOMQuad-002.html passes, other than a NaN propagation issue that requires
        spec clarification.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMQuadCustom.cpp: Added.
        (WebCore::JSDOMQuad::getBounds):
        * bindings/scripts/CodeGenerator.pm:
        (IsSerializableDOMType):
        (IsSerializableAttribute):
        * dom/DOMPoint.h:
        * dom/DOMQuad.cpp: Added.
        (WebCore::DOMQuad::DOMQuad):
        (WebCore::DOMQuad::getBounds):
        * dom/DOMQuad.h: Added.
        (WebCore::DOMQuad::create):
        (WebCore::DOMQuad::fromRect):
        (WebCore::DOMQuad::fromQuad):
        (WebCore::DOMQuad::p1):
        (WebCore::DOMQuad::p2):
        (WebCore::DOMQuad::p3):
        (WebCore::DOMQuad::p4):
        * dom/DOMQuad.idl: Added.
        * dom/DOMQuadInit.h: Added.
        * dom/DOMQuadInit.idl: Added.

2017-06-17  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WebKit2/
        https://bugs.webkit.org/show_bug.cgi?id=173504

        Reviewed by Darin Adler.

        Use WTF::Function instead of std::function in WebKit2/ to avoid
        unnecessary copying.

        * Modules/applepay/PaymentCoordinator.cpp:
        (WebCore::PaymentCoordinator::canMakePaymentsWithActiveCard):
        (WebCore::PaymentCoordinator::openPaymentSetup):
        * Modules/applepay/PaymentCoordinator.h:
        * Modules/applepay/PaymentCoordinatorClient.h:
        * loader/EmptyClients.cpp:
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::willSendRequest):
        * loader/NetscapePlugInStreamLoader.h:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequest):
        * loader/ResourceLoader.h:

2017-06-17  Zalan Bujtas  <zalan@apple.com>

        Demote the "we have navigated away" check to an assertion.
        https://bugs.webkit.org/show_bug.cgi?id=173509

        Reviewed by Simon Fraser.

        Now that the expected behavior is that the render tree can't get to the page cache, it's ok to assert.
        TODO: We should also have view() check removed at some point.

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-06-17  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build

        * PlatformMac.cmake:
        * bindings/js/ScriptGlobalObject.cpp:

2017-06-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218438.
        https://bugs.webkit.org/show_bug.cgi?id=173515

        Caused imported/w3c/web-platform-tests/media-
        source/mediasource* tests to fail (Requested by smfr on
        #webkit).

        Reverted changeset:

        "[MSE] Seeking or entering fullscreen can cause extreme CPU
        usage"
        https://bugs.webkit.org/show_bug.cgi?id=173505
        http://trac.webkit.org/changeset/218438

2017-06-17  Antti Koivisto  <antti@apple.com>

        Crash due to infinite recursion via FrameSelection::updateAppearanceAfterLayout
        https://bugs.webkit.org/show_bug.cgi?id=173468

        Reviewed by Ryosuke Niwa.

        Test: editing/selection/updateAppearanceAfterLayout-recursion.html

        Calling FrameSelection::updateAppearanceAfterLayout() from Document::resolveStyle is unsafe
        because it may cause another call to resolveStyle. We have some cases where the style
        is still unclean when updateAppearanceAfterLayout() is called. This can lead to infinite
        recursion.

        The test case is not the common stack seen in CrashTracer (couldn't quit replicate it) but
        the updateAppearanceAfterLayout/resolveStyle recursion is the same.

        * dom/Document.cpp:
        (WebCore::Document::resolveStyle):

            Normally selection appearance update is done in post-layout but not all style resolutions schedule a layout.
            Invoke it asynchronously in that case instead of the previous synchronous call.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::FrameSelection):
        (WebCore::FrameSelection::updateAppearanceAfterLayout):
        (WebCore::FrameSelection::scheduleAppearanceUpdateAfterStyleChange):
        (WebCore::FrameSelection::appearanceUpdateTimerFired):
        (WebCore::FrameSelection::updateAppearanceAfterLayoutOrStyleChange):
        * editing/FrameSelection.h:

2017-06-17  Alex Christensen  <achristensen@webkit.org>

        Fix Mac CMake build.

        * PlatformMac.cmake:

2017-06-17  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r209495): materiauxlaverdure.com fails to load
        https://bugs.webkit.org/show_bug.cgi?id=173301
        <rdar://problem/32624850>

        Reviewed by Antti Koivisto.

        The bug was caused by WebKit wrapping CSS string values with single quotation marks instead of
        double quotation marks as spec'ed in https://drafts.csswg.org/cssom/#serialize-a-string and
        implemented in Firefox and Chrome.

        The website eval's the computed value of the `content` CSS property with the value `'{name: "flat"}'`
        after stripping single quotation marks from both ends. Prior to r209495, WebKit serialized this CSS value
        in single quotations without escaping double quotations. After r209495, double quotations are escaped
        with backslashes as `'{name: \"flat\"}'`. As a result, `eval` is invoked with `{name: \"flat\"}`
        after stripping single quotations from both ends, which resulted in an exception.

        Chrome and Firefox don't encounter this exception despite of the fact they escape double quotations
        as well because serialize with double quotations as `"{name: \"flat\"}"`. Because there is no code
        to strip double quotations, eval is invoked with the same string, resulting in the entire value as
        being parsed as string, instead of an object with a single key "name" with the value of "flat" as
        was the case in WebKit prior to r209495. While this behavior was most certainly not the intent of
        the website author, Chrome and Firefox don't encounter an exception and the website continues to work.

        This patch aligns WebKit's behavior to that of the CSS OM specification, Firefox, and Chrome by
        serializing CSS string values using double quotation marks instead of single quotation marks.

        Note: inline change log comments are added below for every call site of serializeString for clarity.

        Test: fast/css/getPropertyValue-serialization-with-double-quotes.html

        * css/CSSBasicShapes.cpp:
        (WebCore::buildPathString): Use double quotation marks in path(~) of shapes.
        * css/CSSMarkup.cpp:
        (WebCore::serializeString):
        (WebCore::serializeURL): Use double quotation marks to serialize URLs.
        (WebCore::serializeAsStringOrCustomIdent): Use double quotation marks to serialize strings. We still avoid
        using wrapping the value with double quotations when the value can be an identifier. See r209495.
        (WebCore::serializeFontFamily): Ditto for font-family names such as "San Francisco".
        * css/CSSMarkup.h:
        * css/CSSNamespaceRule.cpp:
        (WebCore::CSSNamespaceRule::cssText): Use double quotation marks to serialize namespace URIs.
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText): Use double quotation marks to serialize
        the separators; e.g. counter(sectionNumber, ".") to produce "1.".
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::selectorText): Use double quotation marks to serialize attribute values.
        * css/parser/CSSParserToken.cpp:
        (WebCore::CSSParserToken::serialize): Use double quotation marks to serialize strings in @support.
        * editing/EditingStyle.cpp:
        (WebCore::StyleChange::extractTextStyles): Updated to strip double quotation marks in font family names to
        maintain the compatibility with old versions of Microsoft Outlook.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::mapLanguageAttributeToLocale): Use double quotations marks to serialize the value
        of the lang content attribute. It doesn't matter which one is used here because it's only a temporary value
        only fed into the CSS parser to set the equivalent CSS value from the content attribute.

2017-06-16  Matt Baker  <mattbaker@apple.com>

        Web Inspector: Instrument 2D/WebGL canvas contexts in the backend
        https://bugs.webkit.org/show_bug.cgi?id=172623
        <rdar://problem/32415986>

        Reviewed by Devin Rousso and Joseph Pecoraro.

        Test: inspector/canvas/create-canvas-contexts.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        Instrument creation of CSS canvases. This merely registers the canvas
        element with InspectorCanvasAgent and stores the name (identifier passed
        to getCSSCanvasContext) for later use. It isn't until the context is
        actually created that the frontend receives a notification.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        Instrument creation of 2D and WebGL canvas contexts.

        * inspector/InspectorAllInOne.cpp:

        * inspector/InspectorCanvasAgent.cpp: Added.
        New backend agent for canvas inspection. Canvas creation and destruction
        are continuously monitored by the agent, regardless of the presence of
        a frontend. This is necessary since there is no way to retrieve the
        rendering contexts for with a given frame once they've been created.

        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::InspectorCanvasAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::discardAgent):
        Unregister canvas observers to prevent dangling agent pointer.
        (WebCore::InspectorCanvasAgent::enable):
        Dispatch events for existing canvases, now that the frontend exists.
        (WebCore::InspectorCanvasAgent::disable):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas):
        Register the name/identifier associated with the CSS canvas, so that it
        can be retrieved and associated with the rendering context later.

        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        Removes the canvas from the agent, and queues it for notifying the
        frontend during the next event loop.

        (WebCore::InspectorCanvasAgent::canvasDestroyedTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::getCanvasEntry):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorCanvasAgent.h: Added.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        These instrumentation points should not fast return when no frontend
        is attached.

        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):

        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorCanvasAgent):
        (WebCore::InstrumentingAgents::setInspectorCanvasAgent):
        Plumbing for the new agent.

2017-06-16  Antoine Quint  <graouts@apple.com>

        Add a WebKit2 setting to control whether media documents should automatically enter fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173503

        Reviewed by Tim Horton.

        New WebCore setting to specify whether a media document should automatically enter fullscreen.

        * page/Settings.in:

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeking or entering fullscreen can cause extreme CPU usage
        https://bugs.webkit.org/show_bug.cgi?id=173505

        Reviewed by Tim Horton.

        When support for painting MSE to WebGL was added in r217185, the implementation of
        SourceBufferPrivateAVFObjC::isReadyForMoreSamples() was modified to support asking
        the decompression session if it was ready. That change, however, caused an extreme
        performance regression in the normal playback path, where WebKit will effectively
        append samples endlessly to the AVSampleBufferDisplayLayer, which admirably enqueued
        each of them for decoding. Eventually, the cost of iterating over the CMBufferQueue
        overwhelmed the cost of decoding, and caused the extreme lag seen when seeking.

        Make sure to property query the AVSampleBufferDisplayLayer for isReadyForMoreMediaData
        before enqueuing.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples):

2017-06-16  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for HTMLDocument
        https://bugs.webkit.org/show_bug.cgi?id=173444

        Reviewed by Darin Adler.

        * bindings/js/JSDOMBindingSecurity.cpp:
        (WebCore::canAccessDocument):
        (WebCore::BindingSecurity::shouldAllowAccessToFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::showModalDialog):
        Pass ExecState by reference to window accessors.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::incumbentDOMWindow):
        (WebCore::activeDOMWindow):
        (WebCore::firstDOMWindow):
        (WebCore::callerDocument):
        * bindings/js/JSDOMWindowBase.h:
        Pass ExecState by reference to window accessors and add callerDocument.
    
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot): Deleted.
        (WebCore::JSHTMLDocument::all): Deleted.
        (WebCore::JSHTMLDocument::setAll): Deleted.
        (WebCore::findCallingDocument): Deleted.
        (WebCore::JSHTMLDocument::open): Deleted.
        (WebCore::documentWrite): Deleted.
        (WebCore::JSHTMLDocument::write): Deleted.
        Remove custom bindings.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallWith):
        Add support CallWith=CallerDocument

        * bindings/scripts/IDLAttributes.json:
        Remove CallerWindow, which has not been supported for a while. CallerDocument, despite 
        having it's support removed in the past, was still listed, so keep it.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        Update test results.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createHTMLDocument):
        Update for new signature of Document.write().

        * dom/Document.h:
        * dom/Document.idl:
        * dom/Document.cpp:
        (WebCore::Document::open):
        Add DOMWindow returning overload that calls through to the DOMWindow.
        Add return value and currently not utilized parameters to the Document returning overload.
        Update to return exceptions as specified.

        (WebCore::Document::close):
        Update to return exceptions as specified.

        (WebCore::Document::write):
        (WebCore::Document::writeln):
        Update to take a Vector<String> argument and the caller Document first
        as per convention and return exceptions as specified.

        (WebCore::Document::bgColor):
        (WebCore::Document::setBgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::setFgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::setAlinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::setLinkColorForBindings):
        (WebCore::Document::vlinkColor):
        (WebCore::Document::setVlinkColor):
        (WebCore::Document::clear):
        (WebCore::Document::captureEvents):
        (WebCore::Document::releaseEvents):
        Move from HTMLDocument.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::bgColor): Deleted.
        (WebCore::HTMLDocument::setBgColor): Deleted.
        (WebCore::HTMLDocument::fgColor): Deleted.
        (WebCore::HTMLDocument::setFgColor): Deleted.
        (WebCore::HTMLDocument::alinkColor): Deleted.
        (WebCore::HTMLDocument::setAlinkColor): Deleted.
        (WebCore::HTMLDocument::linkColor): Deleted.
        (WebCore::HTMLDocument::setLinkColor): Deleted.
        (WebCore::HTMLDocument::vlinkColor): Deleted.
        (WebCore::HTMLDocument::setVlinkColor): Deleted.
        (WebCore::HTMLDocument::clear): Deleted.
        (WebCore::HTMLDocument::captureEvents): Deleted.
        (WebCore::HTMLDocument::releaseEvents): Deleted.
        * html/HTMLDocument.h:
        * html/HTMLDocument.idl:
        Moved operations and attributes to Document.

        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::patchDocument):
        Update for new signature of Document.write().

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):
        (WebCore::DOMWindow::focus):
        * page/DOMWindow.h:
        Use the term incumbentWindow, matching IDL, and so not to be confused
        with the callerWindow, which is slightly different.

2017-06-16  Daniel Bates  <dabates@apple.com>

        Remove header OptionSet.h from FrameLoaderTypes.h
        https://bugs.webkit.org/show_bug.cgi?id=173489

        Reviewed by Joseph Pecoraro.

        Although the header FrameLoaderTypes.h defines exactly one enum class, ReloadOption, whose
        enumerators conform the power of two prerequisite for parameterizing an OptionSet for it
        FrameLoaderTypes.h does not actually make use of the functionality provided by header
        OptionSet.h. And not all source files that include FrameLoaderTypes.h need to use an OptionSet.

        * loader/DocumentLoader.h: Include <wtf/OptionSet.h>.
        * loader/FrameLoader.h: Ditto.
        * loader/FrameLoaderTypes.h: Remove header <wtf/OptionSet.h>.
        * replay/UserInputBridge.h: Include <wtf/Forward.h>.

2017-06-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Upstream iOS drag and drop implementation into OpenSource WebKit
        https://bugs.webkit.org/show_bug.cgi?id=173366
        <rdar://problem/32767014>

        Reviewed by Tim Horton.

        Moves all drag and drop logic previously hidden behind WebKitAdditions into the open source repository, along
        with unit test pages in TestWebKitAPI. Also removes all #includes and #imports of dragging-related files in
        WebKitAdditions from the open source repository.

        This initial upstreaming phase is only concerned with moving code out of WebKitAdditions, and attempts to
        preserve the code as-is, with the exception of trivial style changes so that the open source linter passes.
        Future patches will remove the DATA_INTERACTION feature flag altogether and unobscure all variable and function
        names referencing "data interaction".

        No change in behavior from the internal build.

        * Configurations/FeatureDefines.xcconfig:
        * page/ios/EventHandlerIOS.mm:
        (WebCore::EventHandler::createDraggingDataTransfer):
        (WebCore::EventHandler::eventLoopHandleMouseDragged):
        (WebCore::EventHandler::tryToBeginDataInteractionAtPoint):
        * platform/ios/DragImageIOS.mm:
        (WebCore::dragImageSize):
        (WebCore::scaleDragImage):
        (WebCore::createDragImageFromImage):
        (WebCore::deleteDragImage):
        (WebCore::createDragImageForLink):
        (WebCore::createDragImageIconForCachedImageFilename):
        (WebCore::platformAdjustDragImageForDeviceScaleFactor):
        (WebCore::createDragImageForSelection):
        (WebCore::dissolveDragImageToFraction):
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::Pasteboard):
        (WebCore::Pasteboard::setDragImage):
        (WebCore::Pasteboard::createForDragAndDrop):
        * platform/mac/DragDataMac.mm:
        (WebCore::rtfPasteboardType):
        (WebCore::rtfdPasteboardType):
        (WebCore::stringPasteboardType):
        (WebCore::urlPasteboardType):
        (WebCore::htmlPasteboardType):
        (WebCore::colorPasteboardType):
        (WebCore::pdfPasteboardType):
        (WebCore::tiffPasteboardType):
        (WebCore::DragData::asFilenames):
        (WebCore::DragData::containsURL):
        (rtfPasteboardType): Deleted.
        (rtfdPasteboardType): Deleted.
        (stringPasteboardType): Deleted.
        (urlPasteboardType): Deleted.
        (htmlPasteboardType): Deleted.
        (colorPasteboardType): Deleted.
        (pdfPasteboardType): Deleted.
        (tiffPasteboardType): Deleted.

2017-06-16  Youenn Fablet  <youenn@apple.com>

        addTransceiver should trigger mid generation in the SDP
        https://bugs.webkit.org/show_bug.cgi?id=173452

        Reviewed by Alex Christensen.

        Test: webrtc/video-addTransceiver.html

        Adding support for recvonly SDP based on call to addTransceiver.
        Using offer_to_receive options of libwebrtc for that purpose.

        Making sure that addTransceiver and using a real track afterwards is working too.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::enqueueReplaceTrackTask): notify the backend that a track is added in case the sender has no track.
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::shouldOfferAllowToReceiveAudio): Detect whether some audio mid should be recvonly.
        (WebCore::LibWebRTCMediaEndpoint::shouldOfferAllowToReceiveVideo): Detect whether some video mid should be recvonly.
        (WebCore::LibWebRTCMediaEndpoint::doCreateOffer):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:

2017-06-16  Youenn Fablet  <youenn@apple.com>

        WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging is crashing
        https://bugs.webkit.org/show_bug.cgi?id=173493

        Reviewed by Eric Carlson.

        Speculative preventive fix.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging):

2017-06-16  Alex Christensen  <achristensen@webkit.org>

        Show punycode to user if a URL has dotless i or j followed by diacritic dot
        https://bugs.webkit.org/show_bug.cgi?id=173431

        Reviewed by Darin Adler.

        Covered by new API tests.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter):
        (WebCore::allCharactersInIDNScriptWhiteList):
        (WebCore::createStringWithEscapedUnsafeCharacters):

2017-06-16  Youenn Fablet  <youenn@apple.com>

        [iOS] Switching cameras in a WebRTC call makes black frames being sent
        https://bugs.webkit.org/show_bug.cgi?id=173486

        Reviewed by Eric Carlson.

        Test: webrtc/video-replace-muted-track.html

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::updateBlackFramesSending):
        Ensuring the timer is stopped if needed.
        (WebCore::RealtimeOutgoingVideoSource::initializeFromSource):
        Calling updateBlackFramesSending to stop sending frame if needed.

2017-06-16  Youenn Fablet  <youenn@apple.com>

        Remove replaceTrack restriction about video resolution
        https://bugs.webkit.org/show_bug.cgi?id=173490

        Reviewed by Eric Carlson.

        Covered by updated tests.

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::setSource):

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Handle timeout of prepareForPictureInPictureStopWithCompletionHandler.
        https://bugs.webkit.org/show_bug.cgi?id=173462
        rdar://problem/32128170

        Reviewed by Jer Noble.

        No new tests because no effect on the DOM.

        If WebVideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler doesn't respond fast enough,
        the caller will timeout and call will/didStopPictureInPicture.

        This is getting fullscreen state confused.

        This change keeps state consistent by handling will/didStopPictureInPicture possibly being called before
        prepareForPictureInPictureStopWithCompletionHandler calls its callback.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::willStopPictureInPicture):
        (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):
        (WebVideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler):
        (WebVideoFullscreenInterfaceAVKit::watchdogTimerFired):

2017-06-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Make builds faster after r218371
        https://bugs.webkit.org/show_bug.cgi?id=173453

        Reviewed by Tim Horton.

        Remove #includes from .h files.

        No new tests because there is no behavior change.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj: Add new .cpp file, and sort the project file
        * platform/graphics/FontFamilySpecificationNull.cpp: Copied from Source/WebCore/platform/graphics/FontFamilySpecificationNull.h.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/FontFamilySpecificationNull.h:
        (WebCore::FontFamilySpecificationNull::fontRanges): Deleted.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        (WebCore::FontFamilySpecificationCoreText::~FontFamilySpecificationCoreText):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h:
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText): Deleted.

2017-06-16  Chris Dumez  <cdumez@apple.com>

        [WK2] Add WKProcessPool SPI to efficiently reset all plugin load client policies
        https://bugs.webkit.org/show_bug.cgi?id=173472
        <rdar://problem/28858817>

        Reviewed by Brady Eidson.

        Add PluginLoadClientPolicyMaximum value to PluginLoadClientPolicy enumeration
        to facilitate input value validation on API side.

        * plugins/PluginData.h:

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Do not pause playing video when application resigns active state.
        https://bugs.webkit.org/show_bug.cgi?id=173474

        Reviewed by Tim Horton.

        Test: media/video-inactive-playback.html

        Separate out the concept of "inactive" playback from "process background" playback.
        Move the implementation of applicationDidEnterBackground() from MediaSessionManagerIOS
        into it's superclass, PlatformMediaSessionManager, and add a new set of restrictions
        for "InactiveProcessPlaybackRestricted" and "SuspendedUnderLockPlaybackRestricted".
        Leave the default restriction set for iOS as "BackgroundProcessPlaybackRestricted" and
        "SuspendedUnderLockPlaybackRestricted", to preserve the existing behavior of suspending
        playback when switching apps or when locking the device.

        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::interruptionName):
        * platform/audio/PlatformMediaSession.h:
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::applicationWillBecomeInactive):
        (WebCore::PlatformMediaSessionManager::applicationDidBecomeActive):
        (WebCore::PlatformMediaSessionManager::applicationDidEnterBackground):
        (WebCore::PlatformMediaSessionManager::applicationWillEnterForeground):
        (WebCore::PlatformMediaSessionManager::applicationWillEnterBackground): Deleted.
        (WebCore::PlatformMediaSessionManager::applicationDidEnterForeground): Deleted.
        * platform/audio/PlatformMediaSessionManager.h:
        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::resetRestrictions):
        (-[WebMediaSessionHelper applicationDidBecomeActive:]):
        (-[WebMediaSessionHelper applicationWillResignActive:]):
        (WebCore::MediaSessionManageriOS::applicationDidEnterBackground): Deleted.
        (WebCore::MediaSessionManageriOS::applicationWillEnterForeground): Deleted.
        * testing/Internals.cpp:
        (WebCore::Internals::applicationWillBecomeInactive):
        (WebCore::Internals::applicationDidBecomeActive):
        (WebCore::Internals::applicationWillEnterForeground):
        (WebCore::Internals::applicationDidEnterBackground):
        (WebCore::Internals::setMediaSessionRestrictions):
        (WebCore::Internals::applicationDidEnterForeground): Deleted.
        (WebCore::Internals::applicationWillEnterBackground): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-16  Alex Christensen  <achristensen@webkit.org>

        REGRESSION (r213126): Sync XHR needs partition for cache and credentials
        https://bugs.webkit.org/show_bug.cgi?id=173496
        <rdar://problem/31943596>

        Reviewed by Darin Adler.

        Test: http/tests/security/sync-xhr-partition.html

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2017-06-16  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218402 and r218404.
        https://bugs.webkit.org/show_bug.cgi?id=173494

        Seems to have mysteriously broken the build in bizarre ways
        (Requested by thorton on #webkit).

        Reverted changesets:

        "Include a few widespread WTF headers in WebCorePrefix.h"
        https://bugs.webkit.org/show_bug.cgi?id=173481
        http://trac.webkit.org/changeset/218402

        "Fix the Windows build after r218402"
        http://trac.webkit.org/changeset/218404

2017-06-16  Brady Eidson  <beidson@apple.com>

        REGRESSION (r218015) IconLoaders for already-cached resources expect to be asynchronous, no longer are.
        <rdar://problem/32817519> and https://bugs.webkit.org/show_bug.cgi?id=173478

        Reviewed by Daniel Bates.

        Covered by API test.

        Being synchronous is actually better as it's resolved another issue or two.
        But only if we can actually deliver the data without crashing first.
        So let's do that.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Put the IconLoader in the set of active icon loaders
          before actually starting the icon loading.

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Don't use WebCore Timer from code that runs in the UI process.
        https://bugs.webkit.org/show_bug.cgi?id=173460
        rdar://problem/32750731

        Reviewed by Jer Noble.

        If a WebCore Timer is fired from the WebKit2 UI process, it will
        create a web thread, which can cause a crash in this instance.

        It was also causing the timer to be called back on the wrong thread.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit):

2017-06-16  Timothy Horton  <timothy_horton@apple.com>

        Fix the Windows build after r218402

        * WebCorePrefix.h:
        I typed #import instead of #include on auto-pilot, and ... it mostly worked!
        Except Windows.

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Hide inline captions in fullscreen. Remove fullscreen captions when no longer needed.
        https://bugs.webkit.org/show_bug.cgi?id=173482

        Reviewed by Eric Carlson.

        Hide the inline captions while they are presenting to fullscreen.
        Remove the text track representation as soon as it is no longer needed.
        This allows the text track to render properly when returning to inline.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):

2017-06-16  Tim Horton  <timothy_horton@apple.com>

        Include a few widespread WTF headers in WebCorePrefix.h
        https://bugs.webkit.org/show_bug.cgi?id=173481

        Reviewed by Alex Christensen.

        * WebCorePrefix.h:
        These are four of the headers that contribute the most pre-processed
        source to the WebCore build. They (and their dependents) change infrequently
        enough that a world rebuild of WebCore when they change seems like an
        acceptable tradeoff for the ~9% reduction in WebCore build time that I
        measure from this change.

2017-06-16  Antoine Quint  <graouts@apple.com>

        REGRESSION: AirPlay placard is not shown when in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173447
        <rdar://problem/32803773>

        Reviewed by Jon Lee.

        We only allowed a placard to be set on inline controls, but that was an oversight: placards
        should be displayed in fullscreen as well. As such, we move the "placard" property up from
        InlineMediaControls to MediaControls, and update the layout() logic in MacOSFullscreenMediaControls
        to display a placard.

        Test: media/modern-media-controls/placard-support/placard-support-airplay-fullscreen.html

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls):
        (InlineMediaControls.prototype.layout):
        (InlineMediaControls.prototype.get placard): Deleted.
        (InlineMediaControls.prototype.set placard): Deleted.
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.layout):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.get placard):
        (MediaControls.prototype.set placard):
        (MediaControls.prototype.placardPreventsControlsBarDisplay):
        (MediaControls.prototype.layout):
        * Modules/modern-media-controls/media/placard-support.js:
        (PlacardSupport.prototype._updatePlacard):
        (PlacardSupport):

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-16  Antoine Quint  <graouts@apple.com>

        Backdrop blur missing in media controls bar on Sierra
        https://bugs.webkit.org/show_bug.cgi?id=173451

        Reviewed by Simon Fraser.

        On Sierra, we need to enforce a stacking context on controls bars to guarantee that
        the backdrop filters on the BackgroundTint are applied correctly.

        Test: media/modern-media-controls/controls-bar/controls-bar-stacking-context.html

        * Modules/modern-media-controls/controls/controls-bar.css:
        (.controls-bar):

2017-06-16  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218375.

        The API test MediaStreamTrackDetached is still timing out
        after the patch

        Reverted changeset:

        "[WebRTC] Removing a MediaStreamTrack from a MediaStream
        reports no recording to WebKit clients"
        https://bugs.webkit.org/show_bug.cgi?id=173398
        http://trac.webkit.org/changeset/218375

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION: Media control glyphs appear to invert colors when video is dragged
        https://bugs.webkit.org/show_bug.cgi?id=173455
        rdar://problem/32726887

        Reviewed by Tim Horton.

        Masks on composited layers were not correctly painted in drag images, because RenderLayer::paintLayerContents()
        failed to pass the PaintBehaviorFlattenCompositingLayers flag down through the mask drawing code, causing
        RenderBox::paintMaskImages() to fall into the composited mask code path.

        Fix by making a local copy of PaintBehavior, and setting the PaintBehaviorFlattenCompositingLayers and PaintBehaviorSnapshotting
        bits on it as appropriate, and passing it into paintMaskForFragments() and paintChildClippingMaskForFragments(). This is similar
        to code above.

        Can't test drag images.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::paintChildClippingMaskForFragments):
        * rendering/RenderLayer.h:

2017-06-16  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218376.

        The patch cause multiple Layout Test Crashes.

        Reverted changeset:

        "Web Inspector: Instrument 2D/WebGL canvas contexts in the
        backend"
        https://bugs.webkit.org/show_bug.cgi?id=172623
        http://trac.webkit.org/changeset/218376

2017-06-16  Daniel Bates  <dabates@apple.com>

        Use the term icon instead of favicon
        https://bugs.webkit.org/show_bug.cgi?id=173400

        Reviewed by Alex Christensen.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResourceContent):
        (WebCore::InspectorPageAgent::cachedResourceType):
        * loader/LinkLoader.cpp:
        (WebCore::createLinkPreloadResourceClient):
        * loader/ResourceLoadInfo.cpp:
        (WebCore::toResourceType):
        * loader/SubresourceLoader.cpp:
        (WebCore::logResourceLoaded):
        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::CachedRawResource):
        * loader/cache/CachedRawResource.h:
        (isType):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::defaultPriorityForResourceType):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::isMainOrMediaOrIconOrRawResource):
        (WebCore::CachedResource::ignoreForRequestCount):
        (WebCore::CachedResource::isMainOrMediaOrFaviconOrRawResource): Deleted.
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource):
        (WebCore::CachedResourceLoader::requestIcon):
        (WebCore::contentTypeFromResourceType):
        (WebCore::CachedResourceLoader::checkInsecureContent):
        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):
        (WebCore::CachedResourceLoader::requestFavicon): Deleted.
        * loader/cache/CachedResourceLoader.h:
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading):

2017-06-16  Per Arne Vollan  <pvollan@apple.com>

        WebKit does not honor closed caption stroke width.
        https://bugs.webkit.org/show_bug.cgi?id=173402

        Reviewed by Eric Carlson.

        WebKit currently has an upper limit on the stroke width returned from MACaptionAppearanceCopyFontDescriptorWithStrokeForStyle.
        Since only half the stroke is visible because the stroke is drawn before the fill, double the stroke width from
        MediaAccessibility to get the correct visual stroke width. Also, the stroke width returned from this function should not be
        interpreted as CSS points, but as CSS pixels.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextStrokeStyle):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::captionStrokeWidthForFont):

2017-06-16  Per Arne Vollan  <pvollan@apple.com>

        [Win] WebKit renders scrollbar wrong at 125% scale.
        https://bugs.webkit.org/show_bug.cgi?id=173363

        Reviewed by Darin Adler.

        Scrollbars are drawn with the GDI function DrawThemeBackground. Sometimes, the GDI clip
        rectangle will be too small since we clamp a FloatRect to integer values when setting the
        GDI clip rectangle.

        * platform/graphics/win/GraphicsContextWin.cpp:
        (WebCore::GraphicsContextPlatformPrivate::clip):

2017-06-15  Mark Lam  <mark.lam@apple.com>

        Add a JSRunLoopTimer registry in VM.
        https://bugs.webkit.org/show_bug.cgi?id=173429
        <rdar://problem/31287961>

        Reviewed by Filip Pizlo.

        No new tests needed because:
        1. it's already covered: it was also originally discovered by our API tests while
           running on the iOS simulator. The test was intermittently failing on a debug
           build.
        2. the issue is racy (it depends on a JSRunLoopTimer firing at the right time).
           Hence, it's non trivial to write a better test than the one we already have.

        * bindings/js/CommonVM.cpp:
        (WebCore::commonVMSlow):

2017-06-15  Antoine Quint  <graouts@apple.com>

        REGRESSION: AirPlay button is incorrectly highlighted in inline and fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173446

        Reviewed by Dean Jackson.

        A button's color should be applied to its <picture> element, not the containing
        <button> element.

        * Modules/modern-media-controls/controls/airplay-button.css:
        (button.airplay.on > picture):
        (button.airplay.on): Deleted.

2017-06-15  Matt Baker  <mattbaker@apple.com>

        Web Inspector: Instrument 2D/WebGL canvas contexts in the backend
        https://bugs.webkit.org/show_bug.cgi?id=172623
        <rdar://problem/32415986>

        Reviewed by Devin Rousso.

        Test: inspector/canvas/create-canvas-contexts.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        Instrument creation of CSS canvases. This merely registers the canvas
        element with InspectorCanvasAgent and stores the name (identifier passed
        to getCSSCanvasContext) for later use. It isn't until the context is
        actually created that the frontend receives a notification.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        Instrument creation of 2D and WebGL canvas contexts.

        * inspector/InspectorAllInOne.cpp:

        * inspector/InspectorCanvasAgent.cpp: Added.
        New backend agent for canvas inspection. Canvas creation and destruction
        are continuously monitored by the agent, regardless of the presence of
        a frontend. This is necessary since there is no way to retrieve the
        rendering contexts for with a given frame once they've been created.

        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::InspectorCanvasAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::discardAgent):
        Unregister canvas observers to prevent dangling agent pointer.
        (WebCore::InspectorCanvasAgent::enable):
        Dispatch events for existing canvases, now that the frontend exists.
        (WebCore::InspectorCanvasAgent::disable):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas):
        Register the name/identifier associated with the CSS canvas, so that it
        can be retrieved and associated with the rendering context later.

        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        Removes the canvas from the agent, and queues it for notifying the
        frontend during the next event loop.

        (WebCore::InspectorCanvasAgent::canvasDestroyedTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::getCanvasEntry):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorCanvasAgent.h: Added.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        These instrumentation points should not fast return when no frontend
        is attached.

        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):

        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorCanvasAgent):
        (WebCore::InstrumentingAgents::setInspectorCanvasAgent):
        Plumbing for the new agent.

2017-06-15  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        Use WTFLogAlways for debug logging so that it shows up in device system logs
        https://bugs.webkit.org/show_bug.cgi?id=173450

        Reviewed by Tim Horton.

        If you want to showRenderTree() on-device, the result doesn't show in system log so you can't see it
        Switch to WTFLogAlways to fix this, for all the debug logging in WebCore.
        
        Also WKError () -> WKError() in the old WAK code, to allow for easier searching pending cleanup.

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::~AudioContext):
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::~AudioNode):
        (WebCore::AudioNode::ref):
        (WebCore::AudioNode::finishDeref):
        (WebCore::AudioNode::printNodeCounts):
        * bridge/objc/objc_instance.mm:
        (ObjcInstance::invokeObjcMethod):
        * bridge/objc/objc_utility.mm:
        (JSC::Bindings::convertObjcValueToValue):
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::showStyle):
        * dom/DocumentMarkerController.cpp:
        (DocumentMarkerController::showMarkers):
        * dom/Node.cpp:
        (WebCore::Node::showNode):
        (WebCore::Node::showNodePathForThis):
        (WebCore::traverseTreeAndMark):
        * dom/Position.cpp:
        (WebCore::Position::debugPosition):
        (WebCore::Position::showAnchorTypeAndOffset):
        * dom/Range.cpp:
        (showTree):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::debugRenderer):
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::debugPosition):
        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::debugPosition):
        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::showTreeWithIndent):
        * html/parser/HTMLFormattingElementList.cpp:
        (WebCore::HTMLFormattingElementList::show):
        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::dumpMap):
        * page/scrolling/ScrollingStateTree.cpp:
        (showScrollingStateTree):
        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::frameSizeChangedProc):
        * platform/graphics/GraphicsLayer.cpp:
        (showGraphicsLayerTree):
        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::dump):
        * platform/ios/wak/WAKView.mm:
        (+[WAKView _wrapperForViewRef:]):
        (-[WAKView displayRect:]):
        (-[WAKView displayRectIgnoringOpacity:inContext:]):
        * platform/ios/wak/WKUtilities.c:
        (WKRelease):
        * platform/ios/wak/WKView.mm:
        (_WKViewSetViewContext):
        (WKViewGetBounds):
        (WKViewGetFrame):
        (_WKViewRecursivelyInvalidateGState):
        (WKViewSetFrameOrigin):
        (WKViewSetFrameSize):
        (WKViewGetWindow):
        (WKViewGetSubviews):
        (WKViewAddSubview):
        (WKViewRemoveFromSuperview):
        (WKViewFirstChild):
        (WKViewNextSibling):
        (WKViewTraverseNext):
        (WKViewGetVisibleRect):
        (WKViewConvertRectToSuperview):
        (WKViewConvertRectToBase):
        (WKViewConvertPointToSuperview):
        (WKViewConvertPointFromSuperview):
        (WKViewConvertPointToBase):
        (_WKViewGetAncestorViewsIncludingView):
        (WKViewConvertPointFromBase):
        (WKViewConvertRectFromSuperview):
        (WKViewConvertRectFromBase):
        (WKViewGetAutoresizingMask):
        (WKViewSetAutoresizingMask):
        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::dumpTextEncodingNameMap):
        * rendering/CounterNode.cpp:
        (WebCore::showTreeAndMark):
        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::showLineBox):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::showLineBox):
        * rendering/RenderCounter.cpp:
        (showCounterRendererTree):
        * rendering/RenderLayer.cpp:
        (WebCore::showLayerTree):
        * rendering/RenderObject.cpp:
        (WebCore::showRenderTreeLegend):
        (WebCore::RenderObject::showRegionsInformation):
        (WebCore::RenderObject::showRenderObject):
        (WebCore::printRenderTreeForLiveDocuments):
        (WebCore::printLayerTreeForLiveDocuments):
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::printPrefix):
        (WebCore::SimpleLineLayout::showLineLayoutForFlow):
        * rendering/svg/SVGResources.cpp:
        (WebCore::SVGResources::dump):
        * rendering/svg/SVGResourcesCycleSolver.cpp:
        (WebCore::SVGResourcesCycleSolver::resolveCycles):
        * rendering/svg/SVGTextLayoutAttributes.cpp:
        (WebCore::dumpSVGCharacterDataMapValue):
        (WebCore::SVGTextLayoutAttributes::dump):
        * rendering/svg/SVGTextLayoutEngine.cpp:
        (WebCore::dumpTextBoxes):
        (WebCore::SVGTextLayoutEngine::finishLayout):

2017-06-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Removing stray whitespace after r218371
        https://bugs.webkit.org/show_bug.cgi?id=173043

        Unreviewed.

        No new tests because there is no behavior change.

        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::shouldIgnoreRotation):
        (WebCore::glyphDataForNonCJKCharacterWithGlyphOrientation):
        * platform/graphics/FontDescription.cpp:
        * platform/graphics/FontDescription.h:
        * platform/graphics/FontFamilySpecificationNull.h:
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::systemFontParameters):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h:

2017-06-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Expand system-ui to include every item in the Core Text cascade list
        https://bugs.webkit.org/show_bug.cgi?id=173043
        <rdar://problem/21125708>

        Reviewed by Simon Fraser.

        The concept of the system font on Cocoa platforms represents the entire Core Text cascade list.
        However, previously, WebKit only represented system-ui by pulling out the first item in the Core
        Text cascade list. Instead, we should make all text rendered with "system-ui" match what the
        platform would natively render.

        Previously, we walked through the strings in the font-family property and looked them up one by
        one. However, now we want to abstract this idea of a font family to possibly hold a
        CTFontDescriptorRef instead of a string. This way, we expand a font-family list of ["fontA",
        "system-ui", "fontB"] to ["fontA", ... a bunch of CTFontDescriptorRefs ..., "FontB"]. We can
        then modify the consumer of this object to have two codepaths: the old string-based codepath,
        and a new, platform-specific codepath which simply embeds the CTFontDesriptorRefs inside a Font
        object.

        We don't want to simply pull out the family name from each item in the Core Text fallback list
        because that is a lossy translation. There is more information in these font descriptors which
        cannot be represented by CSS. Therefore, we must keep the descriptors alive and add the new
        codepath for them.

        We also don't want to run the CSS font matching algorithm on each member of the Core Text
        fallback list because it may yield different results from Core Text's font matching algorithm.
        Our goal is to draw text as closely as possible to the system APIs. If we ran it, we may find
        a font which is closer to the requested traits, but it would look out of place on the system.

        This new codepath is only enabled on macOS High Sierra and iOS 11, because enabling it on all
        operating systems would make fixing https://bugs.webkit.org/show_bug.cgi?id=173300 impossible.

        Tests: fast/text/system-font-fallback-emoji.html
               fast/text/system-font-fallback.html
               fast/text/system-font-zero-size.html

        * WebCore.xcodeproj/project.pbxproj:
        * page/MemoryRelease.cpp:
        (WebCore::releaseNoncriticalMemory):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::realizeNextFallback): The consumer of our new data type. Now uses WTF::visit().
        (WebCore::FontCascadeFonts::realizeFallbackRangesAt): Now that the number of items to test
        against the current character is larger than the number of strings in the font-family list,
        we need to update the existing code to use the correct value.
        * platform/graphics/FontDescription.cpp: Default implementation for non-Cocoa ports.
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/FontDescription.h: Our new data type is a Variant of AtomicString and a
        platform-specific class. Cocoa uses a class that holds a CTFontDescriptorRef and other ports
        use an empty non-constructable class.
        * platform/graphics/FontFamilySpecificationNull.h: Added. The empty non-constructable
        class.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::fontCacheRegisteredFontsChangedNotificationCallback):
        (WebCore::FontCache::platformInit): Changing the system language will change the system font
        fallback list, so we need to listen to this notification. This also matters for
        FontCache::systemFallbackForCharacters(), so we should build off the same callback we are
        already using for font installation.
        (WebCore::invalidateFontCache):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp: Added. The platform-specific creation of
        our CTFontDescriptorRefs. We hold them cached in a SystemFontDatabase.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::singleton):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::SystemFontDatabase::clear):
        (WebCore::SystemFontDatabase::SystemFontDatabase):
        (WebCore::SystemFontDatabase::applyWeightAndItalics):
        (WebCore::SystemFontDatabase::removeCascadeList):
        (WebCore::SystemFontDatabase::computeCascadeList):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal):
        (WebCore::isSystemFontString):
        (WebCore::systemFontParameters):
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount): We don't store the result of this
        because it would probably be a bad idea to increase the size of every single FontCascade just
        in case it might ask for the system font. Most fonts never mention system-ui. Because it's so
        rare, we can just recalculate the result of this as necessary. This shouldn't be slow because
        the results are cached.
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: Added.
        (WebCore::FontFamilySpecificationCoreText::fontRanges): Create a FontRanges from a
        CTFontDescriptorRef.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h: Added.
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-06-15  David Kilzer  <ddkilzer@apple.com>

        Revert: [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        Revert r218347 and r218339 since we're going to take a different
        approach to investigating a crash on the WebThread.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/ios/CrashReporterSupportSoftLink.h: Remove.
        * platform/ios/CrashReporterSupportSoftLink.mm: Remove.
        * platform/ios/wak/WebCoreThread.mm:
        (WebThreadEnable):
        * platform/spi/ios/CrashReporterSupportSPI.h: Remove.

2017-06-15  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218365.

        The revision caused API timeouts on all builds.

        Reverted changeset:

        "[WebRTC] Removing a MediaStreamTrack from a MediaStream
        reports no recording to WebKit clients"
        https://bugs.webkit.org/show_bug.cgi?id=173398
        http://trac.webkit.org/changeset/218365

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        Allow use of Layout* TextStream operators in WebKit2
        https://bugs.webkit.org/show_bug.cgi?id=173440

        Reviewed by Zalan Bujtas.

        Export TextStream& operator<< for LayoutPoint, LayoutSize and LayoutRect so that
        WebKit2 can log them.

        Use #pragma once in these geometry headers.

        * platform/graphics/FloatPoint.h:
        * platform/graphics/FloatRect.h:
        * platform/graphics/FloatSize.h:
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntRect.h:
        * platform/graphics/IntSize.h:
        * platform/graphics/LayoutPoint.h:
        * platform/graphics/LayoutRect.h:
        * platform/graphics/LayoutSize.h:

2017-06-15  Antoine Quint  <graouts@apple.com>

        Modern media controls tests error in Button.js
        https://bugs.webkit.org/show_bug.cgi?id=173439

        Reviewed by Dean Jackson.

        Tests would sometime yield an error when commit() would be called and the _imageSource
        ivar hadn't been set. To more safely commit the mask image when it's loaded, we now use
        a markDirtyProperty() call and a commitProperty() override to ensure that we cover the
        case where we want to commit the mask image, and for other commits not to have to worry
        about the mask image being defined.

        * Modules/modern-media-controls/controls/button.js:
        (Button.prototype.commitProperty):
        (Button.prototype._updateImage):
        (Button.prototype.commit): Deleted.

2017-06-15  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-15  Jonathan Bedard  <jbedard@apple.com>

        Unreviewed build fix after r218336

        * platform/spi/cocoa/PassKitSPI.h: Add missing #ifdefs for Internal builds.

2017-06-15  Antoine Quint  <graouts@apple.com>

        Ensure we only log changes to the ScriptedAnimationController suspended state in debug builds
        https://bugs.webkit.org/show_bug.cgi?id=173423

        Reviewed by Tim Horton.

        We added logging for when the suspended state of the scripted animation controller would change in
        webkit.org/b/173326. It was meant to only be enabled in debug builds and we actually did the wrong
        thing and enabled it in non-debug builds.

        We also added a setting that wasn't used and that we are removing here.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::resetToConsistentState):
        (WebCore::InternalSettings::shouldLogScritedAnimationControllerSuspensionChange): Deleted.
        (WebCore::InternalSettings::setShouldLogScritedAnimationControllerSuspensionChange): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2017-06-15  David Kilzer  <ddkilzer@apple.com>

        Build fix: [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        * platform/ios/CrashReporterSupportSoftLink.h:
        * platform/ios/CrashReporterSupportSoftLink.mm:
        * platform/ios/wak/WebCoreThread.mm:
        (WebThreadEnable): Log to the console on iOS Simulator.
        * platform/spi/ios/CrashReporterSupportSPI.h:
        - CrashReporterSupport.h is not available on iOS Simulator, so
          restrict to iOS hardware only.

2017-06-15  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r218318.

        Seems to have caused an 11% PLT regression. Rolling out to
        confirm.

        Reverted changeset:

        "Don't always recalc the style of display: contents elements."
        https://bugs.webkit.org/show_bug.cgi?id=172753
        http://trac.webkit.org/changeset/218318

2017-06-15  Wenson Hsieh  <wenson_hsieh@apple.com>

        Using -[WebItemProviderPasteboard setItemProviders:] to swap out item providers before a drop breaks item provider loading
        https://bugs.webkit.org/show_bug.cgi?id=173338
        <rdar://problem/32777720>

        Reviewed by Tim Horton.

        Currently, replacing the list of UIItemProviders right before a drop is handled results in
        WebItemProviderPasteboard failing to load non-"public.content"-conformant items. This is because DragController
        computes and sends to the UI process a list of UTIs to load (preferredTypeIdentifiers: one type identifier for
        each item provider in WebItemProviderPasteboard). However, if the list of item providers changes immediately
        before a drop is performed, WebItemProviderPasteboard will get into an inconsistent state where it has a
        different number of preferred type identifiers to load than available item providers. This causes
        WebItemProviderPasteboard to fail when choosing what type identifiers to load from each item provider.

        To fix this, we instead have the web process propagate a list of supported type identifiers to the UI process,
        which is a property of only the drop destination rather than both the destination and item providers. When
        performing a drop, we then use the current item providers on WebItemProviderPasteboard to consult this list of
        supported type identifiers to resolve our list of preferred type identifiers to load.

        Globally renames updatePreferredTypeIdentifiers to updateSupportedTypeIdentifiers.

        Tests:
        DataInteractionTests.ExternalSourceOverrideDropFileUpload
        DataInteractionTests.ExternalSourceOverrideDropInsertURL

        * page/DragController.cpp:
        (WebCore::DragController::dragEnteredOrUpdated):
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        (WebCore::DragController::updatePreferredTypeIdentifiersForDragHandlingMethod): Deleted.
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        (WebCore::DragController::updatePreferredTypeIdentifiersForDragHandlingMethod): Deleted.
        * platform/DragData.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::updateSupportedTypeIdentifiers):
        (WebCore::PlatformPasteboard::updatePreferredTypeIdentifiers): Deleted.
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard init]):
        (-[WebItemProviderPasteboard updateSupportedTypeIdentifiers:]):
        (-[WebItemProviderPasteboard setItemProviders:]):
        (-[WebItemProviderPasteboard typeIsAppropriateForSupportedTypes:]):
        (-[WebItemProviderPasteboard typeIdentifierToLoadForRegisteredTypeIdentfiers:]):

        Add logic to resolve preferred type identifiers from an item providers list of registered type identifiers.
        This formerly existed on DragData.

        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
        (-[WebItemProviderPasteboard updatePreferredTypeIdentifiers:]): Deleted.
        * platform/mac/DragDataMac.mm:

        Remove preferred type identifier resolution logic from DragData.

        (WebCore::typeIsAppropriateForSupportedTypes): Deleted.
        (WebCore::DragData::updatePreferredTypeIdentifiers): Deleted.

2017-06-15  Sam Weinig  <sam@webkit.org>

        [WebIDL] Replace general inclusion of JSDOMConvert.h with inclusion of individual converter files to reduce unnecessary inclusion
        https://bugs.webkit.org/show_bug.cgi?id=173392

        Reviewed by Tim Horton.

        Stop including the umbrella header JSDOMConvert.h in every generated bindings and 
        instead only include the specific converter needed. Then, go around and add all the
        now missing includes that used to be obtained transitively.

        * Modules/indexeddb/IDBRequest.cpp:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        * Modules/plugins/QuickTimePluginReplacement.mm:
        * bindings/js/IDBBindingUtilities.cpp:
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        * bindings/js/JSCustomElementInterface.cpp:
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        * bindings/js/JSDOMConvertBase.h:
        * bindings/js/JSDOMConvertInterface.h:
        * bindings/js/JSDOMConvertRecord.h:
        * bindings/js/JSDOMConvertSequences.h:
        * bindings/js/JSDOMConvertUnion.h:
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        * bindings/js/JSDOMWindowProperties.cpp:
        * bindings/js/JSDocumentCustom.cpp:
        * bindings/js/JSErrorHandler.cpp:
        * bindings/js/JSEventListener.cpp:
        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        * bindings/js/JSHTMLDocumentCustom.cpp:
        * bindings/js/JSHistoryCustom.cpp:
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::JSMessageEvent::data):
        * bindings/js/JSMockContentFilterSettingsCustom.cpp:
        * bindings/js/JSMutationCallback.cpp:
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::retrieveResponse):
        * bindings/js/ScriptGlobalObject.cpp:
        * bindings/js/SerializedScriptValue.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (GetJSCAttributesForAttribute):
        (GenerateEnumerationHeader):
        (GenerateEnumerationImplementation):
        (GenerateEnumerationImplementationContent):
        (GenerateEnumerationsImplementationContent):
        (GenerateEnumerationHeaderContent):
        (GenerateEnumerationsHeaderContent):
        (GenerateDictionaryHeaderContent):
        (GenerateDictionariesHeaderContent):
        (GenerateDictionaryImplementationContent):
        (GenerateDictionariesImplementationContent):
        (GenerateHeader):
        (GeneratePropertiesHashTable):
        (GenerateOverloadDispatcher):
        (GenerateImplementation):
        (GenerateAttributeGetterDefinition):
        (GenerateSerializerDefinition):
        (GenerateDictionaryHeader):
        (JSValueToNative):
        (NativeToJSValueUsingReferences):
        (NativeToJSValueUsingPointers):
        (IsValidContextForNativeToJSValue):
        (NativeToJSValue):
        (GenerateConstructorDefinition):
        (ComputeFunctionSpecial):
        * bindings/scripts/test/JS/JSMapLike.cpp:
        * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.h:
        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerialization.h:
        * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
        * bindings/scripts/test/JS/JSTestSerializationInherit.h:
        * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
        * bindings/scripts/test/JS/JSTestSerializationInheritFinal.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
        * bindings/scripts/test/JS/JSTestStandaloneEnumeration.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        * dom/MouseEvent.cpp:
        * html/HTMLPlugInImageElement.cpp:

2017-06-14  David Kilzer  <ddkilzer@apple.com>

        [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        Reviewed by Andy Estes.

        * WebCore.xcodeproj/project.pbxproj: Add new files to project.
        * platform/ios/CrashReporterSupportSoftLink.h: Add.  The using
        statement is so that we don't have to write
        WebCore::SimulateCrash() in WebCoreThread.mm since it's
        functions are not defined inside a WebCore namespace.  I also
        kept the 'pid' argument despite the style checker warning
        because it matches the internal method definition.
        * platform/ios/CrashReporterSupportSoftLink.mm: Add.
        * platform/ios/wak/WebCoreThread.mm: Sort headers.  Soft link to
        CrashReporterSupport.framework.
        (WebThreadEnable): Generate a simulated crash log if the
        WebThread ever starts in MobileSafari.
        * platform/spi/ios/CrashReporterSupportSPI.h: Add.  The header
        isn't safe to include in C++ source, so wrap the import in
        extern "C" macros.

2017-06-15  Jonathan Bedard  <jbedard@apple.com>

        Build WebKit with High Sierra (Seed 1)
        https://bugs.webkit.org/show_bug.cgi?id=173371

        Reviewed by Andy Estes.

        * crypto/CommonCryptoUtilities.h: Added ccRSAPSSPadding to CCAsymmetricPading enum.
        * platform/spi/cocoa/AVKitSPI.h: Declare AVKit SPI used by WebKit in High Sierra.
        (-[AVTouchBarPlaybackControlsControlling NS_ENUM]): Added AVTouchBarMediaSelectionOptionType
        SPI used in WebPlaybackControlManager in High Sierra.
        * platform/spi/cocoa/PassKitSPI.h: Declare PassKit SPI used by WebKit in High Sierra.
        (NS_ERROR_ENUM): Added PKPaymentErrorCode used in WebPayment in High Sierra.

2017-06-15  Youenn Fablet  <youenn@apple.com>

        RTCPeerConnection returns RTCSessionDescription where RTCSessionDescriptionInit would be appropriate
        https://bugs.webkit.org/show_bug.cgi?id=173118
        <rdar://problem/32746761>

        Reviewed by Eric Carlson.

        Test: webrtc/createOfferAnswer.html

        Making the promise return a RTCSessionDescription::Init instead of a RTCSessionDescription.
        This aligns with the spec and is more optimal.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::PeerConnectionBackend::createAnswerSucceeded):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCSessionDescription.idl:

2017-06-15 Emilio Cobos Álvarez  <ecobos@igalia.com>

        Don't always recalc the style of display: contents elements.
        https://bugs.webkit.org/show_bug.cgi?id=172753

        Reviewed by Antti Koivisto.

        No new tests (no functionality change). This only removes an
        inefficiency.

        * dom/Element.cpp:
        (WebCore::Element::existingComputedStyle):
        * dom/Element.h:
        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateRenderTree):
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveElement):
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
        (WebCore::Style::shouldResolveElement):
        (WebCore::Style::TreeResolver::resolveComposedTree):

2017-06-14  Antoine Quint  <graouts@apple.com>

        Rebaseline media/modern-media-controls/media-documents
        https://bugs.webkit.org/show_bug.cgi?id=173394

        Reviewed by Dean Jackson.

        We found two issues related to media documents while rebaselining the dedicated tests.

        First, we needed to expose the --inline-controls-bar-height CSS variable to <video>
        elements in media documents that are actually showing an audio UI. Previously we would
        only expose the variable to <audio> elements.

        Also, due to webkit.org/b/173387, we would fail to identify certain media documents as
        video because the videoTracks weren't set yet when the "loadedmetadata" event would be
        triggered. So now we also look at the videoWidth and videoHeight properties, which should
        provide accurate information in the "loadedmetadata" event handler.

        * Modules/modern-media-controls/controls/media-controls.css:
        (:host(audio), :host(video.media-document.audio), *):
        (:host(audio), *): Deleted.
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.get isAudio):

2017-06-14  Zalan Bujtas  <zalan@apple.com>

        animations-paused-in-background-page.html and animated-svg-image-removed-from-document-paused.html fail after r218284
        https://bugs.webkit.org/show_bug.cgi?id=173393

        Reviewed by Simon Fraser.

        Testing cares really about whether the animation has initiated.  

        * platform/graphics/Image.h:
        (WebCore::Image::animationPending):
        * testing/Internals.cpp:
        (WebCore::Internals::isImageAnimating):

2017-06-14  Dean Jackson  <dino@apple.com>

        Restrict filtered painting across cross-origin boundaries with transforms
        https://bugs.webkit.org/show_bug.cgi?id=173388
        <rdar://problem/27362159>

        Reviewed by Simon Fraser.

        Make sure all cases of LayerPaintingInfo maintain the security
        flag. In this case there was only one new place, and since
        everything is scalar, there was no need for a real copy constructor.

        Test: http/tests/css/filters-on-iframes-transform.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform): Make sure the cross
        origin flag is used in the call to paint the layer children.
        * rendering/RenderLayer.h: Fix some typos.

2017-06-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218285.
        https://bugs.webkit.org/show_bug.cgi?id=173391

        API test fails on iOS (Requested by alexchristensen on
        #webkit).

        Reverted changeset:

        "Add SPI for immediate injection of user scripts"
        https://bugs.webkit.org/show_bug.cgi?id=173342
        http://trac.webkit.org/changeset/218285

2017-06-14  Jer Noble  <jer.noble@apple.com>

        Video flashes black when switching back to a tab https://www.apple.com/homepod/
        https://bugs.webkit.org/show_bug.cgi?id=173377

        Reviewed by Eric Carlson.

        Previously, we had set the background color of the video layer to black in order to make the rect
        occupied by the HTMLMediaElement fully opaque. This worked around a graphics corruption bug. Since
        then, the code in RenderVideo::foregroundIsKnownToBeOpaqueInRect(...) has been fixed to fully account
        for whether the HTMLMediaElement has a valid frame to display, making the black layer background
        unnecessary.

        Remove all the instances where we were setting the background color of the video layer to black.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:
        (WebCore::VideoFullscreenLayerManager::setVideoLayer):
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer):

2017-06-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218161.

        Introduced bot API test failures and Layout Test Failures.

        Reverted changeset:

        "[Cocoa] Expand system-ui to include every item in the Core
        Text cascade list"
        https://bugs.webkit.org/show_bug.cgi?id=173043
        http://trac.webkit.org/changeset/218161

2017-06-14  Alex Christensen  <achristensen@webkit.org>

        Add SPI for immediate injection of user scripts
        https://bugs.webkit.org/show_bug.cgi?id=173342
        <rdar://problem/29202285>

        Reviewed by Brady Eidson.

        The new SPI is WKUserContentController._addUserScriptImmediately.
        It is covered by new API tests.

        * page/Frame.cpp:
        (WebCore::Frame::injectUserScripts):
        (WebCore::Frame::injectUserScriptImmediately):
        Move injection functionality to allow us to call it directly from the new SPI.
        * page/Frame.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):
        * page/Page.h:

2017-06-14  Zalan Bujtas  <zalan@apple.com>

        Crash in WebCore::RenderStyle::colorIncludingFallback.
        https://bugs.webkit.org/show_bug.cgi?id=173347
        <rdar://problem/32675317>

        Reviewed by Chris Dumez.

        Starting an SVG image animation synchronously might trigger recursive style recalc.
        We should kick off the animation on a zero timer to reduce callstack complexity. 

        Test: svg/as-image/svg-css-animation.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::didAddClient):
        * platform/graphics/Image.cpp:
        (WebCore::Image::Image):
        (WebCore::Image::startAnimationAsynchronously):
        * platform/graphics/Image.h:

2017-06-14  Brady Eidson  <beidson@apple.com>

        WKIconLoadingDelegate never gets asked about the default favicon if touch/touch-precomposed icons are in the <head>
        <rdar://problem/32614328> and https://bugs.webkit.org/show_bug.cgi?id=173376

        Reviewed by Alex Christensen.

        Covered by new API test

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading): Previously we applied the default favicon if the set of LinkIcons was empty.
          Now, apply the default favicon if the set of LinkIcons contains no explicit favicon.

2017-06-14  Jer Noble  <jer.noble@apple.com>

        Flaky Test: media/media-source/media-source-unnecessary-seek-seeked.html
        https://bugs.webkit.org/show_bug.cgi?id=173344

        Reviewed by Eric Carlson.

        Separate the concept of "the page has asked us to seek" from "we have asked the
        media player to seek". When the media engine tells us its ready state has changed
        after the page has requested a seek, but before the media element has asked its
        player to perform the seek, we were previously firing a seeked event. Now we'll
        check this new ivar and see that we aren't expecting a seek to finish yet.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::setReadyState):
        (WebCore::HTMLMediaElement::finishSeek):
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
        * html/HTMLMediaElement.h:

2017-06-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218157.

        This patch caused multiple API failures on iOS Simulator.

        Reverted changeset:

        "@font-face rules with invalid primary fonts never download
        their secondary fonts"
        https://bugs.webkit.org/show_bug.cgi?id=173138
        http://trac.webkit.org/changeset/218157

2017-06-14  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r217997): mint.com header renders incorrectly when initially loaded
        https://bugs.webkit.org/show_bug.cgi?id=173302
        <rdar://problem/32731747>

        Reviewed by Darin Adler.

        r217997 updated ImplicitAnimation::reset() to not call updateStateMachine(AnimationStateInput::RestartAnimation)
        if the compositeAnimation is suspended. If the compositeAnimation is suspended, we would call
        updateStateMachine(AnimationStateInput::AnimationStateInput::PlayStatePaused), which was expected to be a no-op.
        This was needed because otherwise, changing the style of the animated element would restart the animation
        even though it was supposed to be suspended. One thing I did not realize is that calling
        updateStateMachine(AnimationStateInput::AnimationStateInput::PlayStatePaused) on an animation that is already
        in PausedNew state, will cause it to move to PausedWaitResponse state. This is an issue because upon resuming
        we would call AnimationBase::updatePlayState(AnimPlayStatePlaying) which would return early because
        AnimationBase::paused() would return false. To address the issue, we no longer call updateStateMachine(PlayStatePaused)
        in ImplicitAnimation::reset() when the compositeAnimation is suspended, so that the animation stays in
        PausedNew state until we resume. When we resume, AnimationBase::paused() returns false and we actually resume
        the animation.

        Tests:
        fast/animation/css-animation-resuming-when-visible-with-style-change.html
        fast/animation/css-animation-resuming-when-visible-with-style-change2.html

        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::reset):

2017-06-14  Miguel Gomez  <magomez@igalia.com>

        REGRESSION(r216901): ImageDecoders: rendering of large images is broken since r216901
        https://bugs.webkit.org/show_bug.cgi?id=172502

        Reviewed by Carlos Garcia Campos.

        When using GTK and WPE image decoders, the decoded frames are stored inside a Vector of
        ImageFrames inside the decoders. These ImageFrames have and ImageBackingStore with the
        pixels. When a NativeImagePtr is requested, a cairo surface is created from the data
        in those ImageBackingStores, but the data keeps being owned by the backing stores. Due
        to this, if the decoder that created the image gets destroyed, the backing stores for
        the decoded frames get destroyed as well, causing the cairo surfaces that were using
        that data to contain garbage (and potentially cause a crash).

        To fix this, we change ImageBackingStore so the pixels are stored in a SharedBuffer. The
        buffer will be reffed everytime a cairo surface is created with it, and the cairo surfaces
        will unref the buffer when they are destroyed. This way, the pixel data won't be freed
        while there are cairo surfaces using it.

        No new tests, no behaviour change.

        * platform/graphics/ImageBackingStore.h:
        (WebCore::ImageBackingStore::setSize):
        (WebCore::ImageBackingStore::ImageBackingStore):
        * platform/image-decoders/cairo/ImageBackingStoreCairo.cpp:
        (WebCore::ImageBackingStore::image):

2017-06-14  Zan Dobersek  <zdobersek@igalia.com>

        [GStreamer] Align GstBus signal watch priorities with RunLoop dispatches
        https://bugs.webkit.org/show_bug.cgi?id=173348

        Reviewed by Carlos Garcia Campos.

        When adding GstBus signal watches, use the gst_bus_add_signal_watch_full()
        function to also specify the GLib priority that's used for the underlying
        GSource object.

        RunLoopSourcePriority::RunLoopDispatcher should be a good priority value
        to use here, matching the RunLoop::dispatch() priority that's e.g. used
        in the MainThreadNotifier class.

        * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
        (WebCore::AudioDestinationGStreamer::AudioDestinationGStreamer):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::AppendPipeline::AppendPipeline):

2017-06-14  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream iOS] Back camera view rendered upside down when in portrait mode
        https://bugs.webkit.org/show_bug.cgi?id=173346
        <rdar://problem/32713675>

        Reviewed by Youenn Fablet.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::computeSampleRotation): Use different rotations for front and
        back cameras when device is in portrait orientation.

2017-06-13  Chris Dumez  <cdumez@apple.com>

        Event handlers should not be called in frameless documents
        https://bugs.webkit.org/show_bug.cgi?id=173233

        Reviewed by Sam Weinig.

        As per the HTML specification [1], for event handlers on elements, we should use the
        element's document to check if scripting is disabled [2]. Scripting is considered to
        be disabled if the document has no browsing context (i.e. a frame in WebKit terms).

        In JSLazyEventListener::initializeJSFunction(), instead of using the element's
        document to do the checks, we would use the script execution context. In most cases,
        a node's document and its script execution context are the same so this is not an
        issue. However, if the node's document is a document created via JS, its nodes'
        script execution context will be the document's context document (i.e the one that
        created the document, see implementation of Node::scriptExecutionContext()). In those
        cases, using the wrong document is an issue because the document's context document
        (aka script execution context) may allow scripting but we still do not want to call
        the event handler because its document is frameless.

        This impacts documents created by JS, using the following APIs:
        - DOMParser.parseFromHTML
        - new Document()
        - DOMImplementation.createDocument / createHTMLDocument
        - XHRs whose responseType is Document.

        [1] https://html.spec.whatwg.org/multipage/webappapis.html#getting-the-current-value-of-the-event-handler (step 1.1.)
        [2] https://html.spec.whatwg.org/multipage/webappapis.html#concept-n-noscript

        Tests: fast/events/event-handler-detached-document-dispatchEvent.html
               fast/events/event-handler-detached-document.html

        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::initializeJSFunction):

2017-06-13  Antoine Quint  <graouts@apple.com>

        Rebaseline media/modern-media-controls/placard-support
        https://bugs.webkit.org/show_bug.cgi?id=173340

        Reviewed by Dean Jackson.

        We make a source change to use a "placard" getter/setter to show or hide a placard, making it
        more convenient to test whether a placard has been set.

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype.get placard):
        (InlineMediaControls.prototype.set placard):
        (InlineMediaControls.prototype.showPlacard): Deleted.
        (InlineMediaControls.prototype.hidePlacard): Deleted.
        * Modules/modern-media-controls/media/placard-support.js:
        (PlacardSupport.prototype._updatePlacard):
        (PlacardSupport):

2017-06-11  Antoine Quint  <graouts@apple.com>

        Rebaseline media/modern-media-controls/fullscreen-support
        https://bugs.webkit.org/show_bug.cgi?id=173199

        Reviewed by Simon Fraser.

        Test: media/modern-media-controls/fullscreen-support/fullscreen-support-press.html

        We no longer need to track the "error" event for FullscreenSupport since we don't actually
        enable or disable the fullscreen button when an error happens, instead the media controls
        code will simply not present it since we'll be showing a placard instead.

        * Modules/modern-media-controls/media/fullscreen-support.js:
        (FullscreenSupport.prototype.get mediaEvents):

2017-06-13  Matt Rajca  <mrajca@apple.com>

        WebsitePolicies: let clients select specific autoplay quirks
        https://bugs.webkit.org/show_bug.cgi?id=173343

        Reviewed by Alex Christensen.

        Tests: Updated API tests accordingly to use new values.

        Replace the 'allowsAutoplayQuirks' bool with an OptionSet so clients can selectively
        pick auto-play quirks.

        * dom/Document.cpp:
        (WebCore::Document::processingUserGestureForMedia):
        * html/HTMLMediaElement.cpp:
        (WebCore::needsAutoplayPlayPauseEventsQuirk):
        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::allowedAutoplayQuirks):
        (WebCore::DocumentLoader::setAllowedAutoplayQuirks):
        (WebCore::DocumentLoader::allowsAutoplayQuirks): Deleted.
        (WebCore::DocumentLoader::setAllowsAutoplayQuirks): Deleted.

2017-06-13  Zalan Bujtas  <zalan@apple.com>

        Synchronous media query callbacks on nested frames could produced a detached FrameView.
        https://bugs.webkit.org/show_bug.cgi?id=173330

        Reviewed by Simon Fraser.

        This patch fixes the crash when the nested frame's media query callback triggers navigation on the mainframe.
        webkit.org/b/173329 is to track whether we should allow synchronous callback firing from FrameView::layout(). 

        Covered by show-modal-dialog-during-execCommand.html.

        * page/FrameView.cpp:
        (WebCore::FrameView::layout):

2017-06-13  Chris Fleizach  <cfleizach@apple.com>

        AX[macOS]: Expose Inline property as an accessibility attribute
        https://bugs.webkit.org/show_bug.cgi?id=173131
        <rdar://problem/32667686>

        Reviewed by Joanmarie Diggs.

        Expose whether a renderer is inline so that VoiceOver can make better use of that data when deciding what to output.

        Test: accessibility/mac/inline-text-attribute.html

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

2017-06-13  Jon Davis  <jond@apple.com>

        Update Subresource Integrity status to Supported In Preview
        https://bugs.webkit.org/show_bug.cgi?id=173324

        Reviewed by Sam Weinig.

        * features.json:

2017-06-13  Antoine Quint  <graouts@apple.com>

        Add logging for layout tests when rAF callbacks get suspended and resumed
        https://bugs.webkit.org/show_bug.cgi?id=173326

        Reviewed by Simon Fraser.

        In order to help diagnose webkit.org/b/168409 we log the ScriptedAnimationController
        suspend count when it changes and log the backtrace so that we may understand why it
        fails to be set back to 0 when some modern-media-controls tests run.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::suspend):
        (WebCore::ScriptedAnimationController::resume):
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * dom/ScriptedAnimationController.h:
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::resetToConsistentState):
        (WebCore::InternalSettings::shouldLogScritedAnimationControllerSuspensionChange):
        (WebCore::InternalSettings::setShouldLogScritedAnimationControllerSuspensionChange):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2017-06-13  Jer Noble  <jer.noble@apple.com>

        Crash when MSE backed media element changes src/srcObject during PiP
        https://bugs.webkit.org/show_bug.cgi?id=173288

        Reviewed by Alex Christensen.

        Tear down the MediaPlayerPrivateMediaSourceAVFObjC's layers fully whe the player
        is destroyed, which includes removing the player's AVSampleBufferDisplayLayer from
        the HTMLMediaElement's fullscreen layer.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::~MediaPlayerPrivateMediaSourceAVFObjC):

2017-06-13  Daniel Bates  <dabates@apple.com>

        Implement W3C Secure Contexts Draft Specification
        https://bugs.webkit.org/show_bug.cgi?id=158121
        <rdar://problem/26012994>

        Reviewed by Brent Fulgham.

        Part 4

        Adds runtime enabled feature flag, isSecureContextAttributeEnabled, to toggle exposing
        the global object property isSecureContext (defaults: true - expose the property).

        Test: security/isSecureContext-disabled.html

        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setIsSecureContextAttributeEnabled):
        (WebCore::RuntimeEnabledFeatures::isSecureContextAttributeEnabled):
        * page/WindowOrWorkerGlobalScope.idl:

2017-06-13  Jer Noble  <jer.noble@apple.com>

        Protect lifetime of media element during HTMLMediaElement::notifyAboutPlaying()
        https://bugs.webkit.org/show_bug.cgi?id=173320
        <rdar://problem/32590276>

        Reviewed by Brent Fulgham.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::notifyAboutPlaying):

2017-06-13  Youenn Fablet  <youenn@apple.com>

        getReceivers() should return transceivers that have only an active receiver
        https://bugs.webkit.org/show_bug.cgi?id=173313

        Reviewed by Alex Christensen.

        Test: webrtc/video-receivers.html

        Creating transceivers for receivers created from an offer.
        Setting these as recvonly.

        * Modules/mediastream/RTCRtpTransceiver.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::LibWebRTCPeerConnectionBackend::videoReceiver):
        (WebCore::LibWebRTCPeerConnectionBackend::audioReceiver):

2017-06-13  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unable to paste text that was copied from a page into the universal search field
        https://bugs.webkit.org/show_bug.cgi?id=173293
        <rdar://problem/32440918>

        Reviewed by Ryosuke Niwa.

        Vend "public.utf8-plain-text" and "public.utf16-plain-text" as additional representations on the pasteboard when
        copying both rich and plain web content in PlatformPasteboardIOS.mm. This is because UITextView no longer
        supports pasting "public.text" as text in iOS 11.

        Tests:
        UIPasteboardTests.CopyPlainTextWritesConcreteTypes
        UIPasteboardTests.CopyRichTextWritesConcreteTypes

        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::writePlainText):
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::write):

2017-06-13  Sam Weinig  <sam@webkit.org>

        Rename JSDOMWindowShell to JSDOMWindowProxy to match the HTML5 spec.
        https://bugs.webkit.org/show_bug.cgi?id=80733

        Reviewed by Chris Dumez.

        Goodbye dear shell.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
        (WebCore::DOMWrapperWorld::clearWrappers):
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::didCreateWindowProxy):
        (WebCore::DOMWrapperWorld::didDestroyWindowProxy):
        (WebCore::DOMWrapperWorld::didCreateWindowShell): Deleted.
        (WebCore::DOMWrapperWorld::didDestroyWindowShell): Deleted.
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::JSDOMWindowBase):
        (WebCore::JSDOMWindowBase::finishCreation):
        (WebCore::JSDOMWindowBase::willRemoveFromWindowProxy):
        (WebCore::JSDOMWindowBase::proxy):
        (WebCore::toJSDOMWindow):
        (WebCore::JSDOMWindowBase::willRemoveFromWindowShell): Deleted.
        (WebCore::JSDOMWindowBase::shell): Deleted.
        * bindings/js/JSDOMWindowBase.h:
        (WebCore::toJS):
        (WebCore::toJSDOMWindow):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::toWrapped):
        * bindings/js/JSDOMWindowCustom.h:
        * bindings/js/JSDOMWindowProperties.h:
        (WebCore::JSDOMWindowProperties::JSDOMWindowProperties):
        * bindings/js/JSDOMWindowProxy.cpp: Copied from WebCore/bindings/js/JSDOMWindowShell.cpp.
        (WebCore::JSDOMWindowProxy::JSDOMWindowProxy):
        (WebCore::JSDOMWindowProxy::finishCreation):
        (WebCore::JSDOMWindowProxy::destroy):
        (WebCore::JSDOMWindowProxy::setWindow):
        (WebCore::JSDOMWindowProxy::wrapped):
        (WebCore::JSDOMWindowProxy::toWrapped):
        (WebCore::toJS):
        (WebCore::toJSDOMWindowProxy):
        (WebCore::JSDOMWindowShell::JSDOMWindowShell): Deleted.
        (WebCore::JSDOMWindowShell::finishCreation): Deleted.
        (WebCore::JSDOMWindowShell::destroy): Deleted.
        (WebCore::JSDOMWindowShell::setWindow): Deleted.
        (WebCore::JSDOMWindowShell::wrapped): Deleted.
        (WebCore::JSDOMWindowShell::toWrapped): Deleted.
        (WebCore::toJSDOMWindowShell): Deleted.
        * bindings/js/JSDOMWindowProxy.h: Copied from WebCore/bindings/js/JSDOMWindowShell.h.
        (WebCore::JSDOMWindowProxy::create):
        (WebCore::toJSDOMWindowProxy):
        (WebCore::JSDOMWindowShell::window): Deleted.
        (WebCore::JSDOMWindowShell::create): Deleted.
        (WebCore::JSDOMWindowShell::createStructure): Deleted.
        (WebCore::JSDOMWindowShell::world): Deleted.
        (WebCore::toJSDOMWindowShell): Deleted.
        * bindings/js/JSDOMWindowShell.cpp: Removed.
        * bindings/js/JSDOMWindowShell.h: Removed.
        * bindings/js/JSEventTargetCustom.cpp:
        (WebCore::JSEventTarget::toWrapped):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::open):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::execute):
        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
        (WebCore::ScriptCachedFrameData::restore):
        * bindings/js/ScriptController.cpp:
        (WebCore::collectGarbageAfterWindowProxyDestruction):
        (WebCore::ScriptController::~ScriptController):
        (WebCore::ScriptController::destroyWindowProxy):
        (WebCore::ScriptController::createWindowProxy):
        (WebCore::ScriptController::evaluateInWorld):
        (WebCore::ScriptController::loadModuleScriptInWorld):
        (WebCore::ScriptController::linkAndEvaluateModuleScriptInWorld):
        (WebCore::ScriptController::evaluateModule):
        (WebCore::ScriptController::windowProxies):
        (WebCore::ScriptController::clearWindowProxiesNotMatchingDOMWindow):
        (WebCore::ScriptController::setDOMWindowForWindowProxy):
        (WebCore::ScriptController::initScript):
        (WebCore::ScriptController::setupModuleScriptHandlers):
        (WebCore::ScriptController::eventHandlerPosition):
        (WebCore::ScriptController::enableEval):
        (WebCore::ScriptController::disableEval):
        (WebCore::ScriptController::canAccessFromCurrentOrigin):
        (WebCore::ScriptController::attachDebugger):
        (WebCore::ScriptController::updateDocument):
        (WebCore::ScriptController::cacheableBindingRootObject):
        (WebCore::ScriptController::bindingRootObject):
        (WebCore::ScriptController::createRootObject):
        (WebCore::ScriptController::collectIsolatedContexts):
        (WebCore::ScriptController::windowScriptNPObject):
        (WebCore::ScriptController::jsObjectForPluginElement):
        (WebCore::ScriptController::cleanupScriptObjectsForPlugin):
        (WebCore::ScriptController::clearScriptObjects):
        (WebCore::ScriptController::executeIfJavaScriptURL):
        (WebCore::collectGarbageAfterWindowShellDestruction): Deleted.
        (WebCore::ScriptController::destroyWindowShell): Deleted.
        (WebCore::ScriptController::createWindowShell): Deleted.
        (WebCore::ScriptController::windowShells): Deleted.
        (WebCore::ScriptController::clearWindowShellsNotMatchingDOMWindow): Deleted.
        (WebCore::ScriptController::setDOMWindowForWindowShell): Deleted.
        * bindings/js/ScriptController.h:
        (WebCore::ScriptController::windowProxy):
        (WebCore::ScriptController::existingWindowProxy):
        (WebCore::ScriptController::globalObject):
        (WebCore::ScriptController::windowShell): Deleted.
        (WebCore::ScriptController::existingWindowShell): Deleted.
        * bindings/js/ScriptControllerMac.mm:
        (WebCore::ScriptController::windowScriptObject):
        * bindings/js/ScriptState.cpp:
        (WebCore::mainWorldExecState):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateOverloadDispatcher):
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionOverloadedMethodOverloadDispatcher):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        (WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld):
        * page/Frame.cpp:
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::didCreateWindowProxy):
        (WebCore::ContentSecurityPolicy::didCreateWindowShell): Deleted.
        * page/csp/ContentSecurityPolicy.h:

2017-06-13  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix typo in variable introduced in r218108.

        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        (WebCore::registerSQLiteMemoryPressureHandler):

2017-06-13  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Implement missing AtkRelation types
        https://bugs.webkit.org/show_bug.cgi?id=155494

        Reviewed by Darin Adler.

        Add methods for getting the element(s) which reference a particular element via an
        ARIA attribute. Then use those methods to identify and expose the expected reverse/
        reciprocal AtkRelationType and targets. Also add ATK support for aria-owns.

        Use SpaceSplitString in AccessibilityObject::elementsFromAttribute() so that unexpected
        whitespace characters in an attribute's list of ids does not prevent the desired element
        from being found.

        Lastly, change the return type of AccessibilityObject::identifierAttribute() from a String
        to a const AtomicString& for better efficiency.

        Tests: accessibility/aria-owns.html
               accessibility/gtk/relation-types.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::identifierAttribute):
        (WebCore::AccessibilityObject::elementsFromAttribute):
        (WebCore::AccessibilityObject::ariaElementsReferencedByAttribute):
        (WebCore::AccessibilityObject::ariaControlsReferencingElements):
        (WebCore::AccessibilityObject::ariaDescribedByReferencingElements):
        (WebCore::AccessibilityObject::ariaFlowToReferencingElements):
        (WebCore::AccessibilityObject::ariaLabelledByReferencingElements):
        (WebCore::AccessibilityObject::ariaOwnsReferencingElements):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (setAtkRelationSetFromCoreObject):

2017-06-13  Gwang Yoon Hwang  <yoon@igalia.com>

        [GStreamerGL] Release GstVideoFrame when there is a flush event from the pipeline
        https://bugs.webkit.org/show_bug.cgi?id=172427

        Reviewed by Žan Doberšek.

        Without GStreamerGL MediaPlayerPrivateGStreamer copies the video frame from
        the decoder's buffer to the texture to display a video. So it makes possible
        to release the GstSample when it got a flush start event to free the decoder's
        buffer to the decoder without side-effects.

        Unlike the traditional way to render video, GStreamer GL does not copy a
        texture from the decoder to the texture mapper's buffer to draw video frame.
        It uses same GstMemory with the gst pipeline to manage the texture to prevent
        copy operations. So without releasing a layer buffer, there is no way to
        return GstMemory to the buffer pool.

        This patch releases current GstSample when the player got the flush start
        event.  It destructs the platform layer buffer any time there is a flush start
        event.

        However, it is not enough to release the GstMemory. The platform layer proxy
        should copy current buffer to show it to the compositor instead of a blank
        frame. It prevents flickerings until getting a new frame after handling flush
        events.

        No new tests, there shouldn't be behavior changes

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::swapBuffersIfNeeded):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
        (WebCore::MediaPlayerPrivateGStreamerBase::flushCurrentBuffer):
        (WebCore::MediaPlayerPrivateGStreamerBase::createGLAppSink): Adds
        handler for the flush event.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/texmap/BitmapTextureGL.cpp:
        (WebCore::BitmapTextureGL::BitmapTextureGL):
        (WebCore::BitmapTextureGL::copyFromExternalTexture): Copies
        a external texture to the managed texture.
        * platform/graphics/texmap/BitmapTextureGL.h:
        (WebCore::BitmapTextureGL::create):
        To create the managed texture with specific format, this patch adds a
        optional parameter for a texture format.
        * platform/graphics/texmap/TextureMapper.h:
        * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp:
        (WebCore::TextureMapperGC3DPlatformLayer::swapBuffersIfNeeded):
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::createTexture):
        * platform/graphics/texmap/TextureMapperGL.h:
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
        (WebCore::TextureMapperPlatformLayerBuffer::TextureMapperPlatformLayerBuffer):
        (WebCore::TextureMapperPlatformLayerBuffer::clone):
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
        (WebCore::TextureMapperPlatformLayerProxy::appendToUnusedBuffers): Added
        to schedule releasing unused buffers in main thread.
        (WebCore::TextureMapperPlatformLayerProxy::swapBuffer):
        (WebCore::TextureMapperPlatformLayerProxy::dropCurrentBufferWhilePreservingTexture):
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:

2017-06-13  Youenn Fablet  <youenn@apple.com>

        Filter SDP from ICE candidates in case of local ICE candidate filtering
        https://bugs.webkit.org/show_bug.cgi?id=173120

        Reviewed by Eric Carlson.

        Covered by updated test.

        Adding filtering of local description in getters and createOffer promise.

        * Modules/mediastream/MediaEndpointSessionDescription.cpp:
        (WebCore::MediaEndpointSessionDescription::toRTCSessionDescription):
        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::filterICECandidate):
        (WebCore::PeerConnectionBackend::filterSDP):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCSessionDescription.h:
        (WebCore::RTCSessionDescription::setSdp):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::LibWebRTCPeerConnectionBackend::currentLocalDescription):
        (WebCore::LibWebRTCPeerConnectionBackend::pendingLocalDescription):
        (WebCore::LibWebRTCPeerConnectionBackend::localDescription):

2017-06-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] [macOS] Stop soft-linking Core Text function in iOS 11 and macOS High Sierra
        https://bugs.webkit.org/show_bug.cgi?id=173289

        Reviewed by Lucas Forschler.

        No new tests because there is no behavior change.

        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-06-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Expand system-ui to include every item in the Core Text cascade list
        https://bugs.webkit.org/show_bug.cgi?id=173043
        <rdar://problem/21125708>

        Reviewed by Simon Fraser.

        The concept of the system font on Cocoa platforms represents the entire Core Text cascade list.
        However, previously, WebKit only represented system-ui by pulling out the first item in the Core
        Text cascade list. Instead, we should make all text rendered with "system-ui" match what the
        platform would natively render.

        Previously, we walked through the strings in the font-family property and looked them up one by
        one. However, now we want to abstract this idea of a font family to possibly hold a
        CTFontDescriptorRef instead of a string. This way, we expand a font-family list of ["fontA",
        "system-ui", "fontB"] to ["fontA", ... a bunch of CTFontDescriptorRefs ..., "FontB"]. We can
        then modify the consumer of this object to have two codepaths: the old string-based codepath,
        and a new, platform-specific codepath which simply embeds the CTFontDesriptorRefs inside a Font
        object.

        We don't want to simply pull out the family name from each item in the Core Text fallback list
        because that is a lossy translation. There is more information in these font descriptors which
        cannot be represented by CSS. Therefore, we must keep the descriptors alive and add the new
        codepath for them.

        We also don't want to run the CSS font matching algorithm on each member of the Core Text
        fallback list because it may yield different results from Core Text's font matching algorithm.
        Our goal is to draw text as closely as possible to the system APIs. If we ran it, we may find
        a font which is closer to the requested traits, but it would look out of place on the system.

        Tests: fast/text/system-font-fallback-emoji.html
               fast/text/system-font-fallback.html

        * WebCore.xcodeproj/project.pbxproj:
        * page/MemoryRelease.cpp:
        (WebCore::releaseNoncriticalMemory):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::realizeNextFallback): The consumer of our new data type. Now uses WTF::visit().
        (WebCore::FontCascadeFonts::realizeFallbackRangesAt): Now that the number of items to test
        against the current character is larger than the number of strings in the font-family list,
        we need to update the existing code to use the correct value.
        * platform/graphics/FontDescription.cpp: Default implementation for non-Cocoa ports.
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/FontDescription.h: Our new data type is a Variant of AtomicString and a
        platform-specific class. Cocoa uses a class that holds a CTFontDescriptorRef and other ports
        use an empty non-constructable class.
        * platform/graphics/FontFamilySpecificationNull.h: Added. The empty non-constructable
        class.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformInit): Changing the system language will change the system font
        fallback list, so we need to listen to this notification. This also matters for
        FontCache::systemFallbackForCharacters(), so we should build off the same callback we are
        already using for font installation.
        (WebCore::invalidateFontCache):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp: Added. The platform-specific creation of
        our CTFontDescriptorRefs. We hold them cached in a SystemFontDatabase.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::singleton):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::SystemFontDatabase::clear):
        (WebCore::SystemFontDatabase::SystemFontDatabase):
        (WebCore::SystemFontDatabase::applyWeightAndItalics):
        (WebCore::SystemFontDatabase::removeCascadeList):
        (WebCore::SystemFontDatabase::computeCascadeList):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal):
        (WebCore::isSystemFontString):
        (WebCore::systemFontParameters):
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount): We don't store the result of this
        because it would probably be a bad idea to increase the size of every single FontCascade just
        in case it might ask for the system font. Most fonts never mention system-ui. Because it's so
        rare, we can just recalculate the result of this as necessary. This shouldn't be slow because
        the results are cached.
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: Added.
        (WebCore::FontFamilySpecificationCoreText::fontRanges): Create a FontRanges from a
        CTFontDescriptorRef.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h: Added.
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        * platform/graphics/ios/FontCacheIOS.mm: Delete the old handling for system-ui.
        (WebCore::platformFontWithFamilySpecialCase):
        (WebCore::baseSystemFontDescriptor): Deleted.
        (WebCore::systemFontModificationAttributes): Deleted.
        (WebCore::systemFontDescriptor): Deleted.
        * platform/graphics/mac/FontCacheMac.mm: Ditto.
        (WebCore::platformFontWithFamilySpecialCase):
        (WebCore::toNSFontWeight): Deleted.

2017-06-12  Daewoong Jang  <daewoong.jang@navercorp.com>

        Remove WebCore::unloadModule and related data types
        https://bugs.webkit.org/show_bug.cgi?id=173231

        Reviewed by Darin Adler.

        * platform/FileSystem.h:
        (WebCore::PlatformModuleVersion::PlatformModuleVersion): Deleted.
        * platform/glib/FileSystemGlib.cpp:
        (WebCore::unloadModule): Deleted.
        * platform/win/FileSystemWin.cpp:
        (WebCore::unloadModule): Deleted.

2017-06-12  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; fix a misspelling in CoreMediaSoftLink.{h,cpp}.

        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:

2017-06-12  Myles C. Maxfield  <mmaxfield@apple.com>

        @font-face rules with invalid primary fonts never download their secondary fonts
        https://bugs.webkit.org/show_bug.cgi?id=173138
        <rdar://problem/32554450>

        Reviewed by Simon Fraser.

        We have logic in CSSFontAccessor::font() which disallows downloading a CSSFontFace if that CSSFontFace
        is already in the Succeeded state. However, it was possible for a succeeded CSSFontFace to still fail
        to create a font. In this situation, we wouldn't be able to use the downloaded font, and we wouldn't
        try to download the next item in the src: list because the CSSFontFace is succeeded.

        This patch strengthens the meaning of the Succeeded state. Previously, it just meant that the bytes
        in the file were downloaded successfully. This patch extends this to also mean that the bytes in the
        file can be successfully interpreted as a font. This way, the CSSFontFace in the example above won't be
        set to the Succeeded state, so we will continue follow the src: list and download the secondary fonts.

        This has an added benefit that the CSS Font Loading API's promises will be called more appropriately.
        The transition to the Succeeded state will trigger a resolve of the promise. Now, these promises will
        only be resolved if the fonts are actually parsed and understood by our text system.

        Test: fast/text/font-fallback-invalid-load.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::fontLoaded): Move to the failed state if we can't understand the font
        data. This is the crux of this patch.
        (WebCore::CSSFontFaceSource::font): This function should only be called if we are in the Succeeded
        state, which means now we know we should always be able to understand the bytes of the file. Therefore,
        we can change some if statements into ASSERT()s.
        * loader/cache/CachedSVGFont.cpp:
        (WebCore::CachedSVGFont::createFont): Ditto.
        (WebCore::CachedSVGFont::platformDataFromCustomData): Similarly to CSSFontFaceSource::fontLoaded(), this
        adds another check to our criteria for transitioning into the Succeeded state, which will guarantee that
        later we will always be able to create the font object.

2017-06-12  Chris Dumez  <cdumez@apple.com>

        Add Arabic Kasra to list of blacklisted characters when puny-decoding URL
        https://bugs.webkit.org/show_bug.cgi?id=173283
        <rdar://problem/32725659>

        Reviewed by Brent Fulgham.

        Add Arabic Kasra to list of blacklisted characters when puny-decoding URL as
        it is almost invisible in the URL bar.

        Test: fast/url/user-visible/arabic_kasra.html

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter):

2017-06-12  Jer Noble  <jer.noble@apple.com>

        Screen sleeps while doing WebRTC video
        https://bugs.webkit.org/show_bug.cgi?id=173278

        Reviewed by Eric Carlson.

        HTMLMediaElement triggers changing the sleep disabler token when the media engine
        says that its rate has changed; the MediaPlayerPrivateMediaStreamAVFObjC needs to
        notify its client (the HTMLMediaElement) that the rate has changed when the stream
        is played or paused.

        Drive-by fix: Don't set a sleep disabler token (i.e., allow the system and display
        to sleep) if the stream is strictly local-capture.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::shouldDisableSleep):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play):
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause):

2017-06-12  Jer Noble  <jer.noble@apple.com>

        Seeking an MSE video will begin playing audio long before rendering video
        https://bugs.webkit.org/show_bug.cgi?id=173269

        Reviewed by Eric Carlson.

        Add a notification listener which will be messaged when a to-be-displayed sample
        is decoded to signal that the 'seeked' event should fire. Consolidate all the various
        flush methods to funnel into a single flushVideo().

        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebBufferConsumedContext initWithParent:buffer:]):
        (-[WebBufferConsumedContext dealloc]):
        (-[WebBufferConsumedContext parent]):
        (-[WebBufferConsumedContext buffer]):
        (WebCore::bufferWasConsumedCallback):
        (WebCore::SourceBufferPrivateAVFObjC::SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::flush):
        (WebCore::SourceBufferPrivateAVFObjC::flushVideo):
        (WebCore::SourceBufferPrivateAVFObjC::enqueueSample):
        (WebCore::SourceBufferPrivateAVFObjC::bufferWasConsumed):
        (WebCore::SourceBufferPrivateAVFObjC::willSeek):

2017-06-12  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream iOS] Set audio session mode and options when capturing
        https://bugs.webkit.org/show_bug.cgi?id=173276
        <rdar://problem/32059254>

        Reviewed by Jer Noble.

        * platform/audio/ios/AudioSessionIOS.mm:
        (WebCore::AudioSession::setCategory): Set mode and options so the default output is to the speaker,
        and so audio will be routed to bluetooth when appropriate.

2017-06-12  Jeremy Jones  <jeremyj@apple.com>

        Remove watchdog timer from WebVideoFullscreenInterfaceAVKit
        https://bugs.webkit.org/show_bug.cgi?id=173272
        rdar://problem/32260378

        Reviewed by Jer Noble.

        No new tests because no effect on DOM.

        WebVideoFullscreenInterfaceAVKit's watchdog attempts to clean-up fullscreen if the page becomes unresponsive.
        However, it is just calling exitfullscreen(), which initiates the animation, but leaves the fullscreen window
        in place and doesn't initiate cleanup. This leaves the browser in an unusable state since all events will still
        be captured by the fullscren window.

        This change uses the same method of hiding fullscreen window as switching tabs does. This will
        hide the fullscreen winodw and controller, leaving the browser available for interaction, and the page
        can take its time to properly cleanup the fullscreen window while hidden.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::watchdogTimerFired):

2017-06-12  Alex Christensen  <achristensen@webkit.org>

        Modernize UserScript.h
        https://bugs.webkit.org/show_bug.cgi?id=173273

        Reviewed by Tim Horton.

        No change in behavior. Moved encoders to UserScript.h. Use more Rvalues.

        * page/UserScript.h:
        (WebCore::UserScript::UserScript):
        (WebCore::UserScript::encode):
        (WebCore::UserScript::decode):

2017-06-12  Aaron Chu  <aaron_chu@apple.com>

        AX: Video/Audio Player Controls missing group container.
        https://bugs.webkit.org/show_bug.cgi?id=171790
        <rdar://problem/32008994>

        Reviewed by Antoine Quint.

        Added aria-label to group controls in media controls.

        * English.lproj/modern-media-controls-localized-strings.js:
        * Modules/modern-media-controls/controls/controls-bar.js:
        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls):
        (InlineMediaControls.prototype.set shouldUseAudioLayout):
        (InlineMediaControls.prototype._updateBottomControlsBarLabel):

2017-06-12  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Use SynchronousLoaderClient for platformLoadResourceSynchronously on WinCairo
        https://bugs.webkit.org/show_bug.cgi?id=173195

        Reviewed by Alex Christensen.

        * PlatformWinCairo.cmake:
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        * platform/network/curl/SynchronousLoaderClientCurl.cpp: Added.
        (WebCore::SynchronousLoaderClient::didReceiveAuthenticationChallenge):
        (WebCore::SynchronousLoaderClient::platformBadResponseError):

2017-06-12  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream iOS] If a capturing tab is muted while it is in the background, it can not be unmuted
        https://bugs.webkit.org/show_bug.cgi?id=173268
        <rdar://problem/32259809>

        Reviewed by Jer Noble.

        No new tests, tested manually.

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::startProducingData): Mute the private stream if page capture is muted.
        (WebCore::MediaStream::mediaState): Set new interrupted state.

        * dom/Document.cpp:
        (WebCore::Document::notifyMediaCaptureOfVisibilityChanged): Don't track "muted for visibility"
        state, let the source center deal with it.
        * dom/Document.h:

        * page/MediaProducer.h: Add bits for interrupted audio and video capture.

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::RealtimeMediaSource): Drive-by fix: delete m_suppressNotifications,
        it isn't used.
        (WebCore::RealtimeMediaSource::setInterrupted): New. Mute capture when an interruption begins,
        and unmute when it ends in an unmuted page.
        (WebCore::RealtimeMediaSource::setMuted): Do not unmute if interrupted.
        (WebCore::RealtimeMediaSource::settingsDidChange): Don't check m_suppressNotifications, it is
        never set.
        * platform/mediastream/RealtimeMediaSource.h:

        * platform/mediastream/RealtimeMediaSourceCenter.cpp:
        (WebCore::RealtimeMediaSourceCenter::setVideoCapturePageState): Renamed from 
        setVideoCaptureMutedForPageVisibility.
        (WebCore::RealtimeMediaSourceCenter::setVideoCaptureMutedForPageVisibility): Deleted.
        * platform/mediastream/RealtimeMediaSourceCenter.h:

        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::stopProducingData): Clear m_interruption because the session
        has been deleted, so we will never get an "end interruption" notification.
        (WebCore::AVMediaCaptureSource::captureSessionIsRunningDidChange): Don't return early if
        the muted state needs to be updated.
        (WebCore::AVMediaCaptureSource::captureSessionEndInterruption): Return early if the session
        has been cleared.
        (WebCore::AVMediaCaptureSource::interrupted): New.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSourceFactory::setVideoCapturePageState): Renamed from 
        setVideoCaptureMutedForPageVisibility.
        (WebCore::AVVideoCaptureSourceFactory::setVideoCaptureMutedForPageVisibility): Deleted.

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSourceFactory::setVideoCapturePageState): Ditto.
        (WebCore::MockRealtimeVideoSourceFactory::setVideoCaptureMutedForPageVisibility): Deleted.

2017-06-12  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] Remove experimental feature flag of SubtleCrypto
        https://bugs.webkit.org/show_bug.cgi?id=173197
        <rdar://problem/32688148>

        Reviewed by Brent Fulgham.

        The SubtleCrypto implementation is no longer experimental and is ready for production use. We are therefore removing the runtime flag.

        No tests.

        * page/Crypto.idl:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setSubtleCryptoEnabled): Deleted.
        (WebCore::RuntimeEnabledFeatures::subtleCryptoEnabled): Deleted.

2017-06-12  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Allow the injected bundle to add client data when writing an image to the pasteboard
        https://bugs.webkit.org/show_bug.cgi?id=173238
        <rdar://problem/31943370>

        Reviewed by Ryosuke Niwa and Tim Horton.

        Add clientTypes and clientData to PasteboardImage, and call out to the injected bundle using
        getClientPasteboardDataForRange when writing a PasteboardImage. When generating item providers for dragging in
        the UI process in PlatformPasteboard, add any available client data as representations to the initialization
        list used to set the WebItemProviderPasteboard.

        Test: DataInteraction.InjectedBundleImageElementData

        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::writeImageToPasteboard):
        * platform/Pasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::writeObjectRepresentations):

2017-06-12  Sam Weinig  <sam@webkit.org>

        [WebIDL] Re-implement GetOwnPropertySlot[ByIndex] generation to more closely follow WebIDL
        https://bugs.webkit.org/show_bug.cgi?id=173229

        Reviewed by Chris Dumez.

        * WebCore.xcodeproj/project.pbxproj:
        * CMakeLists.txt:
        * bindings/js/JSBindingsAllInOne.cpp:
        Remove JSHTMLFrameSetElementCustom.cpp which is no longer needed.

        * bindings/js/JSDOMAbstractOperations.h:
        (WebCore::isVisibleNamedProperty):
        Add OverrideBuiltins enum as requested by a previous review (and I forgot address) and adopt it
        in isVisibleNamedProperty, switch to VMInquiry as we use elsewhere and add a missing FIXME.

        (WebCore::accessVisibleNamedProperty):
        Add variation of isVisibleNamedProperty that takes a functor and returns either the value the
        functor returns, or std::nullopt. This allows getOwnPropertySlot to avoid doing two lookups for
        property, once in the named property visibility algorithm and again when it needs the value.

        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSDOMWindowShell.cpp:
        * bindings/js/JSDOMWindowShell.h:
        Standardize toJS functions to match generated code (have one that takes a reference, and does the
        cast, and one that takes a pointer, does a null check and calls the one that takes a reference).
        
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot):.
        Update to use the implementation namedItem (which is also used by the generated getOwnPropertySlotByIndex)
        and match the updated bindings rules. This cannot yet be generated due to the odd case of the 'open'
        property requiring custom treatment. I tried removing this, but it cause tests to fail in a way that indicated
        that accessing the lexical global object in the open implementation was not working correctly.

        * bindings/js/JSHTMLFrameSetElementCustom.cpp: Removed.
        Now generated.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateIndexedGetter):
        Add description from the spec and change to return the computed values rather than
        print them to the output array. This will be useful for some clients going forward,
        who only want the attributes.

        (GenerateNamedGetter):
        Add description from the spec and change to return the computed values rather than
        print them to the output array. This will be useful for some clients going forward,
        who only want the attributes. Also greatly simplifies things as [CustomNamedGetter]s
        are no longer needed/supported and the exception / null value checks are performed
        elsewhere.

        (GenerateNamedGetterLambda):
        This generates a lambda functor for use in accessVisibleNamedProperty(...). It
        handles calling the named getter implementation, and transforming the result into
        an one that can be reasoned about by accessVisibleNamedProperty, specifically,
        converting it from using IDL's notion of nullability to std::optional. 

        (GenerateGetOwnPropertySlot):
        (GenerateGetOwnPropertySlotByIndex):
        Add spec annotations and use helper functions. 

        (GenerateGetOwnPropertyNames):
        Add FIXME about supporting non-contiguous indices (should that ever come up)
        and use JSObject explicitly, rather than base, to get the default getOwnPropertyNames
        implementation.

        (GeneratePut):
        Use JSObject explicitly, rather than base, to get the default put implementation.

        (GeneratePutByIndex):
        Use JSObject explicitly, rather than base, to get the default putByIndex implementation.

        (GenerateDefineOwnProperty):
        Use JSObject explicitly, rather than base, to get the default getOwnPropertySlot/defineOwnProperty
        implementations.

        (GenerateDeletePropertyCommon):
        Adopt new OverrideBuiltins enum.

        (GenerateDeletePropertyDefinition):
        Use JSObject explicitly, rather than base, to get the default deleteProperty implementation.

        (GenerateDeletePropertyByIndexDefinition):
        Use JSObject explicitly, rather than base, to get the default deletePropertyByIndex implementation.

        (InstanceOverridesGetOwnPropertySlot):
        Remove [CustomNamedGetter] use.
 
        (GenerateHeader):
        Remove [CustomNamedGetter] use and merge InstanceOverridesGetOwnPropertySlotByIndex into
        InstanceOverridesGetOwnPropertySlot. Specifying either [CustomGetOwnPropertySlot] or
        [CustomGetOwnPropertySlotByIndex] will now declare both hooks.
        
        (GenerateImplementation):
        Rename GenerateGetOwnPropertySlotBody/GenerateGetOwnPropertySlotByIndexBody to remove the 'Body',
        and predicate their generation purely on InstanceOverridesGetOwnPropertySlot as noted for the 
        reasons above.

        (GenerateGetOwnPropertySlotBody): Deleted.
        (GenerateGetOwnPropertySlotBodyByIndex): Deleted.
        (InstanceOverridesGetOwnPropertySlotByIndex): Deleted.

        * bindings/scripts/IDLAttributes.json:
        Remove [CustomNamedGetter].

        * dom/ExceptionOr.h:
        (WebCore::ExceptionOr<ReturnType>::returnValue):
        Add a function to peek at the return value

        * html/HTMLDocument.h:
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::clear):
        (WebCore::HTMLDocument::captureEvents):
        (WebCore::HTMLDocument::releaseEvents):
        Move clear up to be with the other obsolete no-op functions. Add spec annotations
        to clear up any confusion about why they are no-ops.

        (WebCore::HTMLDocument::namedItem):
        Add implementation of namedItem based on the one that was in JSDOMHTMLDocumentCustom.cpp.

        (WebCore::HTMLDocument::supportedPropertyNames):
        Add stub version of supportedPropertyNames with the algorithm we need to implement.
        I don't want to change behavior in this patch, and since we have not enumerated the
        properties of document in the past, I left this unimplemented for now.

        * html/HTMLDocument.idl:
        Remove [CustomNamedGetter] and add named getter.

        * html/HTMLFrameSetElement.h:
        * html/HTMLFrameSetElement.cpp:
        (WebCore::HTMLFrameSetElement::namedItem):
        Add named getter based on the implementation in JSHTMLFrameSetElementCustom.cpp.

        (WebCore::HTMLFrameSetElement::supportedPropertyNames):
        As noted above, I don't want to change behavior with this change, so I have left this unimplemented
        for now. However, we may not want to implement it at all, as this named getter is not specified and
        at least Firefox does not support it.

        * html/HTMLFrameSetElement.idl:
        Remove [CustomNamedGetter] and add named getter.

        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        Update test results.

        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp: Removed.
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h: Removed.
        * bindings/scripts/test/TestCustomNamedGetter.idl: Removed.
        Remove test of [CustomNamedGetter] which no longer exists. 

2017-06-12  Wenson Hsieh  <wenson_hsieh@apple.com>

        WebItemProviderPasteboard should call its completion block immediately after a synchronous load
        https://bugs.webkit.org/show_bug.cgi?id=173225
        <rdar://problem/32713144>

        Reviewed by Tim Horton.

        Ensures that a completion block passed to doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout: will be
        invoked immediately, if a synchronous timeout is specified and loading finishes before the synchronous timeout
        is reached. To do this, we first factor out the completion logic into a new block. If the synchronous timeout
        exists and dispatch_group_wait returns 0 (indicating that the dispatch group finished without hitting the
        wait timeout) we simply invoke the block and return early; otherwise, we will register the completion block
        using dispatch_group_notify.

        Test: DataInteractionTests.WebItemProviderPasteboardLoading

        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):

2017-06-12  Jeremy Jones  <jeremyj@apple.com>

        WebAVPlayerController minTime and maxTime should be calculated properties to provide correct values when streaming.
        https://bugs.webkit.org/show_bug.cgi?id=173193
        rdar://problem/32684807

        Reviewed by Jer Noble.

        No new tests because no affect on the DOM. This only affects properties consumed to AVKit.

        -minTime and -maxTime should be calculated properties so they supply the exptected values to AVKit while streaming.

        * platform/ios/WebAVPlayerController.h:
        * platform/ios/WebAVPlayerController.mm:
        (-[WebAVPlayerController maxTime]):
        (+[WebAVPlayerController keyPathsForValuesAffectingMaxTime]):
        (-[WebAVPlayerController minTime]):
        (+[WebAVPlayerController keyPathsForValuesAffectingMinTime]):
        (-[WebAVPlayerController resetMediaState]):
        * platform/ios/WebPlaybackSessionInterfaceAVKit.mm:
        (WebCore::WebPlaybackSessionInterfaceAVKit::durationChanged):

2017-06-12  Chris Dumez  <cdumez@apple.com>

        Call _sqlite3_purgeEligiblePagerCacheMemory() on memory pressure only if sqlite is initialized
        https://bugs.webkit.org/show_bug.cgi?id=173264

        Reviewed by Ryosuke Niwa.

        Call _sqlite3_purgeEligiblePagerCacheMemory() on memory pressure only if sqlite is initialized.
        Otherwise, not only is it no needed, it is also potentially unsafe.

        * page/MemoryRelease.cpp:
        (WebCore::registerSQLiteMemoryPressureHandler):
        * page/MemoryRelease.h:
        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        (WebCore::registerSQLiteMemoryPressureHandler):
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::initializeSQLiteIfNecessary):

2017-06-12  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Use utility functions in CryptoKeyEC, CryptoKeyRSA
        https://bugs.webkit.org/show_bug.cgi?id=173253

        Reviewed by Michael Catanzaro.

        Use the utility functions from the GCryptUtilities.h header instead
        of writing the same code in both CryptoKeyEC and CryptoKeyRSA
        implementations. The switches are straightforward, the only difference
        is that the GCryptUtilities functions return a std::optional<> object,
        meaning we have to address possibly invalid return value.

        The mpiData() function is overloaded, making it possible to pass to it
        either a gcry_sexp_t or gcry_mpi_t object. Additionally, mpiLength()
        function is added, overloading again for gcry_sexp_t and gcry_mpi_t.
        This function is used from mpiData() as well as in CryptoKeyRSA when
        retrieving the RSA modulus length.

        No new tests -- no changes in behavior.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::CryptoKeyEC::platformExportRaw):
        (WebCore::CryptoKeyEC::platformAddFieldElements):
        (WebCore::extractMPIData): Deleted.
        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::getRSAModulusLength):
        (WebCore::getRSAKeyParameter):
        (WebCore::CryptoKeyRSA::exportData):
        (WebCore::getParameterMPIData): Deleted.
        * crypto/gcrypt/GCryptUtilities.h:
        (WebCore::mpiLength):
        (WebCore::mpiData):

2017-06-09  Ryosuke Niwa  <rniwa@webkit.org>

        didMoveToNewDocument doesn't get called on an Attr inside a shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=173133

        Reviewed by Antti Koivisto.

        The bug was caused by moveShadowTreeToNewDocument never calling didMoveToNewDocument on Attr nodes.
        Fixed the bug by using the same traversal code as moveTreeToNewScope in moveShadowTreeToNewDocument
        by extracting the traversal code as a templatized traverseSubtreeToUpdateTreeScope.

        Also removed the code to increment the DOM tree version in moveTreeToNewScope. This code was there
        to invalidate the HTML collection caches which used to clear the cache whenever the DOM tree version
        changed before r122621 (five years ago! by me). Since we now eagerly invalidate each node list and
        HTML collection's caches via NodeListsNodeData::adoptTreeScope and NodeListsNodeData::adoptDocument.

        Test: fast/dom/adopt-attr-with-shadow-tree.html

        * dom/Node.cpp:
        (WebCore::moveNodeToNewDocument): Assert that the node had been adopted to a new document.
        (WebCore::traverseSubtreeToUpdateTreeScope): Extracted from moveTreeToNewScope.
        (WebCore::moveShadowTreeToNewDocument): Use traverseSubtreeToUpdateTreeScope to adopt each node
        to the new document.
        (WebCore::Node::moveTreeToNewScope): See above.
        * testing/Internals.cpp:
        (WebCore::Internals::referencingNodeCount): Added. Used in the newly added regression test.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-11  Dan Bernstein  <mitz@apple.com>

        [Mac] Unaligned pointers in static CMBufferCallbacks structs defined in WebCoreDecompressionSession.mm
        https://bugs.webkit.org/show_bug.cgi?id=173245

        Reviewed by Sam Weinig.

        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::enqueueSample): Prepend 4 bytes of padding to the
          structs so that the pointers are properly aligned.

2017-06-11  Tim Horton  <timothy_horton@apple.com>

        REGRESSION (r217870): Null deref under PageOverlayController::uninstallPageOverlay using find in page
        https://bugs.webkit.org/show_bug.cgi?id=173196
        <rdar://problem/32686871>

        Reviewed by Simon Fraser.

        * page/TextIndicator.cpp:
        (WebCore::initializeIndicator):
        * page/TextIndicator.h:
        The change in r217870 had an expected but not thought-through side-effect
        that you cannot create a TextIndicator for far-off-screen elements. This
        is a problem for find-in-page, which uses TextIndicator to paint the yellow
        highlight before scrolling it into view.

        Bring back TextIndicatorOptionDoNotClipToVisibleRect and revert to it for
        find in page, since it needs different behavior than something like
        drag and drop, which always operates on content near the visible viewport.

2017-06-10  Dan Bernstein  <mitz@apple.com>

        Reverted r218056 because it made the IDE reindex constantly.

        * Configurations/DebugRelease.xcconfig:

2017-06-10  Dan Bernstein  <mitz@apple.com>

        [Xcode] With Xcode 9 developer beta, everything rebuilds when switching between command-line and IDE
        https://bugs.webkit.org/show_bug.cgi?id=173223

        Reviewed by Sam Weinig.

        The rebuilds were happening due to a difference in the compiler options that the IDE and
        xcodebuild were specifying. Only the IDE was passing the -index-store-path option. To make
        xcodebuild pass that option, too, set CLANG_INDEX_STORE_ENABLE to YES if it is unset, and
        specify an appropriate path in CLANG_INDEX_STORE_PATH.

        * Configurations/DebugRelease.xcconfig:

2017-06-10  Dan Bernstein  <mitz@apple.com>

        [macOS] REGRESSION: Link drag images blend into the background in Sierra and earlier
        https://bugs.webkit.org/show_bug.cgi?id=172933
        <rdar://problem/32580649>

        Reviewed by Tim Horton.

        * platform/mac/DragImageMac.mm:
        (WebCore::createDragImageForLink): When targeting macOS Sierra and earlier, give the link
          drag image a drop shadow that resembles the one that macOS High Sierra applies to drag
          image layers.

2017-06-10  Andy Estes  <aestes@apple.com>

        [QuickLook] PreviewLoader needs to check if its ResourceLoader has reached the terminal state before calling didReceiveResponse() and friends
        https://bugs.webkit.org/show_bug.cgi?id=173190
        <rdar://problem/31360659>

        Reviewed by Brady Eidson.

        WebPreviewLoader's SubresourceLoader can reach a terminal state while data is loading from
        QLPreviewConverter (the user can cancel, for instance). We can't call functions like
        didReceiveResponse() in this state, because the loader no longer points to a CachedResource,
        leading to null pointer dereferences.

        Fix this in WebPreviewLoader by checking if the SubresourceLoader is in a terminal state
        before calling didReceiveResponse(), didReceiveData(), didFinishLoading(), and didFail().

        Fixes web process crashes in the QuickLook.CancelNavigationAfterResponse API test.

        * loader/ios/PreviewLoader.mm:
        (-[WebPreviewLoader _sendDidReceiveResponseIfNecessary]):
        (-[WebPreviewLoader connection:didReceiveData:lengthReceived:]):
        (-[WebPreviewLoader connectionDidFinishLoading:]):
        (-[WebPreviewLoader connection:didFailWithError:]):

2017-06-09  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in indexeddb code
        https://bugs.webkit.org/show_bug.cgi?id=173198

        Reviewed by Sam Weinig.

        Use WTF::Function instead of std::function in indexeddb code to avoid copying.

        * Modules/indexeddb/IDBFactory.cpp:
        (WebCore::IDBFactory::getAllDatabaseNames):
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::getAllDatabaseNames):
        * Modules/indexeddb/client/IDBConnectionProxy.h:
        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::getAllDatabaseNames):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/client/TransactionOperation.h:
        (WebCore::IDBClient::TransactionOperation::doComplete):
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::storeCallbackOrFireError):
        (WebCore::IDBServer::UniqueIDBDatabase::createObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::renameObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::clearObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::createIndex):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteIndex):
        (WebCore::IDBServer::UniqueIDBDatabase::renameIndex):
        (WebCore::IDBServer::UniqueIDBDatabase::putOrAdd):
        (WebCore::IDBServer::UniqueIDBDatabase::getRecord):
        (WebCore::IDBServer::UniqueIDBDatabase::getAllRecords):
        (WebCore::IDBServer::UniqueIDBDatabase::getCount):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteRecord):
        (WebCore::IDBServer::UniqueIDBDatabase::openCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::iterateCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::abortTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::activateTransactionInBackingStore):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2017-06-09  Dan Bernstein  <mitz@apple.com>

        Tried to fix the build when targrting macOS 10.12 using the macOS 10.13 developer beta SDK.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::seekableTimeRangesLastModifiedTime):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::liveUpdateInterval):

2017-06-09  Yoav Weiss  <yoav@yoav.ws>

        [preload] Fix builds with ENABLE_VIDEO_TRACK set to false
        https://bugs.webkit.org/show_bug.cgi?id=173221

        Reviewed by Chris Dumez.

        https://bugs.webkit.org/show_bug.cgi?id=173047 introduced a build error for builds with video track support disabled.
        This fixes that build issue.

        No new tests since there's no functional change.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::as):

2017-06-09  Ryosuke Niwa  <rniwa@webkit.org>

        IsInShadowTreeFlag does not get updated for a non-container node
        https://bugs.webkit.org/show_bug.cgi?id=173084

        Address Darin's review comment.

        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::notifyNodeInsertedIntoDocument):
        (WebCore::notifyNodeInsertedIntoTree):
        (WebCore::notifyNodeRemovedFromDocument):

2017-06-09  Dan Bernstein  <mitz@apple.com>

        Tried to fix the build when targrting macOS 10.12 using the macOS 10.13 developer beta SDK.

        * platform/spi/mac/AVFoundationSPI.h:

2017-06-09  Brady Eidson  <beidson@apple.com>

        Crash when IndexedDB's getAll is used inside a Web Worker.
        https://bugs.webkit.org/show_bug.cgi?id=172434

        Reviewed by Andy Estes.

        Test: storage/indexeddb/modern/worker-getall.html

        * Modules/indexeddb/IDBGetAllResult.cpp:
        (WebCore::IDBGetAllResult::IDBGetAllResult): Add an isolated-copying constructor.
        (WebCore::IDBGetAllResult::isolatedCopy):
        * Modules/indexeddb/IDBGetAllResult.h:
        
        * Modules/indexeddb/shared/IDBResultData.cpp:
        (WebCore::IDBResultData::isolatedCopy): Actually copy the IDBGetAllResult.

2017-06-09  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix Mac build after r218039.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::loadDataURL):
        * platform/network/DataURLDecoder.h:

2017-06-09  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in DataURLDecoder
        https://bugs.webkit.org/show_bug.cgi?id=173194

        Reviewed by Sam Weinig.

        Use WTF::Function instead of std::function in DataURLDecoder to avoid copying.

        * platform/network/DataURLDecoder.cpp:
        (WebCore::DataURLDecoder::DecodeTask::DecodeTask):
        (WebCore::DataURLDecoder::createDecodeTask):
        * platform/network/DataURLDecoder.h:

2017-06-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Image should clear its ImageObserver* when CachedImage releases the last reference to its RefCounted<ImageObserver>
        https://bugs.webkit.org/show_bug.cgi?id=173077

        Reviewed by Simon Fraser.

        Before dereferencing ImageObserver, CachedImage::clearImage() should check
        whether it is the only object that holds a reference to this ImageObserver.
        And if this is true, m_image have to clear its raw pointer to the deleted
        ImageObserver by calling m_image->setImageObserver(nullptr).

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::setBodyDataFrom):
        (WebCore::CachedImage::CachedImageObserver::CachedImageObserver):
        (WebCore::CachedImage::clearImage):
        * loader/cache/CachedImage.h:

2017-06-09  Daniel Bates  <dabates@apple.com>

        Attempt to fix layout test failures following <https://trac.webkit.org/changeset/218028/webkit>
        (https://bugs.webkit.org/show_bug.cgi?id=158121)
        <rdar://problem/26012994>

        For now, if we do not have a frame then consider the document a secure context. One way this can happen
        is the page accesses a frame that was removed from the document as demonstrated by the test:
        fast/dom/Window/property-access-on-cached-window-after-frame-removed.html. Treating a frameless
        document as a secure context also matches Blink's implementation:
        <https://chromium.googlesource.com/chromium/src/+/fc202b2b1174f5732f7b9e63a6c46fd01ac2be02/third_party/WebKit/Source/core/dom/Document.cpp#4079>.

        * dom/Document.cpp:
        (WebCore::Document::isSecureContext):

2017-06-09  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r218003.

        This change caused assertion failures in existing LayoutTests.

        Reverted changeset:

        "Image should clear its ImageObserver* when CachedImage
        releases the last reference to its RefCounted<ImageObserver>"
        https://bugs.webkit.org/show_bug.cgi?id=173077
        http://trac.webkit.org/changeset/218003

2017-06-09  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] Remove unsupported CryptoAlgorithmIdentifier
        https://bugs.webkit.org/show_bug.cgi?id=173128
        <rdar://problem/32666826>

        Reviewed by Brent Fulgham.

        This patch remove AES_CMAC, DH and CONCAT as they are not implemented and not recommended
        by the spec. Hence there is no plan to support them in short term.

        No change of behaviour.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
        (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::normalizeCryptoAlgorithmParameters):
        (WebCore::supportExportKeyThrow):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::write):
        (WebCore::CloneDeserializer::read):
        * crypto/CryptoAlgorithmIdentifier.h:
        * crypto/keys/CryptoKeyAES.cpp:
        (WebCore::CryptoKeyAES::isValidAESAlgorithm):

2017-06-09  Daniel Bates  <dabates@apple.com>

        Implement W3C Secure Contexts Draft Specification
        https://bugs.webkit.org/show_bug.cgi?id=158121
        <rdar://problem/26012994>

        Reviewed by Alex Christensen.

        Part 2

        Implements the Secure Contexts spec., <https://w3c.github.io/webappsec-secure-contexts/> (Editor's
        Draft, 17 November 2016) except for the allow-secure-context sandbox flag and restrictions on window.opener
        as the former is at risk of being dropped from the specification and the latter is being discussed in
        <https://github.com/w3c/webappsec-secure-contexts/issues/42>. We are not making use of the Secure
        Contexts functionality at the moment. We will make use of it in a subsequent commit.

        * dom/Document.cpp:
        (WebCore::Document::isSecureContext): Added,
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::isSecureContext): Deleted; moved to class SecurityContext.
        * dom/SecurityContext.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::isSecureContext): Added.
        * page/DOMWindow.h:
        * page/SecurityOrigin.cpp:
        (WebCore::isLoopbackIPAddress): Convenience function to determine whether the host portion
        of the specified URL is a valid loopback address.
        (WebCore::shouldTreatAsPotentionallyTrustworthy): Implements the "Is origin potentially trustworthy?"
        algorithm from the Secure Context specification.
        (WebCore::SecurityOrigin::SecurityOrigin): Compute whether this origin is potentially trustworthy.
        Also, use C++ brace initialization syntax in member initialization list.
        * page/SecurityOrigin.h:
        (WebCore::SecurityOrigin::isPotentionallyTrustworthy): Added.
        * page/WindowOrWorkerGlobalScope.idl: Expose attribute isSecureContext. Fix style nit; remove
        period from a comment that is not meant to be a complete sentence.
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::isSecureContext): Added.
        * workers/WorkerGlobalScope.h:

2017-06-09  Daniel Bates  <dabates@apple.com>

        Implement W3C Secure Contexts Draft Specification
        https://bugs.webkit.org/show_bug.cgi?id=158121
        <rdar://problem/26012994>

        Reviewed by Chris Dumez.

        Part 1

        Teach the bindings code generator to generate a runtime check for an interface, attribute or
        function annotated with the extended attribute [SecureContext]. For now, the runtime check
        (ScriptExecutionContext::isSecureContext()) always returns true. We will flesh out the
        implementation of this runtime check in a subsequent commit.

        * bindings/scripts/CodeGeneratorJS.pm:
        (NeedsRuntimeCheck):
        (GenerateRuntimeEnableConditionalString):
        Generate a runtime check for an interface, attribute, or function that is annotated with
        the extended attribute [SecureContext].

        * bindings/scripts/IDLAttributes.json: Update JSON now that we support SecureContext.
        * bindings/scripts/preprocess-idls.pl:
        (GenerateConstructorAttributes): Add the SecureContext extended attribute to a constructor,
        if applicable.

        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachablePrototype::finishCreation):
        (WebCore::IDLAttribute<JSTestGenerateIsReachable>::cast):
        (WebCore::jsTestGenerateIsReachableASecretAttributeGetter):
        (WebCore::jsTestGenerateIsReachableASecretAttribute):
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        (WebCore::JSTestGlobalObject::finishCreation):
        (WebCore::jsTestGlobalObjectInstanceFunctionCalculateSecretResultBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionCalculateSecretResult):
        (WebCore::jsTestGlobalObjectInstanceFunctionGetSecretBooleanBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionGetSecretBoolean):
        (WebCore::jsTestGlobalObjectInstanceFunctionTestFeatureGetSecretBooleanBody):
        (WebCore::jsTestGlobalObjectInstanceFunctionTestFeatureGetSecretBoolean):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNodePrototype::finishCreation):
        (WebCore::jsTestNodePrototypeFunctionCalculateSecretResultBody):
        (WebCore::jsTestNodePrototypeFunctionCalculateSecretResult):
        (WebCore::jsTestNodePrototypeFunctionGetSecretBooleanBody):
        (WebCore::jsTestNodePrototypeFunctionGetSecretBoolean):
        (WebCore::jsTestNodePrototypeFunctionTestFeatureGetSecretBooleanBody):
        (WebCore::jsTestNodePrototypeFunctionTestFeatureGetSecretBoolean):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObjPrototype::finishCreation):
        (WebCore::jsTestObjPrototypeFunctionCalculateSecretResultBody):
        (WebCore::jsTestObjPrototypeFunctionCalculateSecretResult):
        (WebCore::jsTestObjPrototypeFunctionGetSecretBooleanBody):
        (WebCore::jsTestObjPrototypeFunctionGetSecretBoolean):
        (WebCore::jsTestObjPrototypeFunctionTestFeatureGetSecretBooleanBody):
        (WebCore::jsTestObjPrototypeFunctionTestFeatureGetSecretBoolean):
        Update expected results.

        * bindings/scripts/test/TestGenerateIsReachable.idl:
        * bindings/scripts/test/TestGlobalObject.idl:
        * bindings/scripts/test/TestNode.idl:
        * bindings/scripts/test/TestObj.idl:
        Add test cases.

        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::isSecureContext): Added. For now, always returns true.
        We will implement this function in a subsequent commit.

2017-06-09  Jer Noble  <jer.noble@apple.com>

        Media elements are allowed to continue to load media data after navigation
        https://bugs.webkit.org/show_bug.cgi?id=173179

        Reviewed by Eric Carlson.

        Deny media sessions the ability to load media data when suspended.  

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::isSuspended):
        * Modules/webaudio/AudioContext.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::isSuspended):
        * html/HTMLMediaElement.h:
        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::PlatformMediaSession::isSuspended):
        * platform/audio/PlatformMediaSession.h:
        (WebCore::PlatformMediaSessionClient::isSuspended):
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::sessionCanLoadMedia):

2017-06-09  Daniel Bates  <dabates@apple.com>

        CSP: Apply img-src directive to favicon loads
        https://bugs.webkit.org/show_bug.cgi?id=172733
        <rdar://problem/32082654>

        Reviewed by Brady Eidson.

        Differentiate favicon requests from raw resources requests so that we can apply the Content
        Security Policy to favicon requests.

        Tests: http/tests/security/contentSecurityPolicy/allow-favicon.html
               http/tests/security/contentSecurityPolicy/block-favicon.html

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResourceContent): Keep our current behavior and treat a
        favicon resource analogous to a raw resource.
        (WebCore::InspectorPageAgent::cachedResourceType): Ditto.
        * loader/LinkLoader.cpp:
        (WebCore::createLinkPreloadResourceClient): Now that we differentiate between a favicon
        and a raw resource we add favicons to the list of unsupported <link as="..."> types. This
        makes the list of handled request destination types more closely match the list of valid types
        documented in <https://fetch.spec.whatwg.org/#concept-request-destination> (24 May 2017).
        * loader/ResourceLoadInfo.cpp:
        (WebCore::toResourceType): Keep our current behavior and treat a favicon resource analogous
        to a raw resource.
        * loader/SubresourceLoader.cpp:
        (WebCore::logResourceLoaded): Ditto.
        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::CachedRawResource): Update for renaming.
        * loader/cache/CachedRawResource.h:
        (isType): Ditto.
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::defaultPriorityForResourceType): Keep our current behavior and treat
        a favicon resource analogous to a raw resource.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::isMainOrMediaOrFaviconOrRawResource): Renamed; formerly named isMainOrMediaOrRawResource.
        Also return true if the this resource is a favicon.
        (WebCore::CachedResource::ignoreForRequestCount): Keep our current behavior and treat a
        favicon resource analogous to a raw resource.
        (WebCore::CachedResource::isMainOrMediaOrRawResource): Deleted; renamed to isMainOrMediaOrFaviconOrRawResource.
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource): Keep our current behavior and treat a favicon resource analogous
        to a raw resource.
        (WebCore::CachedResourceLoader::requestFavicon): Added.
        (WebCore::contentTypeFromResourceType): Keep our current behavior and treat a favicon
        resource analogous to a raw resource.
        (WebCore::CachedResourceLoader::checkInsecureContent): Ditto.
        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy): Check if the favicon is
        allowed by the CSP of the page.
        (WebCore::CachedResourceLoader::determineRevalidationPolicy): Update for renaming.
        * loader/cache/CachedResourceLoader.h:
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading): Substitute call CachedResourceLoader::requestFavicon() for CachedResourceLoader::requestRawResource()
        and remove comment about ContentSecurityPolicyImposition::DoPolicyCheck being a placeholder. This is no longer the
        case. This resource request option is now meaningful as we want to apply the CSP of the page with respect to the
        request for the favicon.

2017-06-09  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Add a hook to perform two-step drops in editable content
        https://bugs.webkit.org/show_bug.cgi?id=172992
        <rdar://problem/32590174>

        Reviewed by Tim Horton.

        Adds hooks in DragController::concludeEditDrag to give the client layer a chance to perform custom handling when
        dropping in editable content.
        Tests:  DataInteractionTests.InjectedBundleOverridePerformTwoStepDrop
                DataInteractionTests.InjectedBundleAllowPerformTwoStepDrop

        * loader/EmptyClients.cpp:
        * page/DragController.cpp:
        (WebCore::DragController::concludeEditDrag):
        * page/EditorClient.h:

2017-06-09  Matthew Hanson  <matthew_hanson@apple.com>

        Revert r217955. rdar://problem/21125708

2017-06-06 Konstantin Tokarev  <annulen@yandex.ru>

        [MediaFoundation] Volume controls of different media elements should be independent
        https://bugs.webkit.org/show_bug.cgi?id=172967

        Based on patch by Vitaly Slobodin <vitaliy.slobodin@gmail.com>
        Reviewed by Alex Christensen.

        IMFSimpleAudioVolume interface controls master volume of the
        application. We should use IMFAudioStreamVolume interface instead.

        No new tests needed.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
        (WebCore::MediaPlayerPrivateMediaFoundation::setAllChannelVolumes):
        (WebCore::MediaPlayerPrivateMediaFoundation::setVolume):
        (WebCore::MediaPlayerPrivateMediaFoundation::setMuted):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2017-06-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Image should clear its ImageObserver* when CachedImage releases the last reference to its RefCounted<ImageObserver>
        https://bugs.webkit.org/show_bug.cgi?id=173077

        Reviewed by Simon Fraser.

        Before dereferencing ImageObserver, CachedImage::clearImage() should check
        whether it is the only object that holds a reference to this ImageObserver.
        And if this is true, m_image have to clear its raw pointer to the deleted
        ImageObserver by calling m_image->setImageObserver(nullptr).

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::setBodyDataFrom):
        (WebCore::CachedImage::CachedImageObserver::CachedImageObserver):
        (WebCore::CachedImage::clearImage):
        * loader/cache/CachedImage.h:

2017-06-09  Frederic Wang  <fwang@igalia.com>

        Add flag allow-popups-to-escape-sandbox to iframe sandbox
        https://bugs.webkit.org/show_bug.cgi?id=158875

        Reviewed by Chris Dumez.

        This patch adds support for the iframe@allow-popups-to-escape-sandbox attribute.
        This allows to pass more W3C Web Platform tests.

        Tests: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-1.html
               imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-2.html

        * dom/SecurityContext.cpp: Add allow-popups-to-escape-sandbox flag.
        (WebCore::SecurityContext::isSupportedSandboxPolicy):
        (WebCore::SecurityContext::parseSandboxPolicy):
        * dom/SecurityContext.h: Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Do not force sandbox flags when we have allow-popups-to-escape-sandbox.
        (WebCore::createWindow): Ditto.

2017-06-09  Jer Noble  <jer.noble@apple.com>

        [iOS] Video occasionally mixes with other system audio instead of interrupting
        https://bugs.webkit.org/show_bug.cgi?id=173127

        Reviewed by Eric Carlson.

        Tests: platform/mac/audio-session-category-video-track-change.html

        When an HTMLMediaElement's tracks change their enabled state, make sure to update
        the PlatformMediaElement, for canProduceAudio() may have changed. 

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged):
        * platform/audio/cocoa/MediaSessionManagerCocoa.cpp:
        (PlatformMediaSessionManager::updateSessionState):

        The rest of the changes in this revision are to allow the above to be testable.

        * page/Settings.cpp:
        * page/Settings.h:
        * platform/audio/AudioSession.h:
        * platform/audio/mac/AudioSessionMac.cpp:
        (WebCore::AudioSession::category):
        (WebCore::AudioSession::setCategory):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setShouldManageAudioSessionCategory):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::audioSessionCategory):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-09  Chris Dumez  <cdumez@apple.com>

        CSS transitions added while page is not visible do not start when the page becomes visible
        https://bugs.webkit.org/show_bug.cgi?id=173166
        <rdar://problem/32250351>

        Reviewed by Darin Adler.

        CSS transitions added while page is not visible would not start when the page becomes
        visible. The issue was that when CompositeAnimation::updateTransitions() was called
        while the page is hidden (and animations are therefore suspended), it would not
        populate m_transations with ImplicitAnimation objects. We would therefore have later
        no transitions to resume when the page becomes visible later on. This patch updates
        CompositeAnimation::updateTransitions() to properly populate m_transitions and instead
        pause the ImplicitAnimation it creates if animations are currently suspended. This
        behavior is more consistent with the one of CompositeAnimation::updateKeyframeAnimations().

        I also needed to update ImplicitAnimation::animate() to not restart a paused animation
        if the animation is currently paused. This is similar to what is done in
        KeyframeAnimation::animate(). Without this, the paused ImplicitAnimation we add to
        m_transition would incorrectly get unpaused while the page is still hidden and the
        animations are still supposed to be suspended. This issue was showing when running the
        test I am adding in this patch.

        Test: fast/animation/css-animation-resuming-when-visible.html

        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::updateTransitions):
        * page/animation/ImplicitAnimation.cpp:
        (WebCore::ImplicitAnimation::animate):
        (WebCore::ImplicitAnimation::reset):
        * page/animation/ImplicitAnimation.h:

2017-06-09  Yusuke Suzuki  <utatane.tea@gmail.com>

        Unreviewed, Use FALLTHROUGH

        * loader/LinkLoader.cpp:
        (WebCore::createLinkPreloadResourceClient):

2017-06-09  Eric Carlson  <eric.carlson@apple.com>

        fast/mediastream/MediaStream-page-muted.html times out and asserts
        https://bugs.webkit.org/show_bug.cgi?id=170355
        <rdar://problem/31376041>

        MediaStream and MediaStreamTrack need to prevent JS wrapper collection while it is possible
        to fire an event or event listeners won't be notified.

        Reviewed by Chris Dumez.

        Test: fast/mediastream/media-stream-wrapper-collected.html

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream): Initialize ActiveDOMObject.
        (WebCore::MediaStream::stop): New.
        (WebCore::MediaStream::activeDOMObjectName): Ditto.
        (WebCore::MediaStream::canSuspendForDocumentSuspension): Ditto.
        (WebCore::MediaStream::hasPendingActivity): Ditto, prevent collection if there
        are registered event listeners.
        (WebCore::MediaStream::contextDestroyed): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStream.idl:

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::hasPendingActivity): Prevent collection if there
        are registered event listeners.
        * Modules/mediastream/MediaStreamTrack.h:

        * testing/Internals.cpp:
        (WebCore::Internals::removeMediaStreamTrack): stream.removeTrack doesn't generate a 'removetrack'
        event, so call private method that does.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-09  Daewoong Jang  <daewoong.jang@navercorp.com>

        [cURL] Remove a call to Windows API
        https://bugs.webkit.org/show_bug.cgi?id=172079

        Reviewed by Yusuke Suzuki.

        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::moveFileToDestination):
        * platform/win/FileSystemWin.cpp:
        (WebCore::moveFile):

2017-06-09  Miguel Gomez  <magomez@igalia.com>

        [GTK][WPE] Fix alpha premultiplying when using cairo to draw the video frames
        https://bugs.webkit.org/show_bug.cgi?id=173097

        Reviewed by Carlos Garcia Campos.

        We need to premultiply alpha when creating a cairo surface from a GStreamer video frame, if the frame
        has an alpha component. Currently this is wrongly done in VideoSinkGStreamer, as it assumes that every
        frame is going to be rendered with cairo, which is not the case when using accelerated compositing.
        The premultiply must happen inside ImageGStreamerCairo, which is where we know that the frame is
        going to be rendered with cairo, and where the premultiply can be performed when gstreamer-gl is
        enabled as well.

        Covered by existent tests.

        * platform/graphics/gstreamer/ImageGStreamerCairo.cpp:
        (ImageGStreamer::ImageGStreamer):
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkRequestRender):

2017-06-09  Zan Dobersek  <zdobersek@igalia.com>

        [WPE] Enable ENCRYPTED_MEDIA for build-webkit builds
        https://bugs.webkit.org/show_bug.cgi?id=173103

        Reviewed by Xabier Rodriguez-Calvar.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::getSupportedCapabilitiesForAudioVideoType):
        Pass the ParsedContentType's mime type string to the explicit ContentType
        constructor and assign that to the MediaEngineSupportParameters' type
        member.

2017-06-08  Ryosuke Niwa  <rniwa@webkit.org>

        Move TreeScope::adoptIfNeeded to Node and rename it to setTreeScopeRecursively
        https://bugs.webkit.org/show_bug.cgi?id=173129

        Reviewed by Antti Koivisto.

        Renamed TreeScope::adoptIfNeeded to setTreeScopeRecursively and moved to Node.

        The old name was really confusing because due to the existence of Document::adoptNode, a DOM API,
        which removes the adopted node from its parent if there was one before adopting the node.
        Most confusingly, this function called TreeScope::adoptIfNeeded.

        Also inlined the tree scope check to avoid calling to moveTreeToNewScope when there is nothing to do.

        This patch effectively reverts r104528.

        No new tests. Existing tests cover this.

        * dom/Attr.cpp:
        (WebCore::Attr::detachFromElementWithValue):
        (WebCore::Attr::attachToElement):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::takeAllChildrenFrom):
        (WebCore::ContainerNode::insertBefore):
        (WebCore::ContainerNode::replaceChild):
        (WebCore::ContainerNode::removeBetween):
        (WebCore::ContainerNode::replaceAllChildren):
        (WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck):
        (WebCore::ContainerNode::parserAppendChild):
        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::addChildNodesToDeletionQueue):
        * dom/Document.cpp:
        (WebCore::Document::adoptNode):
        * dom/Element.cpp:
        (WebCore::Element::ensureAttr):
        * dom/Node.cpp:
        (WebCore::DidMoveToNewDocumentAssertionScope): Added. The old assertion wasn't sufficient when
        HTMLTemplateElement made a recursive call to setTreeScopeRecursively.
        (WebCore::DidMoveToNewDocumentAssertionScope::DidMoveToNewDocumentAssertionScope):
        (WebCore::DidMoveToNewDocumentAssertionScope::~DidMoveToNewDocumentAssertionScope):
        (WebCore::DidMoveToNewDocumentAssertionScope::didRecieveCall):
        (WebCore::moveNodeToNewDocument): Moved from TreeScope. Calls to incrementReferencingNodeCount
        and decrementReferencingNodeCount to Node::didMoveToNewDocument. This function is now eliminated
        in a release build.
        (WebCore::moveShadowTreeToNewDocument): Moved from TreeScope.
        (WebCore::Node::moveTreeToNewScope): Ditto.
        (WebCore::Node::didMoveToNewDocument): See the description for moveNodeToNewDocument above.
        * dom/Node.h:
        (WebCore::Node::isParsingChildrenFinished): Moved to avoid having its own protected section.
        (WebCore::Node::setIsParsingChildrenFinished): Ditto.
        (WebCore::Node::clearIsParsingChildrenFinished): Ditto.
        (WebCore::Node::setTreeScopeRecursively): Moved from TreeScope::adoptIfNeeded.
        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::~ShadowRoot):
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::adoptIfNeeded): Deleted.
        (WebCore::TreeScope::moveTreeToNewScope): Deleted.
        (WebCore::TreeScope::ensureDidMoveToNewDocumentWasCalled): Deleted.
        (WebCore::TreeScope::moveNodeToNewDocument): Deleted.
        (WebCore::TreeScope::moveShadowTreeToNewDocument): Deleted.
        * dom/TreeScope.h:
        * html/HTMLTemplateElement.cpp:
        (WebCore::HTMLTemplateElement::didMoveToNewDocument):

2017-06-09  Adrien Plazas  <aplazas@igalia.com>

        [GTK] Add kinetic scrolling
        https://bugs.webkit.org/show_bug.cgi?id=155750

        Reviewed by Carlos Garcia Campos.

        Patch by Adrien Plazas and Yusuke Suzuki.

        Add the ScrollAnimationKinetic scrolling animation allowing to perform momentum scrolling; it is based on GTK+'s
        GtkKineticScrolling type.

        Add the notion of phase, momentum phase and swipe velocity to PlatformWheelEvent.

        Depending on whether the scrolling ended normally or triggered a swipe, the scroll animator will either compute
        the swipe velocity from the previous scrolling events or use the one from the swipe gesture to initiate the
        momentum scrolling.

        * PlatformGTK.cmake:
        * platform/PlatformWheelEvent.h:
        (WebCore::PlatformWheelEvent::setHasPreciseScrollingDeltas):
        (WebCore::PlatformWheelEvent::phase):
        (WebCore::PlatformWheelEvent::momentumPhase):
        (WebCore::PlatformWheelEvent::isTransitioningToMomentumScroll):
        * platform/ScrollAnimation.h:
        (WebCore::ScrollAnimation::scroll):
        (WebCore::ScrollAnimation::updateVisibleLengths):
        (WebCore::ScrollAnimation::setCurrentPosition):
        * platform/ScrollAnimationKinetic.cpp: Added.
        (WebCore::ScrollAnimationKinetic::PerAxisData::PerAxisData):
        (WebCore::ScrollAnimationKinetic::PerAxisData::animateScroll):
        (WebCore::ScrollAnimationKinetic::ScrollAnimationKinetic):
        (WebCore::ScrollAnimationKinetic::~ScrollAnimationKinetic):
        (WebCore::ScrollAnimationKinetic::stop):
        (WebCore::ScrollAnimationKinetic::start):
        (WebCore::ScrollAnimationKinetic::animationTimerFired):
        * platform/ScrollAnimationKinetic.h: Copied from Source/WebCore/platform/ScrollAnimation.h.
        * platform/gtk/PlatformWheelEventGtk.cpp:
        (WebCore::PlatformWheelEvent::PlatformWheelEvent):
        (WebCore::PlatformWheelEvent::swipeVelocity):
        * platform/gtk/ScrollAnimatorGtk.cpp:
        (WebCore::ScrollAnimatorGtk::ScrollAnimatorGtk):
        (WebCore::ScrollAnimatorGtk::ensureSmoothScrollingAnimation):
        (WebCore::ScrollAnimatorGtk::scroll):
        (WebCore::ScrollAnimatorGtk::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimatorGtk::computeVelocity):
        (WebCore::ScrollAnimatorGtk::handleWheelEvent):
        (WebCore::ScrollAnimatorGtk::willEndLiveResize):
        (WebCore::ScrollAnimatorGtk::updatePosition):
        (WebCore::ScrollAnimatorGtk::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorGtk::didAddHorizontalScrollbar):
        * platform/gtk/ScrollAnimatorGtk.h:

2017-06-09  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] ECDSA signing results can be smaller than the EC key size
        https://bugs.webkit.org/show_bug.cgi?id=171535

        Reviewed by Jiewen Tan.

        The libgcrypt-based implementation of the ECDSA signing operation does not
        properly address the resulting `r` and `s` integers that do not potentially
        match the EC key in terms of size.

        To address that, the retrieved MPI data for both integers is handled depending
        on the size of said data. Strictly requiring an amount of bytes that matches
        the key data size N, we simply take the last N bytes if the MPI data is equal
        or larger than N in size. If smaller, we first append enough zero bytes to the
        output Vector object before attaching the MPI data in whole so that the amount
        of appended bytes matches N.

        No new tests -- covers an implementation detail that is not trivial to test,
        but can rely sufficiently on existing tests.

        * crypto/gcrypt/CryptoAlgorithmECDSAGCrypt.cpp:
        (WebCore::extractECDSASignatureInteger):
        (WebCore::gcryptSign):

2017-06-09  Daewoong Jang  <daewoong.jang@navercorp.com>

        Reduce compiler warnings
        https://bugs.webkit.org/show_bug.cgi?id=172078

        Reviewed by Yusuke Suzuki.

        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::addMatchingCurlCookie):
        (WebCore::getHostnamesWithCookies):
        (WebCore::deleteCookiesForHostnames):
        (WebCore::deleteCookiesForHostname): Deleted.
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownloadManager::downloadThread):
        (WebCore::CurlDownload::didReceiveHeader):
        * platform/network/curl/CurlDownload.h:
        (WebCore::CurlDownloadListener::didReceiveDataOfLength):
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::WebCoreSynchronousLoader::didReceiveResponse):
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        * platform/network/curl/SocketStreamHandleImplCurl.cpp:
        (WebCore::createCopy):
        (WebCore::SocketStreamHandleImpl::readData):

2017-06-09  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [GStreamer][EME] Remove the legacy code that was not even official and is deprecated
        https://bugs.webkit.org/show_bug.cgi?id=173096

        Reviewed by Žan Doberšek.

        We are removing the LEGACY_ENCRYPTED_MEDIA code that we was not
        official, is deprecated and we are not planning to support it
        anymore in any way.

        This also helps implementing current ENCRYPTED_MEDIA in a cleaner
        way.

        * platform/GStreamer.cmake:
        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::registerWebKitGStreamerElements):
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::handleSyncMessage):
        (WebCore::extractEventsAndSystemsFromMessage): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::needKey): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::setCDMSession): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::keyAdded): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::handleProtectionEvent): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::receivedGenerateKeyRequest): Deleted.
        (WebCore::keySystemIdToUuid): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::createSession): Deleted.
        (WebCore::MediaPlayerPrivateGStreamerBase::dispatchDecryptionKey): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.h:
        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.h:
        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::AppendPipeline::AppendPipeline):
        (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
        (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
        (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
        (WebCore::appendPipelineElementMessageCallback): Deleted.
        (WebCore::AppendPipeline::dispatchPendingDecryptionKey): Deleted.
        (WebCore::AppendPipeline::dispatchDecryptionKey): Deleted.
        (WebCore::AppendPipeline::handleElementMessage): Deleted.
        * platform/graphics/gstreamer/mse/AppendPipeline.h:
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
        (WebCore::MediaPlayerPrivateGStreamerMSE::dispatchDecryptionKey): Deleted.
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:

2017-06-09  Aaron Chu  <aaron_chu@apple.com>

        AX: Media Controls: Missing labels for the Time Labels.
        https://bugs.webkit.org/show_bug.cgi?id=171715
        <rdar://problem/32009214>

        Reviewed by Antoine Quint.

        Added aria-label to describe time labels in media controls.

        * Modules/modern-media-controls/controls/slider.js:
        (Slider.prototype.set inputAccessibleLabel):
        (Slider.prototype._formatTime): Deleted.
        * Modules/modern-media-controls/controls/time-label.js:
        (TimeLabel.prototype.commitProperty):
        * Modules/modern-media-controls/main.js:
        (formatTimeToString):

2017-06-08  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix unused parameter warning after r217955.

        * platform/graphics/FontFamilySpecificationNull.h:
        (WebCore::FontFamilySpecificationNull::fontRanges):

2017-06-08  Yoav Weiss  <yoav@yoav.ws>

        [preload] Mandatory `as` value and related spec alignments
        https://bugs.webkit.org/show_bug.cgi?id=173047

        Reviewed by Dean Jackson.

        Align preload's implementation according to latest spec changes: `as` is mandatory and "fetch" replaces the previous empty `as` value,
        onerror no longer fires for invalid `as` values, and the IDL for `as` reflects only valid values, to enable feature detection.

        Related standard discussions:
        https://github.com/w3c/preload/issues/80
        https://github.com/whatwg/fetch/pull/547
        https://github.com/whatwg/fetch/pull/549
        https://github.com/whatwg/html/pull/2588

        No new tests but modified existing ones as well as their expectations.

        * html/HTMLLinkElement.cpp: Add "enumerated attribute" reflection methods to `as`.
        (WebCore::HTMLLinkElement::setAs):
        (WebCore::HTMLLinkElement::as):
        * html/HTMLLinkElement.h:
        * html/HTMLLinkElement.idl:
        * loader/LinkLoader.cpp:
        (WebCore::LinkLoader::loadLinksFromHeader): preloadIfNeeded signature change.
        (WebCore::LinkLoader::resourceTypeFromAsAttribute): Replace the empty value by "fetch".
        (WebCore::LinkLoader::preloadIfNeeded): Change the signature, as a LinkLoaderClient is no longer needed, since we don't fire error
        events from inside the function.
        (WebCore::LinkLoader::loadLink): preloadIfNeeded signature change.
        * loader/LinkLoader.h: preloadIfNeeded signature change.

2017-06-08  Chris Dumez  <cdumez@apple.com>

        [iOS] LowPowerModeNotifier notifies client on non-main thread
        https://bugs.webkit.org/show_bug.cgi?id=173115
        <rdar://problem/32644703>

        Reviewed by Ryosuke Niwa.

        Update iOS's implementation of the LowPowerModeNotifier to make sure
        we notify the client of low power mode changes on the main thread.

        * platform/ios/LowPowerModeNotifierIOS.mm:
        (-[WebLowPowerModeObserver _didReceiveLowPowerModeChange]):

2017-06-08  Ryosuke Niwa  <rniwa@webkit.org>

        Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand
        https://bugs.webkit.org/show_bug.cgi?id=173085
        <rdar://problem/32575059>

        Reviewed by Wenson Hsieh.

        The crash was caused by the condition to check for special cases failing when visiblePos is null.
        Exit early in these extreme cases.

        Also replaced the use of deprecatedNode and deprecatedEditingOffset to modern idioms.

        Test: editing/inserting/insert-horizontal-rule-in-empty-document-crash.html

        * editing/InsertParagraphSeparatorCommand.cpp:
        (WebCore::InsertParagraphSeparatorCommand::doApply):

2017-06-08  Ryosuke Niwa  <rniwa@webkit.org>

        The tree scope of an Attr node inside a shadow tree does not updated upon detach.
        https://bugs.webkit.org/show_bug.cgi?id=173122

        Reviewed by Chris Dumez.

        The crash was caused by the tree scope of an Attr detached from an element inside a shadow root
        not getting updated.

        Test: fast/dom/detaching-attr-node-in-shadow-tree-crash.html

        * dom/Attr.cpp:
        (WebCore::Attr::~Attr): Added assertions.
        (WebCore::Attr::detachFromElementWithValue): Fixed the bug by adopting Attr to Document.
        (WebCore::Attr::attachToElement): Moved the adoptIfNeeded call here from attachAttributeNodeIfNeeded.
        * dom/Element.cpp:
        (WebCore::Element::attachAttributeNodeIfNeeded):

2017-06-08  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Expand system-ui to include every item in the Core Text cascade list
        https://bugs.webkit.org/show_bug.cgi?id=173043
        <rdar://problem/21125708>

        Reviewed by Simon Fraser.

        The concept of the system font on Cocoa platforms represents the entire Core Text cascade list.
        However, previously, WebKit only represented system-ui by pulling out the first item in the Core
        Text cascade list. Instead, we should make all text rendered with "system-ui" match what the
        platform would natively render.

        Previously, we walked through the strings in the font-family property and looked them up one by
        one. However, now we want to abstract this idea of a font family to possibly hold a
        CTFontDescriptorRef instead of a string. This way, we expand a font-family list of ["fontA",
        "system-ui", "fontB"] to ["fontA", ... a bunch of CTFontDescriptorRefs ..., "FontB"]. We can
        then modify the consumer of this object to have two codepaths: the old string-based codepath,
        and a new, platform-specific codepath which simply embeds the CTFontDesriptorRefs inside a Font
        object.

        We don't want to simply pull out the family name from each item in the Core Text fallback list
        because that is a lossy translation. There is more information in these font descriptors which
        cannot be represented by CSS. Therefore, we must keep the descriptors alive and add the new
        codepath for them.

        We also don't want to run the CSS font matching algorithm on each member of the Core Text
        fallback list because it may yield different results from Core Text's font matching algorithm.
        Our goal is to draw text as closely as possible to the system APIs. If we ran it, we may find
        a font which is closer to the requested traits, but it would look out of place on the system.

        Tests: fast/text/system-font-fallback-emoji.html
               fast/text/system-font-fallback.html

        * WebCore.xcodeproj/project.pbxproj:
        * page/MemoryRelease.cpp:
        (WebCore::releaseNoncriticalMemory):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::realizeNextFallback): The consumer of our new data type. Now uses WTF::visit().
        (WebCore::FontCascadeFonts::realizeFallbackRangesAt): Now that the number of items to test
        against the current character is larger than the number of strings in the font-family list,
        we need to update the existing code to use the correct value.
        * platform/graphics/FontDescription.cpp: Default implementation for non-Cocoa ports.
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/FontDescription.h: Our new data type is a Variant of AtomicString and a
        platform-specific class. Cocoa uses a class that holds a CTFontDescriptorRef and other ports
        use an empty non-constructable class.
        * platform/graphics/FontFamilySpecificationNull.h: Added. The empty non-constructable
        class.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformInit): Changing the system language will change the system font
        fallback list, so we need to listen to this notification. This also matters for
        FontCache::systemFallbackForCharacters(), so we should build off the same callback we are
        already using for font installation.
        (WebCore::invalidateFontCache):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp: Added. The platform-specific creation of
        our CTFontDescriptorRefs. We hold them cached in a SystemFontDatabase.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::singleton):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::SystemFontDatabase::clear):
        (WebCore::SystemFontDatabase::SystemFontDatabase):
        (WebCore::SystemFontDatabase::applyWeightAndItalics):
        (WebCore::SystemFontDatabase::computeCascadeList):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal):
        (WebCore::isSystemFontString):
        (WebCore::systemFontParameters):
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount): We don't store the result of this
        because it would probably be a bad idea to increase the size of every single FontCascade just
        in case it might ask for the system font. Most fonts never mention system-ui. Because it's so
        rare, we can just recalculate the result of this as necessary. This shouldn't be slow because
        the results are cached.
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: Added.
        (WebCore::FontFamilySpecificationCoreText::fontRanges): Create a FontRanges from a
        CTFontDescriptorRef.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h: Added.
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        * platform/graphics/ios/FontCacheIOS.mm: Delete the old handling for system-ui.
        (WebCore::platformFontWithFamilySpecialCase):
        (WebCore::baseSystemFontDescriptor): Deleted.
        (WebCore::systemFontModificationAttributes): Deleted.
        (WebCore::systemFontDescriptor): Deleted.
        * platform/graphics/mac/FontCacheMac.mm: Ditto.
        (WebCore::platformFontWithFamilySpecialCase):
        (WebCore::toNSFontWeight): Deleted.

2017-06-08  Chris Dumez  <cdumez@apple.com>

        Update Timer to take a WTF::Function instead of a std::function
        https://bugs.webkit.org/show_bug.cgi?id=173113

        Reviewed by Brady Eidson.

        Update Timer to take a WTF::Function instead of a std::function as we prefer
        to use WTF::Function in WebKit.

        * platform/GenericTaskQueue.cpp:
        (WebCore::TaskDispatcher<Timer>::sharedTimer):
        * platform/Timer.h:
        (WebCore::Timer::Timer):
        (WebCore::DeferrableOneShotTimer::DeferrableOneShotTimer):

2017-06-08  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [WebRTC] enableMockMediaEndpoint() is only used for the OpenWebRTC backend.
        https://bugs.webkit.org/show_bug.cgi?id=173108

        Reviewed by Eric Carlson.

        Covered by existing tests.

        * testing/Internals.cpp:
        (WebCore::Internals::Internals):
        (WebCore::Internals::enableMockMediaEndpoint):
        * testing/Internals.h:

2017-06-08  Antoine Quint  <graouts@apple.com>

        [iOS] Buttons in top-left and bottom media controls bar are positioned too high
        https://bugs.webkit.org/show_bug.cgi?id=173111
        <rdar://problem/32650615>

        Reviewed by Jon Lee.

        Test: media/modern-media-controls/ios-inline-media-controls/ios-inline-media-controls-button-padding.html

        Since we use flex box to vertically center buttons in a buttons container, there is no
        need to offset the button due to padding in the y-axis.

        * Modules/modern-media-controls/controls/buttons-container.css:
        (.ios .buttons-container button):

2017-06-08  Jeremy Jones  <jeremyj@apple.com>

        Implement additional AVPlayerController interfaces for minTime and maxTime.
        https://bugs.webkit.org/show_bug.cgi?id=172396
        rdar://problem/30737452

        Reviewed by Jer Noble.

        No new tests because no change to DOM.

        Add support for new HLS UI in AVKit.

        This adds new properties (seekableTimeRangesLastModifiedTime, liveUpdateInterval, minTiming, maxTiming) to WebAVPlayerController.
        Plumb these properties from AVPlayer up to AVKit.

        Switch WebPlaybackSessionModelMediaElement from updating seekableRangesChanged using timeupdate event to using progress event.

        Enable progress events on iOS.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::loadResource):
        (WebCore::HTMLMediaElement::seekableTimeRangesLastModifiedTime):
        (WebCore::HTMLMediaElement::liveUpdateInterval):
        * html/HTMLMediaElement.h:
        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:
        * platform/cocoa/WebPlaybackSessionModel.h:
        (WebCore::WebPlaybackSessionModelClient::seekableRangesChanged):
        * platform/cocoa/WebPlaybackSessionModelMediaElement.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
        (WebCore::WebPlaybackSessionModelMediaElement::updateForEventName):
        (WebCore::WebPlaybackSessionModelMediaElement::observedEventNames):
        (WebCore::WebPlaybackSessionModelMediaElement::seekableTimeRangesLastModifiedTime):
        (WebCore::WebPlaybackSessionModelMediaElement::liveUpdateInterval):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::seekableTimeRangesLastModifiedTime):
        (WebCore::MediaPlayer::liveUpdateInterval):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::seekableTimeRangesLastModifiedTime):
        (WebCore::MediaPlayerPrivateInterface::liveUpdateInterval):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::seekableTimeRangesLastModifiedTime):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::liveUpdateInterval):
        * platform/ios/WebAVPlayerController.h:
        * platform/ios/WebAVPlayerController.mm:
        (-[WebAVPlayerController init]):
        (-[WebAVPlayerController dealloc]):
        (-[WebAVPlayerController observeValueForKeyPath:ofObject:change:context:]):
        (-[WebAVPlayerController updateMinMaxTiming]):
        (-[WebAVPlayerController hasSeekableLiveStreamingContent]):
        (+[WebAVPlayerController keyPathsForValuesAffectingHasSeekableLiveStreamingContent]):
        (-[WebAVPlayerController resetMediaState]):
        * platform/ios/WebPlaybackSessionInterfaceAVKit.h:
        * platform/ios/WebPlaybackSessionInterfaceAVKit.mm:
        (WebCore::WebPlaybackSessionInterfaceAVKit::WebPlaybackSessionInterfaceAVKit):
        (WebCore::WebPlaybackSessionInterfaceAVKit::resetMediaState):
        (WebCore::WebPlaybackSessionInterfaceAVKit::seekableRangesChanged):
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::seekableRangesChanged):
        (WebVideoFullscreenControllerContext::seekableTimeRangesLastModifiedTime):
        (WebVideoFullscreenControllerContext::liveUpdateInterval):
        * platform/mac/WebPlaybackSessionInterfaceMac.h:
        * platform/mac/WebPlaybackSessionInterfaceMac.mm:
        (WebCore::WebPlaybackSessionInterfaceMac::seekableRangesChanged):
        * platform/spi/cocoa/AVKitSPI.h:
        * platform/spi/mac/AVFoundationSPI.h:

2017-06-07  Dave Hyatt  <hyatt@apple.com>

        Laili restaurant menu page does not display full menu
        https://bugs.webkit.org/show_bug.cgi?id=173062
        rdar://problem/32436486

        Reviewed by Simon Fraser.

        Percentage heights inside auto containing blocks were handled correctly by
        hasReplacedLogicalHeight, which checked hasAutoHeightOrContainingBlockWithAutoHeight
        properly. min-max-height were not handled properly though and need to do the same check.
        
        There is also now a quirk for iBooks to preserve the old behavior, since they depend
        on the old behavior to constrain the height of images to a page.

        Test: fast/replaced/max-height-percent-inside-auto-block.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::replacedMinMaxLogicalHeightComputesAsNone):
        Add a new helper that resolves min and max logical height values to none for
        replaced elements with percentage min/max heights inside auto containing blocks.

        (WebCore::RenderBox::computeReplacedLogicalHeightRespectingMinMaxHeight):
        Change the min/max-height constraint function for replaced elements to call the
        new helper function.

        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.h:
        Move a function from private to protected so that RenderBox can access it.

2017-06-08  Tim Horton  <timothy_horton@apple.com>

        Add a borderless mode to <attachment>, and make it respect its layout size
        https://bugs.webkit.org/show_bug.cgi?id=173079
        <rdar://problem/32491584>

        Reviewed by Simon Fraser.

        Tests: fast/attachment/attachment-borderless.html
               fast/attachment/attachment-respects-css-size.html

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSValueKeywords.in:
        * platform/ThemeTypes.h:
        * rendering/RenderAttachment.cpp:
        (WebCore::RenderAttachment::shouldDrawBorder):
        * rendering/RenderAttachment.h:
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        (WebCore::RenderTheme::paint):
        Add "-webkit-appearance: borderless-attachment;" in addition to "attachment",
        so clients can specify the borderless appearance. This isn't specified as a
        CSS border because it's a very custom appearance that isn't achievable that way.

        * rendering/RenderThemeIOS.mm:
        (WebCore::AttachmentInfo::AttachmentInfo):
        Use the layout size of the attachment, not the fixed size; we use the fixed
        size as our intrinsic size, so most attachments will still be that size,
        but if a client specifies a different size, we'll lay out correctly.

2017-06-08  Jer Noble  <jer.noble@apple.com>

        YouTube audio stutters when page changes visibility.
        https://bugs.webkit.org/show_bug.cgi?id=173102

        Reviewed by Eric Carlson.

        Don't change renderers when the visibility changes; only use the decompression session
        when we were explicitly asked to paint into an accelerated surface.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged):

2017-06-08  Jer Noble  <jer.noble@apple.com>

        Clients of the WK2 C-API don't have their mediaContentTypesRequiringHardwareSupport setting initialized correctly.
        https://bugs.webkit.org/show_bug.cgi?id=173091

        Reviewed by Eric Carlson.

        Add a new default setting value, defined separately in Settings and SettingsCocoa.

        * page/Settings.cpp:
        (WebCore::Settings::defaultMediaContentTypesRequiringHardwareSupport):
        * page/Settings.h:
        * page/cocoa/SettingsCocoa.mm:
        (WebCore::Settings::defaultMediaContentTypesRequiringHardwareSupport):

2017-06-08  Jer Noble  <jer.noble@apple.com>

        Take the mediaContentTypesRequiringHardwareSupport Setting into account when answering HTMLMediaElement::canPlayType()
        https://bugs.webkit.org/show_bug.cgi?id=173092

        Reviewed by Eric Carlson.

        Pass the value of mediaContentTypesRequiringHardwareSupport into the MediaPlayer when querying canPlayType().
        Then, use the existing code in AVAssetTrackUtilities to know whether to bail out early from the codec check.

        Drive-by fix: FourCC was converting String -> FourCC in reverse.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::canPlayType):
        * platform/graphics/FourCC.cpp:
        (WebCore::FourCC::fromString):
        * platform/graphics/avfoundation/objc/AVAssetTrackUtilities.h:
        * platform/graphics/avfoundation/objc/AVAssetTrackUtilities.mm:
        (WebCore::contentTypesToCodecs):
        (WebCore::codecsMeetHardwareDecodeRequirements):
        (WebCore::contentTypeMeetsHardwareDecodeRequirements):
        (WebCore::assetTrackMeetsHardwareDecodeRequirements):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::supportsType):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType):

2017-06-08  Chris Dumez  <cdumez@apple.com>

        ASSERTION FAILED: !m_isolatedWorld->isNormal() || m_wrapper || !m_jsFunction on webrtc/ephemeral-certificates-and-cnames.html
        https://bugs.webkit.org/show_bug.cgi?id=173039
        <rdar://problem/32600412>

        Reviewed by Youenn Fablet.

        RTCPeerConnection was an ActiveDOMObject but failed to override ActiveDOMObject::hasPendingActivity()
        to make sure its JS wrapper stays alive as long as it needs to. In this patch, we override
        ActiveDOMObject::hasPendingActivity() and have it return true if !m_isStopped. I believe this is
        the right thing to do to keep the wrapper alive as long as the connection is not closed.
        RTCPeerConnection::close() closes the connection and then posts a task to call
        RTCPeerConnection::doStop(), setting m_isStopped to true.

        No new tests, already covered by webrtc/ephemeral-certificates-and-cnames.html which
        was a flaky crash.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::canSuspendForDocumentSuspension):
        (WebCore::RTCPeerConnection::hasPendingActivity):
        * Modules/mediastream/RTCPeerConnection.h:

2017-06-08  Miguel Gomez  <magomez@igalia.com>

        [GTK][WPE][GSTREAMER_GL] Change the colorspace used by the video frames provided by GStreamer
        https://bugs.webkit.org/show_bug.cgi?id=173050

        Reviewed by Žan Doberšek.

        We are currently requesting RGBA as the color format of the video frames to gstreamer. This is a problem
        because when those frames are rendered with the CPU, the R and B components are swapped as cairo expects
        ARGB and GStreamer delivers ABGR.

        In order to fix this without performing color conversions on the CPU, what we do is change the format
        used by GStreamer for the video frames. We do that taking into account the endianness used. So with
        little endian we will use BGRx or BGRA and with big endian xRGB or ARGB. Thanks to this, when downloading
        the frames to the CPU they will automatically be turned into the ARGB expected by cairo. Also, when
        rendering the frames using OpenGL, we indicate that the color space needs to be converted to the RGBA
        expected by the destination texture (but this color conversion is performed by the GPU so there's no
        penalty).

        Covered by existent tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
        (WebCore::MediaPlayerPrivateGStreamerBase::copyVideoTextureToPlatformTexture):
        (WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
        (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
        * platform/graphics/gstreamer/VideoTextureCopierGStreamer.cpp:
        (WebCore::VideoTextureCopierGStreamer::VideoTextureCopierGStreamer):
        (WebCore::VideoTextureCopierGStreamer::updateColorConversionMatrix):
        (WebCore::VideoTextureCopierGStreamer::copyVideoTextureToPlatformTexture):
        * platform/graphics/gstreamer/VideoTextureCopierGStreamer.h:
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::colorSpaceMatrixForFlags):
        * platform/graphics/texmap/TextureMapperGL.h:

2017-06-07  Ryosuke Niwa  <rniwa@webkit.org>

        IsInShadowTreeFlag does not get updated for a non-container node
        https://bugs.webkit.org/show_bug.cgi?id=173084

        Reviewed by Antti Koivisto.

        insertedInto and removedFrom were only called on ContainerNode nodes when they're not connected to a document.
        As a result IsInShadowTreeFlag could have gotten out-of-date when a node was inserted or removed from a shadow root
        which is not connected to a document.

        Fixed this inconsistency by always falling insertedInto and removedFrom on all nodes.

        * dom/ContainerNodeAlgorithms.cpp:
        (WebCore::notifyNodeInsertedIntoDocument): Merged notifyDescendantInsertedIntoDocument. Now takes a Node instead
        of a ContainerNode.
        (WebCore::notifyNodeInsertedIntoTree): Merged notifyDescendantInsertedIntoTree. Now takes a Node instead of
        a ContainerNode.
        (WebCore::notifyChildNodeInserted): Always call notifyNodeInsertedIntoTree on an inserted node.
        (WebCore::notifyNodeRemovedFromDocument): Now takes a Node instead of a ContainerNode.
        (WebCore::notifyNodeRemovedFromTree): Ditto.
        (WebCore::notifyChildNodeRemoved): Always call notifyNodeRemovedFromTree on an inserted node.
        (WebCore::addChildNodesToDeletionQueue): Directly call adoptIfNeeded on document() since onwerDocument() only returns
        nullptr on a Document node but this function is never called on a root node and Document can only be a root node.
        Also assert that a node not put into the deletion queue is no longer in a document or a shadow tree.

        * dom/Node.cpp:
        (WebCore::Node::insertedInto): Removed the assertion that's no longer true.
        (WebCore::Node::removedFrom): Ditto.

2017-06-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [WPE] Enable resource usage
        https://bugs.webkit.org/show_bug.cgi?id=173054

        Reviewed by Žan Doberšek.

        Add resource usage linux files to the compilation.

        * PlatformWPE.cmake:

2017-06-07  Jer Noble  <jer.noble@apple.com>

        [Web Audio] createScriptProcessor throws IndexSizeError for valid arguments
        https://bugs.webkit.org/show_bug.cgi?id=173022

        Reviewed by Sam Weinig.

        Updated test: webaudio/javascriptaudionode.html

        The Web Audio spec (<https://webaudio.github.io/web-audio-api/>, 06 June 2017) defines a default behavior when
        clients pass in a value of 0 for bufferSize to the createScriptProcessor() method.

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::createScriptProcessor):
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::create):
        * Modules/webaudio/ScriptProcessorNode.h:

2017-06-07  Chris Dumez  <cdumez@apple.com>

        CSSStyleRule.style / CSSPageRule.style / CSSKeyframeRule.style should be settable
        https://bugs.webkit.org/show_bug.cgi?id=164537
        <rdar://problem/29181773>

        Reviewed by Sam Weinig.

        CSSStyleRule.style / CSSPageRule.style / CSSKeyframeRule.style should be settable
        as per:
        - https://drafts.csswg.org/cssom/#the-cssstylerule-interface
        - https://drafts.csswg.org/cssom/#the-csspagerule-interface
        - https://drafts.csswg.org/css-animations/#interface-csskeyframerule

        Tests:
        http/wpt/cssom/CSSPageRule.html
        imported/w3c/web-platform-tests/cssom/CSSKeyframe