ChangeLog   [plain text]


2017-11-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r224405. rdar://problem/35296405

    2017-11-03  Ryosuke Niwa  <rniwa@webkit.org>

            Crash inside ChildListMutationAccumulator::enqueueMutationRecord()
            https://bugs.webkit.org/show_bug.cgi?id=179234
            <rdar://problem/35287748>

            Reviewed by Darin Adler.

            Fixed the crash by keeping MutationObserver referenced by MutationObserverInterestGroup alive.

            Also added hasCallback() virtual function on MutationObserver to check whether the callback is alive
            to work around the bug that JS function referenced by MutationObserver isn't kept alive.
            We'll address this bug separately in https://webkit.org/b/179224.

            Test: fast/dom/MutationObserver/disconnect-observer-while-mutation-records-are-enqueued-crash.html

            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateCallbackHeaderContent): Added an override for the newly added virtual hasCallback().
            * dom/MutationCallback.h:
            * dom/MutationObserver.cpp:
            (WebCore::MutationObserver::deliver): Added the aforementioned workaround.
            * dom/MutationObserverInterestGroup.cpp:
            (WebCore::MutationObserverInterestGroup::MutationObserverInterestGroup): Fixed the crash by using Ref.
            (WebCore::MutationObserverInterestGroup::enqueueMutationRecord): Ditto.
            * dom/MutationObserverInterestGroup.h:
            * dom/NativeNodeFilter.cpp:
            (WebCore::NativeNodeFilter::hasCallback const): Always return true here. This function is never called
            but we still need to implement it since NodeFilter has a pure virtual hasCallback() now.
            * dom/NativeNodeFilter.h:
            * dom/Node.cpp:
            (WebCore::collectMatchingObserversForMutation): Use Ref to fix the crash.
            (WebCore::Node::registeredMutationObservers): Ditto.
            * dom/Node.h:
            * dom/NodeFilter.h:

2017-11-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r224398. rdar://problem/35329714

    2017-11-03  Daniel Bates  <dabates@apple.com>

            Invalidate node list when associated form control element is removed
            https://bugs.webkit.org/show_bug.cgi?id=179232
            <rdar://problem/35308269>

            Reviewed by Ryosuke Niwa.

            A node list represents a live view of the DOM. Invalidate the node list
            associated with a form element whenever one of its associated form control
            elements is removed.

            Test: fast/forms/node-list-remove-button-from-form.html

            * html/HTMLFormElement.cpp:
            (WebCore::HTMLFormElement::removeFormElement):

2017-10-29  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r224134. rdar://problem/35143359

    2017-10-27  Daniel Bates  <dabates@apple.com>

            Only allow non-mixed content protected subresources to ask for credentials
            https://bugs.webkit.org/show_bug.cgi?id=178919
            <rdar://problem/35015245>

            Reviewed by Alex Christensen.

            Only allow non-mixed content protected subresources to ask for credentials. It is not meaningful
            to allow protected mixed-content subresources to ask for credentials.

            Tests: http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html
                   http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script.html
                   http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet.html
                   http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html
                   http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html
                   http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

            * loader/ResourceLoader.cpp:
            (WebCore::ResourceLoader::ResourceLoader): Initialize m_canAskClientForCredentials based on the
            specified resource loader options.
            (WebCore::ResourceLoader::init): Update m_canAskClientForCredentials based on the URL of the initial
            request.
            (WebCore::ResourceLoader::isMixedContent const): Helper function to check if the specified URL
            represents a mixed content resource.
            (WebCore::ResourceLoader::willSendRequestInternal): If the original request or the redirect request
            is mixed content then update state such that we will disallow asking for credentials.
            (WebCore::ResourceLoader::isAllowedToAskUserForCredentials const): Modified to use m_canAskClientForCredentials
            when determining whether the request is allowed to ask for credentials.
            * loader/ResourceLoader.h:

2017-10-27  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221233. rdar://problem/35228663

    2017-08-27  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS WK2] Web process crashes after changing selection to the end of the document when speaking a selection
            https://bugs.webkit.org/show_bug.cgi?id=176011
            <rdar://problem/32614095>

            Reviewed by Ryosuke Niwa.

            Adds a null check to visiblePositionForPositionWithOffset. This is a crash point for accessibility codepaths,
            since indexForVisiblePosition is not guaranteed to set the given `root` outparam to a non-null value, yet
            visiblePositionForIndex requires root to be non-null. This causes a crash when selecting some text, hitting
            'Speak', and then changing the selection to somewhere near the end of the document, since accessibility code
            will attempt to speak words at an offset past the end of the document. While this is a bug in and of itself, the
            web process should still handle this case gracefully and not crash. To fix this, we simply bail and return a
            null VisiblePosition if a root container node was not found.

            Currently, visiblePositionForPositionWithOffset is implemented twice, in WebCore (AXObjectCache.cpp) and also in
            WebKit (WebPageIOS.mm), as identical static functions. This patch moves this helper into Editing.cpp and removes
            it from AXObjectCache and WebPageIOS.

            Tests: AccessibilityTests.RectsForSpeakingSelectionBasic
                   AccessibilityTests.RectsForSpeakingSelectionWithLineWrapping
                   AccessibilityTests.RectsForSpeakingSelectionDoNotCrashWhenChangingSelection

            * accessibility/AXObjectCache.cpp:
            (WebCore::visiblePositionForPositionWithOffset): Deleted.
            * editing/Editing.cpp:
            (WebCore::visiblePositionForPositionWithOffset):
            * editing/Editing.h:

2017-10-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223974. rdar://problem/35178887

    2017-10-25  Jer Noble  <jer.noble@apple.com>

            UNPACK_FLIP_Y is broken for MSE-backed videos
            https://bugs.webkit.org/show_bug.cgi?id=178774

            Reviewed by Dean Jackson.

            The global GLSL variable gl_Position can apparently only be set once, and any modifications
            made after that initial set are ignored. So rather than implement flipping by changing
            gl_Position.y, flip the texture coordinates instead.

            Drive-by fix: some of the constants used in VideoTextureCopierCV are not defined on older
            macOS versions, so make them optional.

            Tests: fast/canvas/webgl/texImage2D-mse-flipY-false.html
                   fast/canvas/webgl/texImage2D-mse-flipY-true.html

            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::transferFunctionFromString):
            (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
            * platform/cocoa/CoreVideoSoftLink.cpp:
            * platform/cocoa/CoreVideoSoftLink.h:

2017-10-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223960. rdar://problem/35178892

    2017-10-25  Jer Noble  <jer.noble@apple.com>

            Autoplay muted videos still stop playback of other streaming apps in the background
            https://bugs.webkit.org/show_bug.cgi?id=177920

            Reviewed by Eric Carlson.

            When creating a new <video> or <audio> element, the global AudioSession can sometimes have
            its sessionCategory() set to "MediaPlayback", even if the element does not yet have a
            source. This is because the constructor for the MediaElementSession is called before
            m_isPlayingToWirelessTarget is initialized, and so in the MediaElementSession constructor,
            the media element's m_isPlayingToWirelessTarget ivar is sometimes (uninitialized) true.

            We could move the MediaElementSession ivar to the very end of the header, so it's
            initialized last, but that still leaves the possibility of the MediaElementSession et. all
            calling into the HTMLMediaElement before it's subclass's constructors have a chance to
            initialize their own ivars (much less their vtables). So instead, we'll create and set the
            MediaElementSession in a finishInitialization() method called from the HTMLVideoElement and
            HTMLAudioElement's create() factory methods.

            * html/HTMLAudioElement.cpp:
            (WebCore::HTMLAudioElement::create):
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
            (WebCore::HTMLMediaElement::finishInitialization):
            * html/HTMLMediaElement.h:
            * html/HTMLVideoElement.cpp:
            (WebCore::HTMLVideoElement::create):

2017-10-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223578. rdar://problem/34891313

    2017-10-17  Myles C. Maxfield  <mmaxfield@apple.com>

            Delete button doesn't fully delete certain emoji
            https://bugs.webkit.org/show_bug.cgi?id=178096
            <rdar://problem/34785106>

            Reviewed by Simon Fraser.

            System infrastructure for handling emoji changes every year. Instead of having
            custom code to specifically walk over codepoints, we should delegate to the
            system handling.

            Tests: editing/deleting/delete-emoji.html
                   editing/deleting/delete-emoji-1.html
                   editing/deleting/delete-emoji-2.html
                   editing/deleting/delete-emoji-3.html
                   editing/deleting/delete-emoji-4.html
                   editing/deleting/delete-emoji-5.html
                   editing/deleting/delete-emoji-6.html
                   editing/deleting/delete-emoji-7.html
                   editing/deleting/delete-emoji-8.html
                   editing/deleting/delete-emoji-9.html

            * rendering/RenderText.cpp:
            (WebCore::RenderText::previousOffset const):
            (WebCore::RenderText::previousOffsetForBackwardDeletion const):
            (WebCore::RenderText::nextOffset const):
            (WebCore::isHangulLVT): Deleted.
            (WebCore::isMark): Deleted.
            (WebCore::isRegionalIndicator): Deleted.
            (WebCore::isInArmenianToLimbuRange): Deleted.

2017-10-20  Dean Jackson  <dino@apple.com>

        Cherry-pick r223707 and r223711. rdar://problem/35099869

    2017-10-19  Dean Jackson  <dino@apple.com>

            Avoid duplicate multisample resolve before WebGL compositing
            https://bugs.webkit.org/show_bug.cgi?id=178537
            <rdar://problem/35080724>

            Fix iOS build.

            * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
            (WebCore::GraphicsContext3D::paintRenderingResultsToCanvas):

    2017-10-19  Dean Jackson  <dino@apple.com>

            Avoid duplicate multisample resolve before WebGL compositing
            https://bugs.webkit.org/show_bug.cgi?id=178537
            <rdar://problem/35080724>

            Reviewed by Jer Noble.

            Both endPaint and prepareTexture were doing the MSAA resolve
            into the renderbuffer, and being called on macOS before compositing.
            Without that step, endPaint became unnecessary on iOS so I renamed
            it presentRenderbuffer.

            Covered by existing tests.

            * platform/graphics/GraphicsContext3D.h:
            * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
            (WebCore::GraphicsContext3D::presentRenderbuffer):
            (WebCore::GraphicsContext3D::endPaint): Deleted.
            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer display]):

2017-10-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223708. rdar://problem/34771406

    2017-10-19  Tim Horton  <timothy_horton@apple.com>

            Expand r209943 to suppress paste during provisional navigation as well
            https://bugs.webkit.org/show_bug.cgi?id=178429
            <rdar://problem/33952830>

            Reviewed by Dean Jackson.

            No new tests; adjusted an existing test to cover this case.

            * editing/Editor.cpp:
            (WebCore::Editor::canPaste const):
            Disable pasting during provisional navigation, like r209943 did for
            various other forms of text input.

            (WebCore::Editor::shouldInsertText const):
            * dom/EventDispatcher.cpp:
            (WebCore::shouldSuppressEventDispatchInDOM):
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::shouldSuppressTextInputFromEditing const):
            (WebCore::FrameLoader::shouldSuppressKeyboardInput const): Deleted.
            * loader/FrameLoader.h:
            * page/Settings.in:
            Rename the setting to be about editing-related text input, not "keyboard" input.

            * editing/EditorCommand.cpp:
            (WebCore::allowExecutionWhenDisabled):
            (WebCore::doNotAllowExecutionWhenDisabled):
            (WebCore::allowExecutionWhenDisabledCopyCut):
            (WebCore::allowExecutionWhenDisabledPaste):
            (WebCore::createCommandMap):
            (WebCore::Editor::Command::allowExecutionWhenDisabled const):
            Completely disable execution of paste events when in no-text-input-from-editing mode.
            Otherwise, even though canPaste was false and we wouldn't do a default paste action,
            we would still dispatch the paste event to the DOM.

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223442. rdar://problem/34745623

    2017-10-16  Maureen Daum  <mdaum@apple.com>

            If an origin doesn't have databases in the Databases table we should still remove its information from disk in DatabaseTracker::deleteOrigin()
            https://bugs.webkit.org/show_bug.cgi?id=178281
            <rdar://problem/34576132>

            Reviewed by Brent Fulgham.

            New test:
            DatabaseTracker.DeleteOriginWithMissingEntryInDatabasesTable

            * Modules/webdatabase/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::deleteOrigin):
            If databaseNames is empty, don't bail early. Instead, delete everything in the directory
            containing the databases for this origin. This condition indicates that we previously
            tried to remove the origin but didn't get all of the way through the deletion process.
            Because we have lost track of the databases for this origin, we can assume that no
            other process is accessing them. This means it should be safe to delete them outright.

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223438. rdar://problem/34745623

    2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

            Unreviewed attempt to fix the Windows debug build.

            * Modules/webdatabase/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::deleteOrigin):

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223427. rdar://problem/34745623

    2017-10-16  Maureen Daum  <mdaum@apple.com>

            If we fail to delete any database file, don't remove its information from the tracker database
            <rdar://problem/34576132> and https://bugs.webkit.org/show_bug.cgi?id=178251

            Reviewed by Brady Eidson.

            New tests:
            DatabaseTracker.DeleteDatabase
            DatabaseTracker.DeleteDatabaseWhenDatabaseDoesNotExist
            DatabaseTracker.DeleteOrigin
            DatabaseTracker.DeleteOriginWhenDeletingADatabaseFails
            DatabaseTracker.DeleteOriginWhenDatabaseDoesNotExist

            * Modules/webdatabase/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
            If the database doesn't exist, we previously deleted it but failed to remove the
            information from the tracker database. We still want to delete all of the information
            associated with this database from the tracker database, so add it to databaseNamesToDelete.
            (WebCore::DatabaseTracker::deleteOrigin):
            If a database doesn't exist, don't try to delete it. We don't need to, but more
            importantly, deleteDatabaseFile() will fail if the database doesn't exist, which
            will cause us to incorrectly think we failed to remove database information from disk.
            If we actually fail to delete any database file, return before we remove the origin
            information from the tracker database so we don't lose track of the database.
            (WebCore::DatabaseTracker::deleteDatabase):
            If a database doesn't exist, don't try to delete it. We don't need to, but also it
            will cause us to incorrectly think that we were unable to delete a database, so we
            would bail before we remove the database information from the tracker database. We
            want to remove the database information from the tracker database because the database
            doesn't exist.
            * Modules/webdatabase/DatabaseTracker.h:
            Expose fullPathForDatabase() for use by tests.
            * platform/Logging.h:
            Add a logging channel.

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223565. rdar://problem/35041490

    2017-10-17  John Wilander  <wilander@apple.com>

            Add and remove cookie partition accordingly in intermediary redirect requests
            https://bugs.webkit.org/show_bug.cgi?id=178369
            <rdar://problem/34467603>

            Reviewed by Brent Fulgham.

            Tests: http/tests/resourceLoadStatistics/add-partitioning-to-redirect.html
                   http/tests/resourceLoadStatistics/remove-partitioning-from-redirect.html

            * loader/ResourceLoadObserver.h:
                Now exposes notifyObserver() so that it can be triggered
                by the TestRunner.
                Removed unimplemented ResourceLoadObserver::setShouldThrottleObserverNotifications().

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223253. rdar://problem/35077489

    2017-10-12  John Wilander  <wilander@apple.com>

            ResourceLoadObserver::logFrameNavigation() should use redirectResponse.url()
            https://bugs.webkit.org/show_bug.cgi?id=175257
            <rdar://problem/33359866>

            Reviewed by Brent Fulgham.

            This patch was joint work between Michael Specter and John Wilander.

            Tests: http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
                   http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
                   http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
                   http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
                   http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
                   http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
                   http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::willSendRequest):
                Now sends redirectResponse.url() to WebCore::ResourceLoadObserver::logFrameNavigation().
            * loader/ResourceLoadObserver.cpp:
            (WebCore::ResourceLoadObserver::logFrameNavigation):
                Now receives the redirect response URL from WebCore::DocumentLoader().
            (WebCore::ResourceLoadObserver::nonNullOwnerURL const):
                New function to traverse the frame chain upward and find the first non-null URL.
            * loader/ResourceLoadObserver.h:

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223451. rdar://problem/34985194

    2017-10-12  Matt Rajca  <mrajca@apple.com>

            Add API support for quirk that lets an arbitrary click allow auto-play.
            https://bugs.webkit.org/show_bug.cgi?id=178227

            Reviewed by Alex Christensen.

            Added API test.

            Instead of hardcoding sites in WebCore, let API clients control which websites opt into the quirk that lets
            an arbitrary click allow auto-play via website policies.

            * html/MediaElementSession.cpp:
            (WebCore::needsArbitraryUserGestureAutoplayQuirk):
            * loader/DocumentLoader.h:

2017-10-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223436. rdar://problem/35061711

    2017-10-16  Chris Dumez  <cdumez@apple.com>

            Log using differential privacy domains where the WebContent process crashes
            https://bugs.webkit.org/show_bug.cgi?id=178346
            <rdar://problem/33293830>

            Reviewed by Alex Christensen.

            Add new diagnostic logging key for domain causing crashes.

            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::domainCausingCrashKey):
            * page/DiagnosticLoggingKeys.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221921. rdar://problem/35041482

    2017-09-12  Daniel Bates  <dabates@apple.com>

            REGRESSION (r215784): The title of right-to-left pages are empty
            https://bugs.webkit.org/show_bug.cgi?id=176746
            <rdar://problem/34211419>

            Reviewed by Brent Fulgham.

            Left truncate a long right-to-left title.

            Right-to-left text represents the visual ordering of text. Internally WebKit stores
            right-to-left text identically to left-to-right text in memory. So, we can use the
            same string operation to truncate right-to-left text as we do to truncate left-to-right
            text.

            * platform/text/StringWithDirection.h:
            (WebCore::truncateFromEnd):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223589. rdar://problem/34771462

    2017-10-17  Myles C. Maxfield  <mmaxfield@apple.com>

            [Regression] Webkit "-apple-system" font fallback token handles font weights of PingFang incorrectly.
            https://bugs.webkit.org/show_bug.cgi?id=177345
            <rdar://problem/32975942>

            Reviewed by Jon Lee.

            This bug has a fairly insideous cause. In particular, the system font fallback path follows
            system conventions, which are not the same as the CSS fallback path. For example, the Chinese
            fallback of San Francisco weight 600 is Ping Fang weight 500. This doesn't match our
            assumptions in CSS, because Ping Fang does have a 600 weight, which CSS would think is closer.
            However, the whole point of system-ui is that it follows the system fallback path, not CSS's.
            Therefore, falling back from a bold system-ui request to a non-bold fallback font is correct
            and expected, and we shouldn't synthesize bold in this situation.

            Test: fast/text/system-ui-chinese-bold-fallback.html

            * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
            (WebCore::FontFamilySpecificationCoreText::fontRanges const):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223580. rdar://problem/34958773

    2017-10-16  Andy Estes  <aestes@apple.com>

            [Apple Pay] Add subLocality and subAdministrativeArea to ApplePayPaymentContact and ApplePayError
            https://bugs.webkit.org/show_bug.cgi?id=178191
            <rdar://problem/34906367>

            Reviewed by Tim Horton.

            Added test cases to http/tests/ssl/applepay/ApplePaySession.html.

            * Modules/applepay/ApplePayError.idl:
            * Modules/applepay/ApplePayPaymentContact.h:
            * Modules/applepay/ApplePayPaymentContact.idl:
            * Modules/applepay/ApplePaySessionPaymentRequest.h:
            * Modules/applepay/cocoa/PaymentContactCocoa.mm:
            (WebCore::subLocality):
            (WebCore::setSubLocality):
            (WebCore::subAdministrativeArea):
            (WebCore::setSubAdministrativeArea):
            (WebCore::convert):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223424. rdar://problem/34745623

    2017-10-16  Alex Christensen  <achristensen@webkit.org>

            Fix iOS build after r223422
            https://bugs.webkit.org/show_bug.cgi?id=178251

            * Modules/webdatabase/DatabaseManager.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223423. rdar://problem/34745623

    2017-10-16  Maureen Daum  <mdaum@apple.com>

            We should wrap the removal of information from the tracker database in a transaction in DatabaseTracker::deleteOrigin()
            https://bugs.webkit.org/show_bug.cgi?id=178274
            <rdar://problem/34576132>

            Reviewed by Tim Horton.

            * Modules/webdatabase/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::deleteOrigin):
            Wrap the removal of information from the tracker database in a transaction so that
            we don't end up in a case where only one of the tables contains information about
            an origin.
            If anything goes wrong when we're modifying the tracker database, rollback the transaction
            before bailing.

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223420. rdar://problem/34745623

    2017-10-16  Ryan Haddad  <ryanhaddad@apple.com>

            Unreviewed, rolling out r223419.

            This change broke the Windows build.

            Reverted changeset:

            "If we fail to delete any database file, don't remove its
            information from the tracker database"
            https://bugs.webkit.org/show_bug.cgi?id=178251
            https://trac.webkit.org/changeset/223419

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223419. rdar://problem/34745623

    2017-10-16  Maureen Daum  <mdaum@apple.com>

            If we fail to delete any database file, don't remove its information from the tracker database
            <rdar://problem/34576132> and https://bugs.webkit.org/show_bug.cgi?id=178251

            Reviewed by Brady Eidson.

            New tests:
            DatabaseTracker.DeleteDatabase
            DatabaseTracker.DeleteDatabaseWhenDatabaseDoesNotExist
            DatabaseTracker.DeleteOrigin
            DatabaseTracker.DeleteOriginWhenDeletingADatabaseFails
            DatabaseTracker.DeleteOriginWhenDatabaseDoesNotExist

            * Modules/webdatabase/DatabaseTracker.cpp:
            (WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
            If the database doesn't exist, we previously deleted it but failed to remove the
            information from the tracker database. We still want to delete all of the information
            associated with this database from the tracker database, so add it to databaseNamesToDelete.
            (WebCore::DatabaseTracker::deleteOrigin):
            If a database doesn't exist, don't try to delete it. We don't need to, but more
            importantly, deleteDatabaseFile() will fail if the database doesn't exist, which
            will cause us to incorrectly think we failed to remove database information from disk.
            If we actually fail to delete any database file, return before we remove the origin
            information from the tracker database so we don't lose track of the database.
            (WebCore::DatabaseTracker::deleteDatabase):
            If a database doesn't exist, don't try to delete it. We don't need to, but also it
            will cause us to incorrectly think that we were unable to delete a database, so we
            would bail before we remove the database information from the tracker database. We
            want to remove the database information from the tracker database because the database
            doesn't exist.
            * Modules/webdatabase/DatabaseTracker.h:
            Expose fullPathForDatabase() for use by tests.
            * platform/Logging.h:
            Add a logging channel.

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223228. rdar://problem/35061705

    2017-10-11  Brent Fulgham  <bfulgham@apple.com>

            Correct nullptr deref in selection handling.
            https://bugs.webkit.org/show_bug.cgi?id=178189
            <rdar://problem/33833012>

            Reviewed by Ryosuke Niwa.

            The VisibleSelection::toNormalizedRange returns nullptr for certain conditions (e.g., 'isNone'
            and 'isOrphaned' cases). It's possible to crash the WebProcess by executing a code path with
            an orphaned selection range.

            The return value of 'toNormalizedRange' is checked for nullptr in many places, but not everywhere.
            This patch adds those missing nullptr checks.

            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
            * editing/DeleteSelectionCommand.cpp:
            (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
            * editing/EditingStyle.cpp:
            (WebCore::EditingStyle::styleAtSelectionStart):
            * editing/Editor.cpp:
            (WebCore::Editor::misspelledWordAtCaretOrRange const):
            * page/DOMSelection.cpp:
            (WebCore::DOMSelection::containsNode const):
            * page/DragController.cpp:
            (WebCore::DragController::concludeEditDrag):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223210. rdar://problem/34820936

    2017-10-11  Simon Fraser  <simon.fraser@apple.com>

            Avoid triggering layout from style change
            https://bugs.webkit.org/show_bug.cgi?id=178184
            rdar://problem/34699113

            Reviewed by Zalan Bujtas.

            It's bad for RenderBox::styleDidChange() to scroll RenderLayers, because that
            can trigger layout via FrameView::updateWidgetPositions() and ScrollingCoordinator::absoluteEventTrackingRegions().
            So postpone the scrolling until after layout.

            Test: fast/scrolling/adjust-scroll-offset-on-zoom.html

            * rendering/RenderBox.cpp:
            (WebCore::RenderBox::styleDidChange):
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::updateLayerPositions):
            (WebCore::RenderLayer::setPostLayoutScrollPosition):
            (WebCore::RenderLayer::applyPostLayoutScrollPositionIfNeeded):
            * rendering/RenderLayer.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222471. rdar://problem/35061708

    2017-09-25  Youenn Fablet  <youenn@apple.com>

            MediaStreamTrack.getSettings should compute its deviceId/groupId like enumerateDevices
            https://bugs.webkit.org/show_bug.cgi?id=177433

            Reviewed by Jer Noble.

            Covered by improved test.

            Hash the deviceId returned by getSettings as done by enumerateDevices/getUserMedia.
            Do the same thing for groupId.
            Make sure mock sources have their deviceId set consistently with mock devices.

            * Modules/mediastream/MediaStreamTrack.cpp:
            (WebCore::MediaStreamTrack::getSettings const):
            * Modules/mediastream/MediaStreamTrack.h:
            * Modules/mediastream/MediaStreamTrack.idl:
            * platform/mediastream/mac/MockRealtimeAudioSourceMac.h:
            * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
            (WebCore::MockRealtimeAudioSource::create):
            (WebCore::MockRealtimeAudioSourceMac::MockRealtimeAudioSourceMac):
            * platform/mediastream/mac/MockRealtimeVideoSourceMac.h:
            * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:
            (WebCore::MockRealtimeVideoSource::create):
            (WebCore::MockRealtimeVideoSourceMac::MockRealtimeVideoSourceMac):
            * platform/mock/MockRealtimeAudioSource.cpp:
            (WebCore::MockRealtimeAudioSource::create):
            (WebCore::MockRealtimeAudioSource::createMuted):
            (WebCore::MockRealtimeAudioSource::MockRealtimeAudioSource):
            * platform/mock/MockRealtimeAudioSource.h:
            * platform/mock/MockRealtimeVideoSource.cpp:
            (WebCore::MockRealtimeVideoSource::create):
            (WebCore::MockRealtimeVideoSource::createMuted):
            (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource):
            * platform/mock/MockRealtimeVideoSource.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221971. rdar://problem/34958928

    2017-09-13  Ms2ger  <Ms2ger@igalia.com>

            Make WebGLRenderingContextBase::TypedList::data() const-correct.
            https://bugs.webkit.org/show_bug.cgi?id=176833

            Reviewed by Sam Weinig.

            No change of behavior.

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::validateUniformMatrixParameters):
            * html/canvas/WebGLRenderingContextBase.h:
            (WebCore::WebGLRenderingContextBase::TypedList::data const):
            * platform/graphics/GraphicsContext3D.h:
            * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
            (WebCore::GraphicsContext3D::uniform1fv):
            (WebCore::GraphicsContext3D::uniform2fv):
            (WebCore::GraphicsContext3D::uniform3fv):
            (WebCore::GraphicsContext3D::uniform4fv):
            (WebCore::GraphicsContext3D::uniform1iv):
            (WebCore::GraphicsContext3D::uniform2iv):
            (WebCore::GraphicsContext3D::uniform3iv):
            (WebCore::GraphicsContext3D::uniform4iv):
            (WebCore::GraphicsContext3D::uniformMatrix2fv):
            (WebCore::GraphicsContext3D::uniformMatrix3fv):
            (WebCore::GraphicsContext3D::uniformMatrix4fv):
            (WebCore::GraphicsContext3D::vertexAttrib1fv):
            (WebCore::GraphicsContext3D::vertexAttrib2fv):
            (WebCore::GraphicsContext3D::vertexAttrib3fv):
            (WebCore::GraphicsContext3D::vertexAttrib4fv):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223315. rdar://problem/34985202

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Performance: Skip texture upload if source image and destination texture haven't changed
            https://bugs.webkit.org/show_bug.cgi?id=178254
            <rdar://problem/34968181>

            Reviewed by Dean Jackson.

            Update GraphicsContext3D to track which texture is bound to which texture unit, and also to
            track when those bound textures have their backing stores modified. This new "seed" value
            will be used to determine whether a given texture which has previously had image data
            uploaded to it needs to be re-updated.

            In VideoTextureCopierCV, track whether the texture's seed changed, whether the IOSurface is
            the same,  whether the IOSurface's seed has changed, and whether the "flipY" parameter
            changed since the last time the copier was asked to upload to the texture.

            * platform/graphics/GraphicsContext3D.h:
            (WebCore::GraphicsContext3D::textureSeed):
            (WebCore::GraphicsContext3D::GraphicsContext3DState::currentBoundTexture):
            (WebCore::GraphicsContext3D::GraphicsContext3DState::boundTexture):
            (WebCore::GraphicsContext3D::GraphicsContext3DState::setBoundTexture):
            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
            * platform/graphics/cv/VideoTextureCopierCV.h:
            (WebCore::VideoTextureCopierCV::lastTextureSeed):
            * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
            (WebCore::GraphicsContext3D::prepareTexture):
            (WebCore::GraphicsContext3D::bindTexture):
            (WebCore::GraphicsContext3D::texStorage2D):
            (WebCore::GraphicsContext3D::texStorage3D):
            (WebCore::GraphicsContext3D::framebufferTexture2D):
            (WebCore::GraphicsContext3D::texSubImage2D):
            (WebCore::GraphicsContext3D::compressedTexImage2D):
            (WebCore::GraphicsContext3D::compressedTexSubImage2D):
            (WebCore::GraphicsContext3D::createTexture):
            (WebCore::GraphicsContext3D::deleteTexture):
            (WebCore::GraphicsContext3D::texImage2DDirect):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223298. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix; wrap more functions in USE(IOSURFACE) so that
            they do not generate "unused function" errors.

            * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223297. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            One last unreviewed build fix; since the IOSurface APIs don't exist at
            all on the simulator, just wrap the entirety of the implementation of
            copyImageToPlatformTexture() in a #if USE(IOSURFACE) check.

            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223295. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix for the previous build fix; use the right PAL path for IOSurfaceSPI.h.

            * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223294. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix; add definitions for IOSurface methods missing on some platforms.

            * platform/graphics/cv/VideoTextureCopierCV.cpp:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223289. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix; forward declare the type of IOSurfaceRef.

            * platform/cocoa/CoreVideoSoftLink.cpp:
            * platform/cocoa/CoreVideoSoftLink.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223287. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix; add soft link macros for newly called CoreVideo methods.

            * platform/cocoa/CoreVideoSoftLink.cpp:
            * platform/cocoa/CoreVideoSoftLink.h:

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223285. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Unreviewed build fix; add UNUSED_PARAM macros.

            * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
            (WebCore::GraphicsContext3D::texImageIOSurface2D):

2017-10-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223280. rdar://problem/34958928

    2017-10-13  Jer Noble  <jer.noble@apple.com>

            Performance: do pixel conformance and texturing in a single step.
            https://bugs.webkit.org/show_bug.cgi?id=178219
            <rdar://problem/34937237>

            Reviewed by Dean Jackson.

            No new tests; performance improvements should have no behavior change.

            Rather than asking the VTDecompressionSession to conform the output CVPixelBuffer into a
            pixel format compatible with OpenGL (& ES), don't constrain the output at all, and only do a
            conformance step if the output is not already compatible with OpenGL. This eliminates one
            copy (in hardware) operation.

            Move the TextureCacheCV object into VideoTextureCopierCV; it will be conditionally used to
            create the texture if the pixel buffer is compatible.

            Refactor copyVideoTextureToPlatformTexture(CVOpenGLTextureRef) in VideoTextureCopierCV. The
            new entry point, copyImageToPlatformTexture(), will attempt to use the texture cache first,
            and call a new common copyVideoTextureToPlatformTexture(Platform3DObject) with the result.

            The new copyImageToPlatformTexture() will pull planar YUV frames into two textures, and combine
            the two with a color transfer function when drawing to the output texture.

            * platform/graphics/GraphicsContext3D.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::copyVideoTextureToPlatformTexture):
            * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
            (WebCore::GraphicsContext3D::texImageIOSurface2D):
            * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
            (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
            * platform/graphics/cv/TextureCacheCV.h:
            * platform/graphics/cv/TextureCacheCV.mm:
            (WebCore::TextureCacheCV::textureFromImage):
            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::pixelRangeFromPixelFormat):
            (WebCore::transferFunctionFromString):
            (WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):
            (WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
            (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
            (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
            (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
            * platform/graphics/cv/VideoTextureCopierCV.h:

2017-10-18  Dean Jackson  <dino@apple.com>

        Cherry-pick r223640. rdar://problem/35063901

    2017-10-18  Dean Jackson  <dino@apple.com>

            Some older hardware can't actually use renderbuffers at the size they advertise
            https://bugs.webkit.org/show_bug.cgi?id=178417
            <rdar://problem/35042291>

            Reviewed by Tim Horton.

            The change in r223567 caused some older hardware to fail, because even though
            they claimed to support a maximum renderbuffer and viewport of 16K, they were
            unable to actually handle one. Rather than trying to identify such hardware,
            clamp all buffers to a maximum of 8192. This is bigger than the previous value
            of 4096, and large enough to have a full-screen buffer on a Retina 5K iMac.

            * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
            (WebCore::GraphicsContext3D::getIntegerv):

2017-10-17  Dean Jackson  <dino@apple.com>

        Cherry-pick r223567. rdar://problem/35041476

    2017-10-16  Dean Jackson  <dino@apple.com>

            WebGL clamps drawingBufferWidth to 4096 pixels on a 5120 monitor/canvas
            https://bugs.webkit.org/show_bug.cgi?id=178223
            <rdar://problem/34597567>

            Reviewed by Antoine Quint.

            Remove the limit of 4k on the width/height of the renderbuffer.

            Test: fast/canvas/webgl/large-drawing-buffer-resize.html

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::reshape):

2017-10-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223313. rdar://problem/35042269

    2017-10-13  Brent Fulgham  <bfulgham@apple.com>

            Protect FrameView during style calculations
            https://bugs.webkit.org/show_bug.cgi?id=178300
            <rdar://problem/34869329>

            Reviewed by Ryosuke Niwa.

            Protect the FrameView during layout and style updates in case arbitrary script
            is run that might clear it.

            Test: fast/html/marquee-reparent-check.html

            * page/FrameView.cpp:
            (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):

2017-10-12  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/34891297

    Cherry-pick of r222803 <rdar://problem/34745579>
    
        2017-10-03  Jer Noble  <jer.noble@apple.com>
    
        Implement quality-of-service tiers in WebCoreDecompressionSession
        https://bugs.webkit.org/show_bug.cgi?id=177769
    
        Reviewed by Dean Jackson.
    
        VTDecompressionSession will suggest quality-of-service tiers to be used when decompression
        can't keep up with playback speed. Use a simple exponential-moving-average heuristic to
        determine when to move up and down the tiers.
    
        Drive-by fix: When frames are so late that they miss the display deadline, mark them as
        dropped rather than just delayed.
    
        * platform/graphics/cocoa/WebCoreDecompressionSession.h:
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
        (WebCore::WebCoreDecompressionSession::decodeSample):
        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
        (WebCore::WebCoreDecompressionSession::automaticDequeue):
        (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):
        (WebCore::WebCoreDecompressionSession::resetQosTier):
        (WebCore::WebCoreDecompressionSession::increaseQosTier):
        (WebCore::WebCoreDecompressionSession::decreaseQosTier):
        (WebCore::WebCoreDecompressionSession::updateQosWithDecodeTimeStatistics):
        * platform/cocoa/VideoToolboxSoftLink.cpp:
        * platform/cocoa/VideoToolboxSoftLink.h:

    2017-10-12  Jer Noble  <jer.noble@apple.com>

            Cherry-pick of r222803 <rdar://problem/34745579>

        2017-10-03  Jer Noble  <jer.noble@apple.com>

                Implement quality-of-service tiers in WebCoreDecompressionSession
                https://bugs.webkit.org/show_bug.cgi?id=177769

                Reviewed by Dean Jackson.

                VTDecompressionSession will suggest quality-of-service tiers to be used when decompression
                can't keep up with playback speed. Use a simple exponential-moving-average heuristic to
                determine when to move up and down the tiers.

                Drive-by fix: When frames are so late that they miss the display deadline, mark them as
                dropped rather than just delayed.

                * platform/graphics/cocoa/WebCoreDecompressionSession.h:
                * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
                (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
                (WebCore::WebCoreDecompressionSession::decodeSample):
                (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
                (WebCore::WebCoreDecompressionSession::automaticDequeue):
                (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):
                (WebCore::WebCoreDecompressionSession::resetQosTier):
                (WebCore::WebCoreDecompressionSession::increaseQosTier):
                (WebCore::WebCoreDecompressionSession::decreaseQosTier):
                (WebCore::WebCoreDecompressionSession::updateQosWithDecodeTimeStatistics):
                * platform/cocoa/VideoToolboxSoftLink.cpp:
                * platform/cocoa/VideoToolboxSoftLink.h:

2017-10-12  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/34891297

    Partial cherry-pick of r222225 <rdar://problem/34745579>, only the changes to WebCoreDecompressionSession.
    
        2017-09-19  Jer Noble  <jer.noble@apple.com>
    
        [Cocoa] Add an ImageDecoder subclass backed by AVFoundation
        https://bugs.webkit.org/show_bug.cgi?id=176825
    
        Reviewed by Eric Carlson.
    
        Modify WebCoreDecompressionSession so that it can emit frames which have been converted from
        YUV -> RGB as part of the decode operation. Also, add a synchronous decoding operation
        method, for use in ImageDecoderAVFObjC.
    
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureDecompressionSession):
        * platform/graphics/cocoa/WebCoreDecompressionSession.h:
        (WebCore::WebCoreDecompressionSession::createOpenGL):
        (WebCore::WebCoreDecompressionSession::createRGB):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::WebCoreDecompressionSession):
        (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
        (WebCore::WebCoreDecompressionSession::decodeSample):
        (WebCore::WebCoreDecompressionSession::decodeSampleSync):

    2017-10-12  Jer Noble  <jer.noble@apple.com>

            Partial cherry-pick of r222225 <rdar://problem/34745579>, only the changes to WebCoreDecompressionSession.

        2017-09-19  Jer Noble  <jer.noble@apple.com>

                [Cocoa] Add an ImageDecoder subclass backed by AVFoundation
                https://bugs.webkit.org/show_bug.cgi?id=176825

                Reviewed by Eric Carlson.

                Modify WebCoreDecompressionSession so that it can emit frames which have been converted from
                YUV -> RGB as part of the decode operation. Also, add a synchronous decoding operation
                method, for use in ImageDecoderAVFObjC.

                * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
                (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureDecompressionSession):
                * platform/graphics/cocoa/WebCoreDecompressionSession.h:
                (WebCore::WebCoreDecompressionSession::createOpenGL):
                (WebCore::WebCoreDecompressionSession::createRGB):
                * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
                (WebCore::WebCoreDecompressionSession::WebCoreDecompressionSession):
                (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
                (WebCore::WebCoreDecompressionSession::decodeSample):
                (WebCore::WebCoreDecompressionSession::decodeSampleSync):

2017-10-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r223144. rdar://problem/34958765

    2017-10-10  Matt Rajca  <mrajca@apple.com>

            Respect audio rate change restrictions in HTMLMediaElement::setVolume.
            https://bugs.webkit.org/show_bug.cgi?id=178140

            Reviewed by Eric Carlson.

            Tests: media/audio-playback-volume-changes-with-restrictions-and-user-gestures.html
                   media/audio-playback-volume-changes-with-restrictions.html

            It's currently possible for a website to start auto-playing media with a zero volume and then
            programmatically set the volume to a non-zero value without a user gesture. This code path didn't
            have to be considered previously because volume changes are not supported on iOS.

            We currently pause media when an audio track comes in after an element has already started playing silently
            in mediaPlayerDidAddAudioTrack. This patch does the same when a non-zero volume is set after a media
            element already began playing silently and there is an audio rate change restriction.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::setVolume):

2017-10-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222627. rdar://problem/34938437

    2017-09-28  Tim Horton  <timothy_horton@apple.com>

            Remove constant() in favor of env()
            https://bugs.webkit.org/show_bug.cgi?id=177581
            <rdar://problem/34701321>

            Reviewed by Dean Jackson.

            No new tests, removing a feature.

            * css/CSSValueKeywords.in:
            * css/CSSVariableData.cpp:
            (WebCore::CSSVariableData::checkVariablesForCyclesWithRange const):
            (WebCore::CSSVariableData::resolveTokenRange const):
            * css/parser/CSSVariableParser.cpp:
            (WebCore::classifyBlock):

2017-10-13  Dean Jackson  <dino@apple.com>

        Cherry-pick r223063. rdar://problem/34921832

    2017-10-09  Dean Jackson  <dino@apple.com>

            [WebGL] Third IOSurface buffer might be allocated with the wrong size
            https://bugs.webkit.org/show_bug.cgi?id=178092
            <rdar://problem/34893173>

            Reviewed by Jer Noble.

            If the WebGL canvas resizes after the third buffer was allocated, it
            was never getting told that its backing store should be thrown away.

            * platform/graphics/cocoa/WebGLLayer.mm: Allocate the third buffer at
            the same time as the first two.
            (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
            (-[WebGLLayer bindFramebufferToNextAvailableSurface]):

2017-10-13  Dean Jackson  <dino@apple.com>

        Cherry-pick r222961. rdar://problem/34891070

    2017-10-05  Dean Jackson  <dino@apple.com>

            Lots of missing frames in YouTube360 when fullscreen on MacBook
            https://bugs.webkit.org/show_bug.cgi?id=177903
            <rdar://problem/33273300>

            Reviewed by Sam Weinig.

            Our compositing path for WebGL on macOS was too slow, requiring a copy
            of the framebuffer into another GL context. Replace this by having
            WebGL render into a texture that is backed by an IOSurface, and then
            set the WebGLLayer to use the IOSurface as contents.

            Covered by the existing WebGL tests.

            * platform/graphics/GraphicsContext3D.h:
            (WebCore::GraphicsContext3D::platformTexture const): We no longer use the
            framebuffer object outside the class, so change this to return the GL texture
            that the framebuffer is rendering in to. It was kind-of strange that it was
            named this way originally.
            Also make endPaint available on macOS, and add the definitions for
            createIOSurfaceBackingStore and updateFramebufferTextureBackingStoreFromLayer.

            * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
            (WebCore::GraphicsContext3D::GraphicsContext3D): Now that we're using an IOSurface,
            we're binding to a new attachment point, GL_TEXTURE_RECTANGLE.
            (WebCore::GraphicsContext3D::endPaint): This is now being called on macOS and iOS,
            so add a comment that explains the extra work that iOS needs to do. At some future
            point it would be nice to make this slightly cleaner, so that iOS and macOS are
            more similar.
            (WebCore::GraphicsContext3D::allocateIOSurfaceBackingStore): New function that calls
            into the corresponding WebGLLayer function.
            (WebCore::GraphicsContext3D::updateFramebufferTextureBackingStoreFromLayer): Ditto.

            * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
            (WebCore::wipeAlphaChannelFromPixels): Both readPixels and drawing a WebGL context
            into another buffer need to fill out the alpha channel if this context was
            created without one, otherwise the IOSurface backing store will happily provide
            what might be non-zero values.
            (WebCore::GraphicsContext3D::readPixelsAndConvertToBGRAIfNecessary): Call the helper above.
            (WebCore::GraphicsContext3D::reshapeFBOs): Add more code to call into the macOS-specific
            function to use an IOSurface as the framebuffer texture.
            (WebCore::GraphicsContext3D::readPixels): Call the helper above.

            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayerCocoa::copyContentsFromLayer): Replace the use of the
            deprecated setContentsChanged with reloadValueForKeyPath.

            * platform/graphics/cocoa/WebGLLayer.h: The macOS implementation now
            inherits from CALayer directly rather than CAOpenGLLayer. It also adds
            a few member variables to handle the IOSurfaces used for triple buffering.

            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithGraphicsContext3D:]): If we were created without an
            alpha channel, tell CA that we're an opaque layer. Also set the layer's transform
            to identity, so that it calls into the code below to flip the contents.
            (-[WebGLLayer setTransform:]): Because an IOSurface is used for the layer contents,
            we don't get a chance to flip the drawing the way we do via the drawInContext delegate.
            Instead we have to apply a scale(1, -1) transform on top of the layer transform to
            make sure the layer is rendered right-way up.
            (-[WebGLLayer setAnchorPoint:]): Ditto, except we have to assume the anchor point is
            at the bottom of the layer, so flip the Y value.
            (-[WebGLLayer display]): Swap between the drawing buffer and the contents buffer, and
            then get a new buffer ready for display.
            (createAppropriateIOSurface): Helper.
            (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]): Initializes the
            IOSurfaces used for drawing buffers.
            (-[WebGLLayer bindFramebufferToNextAvailableSurface]): Take the next available IOSurface and
            make it the drawing buffer (binding in to WebGL at the same time).
            (-[WebGLLayer copyCGLPixelFormatForDisplayMask:]): Deleted.
            (-[WebGLLayer copyCGLContextForPixelFormat:]): Deleted.
            (-[WebGLLayer drawInCGLContext:pixelFormat:forLayerTime:displayTime:]): Deleted.

            * platform/graphics/mac/WebLayer.mm: Remove the definition of reloadValueForKeyPath.

2017-10-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222963. rdar://problem/34891307

    2017-10-05  Dean Jackson  <dino@apple.com>

            [WebGL] Safari performance is slow due to high MSAA usage
            https://bugs.webkit.org/show_bug.cgi?id=177949
            <rdar://problem/34835619>

            Reviewed by Sam Weinig.

            On some hardware, typically integrated GPUs, using MSAA with a sample
            count above 4 produces bad performance. Limit the number of samples to
            4 universally.

            * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
            (WebCore::GraphicsContext3D::reshapeFBOs):

2017-10-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222788. rdar://problem/34771440

    2017-10-03  Daniel Bates  <dabates@apple.com>

            [CSP] Check policy before opening a new window to a JavaScript URL
            https://bugs.webkit.org/show_bug.cgi?id=176815
            <rdar://problem/34400057>

            Reviewed by Brent Fulgham.

            Ensure that the Content Security Policy of the page allows navigation to a JavaScript URL
            before opening a new window to it.

            Test: http/tests/security/contentSecurityPolicy/window-open-javascript-url-blocked.html

            * loader/FrameLoader.cpp:
            (WebCore::createWindow):

2017-10-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221937. rdar://problem/34893195

    2017-09-12  Jer Noble  <jer.noble@apple.com>

            [MSE] Don't increase the reported totalFrameDelay for non-displayed frames (or frames coming in while paused).
            https://bugs.webkit.org/show_bug.cgi?id=175900

            Reviewed by Eric Carlson.

            When seeking to a specific time, the decompression session necessarily needs to be fed samples from before that
            time (i.e., all samples from the previous I-frame forward). These shouldn't contribute to the "total frame
            delay" metric. Neither should samples delivered when the video is paused (like, during seeking), as a frame can't
            be "late" if time is not moving forward.

            * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
            (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
            * platform/cf/CoreMediaSoftLink.cpp:
            * platform/cf/CoreMediaSoftLink.h:

2017-10-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221872. rdar://problem/34891288

    2017-09-11  Dean Jackson  <dino@apple.com>

            [WebGL macOS] No need to multisample when blitting into WebGLLayer
            https://bugs.webkit.org/show_bug.cgi?id=176666
            <rdar://problem/27774626>

            Reviewed by Sam Weinig.

            We were seeing performance profiles suggesting WebGL was
            doing 8x MSAA, even though we explicitly set it to only
            use 4 samples in the GLPixelFormatObj used to create
            the WebGL CGLContextObj. However, that same CGLPixelFormatObj
            was also used for the WebGLLayer's CGLContextObj, meaning the
            blit of the WebGL FBO into the WebGLLayer's backing store was
            multisampling as well -- so an extra 4 samples on top of the
            original 4, making it look like we were doing 8x.

            This was obviously unnecessary, since we already have the
            multisampled FBO and just want to copy it, as is, into the layer.

            Now, instead of copying the CGLPixelFormatObj, we create
            a new one and copy most of the attributes, leaving out
            the multisample flags (and the depth buffer, since we're
            only doing 2d blits).

            Covered by existing WebGL tests, since there should be no
            visible change.

            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer copyCGLPixelFormatForDisplayMask:]): Create a new
            CGLPixelFormatObj that copies most of the values from
            the corresponding object on the WebGL's backing CGLContextObj.

2017-10-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221831. rdar://problem/34891283

    2017-09-08  Dean Jackson  <dino@apple.com>

            gl.detachShader breaks shader program
            https://bugs.webkit.org/show_bug.cgi?id=137689
            <rdar://problem/34025056>

            Reviewed by Sam Weinig.

            It should be possible to compile shaders, attach them to a program,
            link the program, detach the shaders, delete the shaders, and then
            ask for the uniform and attribute locations. That is, once you've
            linked, the shaders can be thrown away.

            We were using the attached shaders to look up uniform locations, so
            we now keep around a separate map that remembers what shaders were
            attached when the program links.

            This fixes the bug, but the whole area is still a bit messy. For one,
            we're keeping around all the shader information even after it is
            no longer used.
            See https://bugs.webkit.org/show_bug.cgi?id=98204

            Test: fast/canvas/webgl/detachShader-before-accessing-uniform.html

            * platform/graphics/GraphicsContext3D.h: Add another map to remember
            what shaders were used when a program was linked.
            * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
            (WebCore::GraphicsContext3D::mappedSymbolInShaderSourceMap): New helper
            to look up a name in our source maps.
            (WebCore::GraphicsContext3D::mappedSymbolName): Use the helper, and look
            at linked shaders if there are no attached shaders.
            (WebCore::GraphicsContext3D::originalSymbolInShaderSourceMap): Does the
            reverse of the above.
            (WebCore::GraphicsContext3D::originalSymbolName):
            (WebCore::GraphicsContext3D::linkProgram): Add to the new map.
            (WebCore::GraphicsContext3D::deleteProgram): Delete the program from
            our shader entries.

2017-10-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222478. rdar://problem/34771020

    2017-09-25  Youenn Fablet  <youenn@apple.com>

            WebRTC video does not resume receiving when switching back to Safari 11 on iOS
            https://bugs.webkit.org/show_bug.cgi?id=175472
            <rdar://problem/33860863>

            Reviewed by Darin Adler.

            Test: webrtc/video-interruption.html and manual testing.

            Using new SetActive method from libwebrtc encoder/decoder to enable/disable them based on interuptions.
            For that purpose, LibWebRTCProvider is now storing the peer connection factory and keeping track of the encoder/decoder factories.
            LibWebRTCProvider is then notified by WebPage when backgrounded/foregrounded.

            * WebCore.xcodeproj/project.pbxproj:
            * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
            (WebCore::staticFactoryAndThreads):
            (WebCore::initializePeerConnectionFactoryAndThreads):
            (WebCore::LibWebRTCProvider::factory):
            (WebCore::LibWebRTCProvider::setPeerConnectionFactory):
            (WebCore::LibWebRTCProvider::createPeerConnection):
            (WebCore::LibWebRTCProvider::setActive):
            (WebCore::LibWebRTCProvider::webRTCAvailable):
            (WebCore::LibWebRTCProvider::mayResumePlayback): Deleted.
            (WebCore::LibWebRTCProvider::suspendPlayback): Deleted.
            * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
            * platform/mediastream/libwebrtc/VideoToolBoxDecoderFactory.cpp: Copied from Source/WebCore/platform/mediastream/libwebrtc/VideoToolBoxEncoderFactory.cpp.
            (WebCore::VideoToolboxVideoDecoderFactory::setActive):
            (WebCore::VideoToolboxVideoDecoderFactory::CreateVideoDecoder):
            (WebCore::VideoToolboxVideoDecoderFactory::DestroyVideoDecoder):
            * platform/mediastream/libwebrtc/VideoToolBoxDecoderFactory.h: Copied from Source/WebCore/platform/mediastream/libwebrtc/VideoToolBoxEncoderFactory.h.
            * platform/mediastream/libwebrtc/VideoToolBoxEncoderFactory.cpp:
            (WebCore::VideoToolboxVideoEncoderFactory::setActive):
            (WebCore::VideoToolboxVideoEncoderFactory::CreateSupportedVideoEncoder):
            (WebCore::VideoToolboxVideoEncoderFactory::DestroyVideoEncoder):
            * platform/mediastream/libwebrtc/VideoToolBoxEncoderFactory.h:
            * testing/Internals.cpp:
            (WebCore::Internals::resetToConsistentState):
            * testing/MockLibWebRTCPeerConnection.cpp:
            (WebCore::useRealRTCPeerConnectionFactory):
            (WebCore::useMockRTCPeerConnectionFactory):
            * testing/MockLibWebRTCPeerConnection.h:

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221430. rdar://problem/34770998

    2017-08-31  Jer Noble  <jer.noble@apple.com>

            MSE-to-Canvas painting can become "stuck" during heavy workloads
            https://bugs.webkit.org/show_bug.cgi?id=176170

            Reviewed by Eric Carlson.

            During heavy workloads, the trigger from CMBufferQueue notifying us that we have dipped below
            the "low-water mark" of decoded (and decoding) frames will not fire. Instead of using a trigger
            (since it will not fire when the number of "frames being decoded" changes, just the number of
            decoded frames), just call maybeBecomeReadyForMoreMediaData() whenever the number of frames in
            the decoded queue decreases, or when the number of frames being decoded decreases.

            * platform/graphics/cocoa/WebCoreDecompressionSession.h:
            * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
            (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData):
            (WebCore::WebCoreDecompressionSession::enqueueSample):
            (WebCore::WebCoreDecompressionSession::decodeSample):
            (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
            (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
            (WebCore::WebCoreDecompressionSession::automaticDequeue):
            (WebCore::WebCoreDecompressionSession::imageForTime):
            (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaDataCallback): Deleted.

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222995. rdar://problem/34891302

    2017-10-06  Jer Noble  <jer.noble@apple.com>

            Netflix playback fails with S7353 error
            https://bugs.webkit.org/show_bug.cgi?id=178023

            Reviewed by Dean Jackson.

            On certain platforms, WebCoreDecompressionSession will fail to produce CVImageBuffers when presented with
            encrypted content. On those platforms, the seek() command will fail, because frames at the destination time
            cannot be decoded. This occurs for Netflix because the <video> element is not in the DOM at decode time.

            Only create a WebCoreDecompressionSession in MediaPlayerPrivateMediaSourceAVFObjC when we have explicitly
            been asked to paint into a WebGL canvas.

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged):

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222786. rdar://problem/34820881

    2017-10-03  Brent Fulgham  <bfulgham@apple.com>

            Unreviewed test fix after r222779.

            * testing/cocoa/WebArchiveDumpSupport.mm:
            (WebCoreTestSupport::createCFURLResponseFromResponseData): Setting NSSecureCoding in this test code should be
            done based on build system, just like it is in the actual WebArchive handling code.

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222779. rdar://problem/34820881

    2017-10-03  Brent Fulgham  <bfulgham@apple.com>

            [Mac] Use safer decoding practices for NSKeyedUnarchiver
            https://bugs.webkit.org/show_bug.cgi?id=175887
            <rdar://problem/33435281>

            Reviewed by Daniel Bates.

            * loader/archive/cf/LegacyWebArchiveMac.mm:
            (WebCore::LegacyWebArchive::createResourceResponseFromMacArchivedData): Use NSSecureCoding to unarchive.
            (WebCore::LegacyWebArchive::createPropertyListRepresentation): Ditto for archiving.
            * testing/cocoa/WebArchiveDumpSupport.mm:
            (WebCoreTestSupport::createCFURLResponseFromResponseData): Update to use NSSecureCoding if possible.

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221098. rdar://problem/34771028

    2017-08-23  Jer Noble  <jer.noble@apple.com>

            Track VideoPlaybackQuality metrics when using WebCoreDecompressionSession.
            https://bugs.webkit.org/show_bug.cgi?id=175835
            <rdar://problem/34022234>

            Reviewed by Eric Carlson.

            Test: platform/mac/media/media-source/videoplaybackquality-decompressionsession.html

            Track the total number of frames decoded, dropped, & corrupted, as well as the total
            delay imposed by decoding in the WebCoreDecompressionSession.

            Drive-by fix: implement frame dropping by skipping frames whose presentation times are
            before the video's current time and which aren't depended upon by other frames.

            * platform/cf/CoreMediaSoftLink.cpp:
            * platform/cf/CoreMediaSoftLink.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::videoPlaybackQualityMetrics):
            * platform/graphics/cocoa/WebCoreDecompressionSession.h:
            (WebCore::WebCoreDecompressionSession::totalVideoFrames):
            (WebCore::WebCoreDecompressionSession::droppedVideoFrames):
            (WebCore::WebCoreDecompressionSession::corruptedVideoFrames):
            (WebCore::WebCoreDecompressionSession::totalFrameDelay):
            * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
            (WebCore::WebCoreDecompressionSession::shouldDecodeSample):
            (WebCore::WebCoreDecompressionSession::decodeSample):
            (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221046. rdar://problem/34891067

    2017-08-22  Jer Noble  <jer.noble@apple.com>

            Refactor videoPerformanceQuality() MediaPlayer methods into single call.
            https://bugs.webkit.org/show_bug.cgi?id=175830

            Reviewed by Eric Carlson.

            Allow MediaPlayerPrivate subclasses to return all the metrics required for VideoPerformanceQuality in
            a single call. For clients which incur significant overhead to request this data, this reduces the cost
            of requesting data by the number of calls removed.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::videoPlaybackQualityMetrics):
            (WebCore::MediaPlayer::totalVideoFrames): Deleted.
            (WebCore::MediaPlayer::droppedVideoFrames): Deleted.
            (WebCore::MediaPlayer::corruptedVideoFrames): Deleted.
            (WebCore::MediaPlayer::totalFrameDelay): Deleted.
            * platform/graphics/MediaPlayer.h:
            (WebCore::PlatformVideoPlaybackQualityMetrics::PlatformVideoPlaybackQualityMetrics):
            * platform/graphics/MediaPlayerPrivate.h:
            (WebCore::MediaPlayerPrivateInterface::videoPlaybackQualityMetrics):
            (WebCore::MediaPlayerPrivateInterface::totalVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateInterface::droppedVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateInterface::corruptedVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateInterface::totalFrameDelay): Deleted.
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::videoPlaybackQualityMetrics):
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::totalVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::droppedVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::corruptedVideoFrames): Deleted.
            (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::totalFrameDelay): Deleted.
            * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:
            * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
            (WebCore::MockMediaPlayerMediaSource::videoPlaybackQualityMetrics):
            (WebCore::MockMediaPlayerMediaSource::totalVideoFrames): Deleted.
            (WebCore::MockMediaPlayerMediaSource::droppedVideoFrames): Deleted.
            (WebCore::MockMediaPlayerMediaSource::corruptedVideoFrames): Deleted.
            (WebCore::MockMediaPlayerMediaSource::totalFrameDelay): Deleted.
            * platform/mock/mediasource/MockMediaPlayerMediaSource.h:
            * platform/mock/mediasource/MockMediaSourcePrivate.cpp:
            (WebCore::MockMediaSourcePrivate::videoPlaybackQualityMetrics):
            * platform/mock/mediasource/MockMediaSourcePrivate.h:

2017-10-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222402. rdar://problem/34770839

    2017-09-22  Tim Horton  <timothy_horton@apple.com>

            Add env() as an alias of constant()
            https://bugs.webkit.org/show_bug.cgi?id=177371

            Reviewed by Simon Fraser.

            * css/CSSValueKeywords.in:
            * css/CSSVariableData.cpp:
            (WebCore::CSSVariableData::checkVariablesForCyclesWithRange const):
            (WebCore::CSSVariableData::resolveTokenRange const):
            * css/parser/CSSVariableParser.cpp:
            (WebCore::classifyBlock):
            Add env() as an alias of constant() everywhere it is mentioned.

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/34770842

    Cherry-pick r221083. rdar://problem/34770842, rdar://problem/34770849

    2017-10-02  Mark Lam  <mark.lam@apple.com>

            Cherry-pick r221083. rdar://problem/34770842, rdar://problem/34770849

        2017-08-23  Yusuke Suzuki  <utatane.tea@gmail.com>

                Race condition in StartWebThread causing crash
                https://bugs.webkit.org/show_bug.cgi?id=175852

                Reviewed by Mark Lam.

                When starting web thread, the main thread waits for completion of web thread initialization
                by using pthread_cond_t. However, the main thread may be woken up due to the existence of
                the spurious wake up of pthread_cond_t.

                Instead, we should use WTF::Lock and WTF::Condition. Since our StartWebThread already calls
                WTF::initializeThreading, it is safe to use WTF::Lock and WTF::Condition. And our WTF::Condition
                does not have the spurious wake up problem as described in Condition.h.

                * platform/ios/wak/WebCoreThread.mm:
                (RunWebThread):
                (StartWebThread):

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222190. rdar://problem/34771470

    2017-09-18  Tim Horton  <timothy_horton@apple.com>

            Support min() and max() in calc()
            https://bugs.webkit.org/show_bug.cgi?id=167000
            <rdar://problem/30153481>

            Reviewed by David Hyatt.
            Patch originally by Myles Maxfield.

            Add two new toplevel functions to CSS, min() and max(), which take an
            arbirary number of arguments and resolve to the minimum and maximum of
            the resolved value of the arguments, respectively. It is also possible
            to use min() and max() inside calc(), and to use calc()-like math
            inside min() and max().

            * css/CSSCalculationValue.cpp:
            (WebCore::determineCategory):
            min and max operators don't use determineCategory; we have a specific
            implementation for them in createMinOrMax.

            (WebCore::resolvedTypeForMinOrMax):
            The spec says that min() and max() should be marked as invalid if they
            have values of more than one type, but that percentages should resolve
            against the destination type before making this determination. So,
            if the destination type is length, percent turns into percent-length,
            and similarly for number.

            (WebCore::isIntegerResult):
            Add an n-way implementation of isIntegerResult.

            (WebCore::isSamePair):
            (WebCore::CSSCalcOperation::createMinOrMax): Create a min() or max()
            operation, as long as the types of arguments are all the same. Allow
            lengths to upgrade the whole operation to percent-length, and numbers
            to percent-number, which will cause us to use CalculationValue and friends
            in order to do proper resolution of all of the parameters instead of
            just comparing their numeric values.

            (WebCore::CSSCalcOperation::createCalcExpression):
            (WebCore::CSSCalcOperation::doubleValue):
            (WebCore::CSSCalcOperation::computeLengthPx):
            (WebCore::CSSCalcOperation::customCSSText):
            (WebCore::CSSCalcOperation::primitiveType):
            (WebCore::CSSCalcOperation::CSSCalcOperation):
            (WebCore::CSSCalcOperation::evaluate):
            (WebCore::CSSCalcOperation::evaluateOperator):
            Adapt to child counts greater than two.

            (WebCore::CSSCalcOperation::buildCssText):
            Add support for min() and max().

            (WebCore::CSSCalcExpressionNodeParser::parseCalc):
            parseCalc now accepts a CSSValueID parameter indicating which calc function
            it should parse (calc, webkit-calc, min, or max), and delegates to either
            parseValueExpression or parseMinMaxExpression.

            (WebCore::CSSCalcExpressionNodeParser::operatorValue):
            (WebCore::CSSCalcExpressionNodeParser::parseValue):
            If min() or max() are found while parsing a value (i.e. nested inside
            either calc or themselves), use parseMinMaxExpression on that subtree.

            (WebCore::CSSCalcExpressionNodeParser::parseValueTerm):
            (WebCore::CSSCalcExpressionNodeParser::parseValueMultiplicativeExpression):
            (WebCore::CSSCalcExpressionNodeParser::parseAdditiveValueExpression):
            Adjust to the CSSCalcBinaryOperation->CSSCalcOperation rename.

            (WebCore::CSSCalcExpressionNodeParser::parseMinMaxExpression):
            Added. Parse an arbitrary number of comma-and-whitespace-separated children.

            (WebCore::createBlendHalf):
            Adjust to the CSSCalcBinaryOperation->CSSCalcOperation rename.

            (WebCore::createCSS):
            Build the CSSCalcOperation for the platform-independent min and max operations.

            (WebCore::CSSCalcValue::create):
            Pass the function being parsed and the destination calc category for the
            property being parsed for into create, and then into the parser so that
            it can know which function it is parsing for, and what kind of result it
            needs (as previously mentioned above in resolvedTypeForMinOrMax).

            * css/CSSCalculationValue.h:
            * css/CSSValueKeywords.in:
            Add min and max functions as CSS keywords.

            * css/StyleBuilderConverter.h:
            (WebCore::StyleBuilderConverter::convertLength):
            (WebCore::StyleBuilderConverter::convertTo100PercentMinusLength):
            * platform/Length.cpp:
            (WebCore::convertTo100PercentMinusLength):
            Adapt to the CalcExpressionOperation constructor taking a vector of
            arguments instead of two.

            * css/parser/CSSPropertyParserHelpers.cpp:
            (WebCore::CSSPropertyParserHelpers::CalcParser::CalcParser):
            Store and pass the specific function being parsed down into CSSCalcValue.

            (WebCore::CSSPropertyParserHelpers::consumeInteger):
            (WebCore::CSSPropertyParserHelpers::consumePositiveIntegerRaw):
            (WebCore::CSSPropertyParserHelpers::consumeNumberRaw):
            (WebCore::CSSPropertyParserHelpers::consumeNumber):
            (WebCore::CSSPropertyParserHelpers::consumeFontWeightNumber):
            (WebCore::CSSPropertyParserHelpers::consumeLength):
            (WebCore::CSSPropertyParserHelpers::consumePercent):
            (WebCore::CSSPropertyParserHelpers::consumeLengthOrPercent):
            (WebCore::CSSPropertyParserHelpers::consumeAngle):
            (WebCore::CSSPropertyParserHelpers::consumeTime):
            Pass the destination type into each calc parser.

            * platform/CalculationValue.cpp:
            (WebCore::CalcExpressionOperation::evaluate const):
            (WebCore::CalcExpressionOperation::operator== const):
            (WebCore::CalcExpressionOperation::dump const):
            (WebCore::operator<<):
            (WebCore::CalcExpressionBinaryOperation::evaluate const): Deleted.
            (WebCore::CalcExpressionBinaryOperation::operator== const): Deleted.
            (WebCore::CalcExpressionBinaryOperation::dump const): Deleted.
            * platform/CalculationValue.h:
            (WebCore::CalcExpressionOperation::CalcExpressionOperation):
            (WebCore::operator==):
            (WebCore::toCalcExpressionOperation):
            (WebCore::CalcExpressionBinaryOperation::CalcExpressionBinaryOperation): Deleted.
            (WebCore::toCalcExpressionBinaryOperation): Deleted.
            Adjust to the CSSCalcBinaryOperation->CSSCalcOperation rename.
            Adjust to having n>2 children.
            Support min() and max() operators in various places.


2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221100. rdar://problem/34771028

    2017-08-23  Jer Noble  <jer.noble@apple.com>

            Build fix for 32-bit Mac after r221098. Make sure constant used in WebCoreDecompressionSession is SoftLinked.

            * platform/cf/CoreMediaSoftLink.cpp:
            * platform/cf/CoreMediaSoftLink.h:

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221016. rdar://problem/34770830

    2017-08-22  Jer Noble  <jer.noble@apple.com>

            Autoplay Muted Videos Don't Play When Outside Viewport
            https://bugs.webkit.org/show_bug.cgi?id=175748
            <rdar://problem/33974383>

            Reviewed by Eric Carlson.

            Test: media/video-restricted-invisible-autoplay-not-allowed-source.html

            The media session is notified that its client (the media element) will begin autoplaying inside
            prepareForLoad(), where the m_autoplaying flag is also set. But loading via <source> elements does not go
            through prepareForLoad(); the HTML standard states that the <source> element loading path does not trigger the
            "media element load algorithm" which is implemented in prepareForLoad(). Since the m_autoplaying flag is
            initially set to true, notify the media session that the element will begin autoplaying inside the element's
            constructor.

            Drive-by fix: Doing the above causes other tests to crash, as purturbing play state during style change can cause
            re-entrancy in the native controls code, or fail, since we will transition from autoplay -> play even if there's
            not yet a src or source to the media element. Add a task queue for updating the autoplay state and check the ready
            state before allowing autoplay to transition to play.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):
            (WebCore::HTMLMediaElement::~HTMLMediaElement):
            (WebCore::HTMLMediaElement::canTransitionFromAutoplayToPlay const):
            (WebCore::HTMLMediaElement::isVisibleInViewportChanged):

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220484. rdar://problem/34770810

    2017-08-09  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r219334.
            https://bugs.webkit.org/show_bug.cgi?id=175398

            Caused bug 175023 (Requested by ap on #webkit).

            Reverted changeset:

            "[SVG] Leak in SVGAnimatedListPropertyTearOff"
            https://bugs.webkit.org/show_bug.cgi?id=172545
            http://trac.webkit.org/changeset/219334

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220302. rdar://problem/34770803

    2017-08-04  John Wilander  <wilander@apple.com>

            Resource Load Statistics: Report user interaction immediately, but only when needed
            https://bugs.webkit.org/show_bug.cgi?id=175090
            <rdar://problem/33685546>

            Reviewed by Chris Dumez.

            Test: http/tests/loading/resourceLoadStatistics/user-interaction-only-reported-once-within-short-period-of-time.html

            * loader/ResourceLoadObserver.cpp:
            (WebCore::ResourceLoadObserver::ResourceLoadObserver):
            (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
                Now tells the UI process immediately but also records that it has
                done so to avoid doing it when not needed.
            (WebCore::ResourceLoadObserver::scheduleNotificationIfNeeded):
                Conditional throttling gone, now always throttles.
            (WebCore::ResourceLoadObserver::notifyObserver):
                Renamed from ResourceLoadObserver::notificationTimerFired().
            (WebCore::ResourceLoadObserver::clearState):
                New function to allow the test runner to reset the web process'
                statistics state now that we keep track of whether or not we've
                reported user interaction to the UI process.
            (WebCore::ResourceLoadObserver::setShouldThrottleObserverNotifications): Deleted.
            (WebCore::ResourceLoadObserver::notificationTimerFired): Deleted.
            * loader/ResourceLoadObserver.h:
            (): Deleted.
            * testing/Internals.cpp:
            (WebCore::Internals::resetToConsistentState):
            (WebCore::Internals::setResourceLoadStatisticsShouldThrottleObserverNotifications): Deleted.
                No longer needed since user interaction is always communicated
                immediately.
            * testing/Internals.h:
            * testing/Internals.idl:

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221128. rdar://problem/34771005

    2017-08-23  Wenson Hsieh  <wenson_hsieh@apple.com>

            DeleteSelectionCommand should be robust when starting and ending editable positions cannot be found
            https://bugs.webkit.org/show_bug.cgi?id=175914
            <rdar://problem/29792688>

            Reviewed by Ryosuke Niwa.

            DeleteSelectionCommand can cause a null dereference if editable start and end positions are not found. This can
            happen when attempting to delete after selecting the contents within a canvas or output element with `read-write`
            `-webkit-user-modify` style. To fix this, we make the initialization step of the DeleteSelectionCommand robust
            when editable start and end positions are missing.

            Test: editing/execCommand/forward-delete-read-write-canvas.html

            * editing/DeleteSelectionCommand.cpp:
            (WebCore::DeleteSelectionCommand::initializePositionData):

            Make this initialization helper indicate failure via a bool return value. DeleteSelectionCommand::doApply bails
            early if initializePositionData returned false.

            (WebCore::DeleteSelectionCommand::doApply):
            * editing/DeleteSelectionCommand.h:

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221116. rdar://problem/34771068

    2017-08-23  Jer Noble  <jer.noble@apple.com>

            [EME] WebCoreDecompressionSession should only report having an available frame if it has one for the current time.
            https://bugs.webkit.org/show_bug.cgi?id=175901

            Reviewed by Eric Carlson.

            The WebCoreDecompressionSession will trigger the hasAvailableFrame callback whenever a frame is decoded,
            regardless of its presentation time. For formats which have out-of-order decoding, the newly decoded frame could
            have a presentation time far in the future. Instead, only fire the callback if the decoded frame's presentation
            times contains the timebase's current time.

            * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
            (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220718. rdar://problem/34771041

    2017-08-14  Andy Estes  <aestes@apple.com>

            [Apple Pay] Add support for phonetic contact names
            https://bugs.webkit.org/show_bug.cgi?id=175537
            <rdar://problem/32002644>

            Reviewed by Tim Horton.

            * Modules/applepay/ApplePayError.idl: Defined "phoneticName" in ApplePayErrorContactField.
            * Modules/applepay/ApplePayPaymentContact.h: Defined phoneticGivenName and phoneticFamilyName
            in ApplePayPaymentContact.
            * Modules/applepay/ApplePayPaymentContact.idl: Ditto.
            * Modules/applepay/ApplePayPaymentRequest.h: Defined PhoneticName in
            ApplePayPaymentRequest::ContactField.
            * Modules/applepay/ApplePayPaymentRequest.idl: Defined "phoneticName" in ApplePayContactField.
            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::convertAndValidate): Added a version parameter. Added code to convert
            ContactField::PhoneticName, throwing an exception if version is less than 3.
            * Modules/applepay/PaymentContact.h: Added a version parameter to fromApplePayPaymentContact().
            * Modules/applepay/PaymentRequest.h: Defined phoneticName in PaymentRequest::ContactFields
            and defined PhoneticName in PaymentError::ContactField.
            * Modules/applepay/cocoa/PaymentContactCocoa.mm:
            (WebCore::convert): Added a version parameter. Set a phoneticRepresentation on the
            PKContact's name if there are non-empty phonetic names and version is 3 or greater.
            (WebCore::PaymentContact::fromApplePayPaymentContact): Passed version to convert().

2017-10-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220496. rdar://problem/34770816

    2017-08-09  Jeremy Jones  <jeremyj@apple.com>

            Use MPAVRoutingController instead of deprecated versions.
            https://bugs.webkit.org/show_bug.cgi?id=175063

            Reviewed by Tim Horton.

            No new tests because no behavior change. This uses a different platform class to present
            an interface.

            Remove deprecated MPAudioVideoRoutingPopoverController and MPAVRoutingSheet
            Add MPMediaControlsViewController.

            * platform/spi/ios/MediaPlayerSPI.h:

2017-10-04  Kocsen Chung  <kocsen_chung@apple.com>

        Revert r222779. rdar://problem/34706688

2017-10-04  Kocsen Chung  <kocsen_chung@apple.com>

        Revert r222786. rdar://problem/34706688

2017-10-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222786. rdar://problem/34706688

    2017-10-03  Brent Fulgham  <bfulgham@apple.com>

            Unreviewed test fix after r222779.

            * testing/cocoa/WebArchiveDumpSupport.mm:
            (WebCoreTestSupport::createCFURLResponseFromResponseData): Setting NSSecureCoding in this test code should be
            done based on build system, just like it is in the actual WebArchive handling code.

2017-10-03  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222779. rdar://problem/34706688

    2017-10-03  Brent Fulgham  <bfulgham@apple.com>

            [Mac] Use safer decoding practices for NSKeyedUnarchiver
            https://bugs.webkit.org/show_bug.cgi?id=175887
            <rdar://problem/33435281>

            Reviewed by Daniel Bates.

            * loader/archive/cf/LegacyWebArchiveMac.mm:
            (WebCore::LegacyWebArchive::createResourceResponseFromMacArchivedData): Use NSSecureCoding to unarchive.
            (WebCore::LegacyWebArchive::createPropertyListRepresentation): Ditto for archiving.
            * testing/cocoa/WebArchiveDumpSupport.mm:
            (WebCoreTestSupport::createCFURLResponseFromResponseData): Update to use NSSecureCoding if possible.

2017-10-01  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222588. rdar://problem/34717517

    2017-09-27  Myles C. Maxfield  <mmaxfield@apple.com>

            Minimum font size may cause elements to have an infinite line-height
            https://bugs.webkit.org/show_bug.cgi?id=177573
            <rdar://problem/34573792>

            Reviewed by Dan Bernstein.

            When minimum font size is specified, we were trying to preserve the ratio of specified font-size
            and specified line-height in order to boost the computed font size proportionately to the font-size
            boost. However, this doesn't work when the specified font-size is 0, because the ratio between
            line-height and font-size is infinite.

            The most straightforward solution is just to make small font-sizes opt out of the line-height
            adjustment because the result would be too big.

            Test: fast/text/line-height-minimumFontSize-text-small-font-size.html

            * css/StyleBuilderCustom.h:
            (WebCore::computeLineHeightMultiplierDueToFontSize):
            (WebCore::StyleBuilderCustom::applyValueLineHeight):

2017-09-27  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222576. rdar://problem/34553953

    2017-09-27  Myles C. Maxfield  <mmaxfield@apple.com>

            "Tag" codepoints require the complex text codepath
            https://bugs.webkit.org/show_bug.cgi?id=177251
            <rdar://problem/34384001>

            Reviewed by David Hyatt.

            Previously, Tag codepoints (U+E0000 - U+E007F) weren't triggering the
            complex text codepath.

            Eventually, we should migrate the default from simple to complex. I'll do
            that in a separate patch.

            Test: fast/text/flag-codepoint.html

            * platform/graphics/FontCascade.cpp:
            (WebCore::FontCascade::characterRangeCodePath):

2017-09-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222539. rdar://problem/34205774

    2017-09-26  Zalan Bujtas  <zalan@apple.com>

            Fall back to normal line layout position, when simple line layout fails to find one.
            https://bugs.webkit.org/show_bug.cgi?id=176220
            <rdar://problem/34205774>

            Reviewed by Brent Fulgham.

            In case of empty content, let's just fall back to normal line layout and try to
            find the visually correct one.

            Test: fast/text/invalid-positionForPoint-offset.html

            * rendering/RenderText.cpp:
            (WebCore::RenderText::positionForPoint):
            * rendering/SimpleLineLayoutResolver.cpp:
            (WebCore::SimpleLineLayout::RunResolver::runForPoint const):

2017-09-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222474. rdar://problem/34646376

    2017-09-25  Per Arne Vollan  <pvollan@apple.com>

            Crash in WebCore::TreeScope::documentScope
            https://bugs.webkit.org/show_bug.cgi?id=176159

            Reviewed by Ryosuke Niwa.

            When all children are replaced with a new node in ContainerNode::replaceAllChildren,
            the treescope of the new node should be set after the call to willRemoveChildren,
            since this call can fire events, and execute JS code, which might change the treescope
            of the container node.

            Test: fast/dom/crash-moving-subtree-between-documents.html

            * dom/ContainerNode.cpp:
            (WebCore::ContainerNode::replaceAllChildren):

2017-09-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222304. rdar://problem/34646370

    2017-09-20  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r191731): SVGPatternElement can only reference another SVGPatternElement in the same SVG document
            https://bugs.webkit.org/show_bug.cgi?id=176221

            Reviewed by Tim Horton.

            According to the specs:

            https://www.w3.org/TR/SVG11/filters.html#FilterElementHrefAttribute
            https://www.w3.org/TR/SVG11/pservers.html#LinearGradientElementHrefAttribute
            https://www.w3.org/TR/SVG11/pservers.html#RadialGradientElementHrefAttribute
            https://www.w3.org/TR/SVG11/pservers.html#PatternElementHrefAttribute

            The xlink:href attribute of the SVG filter, gradient and pattern elements
            must reference another element within the current SVG of the same type.

            In r191731, the code of SVGPatternElement::collectPatternAttributes() was
            removed and replaced by RenderSVGResourcePattern::collectPatternAttributes()
            to avoid cyclic reference in the pattern element. The problem is the old
            code used to check whether the referenced element is<SVGPatternElement>
            before casting it. This code was not copied to the new function. So we
            now allow the SVGPatternElement to reference any SVG resource element.

            To fix this issue, we need to prevent SVGResources from chaining an incorrect
            type of element to the SVG filter, gradient and pattern elements.

            We also need to use the SVGResources for getting the referenced element
            when collecting the attributes for the gradient elements. SVGResources solves
            the cyclic referencing issue so there is no need to repeat the same code
            in many places. Also, from now on the SVGResources will have valid linked
            resource only. So casting the referenced element should always be valid.

            Tests: svg/custom/pattern-invalid-content-inheritance.svg

            * rendering/svg/RenderSVGResourcePattern.cpp:
            (WebCore::RenderSVGResourcePattern::collectPatternAttributes const): Asserts
            the linkedResource is of type RenderSVGResourcePattern.
            * rendering/svg/SVGResources.cpp:
            (WebCore::SVGResources::SVGResources):
            (WebCore::isChainableResource): Ensure that an SVG resource can reference
            only an SVG resource with the valid type.
            (WebCore::SVGResources::buildCachedResources):
            * rendering/svg/SVGResources.h:

2017-09-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222097. rdar://problem/34508516

    2017-09-15  Brent Fulgham  <bfulgham@apple.com>

            Make DocumentLoader a FrameDestructionObserver
            https://bugs.webkit.org/show_bug.cgi?id=176364
            <rdar://problem/34254780>

            Reviewed by Alex Christensen.

            The DocumentLoader needs to know when its Frame is destroyed so that it can
            perform properly cleanup.

            Test: fast/events/beforeunload-dom-manipulation-crash.html

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::DocumentLoader): Call FrameDestructionObserver constructor.
            (WebCore::DocumentLoader::responseReceived): Drive-by fix. Make sure the current
            object is valid during the callback.
            (WebCore::DocumentLoader::attachToFrame): Use FrameDestructionObserver::observerFrame rather
            than setting the m_frame variable directly.
            (WebCore::DocumentLoader::detachFromFrame): Ditto.
            * loader/DocumentLoader.h:
            (WebCore::DocumentLoader::frame const): Deleted, as this is provided by the FrameDestructionObserver.

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222226. rdar://problem/34534758

    2017-09-19  Zalan Bujtas  <zalan@apple.com>

            AXObjectCache::performDeferredCacheUpdate is called recursively through FrameView::layout.
            https://bugs.webkit.org/show_bug.cgi?id=176218
            <rdar://problem/34205612>

            Reviewed by Simon Fraser.

            There are certain cases when we might re-enter performDeferredCacheUpdate through recursive
            layout calls (see webkit.org/b/177176) and mutate m_deferredTextChangedList multiple times.

            Test: accessibility/crash-table-recursive-layout.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::performDeferredCacheUpdate):
            * accessibility/AXObjectCache.h:

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222220. rdar://problem/34534766

    2017-09-15  Wenson Hsieh  <wenson_hsieh@apple.com>

            createMarkupInternal should protect its pointer to the Range's common ancestor
            https://bugs.webkit.org/show_bug.cgi?id=177033
            <rdar://problem/34265390>

            Reviewed by Tim Horton.

            Adds basic safeguarding to codepaths hit while executing an outdent command.

            Test: editing/execCommand/outdent-with-media-query-listener-in-iframe.html

            * editing/IndentOutdentCommand.cpp:
            (WebCore::IndentOutdentCommand::outdentRegion):

            Avoid an infinite loop if endOfCurrentParagraph is a null position.

            * editing/markup.cpp:
            (WebCore::createMarkupInternal):

            Protect the raw pointer to the Range's common ancestor node.

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222214. rdar://problem/34534751

    2017-09-19  Zalan Bujtas  <zalan@apple.com>

            Do not mutate RenderText content during layout.
            https://bugs.webkit.org/show_bug.cgi?id=176219
            <rdar://problem/34205724>

            Reviewed by David Hyatt.

            Update combined text when the style/content change as opposed to lazily, during layout.
            -content mutation during layout might make the inline tree go out of sync.

            Test: fast/text/international/dynamic-text-combine-crash.html

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths const):
            * rendering/RenderCombineText.cpp:
            (WebCore::RenderCombineText::styleDidChange):
            (WebCore::RenderCombineText::setRenderedText):
            (WebCore::RenderCombineText::combineTextIfNeeded):
            (WebCore::RenderCombineText::combineText): Deleted.
            * rendering/RenderCombineText.h:
            * rendering/RenderText.h:
            * rendering/line/BreakingContext.h:
            (WebCore::BreakingContext::handleText):
            * rendering/line/LineBreaker.cpp:
            (WebCore::LineBreaker::skipLeadingWhitespace):

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221978. rdar://problem/34508522

    2017-09-13  Daniel Bates  <dabates@apple.com>

            Make history.pushState()/replaceState() more closely aligned to the HTML standard
            https://bugs.webkit.org/show_bug.cgi?id=176730
            <rdar://problem/33839265>

            Reviewed by Alex Christensen.

            Update history.pushState()/replaceState() to more closely align with the algorithm
            specified in <https://html.spec.whatwg.org/multipage/history.html#dom-history-pushstate-2> (9 September 2017).

            Test: http/tests/security/history-pushState-replaceState-from-sandboxed-iframe.html

            * page/History.cpp:
            (WebCore::History::stateObjectAdded):
            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::extractInnerURL): Use URL constructor that takes a base URL as opposed
            to using the special ParsedURLString-variant because the latter can only be used to parse a string
            returned from URL::string(). And the extracted inner URL does not meet this criterion. Using the
            ParsedURLString-variant of the URL constructor with a string that is not the result of URL::string()
            will cause an assertion failure in a debug build.

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222167. rdar://problem/34508525

    2017-09-18  Antti Koivisto  <antti@apple.com>

            Avoid style resolution when clearing focused element.
            https://bugs.webkit.org/show_bug.cgi?id=176224
            <rdar://problem/34206409>

            Reviewed by Zalan Bujtas.

            Test: fast/dom/focus-style-resolution.html

            * dom/Document.cpp:
            (WebCore::Document::setFocusedElement):

                Don't do synchronous style resolution with FocusRemovalEventsMode::DoNotDispatch.
                Style resolution may dispatch events.

            * html/HTMLInputElement.cpp:
            (WebCore::HTMLInputElement::didBlur):

                Move resolveStyleIfNeeded call to setFocusedElement. It is the only client for didBlur.

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222163. rdar://problem/34508516

    2017-09-18  Per Arne Vollan  <pvollan@apple.com>

            [WK1] Layout Test fast/events/beforeunload-dom-manipulation-crash.html is crashing.
            https://bugs.webkit.org/show_bug.cgi?id=177071

            Reviewed by Brent Fulgham.

            The Page pointer in the history controller's frame is null. Add a null pointer check before
            accessing the page.

            No new tests, covered by exiting tests.

            * loader/HistoryController.cpp:
            (WebCore::HistoryController::updateForStandardLoad):
            (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
            (WebCore::HistoryController::updateForClientRedirect):

2017-09-19  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222114. rdar://problem/34508510

    2017-09-15  Wenson Hsieh  <wenson_hsieh@apple.com>

            Avoid style recomputation when forwarding a focus event to an text field's input type
            https://bugs.webkit.org/show_bug.cgi?id=176160
            <rdar://problem/34184820>

            Reviewed by Ryosuke Niwa.

            Currently, TextFieldInputType::forwardEvent synchronously triggers style recomputation, for the purpose of
            scrolling to the origin upon handling a blur event, and also for updating caps lock state after a blur or focus.
            In synchronously triggering style recomputation, we may end up running arbitrary JavaScript, which may change
            the HTMLInputElement's type and cause the current TextFieldInputType to be destroyed.

            To mitigate this, we only update caps lock state when forwarding a focus or blur event to the InputType, and
            instead scroll blurred text fields to the origin later, in HTMLInputElement::didBlur (invoked from
            Document::setFocusedElement after blur and focusout events have fired). Instead of having the InputType update
            style, lift the call to Document::updateStyleIfNeeded up into HTMLInputElement so that we gracefully handle the
            case where the page destroys and sets a new InputType within the scope of this style update.

            Test: fast/forms/change-input-type-in-focus-handler.html

            * dom/Document.cpp:
            (WebCore::Document::setFocusedElement):
            * html/HTMLInputElement.cpp:
            (WebCore::HTMLInputElement::didBlur):
            * html/HTMLInputElement.h:
            * html/InputType.h:
            (WebCore::InputType::elementDidBlur):
            * html/TextFieldInputType.cpp:
            (WebCore::TextFieldInputType::forwardEvent):
            (WebCore::TextFieldInputType::elementDidBlur):
            * html/TextFieldInputType.h:

2017-09-14  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222008. rdar://problem/34426473

    2017-09-13  Zalan Bujtas  <zalan@apple.com>

            Switch multicolumn's spanner map from raw over to weak pointers.
            https://bugs.webkit.org/show_bug.cgi?id=176367
            <rdar://problem/34254896>

            Reviewed by Antti Koivisto.

            Test: fast/multicol/spanner-crash-when-adding-summary.html

            * rendering/RenderMultiColumnFlowThread.cpp:
            (WebCore::RenderMultiColumnFlowThread::evacuateAndDestroy):
            (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted):
            (WebCore::RenderMultiColumnFlowThread::handleSpannerRemoval):
            * rendering/RenderMultiColumnFlowThread.h:
            * rendering/RenderMultiColumnSet.cpp:
            (WebCore::RenderMultiColumnSet::firstRendererInFlowThread const):
            (WebCore::RenderMultiColumnSet::lastRendererInFlowThread const):
            * rendering/RenderMultiColumnSpannerPlaceholder.cpp:
            (WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
            * rendering/RenderMultiColumnSpannerPlaceholder.h:

2017-09-14  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r222005. rdar://problem/34426487

    2017-09-13  Wenson Hsieh  <wenson_hsieh@apple.com>

            Submitting a form can cause HTMLFormElement's associated elements vector to be mutated during iteration
            https://bugs.webkit.org/show_bug.cgi?id=176368
            <rdar://problem/34254998>

            Reviewed by Ryosuke Niwa.

            In the process of iterating over form.associatedElements() during form submission in FormSubmission::create, the
            page may cause us to clobber the vector of FormAssociatedElements* we're currently iterating over by inserting
            new form controls beneath the form element we're in the process of submitting. This happens because
            FormSubmission::create calls HTMLTextAreaElement::appendFormData, which requires layout to be up to date, which
            in turn makes us updateLayout() and set focus, which fires a `change` event, upon which the page's JavaScript
            inserts additonal DOM nodes into the form, modifying the vector of associated elements.

            To mitigate this, instead of iterating over HTMLFormElement::associatedElements(), which returns a reference to
            the HTMLFormElement's actual m_associatedElements vector, we iterate over a new vector of
            Ref<FormAssociatedElement>s created from m_associatedElements.

            This patch also removes an event dispatch assertion added in r212026. This assertion was added to catch any
            other events dispatched in this scope, since dispatching events there would have had security implications, but
            after making iteration over associated elements robust, this NoEventDispatchAssertion is no longer useful.

            Test: fast/forms/append-children-during-form-submission.html

            * loader/FormSubmission.cpp:
            (WebCore::FormSubmission::create):

2017-09-14  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221968. rdar://problem/34169683

    2017-09-12  Matt Rajca  <mrajca@apple.com>

            Ensure the user interacted with the page before setting m_userHasInteractedWithMediaElement
            https://bugs.webkit.org/show_bug.cgi?id=176816

            Reviewed by Eric Carlson.

            Currently, when the user presses a keyboard shortcut in the client to reload a page, that may
            get registered as a user gesture on the reloaded page. Before setting the
            m_userHasInteractedWithMediaElement flag, we should check if a user gesture was actually handled
            by checking the userDidInteractWithPage flag. In case of key events that aren't handled by the
            page, this will be set to false by EventHandler:

                // If the key event was not handled, do not treat it as user interaction with the page.
                if (topDocument && !wasHandled)
                    topDocument->setUserDidInteractWithPage(savedUserDidInteractWithPage);

            We need to revisit this in the future in webkit.org/b/176817 and ensure user gesture tokens
            don't carry over across reloads of the page.

            Tests: I wasn't able to trigger the pathological scenario this aims to fix with a test that calls
            window.location.reload() from a synthetic keyDown event.

            * dom/Document.cpp:
            (WebCore::Document::noteUserInteractionWithMediaElement):

2017-09-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221917. rdar://problem/34404461

    2017-09-12  Brent Fulgham  <bfulgham@apple.com>

            Show punycode to user if a URL mixes Armenian Seh or Vo with other scripts
            https://bugs.webkit.org/show_bug.cgi?id=176578
            <rdar://problem/33906231>

            Reviewed by Alex Christensen.

            Revise our "lookalike character" logic to include the Armenian Vo and Seh
            characters, which can be mistaken for 'n' and 'v' when displayed in
            certain fonts.

            Tested by new API tests.

            * platform/mac/WebCoreNSURLExtras.mm:
            (WebCore::isArmenianLookalikeCharacter): Added utility function.
            (WebCore::isArmenianScriptCharacter): Ditto.
            (WebCore::isLookalikeCharacter): Handle Armenian-lookalike cases.

2017-09-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221709. rdar://problem/34169683

    2017-09-05  Matt Rajca  <mrajca@apple.com>

            Support new autoplay quirk for arbitrary user gestures.
            https://bugs.webkit.org/show_bug.cgi?id=176402

            Reviewed by Eric Carlson.

            This quirk allows any user gesture to allow autoplay in a document.

            No new tests because this specifically targets one host.

            * html/MediaElementSession.cpp:
            (WebCore::needsArbitraryUserGestureAutoplayQuirk):
            (WebCore::MediaElementSession::playbackPermitted const):

2017-09-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221386. rdar://problem/34169683

    2017-08-22  Matt Rajca  <mrajca@apple.com>

            Opt all Mac clients into document-level media user gesture quirks.
            https://bugs.webkit.org/show_bug.cgi?id=175831

            This un-breaks many of the sites that take a long time to load video ad elements on-demand.

            Reviewed by Eric Carlson.

            Test: media/document-level-media-user-gesture-quirk.html

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::playbackPermitted const):
            (WebCore::needsDocumentLevelMediaUserGestureQuirk): Deleted.

2017-09-10  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r221014. rdar://problem/34169683

    2017-08-21  Matt Rajca  <mrajca@apple.com>

            Call updateIsPlayingMedia whenever m_userHasInteractedWithMediaElement changes
            https://bugs.webkit.org/show_bug.cgi?id=175796

            Reviewed by Eric Carlson.

            Test: media/video-user-gesture-tracking.html

            The page media state depends on m_userHasInteractedWithMediaElement, so force it to update
            as soon as m_userHasInteractedWithMediaElement changes. This fixes an issue where the media
            state would not reflect the user interaction flag until a call to updateIsPlayingMedia was made.

            * dom/Document.cpp:
            (WebCore::Document::noteUserInteractionWithMediaElement):
            * dom/Document.h:
            (WebCore::Document::noteUserInteractionWithMediaElement): Deleted.
            * testing/Internals.cpp:
            (WebCore::Internals::pageMediaState):

2017-09-05  Matthew Hanson  <matthew_hanson@apple.com>

        Cherry-pick r221444. rdar://problem/34215746

    2017-08-31  David Quesada  <david_quesada@apple.com>

            WKNavigationDelegatePrivate client redirect SPI needs to be able to detect redirects scheduled before the document finishes loading
            https://bugs.webkit.org/show_bug.cgi?id=176128
            rdar://problem/34068476

            Reviewed by Brady Eidson.

            Removed FrameLoaderClient::dispatchDidPerformClientRedirect() since no client cares about this event anymore.
            Also removed FrameLoader::performClientRedirect() since it wouldn't do anything but call changeLocation().

            No new tests - no change in functionality.

            * loader/FrameLoader.cpp:
            * loader/FrameLoader.h:
            * loader/FrameLoaderClient.h:
            * loader/NavigationScheduler.cpp:

2017-08-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220940. rdar://problem/33994308

    2017-08-18  Tim Horton  <timothy_horton@apple.com>

            Remove classic mode screen scale clamping
            https://bugs.webkit.org/show_bug.cgi?id=175739
            <rdar://problem/33894531>

            Reviewed by Andy Estes.

            * platform/ios/PlatformScreenIOS.mm:
            (WebCore::screenScaleFactor):
            This code is no longer needed.

2017-08-15  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220723. rdar://problem/33901127

    2017-08-14  Jer Noble  <jer.noble@apple.com>

            Obj-C exception crash in AVStreamSession when using EME in Private Browsing mode
            https://bugs.webkit.org/show_bug.cgi?id=175547

            Reviewed by Eric Carlson.

            When the storagePath() is empty, do not use those AVStreamSession APIs which require a valid file path to stored
            proof-of-key-release data.

            Drive-by fix: return emptyString() from HTMLMediaElement::mediaPlayerMediaKeysStorageDirectory() when in Private
            Browsing mode, to match the behavior of WebKitMediaKeySession.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::mediaPlayerMediaKeysStorageDirectory const):
            * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
            (WebCore::CDMSessionAVStreamSession::releaseKeys):
            (WebCore::CDMSessionAVStreamSession::update):
            (WebCore::CDMSessionAVStreamSession::generateKeyReleaseMessage):

2017-08-15  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r217197. rdar://problem/33890650

    2017-05-21  Antti Koivisto  <antti@apple.com>

            matchMedia('print').addListener() fires in WK1 but never in WK2 when printing (breaks printing Google maps, QuickLooks)
            https://bugs.webkit.org/show_bug.cgi?id=172361
            <rdar://problem/28777408>

            Reviewed by Sam Weinig.

            Test: fast/media/matchMedia-print.html

            * page/FrameView.cpp:
            (WebCore::FrameView::layout):

                Evaluate matchMedia queries unconditionally. No idea why it wasn't like that.

            * testing/Internals.cpp:
            (WebCore::Internals::setPrinting):

                Add testing support. The existing ways to do printing testing were unable to hit this bug as
                they had too much additional gunk.

            * testing/Internals.h:
            * testing/Internals.idl:

2017-08-15  Matthew Hanson  <matthew_hanson@apple.com>

        Cherry-pick r220722. rdar://problem/33890577

    2017-08-14  Andy Estes  <aestes@apple.com>

            REGRESSION (r220456): Crash in PreviewLoader::shouldCreateForMIMEType() when a ResourceResponse has a null MIME type
            https://bugs.webkit.org/show_bug.cgi?id=175548
            <rdar://problem/33866206>

            Reviewed by Brady Eidson.

            New API test: QuickLook.ShouldCreateForMIMEType

            * WebCore.xcodeproj/project.pbxproj:
            * loader/ios/PreviewLoader.h:
            * loader/ios/PreviewLoader.mm:
            (WebCore::PreviewLoader::shouldCreateForMIMEType): Check if mimeType is a null String before
            calling HashSet::contains().

2017-08-14  Jason Marcell  <jmarcell@apple.com>

        Revert r217197. rdar://problem/33890650

2017-08-14  Jason Marcell  <jmarcell@apple.com>

        Revert r220112. rdar://problem/33890661

2017-08-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220551. rdar://problem/33843388

    2017-08-10  Nan Wang  <n_wang@apple.com>

            AX: crash at WebCore::AccessibilityObject::supportsARIALiveRegion() const + 24
            https://bugs.webkit.org/show_bug.cgi?id=175340
            <rdar://problem/33782159>

            Reviewed by Chris Fleizach.

            The issue here is that we manualy set the parent object of the AccessibilitySVGRoot object
            and there are chances that the parent doesn't detach it properly during the parent's destroying
            process. Accessing the stale parent object will lead to a crash.
            Fixed this by making the parent object a weak pointer so we don't access an invalid memory.

            Test: accessibility/add-children-pseudo-element.html

            * accessibility/AccessibilityRenderObject.cpp:
            (WebCore::AccessibilityRenderObject::AccessibilityRenderObject):
            * accessibility/AccessibilityRenderObject.h:
            (WebCore::AccessibilityRenderObject::createWeakPtr):
            * accessibility/AccessibilitySVGRoot.cpp:
            (WebCore::AccessibilitySVGRoot::AccessibilitySVGRoot):
            (WebCore::AccessibilitySVGRoot::setParent):
            (WebCore::AccessibilitySVGRoot::parentObject const):
            * accessibility/AccessibilitySVGRoot.h:

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220459. rdar://problem/33820790

    2017-08-09  Daniel Bates  <dabates@apple.com>

            REGRESSION (r219013): OAuth flows are broken when redirecting back to application after authentication
            https://bugs.webkit.org/show_bug.cgi?id=175247
            <rdar://problem/33679804>

            Reviewed by Brady Eidson.

            Add SPI so that Safari can differentiate between a form submission and a redirected form submission
            and have PolicyCheck notify the frame loader client if the navigation was in response to receiving a
            redirect response. This is the WebKit portion to fix an issue when a native app makes use of an OAuth
            OAuth flow that bounces to Safari for user login and then bounce back to the app. Microsoft Graph's
            OAuth flow is one example.

            Safari was differentiating between a form submission and a redirected form submission based on the
            nullity of WKNavigationAction.sourceFrame because in both cases the navigation type was WKNavigationTypeFormSubmitted.
            The navigation type is the same for both navigations because WebKit always used the navigation
            action from the original request for the redirect request when the original request redirected.
            Prior to r219013, WKNavigationAction.sourceFrame would be nil for a form submission that redirects.
            Following r219013, WKNavigationAction.sourceFrame is non-nil unless the navigation was initiated by
            API. In particular, WKNavigationAction.sourceFrame is non-nil for the redirect navigation corresponding
            to a form submission that redirects.

            * loader/EmptyClients.cpp:
            (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
            * loader/FrameLoaderClient.h:
            Have dispatchDecidePolicyForNavigationAction() take a boolean as to whether the navigation was in
            response to receiving a redirect response.
            * loader/PolicyChecker.cpp:
            (WebCore::PolicyChecker::checkNavigationPolicy): Notify the frame loader client whether the navigation
            is in response to receiving a redirect response.

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220473. rdar://problem/33810961

    2017-08-09  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS DnD] ENABLE_DRAG_SUPPORT should be turned off for iOS 10 and enabled by default
            https://bugs.webkit.org/show_bug.cgi?id=175392
            <rdar://problem/33783207>

            Reviewed by Tim Horton and Megan Gardner.

            Tweak FeatureDefines to enable drag and drop by default, and disable only on unsupported platforms (i.e. iOS 10).
            No change in behavior.

            * Configurations/FeatureDefines.xcconfig:

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220456. rdar://problem/33810950

    2017-08-09  Andy Estes  <aestes@apple.com>

            [QuickLook] Use case-insensitive comparison of preview MIME types
            https://bugs.webkit.org/show_bug.cgi?id=175350
            <rdar://problem/33761159>

            Reviewed by Brady Eidson.

            MIME types are case-insensitive, but PreviewLoader was using a case-sensitive comparison to
            determine if a MIME type was supported by QLPreviewConverter. As a result we would fail to
            preview Excel macro-enabled workbooks, since CFNetwork would sniff a MIME type of
            "application/vnd.ms-excel.sheet.macroEnabled.12" but QuickLook contained
            "application/vnd.ms-excel.sheet.macroenabled.12" in its set of supported MIME type strings.

            Fix this by copying the QuickLook supported MIME type set into a HashSet using
            ASCIICaseInsensitiveHash and using that HashSet for MIME type checks.

            Test: quicklook/excel-macro-enabled.html

            * loader/ios/PreviewLoader.mm:
            (WebCore::PreviewLoader::shouldCreateForMIMEType):

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220333. rdar://problem/33810934

    2017-08-07  Antti Koivisto  <antti@apple.com>

            REGRESSION (r219121): Airmail 3 prints header part only.
            https://bugs.webkit.org/show_bug.cgi?id=175258
            <rdar://problem/33601173>

            Reviewed by Andreas Kling.

            When a WK1 WebViw is printed via AppKit view hierarchy it won't explictly set the page width
            but uses the existing width. r219121 assumes that all printing code paths set the page width.

            No test, there appears to be no good way to test AppKit printing behaviors without adding complicated
            new testing infrastructure.

            * rendering/RenderView.cpp:
            (WebCore::RenderView::layout):

                If we are in printing layout and don't have page width set yet then use the current view width.
                This matches the behavior prior r219121.

2017-08-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220289. rdar://problem/33810941

    2017-08-04  Said Abou-Hallawa  <sabouhallawa@apple.com>

            RenderImageResourceStyleImage::image() should return the nullImage() if the image is not available
            https://bugs.webkit.org/show_bug.cgi?id=174874
            <rdar://problem/33530130>

            Reviewed by Simon Fraser.

            If an <img> element has a non-CachedImage content data, e.g. -webkit-named-image,
            RenderImageResourceStyleImage will be created and  attached to the RenderImage.
            RenderImageResourceStyleImage::m_cachedImage will be set to null at the
            beginning because the m_styleImage->isCachedImage() is false in this case.
            When ImageLoader finishes loading the url of the src attribute,
            RenderImageResource::setCachedImage() will be called to set m_cachedImage.

            A crash will happen when the RenderImage is destroyed. Destroying the
            RenderImage calls RenderImageResourceStyleImage::shutdown() which checks
            m_cachedImage and finds it not null, so it calls RenderImageResourceStyleImage::image()
            which ends up calling CSSNamedImageValue::image() which returns a null pointer
            because the size is empty. RenderImageResourceStyleImage::shutdown() calls
            image()->stopAnimation() without checking the return value of image().

            Another crash will happen later when deleting the CachedImage from the memory
            cache if CachedImage::canDestroyDecodedData() is called because the client
            it gets from m_clients is a freed pointer. This happens because RenderImageResourceStyleImage
            has m_styleImage of type StyleGeneratedImage but its m_cachedImage is set
            by RenderImageResource::setCachedImage(). When RenderImageResourceStyleImage::shutdown()
            is called, it calls  StyleGeneratedImage::removeClient() which does not
            know anything about RenderImageResourceStyleImage::m_cachedImage. So we
            end up having a freed pointer in the m_clients of the CachedImage.

            Test: fast/images/image-element-image-content-data.html

            * rendering/RenderImageResourceStyleImage.cpp:
            (WebCore::RenderImageResourceStyleImage::shutdown):  Revert back the changes
            of r208511 in this function. Add a call to image()->stopAnimation() without
            checking the return of image() since it will return the nullImage() if
            the image not available. There is no need to check m_cachedImage before
            calling image() because image() does not check or access m_cachedImage.

            If m_styleImage is not a CachedStyleImage but m_cachedImage is not null,
            we need to remove m_renderer from the set of the clients of this m_cachedImage.

            (WebCore::RenderImageResourceStyleImage::image const): The base class method
            RenderImageResource::image() returns the nullImage() if the image not
            available. This is because CachedImage::imageForRenderer() returns
            the nullImage() if the image is not available; see CachedImage.h. We should
            do the same for the derived class for consistency.

2017-08-08  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220248. rdar://problem/33754458

    2017-08-03  Jeremy Jones  <jeremyj@apple.com>

            Improve WebKitLegacy video fullscreen animation begin and end rects.
            https://bugs.webkit.org/show_bug.cgi?id=175152
            rdar://problem/32840576

            Reviewed by Eric Carlson.

            No new tests, becuase this change has no effect on the DOM.

            This change uses different rects for fullscreen animation to prevent the animation
            from failing, and to improve the aesthetics of the animation.

            * platform/mac/WebVideoFullscreenController.mm:
            (frameExpandedToRatioOfFrame):
            (-[WebVideoFullscreenController enterFullscreen:]):
            (-[WebVideoFullscreenController exitFullscreen]):
            (-[WebVideoFullscreenWindow animateFromRect:toRect:withSubAnimation:controllerAction:]):
            (constrainFrameToRatioOfFrame): Deleted.

2017-08-08  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220247. rdar://problem/33754443

    2017-08-03  Jer Noble  <jer.noble@apple.com>

            [EME][Mac] SecureStop left on disk in Private Browsing mode.
            https://bugs.webkit.org/show_bug.cgi?id=175162

            Reviewed by Eric Carlson.

            Return an empty string from mediaKeysStorageDirectory() when the page indicates that storage should
            be ephemeral(). Previously, an empty string in this case would be treated as an error. Instead, treat
            an empty string as valid, and do not try to store or retrieve session information to disk in that case.

            * Modules/encryptedmedia/legacy/WebKitMediaKeySession.cpp:
            (WebCore::WebKitMediaKeySession::mediaKeysStorageDirectory const):
            * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
            (WebCore::CDMSessionAVContentKeySession::releaseKeys):
            (WebCore::CDMSessionAVContentKeySession::update):
            (WebCore::CDMSessionAVContentKeySession::generateKeyReleaseMessage):
            (WebCore::CDMSessionAVContentKeySession::contentKeySession):
            * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
            (WebCore::CDMSessionMediaSourceAVFObjC::storagePath const):

2017-08-07  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220163. rdar://problem/33711032

    2017-08-02  Andy Estes  <aestes@apple.com>

            REGRESSION (r207155): Unable to switch sheets when previewing Numbers '09 spreadsheets
            https://bugs.webkit.org/show_bug.cgi?id=175098
            <rdar://problem/31416763>

            Reviewed by Daniel Bates.

            r207155 enabled sandboxing on the frame displaying a QuickLook preview. This restricted
            frames within the sandbox from navigating their sandboxed siblings or ancestors, which
            breaks the functionality of multi-sheet Numbers '09 spreadsheet previews. These previews
            contain a frameset with a table of contents frame and a content frame, and the table of
            contents frame needs to be able to navigate the content frame when the sheet selection
            changes.

            Fix this by disabling the SandboxNavigation flag in the QuickLook sandbox. Frames within the
            sandbox will be able to navigate each other, but will not be able to navigate the top frame
            (due to SandboxTopNavigation still being enabled), nor will they be able to navigate any
            other ancestor frame outside the sandbox (due to QuickLook previews being in a different
            origin than the hosting frame). These two cases are covered by existing tests.

            Test: quicklook/multi-sheet-numbers-09.html

            * dom/Document.cpp:
            (WebCore::Document::applyQuickLookSandbox): Added a call to
            disableSandboxFlags(SandboxNavigation) after applying the content security policy.
            * dom/SecurityContext.h:
            (WebCore::SecurityContext::disableSandboxFlags): Defined disableSandboxFlags().

2017-08-07  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220153. rdar://problem/33711047

    2017-08-02  Jer Noble  <jer.noble@apple.com>

            [MSE] Removing samples when presentation order does not match decode order can cause bad behavior.
            https://bugs.webkit.org/show_bug.cgi?id=175091

            Reviewed by Eric Carlson.

            Address follow-up comments to r219519.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::removeCodedFrames):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220112. rdar://problem/33692164

    2017-08-01  Zalan Bujtas  <zalan@apple.com>

            REGRESSION (r217197): New Yorker website hangs for a long time on load, lots of blank tiles
            https://bugs.webkit.org/show_bug.cgi?id=175009
            <rdar://problem/33505791>

            Reviewed by Simon Fraser.

            This patch ensures that we report the desktop, non-frame-flattened frame size for media queries in subframes.
            Some websites don't expect the iframes to be expanded to the size of the content and when the media query
            callback mutates the content (triggering frame resize), they might end up getting into a never ending layout.

            Test: fast/frames/flattening/media-query-growing-content.html

            * css/MediaQueryEvaluator.cpp:
            (WebCore::orientationEvaluate):
            (WebCore::aspectRatioEvaluate):
            (WebCore::heightEvaluate):
            (WebCore::widthEvaluate):
            * page/FrameView.cpp:
            (WebCore::FrameView::layout):
            (WebCore::FrameView::layoutSizeForMediaQuery const):
            (WebCore::FrameView::evaluateMediaQueryList):
            * page/FrameView.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220085. rdar://problem/33692157

    2017-07-31  Matt Rajca  <mrajca@apple.com>

            Support quirk for letting media autoplay if the user interacted with at least one media element.
            https://bugs.webkit.org/show_bug.cgi?id=175005
            <rdar://problem/33476038>

            Reviewed by Eric Carlson.

            If the user has interacted with at least one media element, let other media elements auto-play
            as a quirk.

            * dom/Document.cpp:
            (WebCore::Document::updateIsPlayingMedia):
            * dom/Document.h:
            (WebCore::Document::noteUserInteractionWithMediaElement):
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture):
            * html/MediaElementSession.cpp:
            (WebCore::needsDocumentLevelMediaUserGestureQuirk):
            (WebCore::MediaElementSession::playbackPermitted const):
            * page/MediaProducer.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220084. rdar://problem/33692167

    2017-07-31  Nan Wang  <n_wang@apple.com>

            AX: CFEqual is failing on text markers with exact same data
            https://bugs.webkit.org/show_bug.cgi?id=175002
            <rdar://problem/33636985>

            Reviewed by Chris Fleizach.

            We should zero the memory of the TextMarkerData instance so that it
            can be tested for byte-equivalence.

            Made sure this change won't break any of the existing tests.

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220077. rdar://problem/33692157

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Propagate user gesture tokens when script elements are loaded.
            https://bugs.webkit.org/show_bug.cgi?id=174959

            Reviewed by Eric Carlson.

            Propagate user gesture tokens when script elements are loaded (i.e. between the time an
            element is created and its onload handler is invoked).

            * dom/ScriptElement.cpp:
            (WebCore::ScriptElement::ScriptElement):
            (WebCore::ScriptElement::dispatchLoadEventRespectingUserGestureIndicator):
            (WebCore::ScriptElement::executeScriptAndDispatchEvent):
            (WebCore::ScriptElement::executePendingScript):
            * dom/ScriptElement.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220035. rdar://problem/33692157

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Don't add autoplay restrictions to media elements created in response to user gestures.
            https://bugs.webkit.org/show_bug.cgi?id=174947

            Reviewed by Eric Carlson.

            Test: media/video-create-with-user-gesture.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220112. rdar://problem/33687415

    2017-08-01  Zalan Bujtas  <zalan@apple.com>

            REGRESSION (r217197): New Yorker website hangs for a long time on load, lots of blank tiles
            https://bugs.webkit.org/show_bug.cgi?id=175009
            <rdar://problem/33505791>

            Reviewed by Simon Fraser.

            This patch ensures that we report the desktop, non-frame-flattened frame size for media queries in subframes.
            Some websites don't expect the iframes to be expanded to the size of the content and when the media query
            callback mutates the content (triggering frame resize), they might end up getting into a never ending layout.

            Test: fast/frames/flattening/media-query-growing-content.html

            * css/MediaQueryEvaluator.cpp:
            (WebCore::orientationEvaluate):
            (WebCore::aspectRatioEvaluate):
            (WebCore::heightEvaluate):
            (WebCore::widthEvaluate):
            * page/FrameView.cpp:
            (WebCore::FrameView::layout):
            (WebCore::FrameView::layoutSizeForMediaQuery const):
            (WebCore::FrameView::evaluateMediaQueryList):
            * page/FrameView.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220085. rdar://problem/33687398

    2017-07-31  Matt Rajca  <mrajca@apple.com>

            Support quirk for letting media autoplay if the user interacted with at least one media element.
            https://bugs.webkit.org/show_bug.cgi?id=175005
            <rdar://problem/33476038>

            Reviewed by Eric Carlson.

            If the user has interacted with at least one media element, let other media elements auto-play
            as a quirk.

            * dom/Document.cpp:
            (WebCore::Document::updateIsPlayingMedia):
            * dom/Document.h:
            (WebCore::Document::noteUserInteractionWithMediaElement):
            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture):
            * html/MediaElementSession.cpp:
            (WebCore::needsDocumentLevelMediaUserGestureQuirk):
            (WebCore::MediaElementSession::playbackPermitted const):
            * page/MediaProducer.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220084. rdar://problem/33687425

    2017-07-31  Nan Wang  <n_wang@apple.com>

            AX: CFEqual is failing on text markers with exact same data
            https://bugs.webkit.org/show_bug.cgi?id=175002
            <rdar://problem/33636985>

            Reviewed by Chris Fleizach.

            We should zero the memory of the TextMarkerData instance so that it
            can be tested for byte-equivalence.

            Made sure this change won't break any of the existing tests.

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220077. rdar://problem/33687398

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Propagate user gesture tokens when script elements are loaded.
            https://bugs.webkit.org/show_bug.cgi?id=174959

            Reviewed by Eric Carlson.

            Propagate user gesture tokens when script elements are loaded (i.e. between the time an
            element is created and its onload handler is invoked).

            * dom/ScriptElement.cpp:
            (WebCore::ScriptElement::ScriptElement):
            (WebCore::ScriptElement::dispatchLoadEventRespectingUserGestureIndicator):
            (WebCore::ScriptElement::executeScriptAndDispatchEvent):
            (WebCore::ScriptElement::executePendingScript):
            * dom/ScriptElement.h:

2017-08-02  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220035. rdar://problem/33687398

    2017-07-28  Matt Rajca  <mrajca@apple.com>

            Don't add autoplay restrictions to media elements created in response to user gestures.
            https://bugs.webkit.org/show_bug.cgi?id=174947

            Reviewed by Eric Carlson.

            Test: media/video-create-with-user-gesture.html

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::HTMLMediaElement):

2017-08-02  Matthew Hanson  <matthew_hanson@apple.com>

        Cherry-pick r219602. rdar://problem/33537767

    2017-07-17  Konstantin Tokarev  <annulen@yandex.ru>

            [cmake] Set library types before their targets are created
            https://bugs.webkit.org/show_bug.cgi?id=174600

            Reviewed by Michael Catanzaro.

            Since r219560 library targets are created before PlatformXXX.cmake
            files are processed, however library type must be passed in
            add_library() call and cannot be changed afterwards. Set these
            variables in OptionsXXX.cmake.

            No new tests needed.

            * PlatformMac.cmake:

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220048. rdar://problem/33619591

    2017-07-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

            RenderImageResourceStyleImage::image() should return the nullImage() if the image is not available
            https://bugs.webkit.org/show_bug.cgi?id=174874
            <rdar://problem/33530130>

            Reviewed by Darin Adler.

            If an <img> element has image content data for a none cached image, e.g.
            -webkit-named-image, RenderImageResourceStyleImage will be created and
            attached to the RenderImage. RenderImageResourceStyleImage::m_cachedImage
            will be set to null because the m_styleImage->isCachedImage() is false in
            this case. When ImageLoader finishes loading the url of the src attribute,
            RenderImageResource::setCachedImage() will be called to set m_cachedImage.

            A crash will happen when the RenderImage is destroyed. Destroying the
            RenderImage calls RenderImageResourceStyleImage::shutdown() which checks
            m_cachedImage and finds it not null, so it calls RenderImageResourceStyleImage::image()
            which ends up calling CSSNamedImageValue::image() which returns a null pointer
            because the size is empty. RenderImageResourceStyleImage::shutdown() calls
            image()->stopAnimation() without checking the return value of image().

            Like the base class virtual method RenderImageResource::image(),
            RenderImageResourceStyleImage::image() should return the nullImage() if
            the image is not available.

            Test: fast/images/image-element-image-content-data.html

            * css/CSSCrossfadeValue.cpp:
            * css/CSSFilterImageValue.cpp:
            * page/EventHandler.cpp:
            * page/PageSerializer.cpp:
            * rendering/RenderElement.cpp:
            * rendering/RenderImageResource.cpp:
            * rendering/RenderImageResourceStyleImage.cpp:
            (WebCore::RenderImageResourceStyleImage::initialize):

            (WebCore::RenderImageResourceStyleImage::shutdown): Revert back the changes
            of r208511 in this function. Add a call to image()->stopAnimation() without
            checking the return of image() since it will return the nullImage() if
            the image not available. There is no need to check m_cachedImage before
            calling image() because image() does not check or access m_cachedImage.

            (WebCore::RenderImageResourceStyleImage::image): The base class method
            RenderImageResource::image() returns the nullImage() if the image not
            available. This is because CachedImage::imageForRenderer() returns
            the nullImage() if the image is not available; see CachedImage.h. We should
            do the same for the derived class for consistency.

            * rendering/style/ContentData.cpp:
            * rendering/style/StyleCachedImage.cpp:
            * style/StylePendingResources.cpp:

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220042. rdar://problem/33619586

    2017-07-29  Nan Wang  <n_wang@apple.com>

            AX: findMatchingObjects doesn't work when the startObject is ignored
            https://bugs.webkit.org/show_bug.cgi?id=174965

            Reviewed by Chris Fleizach.

            findMatchingObjects would return a wrong element if we pass in an ignored
            start object. To fix this, we should use the closest accessible sibling as
            the start object.

            Test: accessibility/mac/search-predicate-from-ignored-element.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::appendChildrenToArray):

2017-07-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220009. rdar://problem/33619585

    2017-07-28  Myles C. Maxfield  <mmaxfield@apple.com>

            [macOS] Reeder's defaults font is Times instead of San Francisco
            https://bugs.webkit.org/show_bug.cgi?id=174885
            <rdar://problem/33462483>

            Reviewed by Simon Fraser.

            Reeder uses explicit dot-prefixed names in its source code. Within Core Text,
            dot-prefixed names cannot be matched case insensitively. The solution is to
            not case-fold these family names, and to make our caches case sensitive for
            these special names.

            Tests: fast/text/font-lookup-dot-prefix-case-sensitive-2.html
                   fast/text/font-lookup-dot-prefix-case-sensitive.html

            * platform/graphics/FontCache.cpp:
            (WebCore::FontPlatformDataCacheKey::operator==):
            (WebCore::FontPlatformDataCacheKeyHash::hash):
            * platform/graphics/FontCascade.cpp:
            (WebCore::keysMatch):
            (WebCore::computeFontCascadeCacheHash):
            * platform/graphics/FontDescription.cpp:
            (WebCore::FontCascadeDescription::familyNamesAreEqual):
            (WebCore::FontCascadeDescription::familyNameHash):
            (WebCore::FontCascadeDescription::foldedFamilyName):
            * platform/graphics/FontDescription.h:
            * platform/graphics/cocoa/FontCacheCoreText.cpp:
            (WebCore::FontDatabase::fontForPostScriptName):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r220003. rdar://problem/33595572

    2017-07-28  Myles C. Maxfield  <mmaxfield@apple.com>

            REGRESSION(r216944): Fallback fonts erroneously visible when the primary font is loading
            https://bugs.webkit.org/show_bug.cgi?id=174772
            <rdar://problem/33267643>

            Reviewed by Simon Fraser.

            During a font load, we try pretty hard to find a font to use that isn't the
            last resort font (which happens to be Times). We do this by iterating through
            all the fonts in the font-family list, as well as through all the relevant
            @font-face blocks which share the requested font family name.

            Unfortunately, if we find one of these fallback fonts, we were simply using it
            directly, which means that it was being drawn as visible (because the
            visibility setting lives inside the Font object). Instead, we should carry the
            invisibility setting from the interstitial font to this used fallback font.

            This patch is an extension of r219221, which fixed the problem only for system
            fallback fonts. This patch adopts the same methodology to all fallback fonts.

            Test: http/tests/webfont/font-loading-system-fallback-visibility-FontRanges.html

            * platform/graphics/FontCascadeFonts.cpp:
            (WebCore::FontCascadeFonts::glyphDataForVariant):
            (WebCore::glyphPageFromFontRanges):
            * platform/graphics/FontRanges.cpp:
            (WebCore::FontRanges::glyphDataForCharacter):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219998. rdar://problem/33595610

    2017-07-28  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS DnD] [WK1] Snapshots generated using -[DOMRange renderImageForcingBlackText:] are upside down
            https://bugs.webkit.org/show_bug.cgi?id=174928
            <rdar://problem/33584280>

            Reviewed by Tim Horton.

            Pulls the implementation of createDragImageForRange out into DragImageIOS, and use TextIndicator to generate a
            snapshot instead of FrameSelection's snapshotting utilities. This makes snapshotting a DOMRange behave the same
            way as snapshotting a dragged selection.

            No way of testing TextIndicator-based snapshotting yet.

            * platform/DragImage.cpp:

            Guard createDragImageForRange for !PLATFORM(IOS).

            * platform/ios/DragImageIOS.mm:
            (WebCore::createDragImageForSelection):

            Add a FIXME to point out that having an additional context flip inside the UIGraphicsImageRenderer block results
            in an upside-down drag image being returned from createDragImageFromImage. This image is being flipped elsewhere
            in drag initiation code, which eventually results in the correct orientation; we'll need further investigation
            to remove this extraneous flip.

            (WebCore::createDragImageForRange):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219992. rdar://problem/33595621

    2017-07-27  Jeremy Jones  <jeremyj@apple.com>

            Don't override _allowsMediaDocumentInlinePlayback in MediaDocument with playsinlineAttr.
            https://bugs.webkit.org/show_bug.cgi?id=174850
            rdar://problem/33449903

            Reviewed by Jon Lee.

            This change removes playsinlineAttr from MediaDocument so that it doesn't override the setting
            from _allowsMediaDocumentInlinePlayback. In its place is an update to requiresFullscreenForVideoPlayback
            that implements the details of exactly which media documents are still allowed to play inlne.

            Media documents always use a video element; but when there are no video tracks, it has behavior like
            an audio element. See media-controller.js isAudio().

            This change preserves this behavior with respect to fullscreen requirements for media document by
            mirroring the isAudio() check in requiresFullscreenForVideoPlayback.

            * html/MediaDocument.cpp:
            (WebCore::MediaDocumentParser::createDocumentStructure):
            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219991. rdar://problem/33595570

    2017-07-27  Jeremy Jones  <jeremyj@apple.com>

            MediaDocument fullscreen pinch gesture should trigger navigate back.
            https://bugs.webkit.org/show_bug.cgi?id=174914

            Reviewed by Jon Lee.

            No new tests because only effect is from interaction with platform.

            For media documents, pressing the "done" button on fullscreen video navigates back
            to the previous page. The same should happen for other gestures that pause playback
            when returning to inline. This allows the gesture to have the same behavior as the
            button.

            * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
            (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219950. rdar://problem/33595459

    2017-07-26  Chris Dumez  <cdumez@apple.com>

            Pressing the Escape key should not be a valid user gesture to enter fullscreen
            https://bugs.webkit.org/show_bug.cgi?id=174864
            <rdar://problem/33009088>

            Reviewed by Geoffrey Garen.

            Pressing the Escape key should not be a valid user gesture to enter fullscreen since this
            is the gesture to exit fullscreen already.

            Test: fullscreen/requestFullscreen-escape-key.html

            * dom/Document.cpp:
            (WebCore::Document::requestFullScreenForElement):
            * dom/UserGestureIndicator.cpp:
            (WebCore::UserGestureIndicator::UserGestureIndicator):
            * dom/UserGestureIndicator.h:
            (WebCore::UserGestureToken::create):
            (WebCore::UserGestureToken::gestureType):
            (WebCore::UserGestureToken::UserGestureToken):
            * page/EventHandler.cpp:
            (WebCore::EventHandler::internalKeyEvent):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219949. rdar://problem/33595616

    2017-07-26  Nan Wang  <n_wang@apple.com>

            AX: Incorrect range from index and length in contenteditable with <p> tags
            https://bugs.webkit.org/show_bug.cgi?id=174856

            Reviewed by Chris Fleizach.

            When asking for the string inside a text control with a given range, we sometimes get
            a wrong string at the line boundary due to a bad plain range to text marker conversion.
            To fix this, we should use the exsisting method on text controls to avoid this issue.

            Updated the test to test the problematic case.

            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219906. rdar://problem/33595387

    2017-07-26  Nan Wang  <n_wang@apple.com>

            AX: should dispatch accessibilityPerformPressAction async on MacOS
            https://bugs.webkit.org/show_bug.cgi?id=174849

            Reviewed by Chris Fleizach.

            If performing the accessibility press action results in a modal alert being displayed,
            it can cause VoiceOver to hang. To fix it, we should dispatch the action asynchronously.

            Updated tests to adapt to this change.

            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper accessibilityPerformPressAction]):
            (-[WebAccessibilityObjectWrapper _accessibilityPerformPressAction]):

2017-07-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219891. rdar://problem/33595436

    2017-07-25  Per Arne Vollan  <pvollan@apple.com>

            Dragged links are blurry on 1x displays.
            https://bugs.webkit.org/show_bug.cgi?id=174831
            <rdar://problem/33519698>

            Reviewed by Simon Fraser.

            When the width and height of the drag image is a multiple of 2, the drag image is not blurry
            on a 1x display. This is a workaround which should be removed when <rdar://problem/33059739>
            is fixed.

            No new tests, since this is not straightforward to test with a layout test.

            * platform/mac/DragImageMac.mm:
            (WebCore::LinkImageLayout::LinkImageLayout):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219876. rdar://problem/33523847

    2017-07-25  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Async image decoding for large images should be disabled after the first time a tile is painted
            https://bugs.webkit.org/show_bug.cgi?id=174451
            <rdar://problem/31246421>

            Reviewed by Simon Fraser.

            Flashing because of DOM mutation can be fixed by disabling the asynchronous
            image decoding after the first time a tile was painted.

            We can detect this by consulting the tile repaintCount. If it is zero, then
            it is safe to use asynchronous image decoded. If the tile repaintCount is
            greater than zero, we are not sure if the renderer rectangle has an image
            drawn in it already or not. In this case we have to use the synchronous
            image decoding to avoid causing a flash.

            Tests: fast/images/async-image-background-change.html
                   fast/images/async-image-src-change.html
                   http/tests/multipart/multipart-async-image.html

            * html/shadow/MediaControlElements.cpp:
            (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
            * page/FrameView.cpp:
            (WebCore::FrameView::willPaintContents):
            (WebCore::FrameView::paintContentsForSnapshot):
            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::paintContents):
            * page/PageOverlayController.h:
            * page/linux/ResourceUsageOverlayLinux.cpp:
            * page/mac/ServicesOverlayController.h:
            * page/mac/ServicesOverlayController.mm:
            (WebCore::ServicesOverlayController::Highlight::paintContents):
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::draw):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::paintGraphicsLayerContents):
            * platform/graphics/GraphicsLayer.h:
            * platform/graphics/GraphicsLayerClient.h:
            (WebCore::GraphicsLayerClient::paintContents):
            * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
            (WebCore::LayerClient::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.h:
            * platform/graphics/ca/PlatformCALayer.h:
            * platform/graphics/ca/PlatformCALayerClient.h:
            (WebCore::PlatformCALayerClient::platformCALayerRepaintCount):
            * platform/graphics/ca/TileCoverageMap.cpp:
            (WebCore::TileCoverageMap::platformCALayerPaintContents):
            * platform/graphics/ca/TileCoverageMap.h:
            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::platformCALayerPaintContents):
            (WebCore::TileGrid::platformCALayerRepaintCount):
            * platform/graphics/ca/TileGrid.h:
            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWin.cpp:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
            (PlatformCALayerWinInternal::displayCallback):
            * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:
            (WebTiledBackingLayerWin::displayCallback):
            * platform/graphics/mac/WebLayer.mm:
            (-[WebLayer drawInContext:]):
            (-[WebSimpleLayer drawInContext:]):
            * rendering/PaintPhase.h:
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
            * rendering/RenderElement.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::paintLayerContents):
            (WebCore::RenderLayer::paintForegroundForFragments):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::paintContents):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::paintContents):
            * rendering/RenderLayerCompositor.h:
            * rendering/RenderWidget.cpp:
            (WebCore::RenderWidget::paintContents):
            * testing/Internals.cpp:
            (WebCore::imageFromImageElement):
            (WebCore::bitmapImageFromImageElement):
            (WebCore::Internals::imageFrameIndex):
            (WebCore::Internals::setImageFrameDecodingDuration):
            (WebCore::Internals::resetImageAnimation):
            (WebCore::Internals::isImageAnimating):
            (WebCore::Internals::setClearDecoderAfterAsyncFrameRequestForTesting):
            (WebCore::Internals::imageDecodeCount):
            (WebCore::Internals::setLargeImageAsyncDecodingEnabledForTesting):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219620. rdar://problem/33523847

    2017-07-18  Matt Lewis  <jlewis3@apple.com>

            Unreviewed, rolling out r219610.

            This caused an api failure on all platforms for the test
            SnapshotImageLargeAsyncDecoding

            Reverted changeset:

            "Async image decoding for large images should be disabled
            after the first time a tile is painted"
            https://bugs.webkit.org/show_bug.cgi?id=174451
            http://trac.webkit.org/changeset/219610

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219762. rdar://problem/33523889

    2017-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r219045): A partially loaded image may not be repainted when its complete frame finishes decoding
            https://bugs.webkit.org/show_bug.cgi?id=174230

            Reviewed by Simon Fraser.

            Because of r219045, we now only repaint the CachedImageClinets which tried
            to draw the image but they could not because they have to wait for the image
            decoding to finish. This was done by keeping a HashSet of these clients
            and make CachedImage own it. This HashSet is cleared once the image frame
            finishes decoding and all the waited clients are repainted.

            But Multiple asynchronous image decoding requests are allowed for the same
            frame if new data is added to the image source. If we tried to draw the
            same image twice before it finishes decoding the first request, we will
            not be to record this second request since the HashSet will not add the
            same client twice. When he second request finishes decoding, CachedImage
            will not repaint any client since its HashSet is empty.

            To fix this problem we can do the following. When an image frame finishes
            decoding, CachedImage will keep its HashSet of pending drawing clients as
            long as the image frame is a partially loaded frame.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::CachedImageObserver::imageFrameAvailable):
            (WebCore::CachedImage::imageFrameAvailable):
            * loader/cache/CachedImage.h:
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::destroyDecodedData):
            (WebCore::BitmapImage::dataChanged):
            (WebCore::BitmapImage::setCurrentFrameDecodingStatusIfNecessary):
            (WebCore::BitmapImage::draw):
            (WebCore::BitmapImage::internalStartAnimation):
            (WebCore::BitmapImage::internalAdvanceAnimation):
            (WebCore::BitmapImage::imageFrameAvailableAtIndex):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/ImageFrame.cpp:
            (WebCore::ImageFrame::decodingStatus):
            * platform/graphics/ImageFrame.h: Move DecodingStatus out of this class
            to ImageTypes.h to avoid adding other header files to ImageObvsever.h
            * platform/graphics/ImageFrameCache.cpp:
            (WebCore::ImageFrameCache::setNativeImage):
            (WebCore::ImageFrameCache::cacheMetadataAtIndex):
            (WebCore::ImageFrameCache::cacheNativeImageAtIndex):
            (WebCore::ImageFrameCache::cacheNativeImageAtIndexAsync):
            (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex):
            (WebCore::ImageFrameCache::frameDecodingStatusAtIndex):
            * platform/graphics/ImageFrameCache.h:
            * platform/graphics/ImageObserver.h:
            * platform/graphics/ImageSource.h:
            (WebCore::ImageSource::frameDecodingStatusAtIndex):
            * platform/graphics/ImageTypes.h:
            * platform/image-decoders/bmp/BMPImageReader.cpp:
            (WebCore::BMPImageReader::decodeBMP):
            * platform/image-decoders/gif/GIFImageDecoder.cpp:
            (WebCore::GIFImageDecoder::frameComplete):
            (WebCore::GIFImageDecoder::initFrameBuffer):
            * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
            (WebCore::JPEGImageDecoder::outputScanlines):
            (WebCore::JPEGImageDecoder::jpegComplete):
            * platform/image-decoders/png/PNGImageDecoder.cpp:
            (WebCore::PNGImageDecoder::rowAvailable):
            (WebCore::PNGImageDecoder::pngComplete):
            (WebCore::PNGImageDecoder::frameComplete):
            * platform/image-decoders/webp/WEBPImageDecoder.cpp:
            (WebCore::WEBPImageDecoder::decode):
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219738. rdar://problem/33523826

    2017-07-21  Said Abou-Hallawa  <sabouhallawa@apple.com>

            [CG] An image should not invoke many system calls before confirming its format is supported
            https://bugs.webkit.org/show_bug.cgi?id=174692

            Reviewed by Tim Horton.

            We should be careful when invoking system calls before confirming that the
            image type is available and it is one of the whitelist formats. Otherwise
            we will be calling the parsers of the unsupported formats.

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::setImageDataBuffer): The check isAllowedImageUTI()
            is now done in ImageDecoder::encodedDataStatus() which will return Error
            if there is an error in the data or "isAllowedImageUTI() returns false."

            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::dataChanged): Avoid calling canUseAsyncDecodingForLargeImages()
            before confirming the image type is available and it's supported by WebKit.
            canUseAsyncDecodingForLargeImages() tries to cache the first frame of the
            image to know its size. Asking the ImageFrameCache to destroy its decoded
            frames is not needed unless ImageFrameCache::decodedSize() is not zero.

            * platform/graphics/cg/ImageDecoderCG.cpp:
            (WebCore::ImageDecoder::encodedDataStatus): Avoid calling CGImageSourceGetStatus()
            before knowing the UTI of the image. When knowing it, we call CGImageSourceGetStatus()
            and if it returns kCGImageStatusIncomplete or kCGImageStatusComplete, we
            check whether isAllowedImageUTI() or not. If isAllowedImageUTI() returns
            false, return Error which will make the CachedImage cancel loading the
            rest of the image.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219829. rdar://problem/33523803

    2017-07-24  Simon Fraser  <simon.fraser@apple.com>

            Change "client" coordinates back to match scrolling coordinates
            https://bugs.webkit.org/show_bug.cgi?id=174734
            rdar://problem/33336930

            Reviewed by Tim Horton.

            Baidu.com (which uses jQuery), and various iOS apps make the assumption that getBoundingClientRect() returns a rectangle
            that can be used to set or compare with the scroll position. With visual viewports, that assumption is no longer valid
            when the page is zoomed, or when the keyboard has caused the visual viewport to detach from the layout viewport.

            At this point the compatibility cost of shipping layout viewport-based client rects seems higher than the gain, so revert
            to the shipping behavior. This reverts r216803, and will re-introduce bugs that occurred on zoomed pages on macOS,
            many of which are noted in webkit.org/b/170981.

            * page/FrameView.cpp:
            (WebCore::FrameView::documentToClientOffset):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219761. rdar://problem/33523829

    2017-07-22  Timothy Horton  <timothy_horton@apple.com>

            Drag and Drop preview image for Twitter link is the wrong shape
            ​https://bugs.webkit.org/show_bug.cgi?id=174731
            <rdar://problem/33335616>

            * dom/Range.cpp:
            (WebCore::Range::absoluteRectsForRangeInText):
            * page/TextIndicator.cpp:
            (WebCore::initializeIndicator):
            Apply some post-landing review feedback for r219756.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219756. rdar://problem/33523829

    2017-07-21  Timothy Horton  <timothy_horton@apple.com>

            Drag and Drop preview image for Twitter link is the wrong shape
            https://bugs.webkit.org/show_bug.cgi?id=174731
            <rdar://problem/33335616>

            Reviewed by Zalan Bujtas.

            TextIndicator uses Range::borderAndTextQuads and ::absoluteTextRects
            in order to get the rects of the indicated text. Currently, these
            functions do not respect clipping, so clipped-out text (e.g. as seen
            inside links on Twitter) generates lots of meaningless indicated rects.

            * page/TextIndicator.cpp:
            (WebCore::estimatedBackgroundColorForRange):
            (WebCore::hasAnyIllegibleColors):
            Change adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary
            to instead be hasAnyIllegibleColors, and referred to in the same place
            as hasNonInlineOrReplacedElements, so that it follows the same
            upgrade path (leaving textRects empty, so that it is later filled in
            with the absoluteBoundingRect). This was a mistake in r219033, which
            instead would end up painting all content, but filling in textRects
            with the actual individual text rects.

            This alone changes the behavior on Twitter from lots of jagged misplaced
            rects to a too-large bounding rect. Combined with the following changes,
            the bounding rect is reduced to the right size:

            (WebCore::initializeIndicator):
            Adopt the new Range::borderAndTextQuads and ::absoluteTextRects parameter
            and opt-in to respecting clipping for text rects.

            * dom/DOMRectList.cpp:
            (WebCore::DOMRectList::DOMRectList):
            * dom/DOMRectList.h:
            (WebCore::DOMRectList::create):
            Add a DOMRectList constructor and create() that take FloatRects, similar
            to the one that takes FloatQuads, but without the boundingRect() calls.

            * dom/Document.h:
            * dom/Document.cpp:
            (WebCore::Document::convertAbsoluteToClientRects):
            Add convertAbsoluteToClientRects, similar to covertAbsoluteToClientQuads,
            except acting on rects instead of quads.

            * dom/Range.cpp:
            (WebCore::Range::absoluteRectsForRangeInText):
            (WebCore::Range::absoluteTextRects):
            (WebCore::Range::getClientRects):
            (WebCore::Range::borderAndTextRects):
            (WebCore::Range::boundingRect):
            (WebCore::Range::absoluteBoundingRect):
            (WebCore::Range::borderAndTextQuads): Deleted.
            * dom/Range.h:
            Replace borderAndTextQuads with borderAndTextRects, because all callers
            just ended up calling boundingBox() on the quads.

            Factor absoluteRectsForRangeInText out of absoluteTextRects and
            borderAndTextQuads, and teach it to optionally intersect the text rects
            with their renderer's absoluteClippedOverflowRect.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219755. rdar://problem/33523843

    2017-07-21  Per Arne Vollan  <pvollan@apple.com>

            Round-tripping stroke-width styles through getComputedStyle cause the text to gain a stroke.
            https://bugs.webkit.org/show_bug.cgi?id=174701
            <rdar://problem/32903679>

            Reviewed by Simon Fraser.

            The initial value of stroke-color should be transparent, see https://www.w3.org/TR/fill-stroke-3/#stroke-color.
            Also, there is no need to set the graphics context in text stroke mode, if the stroke color is not visible.

            Test: fast/css/round-trip-stroke-width-using-computed-style.html

            * rendering/TextPaintStyle.cpp:
            (WebCore::updateGraphicsContext):
            * rendering/style/RenderStyle.h:
            (WebCore::RenderStyle::initialStrokeWidth):
            (WebCore::RenderStyle::initialStrokeColor):
            * rendering/style/StyleRareInheritedData.cpp:
            (WebCore::StyleRareInheritedData::StyleRareInheritedData):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219752. rdar://problem/33524766

    2017-07-21  Timothy Horton  <timothy_horton@apple.com>

            TextIndicator::estimatedTextColorsForRange asserts inside HashSet code (inserting reserved value)
            https://bugs.webkit.org/show_bug.cgi?id=174733

            Reviewed by Wenson Hsieh.

            * page/TextIndicator.cpp:
            (WebCore::estimatedTextColorsForRange):
            (WebCore::adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary):
            RGBA32 isn't a valid hash key, because we have no traits that define the
            empty or deleted values, nor do we have any bits we could feasibly
            use -- the full range of RGBA32 is easy to reach with various colors.

            Instead, hash Color directly.

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219751. rdar://problem/33523861

    2017-07-21  Nan Wang  <n_wang@apple.com>

            AX: Expose form validation on iOS as hint
            https://bugs.webkit.org/show_bug.cgi?id=174722
            <rdar://problem/33459761>

            Reviewed by Chris Fleizach.

            Adding the validation message to the hint of the form control element.

            Test: accessibility/ios-simulator/form-control-validation-message.html

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::isShowingValidationMessage):
            (WebCore::AccessibilityObject::validationMessage):
            * accessibility/AccessibilityObject.h:
            * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
            (-[WebAccessibilityObjectWrapper accessibilityHint]):
            (-[WebAccessibilityObjectWrapper accessibilityIsShowingValidationMessage]):
            * html/HTMLFormControlElement.cpp:
            (WebCore::HTMLFormControlElement::isShowingValidationMessage):
            * html/HTMLFormControlElement.h:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219742. rdar://problem/33523798

    2017-07-21  Zalan Bujtas  <zalan@apple.com>

            iBooks: Overlapping/missing content at beginning/end of paragraph.
            https://bugs.webkit.org/show_bug.cgi?id=174717
            <rdar://problem/33117912>

            Reviewed by Simon Fraser.

            By definiton simple and normal line layout should always produce the exact same lineboxes. It enables us not
            to force repaint while swapping between these 2 line layouts.
            However in certain cases (font size pixel rounding as an example) they don't agree on how much content fits the line and
            that could result in missing/overlapping content due to the lack of repaint.

            Unable to test.

            * rendering/RenderBlockFlow.cpp:
            (WebCore::RenderBlockFlow::ensureLineBoxes):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219737. rdar://problem/33523854

    2017-07-21  Jeremy Jones  <jeremyj@apple.com>

            AudioTrackPrivateMediaStreamCocoa shouldn't set AudioSession::setPreferredBufferSize
            https://bugs.webkit.org/show_bug.cgi?id=174707
            rdar://problem/33446809

            Reviewed by Eric Carlson.

            Manually tested for audio side effects.

            AudioChannel::copyFrom fails when AudioChannel lengths don't match.

            This happens because PlatformMediaSessionManager::updateSessionState() owns and sets
            AudioSession::setPreferredBufferSize().

            However, AudioTrackPrivateMediaStreamCocoa::createAudioUnit, when it creates an input
            audio unit is setting AudioSession::setPreferredBufferSize() directly to its own arbitrary value.

            AudioSession::setPreferredBufferSize() should be managed by the higher level
            PlatformMediaSessionManager, and not modified by audio unit creation, in order to keep harmony
            within the audio pipeline.

            * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
            (WebCore::AudioTrackPrivateMediaStreamCocoa::createAudioUnit):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219736. rdar://problem/33523835

    2017-07-21  Jeremy Jones  <jeremyj@apple.com>

            Noise when AudioChannel lengths don't match.
            https://bugs.webkit.org/show_bug.cgi?id=174706
            rdar://problem/33389856

            Reviewed by Eric Carlson.

            When AudioChannel lengths don't match, copyFrom() returns early leaving uninitialized data in the audio buffer.
            This change zeros out the data, so there isn't objectionable noise sent to the speaker.

            * platform/audio/AudioChannel.cpp:
            (WebCore::AudioChannel::copyFrom):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219638. rdar://problem/33523787

    2017-07-18  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION(r218910): Crash when password field changes to text field
            https://bugs.webkit.org/show_bug.cgi?id=174560

            Reviewed by Zalan Bujtas.

            The crash was caused by textMarkerDataForFirstPositionInTextControl accessing a nullptr returned by getOrCreate.
            Unfortunately, in order to this fix bug while preserving the exact behavior would require synchronously creating
            a renderer for the editing host when the input type changed since we can't create an accessbility object out of
            a renderer-less node.

            Instead, revert back to pre-r218910 behavior of always using the text control element's axID when notifying
            the value change. While this is inconsistent with the way editing commands report content changes, I've since
            learned that VoiceOver has code to deal with this exact situation.

            Test: accessibility/mac/input-type-change-crash-2.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219610. rdar://problem/33523847

    2017-07-18  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Async image decoding for large images should be disabled after the first time a tile is painted
            https://bugs.webkit.org/show_bug.cgi?id=174451

            Reviewed by Simon Fraser.

            Flashing because of DOM mutation can be fixed by disabling the asynchronous
            image decoding after the first time a tile was painted.

            We can detect this by consulting the tile repaintCount. If it is zero, then
            it is safe to use asynchronous image decoded. If the tile repaintCount is
            greater than zero, we are not sure if the renderer rectangle has an image
            drawn in it already or not. In this case we have to use the synchronous
            image decoding to avoid causing a flash.

            Tests: fast/images/async-image-background-change.html
                   fast/images/async-image-src-change.html
                   http/tests/multipart/multipart-async-image.html

            * page/PageOverlayController.cpp:
            (WebCore::PageOverlayController::paintContents):
            * page/PageOverlayController.h:
            * page/linux/ResourceUsageOverlayLinux.cpp:
            * page/mac/ServicesOverlayController.h:
            * page/mac/ServicesOverlayController.mm:
            (WebCore::ServicesOverlayController::Highlight::paintContents):
            * platform/graphics/BitmapImage.h:
            * platform/graphics/GraphicsLayer.cpp:
            (WebCore::GraphicsLayer::paintGraphicsLayerContents):
            * platform/graphics/GraphicsLayer.h:
            * platform/graphics/GraphicsLayerClient.h:
            (WebCore::GraphicsLayerClient::paintContents):
            * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
            (WebCore::LayerClient::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
            * platform/graphics/ca/GraphicsLayerCA.h:
            * platform/graphics/ca/PlatformCALayer.h:
            * platform/graphics/ca/PlatformCALayerClient.h:
            (WebCore::PlatformCALayerClient::platformCALayerRepaintCount):
            * platform/graphics/ca/TileCoverageMap.cpp:
            (WebCore::TileCoverageMap::platformCALayerPaintContents):
            * platform/graphics/ca/TileCoverageMap.h:
            * platform/graphics/ca/TileGrid.cpp:
            (WebCore::TileGrid::platformCALayerPaintContents):
            (WebCore::TileGrid::platformCALayerRepaintCount):
            * platform/graphics/ca/TileGrid.h:
            * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWin.cpp:
            (PlatformCALayer::drawLayerContents):
            * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp:
            (PlatformCALayerWinInternal::displayCallback):
            * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:
            (WebTiledBackingLayerWin::displayCallback):
            * platform/graphics/mac/WebLayer.mm:
            (-[WebLayer drawInContext:]):
            (-[WebSimpleLayer drawInContext:]):
            * rendering/RenderBoxModelObject.cpp:
            (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
            * rendering/RenderElement.h:
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::paintContents):
            * rendering/RenderLayerBacking.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::paintContents):
            * rendering/RenderLayerCompositor.h:
            * testing/Internals.cpp:
            (WebCore::imageFromImageElement):
            (WebCore::bitmapImageFromImageElement):
            (WebCore::Internals::imageFrameIndex):
            (WebCore::Internals::setImageFrameDecodingDuration):
            (WebCore::Internals::resetImageAnimation):
            (WebCore::Internals::isImageAnimating):
            (WebCore::Internals::setClearDecoderAfterAsyncFrameRequestForTesting):
            (WebCore::Internals::imageDecodeCount):
            (WebCore::Internals::setLargeImageAsyncDecodingEnabledForTesting):
            * testing/Internals.h:
            * testing/Internals.idl:

2017-07-26  Jason Marcell  <jmarcell@apple.com>

        Revert r219342. rdar://problem/33523803

2017-07-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219665.

    2017-07-19  Myles C. Maxfield  <mmaxfield@apple.com>

            Setting the minimum font size preference doesn’t affect absolute line-height values, so lines overlap
            https://bugs.webkit.org/show_bug.cgi?id=174406

            Reviewed by Simon Fraser.
            <rdar://problem/10139227>

            Reviewed by NOBODY.

            When the minimumFontSize API preference is set, we will increase the font size without increasing
            the line height. If the content specifies line-height as an absolute value, there can be two
            unfortunate results:

            - Adjacent lines in a paragraph can overlap
            - If the paragraph (or containin block or whatever) uses overflow: hidden, the first and last lines
            can be cut off and potentially indecipherable.

            Instead, we should use the minimum font size preference as a signal that we should increase the
            line-height as well as the font-size. Eventually, we will want to increase it by an amount
            proportional to the increase in font-size (which can be due to minimumFontSize, minimumLogicalFontSize,
            text autosizing, etc.). However, because minimumLogicalFontSize is on by default, this would cause
            a behavior change on many webpages which use small text, so such a change would be too risky right now.
            Instead, we can pretend that minimumFontSize is the only cause that text increases, and use this as the
            only signal to boost the corresponding line-height.

            Tests: fast/text/line-height-minimumFontSize-text-zoom.html
                   fast/text/line-height-minimumFontSize-visual.html
                   fast/text/line-height-minimumFontSize-zoom.html
                   fast/text/line-height-minimumFontSize.html
                   fast/text/line-height-minimumFontSize-autosize.html

            * css/StyleBuilderCustom.h:
            (WebCore::computeBaseSpecifiedFontSize):
            (WebCore::computeLineHeightMultiplierDueToFontSize):
            (WebCore::StyleBuilderCustom::applyValueLineHeight):
            (WebCore::StyleBuilderCustom::applyValueFill):
            (WebCore::StyleBuilderCustom::applyValueStroke):
            (WebCore::StyleBuilderCustom::applyValueContent):
            * rendering/TextAutoSizing.cpp:

2017-07-18  Myles C. Maxfield  <mmaxfield@apple.com>

        Setting the minimum font size preference doesn’t affect absolute line-height values, so lines overlap
        https://bugs.webkit.org/show_bug.cgi?id=174406
        <rdar://problem/10139227>

        Reviewed by Simon Fraser.

        When the minimumFontSize API preference is set, we will increase the font size without increasing
        the line height. If the content specifies line-height as an absolute value, there can be two
        unfortunate results:

        - Adjacent lines in a paragraph can overlap
        - If the paragraph (or containin block or whatever) uses overflow: hidden, the first and last lines
        can be cut off and potentially indecipherable.

        Instead, we should use the minimum font size preference as a signal that we should increase the
        line-height as well as the font-size. Eventually, we will want to increase it by an amount
        proportional to the increase in font-size (which can be due to minimumFontSize, minimumLogicalFontSize,
        text autosizing, etc.). However, because minimumLogicalFontSize is on by default, this would cause
        a behavior change on many webpages which use small text, so such a change would be too risky right now.
        Instead, we can pretend that minimumFontSize is the only cause that text increases, and use this as the
        only signal to boost the corresponding line-height.

        Tests: fast/text/line-height-minimumFontSize-text-zoom.html
               fast/text/line-height-minimumFontSize-visual.html
               fast/text/line-height-minimumFontSize-zoom.html
               fast/text/line-height-minimumFontSize.html
               fast/text/line-height-minimumFontSize-autosize.html

        * css/StyleBuilderCustom.h:
        (WebCore::computeBaseSpecifiedFontSize):
        (WebCore::computeLineHeightMultiplierDueToFontSize):
        (WebCore::StyleBuilderCustom::applyValueLineHeight):
        (WebCore::StyleBuilderCustom::applyValueFill):
        (WebCore::StyleBuilderCustom::applyValueStroke):
        (WebCore::StyleBuilderCustom::applyValueContent):
        * rendering/TextAutoSizing.cpp:

2017-07-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219571. rdar://problem/33464710

    2017-07-17  Simon Fraser  <simon.fraser@apple.com>

            clientX/clientY on TouchEvent.touches are wrong
            https://bugs.webkit.org/show_bug.cgi?id=174561
            rdar://problem/33336041

            Reviewed by Tim Horton.

            Do some refactoring so that WebKitAdditions code that computes Touch coordinates can use
            the same code that MouseRelatedEvent uses.

            There is no behavior change in this patch, but the test exercises a behavior change in
            WebKitAdditions code.

            Test: fast/events/touch/ios/touches-client-coords-after-zoom.html

            * dom/MouseRelatedEvent.cpp:
            (WebCore::MouseRelatedEvent::init):
            (WebCore::MouseRelatedEvent::frameViewFromDOMWindow):
            (WebCore::MouseRelatedEvent::pagePointToClientPoint):
            (WebCore::MouseRelatedEvent::pagePointToAbsolutePoint):
            (WebCore::MouseRelatedEvent::initCoordinates):
            (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor):
            (WebCore::MouseRelatedEvent::computePageLocation):
            (WebCore::MouseRelatedEvent::locationInRootViewCoordinates):
            (WebCore::MouseRelatedEvent::frameView): Deleted.
            * dom/MouseRelatedEvent.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219662. rdar://problem/33464110

    2017-07-19  Antoine Quint  <graouts@apple.com>

            [iOS] REGRESSION: Scrubbing media using built-in controls does not pause media
            https://bugs.webkit.org/show_bug.cgi?id=174650
            <rdar://problem/33401877>

            Reviewed by Dean Jackson.

            We would only pause when scrubbing on macOS because we only listened to "mousedown" events on the
            scrubber's backing <input> element to identify that the user had started interacting with the
            scrubber.

            Implementing the same technique on iOS required a little more work than just listening to "touchstart"
            events on the same element. On top of that, we needed to make sure that we would only respond to
            "touchstart" events on the slider's thumb, and not on the track, since only on macOS should the user
            be able to click anywhere on the track to scrub. So we turn off pointer-events for the <input> on iOS
            only, and turn them back on specifically for the thumb.

            There is also some finessing when dealing with touch events where we need to track the identifier of
            the touch that started the user interaction. So we keep track of it in an ivar and wait until we get
            a "touchend" event where the changedTouches list contains a touch with that same identifier to ensure
            the same touch that initiates and ends the scrubbing interaction.

            Finally, we fix another issue that was uncovered while turning back on the ScrubbingSupport tests
            where we would not trash the cached _value ivar when we initiated scrubbing, which was important since
            we would mistakenly use the pre-srubbing value during a scrub.

            * Modules/modern-media-controls/controls/slider.css:
            (.ios .slider > input):
            (.slider > input::-webkit-slider-thumb):
            * Modules/modern-media-controls/controls/slider.js:
            (Slider.prototype.handleEvent):
            (Slider.prototype._handleMousedownEvent):
            (Slider.prototype._interactionEndTarget):
            (Slider.prototype._handleTouchstartEvent):
            (Slider.prototype._valueWillStartChanging):
            (Slider.prototype._valueDidStopChanging):
            (Slider.prototype._handleMouseupEvent):
            (Slider.prototype._handleTouchendEvent):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219711. rdar://problem/33465715

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Hook up ITP quirks to the needsSiteSpecificQuirks setting
            https://bugs.webkit.org/show_bug.cgi?id=174691

            Reviewed by Darin Adler.

            Hook up ITP quirks to the needsSiteSpecificQuirks setting to make it easier for
            Web-developers to test their fixes.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::shouldEnableSiteSpecificQuirks):
            (WebCore::areDomainsAssociated):
            (WebCore::ResourceLoadObserver::logFrameNavigation):
            (WebCore::resourceNeedsSSOQuirk):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):
            (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219709. rdar://problem/33462692

    2017-07-20  David Quesada  <david_quesada@apple.com>

            Add SPI to notify WKNavigationDelegate about client redirects
            https://bugs.webkit.org/show_bug.cgi?id=174680
            rdar://problem/33184886

            Reviewed by Brady Eidson.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::performClientRedirect):
            * loader/FrameLoader.h:
            Add a convenience method for NavigationScheduler that handles a FrameLoadRequest
            as a client redirect. Currently this means loading the request and informing the
            client about it.

            * loader/FrameLoaderClient.h:
            Add FrameLoaderClient::dispatchDidPerformClientRedirect() to inform the client when
            a client redirect occurs.

            * loader/NavigationScheduler.cpp:
            Removed ScheduledURLNavigation::fire(). This class was never instantiated directly,
            and all subclasses override fire(), so this was unused code.
            For ScheduledRedirects and ScheduledLocationChange, use FrameLoader's new method to
            load the request as a client redirect.

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219703. rdar://problem/33462696

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Regression(ITP): May get frequently logged out of wsj.com
            https://bugs.webkit.org/show_bug.cgi?id=174661
            <rdar://problem/32343256>

            Reviewed by Geoffrey Garen.

            Add the concept of associated domains in the ResourceLoadObserver. We
            previously ignore loads to and from the same domains. We now do the same
            if the to and from domains are associated (i.e. owned by the same entity).

            For now, only add domains owned by Dow Jones & Company, Inc. to the list,
            to address login issues on wsj.com.

            No new tests, verified manually on wsj.com.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::areDomainsAssociated):
            (WebCore::ResourceLoadObserver::logFrameNavigation):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):
            (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219701. rdar://problem/33465715

    2017-07-20  Chris Dumez  <cdumez@apple.com>

            Regression(ITP): Can no longer log in on abc.go.com
            https://bugs.webkit.org/show_bug.cgi?id=174533
            <rdar://problem/33325881>

            Reviewed by Geoffrey Garen.

            Add quirk for sp.auth.adobe.com which is used for SSO by web sites such as
            abc.go.com. This would otherwise cause adobe.com to be identified as a
            tracker and log in on abc.go.com would break.

            No new tests, tested manually on abc.go.com.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::resourceNeedsSSOQuirk):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219683. rdar://problem/33464463

    2017-07-20  Brady Eidson  <beidson@apple.com>

            WKHTTPCookieStore API tests fail on High Sierra.
            <rdar://problem/33410271> and https://bugs.webkit.org/show_bug.cgi?id=174666

            Reviewed by Andy Estes.

            Covered by existing API tests.

            In r219567 I'd moved cookie storage observation off of NSHTTPCookieStorage and NSNotificationCenter
            to CFHTTPCookieStorage observation callbacks.

            This is because notifications were only sent for the default [NSHTTPCookieStorage sharedHTTPCookieStorage]
            and not any of the other ones we keep in flight.

            Unfortunately that SPI has been disabled in High Sierra.
            Fortunately we found a way we can get non-shared NSHTTPCookieStorages to send notifications that works everywhere.

            * platform/network/cocoa/CookieStorageObserver.h:
            * platform/network/cocoa/CookieStorageObserver.mm:
            (-[WebCookieObserverAdapter initWithObserver:]):
            (-[WebCookieObserverAdapter cookiesChangedNotificationHandler:]):
            (WebCore::CookieStorageObserver::create):
            (WebCore::CookieStorageObserver::CookieStorageObserver):
            (WebCore::CookieStorageObserver::~CookieStorageObserver):
            (WebCore::CookieStorageObserver::startObserving): Use a trick to call some SPI on non-shared NSHTTPCookieStorages
              to get them to send notifications.
            (WebCore::CookieStorageObserver::stopObserving):
            (WebCore::cookiesChanged): Deleted.

            * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
            (WebCore::NetworkStorageSession::cookieStorageObserver):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219668. rdar://problem/33462676

    2017-07-19  Simon Fraser  <simon.fraser@apple.com>

            getBoundingClientRects not updated for programmatic scrolls
            https://bugs.webkit.org/show_bug.cgi?id=174538
            rdar://problem/33049012

            Reviewed by Tim Horton.

            Baidu.com has two event handlers on its <input>, and both query the input location with getBoundingClientRect()
            and the current pageYOffset (via jQuery), then try to scroll the input to the top of the screen. The bug is that
            programmatic scrolls did not immediately update the layout viewport rect, so the second call to
            getBoundingClientRect() would return stale coordinates, triggering an extra scroll.

            To fix this, undo the fix for r219320 which tried to keep getBoundingClientRect() current during unstable scroll
            updates by adding a shadow layout viewport rect. Instead, almost always update the layout viewport rect on
            FrameView, even during unstable visible rect updates, but not if content insets are being changed interactively,
            since changing viewport heights cause problems with bottom-fixed elements. Also, we need to compute a new layout
            viewport rect in FrameView::updateLayoutViewport() for programmatic scrolls.

            However, always updating the layout viewport triggered issues with the scrolling tree. The scrolling state tree
            fossilizes layer positions relative to a specific viewport rect, and that relationship has to be maintained.
            There are code paths that recompute fixed/sticky viewport constraints when the layout viewport has changed but
            we haven't done layout or recomputed layer positions (e.g. updating viewport-constrained layers via
            updateScrollCoordinatedLayersAfterFlush()) and in these cases using a new layout viewport for those computations
            results in an inconsistent scrolling tree.

            Fix this by not updating scrolling constraints every time we have to re-register scrolling nodes.
            updateScrollCoordinatedLayersAfterFlush() only needs to update the layer on the scrolling node (to handle
            tiled/non-tiled switches), so make updateScrollCoordinatedLayer() a little more fine-grained, and only update
            constraints when we've just computed layer geometry. This allows for different scrolling nodes to have
            constraints computed at different times, with different layout viewports, which happens.

            Two additional fixes were required to make bottom-fixed bars behave correctly.

            First, FrameView::computeLayoutViewportOrigin() had a bug where rounding of half-pixel values would cause it to
            fall into the if (visualViewport.height() > layoutViewport.height()) clause, but then fail to clamp for
            rubber-banding.

            Second, the FrameView::unscaledMaximumScrollPosition() was wrong after zooming on iOS, since it uses visibleSize()
            which is affected by page scale on iOS only (and the function wants scale-independent values). Fix with a hack that
            should be cleaned up via webkit.org/b/174648.

            Tested by existing tests.

            * page/FrameView.cpp:
            (WebCore::FrameView::computeUpdatedLayoutViewportRect):
            (WebCore::FrameView::computeLayoutViewportOrigin):
            (WebCore::FrameView::setLayoutViewportOverrideRect):
            (WebCore::FrameView::updateLayoutViewport):
            (WebCore::FrameView::unscaledMaximumScrollPosition):
            (WebCore::FrameView::documentToClientOffset):
            (WebCore::FrameView::setUnstableLayoutViewportRect): Deleted.
            * page/FrameView.h:
            * page/scrolling/AsyncScrollingCoordinator.cpp:
            (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
            (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
            (WebCore::AsyncScrollingCoordinator::reconcileViewportConstrainedLayerPositions):
            (WebCore::AsyncScrollingCoordinator::updateNodeLayer):
            (WebCore::AsyncScrollingCoordinator::updateNodeViewportConstraints):
            (WebCore::AsyncScrollingCoordinator::updateViewportConstrainedNode): Deleted.
            * page/scrolling/AsyncScrollingCoordinator.h:
            * page/scrolling/ScrollingCoordinator.cpp:
            (WebCore::operator<<):
            * page/scrolling/ScrollingCoordinator.h:
            (WebCore::ScrollingCoordinator::reconcileScrollingState):
            (WebCore::ScrollingCoordinator::updateNodeLayer):
            (WebCore::ScrollingCoordinator::updateNodeViewportConstraints):
            (WebCore::ScrollingCoordinator::updateViewportConstrainedNode): Deleted.
            * page/scrolling/ScrollingStateFixedNode.cpp:
            (WebCore::ScrollingStateFixedNode::updateConstraints):
            * page/scrolling/ScrollingStateStickyNode.cpp:
            (WebCore::ScrollingStateStickyNode::updateConstraints):
            (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect):
            * page/scrolling/ScrollingTree.cpp:
            (WebCore::ScrollingTree::commitTreeState):
            * page/scrolling/mac/ScrollingTreeFixedNode.mm:
            (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):
            * page/scrolling/mac/ScrollingTreeStickyNode.mm:
            (WebCore::ScrollingTreeStickyNode::updateLayersAfterAncestorChange):
            * rendering/RenderLayerBacking.cpp:
            (WebCore::RenderLayerBacking::updateGeometry):
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayersAfterFlush):
            (WebCore::RenderLayerCompositor::updateBacking):
            (WebCore::RenderLayerCompositor::fixedRootBackgroundLayerChanged):
            (WebCore::RenderLayerCompositor::requiresCompositingForPosition):
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedStatus):
            (WebCore::RenderLayerCompositor::computeFixedViewportConstraints):
            (WebCore::RenderLayerCompositor::computeStickyViewportConstraints):
            (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
            (WebCore::RenderLayerCompositor::didAddScrollingLayer):
            * rendering/RenderLayerCompositor.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219666. rdar://problem/33464328

    2017-07-19  Megan Gardner  <megan_gardner@apple.com>

            Don't write file URLs to iOS Pasteboard
            https://bugs.webkit.org/show_bug.cgi?id=174647
            <rdar://problem/33199730>

            Reviewed by Wenson Hsieh.

            Tests updated to reflect the changes. We are no longer vending file URLs in Drag & Drop and Copy/Paste.

            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::writeImageToPasteboard):
            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::write):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219661. rdar://problem/33465132

    2017-07-19  Nan Wang  <n_wang@apple.com>

            AX: Web page reloaded when a node is labelling multiple childnodes
            https://bugs.webkit.org/show_bug.cgi?id=174655

            Reviewed by Chris Fleizach.

            When we are asking for the aria-labelledby attribute of a node and its
            sibling is also labelled by the same node, we get into an infinite loop
            in textUnderElement since we only ignore one child. Added checks for
            siblings to avoid such loop.

            Test: accessibility/mac/aria-labelledby-multiple-child-crash.html

            * accessibility/AccessibilityNodeObject.cpp:
            (WebCore::AccessibilityNodeObject::textUnderElement):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219645. rdar://problem/33464440

    2017-07-18  Zalan Bujtas  <zalan@apple.com>

            Media controls are missing content in fullscreen when document has scroll offset.
            https://bugs.webkit.org/show_bug.cgi?id=174644
            <rdar://problem/32415323>

            Reviewed by Simon Fraser.

            If a non-user initiated scrolling (result of resize for example) is processed asynchronously, it might
            leapfrog other, programatic scrollings and trigger unintentional scroll offsets (and turn into unwanted clippings).
            This patch ensures that both resize and top content inset change are translated into programatic scrolling.

            Unable to test full screen video.

            * page/FrameView.cpp:
            (WebCore::FrameView::setFrameRect):
            (WebCore::FrameView::topContentInsetDidChange):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219641. rdar://problem/33464325

    2017-07-18  Chris Dumez  <cdumez@apple.com>

            HysteresisActivity cannot be used in the UIProcess
            https://bugs.webkit.org/show_bug.cgi?id=174643
            <rdar://problem/33086442>

            Reviewed by Tim Horton.

            Port HysteresisActivity to RunLoop::Timer so that it can safely be used in
            the UIProcess as well.

            * platform/HysteresisActivity.h:

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219625. rdar://problem/33465689

    2017-07-18  Antoine Quint  <graouts@apple.com>

            [macOS] Mouse pointer does not hide during fullscreen playback
            https://bugs.webkit.org/show_bug.cgi?id=174638
            <rdar://problem/33244399>

            Reviewed by Dean Jackson.

            Test: media/modern-media-controls/css/webkit-cursor-visibility-auto-hide.html

            The user-agent stylesheet sets the "-webkit-cursor-visibility" to "auto-hide" for fullscreen <video>
            elements. Since we reset the page styles, including UA styles, on .media-controls-container, we need
            to explicitly inherit this style property from the page to ensure the mouse pointer automatically
            hides in fullscreen.

            * Modules/modern-media-controls/controls/media-controls.css:
            (.media-controls-container):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219621. rdar://problem/33465059

    2017-07-18  Antoine Quint  <graouts@apple.com>

            [iOS] WebKit media controls are sometimes shown after exiting full screen on vimeo.com
            https://bugs.webkit.org/show_bug.cgi?id=174627
            <rdar://problem/33301005>

            Reviewed by Dean Jackson, provisionally reviewed by Jeremy Jones.

            On iOS 11, both the WebKit media controls and the Vimeo custom controls would appear sometimes when exiting
            from fullscreen when the video was playing and the user would tap the X button, which would pause the video
            as well as exit fullscreen.

            The reason this happens is that the ControlsVisibilitySupport object, which governs whether the WebKit media
            controls should be displayed for a given video, woud listen to "pause" and "webkitfullscreenchange" events
            and determine whether to show the WebKit media controls. We listen to the "pause" event because when media
            pauses, and the video has the "controls" attribute set, we should show the controls and suspend the controls
            auto-hide timer. And we're interested in knowing when we enter and exit fullscreen because we want to override
            the "controls" attribute not being set when we enter fullscreen.

            However, on iOS 11, it appears that the "webkitfullscreenchange" event is not reliably fired as the user enters
            and exits fullscreen, which is tracked by webkit.org/b/174626. So, when the user exits fullscreen, we would be
            informed of the video being paused via a "pause" event, but not of the video exiting fullscreen. And because
            media events are asynchronous, the "pause" event would sometimes be fired before we exited fullscreen, and when
            the _updateControls() would run, we would sometimes determine that we are in fullscreen still and determine
            that the WebKit media controls should be shown.

            Of course, on iOS, the WebKit media controls are not shown and instead we delegate to AVKit to display media controls.
            So we could simply disregard this whole logic in iOS. But we choose to instead use the "webkitpresentationmodechanged"
            when the presentation mode API is supported, as is the case on iOS 11, to determine changes of media fullscreen state.
            This way, should we ever choose to support fullscreen media controls provided by WebKit on iOS, this logic is already
            correct and we write less platform-specific code.

            This, alas, cannot be tested since we can't force the X button to be tapped within the AVKit fullscreen controls.

            * Modules/modern-media-controls/media/controls-visibility-support.js:
            (ControlsVisibilitySupport.prototype.get mediaEvents):
            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController):
            * Modules/modern-media-controls/media/start-support.js:
            (StartSupport.prototype.get mediaEvents):

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219591. rdar://problem/33464112

    2017-07-17  Brady Eidson  <beidson@apple.com>

            REGRESSION(r219298): imported/w3c/IndexedDB-private-browsing/idbfactory_open.html is crashing occassionaly (UniqueIDBDatabase being taken from the IDBServer set twice).
            <rdar://problem/33294987> and https://bugs.webkit.org/show_bug.cgi?id=174354

            Reviewed by Alex Christensen.

            No new tests (Covered by existing tests).

            * Modules/indexeddb/server/IDBServer.cpp:
            (WebCore::IDBServer::IDBServer::postDatabaseTaskReply): Remove a now invalid ASSERT

            * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
            (WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose): Add a RELEASE_ASSERT.
            (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Instead of an ad-hoc main thread dispatch, use the "schedule task reply" system
              to keep dispatch ordering in tact.
            (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply): Remove a now invalid ASSERT
            (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Only take the owning pointer if the object doesn't already own itself.

2017-07-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219585. rdar://problem/33465177

    2017-07-17  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS DnD] Web process uses too much memory when beginning a drag on a very large image
            https://bugs.webkit.org/show_bug.cgi?id=174585
            <rdar://problem/33302541>

            Reviewed by Tim Horton.

            Currently, attempting to drag a very large image fails, either due to us telling CoreGraphics to create an image
            buffer that is too large, or because the web process exceeds its memory limit and gets jetsamed. There are two
            places where we can optimize our memory use during the drag initialization sequence, and this patch improves
            both.

            First, on iOS, we attempt to encode and send over a WebCore::Image in the PasteboardImage when writing to the
            item providers upon starting a drag. Currently, this Image is only used in the drag and drop codepath, in
            PlatformPasteboard::writeObjectRepresentations, to grab the size of the image being written for the purpose of
            specifying estimated display size. Serializing and deserializing an Image calls into Image::nativeImage, which
            attempts to draw the contents of the image into a buffer so that it can be shipped across to the UI process.
            Instead, we can simply compute the size in the web process while we already have the Image, and simply send that
            across. For copy/paste, this doesn't result in any behavior change, since we don't use the PasteboardImage's
            image in the first place.

            Secondly, when starting a drag, we try to allocate create an image buffer the size of the WebCore::Image for the
            purpose of generating the drag preview. Instead, this patch establishes a limit on the size of this drag preview
            image, such that if the Image's size is larger, we'll scale down the drag preview image to be the maximum
            allowed size.

            Test: DataInteractionTests.CanStartDragOnEnormousImage.

            * editing/ios/EditorIOS.mm:
            (WebCore::Editor::writeImageToPasteboard):
            * platform/Pasteboard.h:
            * platform/graphics/GeometryUtilities.cpp:
            (WebCore::sizeWithAreaAndAspectRatio):

            Introduce a new helper function to compute a size with the given aspect ratio and area.

            * platform/graphics/GeometryUtilities.h:
            * platform/ios/DragImageIOS.mm:
            (WebCore::createDragImageFromImage):
            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::writeObjectRepresentations):

2017-07-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r219413. rdar://problem/33337335

    2017-06-29  Dean Jackson  <dino@apple.com>

            Disable some features on this release branch.
            <rdar://problem/32913370>

            * Configurations/FeatureDefines.xcconfig:
            * page/Settings.in:

2017-07-17  Brady Eidson  <beidson@apple.com>

        WKHTTPCookieStore observing only works on the default cookie store.
        <rdar://problem/33330724> and https://bugs.webkit.org/show_bug.cgi?id=174580

        Reviewed by Sam Weinig.

        Covered by new API tests.
        
        startObservingCookieChanges and stopObservingCookieChanges are passed a NetworkStorageSession to observe.
        On Mac/iOS, the passed-in storage session was ignored and the shared cookie storage was assumed.
        Let's fix that.
        
        Also, since using NSNotification based observing only works reliably for the shared cookie storage,
        switch to direct CFHTTPCookieStorageRef observing.

        * WebCore.xcodeproj/project.pbxproj:
        
        * platform/network/NetworkStorageSession.h:
        
        * platform/network/cocoa/CookieStorageObserver.h: Added.
        * platform/network/cocoa/CookieStorageObserver.mm: Added.
        (WebCore::cookiesChanged):
        (WebCore::CookieStorageObserver::create):
        (WebCore::CookieStorageObserver::CookieStorageObserver):
        (WebCore::CookieStorageObserver::~CookieStorageObserver):
        (WebCore::CookieStorageObserver::startObserving):
        (WebCore::CookieStorageObserver::stopObserving):
        (WebCore::CookieStorageObserver::cookiesDidChange):
        
        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
        (WebCore::NetworkStorageSession::cookieStorageObserver):
        
        * platform/network/mac/CookieStorageMac.mm:
        (WebCore::startObservingCookieChanges):
        (WebCore::stopObservingCookieChanges):
        (-[WebCookieStorageObjCAdapter notifyCookiesChangedOnMainThread]): Deleted.
        (-[WebCookieStorageObjCAdapter cookiesChangedNotificationHandler:]): Deleted.
        (-[WebCookieStorageObjCAdapter startListeningForCookieChangeNotificationsWithCallback:]): Deleted.
        (-[WebCookieStorageObjCAdapter stopListeningForCookieChangeNotifications]): Deleted.
        
        * platform/spi/cf/CFNetworkSPI.h:

2017-07-17  Sam Weinig  <sam@webkit.org>

        [WebIDL] Rename JSCSSValueCustom.cpp to JSDeprecatedCSSOMValueCustom.cpp to match the underlying class
        https://bugs.webkit.org/show_bug.cgi?id=174550

        Reviewed by Brady Eidson.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSCSSValueCustom.cpp: Removed.
        * bindings/js/JSDeprecatedCSSOMValueCustom.cpp: Renamed from bindings/js/JSCSSValueCustom.cpp.
        Rename file and update references.

2017-07-17  Antoine Quint  <graouts@apple.com>

        REGRESSION: order of AirPlay and volume controls is inconsistent between <audio> and <video>
        https://bugs.webkit.org/show_bug.cgi?id=174581
        <rdar://problem/33297519>

        Reviewed by Sam Weinig.

        We had an inconsistency between <audio> and <video> controls for the relative order of the
        volume and AirPlay buttons. The <video> layout was correct (volume first and AirPlay after)
        and the <audio> layout now is the same.

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype._rightContainerButtons):

2017-07-17  Konstantin Tokarev  <annulen@yandex.ru>

        [CMake] Create targets before WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS is called
        https://bugs.webkit.org/show_bug.cgi?id=174557

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * CMakeLists.txt:

2017-07-17  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, rolling out r219556.

        Broke build without WebCrypto

        Reverted changeset:

        "[CMake] Clean up Web Crypto build targets"
        https://bugs.webkit.org/show_bug.cgi?id=174253
        http://trac.webkit.org/changeset/219556

2017-07-17  Antoine Quint  <graouts@apple.com>

        Media controls draw behind captions
        https://bugs.webkit.org/show_bug.cgi?id=174579
        <rdar://problem/33295427>

        Reviewed by Dean Jackson.

        Ensure the captions container is added as a previous sibling to the controls container.

        Test: media/modern-media-controls/media-controls/media-controls-display-above-captions.html

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController):

2017-07-17  Zan Dobersek  <zdobersek@igalia.com>

        [CMake] Clean up Web Crypto build targets
        https://bugs.webkit.org/show_bug.cgi?id=174253

        Reviewed by Michael Catanzaro.

        Gather the common WebCrypto source files in CMakeLists.txt, including them
        in the build unconditionally and instead relying on ENABLE_SUBTLE_CRYPTO
        build guards to exclude the code from compilation if the feature is disabled.

        PlatformGTK.cmake, PlatformMac.cmake and PlatformWPE.cmake can then remove
        duplicated build targets. PlatformMac.cmake still lists all the Mac-specific
        Web Crypto build targets.

        PlatformGTK.cmake and PlatformWPE.cmake now include GCrypt.cmake if the build
        was configured to enable the use of libgcrypt. The new CMake file adds the
        libgcrypt-specific Web Crypto build targets to the build if the feature was
        enabled, and also sets up libgcrypt include directiories and libraries.

        No new tests -- no change in behavior.

        * CMakeLists.txt:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * platform/GCrypt.cmake: Added.

2017-07-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        -Wreorder warning caused by GraphicsContext3D cleanup
        https://bugs.webkit.org/show_bug.cgi?id=174511

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):

2017-07-16  Antoine Quint  <graouts@apple.com>

        Dismissing the captions panel using the mouse is too eager to remove the captions panel and media controls
        https://bugs.webkit.org/show_bug.cgi?id=174571
        <rdar://problem/33294968>

        Reviewed by Eric Carlson.

        We did several things wrong when dismissing the tracks panel:

            - we did not check whether we were hosted in a shadow root when figuring if a click was on the tracks panel
            - we did not check whether we clicked over the media when dismissing the tracks panel
            - we did not check whether auto-hide was on before fading the media controls out when we clicked outside
              the media controls bounds

        We now correctly account for all of those cases and implement the following behavior when clickng as the tracks
        panel is presented:
        
            - dismiss the panel if the click is outside of the panel
            - dismiss the panel and the media controls if the click is outside the video and the media controls have
              auto-hide on (ie. media is playing)
            - dismiss the panel and the media controls after the track selection animation is finished if a track is selected

        Tests: media/modern-media-controls/tracks-panel/tracks-panel-up-click-outside-media-does-not-dimiss-media-controls-when-media-is-paused.html
               media/modern-media-controls/tracks-panel/tracks-panel-up-click-over-media-does-not-dimiss-media-controls-when-media-is-playing.html

        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.hideTracksPanel): Only hide the media controls if we clicked outside of the media
        controls bounds and if we have auto-hide on when idle (ie. the media is playing).
        (MediaControls.prototype.isPointInControls): Add an option to specify whether the container should be
        considered when checking if a point is contained within the media controls bounds.
        * Modules/modern-media-controls/controls/tracks-panel.js:
        (TracksPanel.prototype._handleMousedown):
        (TracksPanel.prototype._isPointInTracksPanel): Correctly check whether the element that we started pressing
        on is contained within the tracks panel, accounting for the case where we are presented within a shadow root
        (ie. always when runing inside a Web page).

2017-07-16  Ali Juma  <ajuma@chromium.org>

        DisallowUserAgentShadowContent moves out of non-UA shadow roots
        https://bugs.webkit.org/show_bug.cgi?id=165647

        Reviewed by Ryosuke Niwa.

        Make rect-based hit-testing include nodes in non-UA shadow trees when the
        HitTestRequest has type DisallowUserAgentShadowContent.

        Test: fast/dom/nodesFromRect/nodesFromRect-shadow.html

        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::addNodeToRectBasedTestResult):
        * testing/Internals.cpp:
        (WebCore::Internals::nodesFromRect):
        * testing/Internals.h:

2017-07-16  Antoine Quint  <graouts@apple.com>

        Clicking edges of media control buttons changes visual state of button (pressed) but doesn't execute action
        https://bugs.webkit.org/show_bug.cgi?id=174565
        <rdar://problem/33294833>

        Reviewed by Dean Jackson.

        WebCore doesn't dispatch a "click" event to a parent element when a child that was the original target when
        the "mousedown" occured is no longer hit-testing at the location where the mouse pointer is at when the "mouseup"
        occurs (see webkit.org/b/174564). Since button icons, which are a <picture> element that is a child of the
        <button> element for media controls buttons, shrink to 89% of their size when the ":active" pseudo-class matches,
        clicking on the edges of the media controls buttons would not trigger the expected action.

        Test: media/modern-media-controls/button/button-click-on-edges.html

        * Modules/modern-media-controls/controls/button.css:
        (button > picture):

2017-07-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Make the decision for asynchronously decoding an image be in one place
        https://bugs.webkit.org/show_bug.cgi?id=174479

        Reviewed by Tim Horton.

        Move all the logic of whether a large image should be asynchronously decoded 
        or not be in one place: RenderBoxModelObject::decodingModeForImageDraw().

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::addPendingImageDrawingClient): Fixing unrelated 
        spelling error.
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isIBooks):
        (WebCore::IOSApplication::isIBooksStorytime):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings): Remove reading the setting
        largeImageAsyncDecodingEnabled from this function because it will be read
        by RenderBoxModelObject::decodingModeForImageDraw().
        (WebCore::BitmapImage::dataChanged):
        (WebCore::BitmapImage::draw):
        (WebCore::BitmapImage::shouldAnimate):
        (WebCore::BitmapImage::canAnimate):
        (WebCore::BitmapImage::canUseAsyncDecodingForLargeImages):
        (WebCore::BitmapImage::shouldUseAsyncDecodingForAnimatedImages):
        (WebCore::BitmapImage::canDestroyDecodedData):
        (WebCore::BitmapImage::shouldUseAsyncDecodingForLargeImages): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/ImageSource.cpp:
        (WebCore::ImageSource::canUseAsyncDecoding): It is okay to keep the 
        decoded frame if canUseAsyncDecodingForLargeImages() is true by the setting
        largeImageAsyncDecodingEnabled is false.
        (WebCore::ImageSource::shouldUseAsyncDecoding): Deleted.
        * platform/graphics/ImageSource.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::decodingModeForImageDraw): The plan is to
        add a new Internal settings to force asynchronous image decoding regardless
        of the image size and the settings.
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):

2017-07-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        [CMake] Raise minimum CMake requirement
        https://bugs.webkit.org/show_bug.cgi?id=174545

        Reviewed by Konstantin Tokarev.

        * WebCoreMacros.cmake:

2017-07-15  Brady Eidson  <beidson@apple.com>

        Make sure all CFHTTPCookieStorageRefs we create are scheduled.
        <rdar://problem/33221110> and https://bugs.webkit.org/show_bug.cgi?id=174513

        Reviewed by Tim Horton.

        * platform/spi/cf/CFNetworkSPI.h:

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Rename RenderStyle::fontSize() to RenderStyle::computedFontPixelSize()
        https://bugs.webkit.org/show_bug.cgi?id=174509

        Reviewed by Simon Fraser.

        We have three font size functions:
        - computedFontSize(): returns a float
        - specifiedFontSize(): also returns a float
        - fontSize(): returns the rounded computedFontSize()

        FontDescription uses the convention of labelling rounded values as "pixel",
        so a better name font fontSize() is computedFontPixelSize().

        Also, because font sizes can never be negative, switch the type from an int
        to an unsigned.

        No new tests because there is no behavior change.

        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (getAttributeSetForAccessibilityObject):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * platform/graphics/FontDescription.h:
        (WebCore::FontDescription::computedPixelSize):
        (WebCore::FontDescription::fontSelectionRequest):
        * rendering/RenderBlock.cpp:
        (WebCore::styleForFirstLetter):
        * rendering/RenderRubyRun.cpp:
        (WebCore::shouldOverhang):
        (WebCore::RenderRubyRun::getOverhang):
        * rendering/RenderRubyText.cpp:
        (WebCore::RenderRubyText::adjustInlineDirectionLineBounds):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::paintSearchFieldIcon):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::adjustCheckboxStyle):
        (WebCore::RenderThemeIOS::adjustRadioStyle):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::controlSizeForFont):
        (WebCore::RenderThemeMac::controlSizeForSystemFont):
        (WebCore::RenderThemeMac::paintMenuListButtonDecorations):
        (WebCore::RenderThemeMac::popupInternalPaddingBox):
        (WebCore::RenderThemeMac::adjustMenuListButtonStyle):
        * rendering/RenderThemeWin.cpp:
        (WebCore::RenderThemeWin::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeWin::adjustSearchFieldResultsButtonStyle):
        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::paintTextDecoration):
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::computeLineVerticalStretch):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::computedFontPixelSize):
        (WebCore::RenderStyle::computedLineHeight):
        (WebCore::RenderStyle::fontSize): Deleted.
        * rendering/style/RenderStyle.h:
        * style/InlineTextBoxStyle.cpp:
        (WebCore::visualOverflowForDecorations):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveElement):
        * svg/SVGLengthContext.cpp:
        (WebCore::SVGLengthContext::convertValueFromUserUnitsToEMS):
        (WebCore::SVGLengthContext::convertValueFromEMSToUserUnits):

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        line-height: <number> gets visually applied twice when text autosizing is in effect
        https://bugs.webkit.org/show_bug.cgi?id=174536
        <rdar://problem/33338259>

        Reviewed by Simon Fraser.

        StyleBuilderConverter::convertLineHeight() converts line-height: <number> into a
        "percentage" length. Then, when layout needs to know what the computed value of
        line-height is, RenderStyle::computedLineHeight() multiplies this percentage by
        the computed font size.

        With autosizing, the computed font size already incorporates the autosizing
        multiplier, so we shouldn't also incorporate this multiplier into the percentage
        value itself. getComputedStyle()'s lineHeightFromStyle() was compensating for
        this double application by multiplying the percentage by the font-size's specified
        value instead of its computed value, which is incorrect.

        Test: fast/text-autosizing/line-height-number.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::lineHeightFromStyle):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLineHeight):

2017-07-15  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS WK2] Presenting an action sheet on an image map prevents selection UI from updating
        https://bugs.webkit.org/show_bug.cgi?id=174539
        <rdar://problem/33307395>

        Reviewed by Darin Adler.

        Currently, if TextIndicator fails to take a snapshot in TextIndicator::createWithRange, we will enter an
        inconsistent state in the web process where Editor will continue to ignore selection changes until the next time
        Editor::setIgnoreSelectionChanges(false) is called. This causes us to indefinitely defer EditorState updates to
        the UI process, which leads to selection UI appearing unresponsive.

        To fix this, we introduce a new TemporarySelectionChange object to simplify selection changes and/or
        EditorState-update-ignoring behaviors within the scope of a single function. The constructor applies these
        temporary changes, and the destructor reverts them as needed to their prior values.

        This patch only adopts TemporarySelectionChange in order to fix this bug, but future patches will replace the
        remaining places where we temporarily change selection and/or ignore selection with this helper.

        Test: ActionSheetTests.ImageMapDoesNotDestroySelection.

        * editing/Editor.cpp:
        (WebCore::TemporarySelectionChange::TemporarySelectionChange):
        (WebCore::TemporarySelectionChange::~TemporarySelectionChange):
        * editing/Editor.h:
        * editing/FrameSelection.h:
        (WebCore::FrameSelection::isUpdateAppearanceEnabled):
        * page/TextIndicator.cpp:
        (WebCore::TextIndicator::createWithRange):

2017-07-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Clean up line-height and minimumFontSize functions
        https://bugs.webkit.org/show_bug.cgi?id=174535

        Reviewed by Simon Fraser.

        No behavior change.

        No new tests because there is no behavior change.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLineHeight):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::adjustRenderStyle):
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        (WebCore::StyleResolver::applyMatchedProperties):
        (WebCore::StyleResolver::cascadedPropertiesForRollback):
        (WebCore::StyleResolver::applyProperty):
        (WebCore::StyleResolver::checkForZoomChange):
        (WebCore::StyleResolver::createFilterOperations):
        (WebCore::StyleResolver::CascadedProperties::set):
        (WebCore::StyleResolver::applyCascadedProperties):
        * style/StyleFontSizeFunctions.cpp:
        (WebCore::Style::computedFontSizeFromSpecifiedSize):
        (WebCore::Style::computedFontSizeFromSpecifiedSizeForSVGInlineText):
        (): Deleted.

2017-07-14  Jonathan Bedard  <jbedard@apple.com>

        Add iOS 11 SPI
        https://bugs.webkit.org/show_bug.cgi?id=174430
        <rdar://problem/33269288>

        Reviewed by Tim Horton.

        * WebCore.xcodeproj/project.pbxproj: Add sqlite3SPI.h header.
        * platform/ios/PlatformPasteboardIOS.mm: Move UIKit SPI to UIKitSPI.h.
        * platform/ios/WebItemProviderPasteboard.mm: Ditto.
        * platform/network/cf/FormDataStreamCFNet.cpp: Explicitly define fnfErr and remove
        MacErrors.h header for iOS.
        * platform/spi/cocoa/IOSurfaceSPI.h: IOSurface is no longer SPI in iOS 11.
        * platform/spi/cocoa/PassKitSPI.h: Do not re-define setRequiredShippingContactFields
        and setRequiredBillingContactFields in iOS 11.
        * platform/spi/cocoa/QuartzCoreSPI.h: Added QuartzCoreSPI used in iOS 11.
        * platform/spi/ios/UIKitSPI.h: Add drag-and-drop SPI.
        * platform/spi/ios/sqlite3SPI.h: Define required sqlite3 macros.
        * platform/sql/SQLiteFileSystem.cpp: Use sqlite3SPI.h.

2017-07-14  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA PKCS#8 exports
        https://bugs.webkit.org/show_bug.cgi?id=173697

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 import operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::exportPkcs8(), we bail early with an invalid access exception if
        this export is not being done for a private key. Otherwise, we start with creating
        the `RSAPrivateKey` ASN.1 structure, writing out '0' under the `version` element
        and then retrieving the modulus, public and private exponent and both primes.
        MPI data for those parameters is written out into corresponding elements in the
        `RSAPrivateKey` structure. We then manually compute values of both exponents and
        the coefficient parameters, using the private exponent's and both primes' MPI
        values. The p and q parameters (i.e. the primes) are switched in libgcrypt,
        deviating from the standard practice, so we have to operate with those two
        accordingly. We eliminate the optional `otherPrimeInfos` attribute on the
        `RSAPrivateKey` structure. Support for this attribute will be added later.

        We then create the `PrivateKeyInfo` ASN.1 structure, and write out '0' under the
        `version` element. The id-rsaEncryption object identifier is written out under
        the `algorithm.algorithm` element. In the future, an object identifier that
        matches this key's algorithm will have to be written out here (id-RSASSA-PSS or
        id-RSAES-OAEP), along with the appropriate parameters structure, but no test in
        WebKit or the web-platform-tests suite covers this detail. For now, a null value
        is written out under the `algorithm.parameters` element.

        Data for the `RSAPrivateKey` structure is retrieved and written out under the
        `privateKey` element.  The optional `attributes` element on the `PrivateKeyInfo`
        structure is eliminated.

        Data that was encoded through the `PrivateKeyInfo` structure is then retrieved
        and returned from the exportPkcs8() method.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::exportPkcs8):

2017-07-14  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA PKCS#8 imports
        https://bugs.webkit.org/show_bug.cgi?id=173696

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 import operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::importPkcs8(), the provided key data is decoded against the
        'PrivateKeyInfo` ASN.1 structure. We then validate the `version` element and
        check that the `privateKeyAlgorithm.algorithm` element contains a supported
        object identifier. This check is for now mostly superficial, only ensuring
        that the object identifier is either id-rsaEncryption, id-RSAES-OAEP or
        id-RSASSA-PSS. This has to be further extended to also check the
        id-sha{1,256,384,512}WithRSAEncryption identifiers as well as decoding the
        `privateKeyAlgorithm.parameters` element against a specific ASN.1 structure, if
        necessary (RSASSA-PSS-params or RSAES-OAEP-params), and cross-checking the
        specified digest algorithm with the algorithm that's specified through the main
        object identifier or the structure contained in `privateKeyAlgorithm.parameters`.
        This is avoided for now because no test in WebKit or the web-platform-tests
        suite covers this detail of the specification.

        Data under the `privateKey` element is decoded against the `RSAPrivateKey` ASN.1
        structure, and the `version` element of that structure is validated. We then
        retrieve data from that structure for the modulus, public exponent, private
        exponent, both primes, both exponents and the coefficient parameters, bailing if
        any of them is missing. Because libgcrypt switches the use of p and q parameters,
        deviating from the standard use, we have to recompute the u parameter (the
        coefficient). With that calculated, we're then able to construct the `private-key`
        s-expression, embedding into it all the necessary parameters, and transferring
        the ownership of this object to the new CryptoKeyRSA object that's then returned
        from the importPkcs8() method.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::importPkcs8):

2017-07-14  Chris Dumez  <cdumez@apple.com>

        Possible crash in ~UserGestureIndicator() when on non-main thread
        https://bugs.webkit.org/show_bug.cgi?id=174522
        <rdar://problem/30283071>

        Reviewed by Sam Weinig.

        UserGestureIndicator objects may be constructed / destructed in worker thread
        (e.g. in DOMTimer::fired()). The UserGestureIndicator constructor / destructor
        are supposed to be no-op on non-main threads so that it is safe. However,
        we were mistakenly initializing m_previousToken data member in the constructor
        on background thread, which meant that we could crash later on in the
        UserGestureIndicator destructor when destroying m_previousToken.

        Test: fast/workers/worker-user-gesture.html

        * dom/UserGestureIndicator.cpp:
        (WebCore::currentToken):
        (WebCore::UserGestureIndicator::UserGestureIndicator):

2017-07-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219516.

        This caused an API failure on macOS.

        Reverted changeset:

        "Make sure all CFHTTPCookieStorageRefs we create are
        scheduled."
        https://bugs.webkit.org/show_bug.cgi?id=174513
        http://trac.webkit.org/changeset/219516

2017-07-14  Jer Noble  <jer.noble@apple.com>

        Allow clients to override their own hardware media requirements where no fallback media exists.
        https://bugs.webkit.org/show_bug.cgi?id=174426
        <rdar://problem/32537704>

        Reviewed by Eric Carlson.

        Add a new setting which allows clients to specify their own mediaContentTypesRequiringHardwareSupport should be
        ignared in the case where no fallback exists, such as the case of a single <source> element, or setting the src
        attribute directly.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::havePotentialSourceChild):
        (WebCore::HTMLMediaElement::selectNextSourceChild):
        (WebCore::HTMLMediaElement::sourceWasAdded):
        (WebCore::HTMLMediaElement::sourceWasRemoved):
        (WebCore::HTMLMediaElement::mediaPlayerShouldCheckHardwareSupport):
        * html/HTMLMediaElement.h:
        * page/Settings.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::shouldCheckHardwareSupport):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerShouldCheckHardwareSupport):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::assetStatus):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):

2017-07-14  Chris Dumez  <cdumez@apple.com>

        Possible crash under NetworkSocketStream::didFailSocketStream()
        https://bugs.webkit.org/show_bug.cgi?id=174526
        <rdar://problem/32831441>

        Reviewed by Brent Fulgham.

        Call m_client.didFailSocketStream() asynchronously in the constructor as our
        caller (the client) is also being initialized at this point.

        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):

2017-07-14  Youenn Fablet  <youenn@apple.com>

        WebRTC: silence data not sent for disabled audio track
        https://bugs.webkit.org/show_bug.cgi?id=174456
        <rdar://problem/33284623>

        Reviewed by Eric Carlson.

        Test: webrtc/audio-muted-stats.html
              webrtc/audio-muted-stats2.html

        Adding a timer-based approach to send 10ms of silence every second.
        This is consistent with how muted video tracks are implemented.
        In case the audio track is muted at the time it is added, no silence data is sent.

        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::RealtimeOutgoingAudioSource):
        (WebCore::RealtimeOutgoingAudioSource::initializeConverter):
        (WebCore::RealtimeOutgoingAudioSource::stop):
        (WebCore::RealtimeOutgoingAudioSource::sourceMutedChanged):
        (WebCore::RealtimeOutgoingAudioSource::sourceEnabledChanged):
        (WebCore::RealtimeOutgoingAudioSource::handleMutedIfNeeded):
        (WebCore::RealtimeOutgoingAudioSource::sendSilence):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:

2017-07-14  Michael Catanzaro  <mcatanzaro@igalia.com>

        [CMake] Unclear distinction between WebKitHelpers and WebKitMacros
        https://bugs.webkit.org/show_bug.cgi?id=153189

        Reviewed by Antonio Gomes.

        * CMakeLists.txt: Include WebCoreMacros.cmake.
        * WebCoreMacros.cmake: Added.

2017-07-14  Jeremy Jones  <jeremyj@apple.com>

        Fix style for name of class alloc function in WebVideoFullscreenInterfaceAVKit.
        https://bugs.webkit.org/show_bug.cgi?id=174476

        Reviewed by Alex Christensen.

        No new tests because no behavior change.

        This is a rename for per style requirements.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (allocWebAVPictureInPicturePlayerLayerViewInstance):
        (WebAVPlayerLayerView_pictureInPicturePlayerLayerView):
        (allocWebAVPlayerLayerViewInstance):
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen):
        (getWebAVPictureInPicturePlayerLayerViewClass): Deleted.
        (getWebAVPlayerLayerViewClass): Deleted.

2017-07-14  Jer Noble  <jer.noble@apple.com>

        [MSE] Removing samples when presentation order does not match decode order can cause bad behavior.
        https://bugs.webkit.org/show_bug.cgi?id=174514

        Reviewed by Sam Weinig.

        Test: media/media-source/media-source-remove-decodeorder-crash.html

        Fix the algorithm in removeCodedFrames() so that it's not possible to have a removePresentationStart >
        removePresentationEnd (and also removeDecodeStart > removeDecodeEnd).

        * Modules/mediasource/SampleMap.cpp:
        (WebCore::PresentationOrderSampleMap::findSampleContainingOrAfterPresentationTime):
        (WebCore::PresentationOrderSampleMap::findSampleStartingAfterPresentationTime):
        * Modules/mediasource/SampleMap.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::removeCodedFrames):

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Increase CoreAudio render audio buffer sizes for WebRTC
        https://bugs.webkit.org/show_bug.cgi?id=174508

        Reviewed by Eric Carlson.

        Covered by manually testing audio rendering through WebRTC sites.

        * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
        (WebCore::AudioTrackPrivateMediaStreamCocoa::createAudioUnit): Setting audio buffer size equivalent to 20 ms.

2017-07-14  Brady Eidson  <beidson@apple.com>

        Make sure all CFHTTPCookieStorageRefs we create are scheduled.
        <rdar://problem/33221110> and https://bugs.webkit.org/show_bug.cgi?id=174513

        Reviewed by Tim Horton.

        * platform/spi/cf/CFNetworkSPI.h:

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Remove CoreAudioCaptureSource speaker configuration
        https://bugs.webkit.org/show_bug.cgi?id=174512

        Reviewed by Eric Carlson.

        Covered by manually testing audio rendering through WebRTC sites.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::setupAudioUnit):

2017-07-14  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Limit the number of remote video samples queued
        https://bugs.webkit.org/show_bug.cgi?id=174505
        <rdar://problem/33223015>

        Reviewed by Youenn Fablet.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::removeOldSamplesFromPendingQueue): Only
        enqueue a fixed number of frames with invalid or negative decode times.

2017-07-14  Youenn Fablet  <youenn@apple.com>

        Report CoreAudioCaptureSource failure in case shared unit stops working properly
        https://bugs.webkit.org/show_bug.cgi?id=174494

        Reviewed by Eric Carlson.

        Manual test by interrupting an audio capture on Mac.

        This patch adds a timer to CoreAudioSharedUnit.
        In case the capture callback is not called after one second, the shared unit is said to fail.
        Each source is notified that capture is failing.
        This will in turn trigger onend track event so that web pages can remedy capture failure.

        Timer starts with 10 seconds for audio data to start being captured.
        It is then decreased to 2 seconds.

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::captureFailed):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::CoreAudioSharedUnit):
        (WebCore::CoreAudioSharedUnit::processMicrophoneSamples):
        (WebCore::CoreAudioSharedUnit::startInternal):
        (WebCore::CoreAudioSharedUnit::verifyIsCapturing):
        (WebCore::CoreAudioSharedUnit::stopInternal):

2017-07-14  Jer Noble  <jer.noble@apple.com>

        Adding the 'autoplay' attribute to a media element during a user gesture should remove user gesture restrictions.
        https://bugs.webkit.org/show_bug.cgi?id=174373

        Reviewed by Eric Carlson.

        Test: media/video-add-autoplay-user-gesture.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute):

2017-07-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219500.

        The test is consistently failing on iOS simulator.

        Reverted changeset:

        "AX: VoiceOver silent or skipping over time values on media
        player."
        https://bugs.webkit.org/show_bug.cgi?id=174324
        http://trac.webkit.org/changeset/219500

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] error 'm_compositorTexture': undeclared identifier since Bug 174345
        https://bugs.webkit.org/show_bug.cgi?id=174493

        Reviewed by Alex Christensen.

        Compilation errors are reported by the code using a member
        m_compositorTexture of GraphicsContext3D which exists only if
        USE(COORDINATED_GRAPHICS_THREADED). WinCairo port doesn't use it.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        Use m_compositorTexture only if USE(COORDINATED_GRAPHICS_THREADED).
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Ditto.
        * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        Ditto. Fix the wrong indentation level.

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [HarfBuzz] Decomposed Vietnamese characters are rendered incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=174418

        Reviewed by Michael Catanzaro.

        HarfBuzzShaper should normalize the input text before collecting
        HarfBuzzRuns. Actually, HarfBuzzShaper::setNormalizedBuffer does
        the task. But, this function hasn't been called from anywhere
        since Bug 108077.

        Test: fast/text/international/vietnamese-nfd.html

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::HarfBuzzShaper):
        Call setNormalizedBuffer instead of normalizeCharacters.
        (WebCore::normalizeCharacters): Deleted.

2017-07-14  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] Build broken "Cannot open include file: 'GL/glext.h'" since Bug 172104
        https://bugs.webkit.org/show_bug.cgi?id=174492

        Reviewed by Žan Doberšek.

        WinCairo port uses GLES. OpenGLShims.h shouldn't be included.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        Include "OpenGLShims.h" only if !USE(OPENGL_ES_2) instead of USE(OPENGL).

2017-07-14  Chris Dumez  <cdumez@apple.com>

        PageCache::removeAllItemsForPage(Page&) may reenter itself and cause crashes
        https://bugs.webkit.org/show_bug.cgi?id=174473
        <rdar://problem/32177485>

        Reviewed by Antti Koivisto.

        This could happen when a Page containing an SVGImage is removed from PageCache and
        this resulted in the destruction of the SVGImage. Because the SVGImage has an internal
        utility Page, it will also call PageCache::removeAllItemsForPage(WebCore::Page&) upon
        destruction, causing us to reenter.

        Address the issue by not calling PageCache::removeAllItemsForPage() for utility pages
        since those cannot be in PageCache in the first place.

        Also add assertions to make sure:
        1. We never insert a utility page into PageCache
        2. PageCache::removeAllItemsForPage() does not reenter

        No new tests, because I was unable to write a test which reproduced the crash. This
        is in theory testable using an API test which enables PageCache, loads a page
        containing an SVGImage, navigates away from this page so that it goes into PageCache,
        and then calls [WebView _close]. However, when I tried writing such test, I could
        not get the SVGImage to get destroyed while PageCache::removeAllItemsForPage() is
        called for the top-level page for some reason. Something seems to be keeping the
        SVGImage alive longer. I tried disabling the MemoryCache but it did not help.

        * history/PageCache.cpp:
        (WebCore::PageCache::addIfCacheable):
        (WebCore::PageCache::removeAllItemsForPage):
        * history/PageCache.h:
        * page/Page.cpp:
        (WebCore::Page::~Page):

2017-07-14  Aaron Chu  <aaron_chu@apple.com>

        AX: VoiceOver silent or skipping over time values on media player.
        https://bugs.webkit.org/show_bug.cgi?id=174324
        <rdar://problem/32021784>

        Reviewed by Antoine Quint.

        Added role attribute to modern media controls time lable class so that VoiceOver can access the time label when the media is playing.

        Updated: media/modern-media-controls/time-label/time-label.html

        * Modules/modern-media-controls/controls/time-label.js:

2017-07-13  Michael Catanzaro  <mcatanzaro@igalia.com>

        Fix compiler warnings when building with GCC 7
        https://bugs.webkit.org/show_bug.cgi?id=174463

        Reviewed by Darin Adler.

        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setShouldManageAudioSessionCategory):

2017-07-13  Michael Catanzaro  <mcatanzaro@igalia.com>

        Incorrect call to StyledElement::setInlineStyleProperty in ImageDocument::createDocumentStructure
        https://bugs.webkit.org/show_bug.cgi?id=174470

        Reviewed by Darin Adler.

        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::createDocumentStructure):

2017-07-13  Dean Jackson  <dino@apple.com>

        Fix iOS build.

        * platform/graphics/GraphicsContext3D.h:

2017-07-12  Dean Jackson  <dino@apple.com>

        Rename GraphicsContext[3D]Mac to Cocoa and move things into graphics/cocoa
        https://bugs.webkit.org/show_bug.cgi?id=174453
        <rdar://problem/33281481>

        Reviewed by Simon Fraser.

        Two renames, two moves:
        graphics/mac/GraphicsContext3DMac.mm -> graphics/cocoa/GraphicsContext3DCocoa.mm
        graphics/mac/GraphicsContext.mm -> graphics/cocoa/GraphicsContextCocoa.mm
        graphics/mac/WebGLLayer.h -> graphics/cocoa/WebGLLayer.h
        graphics/mac/WebGLLayer.mm -> graphics/cocoa/WebGLLayer.mm

        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/cocoa/GraphicsContext3DCocoa.mm: Renamed from Source/WebCore/platform/graphics/mac/GraphicsContext3DMac.mm.
        * platform/graphics/cocoa/GraphicsContextCocoa.mm: Renamed from Source/WebCore/platform/graphics/mac/GraphicsContextMac.mm.
        * platform/graphics/cocoa/WebGLLayer.h: Renamed from Source/WebCore/platform/graphics/mac/WebGLLayer.h.
        * platform/graphics/cocoa/WebGLLayer.mm: Renamed from Source/WebCore/platform/graphics/mac/WebGLLayer.mm.

2017-07-12  Dean Jackson  <dino@apple.com>

        Clean-up some things in GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=174452
        <rdar://problem/33281257>

        Reviewed by Simon Fraser.

        General clean-up in GC3D.

        Covered by existing tests.

        * platform/graphics/GraphicsContext3D.h: Use initial values where possible.
        (WebCore::GraphicsContext3D::GraphicsContext3DState::GraphicsContext3DState): Deleted.
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D): Nearly everything can come from the
        initial values now.
        (WebCore::GraphicsContext3D::~GraphicsContext3D): Remove code that won't be enabled
        on this platform.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::paintRenderingResultsToCanvas): While unlikely to happen,
        and possibly harmless in this case, add some checked arithmetic to make sure we don't overflow
        when working out how big a buffer to create.
        (WebCore::GraphicsContext3D::paintRenderingResultsToImageData): Ditto.
        (WebCore::GraphicsContext3D::reshape): Do nothing if we are ever given negative
        width or height. Again unlikely.

2017-07-13  Dean Jackson  <dino@apple.com>

        Avoid unnecessary copy of framebuffer into WebGL Layer
        https://bugs.webkit.org/show_bug.cgi?id=174345
        <rdar://problem/33228950>

        Reviewed by Sam Weinig.

        On macOS, we're unnecessarily copying the framebuffer into another
        texture before pushing it into the compositing layer. Instead we
        should simply render the FBO into the CALayer we use to draw on
        the screen.

        Covered by the existing WebGL tests.

        * platform/graphics/GraphicsContext3D.h:
        (WebCore::GraphicsContext3D::platformTexture): Return the FBO texture instead.
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::GraphicsContext3D): No need to have a compositing
        texture.
        (WebCore::GraphicsContext3D::~GraphicsContext3D):
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture): Don't copy the pixels from
        the FBO into the compositing texture

2017-07-13  Mark Lam  <mark.lam@apple.com>

        Implementors of memoryCost() need to be thread-safe.
        https://bugs.webkit.org/show_bug.cgi?id=172738
        <rdar://problem/32474881>

        Reviewed by Keith Miller.

        No new tests. This patch fixes a race condition bug that can result in random
        crashes (and other unpredictable behavior), and is very difficult to test for.

        * Modules/webaudio/AudioBuffer.cpp:
        (WebCore::AudioBuffer::releaseMemory):
        (WebCore::AudioBuffer::memoryCost):
        * Modules/webaudio/AudioBuffer.h:
        * dom/ChildNodeList.h:
        * dom/CollectionIndexCache.h:
        (WebCore::CollectionIndexCache::memoryCost):
        * dom/LiveNodeList.h:
        * html/CachedHTMLCollection.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::memoryCost):
        (WebCore::HTMLCanvasElement::externalMemoryCost):
        (WebCore::HTMLCanvasElement::setImageBuffer):
        * html/HTMLCanvasElement.h:
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::invalidateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::CollectionNamedElementCache::memoryCost):
        (WebCore::HTMLCollection::memoryCost):
        (WebCore::HTMLCollection::setNamedItemCache):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::memoryCost):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::memoryCost):
        (WebCore::ImageBuffer::externalMemoryCost):

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Fix style. Use #pragma once in VideoFullscreen and PlaybackSession headers.
        https://bugs.webkit.org/show_bug.cgi?id=174448

        Reviewed by Eric Carlson.

        No behavior change.

        * platform/cocoa/WebPlaybackSessionInterface.h:
        * platform/cocoa/WebVideoFullscreenChangeObserver.h:
        * platform/cocoa/WebVideoFullscreenModel.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        * platform/ios/WebPlaybackSessionInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenControllerAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/mac/WebVideoFullscreenInterfaceMac.h:

2017-07-13  Alex Christensen  <achristensen@webkit.org>

        Deleting last URLSearchParams key should remove trailing ? in associated URL
        https://bugs.webkit.org/show_bug.cgi?id=174465

        Reviewed by Chris Dumez.

        This makes us match the behavior of Chrome and Firefox, and the spec after https://github.com/whatwg/url/issues/332 is approved.
        This will be covered by an upcoming web platform test, and I updated fast/dom/DOMURL/searchparams.html to cover it now.

        * platform/URLParser.cpp:
        (WebCore::URLParser::serialize):
        If there are no tuples, serialize to the null string instead of a non-null empty string.
        This makes it so URL::setQuery removes the ?

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Style fix. Replace strongThis with protectedThis.
        https://bugs.webkit.org/show_bug.cgi?id=174444

        Reviewed by Eric Carlson.

        Rename, no behavior change.

        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::finish):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::maybeBecomeReadyForMoreMediaData):
        (WebCore::WebCoreDecompressionSession::enqueueSample):
        (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
        (WebCore::WebCoreDecompressionSession::enqueueDecodedSample):
        (WebCore::WebCoreDecompressionSession::requestMediaDataWhenReady):
        (WebCore::WebCoreDecompressionSession::flush):

2017-07-13  Jeremy Jones  <jeremyj@apple.com>

        Fix block style in WebVideoFullscreen classes.
        https://bugs.webkit.org/show_bug.cgi?id=174446

        Reviewed by Eric Carlson.

        No behavior change.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setVideoLayerFrame):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerLayer layoutSublayers]):
        (getWebAVPictureInPicturePlayerLayerViewClass):
        (getWebAVPlayerLayerViewClass):

2017-07-13  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove unused and untested Page domain commands
        https://bugs.webkit.org/show_bug.cgi?id=174429

        Reviewed by Timothy Hatcher.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::disable):
        (WebCore::InspectorPageAgent::didClearWindowObjectInWorld):
        (WebCore::InspectorPageAgent::addScriptToEvaluateOnLoad): Deleted.
        (WebCore::InspectorPageAgent::removeScriptToEvaluateOnLoad): Deleted.
        * inspector/InspectorPageAgent.h:

2017-07-13  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA SPKI exports
        https://bugs.webkit.org/show_bug.cgi?id=173695

        Reviewed by Jiewen Tan.

        Implement the SPKI export operation for RSA keys for platforms that use
        libgcrypt.

        In CryptoKeyRSA::exportSpki(), we bail early with an invalid access exception if
        this export is not being done for a public key. Otherwise, we start with creating
        the `RSAPublicKey` ASN.1 structure, filling in the modulus and public exponent
        data that's retrieved from the `public-key` s-expression in the signed MPI format.

        We then create the `SubjectPublicKeyInfo` ASN.1 structure and fill it out with
        the necessary data. The id-rsaEncryption object identifier is written out under
        the `algorithm.algorithm` element, and a null value is written out under the
        `algorithm.parameters` element. This doesn't follow the specification at the
        moment, since id-RSASSA-PSS would have to be written for the RSA-PSS algorithm,
        and id-RSAES-OAEP for the RSA-OAEP algorithm, along with specific parameter
        structures. But no test in WebKit or the web-platform-tests suite covers this,
        so this deviation should be addressed later.

        Data of the previously-constructed `RSAPublicKey` structure is retrieved and
        written out under the `subjectPublicKey` element, before finally retrieving
        data of the `SubjectPublicKeyInfo` structure and returning that to the caller.

        A helper mpiSignedData() function is added, providing overloads for gcry_mpi_t
        and gcry_sexp_t parameters. MPI data for that parameter is retrieved and the
        first byte of that data is tested, inserting an additional 0x00 byte at the
        beginning of the Vector if that first byte has the first bit set, avoiding this
        data accidentally being interpreted as a signed integer.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::CryptoKeyRSA::exportSpki):
        * crypto/gcrypt/GCryptUtilities.h:
        (WebCore::mpiSignedData):

2017-07-13  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyRSA SPKI imports
        https://bugs.webkit.org/show_bug.cgi?id=173694

        Reviewed by Jiewen Tan.

        Implement the SPKI import operation for RSA keys for platforms that use
        libgcrypt.

        The passed-in key data is decoded against the `SubjectPublicKeyInfo` ASN.1
        structure. We then validate the `algorithm.algorithm` element, ensuring that
        the value under that represents a supported object identifier. This check is
        for now mostly superficial, only ensuring that the object identifier is either
        id-rsaEncryption, id-RSAES-OAEP or id-RSASSA-PSS. This has to be further extended
        to also check the id-sha{1,256,384,512}WithRSAEncryption identifiers as well as
        decoding the `algorithm.parameters` element against a specific ASN.1 structure,
        if necessary (RSASSA-PSS-params or RSAES-OAEP-params), and cross-checking the
        specified digest algorithm with the algorithm that's specified through the main
        object identifier or the structure contained in `algorithm.parameters`. This is
        avoided for now because no test in WebKit or the web-platform-tests suite covers
        this detail of the specification.

        After the algorithm is identified as supported, we proceed with decoding the
        `subjectPublicKey` data against the `RSAPublicKey` ASN.1 structure. From there,
        we retrieve the `modulus` and `publicExponent` data from which we can construct
        an RSA `public-key` s-expression that can be used through libgcrypt. A new
        CryptoKeyRSA object is then created, taking over ownership of the `public-key`
        s-expression, and returned.

        No new tests -- related tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyRSAGCrypt.cpp:
        (WebCore::supportedAlgorithmIdentifier):
        (WebCore::CryptoKeyRSA::importSpki):

2017-07-12  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        REGRESSION(r219332): [GTK] 9 new failures on fast/forms spinbutton related tests
        https://bugs.webkit.org/show_bug.cgi?id=174395

        Reviewed by Carlos Garcia Campos.

        Covered by existing tests.

        Before r219332 the height of the spin button widget was
        calculated as the maximum value between the individual button
        ( the [+] or [-] ) width (33 pixels) and height (16 pixels).
        And r219332 caused the height of the widget to be calculated as
        the height of the button (16 pixels), which was incorrect as
        each button should be first expanded vertically to fit the
        preferred size of the widget.

        Fix this by making the calculations about the spin button widget
        on a new function spinButtonSize() that takes this into account,
        and use this values both for adjusting the style of the input
        field and the spin button widget itself.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::spinButtonSize):
        (WebCore::RenderThemeGtk::adjustTextFieldStyle):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):

2017-07-13  Miguel Gomez  <magomez@igalia.com>

        [GTK][WPE] border-radius with non visible border doesn't work on images that have their own RenderLayer
        https://bugs.webkit.org/show_bug.cgi?id=174157

        Reviewed by Carlos Garcia Campos.

        Do not allow direct compositing of images when they have a border-radius property on WebKitGTK+ and WPE.
        These platforms don't support clipping using rounded rectangles during composition, which is required
        when using border-radius and the border is not visible. Due to this, they need to perform the clippping
        with cairo.

        This is a temporal fix, until appropriate clipping is implemented in the TextureMapper.

        No new tests.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2017-07-13  Chris Fleizach  <cfleizach@apple.com>

        AX: WebView crashes app after opening VoiceOver context box menu from modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=163999
        <rdar://problem/28949013>

        Reviewed by Joanmarie Diggs.

        Protect when m_object goes away.

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityShowContextMenu]):

2017-07-12  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Async image decoding for large images should be disabled by default
        https://bugs.webkit.org/show_bug.cgi?id=174432

        Reviewed by Simon Fraser.

        -- Rename GraphicsLayerPaintFlags::Snapshotting to AllowAsyncImageDecoding.
        -- Replace every reference to GraphicsLayerPaintFlags::Snapshotting by
           GraphicsLayerPaintFlags::None and every GraphicsLayerPaintFlags::None
           by AllowAsyncImageDecoding.
        -- Rename PaintBehaviorSnapshotting to PaintBehaviorAllowAsyncImageDecoding.
        -- Propagate PaintBehaviorAllowAsyncImageDecoding from a parent view to 
           a child view instead of propagating PaintBehaviorSnapshotting.
        -- Remove setting the bit PaintBehaviorSnapshotting in any new PaintBehavoir.
        -- Replace setting the bit PaintBehaviorSnapshotting in an existing PaintBehavoir
           by resetting the bit PaintBehaviorAllowAsyncImageDecoding.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::paintContentsForSnapshot):
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/GraphicsLayerClient.h:
        * platform/graphics/mac/WebLayer.mm:
        (-[WebLayer drawInContext:]):
        (-[WebSimpleLayer drawInContext:]):
        * rendering/PaintPhase.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::decodingModeForImageDraw):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintForegroundForFragments):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintContents):
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::paintContents): We need to propagate the 
        PaintBehaviorAllowAsyncImageDecoding from RenderWidget to the FrameView.
        We did not need to do that for PaintBehaviorSnapshotting because 
        FrameView was setting it in its m_paintBehavior if (document->printing())
        in FrameView::willPaintContents().

2017-07-12  Timothy Hatcher  <timothy@hatcher.name>

        REGRESSION(r219391): Broke the USE(OPENGL_ES_2) build
        https://bugs.webkit.org/show_bug.cgi?id=174442

        Unreviewed build fix.

        * platform/graphics/egl/GLContextEGL.cpp: Fix typo of OPENGL_ES2.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Recreate the AudioUnit when restarting capture
        https://bugs.webkit.org/show_bug.cgi?id=174439

        Reviewed by Jer Noble.

        Sometimes other applications in the system like FaceTime may make the audio unit not functional.
        Reloading the tab capturing audio will trigger a call to stop the audio shared unit.
        When the tab requests again audio, the shared unit will restart.
        At that time, the AudioUnit shared unit will be fully recreated.

        Manually tested by doing a webrtc call and then doing a FaceTime call.
        Remote WebRTC endpoints may not receive any audio.
        With the patch, reloading the web page will get back the audio.
        Previously, restarting the UIProcess was the only way.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::startProducingData): Cleaning the audio unit when starting to produce data if there is a preexisting audio unit.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Accessing localDescription, remoteDescription, etc. after setTimeout raises EXC_BAD_ACCESS
        https://bugs.webkit.org/show_bug.cgi?id=174323
        <rdar://problem/33267876>

        Reviewed by Eric Carlson.

        Test: webrtc/calling-peerconnection-once-closed.html

        In case the libwebrtc backend is null, we should not use it to get description from it.
        Return null in that case.

        Adding ASSERT to other calls where the layer above LibWebRTCMediaEndpoint should protect
        from calling a function on a null libwebrtc backend.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::currentLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::currentRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::pendingLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::pendingRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::localDescription):
        (WebCore::LibWebRTCMediaEndpoint::remoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::doSetLocalDescription):
        (WebCore::LibWebRTCMediaEndpoint::doSetRemoteDescription):
        (WebCore::LibWebRTCMediaEndpoint::addTrack):
        (WebCore::LibWebRTCMediaEndpoint::removeTrack):
        (WebCore::LibWebRTCMediaEndpoint::doCreateOffer):
        (WebCore::LibWebRTCMediaEndpoint::doCreateAnswer):
        (WebCore::LibWebRTCMediaEndpoint::createDataChannel):

2017-07-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219176.
        https://bugs.webkit.org/show_bug.cgi?id=174436

        "Can cause infinite recursion on iOS" (Requested by mlam on
        #webkit).

        Reverted changeset:

        "WTF::Thread should have the threads stack bounds."
        https://bugs.webkit.org/show_bug.cgi?id=173975
        http://trac.webkit.org/changeset/219176

2017-07-12  Nan Wang  <n_wang@apple.com>

        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
        https://bugs.webkit.org/show_bug.cgi?id=174393
        <rdar://problem/33248006>

        Reviewed by Chris Fleizach.

        Used the existing findClosestPlainText function to search the range on iOS.
        Also exposed a function on the iOS wrapper to return the selection rects of
        the result range from the searching. 

        Test: accessibility/ios-simulator/text-marker-range-matches-text.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::visiblePositionForPositionWithOffset):
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
        * accessibility/AXObjectCache.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219409.

        The revision caused the Windows builds to fail.

        Reverted changeset:

        "AX: [iOS] Implement a way to retrieve a text marker range
        with desired text that is closest to a position"
        https://bugs.webkit.org/show_bug.cgi?id=174393
        http://trac.webkit.org/changeset/219409

2017-07-12  Alicia Boya García  <aboya@igalia.com>

        [FreeType] Enable BCI on webfonts
        https://bugs.webkit.org/show_bug.cgi?id=174403

        Reviewed by Michael Catanzaro.

        The FreeType BCI hinter used to be disabled on webfonts in favor of
        the autohinter.

        FreeType BCI hinter has improved considerably in the past and now most
        other browsers enable it too. Given the old reasons no longer apply,
        the BCI has now been enabled in order to get better text rendering when
        embedded hints are available.

        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::FontCustomPlatformData):

2017-07-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219361.
        https://bugs.webkit.org/show_bug.cgi?id=174434

        Huge PLUM memory regression on iOS (Requested by kling on
        #webkit).

        Reverted changeset:

        "[WebIDL] Convert MutationCallback to be a normal generate
        callback"
        https://bugs.webkit.org/show_bug.cgi?id=174140
        http://trac.webkit.org/changeset/219361

2017-07-12  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] a capture source failure should end the MediaStreamTrack
        https://bugs.webkit.org/show_bug.cgi?id=174375

        Reviewed by Youenn Fablet.

        Test: fast/mediastream/media-stream-track-source-failure.html

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::captureFailed): New, signal observers that the source has ended.
        * platform/mediastream/RealtimeMediaSource.h:

        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::setupSession): Call captureFailed if setupCaptureSession fails.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::setupCaptureSession): Return false on failure.
        (WebCore::AVVideoCaptureSource::shutdownCaptureSession): Delete unused instance variable.
        (WebCore::AVVideoCaptureSource::processNewFrame): Ditto.

        * testing/Internals.cpp:
        (WebCore::Internals::endMediaStreamTrackCaptureSource): Call track.source.captureFailed().
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-12  Timothy Hatcher  <timothy@hatcher.name>

        Improve font matching with FontConfig and FreeType
        https://bugs.webkit.org/show_bug.cgi?id=174374

        Reviewed by Michael Catanzaro.

        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::createFontPlatformData): Loop through all family name matches from FcFontMatch.

2017-07-12  Youenn Fablet  <youenn@apple.com>

        Reactivate audio ducking when restarting the shared unit
        https://bugs.webkit.org/show_bug.cgi?id=174428

        Reviewed by Eric Carlson.

        Currently, when another application ducks WebKit, there is no other way than to quit the UIProcess and restart it.
        By again audio ducking when starting the audio unit, reloading the page will be enough.
        Testing by launching a tab with audio capture and audio playing.
        Then make a FaceTime call and hear the tab volume go down.
        End the call to FaceTime and the tab volume remains low.
        Reload the tab and the volume has a normal level.

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::setupAudioUnit):
        (WebCore::CoreAudioSharedUnit::startInternal):

2017-07-12  Antoine Quint  <graouts@apple.com>

        Playback controls should not hide while AirPlay is active
        https://bugs.webkit.org/show_bug.cgi?id=174422
        <rdar://problem/33011477>

        Reviewed by Eric Carlson.

        We now also track changes in AirPlay playback status and account for it when identifying whether we
        ought to let media controls automatically hide, which should only happen if the media is playing and
        not playing back through AirPlay.

        * Modules/modern-media-controls/media/controls-visibility-support.js:
        (ControlsVisibilitySupport.prototype.get mediaEvents):
        (ControlsVisibilitySupport.prototype._updateControls):
        (ControlsVisibilitySupport):

2017-07-12  Daniel Bates  <dabates@apple.com>

        Attempt to fix the build following <https://trac.webkit.org/changeset/219407>
        (https://bugs.webkit.org/show_bug.cgi?id=174386)

        Fix bad merge after <https://trac.webkit.org/changeset/219404>.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoader.h:

2017-07-12  Nan Wang  <n_wang@apple.com>

        AX: [iOS] Implement a way to retrieve a text marker range with desired text that is closest to a position
        https://bugs.webkit.org/show_bug.cgi?id=174393
        <rdar://problem/33248006>

        Reviewed by Chris Fleizach.

        Used the existing findClosestPlainText function to search the range on iOS.
        Also exposed a function on the iOS wrapper to return the selection rects of
        the result range from the searching. 

        Test: accessibility/ios-simulator/text-marker-range-matches-text.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::visiblePositionForPositionWithOffset):
        (WebCore::AXObjectCache::rangeMatchesTextNearRange):
        * accessibility/AXObjectCache.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper rangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper textRectsFromMarkers:withText:]):
        (-[WebAccessibilityObjectWrapper rectsForSelectionRects:]):

2017-07-12  Daniel Bates  <dabates@apple.com>

        NavigationAction should track whether the navigation was initiated by the main frame
        https://bugs.webkit.org/show_bug.cgi?id=174386
        <rdar://problem/33245267>

        Reviewed by Brady Eidson.

        Although we added state to NavigationAction to track whether the navigation was
        initiated by the main frame in r219170 it is not possible to initialize this state
        when instantiating a NavigationAction. Having NavigationAction track this state
        will be useful to ensure that we can always compute the source frame information
        when asking the embedding client whether to allow a navigation. We will make use
        of it in the fix for <https://bugs.webkit.org/show_bug.cgi?id=174385>.

        No behavior changed. So, no new tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL): Pass whether the load was initiated by the main frame
        when instantiating the NavigationAction.
        (WebCore::FrameLoader::load): For now, pass InitiatedByMainFrame::Unknown when instantiating
        the NavigationAction as we do not know if the load was initiated by the main frame.
        (WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
        (WebCore::FrameLoader::reload): Ditto
        (WebCore::FrameLoader::loadDifferentDocumentItem): Ditto.
        (WebCore::createWindow): Pass whether the load was initiated by the main frame when
        instantiating the NavigationAction.
        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction): Modified to take argument of type InitiatedByMainFrame
        that indicates whether the navigation was initiated by the main frame.
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): For now, pass InitiatedByMainFrame::Unknown
        when instantiating the NavigationAction as we do not know if the load was initiated by the
        main frame.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow): Pass whether the load was initiated by the main frame when
        instantiating the NavigationAction.

2017-07-12  Daniel Bates  <dabates@apple.com>

        Rename NavigationInitiatedByMainFrame to InitiatedByMainFrame
        https://bugs.webkit.org/show_bug.cgi?id=174427

        Rubber-stamped by Brady Eidson.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::initiatedByMainFrame):
        (WebCore::FrameLoadRequest::navigationInitiatedByMainFrame): Deleted.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::shouldOpenExternalURLsPolicyToApply):
        (WebCore::applyShouldOpenExternalURLsPolicyToNewDocumentLoader):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/FrameLoader.h:
        * loader/FrameLoaderTypes.h:
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::initiatedByMainFrame):
        (WebCore::NavigationAction::navigationInitiatedByMainFrame): Deleted.
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::initiatedByMainFrame):
        (WebCore::NavigationScheduler::scheduleLocationChange):
        (WebCore::ScheduledNavigation::navigationInitiatedByMainFrame): Deleted.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219401.

        This revision rolled out the previous patch, but after talking
        with reviewer, a rebaseline is what was needed.Rolling back in
        before rebaseline.

        Reverted changeset:

        "Unreviewed, rolling out r219379."
        https://bugs.webkit.org/show_bug.cgi?id=174400
        http://trac.webkit.org/changeset/219401

2017-07-12  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219379.

        This revision caused a consistent failure in the test
        fast/dom/Window/property-access-on-cached-window-after-frame-
        removed.html.

        Reverted changeset:

        "Remove NAVIGATOR_HWCONCURRENCY"
        https://bugs.webkit.org/show_bug.cgi?id=174400
        http://trac.webkit.org/changeset/219379

2017-07-12  Zalan Bujtas  <zalan@apple.com>

        Paginated mode: Infinite recursion in RenderTable::layout
        https://bugs.webkit.org/show_bug.cgi?id=174413

        Reviewed by Simon Fraser.

        This patch is a workaround for avoiding infinite recursion when the table layout does not stabilize.
        Apparently we leak some context (computed padding in this case) from the current to the subsequent layout.
        The subsequent layouts always end up producing different line heights for some of the cells in the <thead>.
        In paginated mode, when the section moves (<thead>, <tbody> etc) we call layout again recursively.
        This could lead to infinite recursion for unstable table layout.

        Unable to come up with a reduction yet.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):
        * rendering/RenderTable.h:

2017-07-12  Youenn Fablet  <youenn@apple.com>

        WebRTC: Incorrect sdpMLineIndex for video breaks Firefox interop
        https://bugs.webkit.org/show_bug.cgi?id=173530

        Reviewed by Alex Christensen.

        Test: webrtc/ice-candidate-sdpMLineIndex.html

        Reading missing parameter from libwebrtc backend and setting it when firing the RTCIceCandidate event.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::disableICECandidateFiltering):
        (WebCore::PeerConnectionBackend::newICECandidate):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::OnIceCandidate):

2017-07-12  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC PKCS#8 exports
        https://bugs.webkit.org/show_bug.cgi?id=173648

        Reviewed by Jiewen Tan.

        Implement the PKCS#8 export operation for EC keys for platforms that use
        libgcrypt.

        First, the `ECParameters` and the `ECPrivateKey` ASN.1 structures are created
        and filled out accordingly. For the former, the appropriate object identifier
        is written under the `namedCurve` element of the structure. For the latter, we
        write out '1' under `version`, and eliminate the optional `parameters` element.
        An libgcrypt EC context is then used to retrieve the private and public key
        MPIs that are then written out under the `privateKey` and `publicKey` elements,
        respectively.

        After that, we can proceed to create and fill out the `PrivateKeyInfo` structure.
        0 is written out under the `version` element, and the id-ecPublicKey object
        identifier is written out under the `privateKeyAlgorithm.algorithm` element. This
        doesn't strictly follow the specification, since the id-ecDH identifier should be
        used for ECDH keys, but no test in WebKit or the web-platform-tests suite covers
        this, so this specific detail should be revisited later.

        Data of the previously-constructed `ECParameters` structure is retrieved and
        written out under the `privateKeyAlgorithm.parameters` element. Similarly is done
        for the `ECPrivateKey` structure, writing out its data under the `privateKey`
        element. Finally, the optional `attributes` element of the `PrivateKeyInfo`
        structure is eliminated, and the encoded data of this structure is retrieved and
        returned.

        No new tests -- relevant tests are now passing and are unskipped.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::CryptoKeyEC::platformExportPkcs8):

2017-07-12  Zan Dobersek  <zdobersek@igalia.com>

        [WPE] Use libepoxy
        https://bugs.webkit.org/show_bug.cgi?id=172104

        Reviewed by Michael Catanzaro.

        No new tests -- no changes in behavior.

        Implement the proper libepoxy header inclusion for ports that enable it.

        The library acts as a loading facility working on top of the system-provided
        OpenGL and EGL libraries, with the headers providing a complete collection of
        specification-defined OpenGL and EGL types, constants and entrypoints.

        Support is added through the USE(LIBEPOXY) build guard. Note that this guard
        isn't exclusive with USE(OPENGL), USE(OPENGL_ES_2) or USE(EGL), so the
        USE(LIBEPOXY) condition is tested before those.

        In case of OpenGL headers, the <epoxy/gl.h> header is included, and in
        case of EGL headers, the <epoxy/egl.h> header. <epoxy/egl.h> includes
        <epoxy/gl.h> on its own, so in some cases the inclusion of the latter is
        omitted.

        EpoxyShims.h header is added, doing a job similar to OpenGLESShims.h. The
        EXT-suffixed GL entrypoints are redefined to the non-suffixed versions.
        No suffixed constants are defined because those are defined by the libepoxy
        headers to the well-known values.

        * CMakeLists.txt:
        * PlatformWPE.cmake:
        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/EpoxyShims.h: Added.
        * platform/graphics/GLContext.cpp:
        (WebCore::initializeOpenGLShimsIfNeeded):
        * platform/graphics/GraphicsContext3DPrivate.cpp:
        * platform/graphics/PlatformDisplay.cpp:
        * platform/graphics/cairo/CairoUtilities.cpp:
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::create):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        * platform/graphics/egl/GLContextEGL.cpp:
        * platform/graphics/egl/GLContextEGLWPE.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        * platform/graphics/opengl/Extensions3DOpenGLES.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        * platform/graphics/opengl/TemporaryOpenGLSetting.cpp:
        * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.cpp:
        * platform/graphics/wpe/PlatformDisplayWPE.cpp:

2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        ImageDecoder: Gifs with infinite animation only play once very often
        https://bugs.webkit.org/show_bug.cgi?id=173403

        Reviewed by Michael Catanzaro.

        It doesn't always happen, it's easier to reproduce when loading big files from the network, but it also depends
        on every file. The problem is that ImageFrameCache is caching the repetition count value always when the size is
        already available. In the case of gif files, the loop count value can be at any point of the image stream, so
        having the size available doesn't mean we also have the loop count. So, if the value is queried before it's
        available, the default value is cached (repeat once) and then always used. We should clear the cached value when
        new data is added to the decoder, like we do with other cached values that can change when more data is decoded.

        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::clearMetadata): Clear m_repetitionCount.

2017-07-12  Adrian Perez de Castro  <aperez@igalia.com>

        [SOUP] Do not use C linkage for functions using C++ features
        https://bugs.webkit.org/show_bug.cgi?id=174392

        Reviewed by Michael Catanzaro.

        No new tests because there is no behavior change.

        * platform/network/soup/WebKitSoupRequestGeneric.h: Move G_END_DECLS
        to leave functions which use C++ features outside of the block it
        delimits.

2017-07-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
        https://bugs.webkit.org/show_bug.cgi?id=174161

        Reviewed by Michael Catanzaro.

        It seems selection data could contain an empty string, in which case gtk_selection_data_get_data() returns a
        valid pointer, but gtk_selection_data_get_length() returns 0. When this happens we end up trying to split an
        empty string resulting in an empty vector, but we unconditionally access the first element of the vector.

        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::selectionDataToUTF8String): Return a null string in case selection data length is 0.
        (WebCore::PasteboardHelper::fillSelectionData): Return early if selection data length is 0, instead of checking
        the selection data pointer.

2017-07-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][WPE] Enable FILE_LOCK and implement lockFile and unlockFile
        https://bugs.webkit.org/show_bug.cgi?id=174357

        Reviewed by Michael Catanzaro.

        Implement lockFile and unlockFile using flock().

        * PlatformWPE.cmake:
        * platform/glib/FileSystemGlib.cpp:
        (WebCore::lockFile):
        (WebCore::unlockFile):

2017-07-11  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use FastAllocator in STL containers
        https://bugs.webkit.org/show_bug.cgi?id=174366

        Rubber stamped by Sam Weinig.

        This patch uses FastAllocator for STL containers including std::set and std::map.
        STL can take a template parameter to be used as allocator for containers.
        We prepare FastAllocator, which uses fastMalloc for allocation.
        This allows us to use bmalloc (if supported) for STL containers which offers
        functionalities that is not supported in WTF containers.

        * Modules/indexeddb/IDBKeyData.h:
        * Modules/indexeddb/server/IndexValueEntry.cpp:
        (WebCore::IDBServer::IndexValueEntry::IndexValueEntry):
        (WebCore::IDBServer::IndexValueEntry::Iterator::Iterator):
        (WebCore::IDBServer::IndexValueEntry::reverseFind):
        * Modules/indexeddb/server/IndexValueEntry.h:
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::lowestIteratorInRange):
        (WebCore::IDBServer::IndexValueStore::highestReverseIteratorInRange):
        (WebCore::IDBServer::IndexValueStore::Iterator::Iterator):
        * Modules/indexeddb/server/IndexValueStore.h:
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreCleared):
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::replaceKeyValueStore):
        (WebCore::IDBServer::MemoryObjectStore::addRecord):
        (WebCore::IDBServer::MemoryObjectStore::updateCursorsForPutRecord):
        * Modules/indexeddb/server/MemoryObjectStore.h:
        (WebCore::IDBServer::MemoryObjectStore::orderedKeys):
        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setFirstInRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setForwardIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setReverseIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementForwardIterator):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):
        * Modules/indexeddb/server/MemoryObjectStoreCursor.h:
        * Modules/mediasource/SampleMap.h:
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::deferTestsForReason):
        (WebCore::dumpState):
        * page/WheelEventTestTrigger.h:
        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::enumToStringMap):
        * rendering/OrderIterator.h:

2017-07-11  Per Arne Vollan  <pvollan@apple.com>

        [Win] Build error when building WebKit.dll from WebKit.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174410

        Reviewed by Brent Fulgham.

        Copy required header files to forwarding headers folder.

        * PlatformWin.cmake:

2017-07-11  Dean Jackson  <dino@apple.com>

        Remove NAVIGATOR_HWCONCURRENCY
        https://bugs.webkit.org/show_bug.cgi?id=174400

        Reviewed by Sam Weinig.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Removed.

2017-07-11  Youenn Fablet  <youenn@apple.com>

        RealtimeOutgoingAudioSource should not push more audio data if the WebRTC thread is not able to process it
        https://bugs.webkit.org/show_bug.cgi?id=174383

        Reviewed by Eric Carlson.

        This patch adds support to check for pending-processing audio data.
        If the amount of audio data is bigger than a high water mark of 0.5 seconds,
        we stop pushing new audio data until buffered audio data is lower than a low water mark of 0.1 seconds.
        Patch is tested by adding breakpoints to trigger the high water mark, verifying that low water mark is triggered
        and receiving audio is fine on the other connection endpoint.

        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataHighLimit):
        (WebCore::RealtimeOutgoingAudioSource::isReachingBufferedAudioDataLowLimit):
        (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:

2017-07-11  Dean Jackson  <dino@apple.com>

        Rolling out r219372.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency):
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Added.

2017-07-11  Dean Jackson  <dino@apple.com>

        Remove NAVIGATOR_HWCONCURRENCY
        https://bugs.webkit.org/show_bug.cgi?id=174400

        Reviewed by Sam Weinig.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::hardwareConcurrency): Deleted.
        * page/NavigatorBase.h:
        * page/NavigatorConcurrentHardware.idl: Removed.

2017-07-11  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] CryptoKeyECMac::Custom OpenSSL tag is actually tagged type [1]
        https://bugs.webkit.org/show_bug.cgi?id=174382
        <rdar://problem/33244871>

        Reviewed by Brent Fulgham.

        No change of behaviour.

        * crypto/mac/CryptoKeyECMac.cpp:
        (WebCore::CryptoKeyEC::platformImportPkcs8):
        (WebCore::CryptoKeyEC::platformExportPkcs8):
        Replace CustomECParameters with TaggedType1 according to X.690(08/2015) section 8.14:
        https://www.itu.int/rec/T-REC-X.690-201508-I/en
        and RFC 5915 Appendix A:
        http://www.ietf.org/rfc/rfc5915.txt.

2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r219045): The <body> element does not get repainted when its background image finishes decoding
        https://bugs.webkit.org/show_bug.cgi?id=174376

        Reviewed by Simon Fraser.

        When adding a CachedImageClient to CachedImage::m_pendingImageDrawingClients
        and the CachedImageClient is not one of the CachedImage::m_clients, we
        should cancel the repaint optimization in CachedImage::imageFrameAvailable().
        This can be done by adding all the CachedImage::m_clients to CachedImage::
        m_pendingImageDrawingClients.

        Test: fast/images/async-image-body-background-image.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::addPendingImageDrawingClient):

2017-07-11  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix Windows build after r219355.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::addCrossOriginWindowPropertyNames):
        (WebCore::addCrossOriginWindowOwnPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):
        (WebCore::addCrossOriginPropertyNames): Deleted.
        (WebCore::addCrossOriginOwnPropertyNames): Deleted.
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::addCrossOriginLocationPropertyNames):
        (WebCore::addCrossOriginLocationOwnPropertyNames):
        (WebCore::JSLocation::getOwnPropertyNames):
        (WebCore::addCrossOriginPropertyNames): Deleted.
        (WebCore::addCrossOriginOwnPropertyNames): Deleted.

2017-07-10  Sam Weinig  <sam@webkit.org>

        [WebIDL] Convert MutationCallback to be a normal generate callback
        https://bugs.webkit.org/show_bug.cgi?id=174140

        Reviewed by Chris Dumez.

        To make this work more nicely, I:
        - Added the ability to for non-nullable interfaces in sequences to be passed
          via a Ref<> rather than a RefPtr<> as a parameter to a callback function.
          (e.g. callback MyCallback = void (sequence<Foo> foos) will now have the 
          signature, CallbackResult<void> handleEvent(const Vector<Ref<Foo>>&) rather
          than CallbackResult<void> handleEvent(const Vector<RefPtr<Foo>>&).
        - Added a new extended attribute for callback functions called [CallbackNeedsCanInvoke]
          that adds a virtual function called canInvoke() to the generated callback.
          All it does is forward to ActiveDOMCallback's canInvokeCallback, but it
          allows the implementation to get to it. We may one day want to move the 
          inheritance of ActiveDOMCallback from the generated source to the base class.
        - Added a new extended attribute for callback functions called [CallbackThisObject=Type]
          which allows you to specify that the callback needs a this object in addition
          to its arguments. When specified, the first argument of the C++ implementation
          function will now correspond to the this object, with the remaining arguments
          shifted over one.

        * DerivedSources.make:
        Add MutationCallback.

        * WebCore.xcodeproj/project.pbxproj:
        Remove non-generated JSMutationCallback.cpp, and add generated JSMutationCallback.cpp.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::filterDeviceList):
        (WebCore::MediaDevicesRequest::start):
        * Modules/mediastream/MediaDevicesRequest.h:
        Switch to using Ref.

        * bindings/IDLTypes.h:
        Add InnerParameterType and NullableInnerParameterType type hooks
        and specialize wrappers to use Ref for InnerParameterType, and RefPtr
        for NullableInnerParameterType.

        * bindings/js/JSCallbackData.cpp:
        * bindings/js/JSCallbackData.h:
        Add support for passing a this object.

        * bindings/js/JSMutationCallback.cpp: Removed.
        * bindings/js/JSMutationCallback.h: Removed.
        Remove custom callback code.

        * bindings/js/JSMutationObserverCustom.cpp:
        (WebCore::constructJSMutationObserver): Deleted.
        Remove no longer needed custom constructor.

        * bindings/scripts/CodeGenerator.pm:
        (ParseType):
        Add helper to parse a type and cache the result.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallbackHeaderContent):
        (GenerateCallbackImplementationContent):
        Add support for [CallbackNeedsCanInvoke] and [CallbackThisObject]. When [CallbackThisObject]
        is not specified, use jsUndefined() as the this object as specified by WebIDL.

        * bindings/scripts/IDLAttributes.json:
        Add [CallbackNeedsCanInvoke] and [CallbackThisObject].

        * bindings/scripts/IDLParser.pm:
        (ParseType):
        Add entry point to parse a single type.

        * css/FontFaceSet.h:
        Switch to using Ref.

        * dom/MutationCallback.h:
        Update signatures.

        * dom/MutationCallback.idl: Added.
    
        * dom/MutationObserver.cpp:
        (WebCore::MutationObserver::canDeliver):
        (WebCore::MutationObserver::deliver):
        Switch to new signatures.

        * dom/MutationObserver.idl:
        Remove CustomConstructor.

        * page/IntersectionObserverCallback.h:
        Switch to using Ref.

        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.cpp: Added.
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithThisObject.h: Added.
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        Add / update bindings tests.

2017-07-11  Said Abou-Hallawa  <sabouhallawa@apple.com>

        RenderImage should not add itself as a RelevantRepaintedObject if its image frame is being decoded
        https://bugs.webkit.org/show_bug.cgi?id=174336

        Reviewed by Simon Fraser.

        Since nothing will be drawn till the image frame finishes decoding we should
        treat returning ImageDrawResult::DidRequestDecoding from BitmapImage::draw
        the same as we do when the image is still loading.

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderImage.h:

2017-07-11  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Hanging under LibWebRTCMediaEndpoint::getStats
        https://bugs.webkit.org/show_bug.cgi?id=174377

        Reviewed by Eric Carlson.

        No change of behavior.
        Moving calls to libwebrtc getStats in the signalling thread since doing it in the main thread
        would block the main thread until the signalling thread is ready to handle getStats.
        Reducing stat logging since this may be too much for some devices.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::getStats):
        (WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging):
        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered):
        (WebCore::LibWebRTCMediaEndpoint::startLoggingStats):

2017-07-11  Michael Catanzaro  <mcatanzaro@igalia.com>

        Remove unused OpenGL files
        https://bugs.webkit.org/show_bug.cgi?id=174371

        Reviewed by Timothy Hatcher.

        * platform/graphics/opengl/GLPlatformContext.cpp: Removed.
        * platform/graphics/opengl/GLPlatformContext.h: Removed.
        * platform/graphics/opengl/GLPlatformSurface.h: Removed.

2017-07-11  Chris Dumez  <cdumez@apple.com>

        Window's [[OwnPropertyKeys]] is wrong for cross origin windows
        https://bugs.webkit.org/show_bug.cgi?id=174364
        <rdar://problem/33238056>

        Reviewed by Brent Fulgham.

        Window's [[OwnPropertyKeys]] should not list descendant frame names
        when the window is cross-origin:
        - https://github.com/whatwg/html/pull/2777

        This aligns our behavior with Firefox and Chrome.

        No new tests, updated existing test.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::addCrossOriginPropertyNames):
        (WebCore::addCrossOriginOwnPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):

2017-07-11  Timothy Hatcher  <timothy@hatcher.name>

        Fix broken build when ENABLE_VIDEO is disabled.
        https://bugs.webkit.org/show_bug.cgi?id=174368

        Reviewed by Alex Christensen.

        * dom/Document.cpp:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::texSubImage2D):
        (WebCore::WebGLRenderingContextBase::texImage2D):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::mediaResponseSources):
        (WebCore::Internals::mediaResponseContentRanges):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-11  Ali Juma  <ajuma@chromium.org>

        elementFromPoint() should consider x and y to be in client (layout viewport) coordinates
        https://bugs.webkit.org/show_bug.cgi?id=172019

        Reviewed by Simon Fraser.

        When visual viewports are enabled, this makes TreeScope::nodeFromPoint consider its
        input to be in client coordinates, and clips this input to the layout viewport. This change
        affects the behavior of document.elementFromPoint() and document.caretRangeFromPoint.

        No new tests. Modified an existing test, and made a previously-failing test pass on ios.

        * dom/TreeScope.cpp:
        (WebCore::TreeScope::nodeFromPoint):
        * page/FrameView.cpp:
        (WebCore::FrameView::layoutViewportToAbsoluteRect):
        (WebCore::FrameView::layoutViewportToAbsolutePoint):
        (WebCore::FrameView::clientToLayoutViewportPoint):
        * page/FrameView.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTest):

2017-07-11  Timothy Hatcher  <timothy@hatcher.name>

        Broken build when !USE(REQUEST_ANIMATION_FRAME_DISPLAY_MONITOR)
        https://bugs.webkit.org/show_bug.cgi?id=174369

        Reviewed by Alex Christensen.

        * dom/ScriptedAnimationController.h: Include PlatformScreen.h.

2017-07-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        Address post-review feedback after http://trac.webkit.org/r219310
        https://bugs.webkit.org/show_bug.cgi?id=174300
        <rdar://problem/33030639>

        Reviewed by Simon Fraser.

        Removes pan-gesture-related plumbing introduced in r219310 that is no longer necessary.

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeWillStartPanGesture):
        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture): Deleted.

2017-07-11  Alex Christensen  <achristensen@webkit.org>

        Reduce URL size
        https://bugs.webkit.org/show_bug.cgi?id=174319

        Reviewed by Andreas Kling.

        m_fragmentEnd is redundant information. If a URL is valid, then it is always m_string.length().
        If a URL is not valid, then it is always 0. Rather than storing additional information,
        deduce the fragment end from the validity of the URL and the String's length.

        No change in behavior.  This reduces sizeof(URL) from 56 to 48 and reduces operations when parsing.

        * platform/URL.cpp:
        (WebCore::URL::invalidate):
        (WebCore::URL::fragmentIdentifier):
        (WebCore::URL::hasFragmentIdentifier):
        (WebCore::URL::removeFragmentIdentifier):
        * platform/URL.h:
        (WebCore::URL::encode):
        (WebCore::URL::decode):
        (WebCore::URL::hasFragment):
        * platform/URLParser.cpp:
        (WebCore::URLParser::urlLengthUntilPart):
        (WebCore::URLParser::copyURLPartsUntil):
        (WebCore::URLParser::parse):
        (WebCore::URLParser::allValuesEqual):
        (WebCore::URLParser::internalValuesConsistent):

2017-07-11  Alex Christensen  <achristensen@webkit.org>

        SharedBuffer::size should return a size_t
        https://bugs.webkit.org/show_bug.cgi?id=174328

        Reviewed by Andreas Kling.

        No change in behaviour.

        * html/FTPDirectoryDocument.cpp:
        (WebCore::createTemplateDocumentData):
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::handleProvisionalLoadFailure):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::loadDataURL):
        * loader/ResourceLoader.h:
        * loader/appcache/ApplicationCacheStorage.cpp:
        (WebCore::ApplicationCacheStorage::store):
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::script):
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::tryCreateArrayBuffer):
        * platform/SharedBuffer.h:

2017-07-11  Per Arne Vollan  <pvollan@apple.com>

        [Win] Build error when building WebCore from WebCore.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174330

        Reviewed by Brent Fulgham.

        The CMake variable PAL_DIR should be set in the project file.

        * WebCore.vcxproj/WebCore.proj:

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-11  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [GTK] Spin buttons on input type number appear over the value itself for small widths
        https://bugs.webkit.org/show_bug.cgi?id=173572

        Reviewed by Carlos Garcia Campos.

        When drawing the spin buttons, override the width of the input
        element to increment it with the width of the spin button.
        This ensures that we don't end up covering the input values with
        the spin buttons.

        Do this also for user controlled styles, because most web authors
        won't test how their site renders on WebKitGTK+, and they will
        assume spin buttons in the order of 13 pixels wide (that is what
        most browsers use), but the GTK+ spin button is much wider (66 pixels).

        Test: platform/gtk/fast/forms/number/number-size-spinbutton-nocover.html

        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::adjustStyle):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::adjustTextFieldStyle): Call the theme's adjustTextFieldStyle() also for user controlled styles.
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):

2017-07-11  Youenn Fablet  <youenn@apple.com>

        We should do ICE candidate filtering at the Document level
        https://bugs.webkit.org/show_bug.cgi?id=173861
        <rdar://problem/33122058>

        Reviewed by Eric Carlson.

        Tests: http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html
               http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html
               http/tests/webrtc/filtering-ice-candidate-same-origin-frame2.html
               webrtc/filtering-ice-candidate-after-reload.html

        Making UserMediaRequest disable the ICE candidate filtering for the page RTCController.
        All RTCPeerConnection of the page that are created on a document that are same-origin as the top document
        are now registered to the RTCController.
        This allows disabling filtering to only these RTCPeerConnection.

        The page keeps the default ICE candidate filtering policy.
        This policy allows disabling ICE candidate filtering for all RTCPeerConnection.

        When the top document is changing, the RTCController filtering policy is reset
        and its list of RTCPeerConnection is emptied.

        Internals no longer disables ICE candidate filtering by default.
        This allows finer grained testing.
        ICE candidate filtering is disabled for tests including testharnessreport.js
        to enable web-platform-tests to run without modifications.

        * Modules/mediastream/RTCController.cpp:
        (WebCore::RTCController::reset):
        * Modules/mediastream/RTCController.h:
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::allow):
        * page/Frame.cpp:
        (WebCore::Frame::setDocument):
        * page/Page.cpp:
        (WebCore::Page::disableICECandidateFiltering):
        * page/Page.h:
        (WebCore::Page::shouldEnableICECandidateFilteringByDefault):
        (WebCore::Page::disableICECandidateFiltering): Deleted.
        (WebCore::Page::enableICECandidateFiltering): Deleted.
        (WebCore::Page::isICECandidateFilteringEnabled): Deleted.
        * testing/Internals.cpp:
        (WebCore::Internals::Internals):
        (WebCore::Internals::setICECandidateFiltering):
        (WebCore::Internals::setEnumeratingAllNetworkInterfacesEnabled):
        (WebCore::Internals::isICECandidateFilteringEnabled): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-07-11  Sergio Villar Senin  <svillar@igalia.com>

        Unreviewed, rolling out r219325.

        The test is still flaky

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219325

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-10  Simon Fraser  <simon.fraser@apple.com>

        [WK2 iOS] REGRESSION (r216803) During momentum scroll, getBoundingClientRect returns wrong coordinates (missing images on pinterest, elle.com and many other sites)
        https://bugs.webkit.org/show_bug.cgi?id=174286
        rdar://problem/32864180

        Reviewed by Dean Jackson.

        r216803 made getBoundingClientRects relative to the layout viewport, but when scrolling we
        only update that on stable viewport updates (at the end of the scroll). This meant that during
        unstable updates, getBoundingClientRects() used a "frozen" viewport origin so things on-screen
        would appear to be off-screen, causing sites to fail to dynamically load images etc. when
        scrolling.

        Fix by pushing an optional "unstable" layout viewport rect onto FrameView, which gets used by
        FrameView::documentToClientOffset(). This is cleared when we do a stable update.

        This is a short-term solution. Longer term, I would prefer to always call setLayoutViewportOverrideRect(),
        but fix the scrolling tree logic to work correctly in this case.

        Add a bit more scrolling logging.

        Test: fast/visual-viewport/ios/get-bounding-client-rect-unstable.html

        * page/FrameView.cpp:
        (WebCore::FrameView::setUnstableLayoutViewportRect):
        (WebCore::FrameView::documentToClientOffset):
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
        * page/scrolling/ScrollingStateFixedNode.cpp:
        (WebCore::ScrollingStateFixedNode::updateConstraints):
        (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):

2017-07-10  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Prune statistics in orders of importance
        https://bugs.webkit.org/show_bug.cgi?id=174215
        <rdar://problem/33164403>

        Reviewed by Chris Dumez.

        Test: http/tests/loading/resourceLoadStatistics/prune-statistics.html

        * loader/ResourceLoadObserver.cpp:
        (WebCore::reduceTimeResolution):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
            Now all set the new statistics field lastSeen.
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
            Handling of the new statistics field lastSeen.
        * loader/ResourceLoadStatistics.h:

2017-07-10  Devin Rousso  <drousso@apple.com>

        Web Inspector: Highlight matching CSS canvas clients when hovering contexts in the Resources tab
        https://bugs.webkit.org/show_bug.cgi?id=174279

        Reviewed by Matt Baker.

        Test: inspector/dom/highlightNodeList.html

        * inspector/InspectorDOMAgent.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::highlightNodeList):

2017-07-10  Javier Fernandez  <jfernandez@igalia.com>

        [css-align][css-flex][css-grid] 'auto' values of align-self and justify-self must not be resolved
        https://bugs.webkit.org/show_bug.cgi?id=172707

        Reviewed by Antti Koivisto.

        The CSS Box Alignment specification has been changed recently so that
        now all the propeties have the specificed value as computed value. The
        rationale of this change are at the associated W3C github issue [1].

        This change implies that we don't need to execute the StyleAdjuter
        logic we implemented specifically for supporting 'auto' values
        resolution for computed style. We can live now with resolution at
        layout time only.

        [1] https://github.com/w3c/csswg-drafts/issues/440

        No new tests, just updating the already defined tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle): Removed
        * css/StyleResolver.h:
        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerElement::resolveCustomStyle):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::columnFlexItemHasStretchAlignment):
        (WebCore::RenderBox::hasStretchedLogicalWidth):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::styleDidChange): Added
        (WebCore::RenderFlexibleBox::alignmentForChild):
        * rendering/RenderFlexibleBox.h:

2017-07-10  Wenson Hsieh  <wenson_hsieh@apple.com>

        [WK2] Ignore touch events that interrupt platform-driven momentum scrolling
        https://bugs.webkit.org/show_bug.cgi?id=174300
        <rdar://problem/33030639>

        Reviewed by Simon Fraser.

        See Source/WebKit2/ChangeLog for more detail.

        Tests: fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-mainframe.html
               fast/events/ios/no-touch-events-when-stopping-momentum-scroll-in-overflow.html
               fast/events/ios/touch-events-during-scroll-deceleration-in-overflow.html

        * page/scrolling/ScrollingTree.h:
        (WebCore::ScrollingTree::scrollingTreeNodeDidEndPanGesture):

2017-07-10  Jeremy Jones  <jeremyj@apple.com>

        Captions and subtitles not showing up in picture-in-picture for MSE content
        https://bugs.webkit.org/show_bug.cgi?id=174317
        rdar://problem/33188591

        Reviewed by Eric Carlson.

        Reverts a regression created by r218403.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):

2017-07-10  Per Arne Vollan  <pvollan@apple.com>

        [Win] Link error when building WTF from WTF.proj project file.
        https://bugs.webkit.org/show_bug.cgi?id=174316
        <rdar://problem/33178200>

        Reviewed by Brent Fulgham.

        WTF_CPU_X86 cmake variable needs to be set for link libraries directories to be correct.

        * WebCore.vcxproj/WebCore.proj:

2017-07-10  Jeremy Jones  <jeremyj@apple.com>

        media element handle adding source immediately before src.
        https://bugs.webkit.org/show_bug.cgi?id=174284
        rdar://problem/33115439

        Reviewed by David Kilzer.

        Test: media/video-source-before-src.html

        Adding a source causes a selectMediaResource block to be enqueued.
        If dataLoadingPermitted prevents creating the m_player but sets the srcAttr, then
        the enqueued selectMediaResource will be in a bad state, with a srcAttr but no m_player.

        This fix prevents selectMediaResource from being called, if data loading is not permitted
        when adding a source element, to match how it prevents player creation when setting srcAttr.

        This fix also adds a debug assert to catch the problem earlier and adds an early return to
        prevent the crash in release builds.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::selectMediaResource):
        (WebCore::HTMLMediaElement::sourceWasAdded):

2017-07-10  Megan Gardner  <megan_gardner@apple.com>

        Add location to NavigationActionData
        https://bugs.webkit.org/show_bug.cgi?id=174233
        <rdar://problem/29165518>

        Reviewed by Simon Fraser.
        
        Add the root view location of a tap to a NavigationAction to vend to Safari.

        Test: small enough change to not be tested alone.

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::absoluteLocationConvertedToRootView):
        * dom/MouseRelatedEvent.h:

2017-07-10  Sam Weinig  <sam@webkit.org>

        [WebIDL] Move plugin object customization into the generator
        https://bugs.webkit.org/show_bug.cgi?id=174238

        Reviewed by Chris Dumez.

        - Added [Plugin] extended attribute to forward the necessary hooks
          for get/set/delete to the plugin code.
        - Removed [CustomNamedSetter] and replaced it's remaining uses
          [CustomPut] (formally called [CustomPutFunction]).
        - Renamed [CustomNamedGetterOnPrototype] to [CustomPutOnPrototype]
          because that is actually what it does.
        - Removed [CustomGetOwnPropertySlotByIndex] and made 
          [CustomGetOwnPropertySlot] imply it, as the other custom hooks
          do.
        - Renamed [CustomEnumerateProperty] to [CustomGetOwnPropertyNames]
          to conform with other attribute names.
        - Renamed [CustomCall] to [CustomGetCallData] to conform with other 
          attribute names.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSHTMLAppletElementCustom.cpp: Removed.
        * bindings/js/JSHTMLEmbedElementCustom.cpp: Removed.
        * bindings/js/JSHTMLObjectElementCustom.cpp: Removed.
        Remove custom bindings.

        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::putCommon):
        (WebCore::JSCSSStyleDeclaration::put):
        (WebCore::JSCSSStyleDeclaration::putByIndex):
        (WebCore::JSCSSStyleDeclaration::putDelegate): Deleted.
        Use [CustomPut] rather than [CustomNamedSetter] to allow us
        to get rid of [CustomNamedSetter]. Reuse put delegate as
        common code to share between put and putByIndex.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::getOwnPropertySlotCommon):
        (WebCore::JSLocation::getOwnPropertySlot):
        (WebCore::JSLocation::getOwnPropertySlotByIndex):
        Replace [CustomGetOwnPropertySlotAndDescriptor] with [CustomGetOwnPropertySlot]
        which is more clear and reduces the number of variants of this hook override
        we need.

        (WebCore::putCommon):
        (WebCore::JSLocation::put):
        (WebCore::JSLocation::putByIndex):
        Use [CustomPut] rather than [CustomNamedSetter] to allow us
        to get rid of [CustomNamedSetter]. Reuse put delegate as
        common code to share between put and putByIndex.

        (WebCore::JSLocationPrototype::put):
        [CustomPutOnPrototype] (which weirdly used incorrectly be called 
        [CustomNamedGetterOnPrototype]) now works like [CustomPut] meaning
        you need to call Base.

        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::pluginElementPropertyGetter):
        (WebCore::pluginElementCustomGetOwnPropertySlot):
        (WebCore::pluginElementCustomPut):
        * bindings/js/JSPluginElementFunctions.h:
        (WebCore::pluginElementCustomGetOwnPropertySlot): Deleted.
        Remove templatized pluginElementCustomGetOwnPropertySlot, which was 
        completely unnecessary and merge its functionality into the out of
        line overload. Remove pluginElementPropertyGetter from the header,
        since it is only used in implementation, and unify the naming and
        argument position (JSHTMLElement* comes first) of the hooks.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateIndexedGetter):
        (GenerateNamedGetter):
        (GenerateGetOwnPropertySlot):
        (GenerateGetOwnPropertySlotByIndex):
        (GenerateGetOwnPropertyNames):
        (GeneratePut):
        (GeneratePutByIndex):
        (GenerateDeleteProperty):
        (GenerateDeletePropertyByIndex):
        (GenerateNamedDeleterDefinition):
        (InstanceOverridesGetOwnPropertySlot):
        (InstanceOverridesGetOwnPropertyNames):
        (InstanceOverridesPut):
        (InstanceOverridesDeleteProperty):
        (GenerateHeader):
        (GenerateImplementation):
        (GenerateGetCallData):
        (GeneratePluginCall):
        (GenerateLegacyCallerDefinitions):
        (GenerateLegacyCallerDefinition):
        (GeneratePrototypeDeclaration):
        (InstanceOverridesGetCallData):
        (HeaderNeedsPrototypeDeclaration):
        - Add support for [Plugin]
        - Remove support for [CustomNamedSetter]
        - Replace [CustomGetOwnPropertySlotByIndex] with [CustomGetOwnPropertySlot]
        - Replace [CustomEnumerateProperty] with [CustomGetOwnPropertyNames]
        - Replace [CustomPutFunction] with [CustomPut].
        - Make subroutine names more consistent (remove a few Definition suffixes)

        * bindings/scripts/IDLAttributes.json:
        Update for new / removed attributes.

        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestPluginInterface.cpp: Added.
        * bindings/scripts/test/JS/JSTestPluginInterface.h: Added.
        * bindings/scripts/test/TestInterface.idl:
        * bindings/scripts/test/TestPluginInterface.idl: Added.
        Update / add tests.

        * css/CSSStyleDeclaration.idl:
        * html/HTMLAppletElement.idl:
        * html/HTMLEmbedElement.idl:
        * html/HTMLObjectElement.idl:
        * page/DOMWindow.idl:
        * page/Location.idl:
        * storage/Storage.idl:
        Update for new / renamed attributes.

2017-07-03  Brian Burg  <bburg@apple.com>

        Web Replay: remove some unused code
        https://bugs.webkit.org/show_bug.cgi?id=173903

        Rubber-stamped by Joseph Pecoraro.

        * CMakeLists.txt:
        * Configurations/FeatureDefines.xcconfig:
        * DerivedSources.make:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::lastModified):
        (WebCore::Document::inputCursor): Deleted.
        (WebCore::Document::setInputCursor): Deleted.
        * dom/Document.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::willDispatchEventImpl):
        (WebCore::InspectorInstrumentation::willDispatchEventOnWindowImpl):
        (WebCore::InspectorInstrumentation::frameDetachedFromParentImpl):
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::sessionCreatedImpl): Deleted.
        (WebCore::InspectorInstrumentation::sessionLoadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::sessionModifiedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentCreatedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentCompletedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentLoadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::segmentUnloadedImpl): Deleted.
        (WebCore::InspectorInstrumentation::captureStartedImpl): Deleted.
        (WebCore::InspectorInstrumentation::captureStoppedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackStartedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackPausedImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackHitPositionImpl): Deleted.
        (WebCore::InspectorInstrumentation::playbackFinishedImpl): Deleted.
        (WebCore::InspectorInstrumentation::replayAgentEnabled): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::sessionCreated): Deleted.
        (WebCore::InspectorInstrumentation::sessionLoaded): Deleted.
        (WebCore::InspectorInstrumentation::sessionModified): Deleted.
        (WebCore::InspectorInstrumentation::segmentCreated): Deleted.
        (WebCore::InspectorInstrumentation::segmentCompleted): Deleted.
        (WebCore::InspectorInstrumentation::segmentLoaded): Deleted.
        (WebCore::InspectorInstrumentation::segmentUnloaded): Deleted.
        (WebCore::InspectorInstrumentation::captureStarted): Deleted.
        (WebCore::InspectorInstrumentation::captureStopped): Deleted.
        (WebCore::InspectorInstrumentation::playbackStarted): Deleted.
        (WebCore::InspectorInstrumentation::playbackPaused): Deleted.
        (WebCore::InspectorInstrumentation::playbackFinished): Deleted.
        (WebCore::InspectorInstrumentation::playbackHitPosition): Deleted.
        * inspector/InspectorReplayAgent.cpp: Removed.
        * inspector/InspectorReplayAgent.h: Removed.
        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorReplayAgent): Deleted.
        (WebCore::InstrumentingAgents::setInspectorReplayAgent): Deleted.
        * page/EventHandler.h:
        * page/Page.cpp:
        (WebCore::Page::Page):
        * page/Page.h:
        (WebCore::Page::replayController): Deleted.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::synchronousScrollingReasons):
        (WebCore::ScrollingCoordinator::replaySessionStateDidChange): Deleted.
        * page/scrolling/ScrollingCoordinator.h:
        * platform/Logging.h:
        * plugins/DOMMimeTypeArray.cpp:
        (WebCore::DOMMimeTypeArray::getPluginData):
        * plugins/DOMPluginArray.cpp:
        (WebCore::DOMPluginArray::pluginData):
        * replay/AllReplayInputs.h: Removed.
        * replay/CapturingInputCursor.cpp: Removed.
        * replay/CapturingInputCursor.h: Removed.
        * replay/EventLoopInput.cpp: Removed.
        * replay/EventLoopInput.h: Removed.
        * replay/EventLoopInputDispatcher.cpp: Removed.
        * replay/EventLoopInputDispatcher.h: Removed.
        * replay/FunctorInputCursor.h: Removed.
        * replay/MemoizedDOMResult.cpp: Removed.
        * replay/MemoizedDOMResult.h: Removed.
        * replay/ReplayController.cpp: Removed.
        * replay/ReplayController.h: Removed.
        * replay/ReplayInputCreationMethods.cpp: Removed.
        * replay/ReplayInputDispatchMethods.cpp: Removed.
        * replay/ReplaySession.cpp: Removed.
        * replay/ReplaySession.h: Removed.
        * replay/ReplaySessionSegment.cpp: Removed.
        * replay/ReplaySessionSegment.h: Removed.
        * replay/ReplayingInputCursor.cpp: Removed.
        * replay/ReplayingInputCursor.h: Removed.
        * replay/SegmentedInputStorage.cpp: Removed.
        * replay/SegmentedInputStorage.h: Removed.
        * replay/SerializationMethods.cpp: Removed.
        * replay/SerializationMethods.h: Removed.
        * replay/WebInputs.json: Removed.

2017-07-10  Brady Eidson  <beidson@apple.com>

        Cleanup lifetime issues of UniqueIDBDatabase and IDBBackingStore.
        <rdar://problem/32908525> and https://bugs.webkit.org/show_bug.cgi?id=174244

        Reviewed by David Kilzer and Alex Christensen. 

        No targeted test possible, implicitly covered by all IDB tests.

        The original idea behind UniqueIDBDatabase lifetime was that they are ThreadSafeRefCounted and
        we take protector Refs when any operation that needs it alive is in flight.
        
        This added variability to their lifetime which made it difficult to enforce a few different 
        design invariants, namely:
            - UniqueIBDDatabase objects are always created and destroyed only on the main thread.
            - IDBBackingStore objects are always created and destroyed only on the database thread.
        
        This patch removes the ref counting and instead ties UniqueIDBDatabase lifetime to a
        std::unique_ptr that is owned by the IDBServer.
        
        Whenever any operations on the UniqueIDBDatabase are in flight it is kept alive by virtue
        of that unique_ptr in the IDBServer. Once a UniqueIDBDatabase is completely done with all of
        its work, the following happens:
            - On the main thread the IDBServer removes the unique_ptr owning the UniqueIDBDatabase
              from its map.
            - It hands the unique_ptr to the UniqueIDBDatabase itself, which schedules one final 
              database thread task.
            - That database thread task is to destroy the IDBBackingStore, kill its message queues,
              and then message back to the main thread for one final task.
            - That main thread task is to release the unique_ptr, resulting in destruction of the
              UniqueIDBDatabase object.
        
        This is safe, predictable, solves the lifetime issues that r218516 originally tried to solve,
        and solves the lifetime issues that r218516 introduced.

        (This patch also adds many more assertions to cover various design invariants throughout the
        lifecycle of a particular UniqueIDBDatabase)

        ASSERT that IDBBackingStores are only ever created and destroyed on the background thread:
        * Modules/indexeddb/server/IDBBackingStore.h:
        (WebCore::IDBServer::IDBBackingStore::~IDBBackingStore):
        (WebCore::IDBServer::IDBBackingStore::IDBBackingStore):
        
        Transition UniqueIDBDatabase ownership from a RefPtr to a std::unique_ptr:
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::getOrCreateUniqueIDBDatabase):
        (WebCore::IDBServer::IDBServer::closeAndTakeUniqueIDBDatabase):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
        (WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase): Deleted.
        * Modules/indexeddb/server/IDBServer.h:
        
        Make all the other changes mentioned above:
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): Bulk up on ASSERTs
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection): 
        (WebCore::IDBServer::UniqueIDBDatabase::performUnconditionalDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::didShutdownForClose):
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performIterateCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::performPrefetchCursor):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::activateTransactionInBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
        (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        (WebCore::IDBServer::UniqueIDBDatabase::create): Deleted.

2017-07-10  Chris Dumez  <cdumez@apple.com>

        Further WebResourceLoadStatisticsStore / ResourceLoadStatisticsStore clean up
        https://bugs.webkit.org/show_bug.cgi?id=174301

        Reviewed by Brent Fulgham.

        Moved some generic file system utility functions down to platform's FileSystem.h.

        * platform/FileSystem.cpp:
        (WebCore::openAndLockFile):
        (WebCore::unlockAndCloseFile):
        * platform/FileSystem.h:

2017-07-10  Andreas Kling  <akling@apple.com>

        REGRESSION(r210226): Keyboard-focused element not preserved when navigating back through page cache, causing multiple elements to have focus
        https://bugs.webkit.org/show_bug.cgi?id=174302
        <rdar://problem/33204273>

        Reviewed by Antti Koivisto.

        Don't clear the active/hovered/focused elements when destroying the render tree,
        since we might need to reconstruct it later, and would like to remember which
        elements those were.

        Only the focused state actually stuck when going in and out of the page cache,
        but this patch removes all the element pointer clearing for consistency.

        Test: fast/history/page-cache-element-state-focused.html

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-07-10  Daniel Bates  <dabates@apple.com>

        REGRESSION (r218616): Cannot build WebCore for macOS 10.12 with macOS 10.13 SDK
        https://bugs.webkit.org/show_bug.cgi?id=173939

        Reviewed by Dan Bernstein.

        (The code in this change was either suggested or written by Dan Bernstein with a very
        minor adjustment to get it to build).

        Allow WebCore to link even though CTFontCreatePhysicalFontForCharactersWithLanguage() is
        undefined when building against the macOS 10.13 SDK targeting macOS 10.12. Let the dynamic
        linker resolve the undefined symbol.

        For completeness the SPI CTFontCreatePhysicalFontForCharactersWithLanguage() was removed
        from the macOS 10.13 SDK.

        * Configurations/WebCore.xcconfig: Tell the linker that CTFontCreatePhysicalFontForCharactersWithLanguage()
        can be undefined when building against macOS 10.13 or later SDK.
        * platform/spi/cocoa/CoreTextSPI.h: Annotate CTFontCreatePhysicalFontForCharactersWithLanguage()
        with its availability information.

2017-07-10  Zalan Bujtas  <zalan@apple.com>

        Block of text is missing in iBooks sample books.
        https://bugs.webkit.org/show_bug.cgi?id=174295
        <rdar://problem/32955620>

        Reviewed by Antti Koivisto.

        In the simple line layout context, translating y coordinate to a line index is
        normally just a (y / line height) operation. However in case of strut offsets (pagination)
        we need to take these extra paddings into account while resolving the line index.
        This patch fixes the boundary checking for a given line by using the font size only
        when the font is taller than the line.

        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::RunResolver::adjustLineIndexForStruts):

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] SoupCookieJar is never released (resulting in sqlite temp files lying around)
        https://bugs.webkit.org/show_bug.cgi?id=166029

        Reviewed by Michael Catanzaro.

        Add clearSoupNetworkSessionAndCookieStorage() to clear the SoupNetworkSession and cookie storage of the main
        network session, ensuring the cookies database is properly closed.

        * platform/network/NetworkStorageSession.h:
        * platform/network/soup/NetworkStorageSessionSoup.cpp:
        (WebCore::NetworkStorageSession::clearSoupNetworkSessionAndCookieStorage):

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        Move make-js-file-arrays.py from WebCore to JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=174024

        Reviewed by Michael Catanzaro.

        * CMakeLists.txt: Explicitly add files generated by MAKE_JS_FILE_ARRAYS to the build, since the macro no longer
        does it.
        * DerivedSources.make: Updated to use make-js-file-arrays.py from JavaScriptCore. It's no longer needed to set
        PYTHON_PATH to find jsmin.py.

2017-07-10  Charlie Turner  <cturner@igalia.com>

        [GTK] http/tests/media/video-redirect.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=174260

        Reviewed by Carlos Garcia Campos.

        Make sure we're testing new URLs within the same security origin.

        Covered by existing tests.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::convertToInternalProtocol): Factor out setting our
        internal URL schema.
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Use the
        refactored helper.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Use
        refactored helper to ensure both URLs have the same origin.

2017-07-08  John Wilander  <wilander@apple.com>

        Resource Load Statistics: User interaction should always go to top document
        https://bugs.webkit.org/show_bug.cgi?id=174120
        <rdar://problem/33117899>

        Reviewed by Chris Dumez.

        Test: http/tests/loading/resourceLoadStatistics/user-interaction-in-cross-origin-sub-frame.html

        * dom/UserGestureIndicator.cpp:
        (WebCore::UserGestureIndicator::UserGestureIndicator):
            Now logs user interaction for the top document.
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::setThrottledObserverNotifications):
            Test infrastructure.
        (WebCore::ResourceLoadObserver::setNotificationCallback):
            Callback now takes a ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logFrameNavigation):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
            Submits the configured ResourceLoadObserver::NotificationType.
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
            Submits the configured ResourceLoadObserver::NotificationType.
        * loader/ResourceLoadObserver.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
            Resets to throttled notifications.
        (WebCore::Internals::setResourceLoadStatisticsThrottledObserverNotifications):
            Test infrastructure.
        * testing/Internals.h:
        * testing/Internals.idl:
            Added internals.setResourceLoadStatisticsThrottledObserverNotifications().

2017-07-09  Brady Eidson  <beidson@apple.com>

        Remove some obsolete WebKitVersionChecks.
        https://bugs.webkit.org/show_bug.cgi?id=174294

        Reviewed by Dan Bernstein.

        No new tests (No change to testable behavior)

        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::dispatchErrorEvent):
        
        * page/Settings.in:
        
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isOkCupid): Deleted.
        (WebCore::IOSApplication::isFacebook): Deleted.
        
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::layoutOverflowRectForPropagation):

2017-07-08  Brady Eidson  <beidson@apple.com>

        Remove some obsolete RuntimeApplicationChecks.
        https://bugs.webkit.org/show_bug.cgi?id=174293

        Reviewed by Dan Bernstein.

        No new tests (No change to testable behavior)

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parametersForPlugin):
        (WebCore::shouldNotPerformURLAdjustment): Deleted.

        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isDaijisenDictionary): Deleted.
        (WebCore::IOSApplication::isNASAHD): Deleted.
        (WebCore::IOSApplication::isTheEconomistOnIphone): Deleted.

        * platform/ios/wak/WebCoreThread.h:
        * platform/ios/wak/WebCoreThread.mm:
        (StartWebThread):
        (WebThreadSetDelegateSourceRunLoopMode): Deleted.

2017-07-08  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Safe access and life cycle management of bare Curl handle
        by wrapping with C++ class
        https://bugs.webkit.org/show_bug.cgi?id=174002

        Reviewed by Alex Christensen.

        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::CurlContext):
        (WebCore::CurlContext::~CurlContext):
        (WebCore::CurlContext::initCookieSession):
        (WebCore::CurlShareHandle::CurlShareHandle):
        (WebCore::CurlShareHandle::~CurlShareHandle):
        (WebCore::CurlShareHandle::lockCallback):
        (WebCore::CurlShareHandle::unlockCallback):
        (WebCore::CurlShareHandle::mutexFor):
        (WebCore::CurlMultiHandle::CurlMultiHandle):
        (WebCore::CurlMultiHandle::~CurlMultiHandle):
        (WebCore::CurlMultiHandle::addHandle):
        (WebCore::CurlMultiHandle::removeHandle):
        (WebCore::CurlMultiHandle::getFdSet):
        (WebCore::CurlMultiHandle::perform):
        (WebCore::CurlMultiHandle::readInfo):
        (WebCore::CurlHandle::CurlHandle):
        (WebCore::CurlHandle::~CurlHandle):
        (WebCore::CurlHandle::perform):
        (WebCore::CurlHandle::pause):
        (WebCore::CurlHandle::enableShareHandle):
        (WebCore::CurlHandle::setPrivateData):
        (WebCore::CurlHandle::setUrl):
        (WebCore::CurlHandle::clearUrl):
        (WebCore::CurlHandle::clearRequestHeaders):
        (WebCore::CurlHandle::appendRequestHeader):
        (WebCore::CurlHandle::enableRequestHeaders):
        (WebCore::CurlHandle::enableHttpGetRequest):
        (WebCore::CurlHandle::enableHttpHeadRequest):
        (WebCore::CurlHandle::enableHttpPostRequest):
        (WebCore::CurlHandle::setPostFields):
        (WebCore::CurlHandle::setPostFieldLarge):
        (WebCore::CurlHandle::enableHttpPutRequest):
        (WebCore::CurlHandle::setInFileSizeLarge):
        (WebCore::CurlHandle::setHttpCustomRequest):
        (WebCore::CurlHandle::enableAcceptEncoding):
        (WebCore::CurlHandle::enableAllowedProtocols):
        (WebCore::CurlHandle::enableFollowLocation):
        (WebCore::CurlHandle::enableAutoReferer):
        (WebCore::CurlHandle::enableHttpAuthentication):
        (WebCore::CurlHandle::setHttpAuthUserPass):
        (WebCore::CurlHandle::enableCAInfoIfExists):
        (WebCore::CurlHandle::setSslVerifyPeer):
        (WebCore::CurlHandle::setSslVerifyHost):
        (WebCore::CurlHandle::setSslCert):
        (WebCore::CurlHandle::setSslCertType):
        (WebCore::CurlHandle::setSslKeyPassword):
        (WebCore::CurlHandle::enableCookieJarIfExists):
        (WebCore::CurlHandle::setCookieList):
        (WebCore::CurlHandle::getCookieList):
        (WebCore::CurlHandle::clearCookieList):
        (WebCore::CurlHandle::enableProxyIfExists):
        (WebCore::CurlHandle::enableTimeout):
        (WebCore::CurlHandle::setHeaderCallbackFunction):
        (WebCore::CurlHandle::setWriteCallbackFunction):
        (WebCore::CurlHandle::setReadCallbackFunction):
        (WebCore::CurlHandle::setSslCtxCallbackFunction):
        (WebCore::CurlHandle::getEffectiveURL):
        (WebCore::CurlHandle::getPrimaryPort):
        (WebCore::CurlHandle::getResponseCode):
        (WebCore::CurlHandle::getContentLenghtDownload):
        (WebCore::CurlHandle::getHttpAuthAvail):
        (WebCore::CurlHandle::getTimes):
        (WebCore::CurlHandle::maxCurlOffT):
        (WebCore::CurlHandle::expectedSizeOfCurlOffT):
        (WebCore::CurlHandle::enableVerboseIfUsed):
        (WebCore::CurlHandle::enableStdErrIfUsed):
        (WebCore::CurlContext::getEffectiveURL): Deleted.
        (WebCore::CurlContext::createMultiHandle): Deleted.
        (WebCore::CurlContext::mutexFor): Deleted.
        (WebCore::CurlContext::lock): Deleted.
        (WebCore::CurlContext::unlock): Deleted.
        * platform/network/curl/CurlContext.h:
        (WebCore::CurlGlobal::CurlGlobal):
        (WebCore::CurlGlobal::~CurlGlobal):
        (WebCore::CurlShareHandle::handle):
        (WebCore::CurlContext::shareHandle):
        (WebCore::CurlHandle::handle):
        (WebCore::CurlHandle::url):
        (WebCore::CurlContext::curlShareHandle): Deleted.
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::~CurlDownload):
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::getUrl):
        (WebCore::CurlDownload::addHeaders):
        (WebCore::CurlDownload::didReceiveHeader):
        (WebCore::CurlDownload::writeCallback):
        * platform/network/curl/CurlDownload.h:
        * platform/network/curl/CurlJobManager.cpp:
        (WebCore::CurlJobManager::CurlJobManager):
        (WebCore::CurlJobManager::~CurlJobManager):
        (WebCore::CurlJobManager::addToCurl):
        (WebCore::CurlJobManager::removeFromCurl):
        (WebCore::CurlJobManager::workerThread):
        * platform/network/curl/CurlJobManager.h:
        (WebCore::CurlJobManager::getMultiHandle): Deleted.
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandleInternal::~ResourceHandleInternal):
        (WebCore::ResourceHandle::platformSetDefersLoading):
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::ResourceHandle::receivedCredential):
        (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
        (WebCore::calculateWebTimingInformations):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::writeCallback):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::readCallback):
        (WebCore::setupFormData):
        (WebCore::ResourceHandle::setupPUT):
        (WebCore::ResourceHandle::setupPOST):
        (WebCore::ResourceHandle::dispatchSynchronousJob):
        (WebCore::ResourceHandle::applyAuthentication):
        (WebCore::ResourceHandle::initialize):
        (WebCore::ResourceHandle::handleCurlMsg):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::removeFromCurl):
        (WebCore::ResourceHandleManager::startJob):
        * platform/network/curl/ResourceHandleManager.h:
        * platform/network/curl/SSLHandle.cpp:
        (WebCore::setSSLClientCertificate):
        (WebCore::certVerifyCallback):
        (WebCore::setSSLVerifyOptions):

2017-07-08  Antoine Quint  <graouts@apple.com>

        REGRESSION: "visibility:hidden" does not hide play button for video elements
        https://bugs.webkit.org/show_bug.cgi?id=174258
        <rdar://problem/33181452>

        Reviewed by Dean Jackson.

        In order to not have most styles from the page affect the shadow root, we set "all: initial" on the
        media controls container. However, we need to still make the "visibility" property inherit from its
        host such that "visibility: hidden" on the host won't be overridden by setting the property back to
        its initial value, which is "visible".

        Test: media/modern-media-controls/css/visibility-hidden.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container):

2017-07-08  Yusuke Suzuki  <utatane.tea@gmail.com>

        Drop NOSNIFF compile flag
        https://bugs.webkit.org/show_bug.cgi?id=174289

        Reviewed by Michael Catanzaro.

        * Configurations/FeatureDefines.xcconfig:
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::notifyLoadedSheet):
        * dom/LoadableClassicScript.cpp:
        (WebCore::LoadableClassicScript::notifyFinished):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::mimeTypeAllowedByNosniff):
        (WebCore::CachedCSSStyleSheet::canUseSheet):
        * loader/cache/CachedCSSStyleSheet.h:
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseContentTypeOptionsHeader):
        * platform/network/HTTPParsers.h:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::isScriptAllowedByNosniff):
        * platform/network/ResourceResponseBase.h:
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::didReceiveResponse):

2017-07-07  Brent Fulgham  <bfulgham@apple.com>

        [WK2] Use a rolling 30-day uptime for processing statistics
        https://bugs.webkit.org/show_bug.cgi?id=174235
        <rdar://problem/33164381>

        Reviewed by Chris Dumez.

        Add a KeyedDecoder specialization for Deque.

        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeObjects):

2017-07-07  Daniel Bates  <dabates@apple.com>

        [AppCache] Ignore fallback entries whose namespace is not prefixed with manifest path
        https://bugs.webkit.org/show_bug.cgi?id=174273
        <rdar://problem/33011682>

        Reviewed by Brent Fulgham.

        As per <https://html.spec.whatwg.org/multipage/offline.html#parsing-cache-manifests> (07/06/2017)
        we should ignore fallback entires whose fallback namespace URL is not prefixed with
        the manifest path. For now we only apply this policy when the manifest is served with
        a non-standard Content-Type to minimize web compatibility risk.

        Test: http/tests/appcache/fallback-namespace-outside-manifest-path.html

        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::didFinishLoadingManifest): Pass the MIME type of the manifest.
        * loader/appcache/ManifestParser.cpp:
        (WebCore::manifestPath): Computes the manifest path from a manifest URL.
        (WebCore::parseManifest): Modified to take the MIME type of the manifest. If the MIME type is
        non-standard (i.e. not text/cached-manifest) then skip fallback entries whose namespace is not
        prefixed with the manifest path. Otherwise, process fallback entries as we do now. Also cleaned
        up the code a bit while I was here, including renaming a local variable to be more descriptive
        and using a const character array for the manifest signature to avoid the need to document the
        length of the manifest signature in a comment.
        * loader/appcache/ManifestParser.h:

2017-07-07  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] For cross-app drags, 'drop' event handlers are never invoked if dataTransfer.dropEffect is not set while dragging
        https://bugs.webkit.org/show_bug.cgi?id=174219
        <rdar://problem/32083177>

        Reviewed by Ryosuke Niwa.

        Currently, in DragController.cpp, defaultOperationForDrag maps a drag source operation mask of
        DragOperationGeneric to DragOperationMove across all platforms. However, on iOS, where cross-app drag moves do
        not trigger a drop, this means drop handlers won't fire unless the dropEffect is explicitly set to copy.

        To fix this, we introduce DragController::platformGenericDragOperation(), which returns DragOperationCopy on iOS
        and DragOperationMove (the existing behavior) elsewhere. defaultOperationForDrag then maps a drag source
        operation mask of DragOperationGeneric to platformGenericDragOperation().

        Tests:  DataInteractionTests.ExternalSourceHTMLToUploadArea
                DataInteractionTests.ExternalSourceImageAndHTMLToUploadArea
                DataInteractionTests.ExternalSourceMoveOperationNotAllowed

        * page/DragController.cpp:
        (WebCore::DragController::platformGenericDragOperation):
        (WebCore::defaultOperationForDrag):
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::platformGenericDragOperation):

2017-07-07  Devin Rousso  <drousso@apple.com>

        Web Inspector: Show all elements currently using a given CSS Canvas
        https://bugs.webkit.org/show_bug.cgi?id=173965

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/css-canvas-clients.html

        * css/CSSImageGeneratorValue.cpp:
        (WebCore::CSSImageGeneratorValue::addClient):
        (WebCore::CSSImageGeneratorValue::removeClient):
        * css/CSSImageGeneratorValue.h:
        (WebCore::CSSImageGeneratorValue::clients):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::addObserver):
        (WebCore::HTMLCanvasElement::removeObserver):
        (WebCore::HTMLCanvasElement::cssCanvasClients):
        Each time an observer is added/removed for a given HTMLCanvasElement, send an event to the
        inspector frontend that the CSS canvas client nodes have changed. Additionally, anytime a
        client/use is added/removed from one of the observing CSSCanvasValue, fire the same event.

        * css/CSSCanvasValue.h:
        (isType):
        * html/HTMLCanvasElement.h:
        (WebCore::CanvasObserver::isCSSCanvasValueObserver):
        Allows type traits to distinguish CanvasObserver from CSSCanvasValue::CanvasObserverProxy.

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestCSSCanvasClientNodes):
        (WebCore::InspectorCanvasAgent::didChangeCSSCanvasClientNodes):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodes):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodesImpl):
        Notify the frontend that the list of client nodes has changed for the given canvas. Let the
        frontend request the actual list of node IDs when it needs, possibly at a later time.

2017-07-07  Jer Noble  <jer.noble@apple.com>

        AVPlayer can continue to be active after released by MediaPlayerPrivateAVFoundationObjC.
        https://bugs.webkit.org/show_bug.cgi?id=174264

        Reviewed by Eric Carlson.

        If the AVPlayer is retained (by an autorelease pool, or internally by other objects in
        AVFoundation), releasing the AVPlayer is not enough to cancel loading or playback. So before
        releasing the AVPlayer, make sure to disassociate the current AVPlayerItem, which should
        cancel all activity in the AVPlayer.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::cancelLoad):

2017-07-07  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Remove data url handler for async load
        https://bugs.webkit.org/show_bug.cgi?id=174263

        data url is handled by ResourceLoader. No need for specific handling
        in platform dependent layer.

        Reviewed by Alex Christensen.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::startJob):

2017-07-07  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219257.

        The test added in the revision was still extreamly flaky on
        all testers.

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219257

2017-07-07  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219238, r219239, and r219241.
        https://bugs.webkit.org/show_bug.cgi?id=174265

        "fast/workers/dedicated-worker-lifecycle.html is flaky"
        (Requested by yusukesuzuki on #webkit).

        Reverted changesets:

        "[WTF] Implement WTF::ThreadGroup"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219238

        "Unreviewed, build fix after r219238"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219239

        "Unreviewed, CLoop build fix after r219238"
        https://bugs.webkit.org/show_bug.cgi?id=174081
        http://trac.webkit.org/changeset/219241

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-07  Charlie Turner  <cturner@igalia.com>

        [GStreamer] vid.me videos do not play
        https://bugs.webkit.org/show_bug.cgi?id=172240

        Reviewed by Xabier Rodriguez-Calvar.

        In r142251, code to hide the WK HTTP source elements from elsewhere in
        the pipeline was removed. This has the nasty side-effect of
        auto-plugging the WK HTTP source into things it really should not be
        used in, especially the adaptive streaming demuxers. The reasons this
        is bad are documented in several places on Bugzilla, see the parent
        bug report for more details. The high-level issue is that the WK HTTP
        source and its use of WebCore is not thread-safe. Although work has
        been recently done to improve this situation, it's still not perfect.

        Another issue is the interface hlsdemux expects its HTTP source to
        implement, specifically seeking in READY.

        This does rely on HTTP context sharing being available in GStreamer,
        upstream bug is here:
        https://bugzilla.gnome.org/show_bug.cgi?id=761099. The failing case
        can be demonstrated with
        https://github.com/thiagoss/adaptive-test-server but manual testing on
        popular video hosting sites, including vid.me, shows that this doesn't
        bite us at the moment, just something else to fix in the future.

        There are some QoS issues with the adaptive streaming code in
        GStreamer, but it seems much better to offer a below par QoS in lieu
        of crashing/livelocking when playing certain streams, and issues can be
        raised upstream when they arise.

        This patch does take us further away from the future goal of having all
        networking operations go through the network process, but in return it
        solves some nasty crashes and livelocks that have been irritating
        users for some time. With the pressure off on this issue, work can be
        planned to consider how to make the WK HTTP source a better citizen
        inside the GStreamer pipeline when we migrate the netcode to go
        through the network process.

        A new test is added to check that the single file HLS playlists
        (new in version 4) can be played, which was the primary cause of
        this bug report.

        Test: http/tests/media/hls/range-request.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Perform
        some trickery to make sure that we only ever fetch URLs handed to
        us by WebCore. Any further URLs discovered inside the pipeline
        will not get WKWS auto-plugged, since they'll be plain https?
        schemas.
        (WebCore::MediaPlayerPrivateGStreamer::load): Refactor to use the
        setPlaybinURL helper method.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Add
        the setPlaybinURL helper method.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcGetProtocols): Only advertise webkit+https?, this
        ensures we won't get auto-plugged by pipeline elements asking for
        an element to fetch https? resources (like adaptive demuxers).
        (convertPlaybinURI): Undo the trick when another element asks us
        for our URI.

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Implement WTF::ThreadGroup
        https://bugs.webkit.org/show_bug.cgi?id=174081

        Reviewed by Mark Lam.

        * page/ResourceUsageThread.h:

2017-07-06  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Clean up StringStatics.cpp by using LazyNeverDestroyed<> for Atoms
        https://bugs.webkit.org/show_bug.cgi?id=174150

        Reviewed by Mark Lam.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::captionDisplayMode):
        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::binaryType):
        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):
        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::language):
        (WebCore::AccessibilityObject::defaultLiveRegionStatusForRole):
        (WebCore::AccessibilityObject::actionVerb):
        (WebCore::AccessibilityObject::getAttribute):
        (WebCore::AccessibilityObject::placeholderValue):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::accessKey):
        (WebCore::AccessibilityObject::ariaLiveRegionRelevant):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::accessKey):
        (WebCore::AccessibilityRenderObject::actionVerb):
        * bindings/js/JSCustomElementInterface.cpp:
        (WebCore::JSCustomElementInterface::constructElementWithFallback):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::JSCustomElementRegistry::define):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDefaultValue):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsEmptyStringBody):
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::selectorText):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::valueName):
        * css/CSSSelector.cpp:
        (WebCore::simpleSelectorSpecificityInternal):
        (WebCore::CSSSelector::specificityForPage):
        (WebCore::CSSSelector::RareData::RareData):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::argument):
        * css/CSSSelectorList.cpp:
        (WebCore::SelectorNeedsNamespaceResolutionFunctor::operator()):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):
        (WebCore::RuleSet::addRule):
        * css/SelectorChecker.cpp:
        (WebCore::tagMatches):
        * css/SelectorFilter.cpp:
        (WebCore::collectDescendantSelectorIdentifierHashes):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertStringOrAuto):
        (WebCore::StyleBuilderConverter::convertStringOrNone):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueWebkitLocale):
        (WebCore::StyleBuilderCustom::applyValueWebkitTextEmphasisStyle):
        (WebCore::StyleBuilderCustom::applyValueContent):
        (WebCore::StyleBuilderCustom::applyValueAlt):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::namespaceURIFromPrefix):
        * css/makeprop.pl:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parsePageSelector):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumeCompoundSelector):
        (WebCore::CSSSelectorParser::consumeName):
        (WebCore::CSSSelectorParser::consumeAttribute):
        (WebCore::CSSSelectorParser::defaultNamespace):
        (WebCore::CSSSelectorParser::determineNamespace):
        (WebCore::CSSSelectorParser::prependTypeSelectorIfNeeded):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::attributeNameTestingRequiresNamespaceRegister):
        (WebCore::SelectorCompiler::equalTagNames):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName):
        * dom/Attr.cpp:
        (WebCore::Attr::setPrefix):
        (WebCore::Attr::attachToElement):
        * dom/Attribute.h:
        (WebCore::Attribute::nameMatchesFilter):
        * dom/ConstantPropertyMap.cpp:
        (WebCore::ConstantPropertyMap::nameForProperty):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByTagNameNS):
        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionQueue::enqueuePostUpgradeReactions):
        * dom/DatasetDOMStringMap.cpp:
        (WebCore::convertPropertyNameToAttributeName):
        * dom/Document.cpp:
        (WebCore::createUpgradeCandidateElement):
        (WebCore::Document::createElementForBindings):
        (WebCore::Document::importNode):
        (WebCore::Document::hasValidNamespaceForElements):
        (WebCore::Document::processBaseElement):
        (WebCore::Document::dir):
        (WebCore::Document::bgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::vlinkColor):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::setBooleanAttribute):
        (WebCore::Element::synchronizeAttribute):
        (WebCore::Element::getAttribute):
        (WebCore::Element::getAttributeNS):
        (WebCore::Element::setAttribute):
        (WebCore::Element::parserSetAttributes):
        (WebCore::Element::didMoveToNewDocument):
        (WebCore::Element::setPrefix):
        (WebCore::Element::insertedInto):
        (WebCore::Element::removedFrom):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttributeNS):
        (WebCore::Element::getAttributeNodeNS):
        (WebCore::Element::hasAttributeNS):
        (WebCore::Element::computeInheritedLanguage):
        (WebCore::Element::updateNameForDocument):
        (WebCore::Element::updateIdForDocument):
        (WebCore::Element::didAddAttribute):
        (WebCore::Element::didRemoveAttribute):
        (WebCore::Element::cloneAttributesFromElement):
        * dom/Element.h:
        (WebCore::Element::attributeWithoutSynchronization):
        (WebCore::Element::idForStyleResolution):
        (WebCore::Element::getIdAttribute):
        (WebCore::Element::getNameAttribute):
        * dom/EventTarget.cpp:
        (WebCore::legacyType):
        * dom/MutationRecord.h:
        (WebCore::MutationRecord::attributeName):
        (WebCore::MutationRecord::attributeNamespace):
        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::removeNamedItemNS):
        * dom/Node.cpp:
        (WebCore::Node::prefix):
        (WebCore::Node::localName):
        (WebCore::Node::namespaceURI):
        (WebCore::Node::checkSetPrefix):
        (WebCore::locateDefaultNamespace):
        (WebCore::Node::isDefaultNamespace):
        (WebCore::Node::lookupNamespaceURI):
        (WebCore::locateNamespacePrefix):
        (WebCore::Node::lookupPrefix):
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::addCachedCollection):
        (WebCore::NodeListsNodeData::cachedCollection):
        (WebCore::NodeListsNodeData::removeCacheWithAtomicName):
        (WebCore::NodeListsNodeData::removeCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::removeCachedCollection):
        * dom/PseudoElement.cpp:
        (WebCore::pseudoElementTagName):
        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::init):
        (WebCore::nullQName):
        (WebCore::createQualifiedName):
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::hasPrefix):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeSingleTagNameSelectorData):
        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromAttributeValue):
        * dom/SlotAssignment.h:
        (WebCore::SlotAssignment::defaultSlotName):
        (WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost):
        (WebCore::ShadowRoot::didChangeDefaultSlot):
        * dom/TagCollection.cpp:
        (WebCore::TagCollection::TagCollection):
        (WebCore::HTMLTagCollection::HTMLTagCollection):
        * dom/TagCollection.h:
        (WebCore::TagCollectionNS::elementMatches):
        * dom/make_names.pl:
        (printNamesCppFile):
        (printDefinitions):
        (printFactoryCppFile):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNodeAttribute):
        * editing/Editing.cpp:
        (WebCore::createHTMLElement):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
        (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
        (WebCore::MarkupAccumulator::shouldAddNamespaceAttribute):
        (WebCore::MarkupAccumulator::appendNamespace):
        (WebCore::MarkupAccumulator::appendOpenTag):
        (WebCore::MarkupAccumulator::appendAttribute):
        * editing/gtk/EditorGtk.cpp:
        (WebCore::elementURL):
        * editing/markup.cpp:
        (WebCore::AttributeChange::AttributeChange):
        * html/Autocapitalize.cpp:
        (WebCore::stringForAutocapitalizeType):
        * html/Autofill.cpp:
        (WebCore::AutofillData::createFromHTMLFormControlElement):
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::item):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::name):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::formControlType):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::toggleOpen):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::isCaseSensitiveAttribute):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::eventNameForEventHandlerAttribute):
        (WebCore::toValidDirValue):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::name):
        (WebCore::HTMLInputElement::updateType):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::name):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setMultiple):
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::scope):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::~LabelsNodeList):
        * html/MediaController.cpp:
        (MediaController::playbackState):
        (eventNameForReadyState):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        * html/parser/AtomicHTMLToken.h:
        (WebCore::AtomicHTMLToken::initializeAttributes):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createElement):
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces):
        (WebCore::parseHTMLHashNameReference):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createForeignAttributesMap):
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::id):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::captionMenuOffItem):
        (WebCore::TextTrack::captionMenuAutomaticItem):
        * html/track/TrackBase.cpp:
        (WebCore::MediaTrackBase::setKindInternal):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        * html/track/WebVTTElement.cpp:
        (WebCore::nodeTypeToTagName):
        * html/track/WebVTTElement.h:
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::StartTag):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        * loader/FrameLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::clearFailedLoadURL):
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::showModalDialog):
        * page/EventHandler.cpp:
        (WebCore::eventNameForTouchPointState):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::setName):
        (WebCore::FrameTree::clearName):
        * page/Page.cpp:
        (WebCore::Page::groupName):
        * platform/graphics/ComplexTextController.cpp:
        (WebCore::ComplexTextController::offsetForPosition):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::alternateFamilyName):
        * platform/graphics/FontDescription.h:
        (WebCore::FontCascadeDescription::initialLocale):
        * platform/graphics/FontGenericFamilies.cpp:
        (WebCore::genericFontFamilyForScript):
        * platform/graphics/InbandTextTrackPrivate.h:
        (WebCore::InbandTextTrackPrivate::inBandMetadataTrackDispatchType):
        * platform/graphics/TrackPrivateBase.h:
        (WebCore::TrackPrivateBase::id):
        (WebCore::TrackPrivateBase::label):
        (WebCore::TrackPrivateBase::language):
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        (WebCore::AVTrackPrivateAVFObjCImpl::id):
        (WebCore::AVTrackPrivateAVFObjCImpl::label):
        (WebCore::AVTrackPrivateAVFObjCImpl::language):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::label):
        (WebCore::InbandTextTrackPrivateAVCF::language):
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVCF::label):
        (WebCore::InbandTextTrackPrivateLegacyAVCF::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::label):
        (WebCore::InbandTextTrackPrivateAVFObjC::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::label):
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::language):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::metadataType):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::create):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/mediastream/AudioTrackPrivateMediaStream.h:
        * platform/mediastream/RealtimeMediaSourceSettings.cpp:
        (WebCore::RealtimeMediaSourceSettings::facingMode):
        * platform/mediastream/VideoTrackPrivateMediaStream.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::linkSuggestedFilename):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::markerText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffset):
        (WebCore::RenderText::nextOffset):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::textEmphasisMarkString):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::initialHyphenationString):
        (WebCore::RenderStyle::initialTextEmphasisCustomMark):
        (WebCore::RenderStyle::initialContentAltText):
        (WebCore::RenderStyle::initialLineGrid):
        (WebCore::RenderStyle::initialFlowThread):
        (WebCore::RenderStyle::initialRegionThread):
        * style/StyleScope.cpp:
        (WebCore::Style::Scope::collectActiveStyleSheets):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::getPresentationAttribute):
        * svg/SVGElement.h:
        (WebCore::SVGAttributeHashTranslator::hash):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::transferSizeAttributesToTargetClone):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::constructAttributeName):
        * testing/MockCDMFactory.cpp:
        (WebCore::MockCDMInstance::requestLicense):
        * xml/XMLErrors.cpp:
        (WebCore::createXHTMLParserErrorHeader):
        * xml/XPathStep.cpp:
        (WebCore::XPath::nodeMatchesBasicTest):
        (WebCore::XPath::Step::nodesInAxis):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::handleNamespaceAttributes):
        (WebCore::handleElementAttributes):

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Drop unnecessary uses of targetStatistics.dataRecordsRemoved in ResourceLoadObserver
        https://bugs.webkit.org/show_bug.cgi?id=174234

        Reviewed by Brent Fulgham.

        Drop unnecessary uses of targetStatistics.dataRecordsRemoved in ResourceLoadObserver. It is
        always 0 since this member is only initialized later on, in the UIProcess.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):

2017-07-06  Yoav Weiss  <yoav@yoav.ws>

        [preload] Avoid reflecting "video" and "audio" when they are not supported `as` value
        https://bugs.webkit.org/show_bug.cgi?id=174199

        Reviewed by Youenn Fablet.

        No new tests as video/audio is supported in tests. I tested this manually.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::as): Make sure "video" and "audio" will not be reflected when they are not supported.

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Drop unused ResourceLoadStatistics members
        https://bugs.webkit.org/show_bug.cgi?id=174226

        Reviewed by Brent Fulgham.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::isPrevalentResource): Deleted.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
        * loader/ResourceLoadStatistics.h:

2017-07-06  Youenn Fablet  <youenn@apple.com>

        Rendering of WebRTC audio in AudioSampleDataSource may trigger crackles
        https://bugs.webkit.org/show_bug.cgi?id=174223

        Reviewed by Eric Carlson.

        We try reading too quickly and need to back off a little bit if we do not enough data.
        This only affects real audio and not web audio, hence validated through manual testing only.

        * platform/audio/mac/AudioSampleDataSource.mm:
        (WebCore::AudioSampleDataSource::pullSamplesInternal):

2017-07-06  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for WebGL code dealing with WebGL extensions
        https://bugs.webkit.org/show_bug.cgi?id=174186

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Update files. Categorize some of the remaining custom bindings into groups.

        * bindings/IDLTypes.h:
        Add a IDLWebGLExtension type, to model the special WebGLExtension type. In
        the future, WebGLExtension can probably be replaced by a Variant.
        
        * bindings/js/JSDOMConvertWebGL.cpp: Added.
        Move WebGLAny's convertToJSValue and add a convertToJSValue for WebGLExtension.

        * bindings/js/JSDOMConvertWebGL.h:
        (WebCore::convertToJSValue):
        Since WebGLExtension is a wrapper type, we need both a pointer and reference variant
        of the conversion.

        (WebCore::JSConverter<IDLWebGLExtension>::convert):
        Added.

        * bindings/js/JSWebGL2RenderingContextCustom.cpp:
        (WebCore::toJS): Deleted.
        (WebCore::JSWebGL2RenderingContext::getExtension): Deleted.
        Remove custom operation and converter.

        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::toJS): Deleted.
        (WebCore::JSWebGLRenderingContext::getExtension): Deleted.
        Remove custom operation and converter.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Add support for IDLWebGLExtension.

        * html/canvas/WebGLAny.cpp: Removed.
        * html/canvas/WebGLAny.h:
        Moved convertToJSValue to the bindings where it belongs.

        * html/canvas/WebGLRenderingContextBase.idl:
        Annotate getExtension with [OverrideIDLType=IDLWebGLExtension].

2017-07-06  Joseph Pecoraro  <pecoraro@apple.com>

        [Cocoa] CTParagraphStyle leak under WebCore::LinkImageLayout::LinkImageLayout
        https://bugs.webkit.org/show_bug.cgi?id=174228

        Reviewed by Andreas Kling.

        * platform/mac/DragImageMac.mm:
        (WebCore::LinkImageLayout::LinkImageLayout):

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Improve performance of font lookups
        https://bugs.webkit.org/show_bug.cgi?id=173960
        <rdar://problem/31996891>

        Reviewed by Darin Adler.

        Looking up kCTFontPostScriptNameAttribute is faster than kCTFontNameAttribute.

        No new tests because there is no behavior change.

        * platform/spi/cocoa/CoreTextSPI.h:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontDatabase::fontForPostScriptName):

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(r216944): Font loads can cause Chinese characters to draw as .notdef
        https://bugs.webkit.org/show_bug.cgi?id=173962
        <rdar://problem/32925318>

        Reviewed by Simon Fraser.

        Previously, there was no signalling between our font loading code
        which determined whether or not a font should be invisible (because
        its in the middle of loading) and our system fallback code which
        created fonts when we fall off the end of the fallback list. Because
        of this, we were doing two things wrong:

        1. When we started downloading a font, we would try to use a fallback
        font. However, if the fallback font didn't suppor the character we're
        trying to render, we would just bail and draw .notdef
        2. Even if we continued down the fallback list, and fell of the end,
        we wouldn't realize that the system fallback font should also be drawn
        as invisible.

        This patch solves these two problems by:
        1. Performing a search to find the best (local) fallback font with
        which to fall systemFallbackFontForCharacter(). This way, if you say
        "font-family: 'RemoteFont', 'Helvetica'" we will use Helvetica as
        the lookup to ask the system to search for.
        2. Give the Font class an accessor which can create a duplicate, but
        invisible font. Give FontCascadeFonts::glyphDataForVariant() the
        correct tracking to know when to use this invisible duplicate.

        Tests: fast/text/font-loading-system-fallback.html
               http/tests/webfont/font-loading-system-fallback-visibility.html

        * platform/graphics/Font.cpp:
        (WebCore::Font::invisibleFont):
        * platform/graphics/Font.h:
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::findBestFallbackFont):
        (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
        (WebCore::FontCascadeFonts::glyphDataForVariant):
        * platform/graphics/FontCascadeFonts.h:

2017-07-06  Chris Dumez  <cdumez@apple.com>

        FileMonitor should not be ref counted
        https://bugs.webkit.org/show_bug.cgi?id=174166

        Reviewed by Brent Fulgham.

        Update FileMonitor to no longer be refcounted. It was previously easy to leak it
        because the object would ref itself in various lambdas. The client would have to
        explicitely call FileMonitor::stopMonitoring() which was fragile.

        This patch also simplifies the code and API a bit since no longer actually
        requires startMonitoring() / stopMonitoring() API.

        No new tests, covered by API tests.

        * platform/FileMonitor.cpp:
        (WebCore::FileMonitor::FileMonitor):
        (WebCore::FileMonitor::~FileMonitor):
        (WebCore::FileMonitor::create): Deleted.
        (WebCore::FileMonitor::startMonitoring): Deleted.
        (WebCore::FileMonitor::stopMonitoring): Deleted.
        * platform/FileMonitor.h:
        * platform/cocoa/FileMonitorCocoa.mm:
        (WebCore::FileMonitor::FileMonitor):
        (WebCore::FileMonitor::~FileMonitor):
        (WebCore::FileMonitor::startMonitoring): Deleted.
        (WebCore::FileMonitor::stopMonitoring): Deleted.

2017-07-06  Matt Rajca  <mrajca@apple.com>

        Fix build with VIDEO support disabled.
        https://bugs.webkit.org/show_bug.cgi?id=174217

        Unreviewed build fix.

        * page/Page.cpp:

2017-07-06  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219193.

        The tests added with this revision were extreamly flaky on all
        platforms.

        Reverted changeset:

        "[SVG] Leak in SVGAnimatedListPropertyTearOff"
        https://bugs.webkit.org/show_bug.cgi?id=172545
        http://trac.webkit.org/changeset/219193

2017-07-06  Zalan Bujtas  <zalan@apple.com>

        Use WTFLogAlways for debug logging so that it shows up in device system logs
        https://bugs.webkit.org/show_bug.cgi?id=173450

        Reviewed by Simon Fraser.

        If you want to showRenderTree() on-device, the result doesn't show in system log so you can't see it.
        Switch to WTFLogAlways to fix this, for showRenderTree and its dependencies.
        
        * platform/text/TextStream.cpp:
        (WebCore::writeIndent):
        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::showLineTreeAndMark):
        (WebCore::InlineBox::showLineBox):
        * rendering/InlineBox.h:
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::showLineTreeAndMark):
        * rendering/InlineFlowBox.h:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::showLineBox):
        * rendering/InlineTextBox.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::showLineTreeAndMark):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderObject.cpp:
        (WebCore::showRenderTreeLegend):
        (WebCore::RenderObject::showRenderTreeForThis):
        (WebCore::RenderObject::showLineTreeForThis):
        (WebCore::RenderObject::showRegionsInformation):
        (WebCore::RenderObject::showRenderObject):
        (WebCore::RenderObject::showRenderSubTreeAndMark):
        * rendering/RenderObject.h:
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::printPrefix):
        (WebCore::SimpleLineLayout::showLineLayoutForFlow):
        * rendering/SimpleLineLayoutFunctions.h:

2017-07-06  Myles C. Maxfield  <mmaxfield@apple.com>

        Unify FontCascadeFonts::glyphDataForVariant() and FontCascadeFonts::glyphDataForNormalVariant()
        https://bugs.webkit.org/show_bug.cgi?id=174213

        Reviewed by Zalan Bujtas.

        They have almost identical code. This is in preparation for https://bugs.webkit.org/show_bug.cgi?id=173962

        No new tests because there is no behavior change.

        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::FontCascadeFonts::glyphDataForVariant):
        (WebCore::FontCascadeFonts::glyphDataForCharacter):
        (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Deleted.
        * platform/graphics/FontCascadeFonts.h:

2017-07-06  Don Olmstead  <don.olmstead@sony.com>

        [PAL] Move KillRing into PAL
        https://bugs.webkit.org/show_bug.cgi?id=173900

        Reviewed by Myles C. Maxfield.

        No new tests. No change in functionality.

        * Configurations/WebCore.xcconfig:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::Editor):
        * editing/Editor.h:
        (WebCore::Editor::killRing):
        * editing/EditorCommand.cpp:

2017-07-06  Devin Rousso  <drousso@apple.com>

        Web Inspector: Support getting the content of WebGL/WebGL2 contexts
        https://bugs.webkit.org/show_bug.cgi?id=173569
        <rdar://problem/33112420>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/requestContent-2d.html
               inspector/canvas/requestContent-webgl.html
               inspector/canvas/requestContent-webgl2.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::clearIfComposited):
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::WebGLRenderingContextBase::preventBufferClearForInspector):
        (WebCore::WebGLRenderingContextBase::setPreventBufferClearForInspector):
        Add a flag that will prevent the context buffer from being cleared, allowing it to be copied
        within a toDataURL call. This is currently only used by InspectorCanvasAgent::requestContent.

        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestContent):
        Since toDataURL attempts to force the canvas to redraw, we can preserve the buffer after it
        finishes drawing so that it can be copied, instead of it normally being swapped out.

2017-07-06  Chris Dumez  <cdumez@apple.com>

        Move ResourceLoadObserver notification throttling logic from WebProcess class to ResourceLoadObserver
        https://bugs.webkit.org/show_bug.cgi?id=174194

        Reviewed by Brent Fulgham.

        Move ResourceLoadObserver notification throttling logic from WebProcess class to
        ResourceLoadObserver. This makes more sense and decreases the complexity of the
        WebProcess class.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::setNotificationCallback):
        (WebCore::ResourceLoadObserver::ResourceLoadObserver):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::scheduleNotificationIfNeeded):
        (WebCore::ResourceLoadObserver::notificationTimerFired):
        * loader/ResourceLoadObserver.h:

2017-07-06  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r208511): RenderImageResourceStyleImage should not assume image() won't return null if its m_cachedImage is valid
        https://bugs.webkit.org/show_bug.cgi?id=174168

        Reviewed by Simon Fraser.

        RenderImageResourceStyleImage::image() may return a null pointer even if
        its m_cachedImage is not null. The revision r208511, changed the function
        RenderImageResourceStyleImage::shutdown() so it calls Image::stopAnimation().
        But this change assumes that if m_cachedImage is not null then image() will
        return a valid pointer. This is not true because StyleCachedImage::isPending()
        can return true and hence, RenderImageResourceStyleImage::image() will return
        a null pointer.

        * rendering/RenderImageResourceStyleImage.cpp:
        (WebCore::RenderImageResourceStyleImage::image): Like what RenderImageResource
        does, return Image::nullImage() if m_styleImage->isPending().

2017-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219201.
        https://bugs.webkit.org/show_bug.cgi?id=174211

        "Causes crashes on Release builds and API tests" (Requested by
        ddkilzer on #webkit).

        Reverted changeset:

        "Add release assert to explore crash for
        <rdar://problem/32908525>"
        http://trac.webkit.org/changeset/219201

2017-07-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219194.
        https://bugs.webkit.org/show_bug.cgi?id=174207

        it broke some layout tests (Requested by clopez on #webkit).

        Reverted changeset:

        "[GStreamer] vid.me videos do not play"
        https://bugs.webkit.org/show_bug.cgi?id=172240
        http://trac.webkit.org/changeset/219194

2017-07-06  David Kilzer  <ddkilzer@apple.com>

        Add release assert to explore crash for <rdar://problem/32908525>

        Reviewed by Brady Eidson.

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): Add
        release assert to catch cases when the IDBBackingStore is not
        deleted before the UniqueIDBDatabase is destroyed.  The
        IDBBackingStore should always be released on the database
        thread.

2017-07-06  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219178.

        This caused a consistent failure with the API test
        StringBuilderTest.ToAtomicStringOnEmpty on all Debug testers.

        Reverted changeset:

        "[WTF] Clean up StringStatics.cpp by using
        LazyNeverDestroyed<> for Atoms"
        https://bugs.webkit.org/show_bug.cgi?id=174150
        http://trac.webkit.org/changeset/219178

2017-07-06  Charlie Turner  <cturner@igalia.com>

        [GStreamer] vid.me videos do not play
        https://bugs.webkit.org/show_bug.cgi?id=172240

        Reviewed by Xabier Rodriguez-Calvar.

        In r142251, code to hide the WK HTTP source elements from elsewhere in
        the pipeline was removed. This has the nasty side-effect of
        auto-plugging the WK HTTP source into things it really should not be
        used in, especially the adaptive streaming demuxers. The reasons this
        is bad are documented in several places on Bugzilla, see the parent
        bug report for more details. The high-level issue is that the WK HTTP
        source and its use of WebCore is not thread-safe. Although work has
        been recently done to improve this situation, it's still not perfect.

        Another issue is the interface hlsdemux expects its HTTP source to
        implement, specifically seeking in READY.

        This does rely on HTTP context sharing being available in GStreamer,
        upstream bug is here:
        https://bugzilla.gnome.org/show_bug.cgi?id=761099. The failing case
        can be demonstrated with
        https://github.com/thiagoss/adaptive-test-server but manual testing on
        popular video hosting sites, including vid.me, shows that this doesn't
        bite us at the moment, just something else to fix in the future.

        There are some QoS issues with the adaptive streaming code in
        GStreamer, but it seems much better to offer a below par QoS in lieu
        of crashing/livelocking when playing certain streams, and issues can be
        raised upstream when they arise.

        This patch does take us further away from the future goal of having all
        networking operations go through the network process, but in return it
        solves some nasty crashes and livelocks that have been irritating
        users for some time. With the pressure off on this issue, work can be
        planned to consider how to make the WK HTTP source a better citizen
        inside the GStreamer pipeline when we migrate the netcode to go
        through the network process.

        A new test is added to check that the single file HLS playlists
        (new in version 4) can be played, which was the primary cause of
        this bug report.

        Test: http/tests/media/hls/range-request.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::setPlaybinURL): Perform
        some trickery to make sure that we only ever fetch URLs handed to
        us by WebCore. Any further URLs discovered inside the pipeline
        will not get WKWS auto-plugged, since they'll be plain https?
        schemas.
        (WebCore::MediaPlayerPrivateGStreamer::load): Refactor to use the
        setPlaybinURL helper method.
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Add
        the setPlaybinURL helper method.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcGetProtocols): Only advertise webkit+https?, this
        ensures we won't get auto-plugged by pipeline elements asking for
        an element to fetch https? resources (like adaptive demuxers).
        (convertPlaybinURI): Undo the trick when another element asks us
        for our URI.

2017-05-24  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Said Abou-Hallawa.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        We should detach those wrappers in propertyWillBeDeleted() in order to break the cycle.

        * svg/properties/SVGAnimatedListPropertyTearOff.h:

2017-07-05  Don Olmstead  <don.olmstead@sony.com>

        [WTF] Move SoftLinking.h into WTF
        https://bugs.webkit.org/show_bug.cgi?id=174000

        Reviewed by Alex Christensen.

        No new tests. No change in functionality

        * Modules/applepay/PaymentRequest.cpp:
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
        * Modules/encryptedmedia/legacy/LegacyCDMPrivateMediaPlayer.cpp:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/EditorCocoa.mm:
        * editing/cocoa/HTMLConverter.mm:
        * editing/ios/EditorIOS.mm:
        * page/CaptionUserPreferencesMediaAF.cpp:
        * page/cocoa/SettingsCocoa.mm:
        * page/ios/UserAgentIOS.mm:
        * page/mac/ServicesOverlayController.mm:
        * platform/audio/ios/AudioDestinationIOS.cpp:
        * platform/audio/ios/AudioFileReaderIOS.cpp:
        * platform/audio/ios/AudioSessionIOS.mm:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        * platform/cf/CoreMediaSoftLink.cpp:
        * platform/cf/CoreMediaSoftLink.h:
        * platform/cf/MediaAccessibilitySoftLink.cpp:
        * platform/cf/MediaAccessibilitySoftLink.h:
        * platform/cocoa/ContentFilterUnblockHandlerCocoa.mm:
        * platform/cocoa/CoreVideoSoftLink.cpp:
        * platform/cocoa/CoreVideoSoftLink.h:
        * platform/cocoa/DataDetectorsCoreSoftLink.h:
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        * platform/cocoa/ParentalControlsContentFilter.mm:
        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
        * platform/cocoa/VideoToolboxSoftLink.cpp:
        * platform/cocoa/VideoToolboxSoftLink.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        * platform/gamepad/cocoa/GameControllerGamepadProvider.mm:
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        * platform/graphics/avfoundation/MediaPlaybackTargetMac.mm:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        * platform/graphics/cv/PixelBufferConformerCV.cpp:
        * platform/graphics/ios/FontCacheIOS.mm:
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        * platform/graphics/mac/FontCacheMac.mm:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        * platform/graphics/mac/MediaTimeQTKit.mm:
        * platform/graphics/mac/PDFDocumentImageMac.mm:
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        * platform/ios/DragImageIOS.mm:
        * platform/ios/PlatformPasteboardIOS.mm:
        * platform/ios/PlatformScreenIOS.mm:
        * platform/ios/PlatformSpeechSynthesizerIOS.mm:
        * platform/ios/QuickLookSoftLink.h:
        * platform/ios/QuickLookSoftLink.mm:
        * platform/ios/RemoteCommandListenerIOS.mm:
        * platform/ios/ThemeIOS.mm:
        * platform/ios/ValidationBubbleIOS.mm:
        * platform/ios/WebCoreMotionManager.mm:
        * platform/ios/WebItemProviderPasteboard.mm:
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        * platform/mac/DragImageMac.mm:
        * platform/mac/MediaRemoteSoftLink.cpp:
        * platform/mac/MediaRemoteSoftLink.h:
        * platform/mac/SerializedPlatformRepresentationMac.mm:
        * platform/mac/WebPlaybackControlsManager.mm:
        * platform/mac/WebVideoFullscreenController.mm:
        * platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:
        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.mm:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        * platform/network/cf/CookieJarCFNet.cpp:
        * platform/network/ios/NetworkStateNotifierIOS.mm:
        * platform/network/ios/PreviewConverter.mm:
        * platform/network/mac/BlobDataFileReferenceMac.mm:
        * platform/spi/cocoa/AVKitSPI.h:
        (-[AVTouchBarPlaybackControlsControlling NS_ENUM]): Deleted.
        * platform/spi/cocoa/NSAttributedStringSPI.h:
        * platform/spi/ios/DataDetectorsUISPI.h:
        * platform/spi/mac/AVFoundationSPI.h:
        * platform/spi/mac/DataDetectorsSPI.h:
        * platform/spi/mac/LookupSPI.h:
        * platform/spi/mac/TUCallSPI.h:
        * platform/win/ScrollbarThemeWin.cpp:
        * rendering/RenderThemeCocoa.mm:
        * rendering/RenderThemeIOS.mm:
        * rendering/RenderThemeWin.cpp:
        * testing/Internals.mm:
        * xml/XSLStyleSheetLibxslt.cpp:
        * xml/XSLTExtensions.cpp:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/XSLTUnicodeSort.cpp:

2017-07-05  Zalan Bujtas  <zalan@apple.com>

        REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books.
        https://bugs.webkit.org/show_bug.cgi?id=174144
        <rdar://problem/32781038>

        Reviewed by Simon Fraser.

        We set the start/end margin on the ruby renderer to support overhanging content. The margins ensure that
        adjacent boxes on the line are placed properly respecting the overhanging content.
        The line breaking algorithm also takes this value into account as it affects the line's available width.
        We need to reset this value before laying out the lines, otherwise we might end up using this value on the line twice;
        first as the renderer's margins (as the result of the previous layout) and second as the renderer's overhanging value.
        Since this is not strictly part of the renderer's layout context (i.e. we set them during the line layout and not at
        RenderRubyRun::layout) we can't rely on the ruby's layout logic to reset them.

        Test: fast/ruby/ruby-overhang-margin-crash.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::layoutLineBoxes):

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        Upgrade GCC baseline
        https://bugs.webkit.org/show_bug.cgi?id=174155

        Reviewed by Michael Catanzaro.

        Remove workaround for old GCC.

        * CMakeLists.txt:

2017-07-05  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix iOS build after r219177.

        * page/ios/UserAgentIOS.mm:
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix iOS build after r219177.

        * page/ios/UserAgentIOS.mm:
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use std::lock_guard instead of std::unique_lock if move semantics and try_lock is not necessary
        https://bugs.webkit.org/show_bug.cgi?id=174148

        Reviewed by Mark Lam.

        * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
        (WebCore::AudioSourceProviderAVFObjC::~AudioSourceProviderAVFObjC):

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Clean up StringStatics.cpp by using LazyNeverDestroyed<> for Atoms
        https://bugs.webkit.org/show_bug.cgi?id=174150

        Reviewed by Mark Lam.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::captionDisplayMode):
        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::binaryType):
        * accessibility/AXObjectCache.cpp:
        (WebCore::createFromRenderer):
        * accessibility/AccessibilityMediaControls.cpp:
        (WebCore::AccessibilityMediaControl::controlTypeName):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::language):
        (WebCore::AccessibilityObject::defaultLiveRegionStatusForRole):
        (WebCore::AccessibilityObject::actionVerb):
        (WebCore::AccessibilityObject::getAttribute):
        (WebCore::AccessibilityObject::placeholderValue):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::accessKey):
        (WebCore::AccessibilityObject::ariaLiveRegionRelevant):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::accessKey):
        (WebCore::AccessibilityRenderObject::actionVerb):
        * bindings/js/JSCustomElementInterface.cpp:
        (WebCore::JSCustomElementInterface::constructElementWithFallback):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::JSCustomElementRegistry::define):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDefaultValue):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsNullBody):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalAtomicStringIsEmptyStringBody):
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::selectorText):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::valueName):
        * css/CSSSelector.cpp:
        (WebCore::simpleSelectorSpecificityInternal):
        (WebCore::CSSSelector::specificityForPage):
        (WebCore::CSSSelector::RareData::RareData):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::argument):
        * css/CSSSelectorList.cpp:
        (WebCore::SelectorNeedsNamespaceResolutionFunctor::operator()):
        * css/PageRuleCollector.cpp:
        (WebCore::checkPageSelectorComponents):
        * css/RuleSet.cpp:
        (WebCore::computeMatchBasedOnRuleHash):
        (WebCore::RuleSet::addRule):
        * css/SelectorChecker.cpp:
        (WebCore::tagMatches):
        * css/SelectorFilter.cpp:
        (WebCore::collectDescendantSelectorIdentifierHashes):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertStringOrAuto):
        (WebCore::StyleBuilderConverter::convertStringOrNone):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueWebkitLocale):
        (WebCore::StyleBuilderCustom::applyValueWebkitTextEmphasisStyle):
        (WebCore::StyleBuilderCustom::applyValueContent):
        (WebCore::StyleBuilderCustom::applyValueAlt):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::namespaceURIFromPrefix):
        * css/makeprop.pl:
        * css/parser/CSSParserImpl.cpp:
        (WebCore::CSSParserImpl::parsePageSelector):
        * css/parser/CSSSelectorParser.cpp:
        (WebCore::CSSSelectorParser::consumeCompoundSelector):
        (WebCore::CSSSelectorParser::consumeName):
        (WebCore::CSSSelectorParser::consumeAttribute):
        (WebCore::CSSSelectorParser::defaultNamespace):
        (WebCore::CSSSelectorParser::determineNamespace):
        (WebCore::CSSSelectorParser::prependTypeSelectorIfNeeded):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::attributeNameTestingRequiresNamespaceRegister):
        (WebCore::SelectorCompiler::equalTagNames):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName):
        * dom/Attr.cpp:
        (WebCore::Attr::setPrefix):
        (WebCore::Attr::attachToElement):
        * dom/Attribute.h:
        (WebCore::Attribute::nameMatchesFilter):
        * dom/ConstantPropertyMap.cpp:
        (WebCore::ConstantPropertyMap::nameForProperty):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::getElementsByTagName):
        (WebCore::ContainerNode::getElementsByTagNameNS):
        * dom/CustomElementReactionQueue.cpp:
        (WebCore::CustomElementReactionQueue::enqueuePostUpgradeReactions):
        * dom/DatasetDOMStringMap.cpp:
        (WebCore::convertPropertyNameToAttributeName):
        * dom/Document.cpp:
        (WebCore::createUpgradeCandidateElement):
        (WebCore::Document::createElementForBindings):
        (WebCore::Document::importNode):
        (WebCore::Document::hasValidNamespaceForElements):
        (WebCore::Document::processBaseElement):
        (WebCore::Document::dir):
        (WebCore::Document::bgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::vlinkColor):
        * dom/Document.h:
        * dom/Element.cpp:
        (WebCore::Element::setBooleanAttribute):
        (WebCore::Element::synchronizeAttribute):
        (WebCore::Element::getAttribute):
        (WebCore::Element::getAttributeNS):
        (WebCore::Element::setAttribute):
        (WebCore::Element::parserSetAttributes):
        (WebCore::Element::didMoveToNewDocument):
        (WebCore::Element::setPrefix):
        (WebCore::Element::insertedInto):
        (WebCore::Element::removedFrom):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttributeNS):
        (WebCore::Element::getAttributeNodeNS):
        (WebCore::Element::hasAttributeNS):
        (WebCore::Element::computeInheritedLanguage):
        (WebCore::Element::updateNameForDocument):
        (WebCore::Element::updateIdForDocument):
        (WebCore::Element::didAddAttribute):
        (WebCore::Element::didRemoveAttribute):
        (WebCore::Element::cloneAttributesFromElement):
        * dom/Element.h:
        (WebCore::Element::attributeWithoutSynchronization):
        (WebCore::Element::idForStyleResolution):
        (WebCore::Element::getIdAttribute):
        (WebCore::Element::getNameAttribute):
        * dom/EventTarget.cpp:
        (WebCore::legacyType):
        * dom/MutationRecord.h:
        (WebCore::MutationRecord::attributeName):
        (WebCore::MutationRecord::attributeNamespace):
        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::removeNamedItemNS):
        * dom/Node.cpp:
        (WebCore::Node::prefix):
        (WebCore::Node::localName):
        (WebCore::Node::namespaceURI):
        (WebCore::Node::checkSetPrefix):
        (WebCore::locateDefaultNamespace):
        (WebCore::Node::isDefaultNamespace):
        (WebCore::Node::lookupNamespaceURI):
        (WebCore::locateNamespacePrefix):
        (WebCore::Node::lookupPrefix):
        * dom/NodeRareData.h:
        (WebCore::NodeListsNodeData::addCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::addCachedCollection):
        (WebCore::NodeListsNodeData::cachedCollection):
        (WebCore::NodeListsNodeData::removeCacheWithAtomicName):
        (WebCore::NodeListsNodeData::removeCachedTagCollectionNS):
        (WebCore::NodeListsNodeData::removeCachedCollection):
        * dom/PseudoElement.cpp:
        (WebCore::pseudoElementTagName):
        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::init):
        (WebCore::nullQName):
        (WebCore::createQualifiedName):
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::hasPrefix):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::executeSingleTagNameSelectorData):
        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromAttributeValue):
        * dom/SlotAssignment.h:
        (WebCore::SlotAssignment::defaultSlotName):
        (WebCore::ShadowRoot::didRemoveAllChildrenOfShadowHost):
        (WebCore::ShadowRoot::didChangeDefaultSlot):
        * dom/TagCollection.cpp:
        (WebCore::TagCollection::TagCollection):
        (WebCore::HTMLTagCollection::HTMLTagCollection):
        * dom/TagCollection.h:
        (WebCore::TagCollectionNS::elementMatches):
        * dom/make_names.pl:
        (printNamesCppFile):
        (printDefinitions):
        (printFactoryCppFile):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNodeAttribute):
        * editing/Editing.cpp:
        (WebCore::createHTMLElement):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
        (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
        (WebCore::MarkupAccumulator::shouldAddNamespaceAttribute):
        (WebCore::MarkupAccumulator::appendNamespace):
        (WebCore::MarkupAccumulator::appendOpenTag):
        (WebCore::MarkupAccumulator::appendAttribute):
        * editing/gtk/EditorGtk.cpp:
        (WebCore::elementURL):
        * editing/markup.cpp:
        (WebCore::AttributeChange::AttributeChange):
        * html/Autocapitalize.cpp:
        (WebCore::stringForAutocapitalizeType):
        * html/Autofill.cpp:
        (WebCore::AutofillData::createFromHTMLFormControlElement):
        * html/DOMTokenList.h:
        (WebCore::DOMTokenList::item):
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::name):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::formControlType):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::toggleOpen):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::isCaseSensitiveAttribute):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::eventNameForEventHandlerAttribute):
        (WebCore::toValidDirValue):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::name):
        (WebCore::HTMLInputElement::updateType):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::doesHaveAttribute):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::name):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setMultiple):
        * html/HTMLTableCellElement.cpp:
        (WebCore::HTMLTableCellElement::scope):
        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
        * html/LabelableElement.cpp:
        (WebCore::LabelableElement::labels):
        * html/LabelsNodeList.cpp:
        (WebCore::LabelsNodeList::~LabelsNodeList):
        * html/MediaController.cpp:
        (MediaController::playbackState):
        (eventNameForReadyState):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        * html/parser/AtomicHTMLToken.h:
        (WebCore::AtomicHTMLToken::initializeAttributes):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createElement):
        (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
        * html/parser/HTMLParserIdioms.cpp:
        (WebCore::stripLeadingAndTrailingHTMLSpaces):
        (WebCore::parseHTMLHashNameReference):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createForeignAttributesMap):
        * html/track/InbandTextTrack.cpp:
        (WebCore::InbandTextTrack::InbandTextTrack):
        * html/track/LoadableTextTrack.cpp:
        (WebCore::LoadableTextTrack::id):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::captionMenuOffItem):
        (WebCore::TextTrack::captionMenuAutomaticItem):
        * html/track/TrackBase.cpp:
        (WebCore::MediaTrackBase::setKindInternal):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        * html/track/WebVTTElement.cpp:
        (WebCore::nodeTypeToTagName):
        * html/track/WebVTTElement.h:
        * html/track/WebVTTToken.h:
        (WebCore::WebVTTToken::StartTag):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        * loader/FrameLoader.h:
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::clearFailedLoadURL):
        * loader/NavigationAction.h:
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::showModalDialog):
        * page/EventHandler.cpp:
        (WebCore::eventNameForTouchPointState):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::setName):
        (WebCore::FrameTree::clearName):
        * page/Page.cpp:
        (WebCore::Page::groupName):
        * platform/graphics/ComplexTextController.cpp:
        (WebCore::ComplexTextController::offsetForPosition):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::alternateFamilyName):
        * platform/graphics/FontDescription.h:
        (WebCore::FontCascadeDescription::initialLocale):
        * platform/graphics/FontGenericFamilies.cpp:
        (WebCore::genericFontFamilyForScript):
        * platform/graphics/InbandTextTrackPrivate.h:
        (WebCore::InbandTextTrackPrivate::inBandMetadataTrackDispatchType):
        * platform/graphics/TrackPrivateBase.h:
        (WebCore::TrackPrivateBase::id):
        (WebCore::TrackPrivateBase::label):
        (WebCore::TrackPrivateBase::language):
        * platform/graphics/avfoundation/AVTrackPrivateAVFObjCImpl.mm:
        (WebCore::AVTrackPrivateAVFObjCImpl::id):
        (WebCore::AVTrackPrivateAVFObjCImpl::label):
        (WebCore::AVTrackPrivateAVFObjCImpl::language):
        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.h:
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateAVCF.cpp:
        (WebCore::InbandTextTrackPrivateAVCF::label):
        (WebCore::InbandTextTrackPrivateAVCF::language):
        * platform/graphics/avfoundation/cf/InbandTextTrackPrivateLegacyAVCF.cpp:
        (WebCore::InbandTextTrackPrivateLegacyAVCF::label):
        (WebCore::InbandTextTrackPrivateLegacyAVCF::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateAVFObjC::label):
        (WebCore::InbandTextTrackPrivateAVFObjC::language):
        * platform/graphics/avfoundation/objc/InbandTextTrackPrivateLegacyAVFObjC.mm:
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::label):
        (WebCore::InbandTextTrackPrivateLegacyAVFObjC::language):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::metadataType):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        (WebCore::InbandMetadataTextTrackPrivateGStreamer::create):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/mediastream/AudioTrackPrivateMediaStream.h:
        * platform/mediastream/RealtimeMediaSourceSettings.cpp:
        (WebCore::RealtimeMediaSourceSettings::facingMode):
        * platform/mediastream/VideoTrackPrivateMediaStream.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::linkSuggestedFilename):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::markerText):
        * rendering/RenderText.cpp:
        (WebCore::RenderText::previousOffset):
        (WebCore::RenderText::nextOffset):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::textEmphasisMarkString):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::initialHyphenationString):
        (WebCore::RenderStyle::initialTextEmphasisCustomMark):
        (WebCore::RenderStyle::initialContentAltText):
        (WebCore::RenderStyle::initialLineGrid):
        (WebCore::RenderStyle::initialFlowThread):
        (WebCore::RenderStyle::initialRegionThread):
        * style/StyleScope.cpp:
        (WebCore::Style::Scope::collectActiveStyleSheets):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::getPresentationAttribute):
        * svg/SVGElement.h:
        (WebCore::SVGAttributeHashTranslator::hash):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::transferSizeAttributesToTargetClone):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::constructAttributeName):
        * testing/MockCDMFactory.cpp:
        (WebCore::MockCDMInstance::requestLicense):
        * xml/XMLErrors.cpp:
        (WebCore::createXHTMLParserErrorHeader):
        * xml/XPathStep.cpp:
        (WebCore::XPath::nodeMatchesBasicTest):
        (WebCore::XPath::Step::nodesInAxis):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::XMLDocumentParser):
        (WebCore::handleNamespaceAttributes):
        (WebCore::handleElementAttributes):

2017-07-05  Chris Dumez  <cdumez@apple.com>

        [iOS] User agent string incorrectly says "iPhone" instead of "iPad" on newer iPads
        https://bugs.webkit.org/show_bug.cgi?id=174182
        <rdar://problem/32868369>

        Reviewed by Tim Horton.

        In deviceNameForUserAgent() on iOS, we were forcefully returning "iPhone" if
        [UIApplication _isClassic] returns true. Update check to return "iPad" if
        [UIApplication _isClassic] returns true but [UIApplication _classMode] returns
        UIApplicationSceneClassicModeOriginalPad.

        * page/ios/UserAgentIOS.mm:
        (WebCore::isClassicPad):
        (WebCore::isClassicPhone):
        (WebCore::osNameForUserAgent):
        (WebCore::deviceNameForUserAgent):
        * platform/spi/ios/UIKitSPI.h:

2017-07-05  Yusuke Suzuki  <utatane.tea@gmail.com>

        WTF::Thread should have the threads stack bounds.
        https://bugs.webkit.org/show_bug.cgi?id=173975

        Reviewed by Keith Miller.

        When creating WebThread, we first allocate WebCore::ThreadGlobalData in UI thread
        and share it with WebThread.
        The problem is that WebCore::ThreadGlobalData has CachedResourceRequestInitiators.
        It allocates AtomicString, which requires WTFThreadData.

        Before this patch, it was OK because WTFThreadData does not touch threading related
        things except for ThreadSpecific<>. However, after this patch, it touches
        WTF::Thread::current() which requires WTF::initializeThreading().

        In this patch, we call WTF::initializeThreading() before allocating WebCore::ThreadGlobalData.
        And we also call AtomicString::init() before calling WebCore::ThreadGlobalData since
        WebCore::ThreadGlobalData allocates AtomicString.

        This fixes crashes in the iOS web threading environment (UIWebView).

        * platform/ios/wak/WebCoreThread.mm:
        (StartWebThread):

2017-07-05  Myles C. Maxfield  <mmaxfield@apple.com>

        CSSFontStyleValue::isItalic seems a bit bogus.
        https://bugs.webkit.org/show_bug.cgi?id=174149

        Reviewed by Tim Horton.

        Simple typo.

        Test: editing/execCommand/italicizeByCharacter-normal.html

        * css/CSSFontStyleValue.h:

2017-07-05  Brady Eidson  <beidson@apple.com>

        Allow navigations in subframes to get a ShouldOpenExternalURLsPolicy of "ShouldAllow".
        <rdar://problem/22485589> and https://bugs.webkit.org/show_bug.cgi?id=174178

        Reviewed by Alex Christensen.

        Test: loader/navigation-policy/should-open-external-urls/subframe-navigated-programatically-by-main-frame.html

        This patch introduces a new flag to FrameLoadRequest to track when it is known with certainty that a 
        FrameLoadRequest originates from the main frame.
        
        Later, when calculating the final ShouldOpenExternalURLsPolicy, main frames navigating iframes get to propagate
        their permissions to the iframe.
        
        * bindings/js/CommonVM.cpp:
        (WebCore::lexicalFrameFromCommonVM): Helper to grab the current frame associated with the current JS callstack.
        * bindings/js/CommonVM.h:

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):

        Add the new flag to FrameLoadRequest (and force almost everybody to explicitly include the flag):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::navigationInitiatedByMainFrame):

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::shouldOpenExternalURLsPolicyToApply): Helper that takes the new flag into account when deciding
          what the final ShouldOpenExternalURLsPolicy will be.
        (WebCore::applyShouldOpenExternalURLsPolicyToNewDocumentLoader):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadWithNavigationAction):
        (WebCore::FrameLoader::reloadWithOverrideEncoding):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        (WebCore::createWindow):
        (WebCore::FrameLoader::applyShouldOpenExternalURLsPolicyToNewDocumentLoader): Deleted.
        * loader/FrameLoader.h:

        * loader/FrameLoaderTypes.h:

        * loader/NavigationAction.h:
        (WebCore::NavigationAction::navigationInitiatedByMainFrame):
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation): Grab the "initiating frame" at the time the 
          ScheduledNavigation is created, as it dictates the policy we decide later.
        (WebCore::ScheduledNavigation::navigationInitiatedByMainFrame):
        (WebCore::NavigationScheduler::scheduleLocationChange):

        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Another build fix, for Mac.

        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceID):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Further attempts to fix the iOS public SDK build.

        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::surfaceID):
        * platform/spi/cocoa/IOSurfaceSPI.h:

2017-07-05  Don Olmstead  <don.olmstead@sony.com>

        [WinCairo] Consolidate CMake code related to CURL
        https://bugs.webkit.org/show_bug.cgi?id=170860

        Reviewed by Alex Christensen.

        No new tests. No change in functionality.

        * PlatformWinCairo.cmake:
        * platform/Curl.cmake: Added.

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove copy of ICU headers from WebKit
        https://bugs.webkit.org/show_bug.cgi?id=116407

        Reviewed by Alex Christensen.

        Use WTF's copy of ICU headers.

        No new tests because there is no behavior change.

        * Configurations/WebCore.xcconfig:
        * icu/unicode/bytestream.h: Removed.
        * icu/unicode/localpointer.h: Removed.
        * icu/unicode/parseerr.h: Removed.
        * icu/unicode/platform.h: Removed.
        * icu/unicode/ptypes.h: Removed.
        * icu/unicode/putil.h: Removed.
        * icu/unicode/rep.h: Removed.
        * icu/unicode/std_string.h: Removed.
        * icu/unicode/strenum.h: Removed.
        * icu/unicode/stringpiece.h: Removed.
        * icu/unicode/ubrk.h: Removed.
        * icu/unicode/uchar.h: Removed.
        * icu/unicode/ucnv.h: Removed.
        * icu/unicode/ucnv_err.h: Removed.
        * icu/unicode/ucol.h: Removed.
        * icu/unicode/uconfig.h: Removed.
        * icu/unicode/ucurr.h: Removed.
        * icu/unicode/uenum.h: Removed.
        * icu/unicode/uiter.h: Removed.
        * icu/unicode/uloc.h: Removed.
        * icu/unicode/umachine.h: Removed.
        * icu/unicode/unistr.h: Removed.
        * icu/unicode/unorm.h: Removed.
        * icu/unicode/unorm2.h: Removed.
        * icu/unicode/uobject.h: Removed.
        * icu/unicode/urename.h: Removed.
        * icu/unicode/uscript.h: Removed.
        * icu/unicode/uset.h: Removed.
        * icu/unicode/ustring.h: Removed.
        * icu/unicode/utext.h: Removed.
        * icu/unicode/utf.h: Removed.
        * icu/unicode/utf16.h: Removed.
        * icu/unicode/utf8.h: Removed.
        * icu/unicode/utf_old.h: Removed.
        * icu/unicode/utypes.h: Removed.
        * icu/unicode/uvernum.h: Removed.
        * icu/unicode/uversion.h: Removed.
        * platform/graphics/FontCache.h:
        (WebCore::FontDescriptionKey::makeFlagsKey):

2017-07-05  Wenson Hsieh  <wenson_hsieh@apple.com>

        When dragging a selection, clearing the selection in dragstart should not crash the web process
        https://bugs.webkit.org/show_bug.cgi?id=174142
        <rdar://problem/33067501>

        Reviewed by Tim Horton.

        Currenly, if the page clears the current selection after dragging starts on selected content, the web process
        will crash while attempting to write pasteboard data for a nonexistent selection. This patch adds a trivial
        check for this case, bailing if no DHTML dragging data was specified by the page during a selection drag and the
        selection has been cleared.

        Also removes some unused code for estimating the bounds of the current selection. On iOS, dragging was actually
        crashing earlier, in this codepath. However, this information isn't even used anymore, since the drag anchor
        point is no longer necessary on iOS.

        Test: DataInteractionTests.DoNotCrashWhenSelectionIsClearedInDragStart

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Try to fix iOS 10.3 public SDK builds.

        * platform/spi/cocoa/IOSurfaceSPI.h:

2017-07-05  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r217522): "Show My Relationship" link in familysearch.org does not work.
        https://bugs.webkit.org/show_bug.cgi?id=174070
        <rdar://problem/32940653>

        Reviewed by Simon Fraser.

        Decouple in- and out-of-flow computed position values. Now we match blink's implementation on
        in-flow values.
        This also fixes the flickering content while scrolling on hbr.org.  

        Covered by existing test cases.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::positionOffsetValue):

2017-07-05  Devin Rousso  <drousso@apple.com>

        Web Inspector: Allow users to log any tracked canvas context
        https://bugs.webkit.org/show_bug.cgi?id=173397
        <rdar://problem/33111581>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/resolveCanvasContext-2d.html
               inspector/canvas/resolveCanvasContext-webgl.html
               inspector/canvas/resolveCanvasContext-webgl2.html
               inspector/canvas/resolveCanvasContext-webgpu.html

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::contextAsScriptValue):
        (WebCore::InspectorCanvasAgent::resolveCanvasContext):

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        Style sharing check for fullscreen element seems bogus.
        https://bugs.webkit.org/show_bug.cgi?id=160196

        Reviewed by Antti Koivisto.

        No new tests (no easy way to test this reliably).

        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::canShareStyleWithElement):

2017-07-05  Simon Fraser  <simon.fraser@apple.com>

        Add a logging channel for IOSurface allocations
        https://bugs.webkit.org/show_bug.cgi?id=174167

        Reviewed by Tim Horton.

        Add an "IOSurface" log channel, make IOSurface TextStream-loggable, and log cached
        and new IOSurface allocations. Do some namespace-related cleanup.

        * platform/Logging.h:
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::WebCore::IOSurface::create):
        (WebCore::WebCore::IOSurface::surfaceID):
        (WebCore::operator<<):

2017-07-05  Antti Koivisto  <antti@apple.com>

        Low memory notification shouldn't cause style recalc
        https://bugs.webkit.org/show_bug.cgi?id=173574
        <rdar://problem/32616997>

        Reviewed by Andreas Kling.

        Patch mostly by Myles.

        When we receive a low memory warning, we clear the style resolver. Previously, we were using
        this as an opportunity to also purge the CSSFontSelector. However, purging the font selector
        is wasteful, since the exact same set of CSSFontFace objects will be recreated as soon as the
        CSSFontSelector is recreated. It's also harmful because this purge operation causes fonts to
        be removed from the document's working set, and therefore triggers a relayout. Instead, this
        call should be softened to only delete any transitory caches the CSSFontSelector owns.

        We can simply delay the rebuild of the CSSFontSelector to
        StyleResolver::appendAuthorStyleSheets(), when it's really needed. This way, we can sidestep
        this whole problem.

        There's also an added benefit: Now, buildStarted() doesn't have to be idempotent, so we can
        enforce a stricter calling sequence with ASSERT()s.

        * css/CSSFontFaceSet.cpp:
        (WebCore::CSSFontFaceSet::emptyCaches):
        * css/CSSFontFaceSet.h:
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::emptyCaches):

            Add a separate function to clear font selector caches.

        (WebCore::CSSFontSelector::buildStarted):
        (WebCore::CSSFontSelector::buildCompleted):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::CSSFontSelector::fontModified):

            No need to invalidate while building.

        (WebCore::CSSFontSelector::fontRangesForFamily):
        * css/CSSFontSelector.h:
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::StyleResolver):
        (WebCore::StyleResolver::addCurrentSVGFontFaceRules):

            Factor into a function from the constructor.

        (WebCore::StyleResolver::appendAuthorStyleSheets):

            Font selector build is now started and finished by StyleScope.

        * css/StyleResolver.h:
        * dom/Document.cpp:
        (WebCore::Document::resolveStyle):

            Call FrameView::styleDidChange() to update any custom scrollbars.
            This bug was hidden by spurious style recalcs, tested by fast/css/scrollbar-dynamic-style-change.html

        (WebCore::Document::userAgentShadowTreeStyleResolver):
        (WebCore::Document::didClearStyleResolver):

            Don't start the font selector rebuild after clearing the resolver. It would cause style recalc trashing.
            Instead the build starts when the new resolver is constructed.

        * page/MemoryRelease.cpp:
        (WebCore::releaseCriticalMemory):

            Release font selector caches.

        * style/StyleScope.cpp:
        (WebCore::Style::Scope::resolver):

2017-07-05  Brent Fulgham  <bfulgham@apple.com>

        [WK2] Prevent ResourceLoadStatistics from triggering a cascade of read/write events
        https://bugs.webkit.org/show_bug.cgi?id=174062\
        <rdar://problem/33086744>

        Reviewed by Chris Dumez.

        Treat DISPATCH_VNODE_DELETE, DISPATCH_VNODE_RENAME, and DISPATCH_VNODE_REVOKE as equivalent
        "file is unavailable" events, and act as though the file was deleted. Don't listen for
        DISPATCH_VNODE_EXTEND, since we always get a DISPATCH_VNODE_WRITE as well, and we only
        want to read once.

        Finally, add some logging to support future investigations.

        * platform/FileMonitor.h:
        (WebCore::FileMonitor::platformMonitor): Expose dispatch_source_t for logging purposes.
        * platform/cocoa/FileMonitorCocoa.mm:
        (WebCore::FileMonitor::startMonitoring): Add logging.
        (WebCore::FileMonitor::stopMonitoring): Ditto.

2017-07-05  Jonathan Bedard  <jbedard@apple.com>

        Add WebKitPrivateFrameworkStubs for iOS 11
        https://bugs.webkit.org/show_bug.cgi?id=173988

        Reviewed by David Kilzer.

        * Configurations/WebCore.xcconfig: iphoneos and iphonesimulator should use the
        same directory for private framework stubs.

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        Don't resolve an extra computed style for getComputedStyle in a display: none subtree.
        https://bugs.webkit.org/show_bug.cgi?id=174145

        Before this, we were also resolving the first ancestor's style as
        inheriting from itself, which felt pretty wrong (though I think it's
        not observable).

        Reviewed by Antti Koivisto.

        No new tests (non-observable behavior).

        * dom/Element.cpp:
        (WebCore::Element::resolveComputedStyle):

2017-07-05  Frederic Wang  <fwang@igalia.com>

        Move ScrolledContentsLayer property to ScrollingStateScrollingNode
        https://bugs.webkit.org/show_bug.cgi?id=174134

        Reviewed by Simon Fraser.

        ScrollingStateFrameScrollingNode and ScrollingStateOverflowScrollingNode both use a
        ScrolledContentsLayer property for the same purpose. This commit moves that property into
        their parent class ScrollingStateScrollingNode, so that more code is shared between the two
        classes. This will also help the refactoring in bug 174130.

        No new tests, only dumped tree may change a bit.

        * page/scrolling/ScrollingStateFrameScrollingNode.cpp: Remove scrolled contents layer.
        (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
        (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
        (WebCore::ScrollingStateFrameScrollingNode::setScrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateFrameScrollingNode.h: Ditto.
        * page/scrolling/ScrollingStateOverflowScrollingNode.cpp: Ditto.
        (WebCore::ScrollingStateOverflowScrollingNode::ScrollingStateOverflowScrollingNode):
        (WebCore::ScrollingStateOverflowScrollingNode::dumpProperties):
        (WebCore::ScrollingStateOverflowScrollingNode::setScrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateOverflowScrollingNode.h: Ditto.
        (): Deleted.
        (WebCore::ScrollingStateOverflowScrollingNode::scrolledContentsLayer): Deleted.
        * page/scrolling/ScrollingStateScrollingNode.cpp: Add scrolled contents layer.
        (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode):
        (WebCore::ScrollingStateScrollingNode::setScrolledContentsLayer):
        (WebCore::ScrollingStateScrollingNode::dumpProperties): Use the label from the overflow class
        which is different from the frame class. The dumping order may change a bit too.
        * page/scrolling/ScrollingStateScrollingNode.h: Add ScrolledContentsLayer to the enum and
        scrolled contents layer.
        (WebCore::ScrollingStateScrollingNode::scrolledContentsLayer):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateBeforeChildren): Adjust enum value
        to use ScrollingStateScrollingNode::ScrolledContentsLayer.

2017-07-05  Emilio Cobos Álvarez  <ecobos@igalia.com>

        ProcessingInstruction::clearExistingCachedSheet doesn't really exist.
        https://bugs.webkit.org/show_bug.cgi?id=174146

        Reviewed by Chris Dumez.

        No new tests (no functionality change).

        * dom/ProcessingInstruction.h: Remove dead declaration.

2017-07-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219128.

        Spoke with engineer who originally submitted, Patch for APi
        test to follow.

        Reverted changeset:

        "Unreviewed, rolling out r219070."
        https://bugs.webkit.org/show_bug.cgi?id=174082
        http://trac.webkit.org/changeset/219128

2017-07-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219070.

        This revision caused consistent failures of the API test
        UIPasteboardTests.DoNotPastePlainTextAsURL on iOS.

        Reverted changeset:

        "Pasting single words copied to UIPasteboard inserts URLs in
        editable areas"
        https://bugs.webkit.org/show_bug.cgi?id=174082
        http://trac.webkit.org/changeset/219070

2017-07-05  Youenn Fablet  <youenn@apple.com>

        Receiving tracks should be ended when peer connection is being closed
        https://bugs.webkit.org/show_bug.cgi?id=174109

        Reviewed by Eric Carlson.

        Test: webrtc/peer-connection-track-end.html

        As per https://www.w3.org/TR/webrtc/#dom-rtcpeerconnection-close, tracks should be ended when peer connection is closed.
        Also updating transceiver stopped state.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::doClose):
        * Modules/mediastream/RTCRtpReceiver.cpp:
        (WebCore::RTCRtpReceiver::stop):
        * Modules/mediastream/RTCRtpReceiver.h:

2017-07-04  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Unreviewed, review follow-up after r218961

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings):

2017-07-04  Antti Koivisto  <antti@apple.com>

        RenderThemeCocoa::mediaControlsFormattedStringForDuration is leaking NSDateComponentsFormatters
        https://bugs.webkit.org/show_bug.cgi?id=174138

        Reviewed by Ryosuke Niwa.

        Saw a random spin here during media playback. Looks like we are leaking.

        * rendering/RenderThemeCocoa.h:
        * rendering/RenderThemeCocoa.mm:
        (WebCore::RenderThemeCocoa::mediaControlsFormattedStringForDuration):

            Reuse NSDateComponentsFormatter.

2017-07-04  Antti Koivisto  <antti@apple.com>

        FrameView should not set RenderView::logicalWidth directly for printing
        https://bugs.webkit.org/show_bug.cgi?id=174135

        Reviewed by Zalan Bujtas.

        Renderer logicalWidth should be set by layout. Direct override by RenderView when printing means
        that we don't layout children in all cases when the width changes. This is currently mostly hidden
        by spurious layouts but causes problems when trying to fix other things that reduces those.

        * page/FrameView.cpp:
        (WebCore::FrameView::forceLayoutForPagination):

            Instead of calling setLogicalWidth directly call the new setPageLogicalSize that sets both the width
            and the height uniformly.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::updateLogicalWidth):

            Use pageLogicalSize->width() in printing state instead of skipping the logical width update entirely.
            This ensures that the layout will progress to children when the page logical width changes.

        (WebCore::RenderView::initializeLayoutState):
        (WebCore::RenderView::layout):
        (WebCore::RenderView::pageOrViewLogicalHeight):
        (WebCore::RenderView::setPageLogicalSize):
        * rendering/RenderView.h:

            Replace the existing m_pageLogicalHeight with std::optional m_pageLogicalSize.

2017-07-04  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [EME] Solve a couple of compiler warnings
        https://bugs.webkit.org/show_bug.cgi?id=174020

        Reviewed by Michael Catanzaro.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::isPersistentType): Added default return and
        assertion.
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::updateKeyStatuses): This warning was
        already solved but I think adding an assertion for the default
        case can help catch errors in the future.

2017-07-04  Joseph Pecoraro  <pecoraro@apple.com>

        Cleanup some StringBuilder use
        https://bugs.webkit.org/show_bug.cgi?id=174118

        Reviewed by Andreas Kling.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::filterICECandidate):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        * contentextensions/ContentExtension.cpp:
        (WebCore::ContentExtensions::ContentExtension::compileGlobalDisplayNoneStyleSheet):
        * css/CSSFontStyleRangeValue.cpp:
        (WebCore::CSSFontStyleRangeValue::customCSSText):
        * css/CSSFontStyleValue.cpp:
        (WebCore::CSSFontStyleValue::customCSSText):
        * css/CSSGridAutoRepeatValue.cpp:
        (WebCore::CSSGridAutoRepeatValue::customCSSText):
        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceDescriptor):
        * dom/Attr.cpp:
        * html/canvas/WebGPURenderingContext.cpp:
        * html/parser/HTMLParserIdioms.cpp:
        * platform/network/ParsedContentType.cpp:
        * platform/network/cocoa/CookieCocoa.mm:
        * platform/text/mac/LocaleMac.mm:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::getAllResponseHeaders):

2017-07-03  Andreas Kling  <akling@apple.com>

        Null RenderLayer* deref in FrameView::adjustTiledBackingCoverage()
        https://bugs.webkit.org/show_bug.cgi?id=174106
        <rdar://problem/33085838>

        Reviewed by Tim Horton.

        I haven't been able to reproduce this crash locally, but I have seen
        video of someone who can, so here's a null check for the RenderView::layer()
        which could be null if we're called between RenderView construction
        and the first callback to RenderLayerModelObject::styleDidChange().

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustTiledBackingCoverage):

2017-07-03  Matt Rajca  <mrajca@apple.com>

        Add/remove appropriate media element behavior restrictions when updateWebsitePolicies is called
        https://bugs.webkit.org/show_bug.cgi?id=174103

        Reviewed by Alex Christensen.

        Test: Added API test.

        Added support for updating rate change behavior restrictions on media elements that have already
        been created.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::updateRateChangeRestrictions):
        * html/HTMLMediaElement.h:
        * page/Page.cpp:
        (WebCore::Page::updateMediaElementRateChangeRestrictions):
        * page/Page.h:

2017-07-03  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219103.

        Caused multiple build failures.

        Reverted changeset:

        "Remove copy of ICU headers from WebKit"
        https://bugs.webkit.org/show_bug.cgi?id=116407
        http://trac.webkit.org/changeset/219103

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove copy of ICU headers from WebKit
        https://bugs.webkit.org/show_bug.cgi?id=116407

        Reviewed by Alex Christensen.

        Use WTF's copy of ICU headers.

        No new tests because there is no behavior change.

        * Configurations/WebCore.xcconfig:
        * icu/unicode/bytestream.h: Removed.
        * icu/unicode/localpointer.h: Removed.
        * icu/unicode/parseerr.h: Removed.
        * icu/unicode/platform.h: Removed.
        * icu/unicode/ptypes.h: Removed.
        * icu/unicode/putil.h: Removed.
        * icu/unicode/rep.h: Removed.
        * icu/unicode/std_string.h: Removed.
        * icu/unicode/strenum.h: Removed.
        * icu/unicode/stringpiece.h: Removed.
        * icu/unicode/ubrk.h: Removed.
        * icu/unicode/uchar.h: Removed.
        * icu/unicode/ucnv.h: Removed.
        * icu/unicode/ucnv_err.h: Removed.
        * icu/unicode/ucol.h: Removed.
        * icu/unicode/uconfig.h: Removed.
        * icu/unicode/ucurr.h: Removed.
        * icu/unicode/uenum.h: Removed.
        * icu/unicode/uiter.h: Removed.
        * icu/unicode/uloc.h: Removed.
        * icu/unicode/umachine.h: Removed.
        * icu/unicode/unistr.h: Removed.
        * icu/unicode/unorm.h: Removed.
        * icu/unicode/unorm2.h: Removed.
        * icu/unicode/uobject.h: Removed.
        * icu/unicode/urename.h: Removed.
        * icu/unicode/uscript.h: Removed.
        * icu/unicode/uset.h: Removed.
        * icu/unicode/ustring.h: Removed.
        * icu/unicode/utext.h: Removed.
        * icu/unicode/utf.h: Removed.
        * icu/unicode/utf16.h: Removed.
        * icu/unicode/utf8.h: Removed.
        * icu/unicode/utf_old.h: Removed.
        * icu/unicode/utypes.h: Removed.
        * icu/unicode/uvernum.h: Removed.
        * icu/unicode/uversion.h: Removed.

2017-07-03  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(Variation Fonts): Specifying Skia by PostScript name does not yield the expected result
        https://bugs.webkit.org/show_bug.cgi?id=174079
        <rdar://problem/33040854>

        Reviewed by Alex Christensen.

        Because Skia is a variation font, its PostScript name contains values to apply to its variation
        axes. However, WebKit's variation code was overwriting these intrinsive values with ones specified
        by CSS. Therefore, the intrinsic ones were being ignored. The solution is just to pass a flag from
        the lookup code to the variations code describing if the font was created via a PostScript name,
        and to not apply the CSS properties to it if it was.

        Test: fast/text/variations/skia-postscript-name.html

        * platform/graphics/FontCache.h:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::preparePlatformFont):
        (WebCore::platformFontLookupWithFamily):
        (WebCore::fontWithFamily):

2017-07-03  Brady Eidson  <beidson@apple.com>

        Switch all WebKit API related to favicons from WebIconDatabase over to new WebCore::IconLoader mechanism.
        https://bugs.webkit.org/show_bug.cgi?id=174073

        Reviewed by Andy Estes.

        Covered by existing API test.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading):
        * loader/EmptyClients.cpp:
        * loader/FrameLoaderClient.h:

2017-07-03  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove more unnecessary uses of the preprocessor in idl files
        https://bugs.webkit.org/show_bug.cgi?id=174083

        Reviewed by Alex Christensen.

        Purge as much preprocessor use as possible.

        * Configurations/FeatureDefines.xcconfig:
        Add ENABLE_NAVIGATOR_STANDALONE.

        * animation/Animatable.idl:
        Remove unnecessary check for LANGUAGE_OBJECTIVE_C. We no longer generate those bindings.

        * html/MediaError.idl:
        Use [Conditional] rather than the preprocessor.

        * page/Navigator.idl:
        Use [Conditional] rather than the preprocessor with the new ENABLE_NAVIGATOR_STANDALONE.

        * testing/Internals.cpp:
        * testing/Internals.h:
        Expose setQuickLookPassword on all platforms, as it doesn't hurt since it is only for testing,
        but make the implementation do nothing.

        * testing/Internals.idl:
        Use [Conditional] rather than the preprocessor.

2017-07-03  Daewoong Jang  <daewoong.jang@navercorp.com>

        [Curl] Fix compilation errors
        https://bugs.webkit.org/show_bug.cgi?id=174085

        Reviewed by Alex Christensen.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::initCookieSession):
        * platform/network/curl/CurlContext.h:

2017-07-03  Youenn Fablet  <youenn@apple.com>

        WebAudioSourceProviderAVFObjC should not reconfigure for each data call
        https://bugs.webkit.org/show_bug.cgi?id=174101

        Reviewed by Eric Carlson.

        Covered by manual testing, in particular
        https://webrtc.github.io/samples/src/content/peerconnection/webaudio-output/
        and https://webrtc.github.io/samples/src/content/getusermedia/volume/.
        Also improved LayoutTests web audio peer connection tests to make them more robust.

        Before the patch, reconfiguration of the web audio provider was happening for every audioSamplesAvailable call.
        It is now happening only when the format of the audio samples is changing.
        Changed some member fields from uinque_ptr to optional as a minor improvement.

        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
        (WebCore::WebAudioSourceProviderAVFObjC::provideInput):
        (WebCore::WebAudioSourceProviderAVFObjC::prepare):
        (WebCore::WebAudioSourceProviderAVFObjC::unprepare):
        (WebCore::WebAudioSourceProviderAVFObjC::audioSamplesAvailable):

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        Stop using dispatch_async in ResourceHandleCFURLConnectionDelegateWithOperationQueue
        https://bugs.webkit.org/show_bug.cgi?id=174059

        Reviewed by Andy Estes.

        Use dispatch_async_f and callOnMainThread instead.
        No change in behavior.
        This will allow me to use this code on Windows.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):

2017-07-03  Andy Estes  <aestes@apple.com>

        [Xcode] Add an experimental setting to build with ccache
        https://bugs.webkit.org/show_bug.cgi?id=173875

        Reviewed by Tim Horton.

        * Configurations/DebugRelease.xcconfig: Included ccache.xcconfig.

2017-07-02  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r218910): Crash inside textMarkerDataForFirstPositionInTextControl
        https://bugs.webkit.org/show_bug.cgi?id=174077
        <rdar://problem/33083972>

        Reviewed by Chris Fleizach.

        The bug was caused by textMarkerDataForFirstPositionInTextControl assuming that
        there is always a root editable element (a.k.a. editing host) in the text control.
        When the text control is readonly or disabled, this is not the case.

        Fixed the bug by adding an early exit when there is no editing host.

        Test: accessibility/mac/input-type-change-crash.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):

2017-07-03  Devin Rousso  <drousso@apple.com>

        Web Inspector: Support listing WebGL2 and WebGPU contexts
        https://bugs.webkit.org/show_bug.cgi?id=173396

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/create-context-2d.html
               inspector/canvas/create-context-webgl.html
               inspector/canvas/create-context-webgl2.html
               inspector/canvas/create-context-webgpu.html

        Split "inspector/canvas/create-canvas-contexts.html" into a test for each context type.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContextWebGPU):
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):

2017-07-03  Alex Christensen  <achristensen@webkit.org>

        REGRESSION(r215096) Queries of URLs with non-special schemes should not percent-encode single quotes
        https://bugs.webkit.org/show_bug.cgi?id=174051

        Reviewed by Tim Horton.

        In r215096 I added ' to the set of characters to be percent-encoded in queries,
        but for interoperability and compatibility we need to do this only for special schemes, like http.

        Covered by new API tests.

        * platform/URLParser.cpp:
        (WebCore::isC0Control):
        (WebCore::shouldPercentEncodeQueryByte):
        (WebCore::URLParser::utf8QueryEncode):
        (WebCore::URLParser::encodeQuery):

2017-07-03  Chris Fleizach  <cfleizach@apple.com>

        AX: role="none" (or presentation) does not work on iframes
        https://bugs.webkit.org/show_bug.cgi?id=173930
        <rdar://problem/33034347>

        Reviewed by Ryosuke Niwa.

        Support setting a presentational role on an iframe so that the AXWebArea disappears from the hierarchy.
        Accomplish this by adding children for attachment and scroll view elements the way other children are added.
        That is, only add the non-ignored children directly (which means move the addChild logic into AccessibilityObject.)

        Test: accessibility/presentation-role-iframe.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::AccessibilityNodeObject):
        (WebCore::AccessibilityNodeObject::insertChild): Deleted.
        (WebCore::AccessibilityNodeObject::addChild): Deleted.
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::AccessibilityObject):
        (WebCore::AccessibilityObject::insertChild):
        (WebCore::AccessibilityObject::addChild):
        (WebCore::nodeHasPresentationRole):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::addChild): Deleted.
        (WebCore::AccessibilityObject::insertChild): Deleted.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::webAreaIsPresentational):
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        (WebCore::AccessibilityRenderObject::addAttachmentChildren):
        * accessibility/AccessibilityScrollView.cpp:
        (WebCore::AccessibilityScrollView::addChildren):

2017-07-03  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r219024.

        This patch cause 3 didferent test to fail.

        Reverted changeset:

        "REGRESSION(r215096) Queries of URLs with non-special schemes
        should not percent-encode single quotes"
        https://bugs.webkit.org/show_bug.cgi?id=174051
        http://trac.webkit.org/changeset/219024

2017-07-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        Pasting single words copied to UIPasteboard inserts URLs in editable areas
        https://bugs.webkit.org/show_bug.cgi?id=174082
        <rdar://problem/33046992>

        Reviewed by Tim Horton.

        Currently, our heuristics for coercing plain text to URLs when reading URLs off of the UIPasteboard allows URLs
        to be created as long as -[UIPasteboard valuesForPasteboardType:inItemSet:] returns a non-null NSURL. However,
        UIPasteboard automatically coerces any NSString into an NSURL if it initializes an NSURL via +URLWithString:.
        Thus, single-word strings such as "hello" that are written to the pasteboard as "public.utf8-plain-text" can
        be read back as NSURLs for "public.url". This currently causes bugs in shipping software: e.g. copying and
        pasting a single word from an editable input or textarea and pasting into a rich contenteditable area using
        WebKit1 inserts a link. However, when combined with another change in WebKit that attempts to read "public.url"
        before "public.text" when reading plain text from the pasteboard, this now also affects pasting in plain text
        areas, where pasted plain-text strings that are not URLs will paste as URL-encoded strings anyways (for
        instance, replacing "[hello]" with "%5Bhello%5D").

        To fix this, and existing issues with pasting single words in contenteditables, we make
        PlatformPasteboard::readString and PlatformPasteboard::readURL only accept a coerced NSURL as an URL if it also
        parses as a valid URL in WebKit (otherwise, we return an empty string).

        Tests:
            UIPasteboardTests.DoNotPastePlainTextAsURL
            UIPasteboardTests.PastePlainTextAsURL
            UIPasteboardTests.PasteURLWithPlainTextAsURL

        * platform/PlatformPasteboard.h:
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::allowReadingURLAtIndex):

        Allow an URL to be read if either (1) an URL was explicitly specified in the UIPasteboard, or (2) the "proposed"
        URL returned from -valuesForPasteboardType: is valid.

        (WebCore::PlatformPasteboard::readString):
        (WebCore::PlatformPasteboard::readURL):

        Consult allowReadingURLAtIndex here (in the case of ::readString, only if the given pasteboard type is
        "public.url").

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard itemProviders]):
        (-[WebItemProviderPasteboard setItemProviders:]):

2017-07-03  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC SPKI exports
        https://bugs.webkit.org/show_bug.cgi?id=173646

        Reviewed by Jiewen Tan.

        No new tests -- affected tests are now passing and are unskipped.

        Implement libgcrypt-based support for SPKI exports of EC keys.

        Initially, the ECParameters structure is created so that it will be later embedded
        into the SubjectPublicKeyInfo structure. First the root element of this structure
        is written into, specifying namedCurve as the chosen member (even if other choices
        are not really available). We then write out the object identifier into this
        namedCurve member that properly represents this key's curve type.

        The SubjectPublicKeyInfo structure is created next. We write out id-ecPublicKey
        identifier as the chosen algorithm identifier. Web Crypto specification demands
        that the id-ecDH identifier is used in case of ECDH keys, but no existing test in
        the W3C test suite expects this, so this should be revisited later. Data of the
        previously-constructed ECParameters structure is written out into the
        AlgorithmIdentifier's parameters member.

        The `q` MPI data is then retrieved. Its size is validated, as well as the first
        byte of data in order to ensure the MPI represents an uncompressed EC point.
        The data is then written into the subjectPublicKey member.

        Finally the encoded SubjectPublicKeyInfo structure data is extracted and returned
        from the platformExportSpki() function, completion the export operation.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::curveIdentifier):
        (WebCore::CryptoKeyEC::platformExportSpki):

2017-07-02  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove special casing for RegExp which is no longer required by the spec
        https://bugs.webkit.org/show_bug.cgi?id=174025

        Reviewed by Chris Dumez.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateDictionaryImplementationContent):
        (GenerateOverloadDispatcher):
        Remove special casing.

        * bindings/scripts/IDLParser.pm:
        (parseNonAnyType):
        Remove parsing of RegExp.

        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        Update test results.

2017-07-02  Youenn Fablet  <youenn@apple.com>

        RealtimeOutgoingVideoSource should pass frame timestamp
        https://bugs.webkit.org/show_bug.cgi?id=174055

        Reviewed by Eric Carlson.

        Covered by manual testing since this only affects video encoding quality.

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::sendFrame):

2017-07-01  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/33096441> r219055 broke non-iOS builds.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):

2017-07-01  Dan Bernstein  <mitz@apple.com>

        [iOS] Remove code only needed when building for iOS 9.x
        https://bugs.webkit.org/show_bug.cgi?id=174068

        Reviewed by Tim Horton.

        * Configurations/FeatureDefines.xcconfig:
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::isDataDetectorLink):
        (WebCore::DataDetection::shouldCancelDefaultAction):
        (WebCore::constructURLStringForResult):
        (WebCore::DataDetection::detectContentInRange):
        * page/cocoa/ResourceUsageThreadCocoa.mm:
        (WebCore::vmPageSize):
        * platform/cocoa/DataDetectorsCoreSoftLink.h:
        * platform/cocoa/DataDetectorsCoreSoftLink.mm:
        * platform/graphics/FontPlatformData.cpp:
        * platform/graphics/FontPlatformData.h:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (layerContentsFormat):
        (PlatformCALayerCocoa::updateContentsFormat):
        (PlatformCALayerCocoa::backingStoreBytesPerPixel):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::extendedSRGBColorSpaceRef):
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::drawPDFPage):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::variantCapsSupportsCharacterForSynthesis):
        (WebCore::Font::platformWidthForGlyph):
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::ctFont):
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::sinkIntoImage):
        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::setTimebase):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::systemFontModificationAttributes):
        (WebCore::systemFontDescriptor):
        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat):
        * platform/ios/LegacyTileGridTile.mm:
        (WebCore::LegacyTileGridTile::LegacyTileGridTile):
        * platform/ios/PlatformScreenIOS.mm:
        (WebCore::screenSupportsExtendedColor):
        * platform/ios/RemoteCommandListenerIOS.mm:
        (WebCore::RemoteCommandListenerIOS::RemoteCommandListenerIOS):
        (WebCore::RemoteCommandListenerIOS::~RemoteCommandListenerIOS):
        (WebCore::RemoteCommandListenerIOS::updateSupportedCommands):
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cg/CoreGraphicsSPI.h:
        * platform/spi/cocoa/DataDetectorsCoreSPI.h:
        * platform/spi/cocoa/QuartzCoreSPI.h:
        * platform/spi/mac/AVFoundationSPI.h:

2017-07-01  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(r218371): Reeder's default font is Times instead of San Francisco
        https://bugs.webkit.org/show_bug.cgi?id=173617
        <rdar://problem/32969819>

        Reviewed by Simon Fraser.

        On systems where USE_PLATFORM_SYSTEM_FALLBACK_LIST is set to true, the code in
        platformFontWithFamilySpecialCase() is still used when @font-face blocks specify
        src:local(system-ui), which made the assertion erroneously fire.

        Unfortunately, our architecture is such that an @font-face block represents a
        single entry in the font-family fallback list, which means it would be quite
        difficult to make local(system-ui) in an @font-face block expand at the level
        of the font cascade. So, this patch simply reverts to the previous behavior for
        local(system-ui) (which doesn't include the entire Core Text cascade list).
        This means that "font-family: system-ui" and "src: local(system-ui)" have
        different behavior, which is undesirable, but architecturally difficult to
        solve. I've added some FIXMEs to the code in the relevant places and filed
        https://bugs.webkit.org/show_bug.cgi?id=174023.

        Test: fast/text/font-face-local-system.html

        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::systemFontDescriptor):
        (WebCore::platformFontWithFamilySpecialCase):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-07-01  Ryosuke Niwa  <rniwa@webkit.org>

        Frame.h doesn't need to include FrameLoader.h, IntRect.h, and NavigationScheduler.h
        https://bugs.webkit.org/show_bug.cgi?id=174004

        Reviewed by Simon Fraser.

        Made FrameLoader and NavigationScheduler UniqueRef in Frame so that we can forward declare them,
        and forward declared IntPoint and IntRect to avoid including FrameLoader.h, IntRect.h,
        and NavigationScheduler.h in Frame.h

        * Modules/mediastream/MediaStream.cpp:
        * Modules/webaudio/AudioContext.cpp:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect): Avoid calling loader().mixedContentChecker().canRunInsecureContent(~)
        on a nullptr even though this used to work because we weren't de-referencing it.
        * bindings/js/ScriptController.cpp:
        * dom/Document.cpp:
        * dom/EventDispatcher.cpp:
        * editing/Editor.cpp:
        * editing/cocoa/EditorCocoa.mm:
        * editing/ios/EditorIOS.mm:
        * editing/mac/EditorMac.mm:
        * history/CachedPage.cpp:
        * html/HTMLObjectElement.cpp:
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::DocumentLoader::~DocumentLoader): Check !isLoading() before accessing frameLoader to avoid
        accessing m_frame->loader() inside ~FrameLoader.
        * html/parser/XSSAuditor.cpp:
        * html/parser/XSSAuditorDelegate.cpp:
        * inspector/InspectorInstrumentation.h:
        * loader/CrossOriginPreflightChecker.cpp:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setOpener): Avoid accessing this FrameLoader via m_opener->loader() when it's
        this FrameLoader inside ~FrameLoader since UniqueRef<FrameLoader> is clears itself before calling
        the destructor of FrameLoader.
        * loader/ImageLoader.cpp:
        * loader/LinkLoader.cpp:
        * loader/SubframeLoader.cpp:
        * loader/appcache/ApplicationCacheGroup.cpp:
        * loader/appcache/DOMApplicationCache.cpp:
        * mathml/MathMLElement.cpp:
        * page/DOMWindow.cpp:
        * page/Frame.cpp:
        (WebCore::Frame::Frame):
        (WebCore::Frame::init): Moved here from Frame.h
        (WebCore::Frame::setDocument):
        * page/Frame.h:
        (WebCore::Frame::loader):
        (WebCore::Frame::navigationScheduler):
        * page/History.cpp:
        * page/Location.cpp:
        * page/PerformanceLogging.cpp:
        * page/PerformanceNavigation.cpp:
        * page/UserContentProvider.cpp:
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::initWithSimpleHTMLDocument):
        * plugins/PluginInfoProvider.cpp:
        * replay/ReplayInputCreationMethods.cpp:
        * replay/UserInputBridge.cpp:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/parser/XMLDocumentParserLibxml2.cpp:

2017-07-01  Dan Bernstein  <mitz@apple.com>

        [macOS] Remove code only needed when building for OS X Yosemite
        https://bugs.webkit.org/show_bug.cgi?id=174067

        Reviewed by Tim Horton.

        * Configurations/Base.xcconfig:
        * Configurations/DebugRelease.xcconfig:
        * Configurations/FeatureDefines.xcconfig:
        * Configurations/Version.xcconfig:
        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::setEnhancedUserInterfaceAccessibility):
        * html/HTMLCanvasElement.cpp:
        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::create):
        * page/mac/WheelEventDeltaFilterMac.h:
        * page/mac/WheelEventDeltaFilterMac.mm:
        * page/scrolling/ScrollingMomentumCalculator.cpp:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.h:
        * page/scrolling/mac/ScrollingMomentumCalculatorMac.mm:
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (replacementDataFromDecisionInfo):
        (WebCore::NetworkExtensionContentFilter::initialize):
        (WebCore::NetworkExtensionContentFilter::willSendRequest):
        (WebCore::NetworkExtensionContentFilter::responseReceived):
        (WebCore::NetworkExtensionContentFilter::addData):
        (WebCore::NetworkExtensionContentFilter::finishedAddingData):
        (WebCore::NetworkExtensionContentFilter::unblockHandler):
        * platform/graphics/ComplexTextController.h:
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
        (PlatformCAAnimationCocoa::setTimingFunction):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::platformAlternateFamilyName):
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::platformInit):
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::sinkIntoImage):
        * platform/graphics/cocoa/WebGPULayer.mm:
        (-[WebGPULayer initWithGPUDevice:]):
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
        * platform/graphics/mac/WebGLLayer.mm:
        (-[WebGLLayer initWithGraphicsContext3D:]):
        * platform/mac/BlacklistUpdater.mm:
        * platform/mac/PlatformScreenMac.mm:
        (WebCore::screenSupportsExtendedColor):
        * platform/mac/ValidationBubbleMac.mm:
        (WebCore::ValidationBubble::ValidationBubble):
        * platform/mac/WebGLBlacklist.mm:
        (WebCore::WebGLBlacklist::create):
        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        * platform/network/mac/CertificateInfoMac.mm:
        (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate):
        * platform/network/mac/CookieJarMac.mm:
        (WebCore::setCookiesFromDOM):
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cg/CoreGraphicsSPI.h:
        * platform/spi/cocoa/NEFilterSourceSPI.h:
        * platform/spi/cocoa/NSURLConnectionSPI.h:
        * platform/spi/cocoa/QuartzCoreSPI.h:
        * platform/spi/mac/NSScrollingInputFilterSPI.h:
        * platform/spi/mac/NSScrollingMomentumCalculatorSPI.h:
        * platform/spi/mac/TUCallSPI.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::levelIndicatorFor):
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendKERNTable):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

2017-06-30  Said Abou-Hallawa  <sabouhallawa@apple.com>

        If an image appears more than once on a page, decoding for painting one instance repaints them all
        https://bugs.webkit.org/show_bug.cgi?id=169944

        Reviewed by Simon Fraser.

        Make the Image::draw*() and GraphicsContext::draw*() functions return an
        ImageDrawResult which indicates whether the image is drawn or has requested
        an asynchronous image decoding.

        If the image requested an asynchronous image decoding, the issuer of the
        Image::draw(), which is of type CachedImageClient, will add itself to a
        set of m_pendingImageDrawingClients, which owned by CachedImage.

        When receiving the imageFrameAvailable() notification for a lrage image 
        from the decoding thread, CachedImage will loop through the clients that
        are only in m_pendingImageDrawingClients to ask them to repaint their
        rectangles.

        Test: fast/images/async-image-multiple-clients-repaint.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::didRemoveClient):
        (WebCore::CachedImage::addPendingImageDrawingClient):
        (WebCore::CachedImage::allClientsRemoved):
        (WebCore::CachedImage::clear):
        (WebCore::CachedImage::imageFrameAvailable):
        * loader/cache/CachedImage.h:
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::draw):
        * platform/graphics/BitmapImage.h:
        * platform/graphics/CrossfadeGeneratedImage.cpp:
        (WebCore::CrossfadeGeneratedImage::draw):
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/GeneratedImage.h:
        * platform/graphics/GradientImage.cpp:
        (WebCore::GradientImage::draw):
        * platform/graphics/GradientImage.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/Image.cpp:
        (WebCore::Image::drawTiled):
        * platform/graphics/Image.h:
        * platform/graphics/ImageTypes.h:
        * platform/graphics/NamedImageGeneratedImage.cpp:
        (WebCore::NamedImageGeneratedImage::draw):
        * platform/graphics/NamedImageGeneratedImage.h:
        * platform/graphics/cg/PDFDocumentImage.cpp:
        (WebCore::PDFDocumentImage::draw):
        * platform/graphics/cg/PDFDocumentImage.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawForContainer):
        (WebCore::SVGImage::draw):
        * svg/graphics/SVGImage.h:
        * svg/graphics/SVGImageForContainer.cpp:
        (WebCore::SVGImageForContainer::draw):
        * svg/graphics/SVGImageForContainer.h:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r214194): Safari leaves a popup window open opened during before unload
        https://bugs.webkit.org/show_bug.cgi?id=174016

        Reviewed by Chris Dumez.

        Address Dan's review comments.

        * loader/NavigationDisabler.h:
        (WebCore::NavigationDisabler::NavigationDisabler):
        (WebCore::NavigationDisabler::~NavigationDisabler):

2017-06-30  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Text indicators for dragged links should always be legible if the link is legible
        https://bugs.webkit.org/show_bug.cgi?id=173860
        <rdar://problem/32974385>

        Reviewed by Tim Horton.

        Currently, TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges ensures that links backed by a
        RenderReplaced element don't render blank text indicators by additionally forcing the
        TextIndicatorOptionPaintAllContent option in order to capture the RenderReplaced content. If estimated
        background color is requested, this patch adds an additional path for "upgrading" the text indicator to paint
        all content: if the text color is not legible against the estimated background color, then it is likely that the
        background color estimate failed or the link itself was not legible in the first place; in the former case, to
        ensure that the link is still legible, we upgrade the given TextIndicatorOptions to paint all contents in the
        range.

        There is currently no way to test this, and also no simple way to introduce infrastructure to test text
        indicators.

        * page/TextIndicator.cpp:
        (WebCore::estimatedTextColorsForRange):

        Estimates all text colors that appear in a range by iterating over the text node renderers and consulting their
        render styles.

        (WebCore::adjustTextIndicatorDataOptionsForEstimatedColorsIfNecessary):

        If foreground text color is deemed not legible, force TextIndicatorOptionPaintAllContent instead of
        TextIndicatorOptionUseBoundingRectAndPaintAllContentForComplexRanges.

        (WebCore::initializeIndicator):
        * rendering/TextPaintStyle.cpp:
        (WebCore::textColorIsLegibleAgainstBackgroundColor):
        (WebCore::adjustColorForVisibilityOnBackground):

        Allow other parts of WebCore to check the legibility of text against a background color.

        * rendering/TextPaintStyle.h:

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        REGRESSION(r215096) Queries of URLs with non-special schemes should not percent-encode single quotes
        https://bugs.webkit.org/show_bug.cgi?id=174051
        <rdar://problem/33002846>

        Reviewed by Tim Horton.

        In r215096 I added ' to the set of characters to be percent-encoded in queries,
        but for interoperability and compatibility we need to do this only for special schemes, like http.

        Covered by new API tests.

        * platform/URLParser.cpp:
        (WebCore::isC0Control):
        (WebCore::shouldPercentEncodeQueryByte):
        (WebCore::URLParser::utf8QueryEncode):
        (WebCore::URLParser::encodeQuery):

2017-06-30  Daniel Bates  <dabates@apple.com>

        Attempt to fix the build following <https://trac.webkit.org/changeset/219019>
        (https://bugs.webkit.org/show_bug.cgi?id=165160)

        Export the FrameLoadRequest move constructor and move operator so that they
        can be used from WebKit.

        * loader/FrameLoadRequest.h:

2017-06-30  Don Olmstead  <don.olmstead@sony.com>

        [WebCore] Update AXObjectCache for !HAVE(ACCESSIBILITY)
        https://bugs.webkit.org/show_bug.cgi?id=174045

        Reviewed by Konstantin Tokarev.

        No new tests. No change in behavior.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::checkedStateChanged):
        (WebCore::AXObjectCache::childrenChanged):
        (WebCore::AXObjectCache::deferRecomputeIsIgnored):
        (WebCore::AXObjectCache::deferTextChangedIfNeeded):
        (WebCore::AXObjectCache::focusAriaModalNodeTimerFired):
        (WebCore::AXObjectCache::handleAriaExpandedChange):
        (WebCore::AXObjectCache::handleAriaRoleChanged):
        (WebCore::AXObjectCache::handleAttributeChanged):
        (WebCore::AXObjectCache::handleScrollbarUpdate):
        (WebCore::AXObjectCache::liveRegionChangedNotificationPostTimerFired):
        (WebCore::AXObjectCache::notificationPostTimerFired):
        (WebCore::AXObjectCache::passwordNotificationPostTimerFired):
        (WebCore::AXObjectCache::performDeferredCacheUpdate):
        (WebCore::AXObjectCache::postNotification):
        (WebCore::AXObjectCache::postPlatformNotification):
        (WebCore::AXObjectCache::postTextReplacementNotification):
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl):
        (WebCore::AXObjectCache::postTextStateChangeNotification):
        (WebCore::AXObjectCache::recomputeIsIgnored):
        (WebCore::AXObjectCache::textChanged):
        (WebCore::AXObjectCache::updateCacheAfterNodeIsAttached):
        (WebCore::AXObjectCache::focusAriaModalNode): Deleted.

2017-06-30  Daniel Bates  <dabates@apple.com>

        Attempt to fix the Apple Windows build following <https://trac.webkit.org/changeset/219013>
        (https://bugs.webkit.org/show_bug.cgi?id=165160)

        Make FrameLoadRequest move constructor and move operator out-of-line so that callers
        do not need to include header SecurityOrigin.h.

        * loader/FrameLoadRequest.cpp:
        * loader/FrameLoadRequest.h:

2017-06-30  Alex Christensen  <achristensen@webkit.org>

        Stop soft linking with CFNetwork
        https://bugs.webkit.org/show_bug.cgi?id=174029

        Reviewed by Jer Noble.

        We link directly with CFNetwork.  There's no reason to soft link, 
        and it is causing a problem with linking when doing interesting things with CFNetwork.

        * platform/spi/cf/CFNetworkSPI.h:

2017-06-30  Daniel Bates  <dabates@apple.com>

        API::FrameInfo should know the web page that contains the frame; add API property webView to WKFrameInfo
        https://bugs.webkit.org/show_bug.cgi?id=165160
        <rdar://problem/29451999>

        Reviewed by Brady Eidson.

        Pass the document that is requesting the load to the loader.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab): Pass the document when instantiating the FrameLoadRequest.
        Also use C++11 brace initialization to instantiate ResourceRequest.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate): Pass the document when instantiating the FrameLoadRequest.
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Moved from FrameLoadRequest.h.
        (WebCore::FrameLoadRequest::requester): Added.
        (WebCore::FrameLoadRequest::requesterSecurityOrigin): Added.
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Marked as WEBCORE_EXPORT and modified to take
        the document that requested the load.
        (WebCore::FrameLoadRequest::requester): Deleted; made out-of-line/moved to FrameLoadRequest.cpp.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected): Pass the document when instantiating the FrameLoadRequest. Also use C++11
        brace initialization to instantiate ResourceRequest.
        (WebCore::FrameLoader::loadURLIntoChildFrame): Pass the document when instantiating the FrameLoadRequest.
        (WebCore::FrameLoader::loadFrameRequest): Substitute FrameLoadRequest::requesterSecurityOrigin() for
        FrameLoadRequest::requester() as the former replaces the latter.
        (WebCore::FrameLoader::loadURL): Pass the document when instantiating the NavigationAction.
        (WebCore::FrameLoader::load): Ditto.
        (WebCore::FrameLoader::loadWithDocumentLoader): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        (WebCore::FrameLoader::reload): Ditto.
        (WebCore::FrameLoader::loadPostRequest): Ditto.
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Pass the document when instantiating the NavigationAction.
        (WebCore::FrameLoader::loadDifferentDocumentItem): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        (WebCore::createWindow): Pass the document when instantiating the NavigationAction.
        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::NavigationAction): Modified to take the source document.
        * loader/NavigationAction.h:
        (WebCore::NavigationAction::isEmpty): Consider a NavigationAction empty if does not have a source document
        or the associated ResourceRequest has an empty URL.
        (WebCore::NavigationAction::sourceDocument): Added.
        (WebCore::NavigationAction::NavigationAction): Deleted; made out-of-line/moved to NavigationAction.cpp to
        avoid the need to include the header Document.h.
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Store the document that scheduled the navigation.
        Also use C++11 brace initialization to instantiate in the member initialization list.
        (WebCore::ScheduledURLNavigation::initiatingDocument): Added. Retrieves the document that scheduled the navigation.
        (WebCore::NavigationScheduler::scheduleLocationChange): Pass the document when instantiating the FrameLoadRequest.
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy): Pass the document when instantiating the NavigationAction.
        Also use C++11 brace initialization syntax to instantiate the NavigationAction.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected): Pass the document when instantiating the FrameLoadRequest.
        Also use C++11 brace initialization syntax to instantiate the FrameLoadRequest.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow): Pass the document when instantiating the FrameLoadRequest.

2017-06-29  Jer Noble  <jer.noble@apple.com>

        Make Legacy EME API controlled by RuntimeEnabled setting.
        https://bugs.webkit.org/show_bug.cgi?id=173994

        Reviewed by Sam Weinig.

        Add a new RuntimeEnabledFeatures setting to control the availability of the WebKit prefixed EME APIs.

        * Configurations/FeatureDefines.xcconfig:
        * Modules/encryptedmedia/legacy/WebKitMediaKeyMessageEvent.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeyNeededEvent.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeySession.idl:
        * Modules/encryptedmedia/legacy/WebKitMediaKeys.idl:
        * dom/Element.idl:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
        (WebCore::HTMLMediaElement::webkitSetMediaKeys):
        (WebCore::HTMLMediaElement::keyAdded):
        * html/HTMLMediaElement.idl:
        * html/WebKitMediaKeyError.idl:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setLegacyEncryptedMediaAPIEnabled):
        (WebCore::RuntimeEnabledFeatures::legacyEncryptedMediaAPIEnabled):

2017-06-30  Chris Dumez  <cdumez@apple.com>

        Move ResourceLoadStatisticsStore to WebKit2/UIProcess
        https://bugs.webkit.org/show_bug.cgi?id=174033

        Reviewed by Brent Fulgham.

        Move ResourceLoadStatisticsStore to WebKit2/UIProcess since it is only
        used in the WebKit2 UIProcess.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * loader/ResourceLoadObserver.cpp:
        (WebCore::primaryDomain):
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::primaryDomain):
        * loader/ResourceLoadStatistics.h:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        Ran sort-Xcode-project-file.

        * WebCore.xcodeproj/project.pbxproj:

2017-06-30  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r214194): Safari leaves a popup window open opened during before unload
        https://bugs.webkit.org/show_bug.cgi?id=174016

        Reviewed by Chris Dumez.

        The bug was caused by WebKit allowing the opening of a new window via window.open but disallowing
        the initial navigation within the newly opened window while a beforeunload event is being dispatched.

        Because some websites which opens a window during a beforeunload event relies on the opened page
        to communicate back in order to close it. This resulted in a newly opened popup window with about:blank
        being left out on those websites.

        Fixed the bug by allowing the navigation of a new window as well as an existing another window.
        More concretely, we disallow navigations within the same frame tree as the one in which a beforeunload
        event is being dispatched, and allow navigations elsewhere (i.e. different window / page).
        During the destruction of a frame-less document, disallow all the navigations.

        Tests: fast/events/before-unload-navigate-different-window.html
               fast/events/before-unload-open-window.html
               fast/events/before-unload-sibling-frame.html

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::isNavigationAllowed):
        (WebCore::FrameLoader::shouldClose):
        * loader/NavigationDisabler.h: Added. Extracted from NavigationScheduler.h
        (WebCore::NavigationDisabler::NavigationDisabler): Increment the newly added counter on MainFrame unless
        the frame is null (during the destruction of a frameless document) in which case we increment the global
        disable count.
        (WebCore::NavigationDisabler::~NavigationDisabler): Ditto for decrementation.
        (WebCore::NavigationDisabler::isNavigationAllowed): Only allow the navigation when there is no frameless
        document in destruction, and none of the frame in the same frame tree as the one given is currently in
        the process of dispatching a beforeunload event.
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::shouldScheduleNavigation):
        * loader/NavigationScheduler.h:
        (WebCore::NavigationDisabler): Moved to NavigationDisabler.h.
        * page/MainFrame.h:
        (WebCore::MainFrame): Added s_globalNavigationDisableCount.

2017-06-30  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for conditionally read-write attributes
        https://bugs.webkit.org/show_bug.cgi?id=173993

        Reviewed by Alex Christensen.

        The MEDIA_SOURCE feature/conditional requires changing a few readonly
        attributes into read-write attributes. In the past we handled this with
        custom bindings. This patch adds a new extended attribute, ConditionallyReadWrite
        which achieves the same result.

        * WebCore.xcodeproj/project.pbxproj:
        Move a few custom binding to the "GC / Wrapping Only" group.

        * bindings/js/JSAudioTrackCustom.cpp:
        (WebCore::JSAudioTrack::setKind): Deleted.
        (WebCore::JSAudioTrack::setLanguage): Deleted.
        * bindings/js/JSTextTrackCustom.cpp:
        (WebCore::JSTextTrack::setLanguage): Deleted.
        * bindings/js/JSVideoTrackCustom.cpp:
        (WebCore::JSVideoTrack::setKind): Deleted.
        (WebCore::JSVideoTrack::setLanguage): Deleted.
        Remove no longer needed custom bindings.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        (GenerateAttributeSetterDefinition):
        (GenerateCallbackImplementationContent):
        (GenerateHashTableValueArray):
        (GenerateHashTable):
        Pipe ConditionallyReadWrite through the generator.

        * bindings/scripts/IDLAttributes.json:
        Add ConditionallyReadWrite.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/TestObj.idl:
        Add tests for ConditionallyReadWrite.

        * html/track/AudioTrack.idl:
        * html/track/TextTrack.idl:
        * html/track/VideoTrack.idl:
        Replace [Custom] with [ConditionallyReadWrite].

2017-06-30  Chris Dumez  <cdumez@apple.com>

        ResourceLoadObserver does not need a ResourceLoadStatisticsStore
        https://bugs.webkit.org/show_bug.cgi?id=174013

        Reviewed by Brent Fulgham.

        ResourceLoadObserver does not need a ResourceLoadStatisticsStore. ResourceLoadStatisticsStore is too complicated for its needs.
        ResourceLoadStatisticsStore can then be moved to WebKit2/UIProcess in a follow-up.

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect):
        * dom/UserGestureIndicator.cpp:
        (WebCore::UserGestureIndicator::UserGestureIndicator):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadResourceSynchronously):
        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::shared):
        (WebCore::ResourceLoadObserver::setNotificationCallback):
        (WebCore::ResourceLoadObserver::shouldLog):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::ensureResourceStatisticsForPrimaryDomain):
        (WebCore::ResourceLoadObserver::takeResourceStatisticsForPrimaryDomain):
        (WebCore::ResourceLoadObserver::isPrevalentResource):
        (WebCore::ResourceLoadObserver::statisticsForOrigin):
        (WebCore::ResourceLoadObserver::takeStatistics):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        * loader/ResourceLoadStatisticsStore.h:
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal):
        * testing/Internals.cpp:
        (WebCore::Internals::resourceLoadStatisticsForOrigin):

2017-06-30  Fujii Hironori  <Hironori.Fujii@sony.com>

        ASSERTION FAILED: !canAnimate() && !m_currentFrame
        https://bugs.webkit.org/show_bug.cgi?id=173089

        Reviewed by Said Abou-Hallawa.

        WebCore::BitmapImage::draw() has an assertion which ensures
        m_currentFrame is zero in case of async decoding. But, this
        assertion failed if an GIF animation image which have finished its
        animation was repainted. In that time, m_currentFrame was the last
        frame index of the image.

        Test: fast/images/animated-gif-paint-after-animation.html

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::draw): Assert m_currentFrame is zero or the animation finished.
        Call requestFrameAsyncDecodingAtIndex with m_currentFrame instead of zero.

2017-06-30  Ross Kirsling  <ross.kirsling@sony.com>

        [PAL] Move Sound into PAL
        https://bugs.webkit.org/show_bug.cgi?id=173999

        Reviewed by Alex Christensen.

        * Configurations/WebCore.xcconfig:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * PlatformWPE.cmake:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::cut):
        (WebCore::Editor::copy):
        (WebCore::Editor::performDelete):
        * editing/EditorCommand.cpp:
        (WebCore::executeSelectToMark):
        (WebCore::executeSwapWithMark):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::takeFindStringFromSelection):
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::beep):
        * platform/Sound.h: Removed.

2017-06-30  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Drag caret rect is incorrectly computed when dropping in editable content in iframes
        https://bugs.webkit.org/show_bug.cgi?id=174017
        <rdar://problem/32959782>

        Reviewed by Simon Fraser.

        We're currenly computing the drag caret rect (for the purposes of presentation at the client layers)
        incorrectly, in per-frame document coordinates instead of root view coordinates in the mainframe. This means
        drag caret geometry from embedded iframes in the document will show up in the content view with a rect in the
        coordinate space of the iframe.

        To fix this, we need to convert the drag caret rect to root view coordinates. This patch teaches
        DragCaretController to do this, and tweaks WebKit/WebKit2 to use caretRectInRootViewCoordinates.

        Test: DataInteractionTests.ExternalSourcePlainTextToIFrame

        * editing/FrameSelection.cpp:
        (WebCore::DragCaretController::caretRectInRootViewCoordinates):
        * editing/FrameSelection.h:

2017-06-30  Sam Weinig  <sam@webkit.org>

        [WebIDL] Replace use of __is_polymorphic with standard std::is_polymorphic<>::value
        https://bugs.webkit.org/show_bug.cgi?id=174012

        Reviewed by Alex Christensen.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        Replace __is_polymorphic with standard std::is_polymorphic<>::value. Remove clang
        specific guard now that we are using something other compilers support.

        * bindings/scripts/test/JS/JSInterfaceName.cpp:
        * bindings/scripts/test/JS/JSMapLike.cpp:
        * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
        * bindings/scripts/test/JS/JSTestIterable.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestStringifier.cpp:
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        Update test results.

2017-06-30  Youenn Fablet  <youenn@apple.com>

       Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
       https://bugs.webkit.org/show_bug.cgi?id=169389

       Reviewed by Alex Christensen.

       Covered by manual testing (appr.tc and https://youennf.github.io/webrtc-tests/src/content/peerconnection/trickle-ice/).
       Updated test is showing some more failing but this is due to the fact that we are no longer totally lying on the configuration of the
        underlying libwebrtc backend.

        Previously, we were creating a libwebrtc peer connection and then setting its configuration.
        libwebrtc does not like the configuration to be changed and may refuse to set the configuration.
        Instead of doing that, we are now creating the libwebrtc peer connection with the provided configuration.

        ICE candidate pool size is disabled as it is creating issues with running tests on bots.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setConfiguration):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::initializeWith):
        (WebCore::iceServersFromConfiguration):
        (WebCore::RTCPeerConnection::initializeConfiguration):
        (WebCore::RTCPeerConnection::setConfiguration):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::LibWebRTCMediaEndpoint):
        (WebCore::LibWebRTCMediaEndpoint::setConfiguration):
        (WebCore::LibWebRTCMediaEndpoint::stop):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        (WebCore::LibWebRTCPeerConnectionBackend::setConfiguration):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:
        * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
        (WebCore::createActualPeerConnection):
        (WebCore::LibWebRTCProvider::createPeerConnection):
        * platform/mediastream/libwebrtc/LibWebRTCProvider.h:


2017-06-30  Antoine Quint  <graouts@apple.com>

        Top controls bars should invert with right-to-left user interface layout direction locale
        https://bugs.webkit.org/show_bug.cgi?id=173989
        <rdar://problem/32863552>

        Reviewed by Dean Jackson.

        When the user interface layout direction is set by the locale to be right-to-left, we now:

            - invert the two top controls bars
            - invert the layout order for the fullscreen / PiP controls bar
            - orient the volume button the opposite direction when presented in a top controls bar

        Test: media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-rtl.html

        * Modules/modern-media-controls/controls/icon-service.js: Add new RTL variants for the mute and unmute icons.
        * Modules/modern-media-controls/controls/inline-media-controls.css: Invert the position of the two top controls
        bars when we switch user interface layout direction.
        (.media-controls.inline.uses-ltr-user-interface-layout-direction > .controls-bar.top-left,):
        (.media-controls.inline.uses-ltr-user-interface-layout-direction > .controls-bar.top-right,):
        (.media-controls.inline > .controls-bar.top-left): Deleted.
        (.media-controls.inline > .controls-bar.top-right): Deleted.
        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype.layout): Default to using the LTR variant for the mute button icon since
        it should only use the RTL variant in case the locale requires it *and* we display the mute button in a
        top controls bar rather than the bottom controls bar (ie. when width becomes constrained).
        (InlineMediaControls.prototype._topLeftContainerButtons): Invert the order of the fullscreen and PiP
        buttons based on the user interface layout direction.
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        (InlineMediaControls):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.set usesLTRUserInterfaceLayoutDirection): Schedule a layout when the user interface
        layout direction changes.
        * Modules/modern-media-controls/controls/mute-button.js: Add a new "usesRTLIconVariant" property, false by
        default, to indicate we want to use the RTL variant of the button's icon.
        (MuteButton):
        (MuteButton.prototype.get muted):
        (MuteButton.prototype.set muted):
        (MuteButton.prototype.set usesRTLIconVariant):
        (MuteButton.prototype.layout):
        * Modules/modern-media-controls/images/iOS/Mute-RTL.svg: Added.
        * Modules/modern-media-controls/images/iOS/VolumeHi-RTL.svg: Added.
        * Modules/modern-media-controls/images/macOS/Mute-RTL.svg: Added.
        * Modules/modern-media-controls/images/macOS/VolumeHi-RTL.svg: Added.
        * Modules/modern-media-controls/media/media-controller.js: Use an ivar to track when it's worth notifying the
        media controls that the user interface layout direction has changed. This means we won't need to schedule a
        layout in case it's set to the current value.
        (MediaController):
        (MediaController.prototype.set usesLTRUserInterfaceLayoutDirection):

2017-06-29  Zalan Bujtas  <zalan@apple.com>

        BreakingContext::handleReplaced() should use replacedBox instead of m_current.renderer().
        https://bugs.webkit.org/show_bug.cgi?id=174011

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::handleReplaced):
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::applyOverhang):
        * rendering/line/LineWidth.h:

2017-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Web content process crashes when the selection is moved far offscreen in dragstart
        https://bugs.webkit.org/show_bug.cgi?id=174010
        <rdar://problem/32597802>

        Reviewed by Tim Horton.

        The TextIndicator snapshot generated in createDragImageForSelection is not guaranteed to succeed; this patch
        adds a null check following TextIndicator::createWithSelectionInFrame and bails early if the snapshot was not
        successful.

        Test: DataInteractionTests.DoNotCrashWhenSelectionMovesOffscreenAfterDragStart

        * platform/ios/DragImageIOS.mm:
        (WebCore::createDragImageForSelection):

2017-06-29  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/mac/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-28  Simon Fraser  <simon.fraser@apple.com>

        getBoundingClientRect returns wrong value for combination of page zoom and scroll
        https://bugs.webkit.org/show_bug.cgi?id=173841
        rdar://problem/32983841

        Reviewed by Dean Jackson.

        The layout viewport returned by FrameView::layoutViewportRect() is affected by page (Command-+) zooming,
        since it's computed using scroll positions, so when we use its origin to convert into client coordinates
        (which are zoom-agnostic), we need to account for page zoom, so fix FrameView::documentToClientOffset()
        to do this.

        Callers of documentToClientOffset() were checked, revealing that event client coordinates were also
        wrong with page zoom and are fixed in the same way. It was found that SimulatedClick was using an
        entirely wrong rect to compute its location: Element::clientRect() is NOT in client coordinates,
        so change this code to use getBoundingClientRect() instead.

        Minor refactoring in MouseRelatedEvent to make getting to the FrameView cleaner.

        Some geometry types enhanced to have non-mutating scale functions.

        Tests: fast/events/simulated-click-zoomed.html
               fast/visual-viewport/client-rects-relative-to-layout-viewport-zoomed.html

        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::init):
        (WebCore::MouseRelatedEvent::initCoordinates):
        (WebCore::MouseRelatedEvent::frameView):
        (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor):
        (WebCore::MouseRelatedEvent::computePageLocation):
        (WebCore::MouseRelatedEvent::computeRelativePosition):
        (WebCore::pageZoomFactor): Deleted.
        (WebCore::frameScaleFactor): Deleted.
        * dom/MouseRelatedEvent.h:
        (WebCore::MouseRelatedEvent::absoluteLocation):
        (WebCore::MouseRelatedEvent::setAbsoluteLocation): Deleted.
        * dom/SimulatedClick.cpp:
        * page/FrameView.cpp:
        (WebCore::FrameView::layoutViewportRect): baseLayoutViewportSize() is the same as the old code.
        (WebCore::FrameView::documentToAbsoluteScaleFactor):
        (WebCore::FrameView::absoluteToDocumentScaleFactor):
        (WebCore::FrameView::absoluteToDocumentPoint):
        (WebCore::FrameView::documentToClientOffset):
        * page/FrameView.h:
        * platform/graphics/FloatPoint.h:
        (WebCore::FloatPoint::scale):
        (WebCore::FloatPoint::scaled):
        * platform/graphics/FloatSize.h:
        (WebCore::FloatSize::scaled):
        * platform/graphics/LayoutPoint.h:
        (WebCore::LayoutPoint::scaled):

2017-06-29  Megan Gardner  <megan_gardner@apple.com>

        Unreviewed, fixing Window's build after r218976

        * rendering/ScrollAlignment.cpp:
        (WebCore::operator<<):

2017-06-29  Megan Gardner  <megan_gardner@apple.com>

        Add TextStream operators for Range, VisiblePosition, VisibleSelection, and ScrollAlignment
        https://bugs.webkit.org/show_bug.cgi?id=173997

        Reviewed by Simon Fraser.

        Adding logging that can be used with TextStream-based LOG_WITH_STREAM.

        * dom/Range.cpp:
        (WebCore::operator<<):
        * dom/Range.h:
        * editing/VisiblePosition.h:
        * editing/VisibleSelection.cpp:
        (WebCore::operator<<):
        * editing/VisibleSelection.h:
        * rendering/ScrollAlignment.cpp:
        (WebCore::operator<<):
        * rendering/ScrollAlignment.h:

2017-06-29  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218903.

        This patch and its fix cause immediate flakiness on all WK2
        testers

        Reverted changeset:

        "Support PeerConnectionStates::BundlePolicy::MaxBundle when
        setting rtc configuration"
        https://bugs.webkit.org/show_bug.cgi?id=169389
        http://trac.webkit.org/changeset/218903

2017-06-29  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218963.

        This patch and its fix cause immediate flakiness on all WK2
        testers

        Reverted changeset:

        "Support PeerConnectionStates::BundlePolicy::MaxBundle when
        setting rtc configuration"
        https://bugs.webkit.org/show_bug.cgi?id=169389
        http://trac.webkit.org/changeset/218963

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Split ResourceLoadObserver into 2 classes: one for WebCore and one for the UIProcess
        https://bugs.webkit.org/show_bug.cgi?id=173990

        Reviewed by Brent Fulgham.

        Split ResourceLoadObserver into 2 classes: one for WebCore and one for the UIProcess.
        They really have different API and there is therefore close to no code duplication.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::primaryDomain):
        (WebCore::ResourceLoadObserver::setStatisticsQueue):
        (WebCore::ResourceLoadObserver::shouldLog):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::primaryDomain):
        * loader/ResourceLoadStatisticsStore.h:
        * platform/URL.h:

2017-06-29  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom binding for UserMessageHandlersNamespace
        https://bugs.webkit.org/show_bug.cgi?id=173956

        Reviewed by Darin Adler.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSUserMessageHandlersNamespaceCustom.cpp: Removed.
        Remove JSUserMessageHandlersNamespaceCustom.cpp

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateNamedGetterLambda):
        Add support for calling named getters with additional arguments from [CallWith].

        (GenerateAttributeGetterBodyDefinition):
        (GenerateAttributeSetterBodyDefinition):
        (GenerateCallWithUsingReferences):
        (GenerateCallWithUsingPointers):
        (GenerateConstructorCallWithUsingPointers):
        (GenerateCallWith):
        (GenerateParametersCheck):
        Update arguments to GenerateCallWith(Using...) to no longer pass an operation,
        which was only needed for the no longer used ScriptArguments, pass a thisObject
        reference, and optionally pass an indentation.

        * bindings/scripts/IDLAttributes.json:
        Remove no longer used ScriptArguments and CallStack, add World.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjWithScriptArgumentsAndCallStackAttributeGetter): Deleted.
        (WebCore::jsTestObjWithScriptArgumentsAndCallStackAttribute): Deleted.
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttributeSetter): Deleted.
        (WebCore::setJSTestObjWithScriptArgumentsAndCallStackAttribute): Deleted.
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStackBody): Deleted.
        (WebCore::jsTestObjPrototypeFunctionWithScriptArgumentsAndCallStack): Deleted.
        * bindings/scripts/test/TestObj.idl:
        Remove tests of ScriptArguments and CallStack.

        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: Added.
        * bindings/scripts/test/TestNamedGetterCallWith.idl: Added.
        * bindings/scripts/test/TestNamedGetterNoIdentifier.idl: Added.
        * bindings/scripts/test/TestNamedGetterWithIdentifier.idl: Added.
        Add basic named getter tests and a specific test of named getters using CallWith.

        * page/UserMessageHandlersNamespace.cpp:
        (WebCore::UserMessageHandlersNamespace::supportedPropertyNames):
        (WebCore::UserMessageHandlersNamespace::namedItem):
        (WebCore::UserMessageHandlersNamespace::handler): Deleted.
        * page/UserMessageHandlersNamespace.h:
        Rename handler to namedItem, matching convention and the expectations of the
        bindings generator and swap the order of the arguments for the same reason.

        * page/UserMessageHandlersNamespace.idl:
        Remove CustomGetOwnPropertySlotAndDescriptor, and add the anonymous named getter.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Avoid copying ResourceLoadStatistics objects
        https://bugs.webkit.org/show_bug.cgi?id=173972

        Reviewed by Brent Fulgham.

        Avoid copying ResourceLoadStatistics objects given that they are big. Make the type move-only
        to avoid such mistakes in the future.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::ResourceLoadStatistics):

2017-06-29  John Wilander  <wilander@apple.com>

        Fix for intermittent Layout Test fail http/tests/loading/resourceLoadStatistics/telemetry-generation.html
        https://bugs.webkit.org/show_bug.cgi?id=173940
        <rdar://problem/33018125>

        Reviewed by Brent Fulgham.

        No new tests. This change enables the exiting test to pass.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
            Added an assert.

2017-06-29  Youenn Fablet  <youenn@apple.com>

        Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
        https://bugs.webkit.org/show_bug.cgi?id=169389

        Unreviewed.

        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration): Reactivating CPU overuse detection as it might be the cause of the bots regressions.

2017-06-29  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] ResourceHandleManager violate the class responsibility of ResourceHandle
        https://bugs.webkit.org/show_bug.cgi?id=173630

        Reviewed by Alex Christensen.

        * platform/network/ResourceHandle.h:
        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::platformLoadResourceSynchronously):
        (WebCore::calculateWebTimingInformations):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::writeCallback):
        (WebCore::isHttpInfo):
        (WebCore::isHttpRedirect):
        (WebCore::isHttpAuthentication):
        (WebCore::isHttpNotModified):
        (WebCore::isAppendableHeader):
        (WebCore::removeLeadingAndTrailingQuotes):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::readCallback):
        (WebCore::getFormElementsCount):
        (WebCore::setupFormData):
        (WebCore::ResourceHandle::setupPUT):
        (WebCore::ResourceHandle::setupPOST):
        (WebCore::ResourceHandle::handleDataURL):
        (WebCore::ResourceHandle::dispatchSynchronousJob):
        (WebCore::ResourceHandle::applyAuthentication):
        (WebCore::ResourceHandle::initialize):
        (WebCore::ResourceHandle::handleCurlMsg):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::startJob):
        (WebCore::calculateWebTimingInformations): Deleted.
        (WebCore::isHttpInfo): Deleted.
        (WebCore::isHttpRedirect): Deleted.
        (WebCore::isHttpAuthentication): Deleted.
        (WebCore::isHttpNotModified): Deleted.
        (WebCore::handleLocalReceiveResponse): Deleted.
        (WebCore::writeCallback): Deleted.
        (WebCore::isAppendableHeader): Deleted.
        (WebCore::removeLeadingAndTrailingQuotes): Deleted.
        (WebCore::getProtectionSpace): Deleted.
        (WebCore::headerCallback): Deleted.
        (WebCore::readCallback): Deleted.
        (WebCore::getFormElementsCount): Deleted.
        (WebCore::setupFormData): Deleted.
        (WebCore::ResourceHandleManager::setupPUT): Deleted.
        (WebCore::ResourceHandleManager::setupPOST): Deleted.
        (WebCore::handleDataURL): Deleted.
        (WebCore::ResourceHandleManager::dispatchSynchronousJob): Deleted.
        (WebCore::ResourceHandleManager::applyAuthenticationToRequest): Deleted.
        (WebCore::ResourceHandleManager::initializeHandle): Deleted.
        * platform/network/curl/ResourceHandleManager.h:

2017-06-29  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Async image decoding should be disabled for iBooks on tvOS
        https://bugs.webkit.org/show_bug.cgi?id=173945

        Reviewed by Simon Fraser.

        The iBooks on tvOS is an AppStore application. We need to disable async
        image decoding for iBooks on tvOS permanently through WebKit.

        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isIBooks):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::updateFromSettings):

2017-06-29  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add a new extended attribute to model the forced return value optimization used on Node and Crypto
        https://bugs.webkit.org/show_bug.cgi?id=173961

        Reviewed by Darin Adler.

        Node and Crypto were both using custom bindings to implement an optimization
        for operations that always returned one one of the arguments passed in. The
        optimization directly returns the JSValue argument, avoiding wrapping and 
        unwrapping, and all the cache lookups that might entail. This allows that 
        optimization to work without custom bindings by adding a new extended attribute
        [ReturnValue] that can annotate an argument. When used, the implementation
        function is expected to return either void or ExceptionOr<void>.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSCryptoCustom.cpp: Removed.
        Remove JSCryptoCustom.cpp.

        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::insertBefore): Deleted.
        (WebCore::JSNode::replaceChild): Deleted.
        (WebCore::JSNode::removeChild): Deleted.
        (WebCore::JSNode::appendChild): Deleted.
        Remove custom functions.

        * bindings/scripts/CodeGeneratorJS.pm:
        (OperationHasForcedReturnValue):
        Add helper to determine if an operation has [ReturnValue] on any argument.

        (NeedsExplicitPropagateExceptionCall):
        We must treat operations with a [ReturnValue] argument like we do operations
        returning void, and explicitly check for exceptions.

        (GenerateParametersCheck):
        Pull out the argument in a variable called 'returnValue' if it is annotated
        with [ReturnValue].

        (GenerateImplementationFunctionCall):
        Special case operations with a [ReturnValue] argument to return the previously
        set aside 'returnValue' variable.

        * bindings/scripts/IDLAttributes.json:
        Add [ReturnValue].

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimization):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationWithExceptionBody):
        (WebCore::jsTestObjPrototypeFunctionTestReturnValueOptimizationWithException):
        * bindings/scripts/test/TestObj.idl:
        Add tests for [ReturnValue].

        * dom/Node.idl:
        * page/Crypto.idl:
        Add [ReturnValue] annotations and remove [Custom] annotations.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r218944.

        Optimization is incorrect

        Reverted changeset:

        "Avoid copying ResourceLoadStatistics objects"
        https://bugs.webkit.org/show_bug.cgi?id=173972
        http://trac.webkit.org/changeset/218944

2017-06-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218896): ASSERT in WebPageProxy::dataCallback
        https://bugs.webkit.org/show_bug.cgi?id=173968

        Reviewed by Michael Catanzaro.

        The problem is that WebPageProxy::getLoadDecisionForIcon() sends 0 as callback ID when the decision is to not
        load the icon. Since r218896 we always notify the client even when the decision is to not load the icon, in
        which case the UI doesn't really expect a callback. When WebPageProxy::dataCallback is called with a 0 callback ID,
        CallbackMap::take() crashes in RELEASE_ASSERT(callbackID).

        Fixes several GTK+ unit tests that are crashing.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Return earlier if decision is false or frame is nullptr.
        (WebCore::DocumentLoader::finishedLoadingIcon): Move RELEASE_ASSERT to notifyFinishedLoadingIcon().
        (WebCore::DocumentLoader::notifyFinishedLoadingIcon): Assert if callbackIdentifier is 0 or m_frame is nullptr,
        since it's no longer expected to happen.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        statistics.mostRecentUserInteraction should be of type WallTime
        https://bugs.webkit.org/show_bug.cgi?id=173974

        Reviewed by Brent Fulgham.

        statistics.mostRecentUserInteraction should be of type WallTime for clarity.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteraction):
        (WebCore::ResourceLoadObserver::clearUserInteraction):
        * loader/ResourceLoadStatistics.cpp:
        (WebCore::ResourceLoadStatistics::encode):
        (WebCore::ResourceLoadStatistics::decode):
        (WebCore::ResourceLoadStatistics::toString):
        (WebCore::ResourceLoadStatistics::merge):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::mostRecentUserInteractionTime): Deleted.
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::shouldPartitionCookies):
        (WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):

2017-06-29  JF Bastien  <jfbastien@apple.com>

        WebAssembly: disable some APIs under CSP
        https://bugs.webkit.org/show_bug.cgi?id=173892
        <rdar://problem/32914613>

        Reviewed by Daniel Bates.

        This does the basic separation of eval-blocked and
        WebAssembly-blocked, but currently only blocks neither or both. I
        think we'll eventually consider allowing one to be blocked but not
        the other, so this separation makes sense and means that when we
        want to do the change it'll be tiny. At a minimum we want a
        different error message, which this patch provides (a lot of the
        code ties blocking to the error message).

        Tests: http/tests/security/contentSecurityPolicy/WebAssembly-allowed.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-about-blank-iframe.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-external-script.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked-in-subframe.html
               http/tests/security/contentSecurityPolicy/WebAssembly-blocked.html

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::enableWebAssembly):
        (WebCore::ScriptController::disableWebAssembly):
        * bindings/js/ScriptController.h:
        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::disableWebAssembly):
        * bindings/js/WorkerScriptController.h:
        * dom/Document.cpp:
        (WebCore::Document::disableWebAssembly):
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::didCreateWindowProxy):
        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext):
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::create):
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        (WebCore::ContentSecurityPolicyDirectiveList::webAssemblyDisabledErrorMessage):
        (WebCore::ContentSecurityPolicyDirectiveList::setWebAssemblyDisabledErrorMessage):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::disableWebAssembly):
        * workers/WorkerGlobalScope.h:

2017-06-29  Zalan Bujtas  <zalan@apple.com>

        Make InlineBox::m_topLeft and m_logicalWidth protected.
        https://bugs.webkit.org/show_bug.cgi?id=173973

        Reviewed by Simon Fraser.

        I don't think this reasoning from 10 years ago is valid anymore -> 
          "FIXME: Would like to make this protected, but methods are accessing these members over in the part."
        (comment was conveniently removed in a later commit).

        No change in functionality.

        * rendering/InlineBox.h:
        (WebCore::InlineBox::InlineBox):

2017-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Adopt +objectWithItemProviderData: for serializing NSItemProviderReading-conformant objects
        https://bugs.webkit.org/show_bug.cgi?id=173971
        <rdar://problem/33006605>

        Reviewed by Tim Horton.

        Moves off of a very-recently-deprecated API, in favor of its replacement. Guarded by a runtime check and staging
        declarations. No change in behavior.

        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard valuesForPasteboardType:inItemSet:]):

2017-06-29  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Separate global curl settings from ResourceHandleManager as CurlContext class
        https://bugs.webkit.org/show_bug.cgi?id=173629

        Reviewed by Alex Christensen.

        * PlatformWinCairo.cmake:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlContext.cpp: Added.
        (WebCore::certificatePath):
        (WebCore::cookieJarPath):
        (WebCore::CurlContext::CurlContext):
        (WebCore::CurlContext::~CurlContext):
        (WebCore::CurlContext::initCookieSession):
        (WebCore::CurlContext::ProxyInfo::url):
        (WebCore::CurlContext::setProxyInfo):
        (WebCore::CurlContext::getEffectiveURL):
        (WebCore::CurlContext::createMultiHandle):
        (WebCore::CurlContext::mutexFor):
        (WebCore::CurlContext::lock):
        (WebCore::CurlContext::unlock):
        * platform/network/curl/CurlContext.h: Added.
        (WebCore::CurlContext::singleton):
        (WebCore::CurlContext::curlShareHandle):
        (WebCore::CurlContext::getCookieJarFileName):
        (WebCore::CurlContext::setCookieJarFileName):
        (WebCore::CurlContext::getCertificatePath):
        (WebCore::CurlContext::shouldIgnoreSSLErrors):
        (WebCore::CurlContext::proxyInfo):
        (WebCore::CurlContext::setProxyInfo):
        (WebCore::CurlContext::getLogFile):
        (WebCore::CurlContext::isVerbose):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::didReceiveHeader):
        * platform/network/curl/CurlDownload.h:
        * platform/network/curl/CurlJobManager.cpp: Renamed from Source/WebCore/platform/network/curl/CurlManager.cpp.
        (WebCore::CurlJobManager::CurlJobManager):
        (WebCore::CurlJobManager::~CurlJobManager):
        (WebCore::CurlJobManager::add):
        (WebCore::CurlJobManager::remove):
        (WebCore::CurlJobManager::getActiveCount):
        (WebCore::CurlJobManager::getPendingCount):
        (WebCore::CurlJobManager::startThreadIfNeeded):
        (WebCore::CurlJobManager::stopThread):
        (WebCore::CurlJobManager::stopThreadIfIdle):
        (WebCore::CurlJobManager::updateHandleList):
        (WebCore::CurlJobManager::addToCurl):
        (WebCore::CurlJobManager::removeFromCurl):
        (WebCore::CurlJobManager::workerThread):
        * platform/network/curl/CurlJobManager.h: Renamed from Source/WebCore/platform/network/curl/CurlManager.h.
        (WebCore::CurlJobManager::singleton):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::initializeHandle):
        (WebCore::certificatePath): Deleted.
        (WebCore::cookieJarPath): Deleted.
        (WebCore::ResourceHandleManager::setCookieJarFileName): Deleted.
        (WebCore::ResourceHandleManager::getCookieJarFileName): Deleted.
        (WebCore::ResourceHandleManager::setProxyInfo): Deleted.
        (WebCore::ResourceHandleManager::initCookieSession): Deleted.
        * platform/network/curl/ResourceHandleManager.h:
        (): Deleted.

2017-06-29  Chris Dumez  <cdumez@apple.com>

        Avoid copying ResourceLoadStatistics objects
        https://bugs.webkit.org/show_bug.cgi?id=173972

        Reviewed by Geoffrey Garen.

        Avoid copying ResourceLoadStatistics objects given that they are big. Make the type move-only
        to avoid such mistakes in the future.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::ResourceLoadStatistics):

2017-06-29  Antoine Quint  <graouts@apple.com>

        Full stop shows to the right of the picture-in-picture localised string in Hebrew
        https://bugs.webkit.org/show_bug.cgi?id=173966
        <rdar://problem/32847376>

        Reviewed by Dean Jackson.

        We manually set the CSS "direction" property to "rtl" when we're not using an LTR language for a placard.

        Test: media/modern-media-controls/placard/placard-ltr.html

        * Modules/modern-media-controls/controls/placard.css:
        (.media-controls:not(.uses-ltr-user-interface-layout-direction) .placard):

2017-06-29  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed Apple CMake build after r218901

        I did not add 'cocoa/FileMonitorCocoa.mm' to the PlatformMac.cmake file as part of r218901.):

        * PlatformMac.cmake:

2017-06-29  Frederic Wang  <fwang@igalia.com>

        Small improvement of calls to RenderLayerBacking members
        https://bugs.webkit.org/show_bug.cgi?id=173969

        Reviewed by Simon Fraser.

        No new tests, behavior unchanged.

        * page/FrameView.cpp:
        (WebCore::FrameView::tiledBacking): Access the member with RenderLayerBacking::tiledBacking.
        (WebCore::FrameView::updateTilesForExtendedBackgroundMode): Ditto.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::usesCompositedScrolling): Use RenderLayerBacking::hasScrollingLayer as
        it better matches the intention of the check here.

2017-06-29  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Fix ReadableStream "strategy" argument handling
        https://bugs.webkit.org/show_bug.cgi?id=172716

        Reviewed by Xabier Rodriguez-Calvar.

        Aligned default strategy parameter with spec, as defined in [1].
        
        [1] https://streams.spec.whatwg.org/#rs-constructor

        Added new tests and updated some existing ones based on the newly
        expected behavior. Also updated expectations for WPT streams tests.

        * Modules/streams/ReadableStream.js:
        (initializeReadableStream): Fixed initialization of strategy.

2017-06-29  Antti Koivisto  <antti@apple.com>

        REGRESSION(r215347): NAS4Free Pop-down menus fail to appear
        https://bugs.webkit.org/show_bug.cgi?id=173967
        <rdar://problem/32690114>

        Reviewed by Andreas Kling.

        Menus on this configuration page operate by mutating visibility. We fail to trigger required
        compositing updates when visibility changes on non-composited layer. Visibility of a non-composited
        descendant may affect geometry of the composited ancestor layer.

        Test: compositing/backing/non-composited-visibility-change.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::layerStyleChanged):
        (WebCore::RenderLayerCompositor::needsCompositingUpdateForStyleChangeOnNonCompositedLayer): Added.

            Trigger compositing update for non-composited layers on visibility change.
            Factor tests into function.

        * rendering/RenderLayerCompositor.h:

2017-06-28  Frederic Wang  <fwang@igalia.com>

        Align Document::canNavigate on the HTM5 specification
        https://bugs.webkit.org/show_bug.cgi?id=173162

        Reviewed by Chris Dumez.

        Currently when a frame A with a sandboxed navigation flag tries and navigates another frame B
        then Document::canNavigate verifies the cases where we try to navigate A's top frame (in
        that case the allow-top-navigation flag is needed) or not (in that case, B must be a
        descendant of A). This patch refines that a bit to check the case where B is a popup (in that
        case navigation is permitted if A is the opener of B). This change aligns on the HTML5
        specification and allows to pass more W3C Web Platform tests.
        See https://html.spec.whatwg.org/multipage/browsers.html#allowed-to-navigate

        Tests: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html
               imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3.html

        * dom/Document.cpp:
        (WebCore::Document::canNavigate): This refines the case where the document's frame has the
        sandbox navigation flag set in order to handle popup navigation. New comments referring to
        the HTML5 specification are also added.

2017-06-28  Myles C. Maxfield  <mmaxfield@apple.com>

        Only apply font features for the particular type of font they are being applied to
        https://bugs.webkit.org/show_bug.cgi?id=172661
        <rdar://problem/31534119>
        <rdar://problem/32799624>

        Reviewed by Simon Fraser.

        There are two types of font formats which support features: AAT and OTF. Each of them has
        a different idea about what the identity of a feature is. We were specifying both types
        of feature identities to Core Text; however, this is causing Core Text to get confused.
        Instead, we should only apply AAT features to AAT fonts and OTF features to OTF fonts.

        Test: Un-marking these tests as failure on High Sierra:
              css3/font-variant-petite-caps-synthesis-coverage.html
              css3/font-variant-small-caps-synthesis-coverage.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontType::FontType):
        (WebCore::preparePlatformFont):
        (WebCore::variationCapabilitiesForFontDescriptor):
        (WebCore::isGXVariableFont): Deleted.

2017-06-28  Chris Dumez  <cdumez@apple.com>

        [ResourceLoadStatistics] Simplify PrevalentResourceTelemetry struct
        https://bugs.webkit.org/show_bug.cgi?id=173953

        Reviewed by Sam Weinig.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
        * loader/ResourceLoadStatisticsStore.h:
        (WebCore::PrevalentResourceTelemetry::PrevalentResourceTelemetry): Deleted.

2017-06-28  Ryosuke Niwa  <rniwa@webkit.org>

        Crash in WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange
        https://bugs.webkit.org/show_bug.cgi?id=173958

        Reviewed by Simon Fraser.

        The crashed is most likely caused by updateLayersAfterAncestorChange calling [CALayer setPosition]
        with a CGPoint which contains the x coordinate or the y coordinate of NaN.

        Simon and I inpected the code but we couldn't figure out how we get there. Detect this case and bail out.
        Also log the relevant values and debug assert when this condition is hit to help identifying the root cause.

        * page/scrolling/mac/ScrollingTreeFixedNode.mm:
        (WebCore::ScrollingTreeFixedNode::updateLayersAfterAncestorChange):

2017-06-28  Chris Dumez  <cdumez@apple.com>

        ResourceLoadObserver clean up
        https://bugs.webkit.org/show_bug.cgi?id=173955

        Reviewed by Sam Weinig and Brent Fulgham.

        ResourceLoadObserver clean up: Modernize code a bit and get rid of unused variables.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::clearInMemoryStore):
        (WebCore::ResourceLoadObserver::clearInMemoryAndPersistentStore):
        (WebCore::ResourceLoadObserver::shouldLog):
        (WebCore::ResourceLoadObserver::logFrameNavigation):
        (WebCore::ResourceLoadObserver::logSubresourceLoading):
        (WebCore::ResourceLoadObserver::logWebSocketLoading):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteraction):
        (WebCore::ResourceLoadObserver::setSubframeUnderTopFrameOrigin):
        (WebCore::ResourceLoadObserver::setSubresourceUnderTopFrameOrigin):
        (WebCore::ResourceLoadObserver::setSubresourceUniqueRedirectTo):
        (WebCore::ResourceLoadObserver::fireDataModificationHandler):
        (WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler):
        (WebCore::ResourceLoadObserver::primaryDomain):
        (WebCore::ResourceLoadObserver::statisticsForOrigin):

2017-06-28  Zalan Bujtas  <zalan@apple.com>

        Move RenderEmbeddedObject::isReplacementObscured to HTMLPlugInElement
        https://bugs.webkit.org/show_bug.cgi?id=173802
        <rdar://problem/32884389>

        Reviewed by Simon Fraser.

        Hittesting could potentially destroy "this" renderer so calling it inside RenderEmbeddedObject
        could leave the caller with a stale pointer.
        This patch protects the plugin element from getting destroyed and checks if the renderer got
        deleted during the hittest to avoid nullptr dereference.

        Speculative fix.

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::isReplacementObscured):
        * html/HTMLPlugInElement.h:
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::isReplacementObscured): Deleted.
        * rendering/RenderEmbeddedObject.h:
        * testing/Internals.cpp:
        (WebCore::Internals::isPluginUnavailabilityIndicatorObscured):

2017-06-28  Chris Dumez  <cdumez@apple.com>

        Avoid copying statistics in ResourceLoadStatisticsStore::readDataFromDecoder()
        https://bugs.webkit.org/show_bug.cgi?id=173951

        Reviewed by Ryosuke Niwa.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):

2017-06-28  Ryosuke Niwa  <rniwa@webkit.org>

        Safari's Speedometer score massively regresses when accessibility is enabled
        https://bugs.webkit.org/show_bug.cgi?id=173912

        Reviewed by Chris Fleizach.

        The bug was caused by HTMLTextFormControlElement::setInnerTextValue triggering a synchronous layout
        via constructing VisiblePosition when the accessibility tree is present.

        Added AXObjectCache::postTextReplacementNotificationForTextControl which avoids the construction of
        VisiblePosition and other means of triggering a synchronous layout. This patch also fixes a subtle bug
        that HTMLTextFormControlElement was creating TextMarkerData with axID set to that of the text control
        element instead of the root editable element inside its shadow tree even though the typing command uses
        axID of the root editable element. While I couldn't find any user-visible behavioral change from this
        code change, new code is more self-consistent.

        Also added LayoutDisallowedScope which asserts that no synchronous layout happens in setInnerTextValue
        so that we don't introduce a new performance regression like this in the future.

        No new tests. Existing tests in accessibility directory covers this.

        * CMakeLists.txt: Added LayoutDisallowedScope.cpp.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl): Added.
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition): Modernized. Returns optional<TextMarkerData>
        instead of taking TextMarkerData as an out-argument, and returning with axID of 0.
        (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl): Added. This specialized version
        constructs TextMarkerData for the first position inside the editable region in a text control without
        triggering a synchronous layout.

        * accessibility/AXObjectCache.h:
        (WebCore::TextMarkerData): Initialize each member automatically.
        (WebCore::AXObjectCache::postTextReplacementNotificationForTextControl):

        * accessibility/ios/AXObjectCacheIOS.mm:
        (WebCore::AXObjectCache::postTextReplacementPlatformNotificationForTextControl): Added.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker textMarkerWithVisiblePosition:cache:]):

        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::addTextMarkerFor): Extracted from textReplacementChangeDictionary. Added a new variant which
        takes a text form control instead.
        (WebCore::textReplacementChangeDictionary): Templatized this function to either take VisiblePosition
        and call textMarkerForVisiblePosition or take HTMLTextFormControlElement and call
        textMarkerForFirstPositionInTextControl.
        (WebCore::postUserInfoForChanges): Extracted from postTextReplacementPlatformNotification.
        (WebCore::AXObjectCache::postTextReplacementPlatformNotification): 
        (WebCore::AXObjectCache::postTextReplacementPlatformNotificationForTextControl): Added.

        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.h:

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (textMarkerForVisiblePosition):
        (-[WebAccessibilityObjectWrapper textMarkerForFirstPositionInTextControl:]): Added.

        * dom/Document.cpp:
        (WebCore::Document::updateLayout): Assert that LayoutDisallowedScope is not in the stack frame.

        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::setInnerTextValue): Call postTextReplacementNotificationForTextControl
        to avoid triggering a synchronous layout. Also create LayoutDisallowedScope to avoid a similar performance
        regression from being introduced in the future in this function. Finally, made innerText a RefPtr for extra
        safety since we're using it after updating the DOM tree.

        * rendering/LayoutDisallowedScope.cpp: Added.
        * rendering/LayoutDisallowedScope.h: Added.
        (WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::~LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::isLayoutAllowed):

2017-06-27  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Cannot italicize or bold text rendered with text styles
        https://bugs.webkit.org/show_bug.cgi?id=173634

        Reviewed by Darin Adler.

        r218616 enabled the new cascade list codepath for "system-ui," but didn't do it for the named
        text styles (like "font: -apple-system-tall-body;"). This new codepath is better because it
        correctly specifies weights and italics (using kCTFontWeightTrait and kCTFontSlantTrait) instead
        of using symbolic traits, and because it correctly handles fonts in the Core Text fallback chain.
        This patch migrates the named text styles to this new codepath.

        Test: fast/text/ipad/bold-tall-body-text-style.html

        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParametersHash::equal):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::convertArray):
        (WebCore::convertArray):
        (WebCore::makeNeverDestroyed):
        (WebCore::isUIFontTextStyle):
        (WebCore::systemFontParameters):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash): Deleted.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal): Deleted.
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-06-28  Devin Rousso  <drousso@apple.com>

        Web Inspector: Instrument active pixel memory used by canvases
        https://bugs.webkit.org/show_bug.cgi?id=173087
        <rdar://problem/32719261>

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/memory.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::setImageBuffer):
        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::didChangeCanvasMemory):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorInstrumentation.h:
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didChangeCanvasMemory):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemoryImpl):

2017-06-28  Alex Christensen  <achristensen@webkit.org>

        Prevent displaying URLs with small capital letters
        https://bugs.webkit.org/show_bug.cgi?id=173949
        <rdar://problem/32952058>

        Reviewed by Brent Fulgham.

        Covered by new API tests.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter):

2017-06-28  Youenn Fablet  <youenn@apple.com>

        Support PeerConnectionStates::BundlePolicy::MaxBundle when setting rtc configuration
        https://bugs.webkit.org/show_bug.cgi?id=169389

        Reviewed by Alex Christensen.

        Covered by manual testing (appr.tc and https://youennf.github.io/webrtc-tests/src/content/peerconnection/trickle-ice/).
        Previously, we were creating a libwebrtc peer connection and then setting its configuration.
        libwebrtc does not like the configuration to be changed and may refuse to set the configuration.
        Instead of doing that, we are now creating the libwebrtc peer connection with the provided configuration.

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::setConfiguration):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::initializeWith):
        (WebCore::iceServersFromConfiguration):
        (WebCore::RTCPeerConnection::initializeConfiguration):
        (WebCore::RTCPeerConnection::setConfiguration):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::LibWebRTCMediaEndpoint):
        (WebCore::LibWebRTCMediaEndpoint::setConfiguration):
        (WebCore::LibWebRTCMediaEndpoint::stop):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        (WebCore::LibWebRTCPeerConnectionBackend::setConfiguration):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:
        * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
        (WebCore::createActualPeerConnection):
        (WebCore::LibWebRTCProvider::createPeerConnection):
        * platform/mediastream/libwebrtc/LibWebRTCProvider.h:

2017-06-28  Brent Fulgham  <bfulgham@apple.com>

        Teach ResourceLoadStatistics to recognize changes in the file system
        https://bugs.webkit.org/show_bug.cgi?id=173800
        <rdar://problem/32937842>

        Reviewed by Chris Dumez.

        We want to support the case where multiple UI processes choose to share the same
        statistics file. To support this, update the ResourceLoadStatistics logic to be aware
        that the statistics data file might change underneath it, and to take appropriate
        action when it does.

        * WebCore.xcodeproj/project.pbxproj: Update for new sources.
        * WebCore/CMakeLists.txt: Update for new FileMonitor source file.
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent): Use the new deletion
        handler for the data file instead of writing out an empty file.
        (WebCore::ResourceLoadStatisticsStore::setDeletePersistentStoreCallback): Added.
        * loader/ResourceLoadStatisticsStore.h:
        * platform/FileMonitor.cpp: Added.
        (WebCore::FileMonitor::create):
        (WebCore::FileMonitor::FileMonitor): Register handlers and begin monitoring file.
        (WebCore::FileMonitor::~FileMonitor): Stop any active file monitoring.
        (WebCore::FileMonitor::startMonitoringPath): Stub implementation.
        (WebCore::FileMonitor::stopMonitoring): Ditto.
        * platform/FileMonitor.h: Added.
        * platform/FileSystem.h: Export files needed by WebKit2. Add support for O_EVTONLY
        Darwin file handles.
        * platform/Logging.h: Add 'ResourceLoadStatistics' category.
        * platform/cocoa/FileMonitorCocoa.mm: Added.
        (WebCore::FileMonitor::startMonitoringPath): Create a new VNODE type dispatch_source
        to receive notifications when the specified file changes.
        (WebCore::FileMonitor::stopMonitoring): Cancel the dispatch_source when we are done
        monitoring the file.
        * platform/posix/FileSystemPOSIX.cpp: Update 'openFile' to understand the O_EVTONLY
        mode of file handles (Darwin-only). 

2017-06-28  Brady Eidson  <beidson@apple.com>

        DocumentLoader should always notify the client if there are pending icon loads when the load is stopped.
        https://bugs.webkit.org/show_bug.cgi?id=173874

        Reviewed by Alex Christensen.

        Covered by API tests.

        Patch started by Carlos Garcia Campos, finished by me.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading): Make all of the callbacks for cancelled IconLoaders.
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Make the callback even if there's no IconLoader.
        (WebCore::DocumentLoader::finishedLoadingIcon):
        (WebCore::DocumentLoader::notifyFinishedLoadingIcon):
        * loader/DocumentLoader.h:

2017-06-28  Antoine Quint  <graouts@apple.com>

        Volume controls should be hidden when AirPlay is active
        https://bugs.webkit.org/show_bug.cgi?id=173933
        <rdar://problem/33011931>

        Reviewed by Dean Jackson.

        Ensure we don't show any volume controls during AirPlay. We set the mute button's enabled state to "false"
        when AirPlay is active and key off this enabled stated to control the display of all volume-related controls
        throughout the UI.

        Tests: media/modern-media-controls/macos-fullscreen-media-controls/macos-fullscreen-media-controls-volume-controls-hidden-when-mute-button-disabled.html
               media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-top-right-controls-bar-hidden-when-mute-button-disabled.html

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        (InlineMediaControls):
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.layout):
        * Modules/modern-media-controls/media/airplay-support.js:
        (AirplaySupport.prototype.syncControl):
        (AirplaySupport):

2017-06-28  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive includes from WebCore/css sources
        https://bugs.webkit.org/show_bug.cgi?id=173919

        Reviewed by Simon Fraser.

        No new tests needed.

        * css/CSSCanvasValue.cpp:
        * css/CSSComputedStyleDeclaration.cpp:
        * css/CSSContentDistributionValue.cpp:
        * css/CSSCrossfadeValue.cpp:
        * css/CSSCursorImageValue.cpp:
        * css/CSSCustomPropertyValue.cpp:
        * css/CSSDefaultStyleSheets.cpp:
        * css/CSSFilterImageValue.cpp:
        * css/CSSFontFace.cpp:
        * css/CSSFontFaceSet.cpp:
        * css/CSSFontFaceSource.cpp:
        * css/CSSFontFaceSrcValue.cpp:
        * css/CSSFontFeatureValue.cpp:
        * css/CSSFontSelector.cpp:
        * css/CSSFontValue.cpp:
        * css/CSSImageGeneratorValue.cpp:
        * css/CSSImageSetValue.cpp:
        * css/CSSImageValue.cpp:
        * css/CSSImportRule.cpp:
        * css/CSSKeyframesRule.cpp:
        * css/CSSMediaRule.cpp:
        * css/CSSNamedImageValue.cpp:
        * css/CSSPrimitiveValue.cpp:
        * css/CSSProperty.cpp:
        * css/CSSPropertySourceData.cpp:
        * css/CSSReflectValue.cpp:
        * css/CSSRuleList.cpp:
        * css/CSSSegmentedFontFace.cpp:
        * css/CSSSelector.cpp:
        * css/CSSStyleRule.cpp:
        * css/CSSStyleSheet.cpp:
        * css/CSSSupportsRule.cpp:
        * css/CSSToStyleMap.cpp:
        * css/CSSValueList.cpp:
        * css/CSSValuePool.cpp:
        * css/CSSVariableData.cpp:
        * css/ElementRuleCollector.cpp:
        * css/InspectorCSSOMWrappers.cpp:
        * css/MediaList.cpp:
        * css/MediaQueryEvaluator.cpp:
        * css/MediaQueryExpression.cpp:
        * css/PropertySetCSSStyleDeclaration.cpp:
        * css/RGBColor.cpp:
        * css/SelectorChecker.cpp:
        * css/StyleProperties.cpp:
        * css/StyleResolver.cpp:
        * css/StyleRule.cpp:
        * css/StyleSheetContents.cpp:
        * css/TransformFunctions.cpp:
        * css/ViewportStyleResolver.cpp:
        * css/WebKitCSSRegionRule.cpp:
        * css/parser/CSSParser.cpp:
        * css/parser/CSSParserFastPaths.cpp:
        * css/parser/CSSParserIdioms.cpp:
        * css/parser/CSSParserSelector.cpp:
        * css/parser/CSSParserToken.cpp:
        * css/parser/CSSPropertyParser.cpp:
        * css/parser/CSSSelectorParser.cpp:
        * css/parser/MediaQueryParser.cpp:

2017-06-28  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:

2017-06-28  Antoine Quint  <graouts@apple.com>

        Remove unnecessary `const double` method arguments
        https://bugs.webkit.org/show_bug.cgi?id=173925

        Reviewed by Dean Jackson.

        Addressing post-landing feedback from webkit.org/b/173858.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::formattedStringForDuration):
        * Modules/mediacontrols/MediaControlsHost.h:
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::mediaControlsFormattedStringForDuration):
        * rendering/RenderThemeCocoa.h:

2017-06-28  Zalan Bujtas  <zalan@apple.com>

        Unreviewed, rolling out r218373.

        Output is not right

        Reverted changeset:

        "Use WTFLogAlways for debug logging so that it shows up in
        device system logs"
        https://bugs.webkit.org/show_bug.cgi?id=173450
        http://trac.webkit.org/changeset/218373

2017-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Some web pages disappear immediately after rendering
        https://bugs.webkit.org/show_bug.cgi?id=173768

        Reviewed by Xabier Rodriguez-Calvar.

        This is happening with websites having a "hidden" class in HTML tag when a media element is added. In the GTK+
        port the media controls CSS contains the following code:

        .hidden {
            display: none !important;
        }

        That causes the whole HTML document to become display: none. That's why we just render a white page, and also
        the reason why it only happens with the GTK+ port and only with some specific websites. We should limit the
        scope of the hidden class to the media control elements.

        * css/mediaControlsGtk.css:
        (audio::-webkit-media-controls-panel.hidden,):
        (audio::-webkit-media-controls-panel div.mute-box.hidden,):
        (audio::-webkit-media-controls-current-time-display.hidden,):
        (audio::-webkit-media-controls-timeline.hidden,):
        (audio::-webkit-media-controls-toggle-closed-captions-button, video::-webkit-media-controls-toggle-closed-captions-button):
        (audio::-webkit-media-controls-toggle-closed-captions-button.hidden,):
        (video::-webkit-media-controls-closed-captions-container.hidden):
        (audio::-webkit-media-controls-fullscreen-button.hidden,):
        (.hidden): Deleted.

2017-06-28  Antoine Quint  <graouts@apple.com>

        Media controls volume glyph does not have the correct material
        https://bugs.webkit.org/show_bug.cgi?id=173918
        <rdar://problem/33012697>

        Reviewed by Eric Carlson.

        Test: media/modern-media-controls/macos-inline-media-controls/macos-inline-media-controls-mute-button-in-bottom-or-top-right-controls-bar.html

        All buttons were hosted in a ControlsBar save for the MuteButton, so we now host it in a controls bar as well
        to ensure compositing is similar to all other buttons.

        * Modules/modern-media-controls/controls/inline-media-controls.css:
        (.media-controls.inline > .controls-bar.top-right):
        (.media-controls.inline > button.mute): Deleted.
        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls):
        (InlineMediaControls.prototype.layout):
        (InlineMediaControls.prototype._addTopRightBarWithMuteButtonToChildren):
        * Modules/modern-media-controls/controls/macos-inline-media-controls.js:
        (MacOSInlineMediaControls.prototype.handleEvent):

2017-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218799): [GTK][WPE] Critical warning at exit
        https://bugs.webkit.org/show_bug.cgi?id=173907

        Reviewed by Konstantin Tokarev.

        GLib-GObject-CRITICAL **: g_object_unref: assertion 'G_IS_OBJECT (object)' failed

        This is now always happening when closing the MeiniBrowser and it's causing a lot of unit tests to fail. In
        r218799, GRefPtrGtk.h include was removed from PasteboardHelper.h that contains a GRefPtr<GtkTargetList>. The
        targets are destroyed at exit, but now trying to use g_object_unref instead of gtk_target_list_unref(). I've
        found two more cases like this in r218799, that removes GUniquePtrSoup.h from ResourceHandleInternal.h and
        ResourceRequest.h that have GUniquePtr<SoupBuffer> and GUniquePtr<SoupURI>.

        Fixes several GTK+ and WPE unit tests.

        * platform/gtk/PasteboardHelper.h: Bring back GRefPtrGtk.h.
        * platform/network/ResourceHandleInternal.h: Bring back GUniquePtrSoup.h.
        * platform/network/soup/ResourceRequest.h: Ditto.

2017-06-27  Chris Dumez  <cdumez@apple.com>

        [ResourceLoadStatistics] Update minimumTimeBetweeenDataRecordsRemoval to 1 hour instead of 1 minute
        https://bugs.webkit.org/show_bug.cgi?id=173895
        <rdar://problem/32984366>

        Reviewed by Brent Fulgham.

        Update minimumTimeBetweeenDataRecordsRemoval to 1 hour instead of 1 minute to save battery.
        Also port code to modern time types.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::reduceTimeResolution):
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        (WebCore::ResourceLoadObserver::setTimeToLiveUserInteraction):
        (WebCore::ResourceLoadObserver::setTimeToLiveCookiePartitionFree):
        (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
        (WebCore::ResourceLoadObserver::setReducedTimestampResolution):
        (WebCore::ResourceLoadObserver::setGrandfatheringTime):
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatistics.h:
        (WebCore::ResourceLoadStatistics::mostRecentUserInteractionTime):
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
        (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
        (WebCore::shouldPartitionCookies):
        (WebCore::ResourceLoadStatisticsStore::setTimeToLiveUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::setTimeToLiveCookiePartitionFree):
        (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
        (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
        (WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction):
        (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
        (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
        (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
        (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
        * loader/ResourceLoadStatisticsStore.h:

2017-06-27  Chris Dumez  <cdumez@apple.com>

        Port HysteresisActivity to Seconds type
        https://bugs.webkit.org/show_bug.cgi?id=173902

        Reviewed by Simon Fraser.

        * platform/HysteresisActivity.h:
        (WebCore::HysteresisActivity::HysteresisActivity):
        (WebCore::HysteresisActivity::stop):
        * platform/ios/WebSQLiteDatabaseTrackerClient.mm:

2017-06-27  Jeremy Jones  <jeremyj@apple.com>

        MediaPlayerPrivate m_private may not yet be created when setPrivateBrowsingMode is called.
        https://bugs.webkit.org/show_bug.cgi?id=173893
        rdar://problem/32986872
        
        Reviewed by Ryosuke Niwa.

        No new tests because no reproducable case.

        setPrivateBrowsingMode can be called on MediaPlayer before the MediaPlayerPrivate is created.
        The value should only be pushed down the m_private if it has been created.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setPrivateBrowsingMode):

2017-06-27  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support dragging out of contenteditable areas without a prior selection
        https://bugs.webkit.org/show_bug.cgi?id=173854
        <rdar://problem/32236827>

        Reviewed by Ryosuke Niwa and Tim Horton.

        Allows elements to be dragged from contenteditable areas for both WebKit1 and WebKit2 iOS. There are two main
        changes in WebCore: move the touch point adjustment code into EventHandler::tryToBeginDataInteractionAtPoint, so
        that the clientPosition specified will be adjusted to an appropriate clickable node if needed. This is necessary
        because UIWebDocumentView and WKContentView no longer send adjusted points to WebCore when requesting drag
        start. See <https://bugs.webkit.org/show_bug.cgi?id=173855> for a followup regarding the globalPosition and
        clientPositions passed in to the MouseEvents when performing a drag or synthetic click.

        Secondly, image elements in Mail's contenteditable area are not draggable unless the heuristic in
        DragController::draggableElement is tweaked to not reject image dragging across the board if the
        loadsImagesAutomatically setting is turned off. Instead, even if images are not automatically loaded, allow the
        image drag to commence if the image renderer already has a cached image.

        Test: DataInteractionTests.DragImageFromContentEditable

        * page/DragController.cpp:
        (WebCore::imageElementIsDraggable):
        (WebCore::DragController::draggableElement):
        * page/ios/EventHandlerIOS.mm:
        (WebCore::EventHandler::tryToBeginDataInteractionAtPoint):

2017-06-27  Antoine Quint  <graouts@apple.com>

        [Modern Media Controls] Accessibility labels should be formatted using NSDateComponentsFormatter
        https://bugs.webkit.org/show_bug.cgi?id=173858
        <rdar://problem/32643171>

        Reviewed by Dean Jackson.

        We shouldn't be manually trying to create a formatted string for media controls and instead rely
        on NSDateComponentsFormatter to perform this task for us. So we remove the ad-hoc code in the JS
        media controls code and instead add a new MediaControlsHost method to format durations which calls
        into RenderTheme to provide a formatted duration string relevant to the current platform and locale.

        * English.lproj/modern-media-controls-localized-strings.js:
        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::formattedStringForDuration):
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediacontrols/MediaControlsHost.idl:
        * Modules/modern-media-controls/controls/slider.js:
        (Slider.prototype.set inputAccessibleLabel):
        * Modules/modern-media-controls/controls/time-label.js:
        (TimeLabel.prototype.commitProperty):
        * Modules/modern-media-controls/main.js:
        (createControls):
        (formattedStringForDuration):
        (formatTimeToString): Deleted.
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::mediaControlsFormattedStringForDuration):
        * rendering/RenderThemeCocoa.h:
        * rendering/RenderThemeCocoa.mm:
        (WebCore::RenderThemeCocoa::mediaControlsFormattedStringForDuration):

2017-06-27  Eric Carlson  <eric.carlson@apple.com>

        r218647 causes getUserMedia to fail on some machines
        https://bugs.webkit.org/show_bug.cgi?id=173894

        Reviewed by Youenn Fablet.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::isFrameRateSupported): Change frame rate epsilon from 0.00001
        to 0.001.

2017-06-27  Antoine Quint  <graouts@apple.com>

        Placard icons act like buttons (can get keyboard focus and shows up in VoiceOver)
        https://bugs.webkit.org/show_bug.cgi?id=173891
        <rdar://problem/33011855>

        Reviewed by Dean Jackson.

        Ensure that we disable buttons inside placards as they're only decorative and should
        not be interactive.

        * Modules/modern-media-controls/controls/placard.js:
        (Placard.):

2017-06-27  Jeremy Jones  <jeremyj@apple.com>

        Disable m_temporarilyAllowingInlinePlaybackAfterFullscreen on pause
        https://bugs.webkit.org/show_bug.cgi?id=173843
        rdar://problem/32982431

        Reviewed by Eric Carlson.

        Test: media/media-fullscreen-pause-inline.html

        Some pages may not have a fullscreen button, so disabled m_temporarilyAllowingInlinePlaybackAfterFullscreen on pause.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::pause):

2017-06-27  Chris Dumez  <cdumez@apple.com>

        [iOS] Avoid taking / releasing process assertions too quickly due to database activity
        https://bugs.webkit.org/show_bug.cgi?id=173879
        <rdar://problem/32412701>

        Reviewed by Antti Koivisto.

        Add HysteresisActivity to WebSQLiteDatabaseTrackerClient to avoid taking / releasing
        process assertion too quickly due to database activity.

        * platform/ios/WebSQLiteDatabaseTrackerClient.h:
        * platform/ios/WebSQLiteDatabaseTrackerClient.mm:
        (WebCore::WebSQLiteDatabaseTrackerClient::WebSQLiteDatabaseTrackerClient):
        (WebCore::WebSQLiteDatabaseTrackerClient::willBeginFirstTransaction):
        (WebCore::WebSQLiteDatabaseTrackerClient::didFinishLastTransaction):
        (WebCore::WebSQLiteDatabaseTrackerClient::hysteresisUpdated):

2017-06-27  Youenn Fablet  <youenn@apple.com>

        Using public logging for WebRTC release logging
        https://bugs.webkit.org/show_bug.cgi?id=173881

        Reviewed by Eric Carlson.

        No change of behavior.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::PeerConnectionBackend::createOfferFailed):
        (WebCore::PeerConnectionBackend::createAnswerSucceeded):
        (WebCore::PeerConnectionBackend::createAnswerFailed):
        (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
        (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
        (WebCore::PeerConnectionBackend::addIceCandidateFailed):
        (WebCore::PeerConnectionBackend::newICECandidate):
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::queuedSetLocalDescription):
        (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
        (WebCore::RTCPeerConnection::queuedAddIceCandidate):
        (WebCore::RTCPeerConnection::updateIceGatheringState):
        (WebCore::RTCPeerConnection::updateIceConnectionState):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered):

2017-06-27  Don Olmstead  <don.olmstead@sony.com>

        [PAL] Add symbol export macros for PAL
        https://bugs.webkit.org/show_bug.cgi?id=171519

        Reviewed by Konstantin Tokarev.

        No new tests. No change in behavior.

        * CMakeLists.txt:
        * config.h:
        * platform/PlatformExportMacros.h:

2017-06-27  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Add telemetry
        https://bugs.webkit.org/show_bug.cgi?id=173499
        <rdar://problem/32826094>

        Reviewed by Brent Fulgham.

        Test: http/tests/loading/resourceLoadStatistics/telemetry-generation.html

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::fireTelemetryHandler):
            Test infrastructure.
        * loader/ResourceLoadObserver.h:
        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::setFireTelemetryCallback):
        (WebCore::ResourceLoadStatisticsStore::fireTelemetryHandler):
            Test infrastructure.
        (WebCore::ResourceLoadStatisticsStore::sortedPrevalentResourceTelemetry):
            Convenience function for telemetry.
        * loader/ResourceLoadStatisticsStore.h:
            Added struct WebCore::PrevalentResourceTelemetry.
        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::resourceLoadStatisticsTelemetryKey):
            Added.
        * page/DiagnosticLoggingKeys.h:

2017-06-27  Ting-Wei Lan  <lantw44@gmail.com>

        Add missing includes to fix compilation error on FreeBSD
        https://bugs.webkit.org/show_bug.cgi?id=172919

        Reviewed by Mark Lam.

        No new tests needed.

        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        * platform/audio/ReverbAccumulationBuffer.cpp:

2017-06-27  Zalan Bujtas  <zalan@apple.com>

        Add RenderEmbeddedObject::getReplacementTextGeometry helper.
        https://bugs.webkit.org/show_bug.cgi?id=173847

        Reviewed by Simon Fraser.

        ...and remove getReplacementTextGeometry's redundant return value. 

        No change in functionality.

        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintReplaced):
        (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
        (WebCore::RenderEmbeddedObject::unavailablePluginIndicatorBounds):
        (WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator):
        * rendering/RenderEmbeddedObject.h:

2017-06-27  Wenson Hsieh  <wenson_hsieh@apple.com>

        Refactor drag start codepaths to plumb a DragItem to client layers
        https://bugs.webkit.org/show_bug.cgi?id=173832
        Work towards <rdar://problem/32236827>

        Reviewed by Ryosuke Niwa and Tim Horton.

        Refactor drag start logic in WebCore to set up a DragItem and propagate it to WebDragClient. No change in behavior.

        * loader/EmptyClients.cpp:
        * page/DragClient.h:
        * page/DragController.cpp:
        (WebCore::DragController::startDrag):
        (WebCore::DragController::doImageDrag):
        (WebCore::DragController::doSystemDrag):

        Refactor to pass along a DragItem. Also, remove unused drag image anchor computation.

        * page/DragController.h:
        * platform/DragImage.h:
        * platform/DragItem.h:

        Add additional information needed to begin a drag on iOS.

        (WebCore::DragItem::encode):
        (WebCore::DragItem::decode):

        Add IPC serialization/deserialization support for DragItem.

        * platform/PasteboardWriterData.cpp:
        (WebCore::PasteboardWriterData::isEmpty):
        * platform/PasteboardWriterData.h:

2017-06-27  Frederic Wang  <fwang@igalia.com>

        Some tests to verify forbidden frame navigation time out
        https://bugs.webkit.org/show_bug.cgi?id=173657

        Reviewed by Chris Dumez.

        Currently some tests try and perform a forbidden frame navigation and verify the
        corresponding console error. However, WebKit does not raise any exception for such error so
        the tests have to wait until the timeout limit to complete, which makes execution slow.
        This patch modifies the setters of window.location for which such error may happen in order
        to raise an exception so the tests behave as expected.

        No new tests, already covered by existing tests.

        * page/Location.cpp: Adjust Location::setLocation to return a security exception and pass it
        to the callers.
        (WebCore::Location::setHref): Adjust function to possibly return an exception.
        (WebCore::Location::setProtocol): Ditto.
        (WebCore::Location::setHost): Ditto.
        (WebCore::Location::setHostname): Ditto.
        (WebCore::Location::setPort): Ditto.
        (WebCore::Location::setPathname): Ditto.
        (WebCore::Location::setSearch): Ditto.
        (WebCore::Location::setHash): Ditto.
        (WebCore::Location::assign): Ditto.
        (WebCore::Location::setLocation): FrameLoader::findFrameForNavigation is really only used
        to verify whether navigating m_frame is permitted so it is more simple and clearer to do it
        directly. When navigation is not permitted, this function now raises a security exception.
        * page/Location.h: Modify some setters to return an ExceptionOr<void>.
        * page/Location.idl: Allow some setters to raise an exception.

2017-06-26  Fujii Hironori  <Hironori.Fujii@sony.com>

        [GTK] Layout Test webrtc/video.html issues "stack smashing detected"
        https://bugs.webkit.org/show_bug.cgi?id=173862

        Reviewed by Carlos Garcia Campos.

        Tests: webrtc/video.html

        Passing a bool variable to g_object_get causes out-of-bound write.
        gboolean should be used, which is 4 bytes while bool is one byte.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::muted): Use gboolean instead of bool.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
        (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded): Ditto.

2017-06-26  Chris Dumez  <cdumez@apple.com>

        WebsiteDataStore::fetchDataForTopPrivatelyControlledDomains() is inefficient
        https://bugs.webkit.org/show_bug.cgi?id=173850

        Reviewed by Ryosuke Niwa.

        * loader/ResourceLoadStatisticsStore.cpp:
        (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
        * loader/ResourceLoadStatisticsStore.h:

2017-06-26  Antti Koivisto  <antti@apple.com>

        REGRESSION (AsyncImageDecoding): A tab with the WWDC keynote paused is killed for using excessive power (Image thrashing)
        https://bugs.webkit.org/show_bug.cgi?id=173804
        <rdar://problem/32623745>

        Reviewed by Simon Fraser.

        When under memory pressure MemoryCache::singleton().pruneLiveResources(true) is called inFrameView::didPaintContents()
        after top level paint. We end up decoding and pruning bitmaps repeatedly for each tile, which is not great.

        Situation gets worse with async decoding. Painting now doesn’t actually decode the image, it just starts the decoding.
        When it completes we trigger another paint to get the bits to the tiles. The paint for the first tile then calls
        pruneLiveResources and loses the bitmap and the second tile triggers another round of async decoding. We have code
        that prevents pruning of visible images but non-visible images in tiling area can hit this bug easily.

        Test: fast/images/low-memory-decode.html

        * page/FrameView.cpp:
        (WebCore::FrameView::willPaintContents):
        (WebCore::FrameView::didPaintContents):

            Eliminate synchronous pruning during painting. This is an obsolete mechanism from early iOS times.

        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::imageFrameAvailableAtIndex):
        (WebCore::BitmapImage::decodeCountForTesting):

            Testing support.

        * platform/graphics/BitmapImage.h:
        * testing/Internals.cpp:
        (WebCore::Internals::imageDecodeCount):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-26  Chris Dumez  <cdumez@apple.com>

        ImageFrameCache::startAsyncDecodingQueue() unsafely passes Strings across threads
        https://bugs.webkit.org/show_bug.cgi?id=173842

        Reviewed by Simon Fraser.

        The URL string was passed across thread without isolated copy.

        * platform/graphics/ImageFrameCache.cpp:
        (WebCore::ImageFrameCache::startAsyncDecodingQueue):

2017-06-26  Jonathan Bedard  <jbedard@apple.com>

        Unreviewed, rolling out r218783.

        Causing accessibility/mac/setting-attributes-is-
        asynchronous.html to crash consistently on mac-wk2 Debug

        Reverted changeset:

        "AX: Cannot call setValue() on contenteditable or ARIA text
        controls"
        https://bugs.webkit.org/show_bug.cgi?id=173520
        http://trac.webkit.org/changeset/218783

2017-06-26  Yusuke Suzuki  <utatane.tea@gmail.com>

        [WTF] Drop Thread::create(obsolete things) API since we can use lambda
        https://bugs.webkit.org/show_bug.cgi?id=173825

        Reviewed by Saam Barati.

        No behavior change.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::IDBServer):
        (WebCore::IDBServer::IDBServer::databaseThreadEntry): Deleted.
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/webaudio/AsyncAudioDecoder.cpp:
        (WebCore::AsyncAudioDecoder::AsyncAudioDecoder):
        (WebCore::AsyncAudioDecoder::threadEntry): Deleted.
        * Modules/webaudio/AsyncAudioDecoder.h:
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::startRendering):
        (WebCore::OfflineAudioDestinationNode::offlineRenderEntry): Deleted.
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        * Modules/webdatabase/DatabaseThread.cpp:
        (WebCore::DatabaseThread::start):
        (WebCore::DatabaseThread::databaseThreadStart): Deleted.
        * Modules/webdatabase/DatabaseThread.h:
        * bindings/js/GCController.cpp:
        (WebCore::collect):
        (WebCore::GCController::gcTimerFired):
        (WebCore::GCController::garbageCollectOnAlternateThreadForDebugging):
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::open):
        (WebCore::IconDatabase::iconDatabaseSyncThreadStart): Deleted.
        * loader/icon/IconDatabase.h:
        * page/ResourceUsageThread.cpp:
        (WebCore::ResourceUsageThread::createThreadIfNeeded):
        (WebCore::ResourceUsageThread::threadCallback): Deleted.
        * page/ResourceUsageThread.h:
        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::createThreadIfNeeded):
        (WebCore::ScrollingThread::threadCallback): Deleted.
        (WebCore::ScrollingThread::threadBody): Deleted.
        * page/scrolling/ScrollingThread.h:
        * platform/audio/HRTFDatabaseLoader.cpp:
        (WebCore::HRTFDatabaseLoader::loadAsynchronously):
        (WebCore::databaseLoaderEntry): Deleted.
        * platform/audio/HRTFDatabaseLoader.h:
        * platform/audio/ReverbConvolver.cpp:
        (WebCore::ReverbConvolver::ReverbConvolver):
        (WebCore::backgroundThreadEntry): Deleted.
        * platform/audio/ReverbConvolver.h:
        (WebCore::ReverbConvolver::useBackgroundThreads):
        * platform/network/cf/LoaderRunLoopCF.cpp:
        (WebCore::loaderRunLoop):
        (WebCore::runLoaderThread): Deleted.
        * platform/network/curl/CurlManager.cpp:
        (WebCore::CurlManager::startThreadIfNeeded):
        (WebCore::CurlManager::workerThread):
        * platform/network/curl/CurlManager.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::start):
        (WebCore::WorkerThread::workerThreadStart): Deleted.
        * workers/WorkerThread.h:

2017-06-26  Joanmarie Diggs  <jdiggs@igalia.com>

        [ATK] Add support for aria-details and aria-errormessage
        https://bugs.webkit.org/show_bug.cgi?id=172588

        Reviewed by Chris Fleizach.

        Add methods to retrieve elements referenced by or referencing the new
        aria-details and aria-errormessage attributes. Include aria-details and
        aria-errormessage in AccessibilityObject::supportsARIAAttributes() to ensure
        elements with these attributes will be included in the accessibility tree.

        New test cases added to accessibility/gtk/relation-types.html.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAAttributes):
        (WebCore::AccessibilityObject::ariaDetailsElements):
        (WebCore::AccessibilityObject::ariaDetailsReferencingElements):
        (WebCore::AccessibilityObject::ariaErrorMessageElements):
        (WebCore::AccessibilityObject::ariaErrorMessageReferencingElements):
        * accessibility/AccessibilityObject.h:
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (setAtkRelationSetFromCoreObject):
        * html/HTMLAttributeNames.in:

2017-06-26  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{Modules,animation,crypto,domjit}
        https://bugs.webkit.org/show_bug.cgi?id=173824

        Reviewed by Darin Adler.

        No new tests needed.

        * Modules/credentials/CredentialCreationOptions.h:
        * Modules/credentials/PasswordCredential.h:
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchBodyOwner.h:
        * Modules/gamepad/GamepadManager.h:
        * Modules/geolocation/Coordinates.h:
        * Modules/geolocation/Geoposition.h:
        * Modules/indexeddb/IDBActiveDOMObject.h:
        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBDatabase.h:
        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        * Modules/indexeddb/IDBObjectStore.cpp:
        * Modules/indexeddb/IDBObjectStore.h:
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        * Modules/indexeddb/shared/InProcessIDBServer.h:
        * Modules/indexeddb/shared/IndexKey.h:
        * Modules/mediacontrols/MediaControlsHost.h:
        * Modules/mediasession/WebMediaSessionManager.h:
        * Modules/mediasource/SourceBufferList.h:
        * Modules/mediasource/VideoPlaybackQuality.h:
        * Modules/notifications/Notification.h:
        * Modules/quota/WorkerNavigatorStorageQuota.h:
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioContext.h:
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioParamTimeline.h:
        * Modules/webaudio/ConvolverNode.cpp:
        * Modules/webaudio/MediaStreamAudioSource.h:
        * Modules/webaudio/MediaStreamAudioSourceNode.h:
        * Modules/webaudio/PannerNode.h:
        * Modules/webaudio/PeriodicWave.h:
        * Modules/webaudio/ScriptProcessorNode.h:
        * Modules/webdatabase/DatabaseManager.h:
        * Modules/webdatabase/DatabaseTask.h:
        * Modules/webdatabase/SQLTransaction.h:
        * Modules/webdatabase/SQLTransactionBackend.h:
        * Modules/webdatabase/SQLTransactionStateMachine.h:
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WebSocketDeflater.h:
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * animation/AnimationEffect.h:
        * crypto/CryptoKeyPair.h:
        * crypto/parameters/CryptoAlgorithmEcdhKeyDeriveParams.h:
        * dom/ScriptExecutionContext.h:
        * domjit/DOMJITHelpers.h:
        * domjit/DOMJITIDLConvert.h:
        * domjit/DOMJITIDLType.h:

2017-06-26  Konstantin Tokarev  <annulen@yandex.ru>

        [GTK] Unreviewed, added missing includes to fix debug build

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/platform
        https://bugs.webkit.org/show_bug.cgi?id=173822

        Reviewed by Tim Horton.

        No new tests needed.

        * html/ColorInputType.h:
        * html/MediaElementSession.h:
        * page/SecurityOriginData.cpp:
        * platform/CalculationValue.cpp:
        * platform/CalculationValue.h:
        * platform/ColorChooserClient.h:
        * platform/ContentType.h:
        * platform/LogMacros.h:
        * platform/PODRedBlackTree.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/PopupMenuStyle.h:
        * platform/ScrollAnimator.h:
        * platform/Theme.h:
        * platform/ThreadGlobalData.h:
        * platform/animation/AnimationList.h:
        * platform/audio/AudioArray.h:
        * platform/audio/AudioChannel.h:
        * platform/audio/DynamicsCompressor.h:
        * platform/audio/DynamicsCompressorKernel.h:
        * platform/audio/FFTFrame.h:
        * platform/audio/HRTFDatabaseLoader.cpp:
        * platform/audio/HRTFDatabaseLoader.h:
        * platform/audio/HRTFElevation.h:
        * platform/audio/MultiChannelResampler.h:
        * platform/audio/PlatformMediaSession.h:
        * platform/audio/ReverbConvolver.h:
        * platform/audio/ReverbConvolverStage.cpp:
        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/BitmapImage.h:
        * platform/graphics/CrossfadeGeneratedImage.h:
        * platform/graphics/FloatPolygon.h:
        * platform/graphics/FloatSizeHash.h:
        * platform/graphics/Font.h:
        * platform/graphics/FontMetrics.h:
        * platform/graphics/FontPlatformData.h:
        * platform/graphics/FontRanges.h:
        * platform/graphics/FontTaggedSettings.h:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/GraphicsLayerClient.h:
        * platform/graphics/Image.cpp:
        * platform/graphics/ImageFrame.h:
        * platform/graphics/ImageFrameCache.h:
        * platform/graphics/ImageSource.h:
        * platform/graphics/IntRectHash.h:
        * platform/graphics/IntSizeHash.h:
        * platform/graphics/MediaPlaybackTargetClient.h:
        * platform/graphics/Pattern.h:
        * platform/graphics/PlatformTimeRanges.h:
        * platform/graphics/TextRun.h:
        * platform/graphics/TiledBacking.h:
        * platform/graphics/cairo/FontCustomPlatformData.h:
        * platform/graphics/filters/FEConvolveMatrix.h:
        * platform/graphics/filters/FELighting.h:
        * platform/graphics/filters/SourceAlpha.h:
        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/InbandMetadataTextTrackPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/harfbuzz/HarfBuzzShaper.h:
        * platform/graphics/opengl/Extensions3DOpenGL.h:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        * platform/graphics/texmap/TextureMapperGL.cpp:
        * platform/graphics/texmap/TextureMapperGL.h:
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
        * platform/graphics/texmap/TextureMapperTile.h:
        * platform/graphics/texmap/coordinated/Tile.h:
        * platform/graphics/texmap/coordinated/TiledBackingStore.h:
        * platform/graphics/transforms/TransformState.h:
        * platform/gtk/PasteboardHelper.h:
        * platform/gtk/ScrollbarThemeGtk.h:
        * platform/image-decoders/ImageDecoder.h:
        * platform/network/BlobData.h:
        * platform/network/BlobDataFileReference.h:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleInternal.h:
        * platform/network/SocketStreamHandleClient.h:
        * platform/network/soup/ResourceRequest.h:
        * platform/network/soup/SocketStreamHandleImpl.h:
        * platform/network/soup/SoupNetworkSession.h:
        * platform/sql/SQLiteFileSystem.h:
        * platform/text/LocaleICU.h:

2017-06-25  Youenn Fablet  <youenn@apple.com>

        Remove use of mock webrtc backend factory at injected bundle reset time
        https://bugs.webkit.org/show_bug.cgi?id=173817

        Reviewed by Darin Adler.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Resetting the peer connection backend.
        * testing/MockLibWebRTCPeerConnection.cpp: Doing some clean-up
        (WebCore::useRealRTCPeerConnectionFactory):
        (WebCore::MockLibWebRTCPeerConnectionFactory::MockLibWebRTCPeerConnectionFactory):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreatePeerConnection):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreateVideoTrack):
        (WebCore::MockLibWebRTCPeerConnectionFactory::CreateAudioTrack):
        * testing/MockLibWebRTCPeerConnection.h:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=173812

        Reviewed by Darin Adler.

        No new tests needed.

        * Modules/indexeddb/IDBObjectStore.cpp:
        * bindings/js/JSDOMPromiseDeferred.h:
        * bindings/js/JSLazyEventListener.cpp:
        * bindings/js/JSMainThreadExecState.h:
        * bindings/js/ReadableStreamDefaultController.cpp:
        * bindings/js/ScriptGlobalObject.cpp:
        * bindings/js/SerializedScriptValue.cpp:
        * bridge/NP_jsobject.cpp:
        * dom/ScriptExecutionContext.cpp:
        * html/HTMLPlugInImageElement.cpp:

2017-06-25  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{rendering,style,svg}
        https://bugs.webkit.org/show_bug.cgi?id=173773

        Reviewed by Darin Adler.

        No new tests needed.

        * css/StyleBuilderConverter.h:
        * editing/TextIterator.cpp:
        * rendering/CounterNode.h:
        * rendering/FlexibleBoxAlgorithm.h:
        * rendering/HitTestLocation.h:
        * rendering/HitTestResult.h:
        * rendering/HitTestingTransformState.h:
        * rendering/OrderIterator.h:
        * rendering/RenderButton.h:
        * rendering/RenderCombineText.h:
        * rendering/RenderFlowThread.h:
        * rendering/RenderFullScreen.h:
        * rendering/RenderGeometryMap.h:
        * rendering/RenderListItem.h:
        * rendering/RenderMediaControlElements.cpp:
        * rendering/RenderMediaControlElements.h:
        * rendering/RenderMediaControls.h:
        * rendering/RenderMeter.h:
        * rendering/RenderMultiColumnSet.cpp:
        * rendering/RenderObject.h:
        * rendering/RenderRegion.h:
        * rendering/RenderRegionSet.cpp:
        * rendering/RenderRegionSet.h:
        * rendering/RenderTheme.h:
        * rendering/RenderVTTCue.cpp:
        * rendering/RenderVTTCue.h:
        * rendering/SimpleLineLayoutFunctions.h:
        * rendering/SimpleLineLayoutResolver.h:
        * rendering/line/BreakingContext.h:
        * rendering/line/LineBreaker.h:
        * rendering/mathml/MathMLStyle.h:
        * rendering/mathml/RenderMathMLOperator.h:
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/shapes/RectangleShape.h:
        * rendering/style/BasicShapes.h:
        * rendering/style/BorderData.h:
        * rendering/style/CounterDirectives.h:
        * rendering/style/GridArea.h:
        * rendering/style/KeyframeList.h:
        * rendering/style/RenderStyle.h:
        * rendering/style/SVGRenderStyle.h:
        * rendering/style/ShapeValue.h:
        * rendering/style/StyleCachedImage.h:
        * rendering/style/StyleMultiColData.h:
        * rendering/style/StyleRareNonInheritedData.h:
        * rendering/style/WillChangeData.h:
        * rendering/svg/RenderSVGBlock.h:
        * rendering/svg/RenderSVGRect.h:
        * rendering/svg/RenderSVGResource.h:
        * rendering/svg/RenderSVGResourceContainer.h:
        * rendering/svg/RenderSVGResourceMarker.h:
        * rendering/svg/RenderSVGResourceMasker.h:
        * rendering/svg/RenderSVGResourcePattern.h:
        * rendering/svg/SVGInlineFlowBox.cpp:
        * rendering/svg/SVGInlineTextBox.h:
        * rendering/svg/SVGRootInlineBox.h:
        * rendering/svg/SVGTextChunk.cpp:
        * rendering/svg/SVGTextChunk.h:
        * rendering/svg/SVGTextChunkBuilder.cpp:
        * rendering/svg/SVGTextLayoutEngine.cpp:
        * rendering/svg/SVGTextLayoutEngineSpacing.h:
        * style/RenderTreePosition.cpp:
        * style/RenderTreePosition.h:
        * style/RenderTreeUpdater.h:
        * style/StyleFontSizeFunctions.h:
        * style/StyleInvalidator.h:
        * style/StyleResolveForDocument.h:
        * style/StyleScope.h:
        * style/StyleTreeResolver.cpp:
        * style/StyleTreeResolver.h:
        * style/StyleUpdate.h:
        * svg/SVGAnimationElement.h:
        * svg/SVGFEBlendElement.cpp:
        * svg/SVGFEBlendElement.h:
        * svg/SVGFEComponentTransferElement.h:
        * svg/SVGFEFloodElement.cpp:
        * svg/SVGFEFloodElement.h:
        * svg/SVGFEImageElement.h:
        * svg/SVGFEMergeElement.cpp:
        * svg/SVGFEMergeElement.h:
        * svg/SVGFEOffsetElement.cpp:
        * svg/SVGFEOffsetElement.h:
        * svg/SVGFETileElement.cpp:
        * svg/SVGFETileElement.h:
        * svg/SVGParserUtilities.h:
        * svg/SVGPathByteStream.h:
        * svg/SVGPathElement.cpp:
        * svg/SVGPolyElement.cpp:
        * svg/SVGSVGElement.cpp:
        * svg/SVGTRefElement.cpp:
        * svg/SVGTextPathElement.cpp:
        * svg/SVGUseElement.cpp:
        * svg/animation/SMILTimeContainer.h:
        * svg/graphics/SVGImageCache.h:
        * svg/graphics/filters/SVGFilter.h:

2017-06-25  Antoine Quint  <graouts@apple.com>

        Remove rAf suspension logging
        https://bugs.webkit.org/show_bug.cgi?id=173821

        Reviewed by Tim Horton.

        Now that webkit.org/b/173628 is fixed, we can remove the logging code we added.

        * dom/Document.cpp:
        (WebCore::Document::requestAnimationFrame):
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::suspend):
        (WebCore::ScriptedAnimationController::resume):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        (WebCore::Page::setIsVisibleInternal):
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::MacApplication::isDumpRenderTree): Deleted.

2017-06-24  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add complete support for stringifier
        https://bugs.webkit.org/show_bug.cgi?id=173724

        Reviewed by Darin Adler.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddStringifierOperationIfNeeded):
        Update AddStringifierOperationIfNeeded to support stringifier on operations and be more
        strict about the allowed types. Also copies over all extended attributes to the synthetic
        operation.

        * bindings/scripts/IDLParser.pm:
        (parseInterfaceMember):
        (parseOperationOrReadWriteAttributeOrMaplike):
        (parseReadOnlyMember):
        (parseStringifier):
        (parseStaticMember):
        (parseAttributeOrOperationForStringifierOrStatic):
        (parseReadWriteAttribute):
        (parseAttributeRest):
        (parseOperation):
        (parseSpecialOperation):
        (parseMapLikeProperties):
        (parseOperationRest):
        (parseAttributeOrOperationOrIterator): Deleted.
        (parseQualifier): Deleted.
        (parseAttributeOrOperationRest): Deleted.
        (parseAttribute): Deleted.
        (parseOperationOrIterator): Deleted.
        - Update parser to more closely resemble the WebIDL grammar, splitting out parseStringifier and
          parseStaticMember into their own subroutines. 
        - Move those and parseSerializer, parseStringifier, parseStaticMember, parseIterableRest and a split out
          parseReadOnlyMembers up into parseInterfaceMember to make it clearer that they are top level members
          and match the grammar.
        - Rename parseAttributeOrOperationOrIterator to parseOperationOrReadWriteAttributeOrMaplike to match the
          grammar language and make it clear what it does.
        - Add parseAttributeOrOperationForStringifierOrStatic which contains most of the logic for parsing stringifiers
          and static members, which have almost identical grammars.
        - Remove creator special which no longer exists in the spec.

        * css/DOMMatrixReadOnly.idl:
        * css/WebKitCSSMatrix.idl:
        * dom/Range.idl:
        * html/URLSearchParams.idl:
        Fix FIXMEs by switching to use stringifier.

        * bindings/scripts/test/JS/JSTestStringifier.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifier.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.h: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp: Added.
        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.h: Added.
        * bindings/scripts/test/TestStringifier.idl: Added.
        * bindings/scripts/test/TestStringifierAnonymousOperation.idl: Added.
        * bindings/scripts/test/TestStringifierNamedOperation.idl: Added.
        * bindings/scripts/test/TestStringifierOperationImplementedAs.idl: Added.
        * bindings/scripts/test/TestStringifierOperationNamedToString.idl: Added.
        * bindings/scripts/test/TestStringifierReadOnlyAttribute.idl: Added.
        * bindings/scripts/test/TestStringifierReadWriteAttribute.idl: Added.
        Add new tests.

2017-06-24  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/mac/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-23  Simon Fraser  <simon.fraser@apple.com>

        Attempt to fix an internal build after r218755.

        * bindings/js/JSMainThreadExecStateInstrumentation.h:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
        https://bugs.webkit.org/show_bug.cgi?id=173792

        Reviewed by Ryosuke Niwa.

        Add release assertion to make sure callbackIdentifier is not 0 in DocumentLoader::finishedLoadingIcon()
        as this could cause HashTable corruption on WebPageProxy side.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::finishedLoadingIcon):

2017-06-23  Youenn Fablet  <youenn@apple.com>

        webrtc::WebRtcSession is not handling correctly its state when setLocalDescription fails and is called again
        https://bugs.webkit.org/show_bug.cgi?id=173783

        Reviewed by Alex Christensen.

        Test: webrtc/libwebrtc/setLocalDescriptionCrash.html

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::doSetLocalDescription): Fail early if there is no pending remote description and description is for an answer.

2017-06-23  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream macOS] enumerateDevices should only return valid audio capture devices
        https://bugs.webkit.org/show_bug.cgi?id=173790
        <rdar://problem/32260334>

        Reviewed by Youenn Fablet.

        * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp:
        (WebCore::isValidCaptureDevice): A valid device has a name and is not an aggregate device
        created by VPIO.
        (WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices):

2017-06-23  Jer Noble  <jer.noble@apple.com>

        [WK2] Support -[WebAVPlayerController setMuted:]
        https://bugs.webkit.org/show_bug.cgi?id=173777

        Reviewed by Eric Carlson.

        Have -[WebAVPlayerController setMuted:] pass the request to its delegate (the model)
        rather than just storing the value.

        * platform/cocoa/WebPlaybackSessionModel.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.h:
        * platform/cocoa/WebPlaybackSessionModelMediaElement.mm:
        (WebCore::WebPlaybackSessionModelMediaElement::toggleMuted):
        (WebCore::WebPlaybackSessionModelMediaElement::setMuted):
        * platform/ios/WebAVPlayerController.h:
        * platform/ios/WebAVPlayerController.mm:
        (-[WebAVPlayerController isMuted]):
        (-[WebAVPlayerController setMuted:]):
        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::setMuted):

2017-06-23  Frederic Wang  <fwang@igalia.com>

        Make RenderLayer::handleTouchEvent use usesAcceleratedScrolling()
        https://bugs.webkit.org/show_bug.cgi?id=173763

        Reviewed by Simon Fraser.

        No new tests, behavior is unchanged.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::handleTouchEvent): Call usesAcceleratedScrolling() instead of
        hasTouchScrollableOverflow() for clarity.

2017-06-23  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{bindings,css,dom}
        https://bugs.webkit.org/show_bug.cgi?id=173766

        Reviewed by Simon Fraser.

        No new tests needed.

        * ForwardingHeaders/runtime/ThrowScope.h: Added.
        * Modules/plugins/QuickTimePluginReplacement.mm:
        * bindings/js/CachedScriptSourceProvider.h:
        * bindings/js/JSCommandLineAPIHostCustom.cpp:
        * bindings/js/JSCustomXPathNSResolver.cpp:
        * bindings/js/JSDOMConstructorNotConstructable.h:
        * bindings/js/JSDOMConvertBase.h:
        * bindings/js/JSDOMConvertBufferSource.h:
        * bindings/js/JSDOMConvertInterface.h:
        * bindings/js/JSDOMConvertStrings.h:
        * bindings/js/JSDOMConvertUnion.h:
        * bindings/js/JSDOMConvertVariadic.h:
        * bindings/js/JSDOMConvertWebGL.h:
        * bindings/js/JSDOMExceptionHandling.h:
        * bindings/js/JSDOMIterator.h:
        * bindings/js/JSDOMMapLike.h:
        * bindings/js/JSDOMWindowBase.cpp:
        * bindings/js/JSDOMWindowCustom.cpp:
        * bindings/js/JSDOMWindowCustom.h:
        * bindings/js/JSDOMWindowProperties.h:
        * bindings/js/JSDOMWrapperCache.h:
        * bindings/js/JSLazyEventListener.cpp:
        * bindings/js/JSMainThreadExecStateInstrumentation.h:
        * bindings/js/JSMediaListCustom.h:
        * bindings/js/JSNodeCustom.h:
        * bindings/js/JSNodeListCustom.h:
        * bindings/js/JSVideoTrackListCustom.cpp:
        * bindings/js/ScheduledAction.h:
        * bindings/js/ScriptSourceCode.h:
        * bindings/js/SerializedScriptValue.h:
        * bindings/js/WebCoreJSClientData.h:
        * css/CSSFontFeatureValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSStyleSheet.h:
        * css/CSSValue.h:
        * css/StyleBuilderCustom.h:
        * dom/ContainerNodeAlgorithms.h:
        * dom/DataTransfer.h:
        * dom/Node.h:
        * dom/NodeRareData.h:
        * dom/Position.h:
        * dom/RenderedDocumentMarker.h:

2017-06-23  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        Fix broken WinCairo build

        [Curl] Extract CurlDownloadManager as shared background task handler
        https://bugs.webkit.org/show_bug.cgi?id=173557

        Reviewed by Joseph Pecoraro.

        * platform/network/curl/CurlManager.h:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        [iOS] Potential crash under WebCore::notifyLowPowerModeChanged(WebCore::LowPowerModeNotifier*, bool)
        https://bugs.webkit.org/show_bug.cgi?id=173755
        <rdar://problem/32940942>

        Reviewed by Mark Lam.

        The crash was happening because the WebLowPowerModeObserver would dispatch
        a lambda to the main thread but the LowPowerModeNotifier object could be
        dead by the time we get to the main thread.

        To address the issue, keep a strong ref to the WebLowPowerModeObserver in
        the lambda we dispatch to the main thread to make sure it stays alive until
        we execute the lambda. In the LowPowerModeNotifier destructor, we now reset
        the WebLowPowerModeObserver's notifier pointer to nil and I added a null
        check for this notifier in the lambda.

        * platform/LowPowerModeNotifier.cpp:
        (WebCore::LowPowerModeNotifier::~LowPowerModeNotifier):
        * platform/LowPowerModeNotifier.h:
        * platform/ios/LowPowerModeNotifierIOS.mm:
        (-[WebLowPowerModeObserver initWithNotifier:]):
        (-[WebLowPowerModeObserver _didReceiveLowPowerModeChange]):
        (WebCore::LowPowerModeNotifier::LowPowerModeNotifier):
        (WebCore::LowPowerModeNotifier::~LowPowerModeNotifier):
        (WebCore::notifyLowPowerModeChanged):

2017-06-23  Alex Christensen  <achristensen@webkit.org>

        Add SPI to WKURLSchemeTask for redirection
        https://bugs.webkit.org/show_bug.cgi?id=173730

        Reviewed by Brady Eidson.

        * platform/network/CacheValidation.cpp:
        (WebCore::computeFreshnessLifetimeForHTTPFamily):
        Asserting that redirects are always http/https URLs is no longer valid.
        If there's a custom scheme redirect, give it no freshness lifetime in the cache.

2017-06-23  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive headers from WebCore/{editing,fileapi,history,html,loader,page}
        https://bugs.webkit.org/show_bug.cgi?id=173769

        Reviewed by Simon Fraser.

        No new tests needed.

        * css/CSSFontFaceSource.cpp:
        * editing/DictationCommand.cpp:
        * editing/Editor.h:
        * editing/VisiblePosition.h:
        * editing/VisibleUnits.h:
        * fileapi/BlobBuilder.h:
        * history/PageCache.h:
        * html/DOMURL.h:
        * html/HTMLCollection.h:
        * html/HTMLMediaElement.cpp:
        * html/HTMLMediaElement.h:
        * html/HTMLPlugInImageElement.cpp:
        * html/StepRange.h:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/parser/HTMLDocumentParser.cpp:
        * html/parser/HTMLElementStack.h:
        * html/parser/HTMLInputStream.h:
        * html/shadow/MediaControlElements.cpp:
        * html/shadow/MediaControls.cpp:
        * html/shadow/MediaControls.h:
        * html/track/TrackListBase.h:
        * html/track/VTTCue.h:
        * html/track/WebVTTParser.cpp:
        * html/track/WebVTTParser.h:
        * loader/CrossOriginPreflightChecker.cpp:
        * loader/DocumentThreadableLoader.cpp:
        * loader/FrameLoaderClient.h:
        * loader/LinkPreloadResourceClients.h:
        * loader/LoadTiming.h:
        * loader/ThreadableLoaderClientWrapper.h:
        * loader/WorkerThreadableLoader.h:
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedResourceRequest.h:
        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedTextTrack.h:
        * loader/icon/IconLoader.cpp:
        * page/AlternativeTextClient.h:
        * page/CaptionUserPreferences.cpp:
        * page/CaptionUserPreferences.h:
        * page/ContextMenuClient.h:
        * page/MainFrame.h:
        * page/Page.h:
        * page/PageGroup.h:
        * page/PerformanceEntry.h:
        * page/PerformanceResourceTiming.h:
        * page/ResourceUsageOverlay.cpp:
        * page/ResourceUsageOverlay.h:
        * page/UserContentController.h:
        * page/UserContentProvider.h:
        * page/animation/AnimationBase.h:
        * page/animation/CSSPropertyAnimation.h:
        * page/animation/CompositeAnimation.h:
        * page/scrolling/ScrollingCoordinator.h:
        * xml/XSLTProcessorLibxslt.cpp:
        * xml/parser/XMLDocumentParserLibxml2.cpp:

2017-06-23  Chris Dumez  <cdumez@apple.com>

        [mac-wk1] requestAnimationFrame callbacks may not get serviced
        https://bugs.webkit.org/show_bug.cgi?id=173628

        Reviewed by Simon Fraser.

        Page::setIsVisibleInternal() was firing the 'visibilitychange' event
        synchronously while in the middle of updating its visibility/activity
        state. This allowed the JavaScript to re-enter the method by calling
        testRunner.setPageVisibility() / resetPageVisiblity() and we would
        end up in an inconsistent state.

        No new tests, extended existing test.

        * dom/Document.cpp:
        (WebCore::Document::visibilityStateChanged):
        Do no fire the visibilitychange event synchronously as we are in the
        middle of updating the page's activity state. Instead fire the
        event asynchronously.

        * page/Page.cpp:
        (WebCore::Page::setIsVisibleInternal):
        Move the calling of Document::visibilityStateChanged() until after we're
        done updating the page's visibility state.

        * testing/Internals.cpp:
        (WebCore::Internals::scriptedAnimationsAreSuspended):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add test infrastructure to check if scripted animations are suspended.

2017-06-23  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Respond to AudioSession interruption and resume
        https://bugs.webkit.org/show_bug.cgi?id=173718
        <rdar://problem/32925263>

        Reviewed by Youenn Fablet.

        Tested manually.

        * WebCore.xcodeproj/project.pbxproj: Add CoreAudioCaptureSourceIOS.mm/.h

        * platform/mediastream/RealtimeMediaSource.h: Make createWeakPtr protected so derived classes
        can use it.

        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.h: Added.
        * platform/mediastream/ios/CoreAudioCaptureSourceIOS.mm: Added.
        (-[WebCoreAudioCaptureSourceIOSListener initWithCallback:]):
        (-[WebCoreAudioCaptureSourceIOSListener invalidate]):
        (-[WebCoreAudioCaptureSourceIOSListener handleInterruption:]):
        (-[WebCoreAudioCaptureSourceIOSListener sessionMediaServicesWereReset:]):
        (WebCore::CoreAudioCaptureSourceIOS::CoreAudioCaptureSourceIOS):
        (WebCore::CoreAudioCaptureSourceIOS::~CoreAudioCaptureSourceIOS):

        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioSharedUnit::suspended): 
        (WebCore::CoreAudioSharedUnit::setupAudioUnit): Clear m_suspended.
        (WebCore::CoreAudioSharedUnit::suspend): Don't clear sources or uninitialize the audio unit,
        suspend is temporary. Set m_suspended.
        (WebCore::CoreAudioSharedUnit::resume): New, restart the audio unit.
        (WebCore::CoreAudioCaptureSource::create): Create the correct object.
        (WebCore::CoreAudioCaptureSource::scheduleReconfiguration): Dispatch to main thread if necessary.
        (WebCore::CoreAudioCaptureSource::beginInterruption): New, suspend from main thread.
        (WebCore::CoreAudioCaptureSource::endInterruption): New, resume/reconfigure from main thread.
        (WebCore::CoreAudioCaptureSource::interrupted):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:

2017-06-23  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Drop the AES-CFB support
        https://bugs.webkit.org/show_bug.cgi?id=173547

        Reviewed by Jiewen Tan.

        No new tests -- relevant test baselines are updated.

        Stop registering the AES-CFB algorithm as something that's supported by
        the libgcrypt implementation. This algorithm was previously included in
        the Web Crypto API specification, but has since been dropped from it.

        Conveniently, libgcrypt only recently gained support for the CFB8 AES
        cipher mode that's required by the specification, meaning we could only
        support this algorithm with future releases of the libgcrypt library.

        * crypto/gcrypt/CryptoAlgorithmRegistryGCrypt.cpp:
        (WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):

2017-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>

        [WPE] Enable PUBLIC_SUFFIX_LIST
        https://bugs.webkit.org/show_bug.cgi?id=173758

        Reviewed by Žan Doberšek.

        * PlatformWPE.cmake: Add PublicSuffixSoup.cpp to the build.

2017-06-22  Antti Koivisto  <antti@apple.com>

        REGRESSION(r217695): Offscreen/overflowed items not being rendered while translating in-frame
        https://bugs.webkit.org/show_bug.cgi?id=173732

        Reviewed by Simon Fraser.

        If an accelerated animation starts completely outside the view we fail to create backing for it
        when it moves into view.

        Fix by computing the full extent rect of the animation when it starts and doing the viewport overlap
        testing with that.

        Test: compositing/backing/transform-transition-from-outside-view.html

        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::animationExtent):
        (WebCore::GraphicsLayer::setAnimationExtent):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect):

            Return the current animation transformation matrix so we can use it elsewhere without recomputing.

        (WebCore::GraphicsLayerCA::setVisibleAndCoverageRects):

            If we have animation extent use it instead of bounds for visibility testing.

        (WebCore::GraphicsLayerCA::recursiveCommitChanges):

            Track if theres is a visible ancestor layer with a transition animation.

        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::updateCoverage):

            For simplicity create backing for all sublayers of a visible transform animated layer.

        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::VisibleAndCoverageRects::VisibleAndCoverageRects): Deleted.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):

            Pass the animation extent (including descendants) to GraphicsLayer.

2017-06-22  Chris Dumez  <cdumez@apple.com>

        ResourceLoadStatisticsStore should be ThreadSafeRefCounted
        https://bugs.webkit.org/show_bug.cgi?id=173753
        <rdar://problem/32939326>

        Reviewed by Andreas Kling.

        ResourceLoadStatisticsStore should be ThreadSafeRefCounted as it is ref'd/deref'd
        from different threads.

        * loader/ResourceLoadStatisticsStore.h:

2017-06-22  Myles C. Maxfield  <mmaxfield@apple.com>

        @font-face rules with invalid primary fonts never download their secondary fonts
        https://bugs.webkit.org/show_bug.cgi?id=173138
        <rdar://problem/32554450>

        Reviewed by Simon Fraser.

        We have logic in CSSFontAccessor::font() which disallows downloading a CSSFontFace if that CSSFontFace
        is already in the Succeeded state. However, it was possible for a succeeded CSSFontFace to still fail
        to create a font. In this situation, we wouldn't be able to use the downloaded font, and we wouldn't
        try to download the next item in the src: list because the CSSFontFace is succeeded.

        This patch strengthens the meaning of the Succeeded state. Previously, it just meant that the bytes
        in the file were downloaded successfully. This patch extends this to also mean that the bytes in the
        file can be successfully interpreted as a font. This way, the CSSFontFace in the example above won't be
        set to the Succeeded state, so we will continue follow the src: list and download the secondary fonts.

        This has an added benefit that the CSS Font Loading API's promises will be called more appropriately.
        The transition to the Succeeded state will trigger a resolve of the promise. Now, these promises will
        only be resolved if the fonts are actually parsed and understood by our text system.

        Test: fast/text/font-fallback-invalid-load.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::fontLoaded): Move to the failed state if we can't understand the font
        data. This is the crux of this patch.
        (WebCore::CSSFontFaceSource::font): This function should only be called if we are in the Succeeded
        state, which means now we know we should always be able to understand the bytes of the file. Therefore,
        we can change some if statements into ASSERT()s.
        * loader/cache/CachedSVGFont.cpp:
        (WebCore::CachedSVGFont::createFont): Ditto.
        (WebCore::CachedSVGFont::ensureCustomFontData): Similarly to CSSFontFaceSource::fontLoaded(), this
        adds another check to our criteria for transitioning into the Succeeded state, which will guarantee that
        later we will always be able to create the font object.

2017-06-22  Andreas Kling  <akling@apple.com>

        Rename MemoryPressureHandler::setTabCount to setPageCount
        https://bugs.webkit.org/show_bug.cgi?id=173750

        Reviewed by Daniel Bates.

        * page/Page.cpp:
        (WebCore::Page::~Page):

2017-06-22  Antoine Quint  <graouts@apple.com>

        Modern media controls localised strings are out of sync with used strings in code
        https://bugs.webkit.org/show_bug.cgi?id=173752

        Reviewed by Dean Jackson.

        Remove strings we no longer use and add strings we use but failed to add previously.

        * English.lproj/modern-media-controls-localized-strings.js:

2017-06-22  Antoine Quint  <graouts@apple.com>

        Log when scripted animations get suspended and resumed
        https://bugs.webkit.org/show_bug.cgi?id=173751

        Reviewed by Dean Jackson.

        More work toward understanding why rAF callbacks are not serviced on bots (webkit.org/b/173628).

        * dom/Document.cpp:
        (WebCore::Document::requestAnimationFrame):
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::suspend):
        (WebCore::ScriptedAnimationController::resume):
        (WebCore::ScriptedAnimationController::logSuspendCount): Deleted.
        * dom/ScriptedAnimationController.h:
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        (WebCore::Page::setIsVisibleInternal):

2017-06-22  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r214712): Infinite recursion in RenderTable::layout in paginated mode
        https://bugs.webkit.org/show_bug.cgi?id=173731
        <rdar://problem/32237775>

        Reviewed by Antti Koivisto.

        We should just skip bottom captions to check if section is moved, since they don't affect
        the section position (bottom <caption> is preceded by <tfoot>).

        Test: fast/table/caption-bottom-with-pagination.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):

2017-06-22  Dean Jackson  <dino@apple.com>

        REGRESSION (r215809): 50% regression 14E305 -> 15A293a in MotionMark Suits test
        https://bugs.webkit.org/show_bug.cgi?id=173728
        <rdar://problem/32526744>

        Reviewed by Tim Horton.

        It turns out that CGGradientCreateWithColors is much slower than
        CGGradientCreateWithColorComponents, even without colorspace variations.
        Update the gradient creation code to only use this slower path
        when it has extended colors.

        * platform/graphics/Color.h: Add a FIXME about renaming some methods.
        * platform/graphics/cg/GradientCG.cpp: Use CGGradientCreateWithColorComponents
        if we have stops that are not extended colors.
        (WebCore::Gradient::platformGradient):

2017-06-22  Youenn Fablet  <youenn@apple.com>

        Fix memory leak in LibWebRTCMediaEndpoint
        https://bugs.webkit.org/show_bug.cgi?id=173717

        Reviewed by Eric Carlson.

        No chnage of behavior.
        Making sure SessionDescription pointer get properly released.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::createSessionDescriptionSucceeded):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * testing/MockLibWebRTCPeerConnection.cpp: Allocating description.

2017-06-22  Daniel Bates  <dabates@apple.com>

        Make FrameLoadRequest a move-only type
        https://bugs.webkit.org/show_bug.cgi?id=173682

        Reviewed by Alex Christensen and Darin Adler.

        A FrameLoadRequest groups together the information to perform a load into a single object
        that is more manageable to pass around than its constituent parts. Code that receives a
        FrameLoadRequest is expected to extract out the information it needs to complete its task.
        And it does not make sense to re-use the same FrameLoadRequest object for more than one
        load. Therefore, it is sufficient to make FrameLoadRequest a move-only type.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate):
        * loader/FrameLoadRequest.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::changeLocation):
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURLIntoChildFrame):
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::createWindow):
        * loader/FrameLoader.h:
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::scheduleLocationChange):
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):
        * replay/UserInputBridge.cpp:
        (WebCore::UserInputBridge::loadRequest):
        * replay/UserInputBridge.h:

2017-06-22  Jer Noble  <jer.noble@apple.com>

        REGRESSION (r217223): [iOS] Video keeps playing after application is backgrounded
        https://bugs.webkit.org/show_bug.cgi?id=173727

        Reviewed by Eric Carlson.

        Only override media element visibility if it is in picture-in-picture mode (not fullscreen generally).

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::visibilityStateChanged):

2017-06-22  Joseph Pecoraro  <pecoraro@apple.com>

        Follow-up to r218662. Only log backtraces for DumpRenderTree.

        Rubber-stamped by Antoine Quint.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):

2017-06-22  Charlie Turner  <cturner@igalia.com>

        [GTK] Spreaker live shows won't play
        https://bugs.webkit.org/show_bug.cgi?id=173306

        Reviewed by Xabier Rodriguez-Calvar.

        This was due to removing the code that negotiated caps for Icecast
        streams based on the response headers in r191947. The problem is that
        the typefind element can sometimes squint hard enough and see an MP3
        stream and attempt to play it, resulting in garbled audio playback. More
        commonly typefind fails to recognize the Icecast stream and bails,
        resulting in no playback at all.

        r191947 also removed the emission of metadata into the pipeline. This
        patch also leaves that out since we have no use for it within WebKit.

        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (StreamingClient::handleResponseReceived):

2017-06-22  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218633.

        The test is failing frequently on Sierra Debug and Windows

        Reverted changeset:

        "AX: Cannot call setValue() on contenteditable or ARIA text
        controls"
        https://bugs.webkit.org/show_bug.cgi?id=173520
        http://trac.webkit.org/changeset/218633

2017-06-22  Romain Bellessort  <romain.bellessort@crf.canon.fr>

        [Readable Streams API] Implement ReadableStreamBYOBReader read()
        https://bugs.webkit.org/show_bug.cgi?id=172714

        Reviewed by Youenn Fablet.

        Implemented read() method of ReadableStreamBYOBReader [1]. Also added code related 
        to BYOB features that were previously described as FIXMEs and that now become reachable.

        In addition, WPT tests that involve read() have allowed to identify 2 bugs not directly 
        related to read() (172716 and 172717). They will be fixed distinctly. Once done, all WPT
        tests should pass.

        [1] https://streams.spec.whatwg.org/#byob-reader-read

        WPT tests (web-platform-tests/streams/readable-byte-streams/general.js) already cover
        most cases for read() usage. Corresponding expectations have been updated. In addition,
        1 test has been added to WebKit tests (in streams/readable-stream-byob-reader.js) to 
        check that read() can only be applied to a ReadableStreamBYOBReader.

        * Modules/streams/ReadableByteStreamInternals.js:
        (readableByteStreamControllerClearPendingPullIntos): Implemented.
        (readableByteStreamControllerEnqueue): Updated with support for BYOBReader.
        (readableByteStreamControllerPullInto): Added.
        (readableStreamAddReadIntoRequest): Added.
        * Modules/streams/ReadableStreamBYOBReader.js:
        (read): Added.

2017-06-22  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Prevent capturing at unconventional resolutions when using the SW encoder on Mac
        https://bugs.webkit.org/show_bug.cgi?id=172602
        <rdar://problem/32407693>

        Reviewed by Eric Carlson.

        Test: platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html

        Add internal API to switch on/off hardware H264 encoder.
        Add checks for standard size. If using a software encoder and frame size is not standard,
        the session is destroyed and no frame is sent at all.

        Added tests based on captureStream.
        Fixed the case of capturing a canvas which size is changing.

        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.h:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        (WebCore::H264VideoToolboxEncoder::setHardwareEncoderForWebRTCAllowed):
        (WebCore::H264VideoToolboxEncoder::hardwareEncoderForWebRTCAllowed):
        (WebCore::isUsingSoftwareEncoder):
        (WebCore::H264VideoToolboxEncoder::CreateCompressionSession):
        (isStandardFrameSize): Added.
        (isUsingSoftwareEncoder): Added.
        * testing/Internals.cpp:
        (WebCore::Internals::setH264HardwareEncoderAllowed):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-21  Youenn Fablet  <youenn@apple.com>

        [Fetch API] TypeError when called with body === {}
        https://bugs.webkit.org/show_bug.cgi?id=173295
        <rdar://problem/32746733>

        Reviewed by Sam Weinig.

        Test: fetch/body-init.html

        Handling body of Request and Response using binding generator to correctly handle unions.
        The biggest change is that any value that is not a specific type in the union will match a String.
        This is matching WebIDL spec and Firefox behavior.

        Handling of ReadableStream bodies remains in JS builtin for Response.
        This allows easier handling cloning and consumption of body.
        Adding setBodyAsReadableStream since this is no longer handled by extractBody.

        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::extract): Using Variant instead of JSC::JSValue.
        (WebCore::FetchBody::readableStreamBody): Introduced to handle the
        case of readable stream bodies.
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchBodyOwner.cpp:
        (WebCore::FetchBodyOwner::extractBody):
        * Modules/fetch/FetchBodyOwner.h:
        (WebCore::FetchBodyOwner::setBody):
        * Modules/fetch/FetchRequest.cpp:
        (WebCore::FetchRequest::setBody): Splitting setBody for ease of readability.
        (WebCore::FetchRequest::setBodyFromInputRequest):
        * Modules/fetch/FetchRequest.h:
        * Modules/fetch/FetchRequest.idl:
        * Modules/fetch/FetchRequest.js:
        (initializeFetchRequest):
        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::initializeWith):
        (WebCore::FetchResponse::setBodyAsReadableStream):
        * Modules/fetch/FetchResponse.h:
        * Modules/fetch/FetchResponse.idl:
        * Modules/fetch/FetchResponse.js:
        (initializeFetchResponse):
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2017-06-21  Simon Fraser  <simon.fraser@apple.com>

        Add z-index to compositing logging output
        https://bugs.webkit.org/show_bug.cgi?id=173684

        Reviewed by Zalan Bujtas.

        Show z-index, which is often useful to find negative z-index items.

        Log "+foreground" rather than "foreground" to indicate that this layer has an
        additional foreground/background layer, and fix spacing.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::logLayerInfo):

2017-06-21  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix Window Debug build after r218660.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):

2017-06-21  Andreas Kling  <akling@apple.com>

        Increase memory kill limits for WebContent processes that manage multiple tabs.
        https://bugs.webkit.org/show_bug.cgi?id=173674

        Reviewed by Geoffrey Garen.

        Plumb the non-utility Page count down to WTF::MemoryPressureHandler.

        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::~Page):

2017-06-21  Jiewen Tan  <jiewen_tan@apple.com>

        [WebCrypto] Restore ordering of CryptoAlgorithmIdentifier in SerializedScriptValue
        https://bugs.webkit.org/show_bug.cgi?id=173678
        <rdar://problem/32879314>

        Reviewed by Sam Weinig.

        r218030 reorders the ordering of CryptoAlgorithmIdentifier in SerializedScriptValue,
        which introduces backward compatibility issues with CryptoKey objects stored in the
        IndexedDB. Hence, we should restore it back.

        No tests.

        * bindings/js/SerializedScriptValue.cpp:

2017-06-21  Daniel Bates  <dabates@apple.com>

        Change FrameLoadRequest from a struct to a class

        FrameLoadRequest is underutilizing the purpose of a struct - default visibility of
        members is public, as FrameLoadRequest explicitly groups its members under public:
        or private: sections. Maybe in the future we can make FrameLoadRequest a struct
        with only public members. For now, we should consider FrameLoadRequest a class.

        * loader/FormSubmission.h:
        * loader/FrameLoadRequest.h:
        * loader/FrameLoader.h:
        * page/Chrome.h:
        * page/ChromeClient.h:
        * replay/UserInputBridge.h:

2017-06-21  Daewoong Jang  <daewoong.jang@navercorp.com>

        Compiler error while building with !HAVE(ACCESSIBILITY)
        https://bugs.webkit.org/show_bug.cgi?id=173670

        Reviewed by Chris Fleizach.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::getOrCreate):
        (WebCore::AXObjectCache::childrenChanged):

2017-06-21  Antoine Quint  <graouts@apple.com>

        Build fix.

        Reviewed by Tim "Mr. T" Horton.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):

2017-06-21  Antoine Quint  <graouts@apple.com>

        Ensure DRT always logs rAF suspension debugging code
        https://bugs.webkit.org/show_bug.cgi?id=173681

        Reviewed by Tim "Mr. T" Horton.

        Instead of using a setting to check whether we should log information related to rAF
        callbacks being suspended with WK1, we now check whether we're using in DRT to avoid
        any potential issue with settings being in the incorrect state when a test is run.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        * page/Settings.in:
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::MacApplication::isDumpRenderTree):

2017-06-21  Chris Dumez  <cdumez@apple.com>

        Allow constructing a WTF:Function from a function pointer
        https://bugs.webkit.org/show_bug.cgi?id=173660

        Reviewed by Alex Christensen.

        Construct WTF:Function directly from a function pointer when possible
        instead of constructing a lambda to do so.

        * Modules/encryptedmedia/InitDataRegistry.cpp:
        (WebCore::InitDataRegistry::InitDataRegistry):
        * page/Page.cpp:
        * page/mac/PageMac.mm:
        (WebCore::Page::platformInitialize):
        * platform/cf/MainThreadSharedTimerCF.cpp:
        (WebCore::setupPowerObserver):
        * platform/mac/WebCoreNSURLExtras.mm:
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        * workers/Worker.cpp:
        (WebCore::Worker::Worker):

2017-06-21  Antoine Quint  <graouts@apple.com>

        CSS text properties affect <video> shadow root
        https://bugs.webkit.org/show_bug.cgi?id=173664
        <rdar://problem/32904328>

        Reviewed by Dean Jackson.

        Ensure that we reset all inheritable styles back to their initial value for media shadow roots.

        Test: media/modern-media-controls/time-label/time-label-inherited-text-indent.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (.media-controls-container):

2017-06-20  Simon Fraser  <simon.fraser@apple.com>

        Remove WILL_REVEAL_EDGE_EVENTS code
        https://bugs.webkit.org/show_bug.cgi?id=173632

        Reviewed by Sam Weinig, Beth Dakin.

        Remove will-reveal-edge events, which never took off.

        * dom/Document.cpp:
        (WebCore::Document::clearScriptedAnimationController):
        (WebCore::Document::sendWillRevealEdgeEventsIfNeeded): Deleted.
        * dom/Document.h:
        * dom/GlobalEventHandlers.idl:
        * html/HTMLBodyElement.idl:
        * html/HTMLFrameSetElement.idl:
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2017-06-21  Daniel Bates  <dabates@apple.com>

        Cleanup FrameLoadRequest
        https://bugs.webkit.org/show_bug.cgi?id=173564
        <rdar://problem/32903570>

        Reviewed by Brent Fulgham.

        FrameLoadRequest has too many constructors. Use default values to reduce the number of
        constructors. Have FrameLoadRequest hold a Ref<SecurityOrigin> instead of a RefPtr<SecurityOrigin>
        as FrameLoadRequest must always hold a valid SecurityOrigin, the security origin of the
        document that initiated the request.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::openInNewTab): Explicitly pass the null-string for
        the target frame name as we do not have one. Use C++11 brace initialization syntax and ASCIILiteral().
        Rename local variable from request to frameLoadRequest to better describe its purpose. Fix up
        FIXME comment added in r105600 to better describe the issue we should fix as the code as
        changed since the FIXME was added.
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::navigate): No need to pass ShouldReplaceDocumentIfJavaScriptURL::ReplaceDocumentIfJavaScriptURL
        now that the FrameLoadRequests constructor uses this policy by default. Use C++11 brace
        initialization syntax and ASCIILiteral(). Rename local variable from frameRequest to frameLoadRequest
        to better describe its purpose.
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Use C++11 brace initialization syntax.
        * loader/FrameLoadRequest.h: Remove many constructor overloads. Changed m_requester from
        RefPtr<SecurityOrigin> to Ref<SecurityOrigin> as we can never be instantiated with a null
        SecurityOrigin. Moved m_shouldCheckNewWindowPolicy to be under ShouldOpenExternalURLsPolicy
        to reduce the size of the class by 8 bytes.
        * loader/FrameLoadRequest.h:
        (WebCore::FrameLoadRequest::FrameLoadRequest): Added copy constructor as we must use Ref::copyRef()
        to copy the Ref<SecurityOrigin>.
        (WebCore::FrameLoadRequest::requester): Return a const SecurityOrigin& instead of a const SecurityOrigin*.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected): Update now that the order of the ShouldReplaceDocumentIfJavaScriptURL
        and ShouldOpenExternalURLsPolicy arguments in the FrameLoadRequest constructor has changed.
        (WebCore::FrameLoader::loadURLIntoChildFrame): Ditto. Also use C++11 brace initialization syntax
        and ASCIILiteral().
        (WebCore::FrameLoader::loadFrameRequest): Update code now that FrameLoadRequest::requester() returns a
        SecurityOrigin& instead of a SecurityOrigin*. Use C++11 brace initialization syntax.
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::scheduleLocationChange): Use C++11 brace initialization syntax.
        Rename local variable from frameRequest to frameLoadRequest to better describe its purpose.
        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow):
        (WebCore::ContextMenuController::contextMenuItemSelected): ove FrameLoadRequest instantiation
        into a local variable and use C++11 brace initialization syntax to make it easier to identify
        the arguments passed to FrameLoader::loadFrameRequest().
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow): Update now that the order of the ShouldReplaceDocumentIfJavaScriptURL
        and ShouldOpenExternalURLsPolicy arguments in the FrameLoadRequest constructor has changed.
        Use C++11 brace initialization syntax and ASCIILiteral(). Rename some local variables to better
        describe their purpose.

2017-06-20  Simon Fraser  <simon.fraser@apple.com>

        svgPath.getTotalLength() freezes webkit
        https://bugs.webkit.org/show_bug.cgi?id=173566
        <rdar://problem/32866731>

        Reviewed by Dean Jackson.

        Ensure that curveLength() progresses by making split() return a bool indicating
        whether either of the resulting curves are the same as the original. This can happen
        when midPoint() on two close points returns a point that is the same as one of the
        arguments because of floating-point precision limitations.

        Test: svg/custom/path-getTotalLength-hang.html

        * platform/graphics/PathTraversalState.cpp:
        (WebCore::QuadraticBezier::operator ==):
        (WebCore::QuadraticBezier::split):
        (WebCore::CubicBezier::operator ==):
        (WebCore::CubicBezier::split):
        (WebCore::curveLength):

2017-06-21  Youenn Fablet  <youenn@apple.com>

        Fix AVVideoCaptureSource frameRate setter and getter
        https://bugs.webkit.org/show_bug.cgi?id=173637

        Reviewed by Eric Carlson.

        Covered by manual testing.

        Using activeVideoMaxFrameDuration to get the frame rate.
        Setting the frame rate according the given vale if in the allowed range.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::updateSettings):
        (WebCore::AVVideoCaptureSource::applyFrameRate):
        (WebCore::AVVideoCaptureSource::applySizeAndFrameRate):
        (WebCore::AVVideoCaptureSource::shutdownCaptureSession):
        (WebCore::AVVideoCaptureSource::processNewFrame):
        (WebCore::AVVideoCaptureSource::updateFramerate): Deleted.

2017-06-21  Youenn Fablet  <youenn@apple.com>

        Refresh libwebrtc code up to a87675d4a160e2c49c3e754cd9ca291d6c8f36ae
        https://bugs.webkit.org/show_bug.cgi?id=173602

        Reviewed by Eric Carlson.

        No feature change.

        Updated according small libwebrtc API changes.

        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::configurationFromMediaEndpointConfiguration):
        * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
        (WebCore::RealtimeIncomingVideoSource::pixelBufferFromVideoFrame):
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::sendBlackFramesIfNeeded):
        (WebCore::RealtimeOutgoingVideoSource::videoSampleAvailable):

2017-06-21  Sam Weinig  <sam@webkit.org>

        Add support for structured serialization of CSS Geometry types
        https://bugs.webkit.org/show_bug.cgi?id=173631

        Reviewed by Simon Fraser.

        Tests: imported/w3c/web-platform-tests/css/geometry-1/structured-serialization.html

        Adds support for serializing the new geometry types as specified by:
        https://drafts.fxtf.org/geometry-1/#structured-serialization

        * WebCore.xcodeproj/project.pbxproj:
        Move a few custom bindings into the "GC / Wrapping Only" since they have no more custom operations or attributes.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpDOMPoint):
        (WebCore::CloneSerializer::dumpDOMRect):
        (WebCore::CloneSerializer::dumpDOMMatrix):
        (WebCore::CloneSerializer::dumpDOMQuad):
        (WebCore::CloneSerializer::dumpIfTerminal):
        (WebCore::CloneDeserializer::getJSValue):
        (WebCore::CloneDeserializer::readDOMPoint):
        (WebCore::CloneDeserializer::readDOMMatrix):
        (WebCore::CloneDeserializer::readDOMRect):
        (WebCore::CloneDeserializer::readDOMPointInit):
        (WebCore::CloneDeserializer::readDOMQuad):
        (WebCore::CloneDeserializer::readTerminal):
        Add serialization/deserialization of the geometry types.

        * css/DOMMatrix.cpp:
        (WebCore::DOMMatrix::DOMMatrix):
        * css/DOMMatrix.h:
        (WebCore::DOMMatrix::create):
        * css/DOMMatrixReadOnly.cpp:
        (WebCore::DOMMatrixReadOnly::DOMMatrixReadOnly):
        * css/DOMMatrixReadOnly.h:
        (WebCore::DOMMatrixReadOnly::create):
        Add create functions and constructors that take a TransformationMatrix by r-value reference
        so they can be moved into the DOM type.

2017-06-21  Andreas Kling  <akling@apple.com>

        [iOS] Ensure that GraphicsServices is initialized before calling GSFontPurgeFontCache().
        https://bugs.webkit.org/show_bug.cgi?id=173616
        <rdar://problem/30780050>

        Reviewed by Chris Dumez.

        Fix for crash in GSFontPurgeFontCache() seen in apps embedding WebKit.
        Ensure GSFontInitialize() has been called first, since the former depends on state
        set up by this function.

        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        * platform/spi/ios/GraphicsServicesSPI.h:

2017-06-21  Antoine Quint  <graouts@apple.com>

        Add logging to identify when the Page suspends scripted animations
        https://bugs.webkit.org/show_bug.cgi?id=173626

        Reviewed by Tim Horton.

        We have a longstanding issue that some media/modern-media-controls tests time out due to
        requestAnimationFrame callbacks not being serviced, which is tracked by webkit.org/b/173628.
        We added some logging to identify when ScriptedAnimationController would get suspended in
        webkit.org/b/173326. This logging points to the fact that the reason rAF callbacks aren't
        serviced is because Document::requestAnimationFrame() suspends rAF when the page reports
        that scripted animations ought to be suspended, which is true when m_scriptedAnimationsSuspended
        is true. This patch adds logging that tracks when this flag is set, provided a new setting
        shouldLogScriptedAnimationControllerSuspensionChange is true.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Page.cpp:
        (WebCore::Page::suspendScriptedAnimations):
        (WebCore::Page::resumeScriptedAnimations):
        * page/Settings.in:

2017-06-21  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Extract CurlDownloadManager as shared background task handler
        https://bugs.webkit.org/show_bug.cgi?id=173557

        Curl resource handling should be shared by other part of Curl
        network stack. CurlDownloadManager is extracted as stand alone
        CurlManager singleton class to be ready for others
        (i.e. ResourceHandle).

        Reviewed by Alex Christensen.

        * PlatformWinCairo.cmake:
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::setCookiesFromDOM):
        (WebCore::cookiesForSession):
        * platform/network/curl/CurlDownload.cpp:
        (WebCore::CurlDownload::init):
        (WebCore::CurlDownload::start):
        (WebCore::CurlDownload::cancel):
        (WebCore::CurlDownload::didReceiveHeader):
        (WebCore::CurlDownload::handleCurlMsg):
        (WebCore::CurlDownloadManager::CurlDownloadManager): Deleted.
        (WebCore::CurlDownloadManager::~CurlDownloadManager): Deleted.
        (WebCore::CurlDownloadManager::add): Deleted.
        (WebCore::CurlDownloadManager::remove): Deleted.
        (WebCore::CurlDownloadManager::getActiveDownloadCount): Deleted.
        (WebCore::CurlDownloadManager::getPendingDownloadCount): Deleted.
        (WebCore::CurlDownloadManager::startThreadIfNeeded): Deleted.
        (WebCore::CurlDownloadManager::stopThread): Deleted.
        (WebCore::CurlDownloadManager::stopThreadIfIdle): Deleted.
        (WebCore::CurlDownloadManager::updateHandleList): Deleted.
        (WebCore::CurlDownloadManager::addToCurl): Deleted.
        (WebCore::CurlDownloadManager::removeFromCurl): Deleted.
        (WebCore::CurlDownloadManager::downloadThread): Deleted.
        * platform/network/curl/CurlDownload.h:
        (WebCore::CurlDownloadManager::getMultiHandle): Deleted.
        (WebCore::CurlDownloadManager::runThread): Deleted.
        (WebCore::CurlDownloadManager::setRunThread): Deleted.
        * platform/network/curl/CurlManager.cpp: Added.
        (WebCore::CurlManager::CurlManager):
        (WebCore::CurlManager::~CurlManager):
        (WebCore::CurlManager::add):
        (WebCore::CurlManager::remove):
        (WebCore::CurlManager::getActiveCount):
        (WebCore::CurlManager::getPendingCount):
        (WebCore::CurlManager::startThreadIfNeeded):
        (WebCore::CurlManager::stopThread):
        (WebCore::CurlManager::stopThreadIfIdle):
        (WebCore::CurlManager::updateHandleList):
        (WebCore::CurlManager::addToCurl):
        (WebCore::CurlManager::removeFromCurl):
        (WebCore::CurlManager::workerThread):
        (WebCore::CurlUtils::getEffectiveURL):
        (WebCore::CurlSharedResources::mutexFor):
        (WebCore::CurlSharedResources::lock):
        (WebCore::CurlSharedResources::unlock):
        * platform/network/curl/CurlManager.h: Added.
        (WebCore::CurlManager::singleton):
        (WebCore::CurlManager::getCurlShareHandle):
        (WebCore::CurlManager::getMultiHandle):
        (WebCore::CurlManager::runThread):
        (WebCore::CurlManager::setRunThread):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::ResourceHandleManager):
        (WebCore::ResourceHandleManager::~ResourceHandleManager):
        (WebCore::handleLocalReceiveResponse):
        (WebCore::getProtectionSpace):
        (WebCore::headerCallback):
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::getCurlEffectiveURL): Deleted.
        (WebCore::sharedResourceMutex): Deleted.
        (WebCore::curl_lock_callback): Deleted.
        (WebCore::curl_unlock_callback): Deleted.
        (WebCore::ResourceHandleManager::getCurlShareHandle): Deleted.
        * platform/network/curl/ResourceHandleManager.h:

2017-06-21  Jeremy Jones  <jeremyj@apple.com>

        Include audio/vnd.wave as a valid mime-type for wav files.
        https://bugs.webkit.org/show_bug.cgi?id=173635
        rdar://problem/32656568

        Reviewed by Eric Carlson.

        audio/vnd.wave is a valid mime-type for wav files per https://tools.ietf.org/html/rfc2361

        Updated test and test results:
        LayoutTests/media/media-can-play-wav-audio.html

        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes):
        (WebCore::mimeTypeAssociationMap):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::staticMIMETypeList):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::mimeTypeSet):

2017-06-21  Chris Fleizach  <cfleizach@apple.com>

        AX: Cannot call setValue() on contenteditable or ARIA text controls
        https://bugs.webkit.org/show_bug.cgi?id=173520

        Reviewed by Ryosuke Niwa.

        Add support for changing the value of a contenteditable and any other aria text control in setValue().
 
        Test: accessibility/set-value-editable-types.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::setValue):

2017-06-20  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] Implement CryptoKeyEC SPKI imports
        https://bugs.webkit.org/show_bug.cgi?id=172927

        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.

        No new tests -- affected tests are now passing and are unskipped.

        Implement libgcrypt-based support for SPKI imports of EC keys.

        Using libtasn1 through the utility functions and wrappers, the given key data
        is decoded against the SubjectPublicKeyInfo ASN.1 definition. The algorithm
        member is then properly validated, making sure that the key algorithm idenfitier
        is supported and that the algorithm parameters specify the correct EC curve.

        The public key bit string is then retrieved and validated, ensuring it represents
        an uncompressed EC point that is of valid size for the specified EC curve. The
        point is then tested through an EC context to make sure it's positioned on the
        specified EC curve.

        Finally, the curve name and uncompressed point data are embedded into a
        `public-key` s-expression that will be used through the libgcrypt API. This is
        then used, along with other information, to create a valid CryptoKeyEC object.

        * PlatformGTK.cmake: Use LIBTASN1_INCLUDE_DIRECTORIES and LIBTASN1_LIBRARIES.
        * PlatformWPE.cmake: Ditto.
        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
        (WebCore::supportedAlgorithmIdentifier):
        (WebCore::curveForIdentifier):
        (WebCore::CryptoKeyEC::platformImportSpki):

2017-06-20  Devin Rousso  <drousso@apple.com>

        WebGPU contexts should have a back reference to the canvas element
        https://bugs.webkit.org/show_bug.cgi?id=173633

        Reviewed by Jon Lee.

        No tests added, as this is already implemented within other canvas types.

        * html/canvas/WebGPURenderingContext.idl:

2017-06-20  Youenn Fablet  <youenn@apple.com>

        WebAudioSourceProvider should be thread safe ref counted
        https://bugs.webkit.org/show_bug.cgi?id=173623

        Reviewed by Eric Carlson.

        No observable change of behavior.

        * platform/mediastream/WebAudioSourceProvider.h:

2017-06-20  Yoav Weiss  <yoav@yoav.ws>

        [preload] Turn on preload's feature flag by default.
        https://bugs.webkit.org/show_bug.cgi?id=173139

        Reviewed by Youenn Fablet.

        Turn on the runtime enabled feature flag for link preload by default.

        No new tests as this just turns on a feature that was already on-by-default for tests.

        * page/RuntimeEnabledFeatures.h:

2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        Disable font variations on macOS Sierra and iOS 10
        https://bugs.webkit.org/show_bug.cgi?id=173618
        <rdar://problem/32879164>

        Reviewed by Jon Lee.

        On macOS Sierra and iOS 10, there are some platform problems involved with font variations. They
        were previously enabled on those OSes just as a preview development tool. These platform bugs have
        been fixed in macOS High Sierra and iOS 11, so we should align our feature flags with the eventual
        configurations.

        * Configurations/FeatureDefines.xcconfig:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::defaultVariationValues):
        (WebCore::preparePlatformFont):

2017-06-20  Devin Rousso  <drousso@apple.com>

        Web Inspector: Send context attributes for tracked canvases
        https://bugs.webkit.org/show_bug.cgi?id=173327

        Reviewed by Joseph Pecoraro.

        Test: inspector/canvas/context-attributes.html

        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):

2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] The system Japanese font cannot be italicized
        https://bugs.webkit.org/show_bug.cgi?id=173300
        <rdar://problem/31805407>

        Reviewed by Ryosuke Niwa.

        Items in the system font cascade list may lie about whether or not they support italics.
        In order to get the truth, we need to use the physical font underlying the font in question,
        because this one won't lie. Then, we can interrogate this physical font about its traits
        in order to synthesize italics correctly.

        Test: fast/text/system-font-japanese-synthetic-italic.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):

2017-06-20  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in more places in WebCore/
        https://bugs.webkit.org/show_bug.cgi?id=173583

        Reviewed by Darin Adler.

        Use WTF::Function instead of std::function in more places in WebCore/ to
        reduce copying.

        * page/Page.cpp:
        * platform/HysteresisActivity.h:
        (WebCore::HysteresisActivity::HysteresisActivity):
        * platform/Logging.cpp:
        (WebCore::registerNotifyCallback):
        * platform/Logging.h:
        * platform/MainThreadSharedTimer.cpp:
        (WebCore::MainThreadSharedTimer::setFiredFunction):
        * platform/MainThreadSharedTimer.h:
        * platform/PlatformPasteboard.h:
        * platform/ScopeGuard.h:
        (WebCore::ScopeGuard::ScopeGuard):
        (WebCore::ScopeGuard::enable):
        * platform/ScrollAnimationSmooth.cpp:
        (WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
        * platform/ScrollAnimationSmooth.h:
        * platform/SharedTimer.h:
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::currentSessionsMatching):
        * platform/audio/PlatformMediaSessionManager.h:
        * platform/cf/MainThreadSharedTimerCF.cpp:
        (WebCore::setupPowerObserver):
        * platform/cf/RunLoopObserver.h:
        (WebCore::RunLoopObserver::RunLoopObserver):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::traverse):
        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::addMediaEngine):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/Path.h:
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::seekCompleted):
        (WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):
        (WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification):
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::Notification):
        (WebCore::MediaPlayerPrivateAVFoundation::Notification::function):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::runWithoutAnimations):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (WebCore::IOSurface::convertToFormat):
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        * platform/graphics/gstreamer/MediaPlayerRequestInstallMissingPluginsCallback.h:
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::create):
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::MediaPlayerRequestInstallMissingPluginsCallback):
        * platform/graphics/win/GraphicsContextDirect2D.cpp:
        (WebCore::GraphicsContext::drawWithoutShadow):
        (WebCore::GraphicsContext::drawWithShadow):
        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::ClipboardSetData::ClipboardSetData):
        (WebCore::PasteboardHelper::writeClipboardContents):
        * platform/gtk/PasteboardHelper.h:
        * platform/gtk/PlatformPasteboardGtk.cpp:
        (WebCore::PlatformPasteboard::writeToClipboard):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::preparedToReturnToInline):
        (WebVideoFullscreenInterfaceAVKit::fullscreenMayReturnToInline):
        * platform/mac/PowerObserverMac.cpp:
        (WebCore::PowerObserver::PowerObserver):
        * platform/mac/PowerObserverMac.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isSecondLevelDomainNameAllowedByTLDRules):
        * platform/mediastream/CaptureDeviceManager.cpp:
        (CaptureDeviceManager::addCaptureDeviceChangedObserver):
        * platform/mediastream/CaptureDeviceManager.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::scheduleDeferredTask):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/ios/AVAudioSessionCaptureDeviceManager.mm:
        (-[WebAVAudioSessionAvailableInputsListener initWithCallback:]):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:
        * platform/mock/ScrollAnimatorMock.cpp:
        (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
        * platform/mock/ScrollAnimatorMock.h:
        * platform/network/CookieStorage.h:
        * platform/network/NetworkStateNotifier.cpp:
        (WebCore::NetworkStateNotifier::addNetworkStateChangeListener):
        * platform/network/NetworkStateNotifier.h:
        * platform/network/NetworkStorageSession.cpp:
        (WebCore::NetworkStorageSession::forEach):
        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/CookieStorageCFNet.cpp:
        (WebCore::cookieChangeCallbackMap):
        (WebCore::startObservingCookieChanges):
        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::callOnMainThreadAndWait):
        * platform/network/mac/CookieStorageMac.mm:
        (-[WebCookieStorageObjCAdapter startListeningForCookieChangeNotificationsWithCallback:]):
        (WebCore::startObservingCookieChanges):
        * platform/network/soup/CookieStorageSoup.cpp:
        (WebCore::startObservingCookieChanges):
        * platform/network/soup/SoupNetworkSession.cpp:
        (WebCore::SoupNetworkSession::checkTLSErrors):
        * platform/network/soup/SoupNetworkSession.h:
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::destroyCollationFunction):
        (WebCore::callCollationFunction):
        (WebCore::SQLiteDatabase::setCollationFunction):
        * platform/sql/SQLiteDatabase.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::traverseVisibleNonCompositedDescendantLayers):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::paintItem):
        * rendering/RenderListBox.h:
        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::InlineIteratorHistory::push):
        (WebCore::BreakingContext::InlineIteratorHistory::update):
        * workers/Worker.cpp:
        (WebCore::Worker::Worker):
        * workers/WorkerRunLoop.cpp:

2017-06-20  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r218524.

        This change broke internal builds.

        Reverted changeset:

        "[Cocoa] The system Japanese font cannot be italicized"
        https://bugs.webkit.org/show_bug.cgi?id=173300
        http://trac.webkit.org/changeset/218524

2017-06-20  Daniel Bates  <dabates@apple.com>

        Have FrameLoadRequest takes a Frame& instead of a Frame*
        https://bugs.webkit.org/show_bug.cgi?id=173614
        <rdar://problem/32884890>

        Reviewed by Brent Fulgham.

        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::handleProvisionalLoadFailure):
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h:
        * page/DragController.cpp:
        (WebCore::DragController::performDragOperation):

2017-06-20  Daniel Bates  <dabates@apple.com>

        Skip Content Security Policy check for a media request using standard schemes initiated from
        an element in user agent shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=155505
        <rdar://problem/25169452>

        Reviewed by Brent Fulgham.

        This change makes the following tests pass on iOS 11:
            http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
            http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-audio.html

        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::requestResource):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading):

2017-06-20  Andreas Kling  <akling@apple.com>

        Remove no-op calls to purge SQLite caches on memory pressure.
        <https://webkit.org/b/173604>

        Reviewed by Chris Dumez.

        The implementation of _sqlite3_purgeEligiblePagerCacheMemory() is empty
        since a few releases ago, so there's no point in calling it.

        * page/MemoryRelease.cpp:
        (WebCore::registerMemoryReleaseNotifyCallbacks):
        (WebCore::registerSQLiteMemoryPressureHandler): Deleted.
        * page/MemoryRelease.h:
        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):
        (WebCore::registerSQLiteMemoryPressureHandler): Deleted.
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::initializeSQLiteIfNecessary):

2017-06-20  Devin Rousso  <drousso@apple.com>

        Web Inspector: add console messages for WebGL shader compile and program link errors/warnings
        https://bugs.webkit.org/show_bug.cgi?id=143236
        <rdar://problem/20352149>

        Reviewed by Dean Jackson.

        Test: fast/canvas/webgl/shader-compile-logging.html

        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::checkFramebufferStatus):
        (WebCore::WebGLRenderingContextBase::compileShader):
        (WebCore::WebGLRenderingContextBase::recycleContext):
        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness):
        (WebCore::WebGLRenderingContextBase::printToConsole):
        (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
        (WebCore::WebGLRenderingContextBase::synthesizeGLError):
        (WebCore::WebGLRenderingContextBase::printGLErrorToConsole): Deleted.
        (WebCore::WebGLRenderingContextBase::printWarningToConsole): Deleted.
        (WebCore::WebGLRenderingContextBase::printGLWarningToConsole): Deleted.
        Unify console logging helper functions to all follow the same path. Additionally, errors
        now generate stack traces. Shader compilation errors are now logged as well.

        * dom/Document.h:
        * dom/Document.cpp:
        (WebCore::Document::addConsoleMessage):
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::AddConsoleMessageTask::AddConsoleMessageTask):
        * page/PageConsoleClient.h:
        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::addMessage):
        * workers/WorkerGlobalScope.h:
        Add new path for logging to the console that accepts a ConsoleMessage.

2017-06-20  Saam Barati  <sbarati@apple.com>

        Unreviewed. Try to fix the build after r218594.

        * dom/Document.h:

2017-06-20  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218530.

        This revision caused multiple media stream test crashes on
        Debug builds.

        Reverted changeset:

        "Merge MediaDevicesRequest and MediaDevicesEnumerationRequest
        to tighten up code and object lifetime"
        https://bugs.webkit.org/show_bug.cgi?id=173527
        http://trac.webkit.org/changeset/218530

2017-06-19  Antoine Quint  <graouts@apple.com>

        Media document experience with long-loading files is poor
        https://bugs.webkit.org/show_bug.cgi?id=173575
        <rdar://problem/32178119>

        Reviewed by Dean Jackson.

        In order to avoid showing media controls at a different size than that of the video when we've
        received enough information to determine whether it's audio or video and what the video frame size
        is, we do not show any UI until we have enough information to show the controls in their correct
        initial state. This works well with local files and fast-loading files, but does not work well with
        invalid files, which never load and fail to ever show any UI, and files that load slowly where there
        is no visible feedback that content will be visible.

        Instead, we now default to showing audio controls in their loading state, which provides a seamless
        transition if we will be loading an audio file since the controls are initially in the correct state,
        and at least provide feedback that data is loading even if we eventually transition to a video layout.

        Additionally, we remove the invalid placard background in case the media is invalid, showing only the
        crossed-out play icon in the center of the page in that state.

        Tests: media/modern-media-controls/media-documents/media-document-invalid.html
               media/modern-media-controls/media-documents/media-document-video-with-initial-audio-layout.html

        * Modules/modern-media-controls/controls/media-document.css:
        (:host(.media-document)): Remove "visibility: hidden" since we want the media controls to be visible
        at all times.
        (:host(.media-document.audio)): Add a little padding on the x-axis to ensure audio controls never snap
        directly to the edges of the window.
        (:host(.media-document.audio.iphone)): Remove the iPhone-specific styling since we moved it to the
        general case.
        (:host(.media-document.video.invalid) .placard): Remove the background from the invalid placard when
        showing invalid media.
        (:host(.media-document.ready)): Deleted.
        * Modules/modern-media-controls/media/audio-support.js:
        (AudioSupport.prototype.syncControl): Make sure we invalidate the media document layout when a media
        document's media type changes.
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController): Instantiate the controls prior to creating the MediaDocumentController since the
        MediaDocumentController will need to access the controls.
        * Modules/modern-media-controls/media/media-document-controller.js:
        (MediaDocumentController): Set the default layout for media controls for a media document to be audio
        and in the waiting state.
        (MediaDocumentController.prototype.layout): Toggle the "invalid", "audio" and "video" CSS classes for
        the next possible commit to the DOM, provided we have established the media document's media type.
        (MediaDocumentController.prototype.handleEvent): Deal with the "play" and "error" events to trigger
        a layout.
        (MediaDocumentController.prototype._mediaDocumentHasMetadata): Deleted.
        (MediaDocumentController.prototype._mediaDocumentHasSize): Deleted.

2017-06-20  Daniel Bates  <dabates@apple.com>

        NavigationAction has too many constructors
        https://bugs.webkit.org/show_bug.cgi?id=173484

        Reviewed by Brady Eidson.

        A NavigationAction object is an immutable object that represents the details of a
        navigation, including the type of a navigation (e.g. link click), what triggered
        the navigation, and the external URL policy to use for the navigation. Over time
        the number of NavigationAction constructor overloads (not including copy/move
        constructors) has grown to 12 to support different combinations of details.
        We can use default values to reduce the number of constructors to 2 (not including
        copy/move constructors).

        No behavior changed. So, no new tests.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Pass NavigationType::Other when
        instantiating NavigationAction.
        (WebCore::FrameLoader::loadDifferentDocumentItem): Fix order of arguments now that
        the constructor overload that takes a NavigationType takes the Event* as the fourth argument,
        not the third. Also, use C++11 brace initialization syntax when instantiating a NavigationAction.
        (WebCore::createWindow):
        * loader/NavigationAction.cpp: Remove unnecessary #include of header ScriptController.h.
        Include header Event.h.
        (WebCore::NavigationAction::NavigationAction):
        * loader/NavigationAction.h: Forward declare class Event and remove #include of header Event.h.
        Make copy constructor, copy assignment operator, move constructor, and move assignment operator
        out-of-line to avoid the need to include header Event.h. Export the copy constructor so that it
        can be used from WebKit on the Apple Windows port. Move ShouldOpenExternalURLsPolicy to be after
        NavigationType to reduce the size of the class by 8 bytes.
        (WebCore::NavigationAction::NavigationAction):
        * loader/PolicyChecker.cpp: Include header Event.h.
        * page/Performance.cpp: Ditto.
        * replay/ReplayController.cpp: Ditto.

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Rename OrientationNotifer.h to OrientationNotifier.h
        https://bugs.webkit.org/show_bug.cgi?id=173600

        Reviewed by Youenn Fablet.

        No new tests needed.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.h:
        * platform/OrientationNotifier.h: Renamed from Source/WebCore/platform/OrientationNotifer.h.
        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/MockRealtimeVideoSourceMac.h:
        * testing/Internals.h:

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WTF
        https://bugs.webkit.org/show_bug.cgi?id=173553

        Reviewed by Saam Barati.

        No new tests needed.

        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
        Added missing include directive.

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WebCore/dom
        https://bugs.webkit.org/show_bug.cgi?id=173591

        Reviewed by Darin Adler.

        No new tests needed.

        * bindings/js/JSCustomElementRegistryCustom.cpp:
        * dom/Attr.h:
        * dom/ChildListMutationScope.h:
        * dom/ContainerNodeAlgorithms.cpp:
        * dom/ContainerNodeAlgorithms.h:
        * dom/CustomElementRegistry.h:
        * dom/DOMRect.h:
        * dom/DocumentMarkerController.h:
        * dom/ElementIteratorAssertions.h:
        * dom/ElementRareData.h:
        * dom/EventContext.h:
        * dom/EventDispatcher.h:
        * dom/ExtensionStyleSheets.h:
        * dom/GenericEventQueue.h:
        * dom/LiveNodeList.h:
        * dom/LoadableClassicScript.h:
        * dom/LoadableScript.h:
        * dom/MutationCallback.h:
        * dom/NativeNodeFilter.h:
        * dom/NodeRareData.h:
        * dom/PromiseRejectionEvent.h:
        * dom/PseudoElement.h:
        * dom/Range.h:
        * dom/RegisteredEventListener.h:
        * dom/RejectedPromiseTracker.cpp:
        * dom/ScopedEventQueue.h:
        * dom/ScriptElement.h:
        * dom/ScriptExecutionContext.h:
        * dom/ScriptedAnimationController.cpp:
        * dom/ScriptedAnimationController.h:
        * dom/SelectorQuery.h:
        * dom/StaticNodeList.h:
        * dom/StaticRange.h:
        * dom/default/PlatformMessagePortChannel.h:
        * testing/Internals.cpp:
        * workers/WorkerGlobalScope.h:

2017-06-20  Konstantin Tokarev  <annulen@yandex.ru>

        Remove excessive include directives from WebCore/css
        https://bugs.webkit.org/show_bug.cgi?id=173554

        Reviewed by Alex Christensen.

        No new tests needed.

        * css/CSSComputedStyleDeclaration.h:
        * css/CSSContentDistributionValue.h:
        * css/CSSCursorImageValue.h:
        * css/CSSFilterImageValue.h:
        * css/CSSFontFace.h:
        * css/CSSFontFeatureValue.h:
        * css/CSSFontStyleRangeValue.h:
        * css/CSSFontVariationValue.h:
        * css/CSSImageGeneratorValue.h:
        * css/CSSImageSetValue.h:
        * css/CSSInheritedValue.h:
        * css/CSSInitialValue.h:
        * css/CSSKeyframeRule.cpp:
        * css/CSSKeyframeRule.h:
        * css/CSSLineBoxContainValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSPrimitiveValueMappings.h:
        * css/CSSPropertySourceData.h:
        * css/CSSReflectValue.h:
        * css/CSSRevertValue.h:
        * css/CSSSelector.h:
        * css/CSSStyleSheet.h:
        * css/CSSToLengthConversionData.h:
        * css/CSSUnsetValue.h:
        * css/CSSValue.h:
        * css/CSSValuePool.h:
        * css/CSSVariableData.h:
        * css/DeprecatedCSSOMCounter.h:
        * css/DeprecatedCSSOMRGBColor.h:
        * css/DeprecatedCSSOMRect.h:
        * css/DeprecatedCSSOMValue.h:
        * css/RuleSet.h:
        * css/SelectorChecker.h:
        * css/StyleBuilderConverter.h:
        * css/StyleBuilderCustom.h:
        * css/StyleProperties.h:
        * css/StyleResolver.cpp:
        * css/StyleResolver.h:
        * css/StyleSheet.h:
        * css/StyleSheetContents.h:
        * css/ViewportStyleResolver.h:
        * css/parser/CSSDeferredParser.h:
        * css/parser/CSSParserIdioms.h:
        * css/parser/CSSParserImpl.cpp:
        * css/parser/CSSParserImpl.h:
        * css/parser/CSSParserObserver.h:
        * css/parser/CSSParserSelector.h:
        * css/parser/CSSPropertyParserHelpers.h:
        * css/parser/MediaQueryParser.cpp:
        * css/parser/MediaQueryParser.h:
        * css/parser/SizesAttributeParser.cpp:
        * css/parser/SizesAttributeParser.h:
        * html/BaseCheckableInputType.cpp:
        * html/MediaController.cpp:
        * html/track/TextTrack.cpp:
        * html/track/TextTrackCue.cpp:
        * html/track/VideoTrack.cpp:
        * loader/TextTrackLoader.cpp:

2017-06-20  Miguel Gomez  <magomez@igalia.com>

        [GTK] Layout Test fast/canvas/webgl/tex-image-and-sub-image-2d-with-video.html makes the subsequent test case flaky crash.
        https://bugs.webkit.org/show_bug.cgi?id=173459

        Reviewed by Carlos Garcia Campos.

        When destructing the VideoTextureCopierGStreamer, ensure that there's a previous gl context before trying
        to make it current again. There are situations where no previous context may exist, which can trigger a crash.
        Also, add DefaultImageOrientation to the switch that handles the video frame possible orientations, as it's the
        value used when no rotation needs to be performed, and it's currently triggering an assertion.

        Covered by existent tests.

        * platform/graphics/gstreamer/VideoTextureCopierGStreamer.cpp:
        (WebCore::VideoTextureCopierGStreamer::~VideoTextureCopierGStreamer):
        (WebCore::VideoTextureCopierGStreamer::updateTextureSpaceMatrix):

2017-06-19  Devin Rousso  <drousso@apple.com>

        Web Inspector: create canvas content view and details sidebar panel
        https://bugs.webkit.org/show_bug.cgi?id=138941
        <rdar://problem/19051672>

        Reviewed by Joseph Pecoraro.

        Tests: inspector/canvas/requestContent.html
               inspector/canvas/requestNode.html

        * inspector/InspectorCanvasAgent.h:
        * inspector/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::requestNode):
        Gets the node id of the backing canvas element.

        (WebCore::InspectorCanvasAgent::requestContent):
        Gets the current image content of the canvas.

        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        Minor fixes from r218376 <https://webkit.org/b/172623>.

        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        Optionally send the `nodeId` of the backing canvas element if it is available.

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):

2017-06-19  Frederic Wang  <fwang@igalia.com>

        [iOS] Always include frames in the scrolling tree when async frame scrolling is enabled
        https://bugs.webkit.org/show_bug.cgi?id=173405

        Reviewed by Simon Fraser.

        Currently "async frame scrolling" is ignored on iOS. This commit changes that behavior to
        align on macOS and is a preliminary step to implement iframe scrolling on iOS (bug 149264).

        Test: compositing/iframes/compositing-for-scrollable-iframe.html
              fast/scrolling/scrolling-tree-includes-frame.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame): Do not require
        compositing when "async frame scrolling" is enabled on iOS.

2017-06-19  Frederic Wang  <fwang@igalia.com>

        [Mac] Add an experimental feature setting for async frame scrolling
        https://bugs.webkit.org/show_bug.cgi?id=173359

        Reviewed by Simon Fraser.

        The necessary work to use compositing for frames and include them in the scrolling tree on
        macOS was performed in r217726 and r217730. ScrollingTreeIncludesFrames was used to
        determine when this behavior should be enabled. However, this does not work well on iOS where
        ScrollingTreeIncludesFrames defaults to true and really means "include the frames in the
        scrolling tree when necessary". Hence we instead introduce a new "async frame scrolling"
        switch to enable the behavior on macOS, which will also be used in a follow-up commit on iOS.
        This new setting is also made an "experimental feature", so that it will be more convenient
        for developer to try it.

        Test: compositing/iframes/compositing-for-scrollable-iframe.html
              fast/scrolling/scrolling-tree-includes-frame.html

        * page/Settings.in: Declare new setting for async frame scrolling.
        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::coordinatesScrollingForFrameView): Also include frames in
        scrolling tree when async frame scrolling is enabled.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForScrollableFrame): Rely on async frame
        scrolling to decide when compositing is needed.

2017-06-19  Zalan Bujtas  <zalan@apple.com>

        AX: Remove redundant AXObjectCache::textChanged(RenderObject*).
        https://bugs.webkit.org/show_bug.cgi?id=173579
        <rdar://problem/32865367>

        Reviewed by Antti Koivisto.

        All calls go through textChanged(Node*) method.

        * accessibility/AXObjectCache.cpp:
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::getOrCreate):

2017-06-19  Darin Adler  <darin@apple.com>

        Merge MediaDevicesRequest and MediaDevicesEnumerationRequest to tighten up code and object lifetime
        https://bugs.webkit.org/show_bug.cgi?id=173527

        Reviewed by Sam Weinig.

        * CMakeLists.txt: Removed MediaDevicesRequest.cpp.

        * Modules/mediastream/MediaDeviceInfo.cpp:
        (WebCore::MediaDeviceInfo::MediaDeviceInfo): Removed unneeded ScriptExecutionContext.
        (WebCore::MediaDeviceInfo::create): Ditto.
        * Modules/mediastream/MediaDeviceInfo.h: Removed unnecessary derivation from
        ContextDestructionObserver and ScriptExecutionContext arguments. Also removed
        unused MediaDeviceInfoVector typedef.
        * Modules/mediastream/MediaDeviceInfo.idl: Added ImplementationLacksVTable.

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::enumerateDevices): Call MediaDevicesEnumerationRequest
        directly here instead of going through MediaDevicesRequest.

        * Modules/mediastream/MediaDevicesEnumerationRequest.cpp: Moved code from
        MediaDevicesRequest in here. Put the typical counts at the top of the file.
        (WebCore::MediaDevicesEnumerationRequest::MediaDevicesEnumerationRequest):
        Marked inline and changed to take a DOM promise directly rather than having
        a separate class do the mapping to DOM promises.
        (WebCore::MediaDevicesEnumerationRequest::start): Replaced the create function
        with this. The caller doesn't actually keep a reference to the object.
        Added a FIXME about the behavior, not new, where we neither resolve nor reject
        the promise if there is no page object present. Updated to use the new version
        of UserMediaController::from.
        (WebCore::MediaDevicesEnumerationRequest::~MediaDevicesEnumerationRequest):
        Added a FIXME about the issue that we don't resolve or reject the promise if
        the client drops the last reference to the request without calling setDeviceInfo.
        (WebCore::MediaDevicesEnumerationRequest::document): Added. Private helper.
        Returns nullptr if the request is no longer active.
        (WebCore::MediaDevicesEnumerationRequest::frame): Added. For use by a caller
        that was getting to the frame. Uses the document function so it will return
        nullptr if the request is no longer active.
        (WebCore::MediaDevicesEnumerationRequest::userMediaDocumentOrigin): Changed
        to do the work using the document function.
        (WebCore::MediaDevicesEnumerationRequest::topLevelDocumentOrigin): Ditto.
        (WebCore::MediaDevicesEnumerationRequest::contextDestroyed): Simplified. We
        now can simply set a boolean when the context is destroyed, so there are no
        side effects and the code is simpler.
        (WebCore::removeAtypicalDevices): Renamed and tightened up the code a bit.
        (WebCore::MediaDevicesEnumerationRequest::setDeviceInfo): Moved the code
        here from MediaDevicesEnumerationRequest to pass the devices along.

        * Modules/mediastream/MediaDevicesEnumerationRequest.h: Made the
        ContextDestructionObserver use private inheritance. Cut down the includes
        and removed various unneeded functions.

        * Modules/mediastream/MediaDevicesRequest.cpp: Removed.
        * Modules/mediastream/MediaDevicesRequest.h: Removed.

        * Modules/mediastream/UserMediaController.cpp:
        (WebCore::UserMediaController::UserMediaController): Use reference rather
        than pointer for the client.
        (WebCore::UserMediaController::~UserMediaController): Ditto.
        (WebCore::provideUserMediaTo): Ditto.

        * Modules/mediastream/UserMediaController.h:
        Changed constructor to take a refeference, removed client function, and
        changed data member to be a reference rather than a pointer.
        (WebCore::UserMediaController::from): Take and return a reference rather
        than taking a pointer that is checked for null.
        (WebCore::UserMediaController::requestUserMediaAccess): Use reference.
        (WebCore::UserMediaController::cancelUserMediaAccessRequest): Ditto.
        (WebCore::UserMediaController::enumerateMediaDevices): Ditto.
        (WebCore::UserMediaController::cancelMediaDevicesEnumerationRequest): Ditto.

        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::start): Updated to use the new version
        of UserMediaController::from.

        * WebCore.xcodeproj/project.pbxproj: Updated for file removals.

        * testing/Internals.cpp: Removed unneeded include of UserMediaController.h.

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Move Touch related bindings in Document to their own IDL file
        https://bugs.webkit.org/show_bug.cgi?id=173521

        Reviewed by Alex Christensen.

        Rather than #including in the middle of an IDL file, this moves the touch related
        bindings in Document.idl to a new partial interface for Document in DocumentTouch.idl.
        While here, remove the custom binding for createTouchList.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::createTouchList): Deleted.
        Remove createTouchList. It can be generated now.

        * dom/Document.cpp:
        (WebCore::Document::createTouch): Deleted.
        * dom/Document.h:
        Move touch related bindings code to DocumentTouch.h/cpp.
        Remove DocumentIOSForward as it is no longer needed.

        * dom/Document.idl:
        Move touch related bindings to DocumentTouch.idl
        
        * dom/DocumentTouch.h: Added.
        * dom/DocumentTouch.cpp: Added.
        (WebCore::DocumentTouch::createTouch):
        Moved from Document.

        (WebCore::DocumentTouch::createTouchList):
        Added to aid generated binding.

        * dom/DocumentTouch.idl: Added.
        Moved operations from Document.h

        * dom/TouchList.h:
        (WebCore::TouchList::create):
        (WebCore::TouchList::TouchList):
        Added create that works with the bindings.

        * dom/ios/TouchEvents.cpp:
        Add DocumentTouchIOS.h and sort.

2017-06-19  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] The system Japanese font cannot be italicized
        https://bugs.webkit.org/show_bug.cgi?id=173300
        <rdar://problem/31805407>

        Reviewed by Ryosuke Niwa.

        Items in the system font cascade list may lie about whether or not they support italics.
        In order to get the truth, we need to use the physical font underlying the font in question,
        because this one won't lie. Then, we can interrogate this physical font about its traits
        in order to synthesize italics correctly.

        Test: fast/text/system-font-japanese-synthetic-italic.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::lookupFallbackFont):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):

2017-06-19  Daewoong Jang  <daewoong.jang@navercorp.com>

        [cURL] Move file scope static variables into function scopes
        https://bugs.webkit.org/show_bug.cgi?id=173567

        Reviewed by Alex Christensen.

        * platform/network/curl/SSLHandle.cpp:
        (WebCore::allowedHosts):
        (WebCore::allowedClientHosts):
        (WebCore::allowsAnyHTTPSCertificateHosts):
        (WebCore::addAllowedClientCertificate):
        (WebCore::setSSLClientCertificate):
        (WebCore::sslIgnoreHTTPSCertificate):
        (WebCore::certVerifyCallback):

2017-06-19  Darin Adler  <darin@apple.com>

        [Cocoa] implement URLSession:task:needNewBodyStream: delegate method
        https://bugs.webkit.org/show_bug.cgi?id=173551
        rdar://problem/32250512

        Reviewed by Alex Christensen.

        Covered by http/tests/misc/form-blob-challenge.html

        * WebCore.xcodeproj/project.pbxproj: Removed NSURLRequestSPI.h.

        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::createHTTPBodyCFReadStream): Factored this out from setHTTPBody.
        (WebCore::setHTTPBody): Factored out the function above.
        * platform/network/cf/FormDataStreamCFNet.h: Added createHTTPBodyCFReadStream.

        * platform/network/cocoa/ResourceRequestCocoa.mm: Use CFNetworkSPI.h.
        * platform/network/ios/ResourceRequestIOS.mm: Ditto.

        * platform/network/mac/FormDataStreamMac.h: Added createHTTPBodyNSInputStream.
        * platform/network/mac/FormDataStreamMac.mm:
        (WebCore::createHTTPBodyNSInputStream): Added/

        * platform/network/mac/ResourceHandleMac.mm: Use CFNetworkSPI.h.
        * platform/network/mac/ResourceRequestMac.mm: Ditto.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm: Ditto.
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: Ditto.

        * platform/network/mac/WebCoreURLResponse.h: Moved SPI declarations from
        here into CFNetworkSPI.h.

        * platform/spi/cf/CFNetworkSPI.h: Use #pragma once, consolidated SPI that was
        defined in scattered locations.

        * platform/spi/cocoa/NSURLRequestSPI.h: Removed. Superceded by CFNetworkSPI.h.

2017-06-19  Brady Eidson  <beidson@apple.com>

        Various IndexedDB crashes as an after effect of previous test.
        <rdar://problem/31418761> and https://bugs.webkit.org/show_bug.cgi?id=170436

        Reviewed by Chris Dumez.

        No new test (No consistent test possible, in practice covered by all existing IDB tests)

        This is timing related, where a UniqueIDBDatabase can be destroyed on the main thread while
        it still has one task left to try to execute on the IDBServer thread.
        
        The background thread tasks don't Ref<> the UniqueIDBDatabase, so even though task execution
        took a Ref<> protector, there was still a small window for a race.
        
        Should be closed up by making the background thread tasks themselves protect this.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
        (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Add support for serializers that have members that are themselves serializers (or inherit being a serializer from a parent)
        https://bugs.webkit.org/show_bug.cgi?id=173395

        Reviewed by Simon Fraser.

        Test: fast/css/DOMQuad-serialization.html

        * bindings/scripts/CodeGenerator.pm:
        (InheritsSerializable):
        Helper to determine if an interface inherits from any interfaces
        that are serializable. This is necessary because an attribute is
        serializable even if its interface is not marked as serializable. 

        (IsSerializableAttribute):
        Check ancestor interfaces as well to determine serializability.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateSerializerDefinition):
        Specialize attributes that are serializable interfaces to call its interfaces
        serialize function, thus allowing nested objects to be serialized.

        * dom/DOMQuad.idl:
        Add serializer.

        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp: Added.
        * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.h: Added.
        * bindings/scripts/test/TestSerialization.idl:
        * bindings/scripts/test/TestSerializationIndirectInheritance.idl: Added.
        Add and update tests.

2017-06-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218505.
        https://bugs.webkit.org/show_bug.cgi?id=173563

        "It would break internal builds" (Requested by youenn on
        #webkit).

        Reverted changeset:

        "[WebRTC] Prevent capturing at unconventional resolutions when
        using the SW encoder on Mac"
        https://bugs.webkit.org/show_bug.cgi?id=172602
        http://trac.webkit.org/changeset/218505

2017-06-19  Zalan Bujtas  <zalan@apple.com>

        Opening certain mails brings up a mail that grows indefinitely.
        https://bugs.webkit.org/show_bug.cgi?id=173562
        <rdar://problem/32766579>

        Reviewed by Tim Horton.

        This reverts the logic where m_autoSizeContentSize always reflects the final layout's.
        When the ICB's height is 100%, it causes infinite recursion.
        See also webkit.org/b/173561.

        * page/FrameView.cpp:
        (WebCore::FrameView::autoSizeIfEnabled):

2017-06-19  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Support .zip archives for file uploads via drag and drop
        https://bugs.webkit.org/show_bug.cgi?id=173511
        <rdar://problem/32521025>

        Reviewed by Tim Horton.

        Allows dropped .zip archives to be uploaded as files by accepting types conforming to either
        "public.zip-archive" or "public.content" as potential file types. Initially, I opted to accept the more general
        "public.data" type; however, this includes UTIs such as "public.url" that should not be represented as files, so
        this is a more targeted fix that allows us to very easily add additional content types in the future by adding
        more types to supportedFileUploadPasteboardTypes.

        Tests:
        DataInteractionTests.ExternalSourceZIPArchiveToUploadArea
        DataInteractionTests.ExternalSourceZIPArchiveAndURLToSingleFileInput

        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        * platform/Pasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::supportedWebContentPasteboardTypes):
        (WebCore::Pasteboard::supportedFileUploadPasteboardTypes):

        Rename supportedPasteboardTypes to supportedWebContentPasteboardTypes, and also introduce
        supportedFileUploadPasteboardTypes which returns an list of types, such that if a type conforms to any type in
        this array, that type may be represented as a file. So far, this list contains "public.content" and
        "public.zip-archive".

        (WebCore::Pasteboard::types):
        (WebCore::Pasteboard::supportedPasteboardTypes): Deleted.
        * platform/ios/WebItemProviderPasteboard.mm:
        (typeConformsToTypes):

        Remove -typeIsAppropriateForSupportedTypes: and replace it with typeConformsToTypes. Use this both when
        determining the number of files on the pasteboard, and when determining preferred UTIs to load when dropping.

        (-[WebItemProviderPasteboard numberOfFiles]):
        (-[WebItemProviderPasteboard typeIdentifierToLoadForRegisteredTypeIdentfiers:]):
        (-[WebItemProviderPasteboard typeIsAppropriateForSupportedTypes:]): Deleted.
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::containsFiles):
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::supportedFileUploadPasteboardTypes):

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom binding for Document.getCSSCanvasContext()
        https://bugs.webkit.org/show_bug.cgi?id=173516

        Reviewed by Chris Dumez.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::visitAdditionalChildren):
        (WebCore::JSDocument::getCSSCanvasContext): Deleted.
        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasContext):
        * dom/Document.h:
        * dom/Document.idl:
        Use a Variant to pass the context and type to the bindings.

2017-06-19  Youenn Fablet  <youenn@apple.com>

        [WebRTC] Prevent capturing at unconventional resolutions when using the SW encoder on Mac
        https://bugs.webkit.org/show_bug.cgi?id=172602
        <rdar://problem/32407693>

        Reviewed by Eric Carlson.

        Test: platform/mac/webrtc/captureCanvas-webrtc-software-encoder.html

        Add internal API to switch on/off hardware H264 encoder.
        Add checks for standard size. If using a software encoder and frame size is not standard,
        the session is destroyed and no frame is sent at all.

        Added tests based on captureStream.
        Fixed the case of capturing a canvas which size is changing.

        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.h:
        * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
        (WebCore::H264VideoToolboxEncoder::setHardwareEncoderForWebRTCAllowed):
        (WebCore::H264VideoToolboxEncoder::hardwareEncoderForWebRTCAllowed):
        (WebCore::isUsingSoftwareEncoder):
        (WebCore::H264VideoToolboxEncoder::CreateCompressionSession):
        (isStandardFrameSize): Added.
        (isUsingSoftwareEncoder): Added.
        * testing/Internals.cpp:
        (WebCore::Internals::setH264HardwareEncoderAllowed):
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-19  Brady Eidson  <beidson@apple.com>

        Cleanup IconLoader stuff when a DocumentLoader detaches from its frame.
        <rdar://problem/31418761> and https://bugs.webkit.org/show_bug.cgi?id=173473

        Reviewed by Alex Christensen.

        No new tests (No known change in behavior)

        I discovered the need to make these changes here due to a transient bug
        introduced in r218015 but already explicitly fixed in r218409.
        
        This change adds an assert to guard against a detached DocumentLoader having active IconLoaders.

        It also clears out all pending IconLoader and icon load decisions when stopLoading() is called, 
        as even attempting to start an icon load after detachment is a waste of cycles.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoading): Also explicitly clear all IconLoaders and icons pending
          load decision.
        (WebCore::DocumentLoader::finishedLoadingIcon): Assert that this DocumentLoader is not detached.

2017-06-19  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in more places in WebCore/
        https://bugs.webkit.org/show_bug.cgi?id=173535

        Reviewed by Antti Koivisto.

        Use WTF::Function instead of std::function in more places in WebCore/ to avoid copying.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::matchedParent):
        * accessibility/AccessibilityObject.h:
        * animation/DocumentAnimation.cpp:
        (WebCore::DocumentAnimation::getAnimations):
        * animation/DocumentAnimation.h:
        (WebCore::DocumentAnimation::getAnimations):
        * contentextensions/CombinedURLFilters.cpp:
        (WebCore::ContentExtensions::CombinedURLFilters::processNFAs):
        * contentextensions/CombinedURLFilters.h:
        * contentextensions/DFACombiner.cpp:
        (WebCore::ContentExtensions::DFACombiner::combineDFAs):
        * contentextensions/DFACombiner.h:
        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::traverseSubresources):
        * css/CSSCrossfadeValue.h:
        * css/CSSFilterImageValue.cpp:
        (WebCore::CSSFilterImageValue::traverseSubresources):
        * css/CSSFilterImageValue.h:
        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::traverseSubresources):
        * css/CSSFontFaceSrcValue.h:
        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::traverseSubresources):
        * css/CSSImageSetValue.h:
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::traverseSubresources):
        * css/CSSImageValue.h:
        * css/CSSValue.cpp:
        (WebCore::CSSValue::traverseSubresources):
        * css/CSSValue.h:
        * css/CSSValueList.cpp:
        (WebCore::CSSValueList::traverseSubresources):
        * css/CSSValueList.h:
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::traverseSubresources):
        * css/StyleProperties.h:
        * css/StyleSheetContents.cpp:
        (WebCore::traverseSubresourcesInRules):
        (WebCore::StyleSheetContents::traverseSubresources):
        * css/StyleSheetContents.h:
        * dom/Element.cpp:
        (WebCore::Element::getAnimations):
        * editing/TextIterator.cpp:
        (WebCore::findPlainTextMatches):
        (WebCore::findClosestPlainText):
        (WebCore::findPlainText):
        * editing/mac/DictionaryLookup.h:
        * editing/mac/DictionaryLookup.mm:
        (WebCore::showPopupOrCreateAnimationController):
        (WebCore::DictionaryLookup::showPopup):
        (WebCore::DictionaryLookup::animationControllerForPopup):
        * fileapi/AsyncFileStream.cpp:
        (WebCore::AsyncFileStream::perform):
        (WebCore::AsyncFileStream::getSize):
        (WebCore::AsyncFileStream::openForRead):
        (WebCore::AsyncFileStream::read):
        * fileapi/AsyncFileStream.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
        (WebCore::HTMLMediaElement::setVideoFullscreenLayer):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
        (WebCore::HTMLMediaElement::setVideoFullscreenLayer):
        * loader/EmptyClients.cpp:
        (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
        (WebCore::EmptyFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
        (WebCore::EmptyFrameLoaderClient::dispatchWillSubmitForm):
        * loader/FrameLoaderClient.h:
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create):
        * loader/archive/cf/LegacyWebArchive.h:
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::forEachResource):
        (WebCore::MemoryCache::forEachSessionResource):
        * loader/cache/MemoryCache.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):
        (WebCore::DOMWindow::showModalDialog):
        * page/DOMWindow.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::applyRecursivelyWithVisibleRect):
        * page/FrameView.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):
        (WebCore::Page::decrementNestedRunLoopCount):
        (WebCore::Page::whenUnnested):
        * page/Page.h:
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::clearAllTestDeferrals):
        (WebCore::WheelEventTestTrigger::setTestCallbackAndStartNotificationTimer):
        (WebCore::WheelEventTestTrigger::triggerTestTimerFired):
        * page/WheelEventTestTrigger.h:
        * page/WindowFeatures.cpp:
        (WebCore::processFeaturesString):
        * page/WindowFeatures.h:
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::RingBuffer::forEach):
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        (WebCore::WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer):
        (WebCore::WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer):
        (WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setVideoFullscreenLayer):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayer::setVideoFullscreenLayer):
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer):

2017-06-19  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WebCore/Modules
        https://bugs.webkit.org/show_bug.cgi?id=173534

        Reviewed by Alex Christensen.

        Use WTF::Function instead of std::function in WebCore/Modules to avoid
        copying.

        * Modules/applepay/PaymentCoordinatorClient.h:
        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/legacy/LegacyCDM.cpp:
        (WebCore::CDMFactory::CDMFactory):
        (WebCore::CDM::registerCDMFactory):
        * Modules/encryptedmedia/legacy/LegacyCDM.h:
        * Modules/mediasession/MediaSession.cpp:
        (WebCore::MediaSession::changeActiveMediaElements):
        (WebCore::MediaSession::safelyIterateActiveMediaElements):
        * Modules/mediasession/MediaSession.h:
        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::matchTransceiver):
        * Modules/mediastream/MediaStreamRegistry.cpp:
        (WebCore::MediaStreamRegistry::forEach):
        * Modules/mediastream/MediaStreamRegistry.h:

2017-06-19  Youenn Fablet  <youenn@apple.com>

        A cloned MediaStreamTrack should mute independently other tracks using the same source
        https://bugs.webkit.org/show_bug.cgi?id=172831
        <rdar://problem/32518527>

        Reviewed by Eric Carlson.

        Test: webrtc/clone-audio-track.html

        Move enabled handling in MediaStreamTrackPrivate instead of RealtimeMediaSource.
        Move WebRTC and WebAudio customers of RealtimeMediaSource to MediaStreamTrackPrivate.
        Move creation of WebAudio provider to MediaStreamTrackPrivate.

        This allows changing some parameters of tracks having the same source independently.
        Using this for enabled track attribute.

        We no longer stop generating frames in case track is disabled.
        This should be added back as an optimization in a follow-up.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::addTrack):
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:
        (WebCore::LibWebRTCPeerConnectionBackend::replaceTrack):
        * Modules/webaudio/MediaStreamAudioSource.cpp:
        * Modules/webaudio/MediaStreamAudioSource.h:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::create):
        (WebCore::MediaStreamTrackPrivate::~MediaStreamTrackPrivate):
        (WebCore::MediaStreamTrackPrivate::setEnabled):
        (WebCore::MediaStreamTrackPrivate::audioSourceProvider):
        (WebCore::MediaStreamTrackPrivate::videoSampleAvailable):
        (WebCore::MediaStreamTrackPrivate::audioSamplesAvailable):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        (WebCore::MediaStreamTrackPrivate::Observer::audioSamplesAvailable):
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::removeObserver):
        * platform/mediastream/RealtimeMediaSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
        (WebCore::CoreAudioCaptureSource::startProducingData):
        (WebCore::CoreAudioCaptureSource::stopProducingData):
        * platform/mediastream/mac/CoreAudioCaptureSource.h:
        * platform/mediastream/mac/MockRealtimeAudioSourceMac.h:
        * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
        (WebCore::MockRealtimeAudioSourceMac::render):
        * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
        (WebCore::RealtimeIncomingAudioSource::~RealtimeIncomingAudioSource):
        (WebCore::RealtimeIncomingAudioSource::OnData):
        * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
        * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
        (WebCore::RealtimeIncomingVideoSource::pixelBufferFromVideoFrame):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
        (WebCore::RealtimeOutgoingAudioSource::RealtimeOutgoingAudioSource):
        (WebCore::RealtimeOutgoingAudioSource::setSource):
        * platform/mediastream/mac/RealtimeOutgoingAudioSource.h:
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::RealtimeOutgoingVideoSource):
        (WebCore::RealtimeOutgoingVideoSource::setSource):
        (WebCore::RealtimeOutgoingVideoSource::initializeFromSource):
        * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h:
        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
        (WebCore::WebAudioSourceProviderAVFObjC::create):
        (WebCore::WebAudioSourceProviderAVFObjC::WebAudioSourceProviderAVFObjC):
        (WebCore::WebAudioSourceProviderAVFObjC::setClient):
        (WebCore::WebAudioSourceProviderAVFObjC::audioSamplesAvailable):
        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::generateFrame):
        * platform/spi/cocoa/PassKitSPI.h:

2017-06-19  Sam Weinig  <sam@webkit.org>

        [WebIDL] Properly model buffer source / typed arrays as their own IDL types
        https://bugs.webkit.org/show_bug.cgi?id=173513

        Reviewed by Alex Christensen.

        - Adds IDL type hierarchy for buffer source types.
        - Includes a special type, IDLArrayBufferView, which WebIDL defines as the union
          of DataView and all the typed array types, but we model as shared base class.
          This should not be observable, and allows us to avoid using a Variant for ArrayBufferView
          and instead use the existing base class.
        - Add builtin typedefs for BufferSource and DOMTimeStamp as defined in WebIDL. As noted
          above, rather than define a typedef of ArrayBufferView that maps to a union, we treat
          it as a special type.

        * bindings/IDLTypes.h:
        Add type hierarchy for buffer source types.
        - IDLBufferSource is the root
        - IDLArrayBuffer, IDLArrayBufferView, IDLDataView, IDLTypedArray derive from it.
        - And then the specific typed array types derive from IDLTypedArray, and are defined
          in JSDOMConvertBufferSource so we don't have to include a ton of typed array includes
          in this file, as they cannot be forward declared.

        * bindings/js/JSDOMConvertBufferSource.h:
        (WebCore::Detail::BufferSourceConverter::convert):
        (WebCore::Converter<IDLArrayBuffer>::convert):
        (WebCore::JSConverter<IDLArrayBuffer>::convert):
        (WebCore::Converter<IDLDataView>::convert):
        (WebCore::JSConverter<IDLDataView>::convert):
        (WebCore::Converter<IDLInt8Array>::convert):
        (WebCore::JSConverter<IDLInt8Array>::convert):
        (WebCore::Converter<IDLInt16Array>::convert):
        (WebCore::JSConverter<IDLInt16Array>::convert):
        (WebCore::Converter<IDLInt32Array>::convert):
        (WebCore::JSConverter<IDLInt32Array>::convert):
        (WebCore::Converter<IDLUint8Array>::convert):
        (WebCore::JSConverter<IDLUint8Array>::convert):
        (WebCore::Converter<IDLUint16Array>::convert):
        (WebCore::JSConverter<IDLUint16Array>::convert):
        (WebCore::Converter<IDLUint32Array>::convert):
        (WebCore::JSConverter<IDLUint32Array>::convert):
        (WebCore::Converter<IDLUint8ClampedArray>::convert):
        (WebCore::JSConverter<IDLUint8ClampedArray>::convert):
        (WebCore::Converter<IDLFloat32Array>::convert):
        (WebCore::JSConverter<IDLFloat32Array>::convert):
        (WebCore::Converter<IDLFloat64Array>::convert):
        (WebCore::JSConverter<IDLFloat64Array>::convert):
        (WebCore::Converter<IDLArrayBufferView>::convert):
        (WebCore::JSConverter<IDLArrayBufferView>::convert):
        Add native and javascript conversion for all the new types.

        * bindings/js/JSDOMConvertUnion.h:
        Add support for steps 7, 8, and 9 of the union conversion algorithm now that
        buffer source types are properly modeled.

        * bindings/js/JSSubtleCryptoCustom.cpp:
        * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
        Replace use of now repurposed IDLBufferSource, with its definition, IDLUnion<IDLArrayBufferView, IDLArrayBuffer>.

        * bindings/scripts/CodeGenerator.pm:
        (IsBufferSourceType):
        Renamed from IsTypedArrayType.

        (IsNonPointerType): Deleted.
        Was only used by DumpRenderTree and WebKitTestRunner generators. They have 
        been switched to the equivalent IsPrimitiveType.

        (IsTypedArrayType): Deleted.
        Renamed to IsBufferSourceType.

        (IsRefPtrType): Deleted. Unused.

        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (AddClassForwardIfNeeded):
        (GetArgumentExceptionFunction):
        (GetAttributeExceptionFunction):
        (PassArgumentExpression):
        (GenerateDefaultValue):
        (GenerateOverloadDispatcher):
        (ShouldPassArgumentByReference):
        (NativeToJSValueDOMConvertNeedsState):
        (NativeToJSValueDOMConvertNeedsGlobalObject):
        Update for rename of IsTypedArrayType -> IsBufferSourceType and remove specialized BufferSource
        condition.

        (GetBaseIDLType):
        Add mappings for new buffer source types.

        * bindings/scripts/IDLParser.pm:
        (Parse):
        Insert builtin typedefs to the typedef map before parsing.

        (addBuiltinTypedefs):
        Generate typedefs for BufferSource and DOMTimeStamp as specified by WebIDL.

        (applyTypedefs):
        Add support for applying typedefs to iterable and maplike, necessary now because BufferSource
        is used as the key to iterable in MediaKeyStatusMap.idl

        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.h:
        Update test results.

        * bindings/scripts/test/TestTypedefs.idl:
        Add tests for builtin typedefs.

        * Modules/geolocation/Geoposition.idl:
        * dom/Event.idl:
        * fileapi/Blob.idl:
        * fileapi/File.idl:
        * page/FrameView.h:
        * xml/XMLHttpRequest.idl:
        Remove typedef for DOMTimeStamp and BufferSource which are now automatically included.

2017-06-19  Adrian Perez de Castro  <aperez@igalia.com>

        Missing <functional> includes make builds fail with GCC 7.x
        https://bugs.webkit.org/show_bug.cgi?id=173544

        Unreviewed gardening.

        Fix compilation with GCC 7.

        * Modules/mediastream/MediaStreamRegistry.h:
        * animation/DocumentAnimation.h:
        * page/WheelEventTestTrigger.h:
        * page/csp/ContentSecurityPolicy.h:
        * platform/Timer.h:
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        * platform/network/NetworkStorageSession.h:

2017-06-19  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed build fix after r218484.

        Properly access the GCryptCipherOperation type (now CipherOperation)
        in the PAL::GCrypt namespace. This somehow worked in local builds.

        * crypto/gcrypt/CryptoAlgorithmAES_CTRGCrypt.cpp:
        (WebCore::callOperation):
        (WebCore::gcryptAES_CTR):

2017-06-19  Zan Dobersek  <zdobersek@igalia.com>

        [GCrypt] AES_CTR support
        https://bugs.webkit.org/show_bug.cgi?id=171420

        Reviewed by Michael Catanzaro.

        Implement AES_CTR support for build configurations that use libgcrypt.

        Both encryption and decryption operations are handled in a single gcryptAES_CTR() function,
        with the specific operation being passed as the first argument. The appropriate AES
        algorithm is picked, and a gcry_cipher_hd_t object is created and has the given key set.
        This key will remain the same throughout the gcry_cipher_hd_t lifetime, even after
        gcry_cipher_reset() calls.

        The encrypt/decrypt operation is wrapped into a helper lambda functor that accepts the
        given counter and input data. It resets the cipher object, sets the counter data, and
        performs the specified operation, returning the output data.

        libgcrypt doesn't support setting counter data on a gcry_cipher_hd_t object with only
        part of that data being used as the actual counter, with the rest acting as a nonce, like
        the Web Crypto specification allows. We have to implement the support for that on our own.

        We compute the number of blocks we'll be processing and the upper exclusive limit for the
        given counter length. We immediately bail if the counter limit is less than the computed
        block count, since that would mean that the counter values would be repeated.

        We short-cut to a direct operation call if the counter length matches size of the counter
        data -- we don't have to adjust the counter data in any way if that's the case.

        Otherwise we move counter data into the MPI format. The nonce and the actual counter MPIs
        can split out of the counter data MPI with the modulus operation and the counter limit MPI.

        We take another shortcut straight to the operation call if we're able to determine that the
        'counter leeway' value, i.e. the difference between the initial counter MPI and the counter
        limit MPI, is larger or equal to the predicted block size -- if that's the case, the counter
        won't wrap around and change the nonce data.

        In worst-case scenario the counter data will wrap around and we have to address that. The
        current implementation takes the slowest possible path for the moment, encrypting/decrypting
        each block separately. For each step the counter is combined with the nonce, the resulting
        MPI data retrieved and passed to the operation function, and the returned block output
        appended to the final output vector. The counter MPI is then incremented and ran through the
        modulus operation, limiting the MPI value to the previously-computed counter limit.

        No new tests -- relevant tests are passing and are unskipped.

        * crypto/gcrypt/CryptoAlgorithmAES_CTRGCrypt.cpp:
        (WebCore::callOperation):
        (WebCore::gcryptAES_CTR):
        (WebCore::CryptoAlgorithmAES_CTR::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CTR::platformDecrypt):

2017-05-14 Frederic Wang  <fwang@igalia.com>

        Add heuristic to avoid flattening "fullscreen" iframes
        https://bugs.webkit.org/show_bug.cgi?id=171914

        Reviewed by Simon Fraser.

        Some authors implement fullscreen popups as out-of-flow iframes with size set to full viewport (using vw/vh CSS units).
        When iframe flattening is enabled, such iframes may unexpectedly become larger than the viewport.
        This commit adds a simple heuristic to avoid frame flattening in that case.
        It is experimented by introducing a "enable for non-fullscreen iframes" state for the frame
        flattening setting.
        The default frame flattening is still either disabled or (fully) enabled on all platforms.
        InternalSettings is also adjusted so that the tests can still set the frame flattening setting.

        Test: fast/frames/flattening/iframe-flattening-fullscreen.html

        * page/FrameView.cpp:
        (WebCore::FrameView::frameFlatteningEnabled): Use the frame flattening enum setting.
        * page/Settings.h: Define a frame flattening enum that includes a "enable for non-fullscreen
        iframes" state.
        * page/Settings.in: Redefine frame flattening using that enum.
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::flattenFrameSet): Use the frame flattening enum setting.
        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::isFullScreenIFrame): Add a heuristic when partial frame flattening
        is enabled setting is enabled.
        There is not a strict comparison against the viewport size since authors may not exactly use
        100vw/100vh.
        Anyway, it is hard to do such comparison using the resolved width & height on RenderStyle.
        (WebCore::RenderIFrame::flattenFrame): Add a comment for the existing "zero size" heuristic.
        Use isFullScreenIFrame heuristic.
        * rendering/RenderView.cpp:
        (WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower): Use the frame flattening enum setting.
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup): Add backup for frame flattening.
        (WebCore::InternalSettings::Backup::restoreTo): Ditto.
        (WebCore::internalSettingsToWebCoreValue): Helper function to cast the frame flattening values.
        (WebCore::InternalSettings::setFrameFlattening): Redefine setFrameFlattening to accept an enum.
        * testing/InternalSettings.h: Define new enum & setter for frame flattening as well as a backup value.
        * testing/InternalSettings.idl: Define new enum & setter for frame flattening.

2017-06-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r218253): Infinite animated gifs no longer loop
        https://bugs.webkit.org/show_bug.cgi?id=173464

        Reviewed by Carlos Alberto Lopez Perez.

        After the first loop iteration we keep rendering the same frame all the time, so it looks like if the animation
        stopped. This is because in r218253 we changed to use SharedBuffer instead of a Vector in ImageBackingStore, but
        we are not correctly copying the data in the copy constructor. We are using SharedBuffer::copy() that doesn't
        actually copy the data of the segments.

        * platform/graphics/ImageBackingStore.h:
        (WebCore::ImageBackingStore::ImageBackingStore): Copy the data of the other SharedBuffer.

2017-06-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] MainThreadNotifier ASSERTION FAILED: m_boundThread == currentThread() in _WebKitWebSrcPrivate::~_WebKitWebSrcPrivate
        https://bugs.webkit.org/show_bug.cgi?id=152043

        Reviewed by Xabier Rodriguez-Calvar.

        Stop using a WeakPtr in MainThreadNotifier, because it's not thread safe, which causes a crash in debug builds when
        the notifier is destroyed in a different thread. Make MainThreadNotifier thread safe refcounted instead, and add
        an invalidate() method to mark it as invalid.

        * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
        (WebCore::InbandTextTrackPrivateGStreamer::handleSample):
        (WebCore::InbandTextTrackPrivateGStreamer::streamChanged):
        * platform/graphics/gstreamer/MainThreadNotifier.h:
        (WebCore::MainThreadNotifier::MainThreadNotifier): Deleted.
        (WebCore::MainThreadNotifier::notify): Deleted.
        (WebCore::MainThreadNotifier::cancelPendingNotifications): Deleted.
        (WebCore::MainThreadNotifier::addPendingNotification): Deleted.
        (WebCore::MainThreadNotifier::removePendingNotification): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::muteChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
        (WebCore::TrackPrivateBaseGStreamer::TrackPrivateBaseGStreamer):
        (WebCore::TrackPrivateBaseGStreamer::~TrackPrivateBaseGStreamer):
        (WebCore::TrackPrivateBaseGStreamer::disconnect):
        (WebCore::TrackPrivateBaseGStreamer::activeChangedCallback):
        (WebCore::TrackPrivateBaseGStreamer::tagsChanged):
        * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init):
        (webKitWebSrcDispose):
        (webKitWebSrcStop):
        (webKitWebSrcStart):
        (webKitWebSrcNeedData):
        (webKitWebSrcEnoughData):
        (webKitWebSrcSeek):

2017-06-18  Ryosuke Niwa  <rniwa@webkit.org>

        Meter element doesn't respect the writing direction
        https://bugs.webkit.org/show_bug.cgi?id=173507

        Reviewed by Sam Weinig.

        The bug was caused by NSLevelIndicatorCell no longer using the value of baseWritingDirection
        to determine the direction of rendering in macOS Sierra and later. It instead relies on
        the value of userInterfaceLayoutDirection.

        Fixed the bug by setting both values. Once we dropped the support for macOS El Capitan
        and earlier, we can remove the code to set baseWritingDirection.

        Test: fast/dom/HTMLMeterElement/meter-rtl.html

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::levelIndicatorFor):

2017-06-18  Dewei Zhu  <dewei_zhu@apple.com>

        Remove 'EditCommand::isEditCommandComposition'.
        https://bugs.webkit.org/show_bug.cgi?id=173525

        Reviewed by Wenson Hsieh.

        Should remove 'isEditCommandComposition' from 'EditCommand' for:
            1. 'EditCommandComposition' is no longer a subclass of EditCommand.
            2. 'isEditCommandComposition' is not used at all.

        * editing/EditCommand.h:
        (WebCore::EditCommand::isCompositeEditCommand):
        (WebCore::EditCommand::isEditCommandComposition): Deleted.

2017-06-18  Chris Dumez  <cdumez@apple.com>

        Crash when re-entering MediaDevicesEnumerationRequest::cancel()
        https://bugs.webkit.org/show_bug.cgi?id=173522
        <rdar://problem/31185739>

        Reviewed by Darin Adler.

        When a MediaDevicesRequest is started, it creates a MediaDevicesEnumerationRequest
        object and passes a completion handler to that MediaDevicesEnumerationRequest
        object. The completion handler holds a reference to the MediaDevicesRequest object
        so that its stays alive until the MediaDevicesEnumerationRequest either completes
        or is canceled. MediaDevicesRequest also holds a reference to the
        MediaDevicesEnumerationRequest object via its m_enumerationRequest data member.

        When the document is destroyed, both MediaDevicesRequest::contextDestroyed() and
        MediaDevicesEnumerationRequest::contextDestroyed() gets called and the other is not
        pre-determined. If MediaDevicesEnumerationRequest::contextDestroyed() gets called
        first then it calls MediaDevicesEnumerationRequest::cancel(). Calling cancel() ends
        up destroying the completion handler. Destroying the completion handler ends up
        dereferencing and destroying the MediaDevicesRequest object. The MediaDevicesRequest
        destructor would call MediaDevicesEnumerationRequest::cancel() again, causing us to
        re-enter it and assign nullptr to the completion callback again. Re-entering
        std::function's operator=(nullptr_t) is not safe because of the way it is implemented
        as we end up trying to destroy the lambda twice and crashing. Using a WTF::Function
        instead fixes this particular issue because re-entering WTF::Function's operator=(nullptr_t)
        is safe.

        However, this fix is not sufficient. Calling the MediaDevicesRequest destructor also
        dereferencing and destroys the MediaDevicesEnumerationRequest object. As a result,
        when MediaDevicesEnumerationRequest::contextDestroyed() returns from its call to cancel
        |this| is already dead when we call ContextDestructionObserver::contextDestroyed().
        To address this issue, we now protect |this| in MediaDevicesEnumerationRequest::contextDestroyed().

        Test: fast/mediastream/destroy-document-while-enumerating-devices.html

        * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
        (WebCore::MediaDevicesEnumerationRequest::contextDestroyed):
        Protect |this| as the call to cancel() may destroy |this| before calling
        ContextDestructionObserver::contextDestroyed() otherwise.

        * Modules/mediastream/MediaDevicesEnumerationRequest.h:
        Use WTF::Function instead of std::function for the completion handler as
        it is safer (in terms of re-entrency) and avoids unnecessary copying.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::~MediaDevicesRequest):
        Stop calling MediaDevicesEnumerationRequest::cancel(). When the destructor
        is called, the MediaDevicesEnumerationRequest has either completed or been
        canceled so there is no need to cancel again. I added an assertion to
        make sure it is the case. This avoids re-entering
        MediaDevicesEnumerationRequest::cancel() is some cases, which was risky.

        (WebCore::MediaDevicesRequest::start):
        Add comment for clarity and capture a Ref<> instead of a RefPtr<> now that
        we can since we use WTF::Function.

2017-06-18  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WTF/
        https://bugs.webkit.org/show_bug.cgi?id=173519

        Reviewed by Sam Weinig.

        Replace a few uses of std::function with WTF::Function in WebCore/
        as well. It was either this or including <functional> and I decided
        it made more sense to port the code.

        * platform/graphics/FontSelectionAlgorithm.h:
        (WebCore::FontSelectionAlgorithm::iterateActiveCapabilitiesWithReturn):
        * platform/mediastream/MediaConstraints.cpp:
        (WebCore::StringConstraint::find):
        (WebCore::MediaTrackConstraintSetMap::forEach):
        (WebCore::MediaTrackConstraintSetMap::filter):
        (WebCore::MediaConstraints::isConstraintSet):
        * platform/mediastream/MediaConstraints.h:
        (WebCore::NumericConstraint::find):
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::applyConstraint):

2017-06-18  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeking or entering fullscreen can cause extreme CPU usage
        https://bugs.webkit.org/show_bug.cgi?id=173505

        Reviewed by Tim Horton.

        When support for painting MSE to WebGL was added in r217185, the implementation of
        SourceBufferPrivateAVFObjC::isReadyForMoreSamples() was modified to support asking
        the decompression session if it was ready. That change, however, caused an extreme
        performance regression in the normal playback path, where WebKit will effectively
        append samples endlessly to the AVSampleBufferDisplayLayer, which admirably enqueued
        each of them for decoding. Eventually, the cost of iterating over the CMBufferQueue
        overwhelmed the cost of decoding, and caused the extreme lag seen when seeking.

        Make sure to property query the AVSampleBufferDisplayLayer for isReadyForMoreMediaData
        before enqueuing.

        A previous version of this patch exposed some errors which caused failing tests:

        In sourceBufferPrivateDidReceiveSample(), we were using local versions of
        presentationTimestamp and decodeTimestamp as keys to the decodeQueue; those local versions
        were floating point values (because MediaTime + float = float), but the sample itself uses
        non-floating point MediaTimes. This causes samples to be left in the queue when they should
        be removed.

        In didBecomeReadyForMoreSamples(), we were getting spurious assertions when a
        AVSampleBufferDisplayLayer or a AVSampleBufferAudioRenderer would fire a callback from
        -requestMediaDataWhenReadyOnQueue:usingBlock: even after it had been told to
        -stopRequestingMediaData. Apparently it's expected behavior and so an ASSERT_NOT_REACHED is
        inappropriate here.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples):
        (WebCore::SourceBufferPrivateAVFObjC::didBecomeReadyForMoreSamples):


2017-06-17  Zalan Bujtas  <zalan@apple.com>

        Addressing post-review comment after r218456.
        https://bugs.webkit.org/show_bug.cgi?id=173509

        Reviewed by Darin Adler.

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-06-17  Chris Dumez  <cdumez@apple.com>

        DOMQuad::getBounds() should return a Ref<>
        https://bugs.webkit.org/show_bug.cgi?id=173517

        Reviewed by Simon Fraser.

        DOMQuad::getBounds() should return a Ref<> as it cannot return
        null.

        * dom/DOMQuad.cpp:
        (WebCore::DOMQuad::getBounds):
        * dom/DOMQuad.h:

2017-06-17  Simon Fraser  <simon.fraser@apple.com>

        Implement DOMQuad
        https://bugs.webkit.org/show_bug.cgi?id=163534

        Reviewed by Sam Weinig.

        Implement DOMQuad per https://drafts.fxtf.org/geometry/#DOMQuad, other than serialization
        which requires some bindings changes.

        web-platform-tests/css/geometry-1/DOMRect-001.html tests against an older version of the spec,
        so has some failures. DOMQuad-002.html passes, other than a NaN propagation issue that requires
        spec clarification.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMQuadCustom.cpp: Added.
        (WebCore::JSDOMQuad::getBounds):
        * bindings/scripts/CodeGenerator.pm:
        (IsSerializableDOMType):
        (IsSerializableAttribute):
        * dom/DOMPoint.h:
        * dom/DOMQuad.cpp: Added.
        (WebCore::DOMQuad::DOMQuad):
        (WebCore::DOMQuad::getBounds):
        * dom/DOMQuad.h: Added.
        (WebCore::DOMQuad::create):
        (WebCore::DOMQuad::fromRect):
        (WebCore::DOMQuad::fromQuad):
        (WebCore::DOMQuad::p1):
        (WebCore::DOMQuad::p2):
        (WebCore::DOMQuad::p3):
        (WebCore::DOMQuad::p4):
        * dom/DOMQuad.idl: Added.
        * dom/DOMQuadInit.h: Added.
        * dom/DOMQuadInit.idl: Added.

2017-06-17  Chris Dumez  <cdumez@apple.com>

        Use WTF::Function instead of std::function in WebKit2/
        https://bugs.webkit.org/show_bug.cgi?id=173504

        Reviewed by Darin Adler.

        Use WTF::Function instead of std::function in WebKit2/ to avoid
        unnecessary copying.

        * Modules/applepay/PaymentCoordinator.cpp:
        (WebCore::PaymentCoordinator::canMakePaymentsWithActiveCard):
        (WebCore::PaymentCoordinator::openPaymentSetup):
        * Modules/applepay/PaymentCoordinator.h:
        * Modules/applepay/PaymentCoordinatorClient.h:
        * loader/EmptyClients.cpp:
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::willSendRequest):
        * loader/NetscapePlugInStreamLoader.h:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequest):
        * loader/ResourceLoader.h:

2017-06-17  Zalan Bujtas  <zalan@apple.com>

        Demote the "we have navigated away" check to an assertion.
        https://bugs.webkit.org/show_bug.cgi?id=173509

        Reviewed by Simon Fraser.

        Now that the expected behavior is that the render tree can't get to the page cache, it's ok to assert.
        TODO: We should also have view() check removed at some point.

        * dom/Document.cpp:
        (WebCore::Document::destroyRenderTree):

2017-06-17  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build

        * PlatformMac.cmake:
        * bindings/js/ScriptGlobalObject.cpp:

2017-06-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218438.
        https://bugs.webkit.org/show_bug.cgi?id=173515

        Caused imported/w3c/web-platform-tests/media-
        source/mediasource* tests to fail (Requested by smfr on
        #webkit).

        Reverted changeset:

        "[MSE] Seeking or entering fullscreen can cause extreme CPU
        usage"
        https://bugs.webkit.org/show_bug.cgi?id=173505
        http://trac.webkit.org/changeset/218438

2017-06-17  Antti Koivisto  <antti@apple.com>

        Crash due to infinite recursion via FrameSelection::updateAppearanceAfterLayout
        https://bugs.webkit.org/show_bug.cgi?id=173468

        Reviewed by Ryosuke Niwa.

        Test: editing/selection/updateAppearanceAfterLayout-recursion.html

        Calling FrameSelection::updateAppearanceAfterLayout() from Document::resolveStyle is unsafe
        because it may cause another call to resolveStyle. We have some cases where the style
        is still unclean when updateAppearanceAfterLayout() is called. This can lead to infinite
        recursion.

        The test case is not the common stack seen in CrashTracer (couldn't quit replicate it) but
        the updateAppearanceAfterLayout/resolveStyle recursion is the same.

        * dom/Document.cpp:
        (WebCore::Document::resolveStyle):

            Normally selection appearance update is done in post-layout but not all style resolutions schedule a layout.
            Invoke it asynchronously in that case instead of the previous synchronous call.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::FrameSelection):
        (WebCore::FrameSelection::updateAppearanceAfterLayout):
        (WebCore::FrameSelection::scheduleAppearanceUpdateAfterStyleChange):
        (WebCore::FrameSelection::appearanceUpdateTimerFired):
        (WebCore::FrameSelection::updateAppearanceAfterLayoutOrStyleChange):
        * editing/FrameSelection.h:

2017-06-17  Alex Christensen  <achristensen@webkit.org>

        Fix Mac CMake build.

        * PlatformMac.cmake:

2017-06-17  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r209495): materiauxlaverdure.com fails to load
        https://bugs.webkit.org/show_bug.cgi?id=173301
        <rdar://problem/32624850>

        Reviewed by Antti Koivisto.

        The bug was caused by WebKit wrapping CSS string values with single quotation marks instead of
        double quotation marks as spec'ed in https://drafts.csswg.org/cssom/#serialize-a-string and
        implemented in Firefox and Chrome.

        The website eval's the computed value of the `content` CSS property with the value `'{name: "flat"}'`
        after stripping single quotation marks from both ends. Prior to r209495, WebKit serialized this CSS value
        in single quotations without escaping double quotations. After r209495, double quotations are escaped
        with backslashes as `'{name: \"flat\"}'`. As a result, `eval` is invoked with `{name: \"flat\"}`
        after stripping single quotations from both ends, which resulted in an exception.

        Chrome and Firefox don't encounter this exception despite of the fact they escape double quotations
        as well because serialize with double quotations as `"{name: \"flat\"}"`. Because there is no code
        to strip double quotations, eval is invoked with the same string, resulting in the entire value as
        being parsed as string, instead of an object with a single key "name" with the value of "flat" as
        was the case in WebKit prior to r209495. While this behavior was most certainly not the intent of
        the website author, Chrome and Firefox don't encounter an exception and the website continues to work.

        This patch aligns WebKit's behavior to that of the CSS OM specification, Firefox, and Chrome by
        serializing CSS string values using double quotation marks instead of single quotation marks.

        Note: inline change log comments are added below for every call site of serializeString for clarity.

        Test: fast/css/getPropertyValue-serialization-with-double-quotes.html

        * css/CSSBasicShapes.cpp:
        (WebCore::buildPathString): Use double quotation marks in path(~) of shapes.
        * css/CSSMarkup.cpp:
        (WebCore::serializeString):
        (WebCore::serializeURL): Use double quotation marks to serialize URLs.
        (WebCore::serializeAsStringOrCustomIdent): Use double quotation marks to serialize strings. We still avoid
        using wrapping the value with double quotations when the value can be an identifier. See r209495.
        (WebCore::serializeFontFamily): Ditto for font-family names such as "San Francisco".
        * css/CSSMarkup.h:
        * css/CSSNamespaceRule.cpp:
        (WebCore::CSSNamespaceRule::cssText): Use double quotation marks to serialize namespace URIs.
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberForCustomCSSText): Use double quotation marks to serialize
        the separators; e.g. counter(sectionNumber, ".") to produce "1.".
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::selectorText): Use double quotation marks to serialize attribute values.
        * css/parser/CSSParserToken.cpp:
        (WebCore::CSSParserToken::serialize): Use double quotation marks to serialize strings in @support.
        * editing/EditingStyle.cpp:
        (WebCore::StyleChange::extractTextStyles): Updated to strip double quotation marks in font family names to
        maintain the compatibility with old versions of Microsoft Outlook.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::mapLanguageAttributeToLocale): Use double quotations marks to serialize the value
        of the lang content attribute. It doesn't matter which one is used here because it's only a temporary value
        only fed into the CSS parser to set the equivalent CSS value from the content attribute.

2017-06-16  Matt Baker  <mattbaker@apple.com>

        Web Inspector: Instrument 2D/WebGL canvas contexts in the backend
        https://bugs.webkit.org/show_bug.cgi?id=172623
        <rdar://problem/32415986>

        Reviewed by Devin Rousso and Joseph Pecoraro.

        Test: inspector/canvas/create-canvas-contexts.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        Instrument creation of CSS canvases. This merely registers the canvas
        element with InspectorCanvasAgent and stores the name (identifier passed
        to getCSSCanvasContext) for later use. It isn't until the context is
        actually created that the frontend receives a notification.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        Instrument creation of 2D and WebGL canvas contexts.

        * inspector/InspectorAllInOne.cpp:

        * inspector/InspectorCanvasAgent.cpp: Added.
        New backend agent for canvas inspection. Canvas creation and destruction
        are continuously monitored by the agent, regardless of the presence of
        a frontend. This is necessary since there is no way to retrieve the
        rendering contexts for with a given frame once they've been created.

        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::InspectorCanvasAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::discardAgent):
        Unregister canvas observers to prevent dangling agent pointer.
        (WebCore::InspectorCanvasAgent::enable):
        Dispatch events for existing canvases, now that the frontend exists.
        (WebCore::InspectorCanvasAgent::disable):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas):
        Register the name/identifier associated with the CSS canvas, so that it
        can be retrieved and associated with the rendering context later.

        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        Removes the canvas from the agent, and queues it for notifying the
        frontend during the next event loop.

        (WebCore::InspectorCanvasAgent::canvasDestroyedTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::getCanvasEntry):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorCanvasAgent.h: Added.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        These instrumentation points should not fast return when no frontend
        is attached.

        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):

        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorCanvasAgent):
        (WebCore::InstrumentingAgents::setInspectorCanvasAgent):
        Plumbing for the new agent.

2017-06-16  Antoine Quint  <graouts@apple.com>

        Add a WebKit2 setting to control whether media documents should automatically enter fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173503

        Reviewed by Tim Horton.

        New WebCore setting to specify whether a media document should automatically enter fullscreen.

        * page/Settings.in:

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [MSE] Seeking or entering fullscreen can cause extreme CPU usage
        https://bugs.webkit.org/show_bug.cgi?id=173505

        Reviewed by Tim Horton.

        When support for painting MSE to WebGL was added in r217185, the implementation of
        SourceBufferPrivateAVFObjC::isReadyForMoreSamples() was modified to support asking
        the decompression session if it was ready. That change, however, caused an extreme
        performance regression in the normal playback path, where WebKit will effectively
        append samples endlessly to the AVSampleBufferDisplayLayer, which admirably enqueued
        each of them for decoding. Eventually, the cost of iterating over the CMBufferQueue
        overwhelmed the cost of decoding, and caused the extreme lag seen when seeking.

        Make sure to property query the AVSampleBufferDisplayLayer for isReadyForMoreMediaData
        before enqueuing.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::isReadyForMoreSamples):

2017-06-16  Sam Weinig  <sam@webkit.org>

        [WebIDL] Remove custom bindings for HTMLDocument
        https://bugs.webkit.org/show_bug.cgi?id=173444

        Reviewed by Darin Adler.

        * bindings/js/JSDOMBindingSecurity.cpp:
        (WebCore::canAccessDocument):
        (WebCore::BindingSecurity::shouldAllowAccessToFrame):
        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::showModalDialog):
        Pass ExecState by reference to window accessors.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::incumbentDOMWindow):
        (WebCore::activeDOMWindow):
        (WebCore::firstDOMWindow):
        (WebCore::callerDocument):
        * bindings/js/JSDOMWindowBase.h:
        Pass ExecState by reference to window accessors and add callerDocument.
    
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot): Deleted.
        (WebCore::JSHTMLDocument::all): Deleted.
        (WebCore::JSHTMLDocument::setAll): Deleted.
        (WebCore::findCallingDocument): Deleted.
        (WebCore::JSHTMLDocument::open): Deleted.
        (WebCore::documentWrite): Deleted.
        (WebCore::JSHTMLDocument::write): Deleted.
        Remove custom bindings.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateCallWith):
        Add support CallWith=CallerDocument

        * bindings/scripts/IDLAttributes.json:
        Remove CallerWindow, which has not been supported for a while. CallerDocument, despite 
        having it's support removed in the past, was still listed, so keep it.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        Update test results.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createHTMLDocument):
        Update for new signature of Document.write().

        * dom/Document.h:
        * dom/Document.idl:
        * dom/Document.cpp:
        (WebCore::Document::open):
        Add DOMWindow returning overload that calls through to the DOMWindow.
        Add return value and currently not utilized parameters to the Document returning overload.
        Update to return exceptions as specified.

        (WebCore::Document::close):
        Update to return exceptions as specified.

        (WebCore::Document::write):
        (WebCore::Document::writeln):
        Update to take a Vector<String> argument and the caller Document first
        as per convention and return exceptions as specified.

        (WebCore::Document::bgColor):
        (WebCore::Document::setBgColor):
        (WebCore::Document::fgColor):
        (WebCore::Document::setFgColor):
        (WebCore::Document::alinkColor):
        (WebCore::Document::setAlinkColor):
        (WebCore::Document::linkColorForBindings):
        (WebCore::Document::setLinkColorForBindings):
        (WebCore::Document::vlinkColor):
        (WebCore::Document::setVlinkColor):
        (WebCore::Document::clear):
        (WebCore::Document::captureEvents):
        (WebCore::Document::releaseEvents):
        Move from HTMLDocument.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::bgColor): Deleted.
        (WebCore::HTMLDocument::setBgColor): Deleted.
        (WebCore::HTMLDocument::fgColor): Deleted.
        (WebCore::HTMLDocument::setFgColor): Deleted.
        (WebCore::HTMLDocument::alinkColor): Deleted.
        (WebCore::HTMLDocument::setAlinkColor): Deleted.
        (WebCore::HTMLDocument::linkColor): Deleted.
        (WebCore::HTMLDocument::setLinkColor): Deleted.
        (WebCore::HTMLDocument::vlinkColor): Deleted.
        (WebCore::HTMLDocument::setVlinkColor): Deleted.
        (WebCore::HTMLDocument::clear): Deleted.
        (WebCore::HTMLDocument::captureEvents): Deleted.
        (WebCore::HTMLDocument::releaseEvents): Deleted.
        * html/HTMLDocument.h:
        * html/HTMLDocument.idl:
        Moved operations and attributes to Document.

        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::patchDocument):
        Update for new signature of Document.write().

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):
        (WebCore::DOMWindow::focus):
        * page/DOMWindow.h:
        Use the term incumbentWindow, matching IDL, and so not to be confused
        with the callerWindow, which is slightly different.

2017-06-16  Daniel Bates  <dabates@apple.com>

        Remove header OptionSet.h from FrameLoaderTypes.h
        https://bugs.webkit.org/show_bug.cgi?id=173489

        Reviewed by Joseph Pecoraro.

        Although the header FrameLoaderTypes.h defines exactly one enum class, ReloadOption, whose
        enumerators conform the power of two prerequisite for parameterizing an OptionSet for it
        FrameLoaderTypes.h does not actually make use of the functionality provided by header
        OptionSet.h. And not all source files that include FrameLoaderTypes.h need to use an OptionSet.

        * loader/DocumentLoader.h: Include <wtf/OptionSet.h>.
        * loader/FrameLoader.h: Ditto.
        * loader/FrameLoaderTypes.h: Remove header <wtf/OptionSet.h>.
        * replay/UserInputBridge.h: Include <wtf/Forward.h>.

2017-06-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS DnD] Upstream iOS drag and drop implementation into OpenSource WebKit
        https://bugs.webkit.org/show_bug.cgi?id=173366
        <rdar://problem/32767014>

        Reviewed by Tim Horton.

        Moves all drag and drop logic previously hidden behind WebKitAdditions into the open source repository, along
        with unit test pages in TestWebKitAPI. Also removes all #includes and #imports of dragging-related files in
        WebKitAdditions from the open source repository.

        This initial upstreaming phase is only concerned with moving code out of WebKitAdditions, and attempts to
        preserve the code as-is, with the exception of trivial style changes so that the open source linter passes.
        Future patches will remove the DATA_INTERACTION feature flag altogether and unobscure all variable and function
        names referencing "data interaction".

        No change in behavior from the internal build.

        * Configurations/FeatureDefines.xcconfig:
        * page/ios/EventHandlerIOS.mm:
        (WebCore::EventHandler::createDraggingDataTransfer):
        (WebCore::EventHandler::eventLoopHandleMouseDragged):
        (WebCore::EventHandler::tryToBeginDataInteractionAtPoint):
        * platform/ios/DragImageIOS.mm:
        (WebCore::dragImageSize):
        (WebCore::scaleDragImage):
        (WebCore::createDragImageFromImage):
        (WebCore::deleteDragImage):
        (WebCore::createDragImageForLink):
        (WebCore::createDragImageIconForCachedImageFilename):
        (WebCore::platformAdjustDragImageForDeviceScaleFactor):
        (WebCore::createDragImageForSelection):
        (WebCore::dissolveDragImageToFraction):
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::Pasteboard):
        (WebCore::Pasteboard::setDragImage):
        (WebCore::Pasteboard::createForDragAndDrop):
        * platform/mac/DragDataMac.mm:
        (WebCore::rtfPasteboardType):
        (WebCore::rtfdPasteboardType):
        (WebCore::stringPasteboardType):
        (WebCore::urlPasteboardType):
        (WebCore::htmlPasteboardType):
        (WebCore::colorPasteboardType):
        (WebCore::pdfPasteboardType):
        (WebCore::tiffPasteboardType):
        (WebCore::DragData::asFilenames):
        (WebCore::DragData::containsURL):
        (rtfPasteboardType): Deleted.
        (rtfdPasteboardType): Deleted.
        (stringPasteboardType): Deleted.
        (urlPasteboardType): Deleted.
        (htmlPasteboardType): Deleted.
        (colorPasteboardType): Deleted.
        (pdfPasteboardType): Deleted.
        (tiffPasteboardType): Deleted.

2017-06-16  Youenn Fablet  <youenn@apple.com>

        addTransceiver should trigger mid generation in the SDP
        https://bugs.webkit.org/show_bug.cgi?id=173452

        Reviewed by Alex Christensen.

        Test: webrtc/video-addTransceiver.html

        Adding support for recvonly SDP based on call to addTransceiver.
        Using offer_to_receive options of libwebrtc for that purpose.

        Making sure that addTransceiver and using a real track afterwards is working too.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::enqueueReplaceTrackTask): notify the backend that a track is added in case the sender has no track.
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::shouldOfferAllowToReceiveAudio): Detect whether some audio mid should be recvonly.
        (WebCore::LibWebRTCMediaEndpoint::shouldOfferAllowToReceiveVideo): Detect whether some video mid should be recvonly.
        (WebCore::LibWebRTCMediaEndpoint::doCreateOffer):
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h:

2017-06-16  Youenn Fablet  <youenn@apple.com>

        WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging is crashing
        https://bugs.webkit.org/show_bug.cgi?id=173493

        Reviewed by Eric Carlson.

        Speculative preventive fix.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::LibWebRTCMediaEndpoint::gatherStatsForLogging):

2017-06-16  Alex Christensen  <achristensen@webkit.org>

        Show punycode to user if a URL has dotless i or j followed by diacritic dot
        https://bugs.webkit.org/show_bug.cgi?id=173431

        Reviewed by Darin Adler.

        Covered by new API tests.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::isLookalikeCharacter):
        (WebCore::allCharactersInIDNScriptWhiteList):
        (WebCore::createStringWithEscapedUnsafeCharacters):

2017-06-16  Youenn Fablet  <youenn@apple.com>

        [iOS] Switching cameras in a WebRTC call makes black frames being sent
        https://bugs.webkit.org/show_bug.cgi?id=173486

        Reviewed by Eric Carlson.

        Test: webrtc/video-replace-muted-track.html

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::updateBlackFramesSending):
        Ensuring the timer is stopped if needed.
        (WebCore::RealtimeOutgoingVideoSource::initializeFromSource):
        Calling updateBlackFramesSending to stop sending frame if needed.

2017-06-16  Youenn Fablet  <youenn@apple.com>

        Remove replaceTrack restriction about video resolution
        https://bugs.webkit.org/show_bug.cgi?id=173490

        Reviewed by Eric Carlson.

        Covered by updated tests.

        * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
        (WebCore::RealtimeOutgoingVideoSource::setSource):

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Handle timeout of prepareForPictureInPictureStopWithCompletionHandler.
        https://bugs.webkit.org/show_bug.cgi?id=173462
        rdar://problem/32128170

        Reviewed by Jer Noble.

        No new tests because no effect on the DOM.

        If WebVideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler doesn't respond fast enough,
        the caller will timeout and call will/didStopPictureInPicture.

        This is getting fullscreen state confused.

        This change keeps state consistent by handling will/didStopPictureInPicture possibly being called before
        prepareForPictureInPictureStopWithCompletionHandler calls its callback.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::willStopPictureInPicture):
        (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):
        (WebVideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler):
        (WebVideoFullscreenInterfaceAVKit::watchdogTimerFired):

2017-06-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Make builds faster after r218371
        https://bugs.webkit.org/show_bug.cgi?id=173453

        Reviewed by Tim Horton.

        Remove #includes from .h files.

        No new tests because there is no behavior change.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj: Add new .cpp file, and sort the project file
        * platform/graphics/FontFamilySpecificationNull.cpp: Copied from Source/WebCore/platform/graphics/FontFamilySpecificationNull.h.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/FontFamilySpecificationNull.h:
        (WebCore::FontFamilySpecificationNull::fontRanges): Deleted.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        (WebCore::FontFamilySpecificationCoreText::~FontFamilySpecificationCoreText):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h:
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText): Deleted.

2017-06-16  Chris Dumez  <cdumez@apple.com>

        [WK2] Add WKProcessPool SPI to efficiently reset all plugin load client policies
        https://bugs.webkit.org/show_bug.cgi?id=173472
        <rdar://problem/28858817>

        Reviewed by Brady Eidson.

        Add PluginLoadClientPolicyMaximum value to PluginLoadClientPolicy enumeration
        to facilitate input value validation on API side.

        * plugins/PluginData.h:

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [iOS] Do not pause playing video when application resigns active state.
        https://bugs.webkit.org/show_bug.cgi?id=173474

        Reviewed by Tim Horton.

        Test: media/video-inactive-playback.html

        Separate out the concept of "inactive" playback from "process background" playback.
        Move the implementation of applicationDidEnterBackground() from MediaSessionManagerIOS
        into it's superclass, PlatformMediaSessionManager, and add a new set of restrictions
        for "InactiveProcessPlaybackRestricted" and "SuspendedUnderLockPlaybackRestricted".
        Leave the default restriction set for iOS as "BackgroundProcessPlaybackRestricted" and
        "SuspendedUnderLockPlaybackRestricted", to preserve the existing behavior of suspending
        playback when switching apps or when locking the device.

        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::interruptionName):
        * platform/audio/PlatformMediaSession.h:
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::applicationWillBecomeInactive):
        (WebCore::PlatformMediaSessionManager::applicationDidBecomeActive):
        (WebCore::PlatformMediaSessionManager::applicationDidEnterBackground):
        (WebCore::PlatformMediaSessionManager::applicationWillEnterForeground):
        (WebCore::PlatformMediaSessionManager::applicationWillEnterBackground): Deleted.
        (WebCore::PlatformMediaSessionManager::applicationDidEnterForeground): Deleted.
        * platform/audio/PlatformMediaSessionManager.h:
        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::resetRestrictions):
        (-[WebMediaSessionHelper applicationDidBecomeActive:]):
        (-[WebMediaSessionHelper applicationWillResignActive:]):
        (WebCore::MediaSessionManageriOS::applicationDidEnterBackground): Deleted.
        (WebCore::MediaSessionManageriOS::applicationWillEnterForeground): Deleted.
        * testing/Internals.cpp:
        (WebCore::Internals::applicationWillBecomeInactive):
        (WebCore::Internals::applicationDidBecomeActive):
        (WebCore::Internals::applicationWillEnterForeground):
        (WebCore::Internals::applicationDidEnterBackground):
        (WebCore::Internals::setMediaSessionRestrictions):
        (WebCore::Internals::applicationDidEnterForeground): Deleted.
        (WebCore::Internals::applicationWillEnterBackground): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2017-06-16  Alex Christensen  <achristensen@webkit.org>

        REGRESSION (r213126): Sync XHR needs partition for cache and credentials
        https://bugs.webkit.org/show_bug.cgi?id=173496
        <rdar://problem/31943596>

        Reviewed by Darin Adler.

        Test: http/tests/security/sync-xhr-partition.html

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2017-06-16  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218402 and r218404.
        https://bugs.webkit.org/show_bug.cgi?id=173494

        Seems to have mysteriously broken the build in bizarre ways
        (Requested by thorton on #webkit).

        Reverted changesets:

        "Include a few widespread WTF headers in WebCorePrefix.h"
        https://bugs.webkit.org/show_bug.cgi?id=173481
        http://trac.webkit.org/changeset/218402

        "Fix the Windows build after r218402"
        http://trac.webkit.org/changeset/218404

2017-06-16  Brady Eidson  <beidson@apple.com>

        REGRESSION (r218015) IconLoaders for already-cached resources expect to be asynchronous, no longer are.
        <rdar://problem/32817519> and https://bugs.webkit.org/show_bug.cgi?id=173478

        Reviewed by Daniel Bates.

        Covered by API test.

        Being synchronous is actually better as it's resolved another issue or two.
        But only if we can actually deliver the data without crashing first.
        So let's do that.
        
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::didGetLoadDecisionForIcon): Put the IconLoader in the set of active icon loaders
          before actually starting the icon loading.

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Don't use WebCore Timer from code that runs in the UI process.
        https://bugs.webkit.org/show_bug.cgi?id=173460
        rdar://problem/32750731

        Reviewed by Jer Noble.

        If a WebCore Timer is fired from the WebKit2 UI process, it will
        create a web thread, which can cause a crash in this instance.

        It was also causing the timer to be called back on the wrong thread.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::WebVideoFullscreenInterfaceAVKit):

2017-06-16  Timothy Horton  <timothy_horton@apple.com>

        Fix the Windows build after r218402

        * WebCorePrefix.h:
        I typed #import instead of #include on auto-pilot, and ... it mostly worked!
        Except Windows.

2017-06-16  Jeremy Jones  <jeremyj@apple.com>

        Hide inline captions in fullscreen. Remove fullscreen captions when no longer needed.
        https://bugs.webkit.org/show_bug.cgi?id=173482

        Reviewed by Eric Carlson.

        Hide the inline captions while they are presenting to fullscreen.
        Remove the text track representation as soon as it is no longer needed.
        This allows the text track to render properly when returning to inline.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):

2017-06-16  Tim Horton  <timothy_horton@apple.com>

        Include a few widespread WTF headers in WebCorePrefix.h
        https://bugs.webkit.org/show_bug.cgi?id=173481

        Reviewed by Alex Christensen.

        * WebCorePrefix.h:
        These are four of the headers that contribute the most pre-processed
        source to the WebCore build. They (and their dependents) change infrequently
        enough that a world rebuild of WebCore when they change seems like an
        acceptable tradeoff for the ~9% reduction in WebCore build time that I
        measure from this change.

2017-06-16  Antoine Quint  <graouts@apple.com>

        REGRESSION: AirPlay placard is not shown when in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173447
        <rdar://problem/32803773>

        Reviewed by Jon Lee.

        We only allowed a placard to be set on inline controls, but that was an oversight: placards
        should be displayed in fullscreen as well. As such, we move the "placard" property up from
        InlineMediaControls to MediaControls, and update the layout() logic in MacOSFullscreenMediaControls
        to display a placard.

        Test: media/modern-media-controls/placard-support/placard-support-airplay-fullscreen.html

        * Modules/modern-media-controls/controls/inline-media-controls.js:
        (InlineMediaControls):
        (InlineMediaControls.prototype.layout):
        (InlineMediaControls.prototype.get placard): Deleted.
        (InlineMediaControls.prototype.set placard): Deleted.
        * Modules/modern-media-controls/controls/macos-fullscreen-media-controls.js:
        (MacOSFullscreenMediaControls.prototype.layout):
        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.get placard):
        (MediaControls.prototype.set placard):
        (MediaControls.prototype.placardPreventsControlsBarDisplay):
        (MediaControls.prototype.layout):
        * Modules/modern-media-controls/media/placard-support.js:
        (PlacardSupport.prototype._updatePlacard):
        (PlacardSupport):

2017-06-16  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-16  Antoine Quint  <graouts@apple.com>

        Backdrop blur missing in media controls bar on Sierra
        https://bugs.webkit.org/show_bug.cgi?id=173451

        Reviewed by Simon Fraser.

        On Sierra, we need to enforce a stacking context on controls bars to guarantee that
        the backdrop filters on the BackgroundTint are applied correctly.

        Test: media/modern-media-controls/controls-bar/controls-bar-stacking-context.html

        * Modules/modern-media-controls/controls/controls-bar.css:
        (.controls-bar):

2017-06-16  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218375.

        The API test MediaStreamTrackDetached is still timing out
        after the patch

        Reverted changeset:

        "[WebRTC] Removing a MediaStreamTrack from a MediaStream
        reports no recording to WebKit clients"
        https://bugs.webkit.org/show_bug.cgi?id=173398
        http://trac.webkit.org/changeset/218375

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION: Media control glyphs appear to invert colors when video is dragged
        https://bugs.webkit.org/show_bug.cgi?id=173455
        rdar://problem/32726887

        Reviewed by Tim Horton.

        Masks on composited layers were not correctly painted in drag images, because RenderLayer::paintLayerContents()
        failed to pass the PaintBehaviorFlattenCompositingLayers flag down through the mask drawing code, causing
        RenderBox::paintMaskImages() to fall into the composited mask code path.

        Fix by making a local copy of PaintBehavior, and setting the PaintBehaviorFlattenCompositingLayers and PaintBehaviorSnapshotting
        bits on it as appropriate, and passing it into paintMaskForFragments() and paintChildClippingMaskForFragments(). This is similar
        to code above.

        Can't test drag images.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents):
        (WebCore::RenderLayer::paintMaskForFragments):
        (WebCore::RenderLayer::paintChildClippingMaskForFragments):
        * rendering/RenderLayer.h:

2017-06-16  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218376.

        The patch cause multiple Layout Test Crashes.

        Reverted changeset:

        "Web Inspector: Instrument 2D/WebGL canvas contexts in the
        backend"
        https://bugs.webkit.org/show_bug.cgi?id=172623
        http://trac.webkit.org/changeset/218376

2017-06-16  Daniel Bates  <dabates@apple.com>

        Use the term icon instead of favicon
        https://bugs.webkit.org/show_bug.cgi?id=173400

        Reviewed by Alex Christensen.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::cachedResourceContent):
        (WebCore::InspectorPageAgent::cachedResourceType):
        * loader/LinkLoader.cpp:
        (WebCore::createLinkPreloadResourceClient):
        * loader/ResourceLoadInfo.cpp:
        (WebCore::toResourceType):
        * loader/SubresourceLoader.cpp:
        (WebCore::logResourceLoaded):
        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::CachedRawResource):
        * loader/cache/CachedRawResource.h:
        (isType):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::defaultPriorityForResourceType):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::isMainOrMediaOrIconOrRawResource):
        (WebCore::CachedResource::ignoreForRequestCount):
        (WebCore::CachedResource::isMainOrMediaOrFaviconOrRawResource): Deleted.
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::createResource):
        (WebCore::CachedResourceLoader::requestIcon):
        (WebCore::contentTypeFromResourceType):
        (WebCore::CachedResourceLoader::checkInsecureContent):
        (WebCore::CachedResourceLoader::allowedByContentSecurityPolicy):
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):
        (WebCore::CachedResourceLoader::requestFavicon): Deleted.
        * loader/cache/CachedResourceLoader.h:
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading):

2017-06-16  Per Arne Vollan  <pvollan@apple.com>

        WebKit does not honor closed caption stroke width.
        https://bugs.webkit.org/show_bug.cgi?id=173402

        Reviewed by Eric Carlson.

        WebKit currently has an upper limit on the stroke width returned from MACaptionAppearanceCopyFontDescriptorWithStrokeForStyle.
        Since only half the stroke is visible because the stroke is drawn before the fill, double the stroke width from
        MediaAccessibility to get the correct visual stroke width. Also, the stroke width returned from this function should not be
        interpreted as CSS points, but as CSS pixels.

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::updateTextStrokeStyle):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::captionStrokeWidthForFont):

2017-06-16  Per Arne Vollan  <pvollan@apple.com>

        [Win] WebKit renders scrollbar wrong at 125% scale.
        https://bugs.webkit.org/show_bug.cgi?id=173363

        Reviewed by Darin Adler.

        Scrollbars are drawn with the GDI function DrawThemeBackground. Sometimes, the GDI clip
        rectangle will be too small since we clamp a FloatRect to integer values when setting the
        GDI clip rectangle.

        * platform/graphics/win/GraphicsContextWin.cpp:
        (WebCore::GraphicsContextPlatformPrivate::clip):

2017-06-15  Mark Lam  <mark.lam@apple.com>

        Add a JSRunLoopTimer registry in VM.
        https://bugs.webkit.org/show_bug.cgi?id=173429
        <rdar://problem/31287961>

        Reviewed by Filip Pizlo.

        No new tests needed because:
        1. it's already covered: it was also originally discovered by our API tests while
           running on the iOS simulator. The test was intermittently failing on a debug
           build.
        2. the issue is racy (it depends on a JSRunLoopTimer firing at the right time).
           Hence, it's non trivial to write a better test than the one we already have.

        * bindings/js/CommonVM.cpp:
        (WebCore::commonVMSlow):

2017-06-15  Antoine Quint  <graouts@apple.com>

        REGRESSION: AirPlay button is incorrectly highlighted in inline and fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=173446

        Reviewed by Dean Jackson.

        A button's color should be applied to its <picture> element, not the containing
        <button> element.

        * Modules/modern-media-controls/controls/airplay-button.css:
        (button.airplay.on > picture):
        (button.airplay.on): Deleted.

2017-06-15  Matt Baker  <mattbaker@apple.com>

        Web Inspector: Instrument 2D/WebGL canvas contexts in the backend
        https://bugs.webkit.org/show_bug.cgi?id=172623
        <rdar://problem/32415986>

        Reviewed by Devin Rousso.

        Test: inspector/canvas/create-canvas-contexts.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        Instrument creation of CSS canvases. This merely registers the canvas
        element with InspectorCanvasAgent and stores the name (identifier passed
        to getCSSCanvasContext) for later use. It isn't until the context is
        actually created that the frontend receives a notification.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::getContext2d):
        (WebCore::HTMLCanvasElement::getContextWebGL):
        Instrument creation of 2D and WebGL canvas contexts.

        * inspector/InspectorAllInOne.cpp:

        * inspector/InspectorCanvasAgent.cpp: Added.
        New backend agent for canvas inspection. Canvas creation and destruction
        are continuously monitored by the agent, regardless of the presence of
        a frontend. This is necessary since there is no way to retrieve the
        rendering contexts for with a given frame once they've been created.

        (WebCore::InspectorCanvasAgent::InspectorCanvasAgent):
        (WebCore::InspectorCanvasAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorCanvasAgent::discardAgent):
        Unregister canvas observers to prevent dangling agent pointer.
        (WebCore::InspectorCanvasAgent::enable):
        Dispatch events for existing canvases, now that the frontend exists.
        (WebCore::InspectorCanvasAgent::disable):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas):
        Register the name/identifier associated with the CSS canvas, so that it
        can be retrieved and associated with the rendering context later.

        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        Removes the canvas from the agent, and queues it for notifying the
        frontend during the next event loop.

        (WebCore::InspectorCanvasAgent::canvasDestroyedTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::getCanvasEntry):
        (WebCore::InspectorCanvasAgent::buildObjectForCanvas):
        * inspector/InspectorCanvasAgent.h: Added.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didCommitLoadImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        These instrumentation points should not fast return when no frontend
        is attached.

        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset):

        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::inspectorCanvasAgent):
        (WebCore::InstrumentingAgents::setInspectorCanvasAgent):
        Plumbing for the new agent.

2017-06-15  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        Use WTFLogAlways for debug logging so that it shows up in device system logs
        https://bugs.webkit.org/show_bug.cgi?id=173450

        Reviewed by Tim Horton.

        If you want to showRenderTree() on-device, the result doesn't show in system log so you can't see it
        Switch to WTFLogAlways to fix this, for all the debug logging in WebCore.
        
        Also WKError () -> WKError() in the old WAK code, to allow for easier searching pending cleanup.

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::~AudioContext):
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::~AudioNode):
        (WebCore::AudioNode::ref):
        (WebCore::AudioNode::finishDeref):
        (WebCore::AudioNode::printNodeCounts):
        * bridge/objc/objc_instance.mm:
        (ObjcInstance::invokeObjcMethod):
        * bridge/objc/objc_utility.mm:
        (JSC::Bindings::convertObjcValueToValue):
        * css/StyleProperties.cpp:
        (WebCore::StyleProperties::showStyle):
        * dom/DocumentMarkerController.cpp:
        (DocumentMarkerController::showMarkers):
        * dom/Node.cpp:
        (WebCore::Node::showNode):
        (WebCore::Node::showNodePathForThis):
        (WebCore::traverseTreeAndMark):
        * dom/Position.cpp:
        (WebCore::Position::debugPosition):
        (WebCore::Position::showAnchorTypeAndOffset):
        * dom/Range.cpp:
        (showTree):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::debugRenderer):
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::debugPosition):
        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::debugPosition):
        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::showTreeWithIndent):
        * html/parser/HTMLFormattingElementList.cpp:
        (WebCore::HTMLFormattingElementList::show):
        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::dumpMap):
        * page/scrolling/ScrollingStateTree.cpp:
        (showScrollingStateTree):
        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::frameSizeChangedProc):
        * platform/graphics/GraphicsLayer.cpp:
        (showGraphicsLayerTree):
        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::dump):
        * platform/ios/wak/WAKView.mm:
        (+[WAKView _wrapperForViewRef:]):
        (-[WAKView displayRect:]):
        (-[WAKView displayRectIgnoringOpacity:inContext:]):
        * platform/ios/wak/WKUtilities.c:
        (WKRelease):
        * platform/ios/wak/WKView.mm:
        (_WKViewSetViewContext):
        (WKViewGetBounds):
        (WKViewGetFrame):
        (_WKViewRecursivelyInvalidateGState):
        (WKViewSetFrameOrigin):
        (WKViewSetFrameSize):
        (WKViewGetWindow):
        (WKViewGetSubviews):
        (WKViewAddSubview):
        (WKViewRemoveFromSuperview):
        (WKViewFirstChild):
        (WKViewNextSibling):
        (WKViewTraverseNext):
        (WKViewGetVisibleRect):
        (WKViewConvertRectToSuperview):
        (WKViewConvertRectToBase):
        (WKViewConvertPointToSuperview):
        (WKViewConvertPointFromSuperview):
        (WKViewConvertPointToBase):
        (_WKViewGetAncestorViewsIncludingView):
        (WKViewConvertPointFromBase):
        (WKViewConvertRectFromSuperview):
        (WKViewConvertRectFromBase):
        (WKViewGetAutoresizingMask):
        (WKViewSetAutoresizingMask):
        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::dumpTextEncodingNameMap):
        * rendering/CounterNode.cpp:
        (WebCore::showTreeAndMark):
        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::showLineBox):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::showLineBox):
        * rendering/RenderCounter.cpp:
        (showCounterRendererTree):
        * rendering/RenderLayer.cpp:
        (WebCore::showLayerTree):
        * rendering/RenderObject.cpp:
        (WebCore::showRenderTreeLegend):
        (WebCore::RenderObject::showRegionsInformation):
        (WebCore::RenderObject::showRenderObject):
        (WebCore::printRenderTreeForLiveDocuments):
        (WebCore::printLayerTreeForLiveDocuments):
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::printPrefix):
        (WebCore::SimpleLineLayout::showLineLayoutForFlow):
        * rendering/svg/SVGResources.cpp:
        (WebCore::SVGResources::dump):
        * rendering/svg/SVGResourcesCycleSolver.cpp:
        (WebCore::SVGResourcesCycleSolver::resolveCycles):
        * rendering/svg/SVGTextLayoutAttributes.cpp:
        (WebCore::dumpSVGCharacterDataMapValue):
        (WebCore::SVGTextLayoutAttributes::dump):
        * rendering/svg/SVGTextLayoutEngine.cpp:
        (WebCore::dumpTextBoxes):
        (WebCore::SVGTextLayoutEngine::finishLayout):

2017-06-15  Myles C. Maxfield  <mmaxfield@apple.com>

        Removing stray whitespace after r218371
        https://bugs.webkit.org/show_bug.cgi?id=173043

        Unreviewed.

        No new tests because there is no behavior change.

        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::shouldIgnoreRotation):
        (WebCore::glyphDataForNonCJKCharacterWithGlyphOrientation):
        * platform/graphics/FontDescription.cpp:
        * platform/graphics/FontDescription.h:
        * platform/graphics/FontFamilySpecificationNull.h:
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::systemFontParameters):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:
        (WebCore::FontFamilySpecificationCoreText::fontRanges):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h:

2017-06-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Expand system-ui to include every item in the Core Text cascade list
        https://bugs.webkit.org/show_bug.cgi?id=173043
        <rdar://problem/21125708>

        Reviewed by Simon Fraser.

        The concept of the system font on Cocoa platforms represents the entire Core Text cascade list.
        However, previously, WebKit only represented system-ui by pulling out the first item in the Core
        Text cascade list. Instead, we should make all text rendered with "system-ui" match what the
        platform would natively render.

        Previously, we walked through the strings in the font-family property and looked them up one by
        one. However, now we want to abstract this idea of a font family to possibly hold a
        CTFontDescriptorRef instead of a string. This way, we expand a font-family list of ["fontA",
        "system-ui", "fontB"] to ["fontA", ... a bunch of CTFontDescriptorRefs ..., "FontB"]. We can
        then modify the consumer of this object to have two codepaths: the old string-based codepath,
        and a new, platform-specific codepath which simply embeds the CTFontDesriptorRefs inside a Font
        object.

        We don't want to simply pull out the family name from each item in the Core Text fallback list
        because that is a lossy translation. There is more information in these font descriptors which
        cannot be represented by CSS. Therefore, we must keep the descriptors alive and add the new
        codepath for them.

        We also don't want to run the CSS font matching algorithm on each member of the Core Text
        fallback list because it may yield different results from Core Text's font matching algorithm.
        Our goal is to draw text as closely as possible to the system APIs. If we ran it, we may find
        a font which is closer to the requested traits, but it would look out of place on the system.

        This new codepath is only enabled on macOS High Sierra and iOS 11, because enabling it on all
        operating systems would make fixing https://bugs.webkit.org/show_bug.cgi?id=173300 impossible.

        Tests: fast/text/system-font-fallback-emoji.html
               fast/text/system-font-fallback.html
               fast/text/system-font-zero-size.html

        * WebCore.xcodeproj/project.pbxproj:
        * page/MemoryRelease.cpp:
        (WebCore::releaseNoncriticalMemory):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::realizeNextFallback): The consumer of our new data type. Now uses WTF::visit().
        (WebCore::FontCascadeFonts::realizeFallbackRangesAt): Now that the number of items to test
        against the current character is larger than the number of strings in the font-family list,
        we need to update the existing code to use the correct value.
        * platform/graphics/FontDescription.cpp: Default implementation for non-Cocoa ports.
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount):
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/FontDescription.h: Our new data type is a Variant of AtomicString and a
        platform-specific class. Cocoa uses a class that holds a CTFontDescriptorRef and other ports
        use an empty non-constructable class.
        * platform/graphics/FontFamilySpecificationNull.h: Added. The empty non-constructable
        class.
        (WebCore::FontFamilySpecificationNull::fontRanges):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::fontCacheRegisteredFontsChangedNotificationCallback):
        (WebCore::FontCache::platformInit): Changing the system language will change the system font
        fallback list, so we need to listen to this notification. This also matters for
        FontCache::systemFallbackForCharacters(), so we should build off the same callback we are
        already using for font installation.
        (WebCore::invalidateFontCache):
        * platform/graphics/cocoa/FontDescriptionCocoa.cpp: Added. The platform-specific creation of
        our CTFontDescriptorRefs. We hold them cached in a SystemFontDatabase.
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::CoreTextCascadeListParameters):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::isHashTableDeletedValue):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::operator==):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParameters::hash):
        (WebCore::SystemFontDatabase::singleton):
        (WebCore::SystemFontDatabase::systemFontCascadeList):
        (WebCore::SystemFontDatabase::clear):
        (WebCore::SystemFontDatabase::SystemFontDatabase):
        (WebCore::SystemFontDatabase::applyWeightAndItalics):
        (WebCore::SystemFontDatabase::removeCascadeList):
        (WebCore::SystemFontDatabase::computeCascadeList):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::hash):
        (WebCore::SystemFontDatabase::CoreTextCascadeListParametersHash::equal):
        (WebCore::isSystemFontString):
        (WebCore::systemFontParameters):
        (WebCore::FontDescription::invalidateCaches):
        (WebCore::FontCascadeDescription::effectiveFamilyCount): We don't store the result of this
        because it would probably be a bad idea to increase the size of every single FontCascade just
        in case it might ask for the system font. Most fonts never mention system-ui. Because it's so
        rare, we can just recalculate the result of this as necessary. This shouldn't be slow because
        the results are cached.
        (WebCore::FontCascadeDescription::effectiveFamilyAt):
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp: Added.
        (WebCore::FontFamilySpecificationCoreText::fontRanges): Create a FontRanges from a
        CTFontDescriptorRef.
        * platform/graphics/cocoa/FontFamilySpecificationCoreText.h: Added.
        (WebCore::FontFamilySpecificationCoreText::FontFamilySpecificationCoreText):
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformFontWithFamilySpecialCase):

2017-06-15  David Kilzer  <ddkilzer@apple.com>

        Revert: [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        Revert r218347 and r218339 since we're going to take a different
        approach to investigating a crash on the WebThread.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/ios/CrashReporterSupportSoftLink.h: Remove.
        * platform/ios/CrashReporterSupportSoftLink.mm: Remove.
        * platform/ios/wak/WebCoreThread.mm:
        (WebThreadEnable):
        * platform/spi/ios/CrashReporterSupportSPI.h: Remove.

2017-06-15  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218365.

        The revision caused API timeouts on all builds.

        Reverted changeset:

        "[WebRTC] Removing a MediaStreamTrack from a MediaStream
        reports no recording to WebKit clients"
        https://bugs.webkit.org/show_bug.cgi?id=173398
        http://trac.webkit.org/changeset/218365

2017-06-15  Simon Fraser  <simon.fraser@apple.com>

        Allow use of Layout* TextStream operators in WebKit2
        https://bugs.webkit.org/show_bug.cgi?id=173440

        Reviewed by Zalan Bujtas.

        Export TextStream& operator<< for LayoutPoint, LayoutSize and LayoutRect so that
        WebKit2 can log them.

        Use #pragma once in these geometry headers.

        * platform/graphics/FloatPoint.h:
        * platform/graphics/FloatRect.h:
        * platform/graphics/FloatSize.h:
        * platform/graphics/IntPoint.h:
        * platform/graphics/IntRect.h:
        * platform/graphics/IntSize.h:
        * platform/graphics/LayoutPoint.h:
        * platform/graphics/LayoutRect.h:
        * platform/graphics/LayoutSize.h:

2017-06-15  Antoine Quint  <graouts@apple.com>

        Modern media controls tests error in Button.js
        https://bugs.webkit.org/show_bug.cgi?id=173439

        Reviewed by Dean Jackson.

        Tests would sometime yield an error when commit() would be called and the _imageSource
        ivar hadn't been set. To more safely commit the mask image when it's loaded, we now use
        a markDirtyProperty() call and a commitProperty() override to ensure that we cover the
        case where we want to commit the mask image, and for other commits not to have to worry
        about the mask image being defined.

        * Modules/modern-media-controls/controls/button.js:
        (Button.prototype.commitProperty):
        (Button.prototype._updateImage):
        (Button.prototype.commit): Deleted.

2017-06-15  Jer Noble  <jer.noble@apple.com>

        [WebRTC] Removing a MediaStreamTrack from a MediaStream reports no recording to WebKit clients
        https://bugs.webkit.org/show_bug.cgi?id=173398
        <rdar://problem/32592961>

        Reviewed by Eric Carlson.

        API Test: Tests/WebKit2/MediaStreamTrackDetached.mm

        Move the definition of a MediaStream as a MediaProducer from the stream itself to its constituent
        MediaStreamTracks. This ensures that, even if a MediaStreamTrack is removed from its stream, the
        document (and thus the clients) are notified that media capture is still occurring.

        Though MediaStream is no longer a MediaProducer, it still uses the MediaProducer's state concept
        to determine when to fire events. However it's mediaState() implementation will be moved into
        MediaStreamTrack, and will instead simply bitwise-or together each of it's track's mediaState().

        The MediaStream notifies the document that its state has changed asynchronously, so do the same
        for MediaStreamTrack (which reduces the number of calls to the client when changes all occur
        during a single run loop).

        Because the MediaStreamTrackPrivate may be started externally (not by the MediaStreamTrack directly),
        add a new client method that notifies observers when the track has been started, and the
        MediaStreamTrack will use this notification to update the document with it's new mediaState().

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::~MediaStream):
        (WebCore::MediaStream::mediaState):
        (WebCore::MediaStream::statusDidChange):
        (WebCore::MediaStream::characteristicsChanged):
        (WebCore::MediaStream::pageMutedStateDidChange): Deleted.
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::MediaStreamTrack):
        (WebCore::MediaStreamTrack::~MediaStreamTrack):
        (WebCore::MediaStreamTrack::pageMutedStateDidChange):
        (WebCore::MediaStreamTrack::mediaState):
        (WebCore::MediaStreamTrack::trackStarted):
        (WebCore::MediaStreamTrack::configureTrackRendering):
        (WebCore::MediaStreamTrack::stop):
        (WebCore::MediaStreamTrack::document):
        * Modules/mediastream/MediaStreamTrack.h:
        (WebCore::MediaStreamTrack::source):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::trackStarted):
        * platform/mediastream/MediaStreamPrivate.h:
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::sourceStarted):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::start):
        * platform/mediastream/RealtimeMediaSource.h:

2017-06-15  Jonathan Bedard  <jbedard@apple.com>

        Unreviewed build fix after r218336

        * platform/spi/cocoa/PassKitSPI.h: Add missing #ifdefs for Internal builds.

2017-06-15  Antoine Quint  <graouts@apple.com>

        Ensure we only log changes to the ScriptedAnimationController suspended state in debug builds
        https://bugs.webkit.org/show_bug.cgi?id=173423

        Reviewed by Tim Horton.

        We added logging for when the suspended state of the scripted animation controller would change in
        webkit.org/b/173326. It was meant to only be enabled in debug builds and we actually did the wrong
        thing and enabled it in non-debug builds.

        We also added a setting that wasn't used and that we are removing here.

        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::logSuspendCount):
        * page/Settings.in:
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::resetToConsistentState):
        (WebCore::InternalSettings::shouldLogScritedAnimationControllerSuspensionChange): Deleted.
        (WebCore::InternalSettings::setShouldLogScritedAnimationControllerSuspensionChange): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2017-06-15  David Kilzer  <ddkilzer@apple.com>

        Build fix: [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        * platform/ios/CrashReporterSupportSoftLink.h:
        * platform/ios/CrashReporterSupportSoftLink.mm:
        * platform/ios/wak/WebCoreThread.mm:
        (WebThreadEnable): Log to the console on iOS Simulator.
        * platform/spi/ios/CrashReporterSupportSPI.h:
        - CrashReporterSupport.h is not available on iOS Simulator, so
          restrict to iOS hardware only.

2017-06-15  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r218318.

        Seems to have caused an 11% PLT regression. Rolling out to
        confirm.

        Reverted changeset:

        "Don't always recalc the style of display: contents elements."
        https://bugs.webkit.org/show_bug.cgi?id=172753
        http://trac.webkit.org/changeset/218318

2017-06-15  Wenson Hsieh  <wenson_hsieh@apple.com>

        Using -[WebItemProviderPasteboard setItemProviders:] to swap out item providers before a drop breaks item provider loading
        https://bugs.webkit.org/show_bug.cgi?id=173338
        <rdar://problem/32777720>

        Reviewed by Tim Horton.

        Currently, replacing the list of UIItemProviders right before a drop is handled results in
        WebItemProviderPasteboard failing to load non-"public.content"-conformant items. This is because DragController
        computes and sends to the UI process a list of UTIs to load (preferredTypeIdentifiers: one type identifier for
        each item provider in WebItemProviderPasteboard). However, if the list of item providers changes immediately
        before a drop is performed, WebItemProviderPasteboard will get into an inconsistent state where it has a
        different number of preferred type identifiers to load than available item providers. This causes
        WebItemProviderPasteboard to fail when choosing what type identifiers to load from each item provider.

        To fix this, we instead have the web process propagate a list of supported type identifiers to the UI process,
        which is a property of only the drop destination rather than both the destination and item providers. When
        performing a drop, we then use the current item providers on WebItemProviderPasteboard to consult this list of
        supported type identifiers to resolve our list of preferred type identifiers to load.

        Globally renames updatePreferredTypeIdentifiers to updateSupportedTypeIdentifiers.

        Tests:
        DataInteractionTests.ExternalSourceOverrideDropFileUpload
        DataInteractionTests.ExternalSourceOverrideDropInsertURL

        * page/DragController.cpp:
        (WebCore::DragController::dragEnteredOrUpdated):
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        (WebCore::DragController::updatePreferredTypeIdentifiersForDragHandlingMethod): Deleted.
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod):
        (WebCore::DragController::updatePreferredTypeIdentifiersForDragHandlingMethod): Deleted.
        * platform/DragData.h:
        * platform/PasteboardStrategy.h:
        * platform/PlatformPasteboard.h:
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::updateSupportedTypeIdentifiers):
        (WebCore::PlatformPasteboard::updatePreferredTypeIdentifiers): Deleted.
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderPasteboard init]):
        (-[WebItemProviderPasteboard updateSupportedTypeIdentifiers:]):
        (-[WebItemProviderPasteboard setItemProviders:]):
        (-[WebItemProviderPasteboard typeIsAppropriateForSupportedTypes:]):
        (-[WebItemProviderPasteboard typeIdentifierToLoadForRegisteredTypeIdentfiers:]):

        Add logic to resolve preferred type identifiers from an item providers list of registered type identifiers.
        This formerly existed on DragData.

        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
        (-[WebItemProviderPasteboard updatePreferredTypeIdentifiers:]): Deleted.
        * platform/mac/DragDataMac.mm:

        Remove preferred type identifier resolution logic from DragData.

        (WebCore::typeIsAppropriateForSupportedTypes): Deleted.
        (WebCore::DragData::updatePreferredTypeIdentifiers): Deleted.

2017-06-15  Sam Weinig  <sam@webkit.org>

        [WebIDL] Replace general inclusion of JSDOMConvert.h with inclusion of individual converter files to reduce unnecessary inclusion
        https://bugs.webkit.org/show_bug.cgi?id=173392

        Reviewed by Tim Horton.

        Stop including the umbrella header JSDOMConvert.h in every generated bindings and 
        instead only include the specific converter needed. Then, go around and add all the
        now missing includes that used to be obtained transitively.

        * Modules/indexeddb/IDBRequest.cpp:
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        * Modules/plugins/QuickTimePluginReplacement.mm:
        * bindings/js/IDBBindingUtilities.cpp:
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        * bindings/js/JSCustomElementInterface.cpp:
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        * bindings/js/JSDOMConvertBase.h:
        * bindings/js/JSDOMConvertInterface.h:
        * bindings/js/JSDOMConvertRecord.h:
        * bindings/js/JSDOMConvertSequences.h:
        * bindings/js/JSDOMConvertUnion.h:
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        * bindings/js/JSDOMWindowProperties.cpp:
        * bindings/js/JSDocumentCustom.cpp:
        * bindings/js/JSErrorHandler.cpp:
        * bindings/js/JSEventListener.cpp:
        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        * bindings/js/JSHTMLDocumentCustom.cpp:
        * bindings/js/JSHistoryCustom.cpp:
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::JSMessageEvent::data):
        * bindings/js/JSMockContentFilterSettingsCustom.cpp:
        * bindings/js/JSMutationCallback.cpp:
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::retrieveResponse):
        * bindings/js/ScriptGlobalObject.cpp:
        * bindings/js/SerializedScriptValue.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        (AddToIncludesForIDLType):
        (GetJSCAttributesForAttribute):
        (GenerateEnumerationHeader):
        (GenerateEnumerationImplementation):
        (GenerateEnumerationImplementationContent):
        (GenerateEnumerationsImplementationContent):
        (GenerateEnumerationHeaderContent):
        (GenerateEnumerationsHeaderContent):
        (GenerateDictionaryHeaderContent):
        (GenerateDictionariesHeaderContent):
        (GenerateDictionaryImplementationContent):
        (GenerateDictionariesImplementationContent):
        (GenerateHeader):
        (GeneratePropertiesHashTable):
        (GenerateOverloadDispatcher):
        (GenerateImplementation):
        (GenerateAttributeGetterDefinition):
        (GenerateSerializerDefinition):
        (GenerateDictionaryHeader):
        (JSValueToNative):
        (NativeToJSValueUsingReferences):
        (NativeToJSValueUsingPointers):
        (IsValidContextForNativeToJSValue):
        (NativeToJSValue):
        (GenerateConstructorDefinition):
        (ComputeFunctionSpecial):
        * bindings/scripts/test/JS/JSMapLike.cpp:
        * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunction.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:
        * bindings/scripts/test/JS/JSTestCallbackFunctionWithTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
        * bindings/scripts/test/JS/JSTestCallbackInterface.h:
        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.h:
        * bindings/scripts/test/JS/JSTestSerialization.cpp:
        * bindings/scripts/test/JS/JSTestSerialization.h:
        * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
        * bindings/scripts/test/JS/JSTestSerializationInherit.h:
        * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
        * bindings/scripts/test/JS/JSTestSerializationInheritFinal.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
        * bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
        * bindings/scripts/test/JS/JSTestStandaloneEnumeration.h:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSTestVoidCallbackFunction.cpp:
        * dom/MouseEvent.cpp:
        * html/HTMLPlugInImageElement.cpp:

2017-06-14  David Kilzer  <ddkilzer@apple.com>

        [iOS] Generate a simulated crash when the WebThread starts in MobileSafari
        <https://webkit.org/b/173386>
        <rdar://problem/32776426>

        Reviewed by Andy Estes.

        * WebCore.xcodeproj/project.pbxproj: Add new files to project.
        * platform/ios/CrashReporterSupportSoftLink.h: Add.  The using
        statement is so that we don't have to write
        WebCore::SimulateCrash() in WebCoreThread.mm since it's
        functions are not defined inside a WebCore namespace.  I also
        kept the 'pid' argument despite the style checker warning
        because it matches the internal method definition.
        * platform/ios/CrashReporterSupportSoftLink.mm: Add.
        * platform/ios/wak/WebCoreThread.mm: Sort headers.  Soft link to
        CrashReporterSupport.framework.
        (WebThreadEnable): Generate a simulated crash log if the
        WebThread ever starts in MobileSafari.
        * platform/spi/ios/CrashReporterSupportSPI.h: Add.  The header
        isn't safe to include in C++ source, so wrap the import in
        extern "C" macros.

2017-06-15  Jonathan Bedard  <jbedard@apple.com>

        Build WebKit with High Sierra (Seed 1)
        https://bugs.webkit.org/show_bug.cgi?id=173371

        Reviewed by Andy Estes.

        * crypto/CommonCryptoUtilities.h: Added ccRSAPSSPadding to CCAsymmetricPading enum.
        * platform/spi/cocoa/AVKitSPI.h: Declare AVKit SPI used by WebKit in High Sierra.
        (-[AVTouchBarPlaybackControlsControlling NS_ENUM]): Added AVTouchBarMediaSelectionOptionType
        SPI used in WebPlaybackControlManager in High Sierra.
        * platform/spi/cocoa/PassKitSPI.h: Declare PassKit SPI used by WebKit in High Sierra.
        (NS_ERROR_ENUM): Added PKPaymentErrorCode used in WebPayment in High Sierra.

2017-06-15  Youenn Fablet  <youenn@apple.com>

        RTCPeerConnection returns RTCSessionDescription where RTCSessionDescriptionInit would be appropriate
        https://bugs.webkit.org/show_bug.cgi?id=173118
        <rdar://problem/32746761>

        Reviewed by Eric Carlson.

        Test: webrtc/createOfferAnswer.html

        Making the promise return a RTCSessionDescription::Init instead of a RTCSessionDescription.
        This aligns with the spec and is more optimal.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::createOfferSucceeded):
        (WebCore::PeerConnectionBackend::createAnswerSucceeded):
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCSessionDescription.idl:

2017-06-15 Emilio Cobos Álvarez  <ecobos@igalia.com>

        Don't always recalc the style of display: contents elements.
        https://bugs.webkit.org/show_bug.cgi?id=172753

        Reviewed by Antti Koivisto.

        No new tests (no functionality change). This only removes an
        inefficiency.

        * dom/Element.cpp:
        (WebCore::Element::existingComputedStyle):
        * dom/Element.h:
        * style/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::updateRenderTree):
        (WebCore::RenderTreeUpdater::updateElementRenderer):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::resolveElement):
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
        (WebCore::Style::shouldResolveElement):
        (WebCore::Style::TreeResolver::resolveComposedTree):

2017-06-14  Antoine Quint  <graouts@apple.com>

        Rebaseline media/modern-media-controls/media-documents
        https://bugs.webkit.org/show_bug.cgi?id=173394

        Reviewed by Dean Jackson.

        We found two issues related to media documents while rebaselining the dedicated tests.

        First, we needed to expose the --inline-controls-bar-height CSS variable to <video>
        elements in media documents that are actually showing an audio UI. Previously we would
        only expose the variable to <audio> elements.

        Also, due to webkit.org/b/173387, we would fail to identify certain media documents as
        video because the videoTracks weren't set yet when the "loadedmetadata" event would be
        triggered. So now we also look at the videoWidth and videoHeight properties, which should
        provide accurate information in the "loadedmetadata" event handler.

        * Modules/modern-media-controls/controls/media-controls.css:
        (:host(audio), :host(video.media-document.audio), *):
        (:host(audio), *): Deleted.
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.get isAudio):

2017-06-14  Zalan Bujtas  <zalan@apple.com>

        animations-paused-in-background-page.html and animated-svg-image-removed-from-document-paused.html fail after r218284
        https://bugs.webkit.org/show_bug.cgi?id=173393

        Reviewed by Simon Fraser.

        Testing cares really about whether the animation has initiated.  

        * platform/graphics/Image.h:
        (WebCore::Image::animationPending):
        * testing/Internals.cpp:
        (WebCore::Internals::isImageAnimating):

2017-06-14  Dean Jackson  <dino@apple.com>

        Restrict filtered painting across cross-origin boundaries with transforms
        https://bugs.webkit.org/show_bug.cgi?id=173388
        <rdar://problem/27362159>

        Reviewed by Simon Fraser.

        Make sure all cases of LayerPaintingInfo maintain the security
        flag. In this case there was only one new place, and since
        everything is scalar, there was no need for a real copy constructor.

        Test: http/tests/css/filters-on-iframes-transform.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform): Make sure the cross
        origin flag is used in the call to paint the layer children.
        * rendering/RenderLayer.h: Fix some typos.

2017-06-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r218285.
        https://bugs.webkit.org/show_bug.cgi?id=173391

        API test fails on iOS (Requested by alexchristensen on
        #webkit).

        Reverted changeset:

        "Add SPI for immediate injection of user scripts"
        https://bugs.webkit.org/show_bug.cgi?id=173342
        http://trac.webkit.org/changeset/218285

2017-06-14  Jer Noble  <jer.noble@apple.com>

        Video flashes black when switching back to a tab https://www.apple.com/homepod/
        https://bugs.webkit.org/show_bug.cgi?id=173377

        Reviewed by Eric Carlson.

        Previously, we had set the background color of the video layer to black in order to make the rect
        occupied by the HTMLMediaElement fully opaque. This worked around a graphics corruption bug. Since
        then, the code in RenderVideo::foregroundIsKnownToBeOpaqueInRect(...) has been fixed to fully account
        for whether the HTMLMediaElement has a valid frame to display, making the black layer background
        unnecessary.

        Remove all the instances where we were setting the background color of the video layer to black.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:
        (WebCore::VideoFullscreenLayerManager::setVideoLayer):
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer):

2017-06-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218161.

        Introduced bot API test failures and Layout Test Failures.

        Reverted changeset:

        "[Cocoa] Expand system-ui to include every item in the Core
        Text cascade list"
        https://bugs.webkit.org/show_bug.cgi?id=173043
        http://trac.webkit.org/changeset/218161

2017-06-14  Alex Christensen  <achristensen@webkit.org>

        Add SPI for immediate injection of user scripts
        https://bugs.webkit.org/show_bug.cgi?id=173342
        <rdar://problem/29202285>

        Reviewed by Brady Eidson.

        The new SPI is WKUserContentController._addUserScriptImmediately.
        It is covered by new API tests.

        * page/Frame.cpp:
        (WebCore::Frame::injectUserScripts):
        (WebCore::Frame::injectUserScriptImmediately):
        Move injection functionality to allow us to call it directly from the new SPI.
        * page/Frame.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):
        * page/Page.h:

2017-06-14  Zalan Bujtas  <zalan@apple.com>

        Crash in WebCore::RenderStyle::colorIncludingFallback.
        https://bugs.webkit.org/show_bug.cgi?id=173347
        <rdar://problem/32675317>

        Reviewed by Chris Dumez.

        Starting an SVG image animation synchronously might trigger recursive style recalc.
        We should kick off the animation on a zero timer to reduce callstack complexity. 

        Test: svg/as-image/svg-css-animation.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::didAddClient):
        * platform/graphics/Image.cpp:
        (WebCore::Image::Image):
        (WebCore::Image::startAnimationAsynchronously):
        * platform/graphics/Image.h:

2017-06-14  Brady Eidson  <beidson@apple.com>

        WKIconLoadingDelegate never gets asked about the default favicon if touch/touch-precomposed icons are in the <head>
        <rdar://problem/32614328> and https://bugs.webkit.org/show_bug.cgi?id=173376

        Reviewed by Alex Christensen.

        Covered by new API test

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startIconLoading): Previously we applied the default favicon if the set of LinkIcons was empty.
          Now, apply the default favicon if the set of LinkIcons contains no explicit favicon.

2017-06-14  Jer Noble  <jer.noble@apple.com>

        Flaky Test: media/media-source/media-source-unnecessary-seek-seeked.html
        https://bugs.webkit.org/show_bug.cgi?id=173344

        Reviewed by Eric Carlson.

        Separate the concept of "the page has asked us to seek" from "we have asked the
        media player to seek". When the media engine tells us its ready state has changed
        after the page has requested a seek, but before the media element has asked its
        player to perform the seek, we were previously firing a seeked event. Now we'll
        check this new ivar and see that we aren't expecting a seek to finish yet.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::setReadyState):
        (WebCore::HTMLMediaElement::finishSeek):
        (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
        * html/HTMLMediaElement.h:

2017-06-14  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r218157.

        This patch caused multiple API failures on iOS Simulator.

        Reverted changeset:

        "@font-face rules with invalid primary fonts never download
        their secondary fonts"
        https://bugs.webkit.org/show_bug.cgi?id=173138
        http://trac.webkit.org/changeset/218157

2017-06-14  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r217997): mint.com header renders incorrectly when initially loaded
        https://bugs.webkit.org/show_bug.cgi?id=173302
        <rdar://problem/32731747>

        Reviewed by Darin Adler.

        r217997 updated ImplicitAnimation::reset() to not call updateStateMachine(AnimationStateInput::RestartAnimation)
        if the compositeAnimation is suspended. If the compositeAnimation is suspended, we would call
        updateStateMachine(AnimationStateInput::An