ChangeLog   [plain text]


2018-02-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r229086. rdar://problem/37991818

    2018-02-27  Youenn Fablet  <youenn@apple.com>

            Do not trigger a service worker match in case of document redirection if it will be already served by AppCache
            https://bugs.webkit.org/show_bug.cgi?id=183185
            <rdar://problem/37693796>

            Reviewed by Chris Dumez.

            Disabling service worker matching in case there is a substitute data.
            Otherwise there is a risk for a double load, substitute data first and the new load
            triggered if matching a new registration.
            A future fix should first do service worker registration matching and if there is no registration query appcache.

            Test: http/tests/appcache/main-resource-redirect-with-sw.html

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::redirectReceived):

2018-02-28  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r229028. rdar://problem/37947990

    2018-02-26  Youenn Fablet  <youenn@apple.com>

            MessagePort is not always destroyed in the right thread
            https://bugs.webkit.org/show_bug.cgi?id=183053

            Reviewed by Chris Dumez.

            Make existingMessagePortForIdentifier take a lambda so that we hold the lock until there
            is no longer a need to keep the MessagePort around.
            This is very time sensitive and does not happen a lot when running WPT tests.

            Update existing call sites to pass a lambda.

            * dom/MessagePort.cpp:
            (WebCore::MessagePort::existingMessagePortForIdentifier):
            * dom/MessagePort.h:
            * dom/messageports/MessagePortChannelProviderImpl.cpp:
            (WebCore::MessagePortChannelProviderImpl::postMessageToRemote):
            (WebCore::MessagePortChannelProviderImpl::checkProcessLocalPortForActivity):

2018-02-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r229027. rdar://problem/37909130

    2018-02-26  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r226745.
            https://bugs.webkit.org/show_bug.cgi?id=183132

            This is breaking some websites (Requested by youenn on
            #webkit).

            Reverted changeset:

            "Use no-cache fetch mode when loading main documents with
            location.reload()"
            https://bugs.webkit.org/show_bug.cgi?id=181285
            https://trac.webkit.org/changeset/226745

2018-02-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228978. rdar://problem/37909154

    2018-02-25  Chris Dumez  <cdumez@apple.com>

            Service workers do not work well inside Web.app
            https://bugs.webkit.org/show_bug.cgi?id=183105
            <rdar://problem/37864140>

            Reviewed by Youenn Fablet.

            SessionID::defaultSessionID() was hardcoded in the ServiceWorkerThread constructor
            instead of using the sessionID of the SWServer that created the service worker thread.
            As a result, when the Service Worker would establish a SWClientConnection to the
            server, it would use the wrong sessionID and would end up using a different SWServer
            (Since we have a different SWServer instance per sessionID). As a result,
            ServiceWorkerRegistration / ServiceWorker objects inside the service worker would not
            be kept in sync with the server (since they registered themselves with the wrong
            SWServer).

            Covered by new API test.

            * workers/service/ServiceWorkerContextData.cpp:
            (WebCore::ServiceWorkerContextData::isolatedCopy const):
            * workers/service/ServiceWorkerContextData.h:
            (WebCore::ServiceWorkerContextData::encode const):
            (WebCore::ServiceWorkerContextData::decode):
            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::ServiceWorkerThread::ServiceWorkerThread):
            * workers/service/context/ServiceWorkerThreadProxy.cpp:
            (WebCore::createPageForServiceWorker):
            (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
            * workers/service/server/RegistrationDatabase.cpp:
            (WebCore::RegistrationDatabase::importRecords):
            * workers/service/server/RegistrationStore.h:
            (WebCore::RegistrationStore::server):
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::updateWorker):
            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::contextData const):

2018-02-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228972. rdar://problem/37909121

    2018-02-23  Chris Dumez  <cdumez@apple.com>

            Crash under SchemeRegistry::shouldTreatURLSchemeAsLocal(WTF::String const&)
            https://bugs.webkit.org/show_bug.cgi?id=183066
            <rdar://problem/37804111>

            Reviewed by Ryosuke Niwa.

            SecurityOrigin objects are constructed on various threads. However, someone added a
            shouldTreatAsPotentiallyTrustworthy() call to the SecurityOrigin constructor which
            was not thread safe. This is because this function relies on SchemeRegistry::shouldTreatURLSchemeAsSecure()
            and SchemeRegistry::shouldTreatURLSchemeAsLocal() which were relying on global static HashMaps without
            locks.

            Update SecurityOrigin to initialize m_isPotentiallyTrustworthy lazily, to avoid paying
            initialization cost in the constructor. This is only queries by SecurityContext::isSecureContext().

            Make SchemeRegistry::shouldTreatURLSchemeAsLocal() and SchemeRegistry::shouldTreatURLSchemeAsSecure()
            thread-safe, since they are needed to initialize SecurityOrigin::m_isPotentiallyTrustworthy from
            various threads.

            SchemeRegistry::shouldTreatURLSchemeAsSecure() is only called from SecurityOrigin (which requires
            thread-safety), and getUserMedia() which is not hot code so the extra locking there should not
            be an issue.

            SchemeRegistry::shouldTreatURLSchemeAsLocal() is called from SecurityOrigin (which requires thread-
            safety). It is also called from isQuickLookPreviewURL(), MHTMLArchive::create(), Page::userStyleSheetLocationChanged(),
            isRemoteWebArchive() and HTMLPlugInImageElement. All these are not hot code so I do not think
            we need a fast path.

            * page/SecurityOrigin.cpp:
            (WebCore::isLoopbackIPAddress):
            (WebCore::shouldTreatAsPotentiallyTrustworthy):
            (WebCore::SecurityOrigin::isPotentiallyTrustworthy const):
            (WebCore::SecurityOrigin::isLocalHostOrLoopbackIPAddress):
            * page/SecurityOrigin.h:
            * platform/SchemeRegistry.cpp:
            (WebCore::localURLSchemesLock):
            (WebCore::localURLSchemes):
            (WebCore::secureSchemesLock):
            (WebCore::secureSchemes):
            (WebCore::SchemeRegistry::registerURLSchemeAsLocal):
            (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal):
            (WebCore::SchemeRegistry::shouldTreatURLSchemeAsLocal):
            (WebCore::SchemeRegistry::registerURLSchemeAsSecure):
            (WebCore::SchemeRegistry::shouldTreatURLSchemeAsSecure):
            * platform/SchemeRegistry.h:

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/37836719

    2018-02-23  Chris Dumez  <cdumez@apple.com>

            Add release asserts for service worker fetch and postMessage events
            https://bugs.webkit.org/show_bug.cgi?id=183025
            <rdar://problem/37765052>

            Reviewed by Chris Dumez.

            Moving from release assert to early exit with release logging.

            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
            * workers/service/context/ServiceWorkerThreadProxy.h:

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228919. rdar://problem/37836719

    2018-02-22  Youenn Fablet  <youenn@apple.com>

            Add release asserts for service worker fetch and postMessage events
            https://bugs.webkit.org/show_bug.cgi?id=183025
            rdar://problem/37765052

            Reviewed by Daniel Bates.

            Add release assertion so that a service worker will only dispatch a message event
            for clients and service workers with the same origin.
            No change of behavior.

            * platform/network/ResourceRequestBase.h:
            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
            * workers/service/context/ServiceWorkerThreadProxy.h:

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228947. rdar://problem/37833040

    2018-02-22  Antoine Quint  <graouts@apple.com>

            REGRESSION (r228445): A big pause button shows over YouTube videos if you tap "Tap To Unmute" on iOS
            https://bugs.webkit.org/show_bug.cgi?id=183074
            <rdar://problem/37747028>

            Reviewed by Eric Carlson.

            Test: media/modern-media-controls/start-support/start-support-disable-controls-and-re-enable-post-play.html

            In the fix for webkit.org/b/182668, we made it so that when the "controls" attribute is absent from a media
            element we stop listening to the bulk of media events and prevent controls from updating any DOM properties
            so as to minimize the amount of CPU usage by the Web process.

            An unfortunate side effect was that, if the media controls were disabled at the time the video starts playing,
            the StartSupport class would thus not catch the "play" event and would not be able to set the "hasPlayed"
            property to "true" on the MediaController, which would then prevent the _shouldShowStartButton() from returning
            "false". As a result, if the "controls" attribute was turned back on after the media started playing, they
            would default to showing the start button, which would be then in the play state, ie. showing the pause icon.

            We now set the "hasPlayed" property in the "play" event handler on MediaController, which is always registered
            regardless of the "controls" attribute setting. We also ensure we invalidate the "showStartButton" property on
            the media controls when StartSupport is enabled, which is the case when the "controls" attribute is toggled back
            to "true" from a previous "false" value.

            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController.prototype.handleEvent):
            * Modules/modern-media-controls/media/start-support.js:
            (StartSupport):
            (StartSupport.prototype.enable):
            (StartSupport.prototype.handleEvent):
            (StartSupport.prototype._updateShowsStartButton):

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228934. rdar://problem/37816677

    2018-02-22  Chris Dumez  <cdumez@apple.com>

            ResourceRequestBase::isolatedCopy() fails to isolate copy the cachePartition
            https://bugs.webkit.org/show_bug.cgi?id=183059
            <rdar://problem/37800202>

            Reviewed by Youenn Fablet.

            Update ResourceRequestBase::setAsIsolatedCopy() to call isolatedCopy() on the cachePartition as well,
            given that it is a String and it would not be safe to send it to another thread otherwise.

            * platform/network/ResourceRequestBase.cpp:
            (WebCore::ResourceRequestBase::setAsIsolatedCopy):

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228931. rdar://problem/37816658

    2018-02-22  Chris Dumez  <cdumez@apple.com>

            ServiceWorkerContainer::startScriptFetchForJob() fails to isolate copy the registrationKey before passing it to the main thread
            https://bugs.webkit.org/show_bug.cgi?id=183050
            <rdar://problem/37796881>

            Reviewed by Youenn Fablet.

            Create an isolated copy of the registrationKey before passing it to the main thread in ServiceWorkerContainer's
            startScriptFetchForJob() / jobFinishedLoadingScript() / jobFailedLoadingScript().

            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
            (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
            (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):

2018-02-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228928. rdar://problem/37816673

    2018-02-22  Chris Dumez  <cdumez@apple.com>

            ServiceWorkerContainer::scheduleJob() fails to isolate copy the jobData before passing it to the main thread
            https://bugs.webkit.org/show_bug.cgi?id=183046
            <rdar://problem/37793395>

            Reviewed by Youenn Fablet.

            Make sure we isolate copy the jobData before passing it to the main thread in ServiceWorkerContainer::scheduleJob().
            The jobData contains Strings / URLs so it is not safe to have non-isolated copies of it on various threads.

            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::scheduleJob):

2018-02-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228895. rdar://problem/37767705

    2018-02-21  Youenn Fablet  <youenn@apple.com>

            ServiceWorkerJob::m_lastResponse is unneeded
            https://bugs.webkit.org/show_bug.cgi?id=183013

            Reviewed by Chris Dumez.

            Remove this field since not used anywhere.

            * workers/service/ServiceWorkerJob.cpp:
            (WebCore::ServiceWorkerJob::didReceiveResponse):
            * workers/service/ServiceWorkerJob.h:

2018-02-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228903. rdar://problem/37765339

    2018-02-21  Chris Dumez  <cdumez@apple.com>

            Regression(r228708): Crash under WebCore::MediaResource::responseReceived(WebCore::CachedResource&, WebCore::ResourceResponse const&)
            https://bugs.webkit.org/show_bug.cgi?id=183018
            <rdar://problem/37754154>

            Reviewed by Eric Carlson.

            The fix at r228708 was trying to address the fact that avplayer sometimes
            deallocates WebCoreNSURLSessionDataTask objects on a non-main thread, which
            was not safe because its _resource data member needs to be deallocated on
            the main thread.

            The issue is that r228708 caused _resource to outlive its WebCoreNSURLSessionDataTask.
            This is an issue because _resource has a client data member (of type WebCoreNSURLSessionDataTaskClient)
            which has a raw pointer to the WebCoreNSURLSessionDataTask. This means that the main thread could
            call methods like responseReceived() on the resource, which would call responseReceived() on the
            client, which would try to call [WebCoreNSURLSessionDataTask receivedResponse:] with an invalid
            m_task pointer.

            To address the issue, I introduced a clearTask() method on WebCoreNSURLSessionDataTaskClient, which
            gets called from a non-main thread to clear the client's m_task pointer when the task is destroyed
            on a non-main thread. So that this is safe, every time the client tries to use m_task, we now
            acquire a lock for thread-safety and do a null-check on m_task.

            No new tests, no known reproduction case.

            * platform/graphics/PlatformMediaResourceLoader.h:
            (WebCore::PlatformMediaResource::client):
            * platform/network/cocoa/WebCoreNSURLSession.mm:
            (WebCore::WebCoreNSURLSessionDataTaskClient::clearTask):
            (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent):
            (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived):
            (WebCore::WebCoreNSURLSessionDataTaskClient::shouldCacheResponse):
            (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived):
            (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived):
            (WebCore::WebCoreNSURLSessionDataTaskClient::accessControlCheckFailed):
            (WebCore::WebCoreNSURLSessionDataTaskClient::loadFailed):
            (WebCore::WebCoreNSURLSessionDataTaskClient::loadFinished):
            (-[WebCoreNSURLSessionDataTask dealloc]):

2018-02-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228851. rdar://problem/37734494

    2018-02-20  Chris Dumez  <cdumez@apple.com>

            Crash under JSC::JSCell::toNumber(JSC::ExecState*)
            https://bugs.webkit.org/show_bug.cgi?id=182984
            <rdar://problem/37694346>

            Reviewed by Mark Lam.

            The issue was caused by DOMMatrix attributes potentially returning "impure"
            NaN values. We would call JSC::jsNumber(double) to construct the JSValue
            but this is only safe for pure NaN values. Make sure we purify the double
            returned by the implementation for IDL attributes of type 'unrestricted double'
            before calling JSC::jsNumber(double).

            No new tests, extended existing test.

            * bindings/js/JSDOMConvertNumbers.h:
            (WebCore::JSConverter<IDLUnrestrictedDouble>::convert):
            * testing/TypeConversions.h:
            (WebCore::TypeConversions::testImpureNaNUnrestrictedDouble const):
            (WebCore::TypeConversions::testImpureNaN2UnrestrictedDouble const):
            (WebCore::TypeConversions::testQuietNaNUnrestrictedDouble const):
            * testing/TypeConversions.idl:

2018-02-21  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228857. rdar://problem/37734496

    2018-02-20  Nan Wang  <n_wang@apple.com>

            AX: Keyboard focus not following VoiceOver cursor into web content or within web content.
            https://bugs.webkit.org/show_bug.cgi?id=182752
            <rdar://problem/37518233>

            Reviewed by Ryosuke Niwa.

            Call the assistive technology specific method for becoming first responder.

            Test: accessibility/mac/accessibility-make-first-responder.html

            * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
            (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]):
            * page/ChromeClient.h:

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228714. rdar://problem/37714031

    2018-02-19  Tim Horton  <timothy_horton@apple.com>

            REGRESSION (r219342): Touch event coordinates and elementFromPoint coordinates differ
            https://bugs.webkit.org/show_bug.cgi?id=182910
            <rdar://problem/37533950>

            Reviewed by Simon Fraser.

            We reverted other changes to the definition of client coordinates
            in r219829 due to compatibility concerns. However, we failed to revert
            r219342 on trunk, leaving elementFromPoint() using coordinates relative
            to the layout viewport.

            Add a currently off-by-default setting to switch on layout-viewport-relative
            client coordinates and guard the elementFromPoint changes behind it.
            A future patch should roll r219829 back in also behind this setting, so
            that everything remains consistent regardless of which coordinate space we choose.

            * dom/TreeScope.cpp:
            (WebCore::absolutePointIfNotClipped):
            * page/Settings.yaml:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::hitTest):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228601. rdar://problem/37697671

    2018-02-20  Jason Marcell  <jmarcell@apple.com>

            Cherry-pick r228825. rdar://problem/37714030

        2018-02-20  Wenson Hsieh  <wenson_hsieh@apple.com>

                [iOS 11.3 Beta] Can't copy a URL from Safari and paste it into the Gmail app
                https://bugs.webkit.org/show_bug.cgi?id=182952
                <rdar://problem/37636190>

                Reviewed by Tim Horton.

                After r220865 refactored the iOS copy codepaths to use NSItemProviders, we stopped writing the URL as plain text
                to the pasteboard. However, this means clients that only check for "text/plain" (or one of its aliases) on the
                pasteboard won't read any data on paste.

                To fix this, we restore the pre-iOS 11.3 behavior of writing both the URL and plain text to the pasteboard.
                Since we're using item providers, we also ensure that the NSURL is at a higher fidelity than the string to make
                it clear that the data should be consumed as a URL.

                This patch also rebaselines an existing drag and drop test to cover this change, and adds a new API test,
                ActionSheetTests.CopyLinkWritesURLAndPlainText, which simulates copying a link using the share sheet and pasting
                into a DataTransfer-dumping test harness.

                * platform/ios/PlatformPasteboardIOS.mm:
                (WebCore::PlatformPasteboard::write):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228824. rdar://problem/37714015

    2018-02-20  Eric Carlson  <eric.carlson@apple.com>

            [iOS] Returning from Auto-PiP causes Safari to be unresponsive
            https://bugs.webkit.org/show_bug.cgi?id=182977
            <rdar://problem/37685981>

            Reviewed by Jer Noble.

            Remove the error handling added in r228115, it breaks auto-pip.

            * platform/ios/VideoFullscreenInterfaceAVKit.mm:
            (VideoFullscreenInterfaceAVKit::applicationDidBecomeActive):
            (VideoFullscreenInterfaceAVKit::enterFullscreenStandard):
            (VideoFullscreenInterfaceAVKit::exitFullscreen):
            (VideoFullscreenInterfaceAVKit::cleanupFullscreen):
            (VideoFullscreenInterfaceAVKit::didStartPictureInPicture):
            (VideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler):
            (VideoFullscreenInterfaceAVKit::exitFullscreenHandler):
            (VideoFullscreenInterfaceAVKit::enterFullscreenHandler):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228716. rdar://problem/37714038

    2018-02-19  Chris Dumez  <cdumez@apple.com>

            Crash under MIMETypeRegistry::isSupportedJavaScriptMIMEType()
            https://bugs.webkit.org/show_bug.cgi?id=182927
            <rdar://problem/37675748>

            Reviewed by Antti Koivisto.

            Make it safe to call MIMETypeRegistry::isSupportedJavaScriptMIMEType() from the non-main thread.
            It is currently being called from a background thread in the following places:
            - ServiceWorkerJob::didReceiveResponse()
            - WorkerGlobalScope::importScripts()

            These call sites on non-main threads were added recently with the support for service workers.

            No new tests, already covered by existing tests that flakily experience service worker
            process crashes.

            * platform/MIMETypeRegistry.cpp:
            (WebCore::MIMETypeRegistry::isSupportedJavaScriptMIMEType):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228708. rdar://problem/37714034

    2018-02-19  Chris Dumez  <cdumez@apple.com>

            CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::TimerBase::~TimerBase
            https://bugs.webkit.org/show_bug.cgi?id=182931
            <rdar://problem/37602962>

            Reviewed by Antti Koivisto.

            Make sure PlatformMediaResource is ThreadSafeRefCounted since it is being
            used from several threads in WebCoreNSURLSession. Also make sure it is
            always destroyed on the main thread since it ends up destroying a
            CachedRawResource object.

            No new tests, no known reproduction case.

            * platform/graphics/PlatformMediaResourceLoader.h:
            * platform/network/cocoa/WebCoreNSURLSession.mm:
            (-[WebCoreNSURLSessionDataTask dealloc]):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228594. rdar://problem/37697671

    2018-02-16  Daniel Bates  <dabates@apple.com>

            Remove UTF-32 BOM parsing code
            https://bugs.webkit.org/show_bug.cgi?id=182900
            <rdar://problem/37238717>

            Reviewed by Alexey Proskuryakov.

            The UTF-32 encodings were removed from the text codec registry in r224747. So,
            we no longer need code to parse UTF-32{BE, LE} BOM or encode and decode these
            variants.

            * dom/TextDecoder.cpp:
            (WebCore::codeUnitByteSize):
            * loader/TextResourceDecoder.cpp:
            (WebCore::TextResourceDecoder::checkForBOM):
            (WebCore::TextResourceDecoder::checkForHeadCharset):
            * platform/text/TextEncoding.cpp:
            (WebCore::TextEncoding::isNonByteBasedEncoding const):
            (WebCore::UTF32BigEndianEncoding): Deleted.
            (WebCore::UTF32LittleEndianEncoding): Deleted.
            * platform/text/TextEncoding.h:

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228586. rdar://problem/37697673

    2018-02-16  Chris Dumez  <cdumez@apple.com>

            http/tests/security/http-0.9/xhr-blocked.html is flaky
            https://bugs.webkit.org/show_bug.cgi?id=182857
            <rdar://problem/37616958>

            Reviewed by Antti Koivisto.

            WebCoreResourceHandleAsOperationQueueDelegate does not own the messageQueue and
            the detachHandle function was failing to nullout m_messageQueue when the resourceHandle
            gets destroyed. This means that callFunctionOnMainThread would sometimes try to append
            to a dead messageQueue.

            No new tests, already covered by:
            http/tests/security/http-0.9/xhr-blocked.html is flaky

            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
            (-[WebCoreResourceHandleAsOperationQueueDelegate detachHandle]):

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228585. rdar://problem/37697677

    2018-02-16  Antti Koivisto  <antti@apple.com>

            Assert in mixed blend animation
            https://bugs.webkit.org/show_bug.cgi?id=182887
            <rdar://problem/37598140>

            Reviewed by Zalan Bujtas.

            Test: fast/css/calc-mixed-blend-crash.html

            * platform/CalculationValue.cpp:
            (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength):

            Fix mismatch between the type test and the value used.

2018-02-20  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228574. rdar://problem/37697675

    2018-02-16  Chris Dumez  <cdumez@apple.com>

            Crash under WebCore::EventTarget::fireEventListeners
            https://bugs.webkit.org/show_bug.cgi?id=182880
            <rdar://problem/20788804>

            Reviewed by Youenn Fablet.

            Make sure the 'ended' event does not get dispatched on a
            AudioScheduledSourceNode after ActiveDOMObjects have been stopped.

            Test: webaudio/audiobuffersource-ended-detached-frame.html

            * Modules/webaudio/AudioScheduledSourceNode.cpp:
            (WebCore::AudioScheduledSourceNode::finish):

2018-02-19  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/37590759

    Disable release assertions in updateStyleIfNeeded and updateLayout

    2018-02-19  Ryosuke Niwa  <rniwa@webkit.org>

            Disable release assertions in updateStyleIfNeeded and updateLayout
            https://bugs.webkit.org/show_bug.cgi?id=182854
            <rdar://problem/37590759>

            Reviewed by Simon Fraser.

            No new tests. Replacing release assertions with debug assertions.

            * dom/Document.cpp:
            (WebCore::Document::updateStyleIfNeeded):
            (WebCore::Document::updateLayout):
            * page/LayoutContext.cpp:
            (WebCore::LayoutContext::layout):

2018-02-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228545. rdar://problem/37615437

    2018-02-15  Chris Dumez  <cdumez@apple.com>

            Flaky Test: imported/w3c/web-platform-tests/fetch/api/redirect/redirect-to-dataurl-worker.html
            https://bugs.webkit.org/show_bug.cgi?id=182270
            <rdar://problem/36904314>

            Reviewed by Antti Koivisto.

            No new tests, already covered by existing tests that crash flakily on the bots.

            * loader/ThreadableLoaderClientWrapper.h:
            (WebCore::ThreadableLoaderClientWrapper::ThreadableLoaderClientWrapper):
            isolate copy the initiator string as this object can be destroyed on a different thread. This was
            causing the test to flakily crash as well when destroying ThreadLocalData.

            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
            (scheduledWithCustomRunLoopMode):
            (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):
            Fix thread safety issue in callFunctionOnMainThread. This function is called from a background thread
            to get to the main thread. However, it relied on m_handle which would get nullified on the main thread
            by detachHandle when the ResourceHandle is destroyed. Fix the issue by not relying on m_handle anymore.

            (-[WebCoreResourceHandleAsOperationQueueDelegate initWithHandle:messageQueue:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):
            - Go back to using autorelease() instead of get() for the returned objects to match the code pre-r224522.
            - Dispatch the protectedSelf variables that were added in r227073 to the main thread to make sure we do
              not get destroyed on the background thread when protectedSelf is the last strong reference to self.
              Destroying the WebCoreResourceHandleAsOperationQueueDelegate on the background safe is unsafe due to
              its m_messageQueue data member which contains lambdas that may capture anything.
            - Add a Lock to protect against detachHandle getting called on the main thread and nulling out
              m_handle / m_requestResult / m_cachedResponseResult while the background thread may be accessing
              them.

2018-02-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228519. rdar://problem/37615441

    2018-02-15  Antoine Quint  <graouts@apple.com>

            [Modern Media Controls] REGRESSION: Inline media controls are not disabled while in fullscreen on iOS
            https://bugs.webkit.org/show_bug.cgi?id=182830
            <rdar://problem/37537909>

            Reviewed by Eric Carlson.

            The test media/modern-media-controls/media-controller/ios/media-controller-stop-updates-in-fullscreen.html
            regressed when fixing webkit.org/b/182668 since we now started only caring about the presence of the "controls"
            attribute to identify that WebKit media controls should be available.

            We now have a dedicated _shouldControlsBeAvailable() method which more clearly establishes the conditions under
            which controls should be available and correctly disables them while in fullscreen on iOS, regardless of the
            "controls" attribute value.

            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController.prototype._shouldControlsBeAvailable):
            (MediaController.prototype._updateControlsAvailability):

2018-02-15  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228482. rdar://problem/37559826

    2018-02-12  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION (r223440): Copying & pasting a list from Microsoft Word to TinyMCE fails
            https://bugs.webkit.org/show_bug.cgi?id=182564

            Reviewed by Wenson Hsieh.

            Unfortunately, r228352 was inadaquate to fix copying & pasting of a list item from Microsoft Word into TinyMCE
            in older verions of TinyMCE. This patch amends the approach taken by r228352 to make it work across the board
            as well as unbreak GMail.

            Turns out older versions of TinyMCE can't handle list items when computed styles are added as inline style
            declarations by WebKit. To make this work, avoid adding any computed styles as inline styles within mso-list
            conditionals as well as any p elements whose style attribute contains "mso-list" property. We would instead
            preserve these styles by keeping Microsoft Word's CSS style rules in addition to special @list rules.

            In addition, not keeping the style element of Microsoft Word in a head element as done in r228352 causes some
            versions of TinyMCE to treat it as regular text, and inserting a bunch of @list rules as user visible text.
            To work around this problem, we serialize the style rules as a comment (<!-- ~ -->) within a head element.

            Furthermore, when Microsoft Word is in the compatibility mode, it does not generate xmlns:o as the first xmlns
            declaration. Generalized the code to detect Microsoft Word's HTML declaration by looking for xmlns:o and xmlns:w
            xmls declarations.

            Finally, it turns out that Gmail has its own handling of list items copy & pasted from Microsoft Word, and also
            needs this quirks but in the pasted HTML, not the one exposed in getData. As such, this patch also enables the
            MSO list quirks in the pasted content as well as the one exposed in getData.

            Tests: PasteHTML.PreservesMSOList
                   PasteHTML.PreservesMSOListInCompatibilityMode
                   PasteHTML.StripsMSOListWhenMissingMSOHTMLElement
                   PasteWebArchive.PreservesMSOList
                   PasteWebArchive.PreservesMSOListInCompatibilityMode
                   PasteWebArchive.StripsMSOListWhenMissingMSOHTMLElement

            * editing/HTMLInterchange.h:
            * editing/ReplaceSelectionCommand.cpp:
            (WebCore::removeHeadContents): Don't remove the special style element needed for the MSO list quirks since we
            don't keep the computed style as inline styles in this case.
            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::WebContentReader::readWebArchive): Enable the quirks in the pasted content as well as opposed to
            just in DataTransfer API exposed to the JavaScript.
            (WebCore::WebContentReader::readHTML): Ditto.
            * editing/markup.cpp:
            (WebCore::shouldPreserveMSOLists): Added. Generalized the logic to detect a Microsoft Word document.
            more xmlns declarations.
            (WebCore::StyledMarkupAccumulator::shouldPreserveMSOListStyleForElement): Added.
            (WebCore::StyledMarkupAccumulator::appendElement): Don't generate the second style element here for elements
            with most-list properties. Instead, avoid overriding inline styles with computed styles altogether.
            (WebCore::StyledMarkupAccumulator::appendNodeToPreserveMSOList): Include the style rules as well as list rules
            and wrap the "style" element in a "head" element to make it compatible with older versions of TinyMCE.

2018-02-15  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228352. rdar://problem/37559826

    2018-02-08  Ryosuke Niwa  <rniwa@webkit.org>

            REGRESSION (r223440): Copying & pasting a list from Microsoft Word to TinyMCE fails
            https://bugs.webkit.org/show_bug.cgi?id=182564

            Reviewed by Wenson Hsieh.

            Turns out that Microsoft Word generates p and span elements with special styles instead of standard
            ul and ol elements when copying a list items, and TinyMCE has a specialized code path to process
            this proprietary format of Microsoft Word. The regression was caused by WebKit's sanitization code
            stripping away these non-standard CSS rules and inline styles.

            To preseve pre-r223440 behavior in TinyMCE, we preserve the following in a HTML markup:

            1. The "html" element at the beginning with xmlns content attributes
            2. @list rules in a style element starting with "/* List Definitions */" comment
            3. inline style content attribute with "mso-list" property
            4. comments conditional sections with "[if !supportLists]" and "[endif]"

            (1) is needed for TinyMCE to trigger the specialized code path for Microsoft Word. (2) contains
            the information about the structure of list items. (3) is needed to associate each p element with
            a rule in (2). (4) is needed to strip away the content generated as list markers (e.g. dots).

            We enable this "MSO list quirks" when the content comes from a non-WebKit client or a WebKit client
            that doesn't enable custom pasteboard data (detected by the content origin being null), and the HTML
            markup starts with a specific sequence of characters generated by Microsoft Word.

            Test: http/tests/security/clipboard/copy-paste-html-across-origin-strips-mso-list.html
                  PasteHTML.PreservesMSOList
                  PasteHTML.StripsMSOListWhenMissingMSOHTMLElement
                  PasteWebArchive.PreservesMSOList
                  PasteWebArchive.StripsMSOListWhenMissingMSOHTMLElement

            * editing/MarkupAccumulator.cpp:
            (WebCore::MarkupAccumulator::appendTextSubstring): Added.
            * editing/MarkupAccumulator.h:
            * editing/WebContentReader.cpp:
            (WebCore::FrameWebContentReader::msoListQuirksForMarkup const): Added. Enables the MSO list quirks
            if the content origin is null. The content origin specifies the pasteboard content's origin if it's
            copied in WebKit with custom pasteboard data types enabled. In all other applications, it would be
            set to null.
            * editing/WebContentReader.h:
            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::markupForFragmentInDocument): Moved to markup.cpp as sanitizedMarkupForFragmentInDocument.
            (WebCore::sanitizeMarkupWithArchive):
            (WebCore::WebContentReader::readWebArchive): Always disables MSO list quirks since this code path is
            only used by WebKit's native code to paste content.
            (WebCore::WebContentMarkupReader::readWebArchive): Calls msoListQuirksForMarkup since this is the code
            path used by DataTransfer.
            (WebCore::WebContentReader::readHTML): Always disables MSO list quirks since this code path is only
            used by WebKit's native code to paste content.
            (WebCore::WebContentMarkupReader::readHTML): Calls msoListQuirksForMarkup since this is the code path
            used by DataTransfer.
            * editing/markup.cpp:
            (WebCore::sanitizeMarkup): Use sanitizedMarkupForFragmentInDocument to share code.
            (WebCore::MSOListMode): Added. Set to Preserve if the sanitized markup is the one generated by
            Microsoft Word, and MSO list quirks should actually kick in. This is unlike MSOListQuirks, which is
            set to Enable whenever the content COULD be the one generated by Microsoft Word.
            (WebCore::StyledMarkupAccumulator): Added a special MSO list preservation mode enabled by MSOListMode.
            (WebCore::StyledMarkupAccumulator::StyledMarkupAccumulator):
            (WebCore::StyledMarkupAccumulator::appendElement): Preseve (3). Unfortunately, TinyMCE only recognizes
            mso-list and related properties only if they appear on their own. But we also need to preserve
            the inline style generated using the computed style since we would lose the inline styles of the text
            otherwise (e.g. red text and bold font). To workaround this, we generate two style content attributes,
            one containing computed styles and another one containing mso-list. Luckily, the HTML parsing algorithm
            dictates that the first attribute always wins when more than one attributes of the same name appears,
            so we place the computed style's style attribute first so that the pasted content in non-TinyMCE
            environment will continue to work.
            (WebCore::StyledMarkupAccumulator::traverseNodesForSerialization):
            (WebCore::StyledMarkupAccumulator::appendNodeToPreserveMSOList): Added. Generates special markup for
            the conditional statements and the special style element with @list rules.
            (WebCore::createMarkupInternal):
            (WebCore::createMarkup):
            (WebCore::sanitizedMarkupForFragmentInDocument): Moved from WebContentReaderCocoa.mm. If MSOListQuirks
            is set to Enable, and the markup starts with a specific sequence of characters, generate the markup
            with the newly added quirks code in StyledMarkupAccumulator, and wrap it in a special "html" element
            TinyMCE recognizes.
            * editing/markup.h:
            (WebCore::MSOListQuirks): Added. Set to CheckIfNeeded if the content COULD require MSO list quirks.

2018-02-14  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228476. rdar://problem/37549893

    2018-02-14  Dean Jackson  <dino@apple.com>

            CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot + 618
            https://bugs.webkit.org/show_bug.cgi?id=182798
            <rdar://problem/23337253>

            Reviewed by Eric Carlson.

            Speculative fix for a crash in HTMLPlugInImageElement::didAddUserAgentShadowRoot.
            The guess is that the m_swapRendererTimer is set, and the display state changes to
            something that does not require a shadow root, but before the timer fires.
            Fix this by ensuring that the timer is reset on every display state change.

            * html/HTMLPlugInElement.cpp:
            (WebCore::HTMLPlugInElement::setDisplayState): Guard for sets that wouldn't
            actually change value, and make sure we always reset the timer.

2018-02-14  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228471. rdar://problem/37559829

    2018-02-14  Antoine Quint  <graouts@apple.com>

            [Modern Media Controls] Don't use arrays as values for localisable strings
            https://bugs.webkit.org/show_bug.cgi?id=182791
            <rdar://problem/36007262>

            Reviewed by Dean Jackson.

            Localization tools expect localizable strings to be specified as key-value pairs where both the key and the pair
            are plain strings. For the skip buttons, we used an array value to specify a replacement string. We now perform
            this task in code with a centralized SkipSeconds constant defining the skip amount.

            * English.lproj/modern-media-controls-localized-strings.js:
            * Modules/modern-media-controls/controls/icon-service.js:
            * Modules/modern-media-controls/main.js:
            (UIString):
            * Modules/modern-media-controls/media/skip-back-support.js:
            (SkipBackSupport.prototype.buttonWasPressed):
            * Modules/modern-media-controls/media/skip-forward-support.js:
            (SkipForwardSupport.prototype.buttonWasPressed):

2018-02-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228445. rdar://problem/37523940

    2018-02-13  Antoine Quint  <graouts@apple.com>

            Removing the controls attribute from a <video> element does not tear down the controls shadow DOM nor cancel event listeners.
            https://bugs.webkit.org/show_bug.cgi?id=182668
            <rdar://problem/33793004>

            Reviewed by Jer Noble.

            When controls were turned off for inline media players, we would remove all media controls elements from the shadow root,
            but we would nevertheless continue to listen to media events and, as a result, update properties of the media controls
            which would lead to requestAnimationFrame() calls that would update the detached DOM nodes.

            We now only listent to media events if controls are turned on.

            * Modules/modern-media-controls/media/controls-visibility-support.js:
            (ControlsVisibilitySupport.prototype.enable): Remove the mutation observer from ControlsVisibilitySupport since observing
            changes to the controls attribute is now performed directly in MediaController. We need to make sure that we update the
            controls however since fadesWhileIdle is turned off in the disable() call to ensure that the auto-hide behavior is disabled
            as well.
            (ControlsVisibilitySupport.prototype.disable): Disable the auto-hide controller as well.
            (ControlsVisibilitySupport.prototype._updateControls): Remove code that has now been moved into MediaController._updateControlsAvailability().
            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController): Listen to the "play" event on the media so that we call _updateControlsAvailability() in this situation to account for
            shouldForceControlsDisplay on MediaControlsHost. We also register for a mutation observer to track when the controls attribute availability
            changes in which case we want to call _updateControlsAvailability() as well.
            (MediaController.prototype.handleEvent): Call _updateControlsAvailability() instead of _updateiOSFullscreenProperties() which has been renamed
            and expanded.
            (MediaController.prototype._updateControlsIfNeeded): Call _updateControlsAvailability() after controls have been updated.
            (MediaController.prototype._updateControlsAvailability): We now disable supporting media controller objects when we know that controls should
            be hidden in all cases except when in fullscreen on macOS.
            (MediaController.prototype._updateiOSFullscreenProperties): Deleted.
            * Modules/modern-media-controls/media/placard-support.js:
            (PlacardSupport.prototype.disable): Only allow the media events required to track when to show placards when in fullscreen since inline media
            players need to show the AirPlay and picture-in-picture placards even when controls are disabled.

2018-02-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228430. rdar://problem/37518683

    2018-02-13  Chris Dumez  <cdumez@apple.com>

            REGRESSION (r228299): Broke reader mode in Safari
            https://bugs.webkit.org/show_bug.cgi?id=182697
            <rdar://problem/37399012>

            Reviewed by Ryosuke Niwa.

            Rework the fix for r228299 to be more targeted. I moved the policy check
            cencelation from FrameLoader::stopLoading() to NavigationScheduler::schedule()
            when a pending load is cancelled by another load. I have verified that the
            sites fixed by r228299 still work with this more limited change. However,
            reader mode is now working again.

            The issue seems to be that we tell CFNetwork to continue with the load after
            receiving the response, even if the client has not responded to the
            decidePolicyForNavigationResponse delegate yet. As a result, CFNetwork sends
            us the resource data and we may commit the provisional load before receiving
            the policy response from the client. When the provisional load is committed,
            we call FrameLoader::stopLoading() which after r228299 cancelled pending
            policy checks. Because we did not wait for the policy check response to
            commit the load, we would cancel it which would make the load fail.

            The real fix here would be to make not tell CFNetwork to continue until after
            we've received the policy delegate response. However, this is a larger and
            riskier change at this point. I will follow-up on this issue.

            Covered by new API test.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::stopLoading):
            * loader/NavigationScheduler.cpp:
            (WebCore::NavigationScheduler::schedule):

2018-02-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228435. rdar://problem/37518843

    2018-02-13  Antti Koivisto  <antti@apple.com>

            Crash when breakpoint hit in unload handler
            https://bugs.webkit.org/show_bug.cgi?id=169855
            <rdar://problem/28683567>

            Reviewed by Daniel Bates.

            Test: inspector/debugger/reload-paused.html

            CachedRawResource::updateBuffer may generate unload event in client notify callback. If Inspector was
            paused, this even would spawn a nested runloop. CachedRawResource::finishLoading would get called in
            the nested loop, confusing the DocumentLoader state machine and resulting in crashes later.

            * loader/cache/CachedRawResource.cpp:
            (WebCore::CachedRawResource::updateBuffer):

            - Set a bit when entering the client callback.
            - Ensure we don't re-enter updateBuffer.
            - If finishLoading got delayed during client callback, do it at the end.

            (WebCore::CachedRawResource::finishLoading):

            If we are in updateBuffer client callback, save the buffer and bail out.

            * loader/cache/CachedRawResource.h:

2018-02-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228325. rdar://problem/37518694

    2018-02-09  Youenn Fablet  <youenn@apple.com>

            Make CoreAudioCaptureSource error logging be release logging
            https://bugs.webkit.org/show_bug.cgi?id=182614

            Reviewed by Eric Carlson.

            No change of behavior.

            * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
            (WebCore::CoreAudioSharedUnit::addEchoCancellationSource):
            (WebCore::CoreAudioSharedUnit::setupAudioUnit):
            (WebCore::CoreAudioSharedUnit::configureMicrophoneProc):
            (WebCore::CoreAudioSharedUnit::configureSpeakerProc):
            (WebCore::CoreAudioSharedUnit::checkTimestamps):
            (WebCore::CoreAudioSharedUnit::provideSpeakerData):
            (WebCore::CoreAudioSharedUnit::processMicrophoneSamples):
            (WebCore::CoreAudioSharedUnit::cleanupAudioUnit):
            (WebCore::CoreAudioSharedUnit::reconfigureAudioUnit):
            (WebCore::CoreAudioSharedUnit::startInternal):
            (WebCore::CoreAudioSharedUnit::verifyIsCapturing):
            (WebCore::CoreAudioSharedUnit::stopInternal):
            (WebCore::CoreAudioSharedUnit::defaultInputDevice):

2018-02-13  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228299. rdar://problem/37518837

    2018-02-08  Chris Dumez  <cdumez@apple.com>

            Form submission after navigation fails when decidePolicyForNavigationAction is async
            https://bugs.webkit.org/show_bug.cgi?id=182412
            <rdar://problem/35181099>

            Reviewed by Alex Christensen.

            When the form is submitted and schedules the load in an iframe that is already loading,
            FrameLoader::stopLoading() is called as expected. However, because policy checks can
            now be asynchronous, stopLoading() also needs to stop pending policy checks. Otherwise,
            continueLoadAfterNavigationPolicy() gets called for a cancelled load and we're in trouble
            because the FrameLoader was reused for another load since then.

            Test: http/tests/navigation/sync-form-submit-iframe.html

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::stopLoading):

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228389. rdar://problem/37475107

    2018-02-12  Ryan Haddad  <ryanhaddad@apple.com>

            [iOS] media tests failing ASSERT_NOT_REACHED() in WebCore::VideoFullscreenInterfaceAVKit::cleanupFullscreen()
            https://bugs.webkit.org/show_bug.cgi?id=182527

            Reviewed by Alexey Proskuryakov.

            Temporarily remove an assertion from VideoFullscreenInterfaceAVKit to stop tests from crashing on iOS
            while the root cause is being investigated.

            * platform/ios/VideoFullscreenInterfaceAVKit.mm:
            (VideoFullscreenInterfaceAVKit::exitFullscreenHandler):

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228229. rdar://problem/37475107

    2018-02-06  Matt Lewis  <jlewis3@apple.com>

            Removed the assertions from VideoFullscreenInterfaceAVKit.mm temporarily to stop the resulting crashes during debugging.
            https://bugs.webkit.org/show_bug.cgi?id=182527

            Unreviewed build fix.

            * platform/ios/VideoFullscreenInterfaceAVKit.mm:
            (VideoFullscreenInterfaceAVKit::exitFullscreen):
            (VideoFullscreenInterfaceAVKit::cleanupFullscreen):

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/37470882

    CoreAudioCaptureSourceIOSListener should be a WebProcess singleton

    2018-02-12  Youenn Fablet  <youenn@apple.com>

            CoreAudioCaptureSourceIOSListener should be a WebProcess singleton
            https://bugs.webkit.org/show_bug.cgi?id=182606
            <rdar://problem/37470882>

            Reviewed by Eric Carlson.

            Covered by manual testing.
            In case shared unit is suspended, unsuspend it when creating a new audio source.
            This creation should only happen when WebKit iOS is foregrounded.

            * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
            (WebCore::CoreAudioCaptureSource::CoreAudioCaptureSource):

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228231. rdar://problem/37408885

    2018-02-07  Daniel Bates  <dabates@apple.com>

            Log error when authentication challenge is blocked due to an insecure request
            https://bugs.webkit.org/show_bug.cgi?id=182358

            Reviewed by Andy Estes.

            Emit an error message to Web Inspector console that explains why an authentication
            challenge was blocked so that a developer can fix up their site.

            Tests: http/tests/security/mixedContent/insecure-basic-auth-image.https.html
                   http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-insecure-page.https.html
                   http/tests/security/mixedContent/secure-page-navigates-to-basic-auth-secure-page-via-insecure-redirect.https.html

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::receivedFirstData): Log to the console an error message
            if the document we are loading was forbidden from prompting for credentials.
            Also removed duplicate assertion to ensure document is non-null and update
            call to LinkLoader::loadLinksFromHeader() to use local variable to access
            the document we are loading instead of asking the frame for it, again.
            (WebCore::FrameLoader::reportAuthenticationChallengeBlocked): Added.
            * loader/FrameLoader.h:

            * loader/ResourceLoader.cpp:
            (WebCore::ResourceLoader::init):
            (WebCore::ResourceLoader::willSendRequestInternal):
            Track the decision to forbid asking for credentials due to Fetch spec. requirements (m_canAskClientForCredentials)
            independently from the decision to forbid them due to making an insecure request (m_wasInsecureRequestSeen)
            so that we know the reason why we blocked asking for credentials when we receive an authentication challenge.

            (WebCore::ResourceLoader::didBlockAuthenticationChallenge): Added.
            (WebCore::ResourceLoader::isAllowedToAskUserForCredentials const): Modified code now that we track
            whether we have seen an insecure request so far independently from decision to forbid prompting for
            credentials due to a Fetch spec. requirement.

            (WebCore::ResourceLoader::didReceiveAuthenticationChallenge):
            Store a bit whether we have seen an insecure request when loading the resource so far. Disallow
            asking for credentials if we have seen an insecure request so far. Once we receive a response

            * loader/ResourceLoader.h:
            (WebCore::ResourceLoader::wasAuthenticationChallengeBlocked const): Added.
            (WebCore::ResourceLoader::wasInsecureRequestSeen const): Added.

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228045. rdar://problem/37465611

    2018-02-02  Daniel Bates  <dabates@apple.com>

            Clean up FrameLoader::receivedFirstData()
            https://bugs.webkit.org/show_bug.cgi?id=182361

            Reviewed by Andy Estes.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::receivedFirstData):

2018-02-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228326. rdar://problem/37460483

    2018-02-09  Youenn Fablet  <youenn@apple.com>

            Add support for cache storage of blob response
            https://bugs.webkit.org/show_bug.cgi?id=182637

            Reviewed by Brady Eidson.

            Covered by updated WPT test.
            When putting a blob response in cache, create a readable stream to easily get the body.
            Make clear that caching form data is not supported.

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::put):
            * Modules/fetch/FetchBody.h:
            (WebCore::FetchBody::isBlob const):
            (WebCore::FetchBody::isFormData const):
            * Modules/fetch/FetchResponse.h:

2018-02-12  Dean Jackson  <dino@apple.com>

        Cherry-pick r228349. rdar://problem/37411410

    2018-02-09  Dean Jackson  <dino@apple.com>

            ImageBitmapRenderingContext should be Runtime guarded
            https://bugs.webkit.org/show_bug.cgi?id=182665
            <rdar://problem/37411410>

            Reviewed by Sam Weinig.

            Add a flag to ensure the ImageBitmapRenderingContext interface is only
            visible when the runtime feature is enabled.

            * bindings/js/WebCoreBuiltinNames.h:
            * html/canvas/ImageBitmapRenderingContext.idl:

2018-02-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228241. rdar://problem/37408896

    2018-02-07  Youenn Fablet  <youenn@apple.com>

            ASSERTION FAILED: m_timeOrigin in Performance::Performance()
            https://bugs.webkit.org/show_bug.cgi?id=182558
            <rdar://problem/37297551>

            Reviewed by Chris Dumez.

            Test: http/wpt/fetch/cors-preflight-star.any.serviceworker.html

            * loader/CrossOriginPreflightChecker.cpp:
            (WebCore::CrossOriginPreflightChecker::startPreflight):

2018-02-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228340. rdar://problem/37408869

    2018-02-09  Wenson Hsieh  <wenson_hsieh@apple.com>

            Pasting from Excel no longer provides text/html data
            https://bugs.webkit.org/show_bug.cgi?id=182636
            <rdar://problem/37087060>

            Reviewed by Ryosuke Niwa.

            After r222656, we treat images on the pasteboard as files. However, we also have an existing policy which hides
            text data ("text/uri-list", "text/html", "text/plain") from the page when files are present on the pasteboard.
            When copying a table, Microsoft Excel writes a rendering of the table to the pasteboard as an image. This means
            that we'll hide other data types (importantly, 'text/html') upon pasting, even though important clients (such as
            Google Docs and Confluence) depend on the 'text/html' data in order to correctly handle the paste (rather than
            paste as an image of a table).

            To fix this, we add an exception to the DataTransfer.getData codepath when the pasteboard contains files.
            Instead of always returning the empty string for text/html, we still allow pasteboard access, but only read
            from a limited set of rich text types, i.e. web archive, RTF(D), and HTML markup. Importantly, this prevents
            us from exposing any file paths that appear as plain text or URLs on the pasteboard. Just as in the regular
            codepath for getData(), if the pasteboard data comes from the same origin, we allow unsanitized access;
            otherwise, we use WebContentMarkupReader to extract markup from the pasteboard.

            Tests:  PasteMixedContent.ImageFileAndPlainText
                    PasteMixedContent.ImageFileAndWebArchive
                    PasteMixedContent.ImageFileAndHTML
                    PasteMixedContent.ImageFileAndRTF
                    PasteMixedContent.ImageFileAndURL
                    PasteMixedContent.ImageFileWithHTMLAndURL
                    DataInteractionTests.DataTransferGetDataWhenDroppingImageAndMarkup

            Also rebaselined some layout tests, which cover changes in behavior when dropping on macOS and pasting on iOS.

            * dom/DataTransfer.cpp:
            (WebCore::DataTransfer::getDataForItem const):

            Augment the codepath handling the case where the pasteboard contains files, such that we allow reading
            "text/html", but only from rich text types.

            (WebCore::DataTransfer::readStringFromPasteboard const):

            Factor out logic for reading from the pasteboard into a private helper. This is called in two places from
            getDataForItem: in the normal (existing) path, and in the case where we allow 'text/html' to be read despite
            files appearing in the pasteboard.

            One important difference here is that this helper now takes a WebContentReadingPolicy, whose purpose is to
            prevent reading from non-rich-text types when files appear in the pasteboard.

            Another tweak here is that we now use `lowercaseType` instead of the original (unadjusted) `type` when reading
            from the pasteboard. This doesn't seem to be intended in the first place.

            (WebCore::DataTransfer::types const):

            Tweak the implementation of DataTransfer.types() in the case where files exist on the pasteboard, such that we
            also add "text/html" if it is present in the list of DOM-safe types.

            * dom/DataTransfer.h:
            * platform/Pasteboard.h:

            Introduce WebContentReadingPolicy, which indicates whether or not we should limit web content reading from the
            pasteboard to only rich text types upon paste or drop. Normally, we allow all types to be read as web content
            (::AnyType), but when files appear on the pasteboard, we force OnlyRichTextTypes to ensure that no other types
            can unintentionally be read back as web content.

            * platform/StaticPasteboard.h:
            * platform/gtk/PasteboardGtk.cpp:
            (WebCore::Pasteboard::read):
            * platform/ios/PasteboardIOS.mm:

            Teach Pasteboard (on iOS) to respect WebContentReadingPolicy.

            (WebCore::isTypeAllowedByReadingPolicy):
            (WebCore::Pasteboard::read):
            (WebCore::Pasteboard::readRespectingUTIFidelities):
            * platform/mac/PasteboardMac.mm:

            Teach Pasteboard (on macOS) to respect WebContentReadingPolicy.

            (WebCore::Pasteboard::read):
            * platform/win/PasteboardWin.cpp:
            (WebCore::Pasteboard::read):
            * platform/wpe/PasteboardWPE.cpp:
            (WebCore::Pasteboard::read):

            Adjust non-Cocoa Pasteboard implementations for an interface change.

2018-02-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228342. rdar://problem/37408891

    2018-02-09  Andy Estes  <aestes@apple.com>

            [Payment Request] Apple Pay sheet does not dismiss when calling complete() with result "unknown" or "fail"
            https://bugs.webkit.org/show_bug.cgi?id=182658
            <rdar://problem/37293917>

            Reviewed by Brady Eidson.

            When PaymentResponse::complete() is called with a result of "unknown" or "fail", we should
            treat this as a fatal error and dismiss the Apple Pay sheet. However, we were adding an
            error with code "unknown" to the authorization result, which PassKit interprets as a
            non-fatal error. Instead, we should not set any errors and just use a status code of
            PaymentAuthorizationStatus::Failure, which PassKit interprets as a fatal error, dismissing
            the sheet.

            No test possible.

            * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
            (WebCore::ApplePayPaymentHandler::complete):

2018-02-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228331. rdar://problem/37408871

    2018-02-09  Andy Estes  <aestes@apple.com>

            [Payment Request] Crash in PaymentRequest::canMakePayment() when Apple Pay payment method data is missing required fields
            https://bugs.webkit.org/show_bug.cgi?id=182631

            Reviewed by Mark Lam.

            PaymentRequest::canMakePayment() needs to parse each payment method's serialized data to
            determine if it is a supported payment method. If parsing fails by raising an exception, we
            intend to skip over that payment method and try the next one. If all payment method data
            fail to parse, we resolve the returned promise with false. At no point do we intend to
            propagate the parsing exception up to the calling script, however.

            Even though we intend to swallow any exceptions from parsing, we failed to clear the
            JavaScript VM's exception state. The next time WebCore tries to execute JavaScript, a
            release assertion is raised due to seeing an unexpected exception in the VM.

            Fix this by using a CatchScope in PaymentRequest::canMakePayment(), and calling
            CatchScope::clearException() in the places we intend to swallow exceptions.

            Added a test case to http/tests/paymentrequest/payment-request-canmakepayment-method.https.html.

            * Modules/paymentrequest/PaymentRequest.cpp:
            (WebCore::PaymentRequest::canMakePayment):

2018-02-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228240. rdar://problem/37408894

    2018-02-07  Wenson Hsieh  <wenson_hsieh@apple.com>

            REGRESSION(r226396): File paths are inserted when dropping image files
            https://bugs.webkit.org/show_bug.cgi?id=182557
            <rdar://problem/37294120>

            Reviewed by Ryosuke Niwa.

            Reverts unintended changes in <http://trac.webkit.org/r226396>. Before r226396, WebContentReader::readFilenames
            (a helper function in macOS-specific code) contained logic to create and insert attachment elements if
            ENABLE(ATTACHMENT_ELEMENT); otherwise, it would fall back to inserting the visible URL as a text node. Since we
            enable the attachment element on all Cocoa platforms via xcconfig files, this was effectively dead code.

            However, when r226396 (which moved this out from macOS to Cocoa platform code) refactored this helper function,
            it also moved this chunk of code out of the !ENABLE(ATTACHMENT) conditional and into a PLATFORM(MAC) guard,
            which means that we now fall back to inserting file paths as text when attachment elements are disabled. To fix
            this, we simply remove the (previously) dead code.

            A more subtle difference is that we no longer always return true from WebContentReader::readFilePaths. This
            means that when we drop files, we no longer skip over the early return in documentFragmentFromDragData when
            we've made a fragment, so we read the file path as a URL. To address this, we just restore the pre-macOS 10.13.4
            behavior of initializing the document fragment.

            Test: modified editing/pasteboard/drag-files-to-editable-element-as-URLs.html.

            * editing/WebContentReader.cpp:
            (WebCore::WebContentReader::ensureFragment): Deleted.

            Remove this helper, as it was only used in WebContentReader::readFilePaths.

            * editing/WebContentReader.h:
            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::WebContentReader::readFilePaths):

2018-02-08  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228258. rdar://problem/37355417

    2018-02-07  Andy Estes  <aestes@apple.com>

            ASSERTION FAILED: vm->currentThreadIsHoldingAPILock() seen with http/tests/paymentrequest/payment-request-show-method.https.html
            https://bugs.webkit.org/show_bug.cgi?id=182591

            Reviewed by Youenn Fablet.

            Fixes assertion failures in http/tests/paymentrequest/payment-request-show-method.https.html.

            DOMPromise::whenSettled() calls the JSC API without first aquiring the API lock, and
            r228195 added a call to whenSettled() where the lock is not guaranteed to be already
            acquired.

            Fix this by creating a JSLockHolder in DOMPromise::whenSettled().

            * bindings/js/JSDOMPromise.cpp:
            (WebCore::DOMPromise::whenSettled):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228199. rdar://problem/37294597

    2018-02-06  Youenn Fablet  <youenn@apple.com>

            imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-respond-with-response-body-with-invalid-chunk.https.html is flaky
            https://bugs.webkit.org/show_bug.cgi?id=182541

            Reviewed by Chris Dumez.

            Covered by test being no longer flaky.
            In case of loading error when getting the response body, we were only reporting
            the error if there was a callback set or a ReadableStream already created.
            Otherwise, we were just stopping loading and if creating a ReadableStream, we were just returning an empty body.

            FetchBodyOwner now stores a loading error.
            In case a readable stream is created, it will error it if there is a loading error.
            If there is not and the loading failed later on, the stream will be errored using the current code path.

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::put):
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::clone):
            (WebCore::FetchResponse::BodyLoader::didFail):
            * Modules/fetch/FetchResponse.h:
            * workers/service/context/ServiceWorkerFetch.cpp:
            (WebCore::ServiceWorkerFetch::processResponse):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228188. rdar://problem/37293107

    2018-02-06  Youenn Fablet  <youenn@apple.com>

            HasServiceWorkerRegistration bit should be sent when creating a new page
            https://bugs.webkit.org/show_bug.cgi?id=182410

            Reviewed by Chris Dumez.

            Covered by new API test.

            Changed the default value of service workers being registered to false.
            Every page created in the process will be responsible to change the value to true,
            at which time the value will be kept to true for the lifetime of the process.

            * workers/service/ServiceWorkerProvider.h:

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228195. rdar://problem/37292905

    2018-02-06  Andy Estes  <aestes@apple.com>

            [Payment Request] show() should take an optional PaymentDetailsUpdate promise
            https://bugs.webkit.org/show_bug.cgi?id=182538
            <rdar://problem/36754552>

            Reviewed by Tim Horton.

            Taught show() to take an optional promise for a PaymentDetailsUpdate.

            Added test cases to http/tests/paymentrequest/payment-request-show-method.https.html.

            * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
            (WebCore::ApplePayPaymentHandler::detailsUpdated):

            Changed to take a PaymentRequest::UpdateReason instead of a eventType string.

            (WebCore::ApplePayPaymentHandler::shippingAddressUpdated):
            (WebCore::ApplePayPaymentHandler::shippingOptionUpdated):
            (WebCore::ApplePayPaymentHandler::paymentMethodUpdated):
            (WebCore::ApplePayPaymentHandler::didAuthorizePayment):
            (WebCore::ApplePayPaymentHandler::didSelectShippingMethod):
            (WebCore::ApplePayPaymentHandler::didSelectShippingContact):
            (WebCore::ApplePayPaymentHandler::didSelectPaymentMethod):

            Asserted that only one of the PaymentSession delegates is executing at a time.

            * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
            * Modules/paymentrequest/PaymentHandler.h:

            Changed detailsUpdated to take a PaymentRequest::UpdateReason instead of a eventType string.

            * Modules/paymentrequest/PaymentRequest.cpp:
            (WebCore::PaymentRequest::show):

            If there is a details promise, call updateWith() with UpdateReason::ShowDetailsResolved.

            (WebCore::PaymentRequest::shippingAddressChanged):
            (WebCore::PaymentRequest::shippingOptionChanged):
            (WebCore::PaymentRequest::paymentMethodChanged):

            Used whenDetailsSettled() to ensure that update events do not start before the show()
            details promise settles.

            (WebCore::PaymentRequest::updateWith):
            (WebCore::PaymentRequest::settleDetailsPromise):

            Changed to use a PaymentRequest::UpdateReason instead of a eventType string.

            (WebCore::PaymentRequest::whenDetailsSettled):

            If there is a details promise, wait for it to settle before executing the callback.

            * Modules/paymentrequest/PaymentRequest.h:

            Defined enum class UpdateReason.

            * Modules/paymentrequest/PaymentRequest.idl:

            Updated show() to take an optional Promise<PaymentDetailsUpdate>.

            * Modules/paymentrequest/PaymentRequestUpdateEvent.cpp:
            (WebCore::PaymentRequestUpdateEvent::updateWith):

            Map the event type to a PaymentRequest::UpdateReason.

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228191. rdar://problem/37292910

    2018-02-06  Dean Jackson  <dino@apple.com>

            REGRESSION: WebGL no longer producing a transparent canvas on iOS
            https://bugs.webkit.org/show_bug.cgi?id=182550
            <rdar://problem/37234491>

            Reviewed by Eric Carlson.

            Due to some weirdness GL_RGBA8 is sometimes different between iOS and
            other platforms. Only tell the WebGLLayer that it is opaque when it really
            is not transparent.

            Covered by existing test: fast/canvas/webgl/context-attributes-alpha

            * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
            (WebCore::GraphicsContext3D::setRenderbufferStorageFromDrawable): Look at the context
            attributes to decide if we should use an opaque layer.
            * platform/graphics/cocoa/WebGLLayer.mm: Ditto.
            (-[WebGLLayer initWithGraphicsContext3D:]):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228189. rdar://problem/37292905

    2018-02-06  Andy Estes  <aestes@apple.com>

            [WebIDL] Support optional Promise arguments
            https://bugs.webkit.org/show_bug.cgi?id=182399
            <rdar://problem/36754552>

            Reviewed by Sam Weinig and Chris Dumez.

            Previously, declaring a Promise argument as optional would result in a native type of
            std::optional<RefPtr<DOMPromise>>. This is wasteful, since RefPtr can represent an optional
            argument by storing nullptr. Further, PassArgumentExpression() assumed Promises were never
            optional and tried to pass the argument as a Ref by calling RefPtr::releaseNonNull().

            This patch removes the std::optional wrapper around optional Promises and simply passes the
            promise as a RefPtr to native code.

            * bindings/scripts/CodeGeneratorJS.pm:
            (PassArgumentExpression):
            (GenerateParametersCheck):
            * bindings/scripts/test/JS/JSTestObj.cpp:
            (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalPromiseBody):
            (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalPromise):
            * bindings/scripts/test/TestObj.idl:

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228180. rdar://problem/37292935

    2018-02-06  Chris Dumez  <cdumez@apple.com>

            Service workers registrations are saved to disk before the install / activation succeeds
            https://bugs.webkit.org/show_bug.cgi?id=182535
            <rdar://problem/36591485>

            Reviewed by Youenn Fablet.

            Service workers registrations are saved to disk before the install / activation succeeds.
            This means if the browser exits before the install / activation succeeds, we may restore
            from disk a registration with an “active” worker which may have never been installed /
            activated.

            To address the issue, we now delay saving the registration to disk until after the service
            worker has been activated.

            No new tests, restoration from disk is covered by API tests that still pass.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::didFinishActivation):
            (WebCore::SWServer::installContextData):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228149. rdar://problem/37264543

    2018-02-05  Filip Pizlo  <fpizlo@apple.com>

            Global objects should be able to use TLCs to allocate from different blocks from each other
            https://bugs.webkit.org/show_bug.cgi?id=182227

            Reviewed by Daniel Bates and Chris Dumez.

            No new tests because no change in behavior.

            Adopt JSC TLC API to put distance between objects from different security origins. WebCore has
            a subclass of ThreadLocalCache that supports hash-consing based on the relevant origin data
            using the existing SecurityOriginHash. It's Document's job to initiate this, but all of the
            logic is in WebCore::OriginThreadLocalCache.

            Workers don't opt into this. They just get the VM's default TLC all the time.

            * ForwardingHeaders/heap/ThreadLocalCache.h: Added.
            * Sources.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * bindings/js/JSDOMGlobalObject.cpp:
            (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
            * bindings/js/JSDOMGlobalObject.h:
            * bindings/js/JSDOMWindowBase.cpp:
            (WebCore::JSDOMWindowBase::JSDOMWindowBase):
            * dom/Document.cpp:
            (WebCore::Document::initSecurityContext):
            (WebCore::Document::threadLocalCache):
            * dom/Document.h:
            * page/OriginThreadLocalCache.cpp: Added.
            (WebCore::threadLocalCacheMap):
            (WebCore::OriginThreadLocalCache::create):
            (WebCore::OriginThreadLocalCache::~OriginThreadLocalCache):
            (WebCore::OriginThreadLocalCache::OriginThreadLocalCache):
            * page/OriginThreadLocalCache.h: Added.
            * page/SecurityOrigin.cpp:
            (WebCore::SecurityOrigin::passesFileCheck const):
            (WebCore::SecurityOrigin::setEnforcesFilePathSeparation):
            (WebCore::SecurityOrigin::toString const):
            (WebCore::SecurityOrigin::enforceFilePathSeparation): Deleted.
            * page/SecurityOrigin.h:
            (WebCore::SecurityOrigin::enforcesFilePathSeparation const):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228150. rdar://problem/37264467

    2018-02-05  Youenn Fablet  <youenn@apple.com>

            Crash in imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-origin.sub.html
            https://bugs.webkit.org/show_bug.cgi?id=182422
            <rdar://problem/37182665>

            Reviewed by Alex Christensen.

            Covered by test no longer crashing in Debug mode.
            Make sure completionHandler is called on the main thread.

            * platform/network/cocoa/WebCoreNSURLSession.mm:
            (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:completionHandler:]):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228151. rdar://problem/37264535

    2018-02-05  Ryosuke Niwa  <rniwa@webkit.org>

            Release assertion in inlineVideoFrame
            https://bugs.webkit.org/show_bug.cgi?id=182513
            <rdar://problem/37159363>

            Reviewed by Zalan Bujtas.

            The bug was caused by the fact it's not always safe to invoke updateLayout even when isSafeToUpdateStyleOrLayout
            on a document of a flattened frame on iOS. isSafeToUpdateStyleOrLayout returns true when the frame view is in
            the frame-flattening mode to avoid hitting a release asssertion in updateLayout of the frame. However, it's still
            not safe to invoke updateLayout on a parent frame in this case.

            As a result, inlineVideoFrame (in Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm) invokes updateLayout
            even when the top-level document is not safe to update when the video element is in a frame-flattened document.

            Fixed this bug by explicitly checking that we still have a live render tree and document hasn't been stopped.
            Also replaced other uses of isSafeToUpdateStyleOrLayout by more explicit checks.

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::updateBackingStore): Made the early exit condition added in r227006 more explicit.
            Namely, InspectorDOMAgent::pseudoElementCreated is invoked during style recalc.
            * dom/Document.cpp:
            (WebCore::isSafeToUpdateStyleOrLayout): Made this local to the file.
            (WebCore::Document::updateStyleIfNeeded):
            (WebCore::Document::updateLayout):
            * dom/Document.h:
            * html/MediaElementSession.cpp:
            (WebCore::isMainContentForPurposesOfAutoplay): Made the early exit condition added in r227529 more explicit. Don't
            update the layout when the render tree had been destroyed or the active DOM objects had been stopped.

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228143. rdar://problem/37264459

    2018-02-05  Per Arne Vollan  <pvollan@apple.com>

            [Win] Release assert failed under NetworkStateNotifier::singleton.
            https://bugs.webkit.org/show_bug.cgi?id=182516

            Reviewed by Brent Fulgham.

            The callback NetworkStateNotifier::addressChangeCallback will always be called on a
            worker thread on Windows. Since the method NetworkStateNotifier::singleton() is
            called by NetworkStateNotifier::addressChangeCallback, but has to be called on the
            on the main thread, the call has to be moved there.

            No new tests. I have not been able to reproduce the crash.

            * platform/network/win/NetworkStateNotifierWin.cpp:
            (WebCore::NetworkStateNotifier::addressChangeCallback):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228119. rdar://problem/37264495

    2018-02-05  John Wilander  <wilander@apple.com>

            Build fix for r228115, simple naming issue succeeded —> success.
            https://bugs.webkit.org/show_bug.cgi?id=182507
            <rdar://problem/37248566>

            Reviewed by Eric Carlson.

            No new tests. Build fix.

            * platform/ios/VideoFullscreenInterfaceAVKit.mm:
            (VideoFullscreenInterfaceAVKit::enterFullscreenHandler):
                succeeded —> success

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228115. rdar://problem/37264495

    2018-02-05  Eric Carlson  <eric.carlson@apple.com>

            [iOS] VideoFullscreenInterfaceAVKit should not ignore errors
            https://bugs.webkit.org/show_bug.cgi?id=182497
            <rdar://problem/36986898>

            Reviewed by Jer Noble.

            Always call layoutIfNeeded before calling -[AVPlayerViewController enterFullScreenAnimated:completionHandler]
            or -[AVPlayerViewController exitFullScreenAnimated:completionHandler] because they both fail
            if the view needs layout. Also don't ignore errors returned by those calls.

            No new tests, the failure is non deterministic and I was not able to reproduce in a test.

            * platform/ios/VideoFullscreenInterfaceAVKit.mm:
            (VideoFullscreenInterfaceAVKit::applicationDidBecomeActive):
            (VideoFullscreenInterfaceAVKit::enterFullscreenStandard):
            (VideoFullscreenInterfaceAVKit::exitFullscreen):
            (VideoFullscreenInterfaceAVKit::cleanupFullscreen):
            (VideoFullscreenInterfaceAVKit::didStartPictureInPicture):
            (VideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler):
            (VideoFullscreenInterfaceAVKit::doEnterFullscreen):
            (VideoFullscreenInterfaceAVKit::exitFullscreenHandler):
            (VideoFullscreenInterfaceAVKit::enterFullscreenHandler):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228114. rdar://problem/37264445

    2018-02-05  Daniel Bates  <dabates@apple.com>

            REGRESSION (r222795): Nike app "Refused to set unsafe header" when adding and viewing cart
            https://bugs.webkit.org/show_bug.cgi?id=182491
            <rdar://problem/36533447>

            Reviewed by Brent Fulgham.

            Exempt Nike from the XHR header restrictions in r222795.

            Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
            However Nike also depends on such functionality.

            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isNike):

2018-02-06  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228101. rdar://problem/37264480

    2018-02-05  Chris Dumez  <cdumez@apple.com>

            Layout Test imported/w3c/web-platform-tests/service-workers/service-worker/register-same-scope-different-script-url.https.html is flaky
            https://bugs.webkit.org/show_bug.cgi?id=181166
            <rdar://problem/37169508>

            Reviewed by Youenn Fablet.

            I found out that this test was flakily timing out because our jobQueues would sometimes get stuck
            when their current job's connection or service worker (when scheduled by a service worker) would
            go away before the job is complete.

            This patch makes our job queues operation more robust by:
            1. Cancelling all jobs from a given connection when a SWServerConnection goes away
            2. Cancelling all jobs from a given service worker when a service worker gets terminated

            We also make sure service workers created by a job get properly terminated when a job
            is canceled to avoid leaving service workers in limbo.

            No new tests, unskipped existing flaky test.

            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::addRegistration):
            (WebCore::ServiceWorkerContainer::removeRegistration):
            (WebCore::ServiceWorkerContainer::updateRegistration):
            * workers/service/ServiceWorkerJobData.cpp:
            (WebCore::ServiceWorkerJobData::ServiceWorkerJobData):
            (WebCore::ServiceWorkerJobData::isolatedCopy const):
            * workers/service/ServiceWorkerJobData.h:
            (WebCore::ServiceWorkerJobData::encode const):
            (WebCore::ServiceWorkerJobData::decode):
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::startScriptFetch):
            (WebCore::SWServer::scriptContextFailedToStart):
            (WebCore::SWServer::scriptContextStarted):
            (WebCore::SWServer::terminatePreinstallationWorker):
            (WebCore::SWServer::installContextData):
            (WebCore::SWServer::workerContextTerminated):
            (WebCore::SWServer::unregisterConnection):
            * workers/service/server/SWServer.h:
            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::removeAllJobsMatching):
            (WebCore::SWServerJobQueue::cancelJobsFromConnection):
            (WebCore::SWServerJobQueue::cancelJobsFromServiceWorker):
            * workers/service/server/SWServerJobQueue.h:
            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::setPreInstallationWorker):

2018-02-05  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/37145473

    Temporarily replace RELEASE_ASSERT with ASSERT in FrameLoader::stopAllLoaders.

    2018-02-05  Per Arne Vollan  <pvollan@apple.com>

            Temporarily replace RELEASE_ASSERT with ASSERT in FrameLoader::stopAllLoaders.
            https://bugs.webkit.org/show_bug.cgi?id=182489

            Reviewed by Ryosuke Niwa.

            On trunk, we currently have a release assert that asserts that scripts are allowed when calling
            FrameLoader::stopAllLoaders. This is correct since stopAllLoaders might dispatch events. We should
            continue to have the release assert in trunk, because we should catch when this happens. However,
            there still might be cases where the assert fails, but the backtrace will turn out to be one where
            scripting could be allowed. The release assert in trunk will help us catch these cases. On the
            branch, however, we should avoid crashing in these cases, and replace the release assert with a
            debug assert. If approved, this patch should only land on a branch, not on trunk.

            No new tests, covered by existing tests.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::stopAllLoaders):

2018-02-05  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228096. rdar://problem/37240973

    2018-02-05  Antti Koivisto  <antti@apple.com>

            Crash on sfgate.com because mismatching link preload types
            https://bugs.webkit.org/show_bug.cgi?id=182483
            <rdar://problem/37065331>

            Reviewed by Daniel Bates.

            Preloading the same URL with different 'as' types causes some confusion.

            Test: http/tests/preload/link-preload-type-mismatch.html

            * loader/LinkLoader.cpp:
            (WebCore::createLinkPreloadResourceClient):

                Ensure we use the actual resource type when creating the client.

            (WebCore::LinkLoader::preloadIfNeeded):

                Don't construct client if the types don't match. This can happen if there is an existing
                preload for the same resource with different type.

2018-02-05  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227989. rdar://problem/37145565

    2018-02-01  Youenn Fablet  <youenn@apple.com>

            Delay service worker process creation until actually needed by SWServer
            https://bugs.webkit.org/show_bug.cgi?id=182301

            Reviewed by Chris Dumez.

            Rename SWServer::Connection::scheduleJobInServer to scheduleJob.
            Add sessionID getter from an SWServer.

            * workers/service/server/SWServer.h:
            (WebCore::SWServer::sessionID const):

2018-02-05  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227350. rdar://problem/37243993

    2018-01-22  Chris Dumez  <cdumez@apple.com>

            Add release logging to help debug issues related to service workers
            https://bugs.webkit.org/show_bug.cgi?id=181935
            <rdar://problem/36735900>

            Reviewed by Brady Eidson.

            * workers/service/ServiceWorker.cpp:
            (WebCore::ServiceWorker::ServiceWorker):
            (WebCore::ServiceWorker::scheduleTaskToUpdateState):
            (WebCore::ServiceWorker::postMessage):
            (WebCore::ServiceWorker::isAlwaysOnLoggingAllowed const):
            * workers/service/ServiceWorker.h:
            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::addRegistration):
            (WebCore::ServiceWorkerContainer::removeRegistration):
            (WebCore::ServiceWorkerContainer::updateRegistration):
            (WebCore::ServiceWorkerContainer::jobFailedWithException):
            (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
            (WebCore::ServiceWorkerContainer::jobResolvedWithUnregistrationResult):
            (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
            (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
            (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
            (WebCore::ServiceWorkerContainer::isAlwaysOnLoggingAllowed const):
            * workers/service/ServiceWorkerContainer.h:
            * workers/service/ServiceWorkerRegistration.cpp:
            (WebCore::ServiceWorkerRegistration::ServiceWorkerRegistration):
            (WebCore::ServiceWorkerRegistration::updateStateFromServer):
            (WebCore::ServiceWorkerRegistration::scheduleTaskToFireUpdateFoundEvent):
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::scriptContextFailedToStart):
            (WebCore::SWServer::didFinishInstall):
            (WebCore::SWServer::didFinishActivation):
            (WebCore::SWServer::terminateWorkerInternal):
            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::didResolveRegistrationPromise):
            (WebCore::SWServerJobQueue::runRegisterJob):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/36547114

    Disable some runtime feature flags on safari-605-branch

    2018-02-04  Maciej Stachowiak  <mjs@apple.com>

            Disable some runtime feature flags on safari-605-branch
            <rdar://problem/36547114>

            Reviewed by Maciej Stachowiak.

            * page/RuntimeEnabledFeatures.h: Disable offscreen canvas. Enable WebRTC legacy API

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228036. rdar://problem/37220130

    2018-02-02  David Quesada  <david_quesada@apple.com>

            WebAppManifest scope should default to the containing directory of start_url if 'scope' is not specified
            https://bugs.webkit.org/show_bug.cgi?id=182363
            rdar://problem/37093498

            Reviewed by Ryosuke Niwa.

            If an app manifest doesn't specify a scope, we should default to the "parent directory" of
            the start URL, rather than leaving the app unbounded. This is more reasonable than using the
            entire internet as the app scope.

            No new tests, updates to the existing tests verify the new behavior.

            * Modules/applicationmanifest/ApplicationManifestParser.cpp:
            (WebCore::ApplicationManifestParser::parseScope):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228034. rdar://problem/37220140

    2018-02-02  Youenn Fablet  <youenn@apple.com>

            Clearing all service worker registrations should wait for importing service worker registration to finish
            https://bugs.webkit.org/show_bug.cgi?id=182407
            <rdar://problem/37167523>

            Reviewed by Chris Dumez.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::clear): ensure completion handler is called on early exit case.

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228025. rdar://problem/37220140

    2018-02-02  Youenn Fablet  <youenn@apple.com>

            Clearing all service worker registrations should wait for importing service worker registration to finish
            https://bugs.webkit.org/show_bug.cgi?id=182407

            Reviewed by Chris Dumez.

            Covered by existing tests and the service worker API test being no longer flaky.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::registrationStoreImportComplete):
            (WebCore::SWServer::clearAll):
            (WebCore::SWServer::clear):
            (WebCore::SWServer::getOriginsWithRegistrations):
            * workers/service/server/SWServer.h:

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r228015. rdar://problem/37220133

    2018-02-02  Chris Dumez  <cdumez@apple.com>

            Clearing a registration should null out its workers before setting their state to "redundant"
            https://bugs.webkit.org/show_bug.cgi?id=182418
            <rdar://problem/37142874>

            Reviewed by Youenn Fablet.

            Clearing a registration should null out its workers before setting their state to "redundant".
            This seems to match Firefox and Chrome.

            No new tests, rebaselined existing test.

            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::clear):
            (WebCore::clearRegistrationWorker): Deleted.

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227997. rdar://problem/37220136

    2018-02-01  Chris Dumez  <cdumez@apple.com>

            When SW install fails, null out registration.installing before setting worker state to "redundant"
            https://bugs.webkit.org/show_bug.cgi?id=182416
            <rdar://problem/37141997>

            Reviewed by Youenn Fablet.

            When SW install fails, null out registration.installing before setting worker state to "redundant".
            This does not match the spec but this is what Firefox and Chrome do. This is also what the
            web-platform-tests expect.

            Test: http/tests/workers/service/install-fails.html

            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::didFinishInstall):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227985. rdar://problem/37145479

    2018-02-01  Chris Dumez  <cdumez@apple.com>

            Add missing RETURN_IF_EXCEPTION() after object->get() calls in convertDictionary<>()
            https://bugs.webkit.org/show_bug.cgi?id=182392
            <rdar://problem/37119215>

            Reviewed by Geoffrey Garen.

            Add missing RETURN_IF_EXCEPTION() after object->get() calls in convertDictionary<>(),
            given that getting the property from the object can throw an exception.

            No new tests, rebaselined existing test.

            * bindings/scripts/CodeGeneratorJS.pm:
            (GenerateDictionaryImplementationContent):
            * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
            (WebCore::convertDictionary<TestCallbackInterface::Dictionary>):
            * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
            (WebCore::convertDictionary<TestEventConstructor::Init>):
            * bindings/scripts/test/JS/JSTestObj.cpp:
            (WebCore::convertDictionary<TestObj::Dictionary>):
            (WebCore::convertDictionary<TestObj::DictionaryThatShouldNotTolerateNull>):
            (WebCore::convertDictionary<TestObj::DictionaryThatShouldTolerateNull>):
            (WebCore::convertDictionary<AlternateDictionaryName>):
            (WebCore::convertDictionary<TestObj::ParentDictionary>):
            (WebCore::convertDictionary<TestObj::ChildDictionary>):
            (WebCore::convertDictionary<TestObj::ConditionalDictionaryA>):
            (WebCore::convertDictionary<TestObj::ConditionalDictionaryB>):
            (WebCore::convertDictionary<TestObj::ConditionalDictionaryC>):
            * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
            (WebCore::convertDictionary<TestPromiseRejectionEvent::Init>):
            * bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp:
            (WebCore::convertDictionary<DictionaryImplName>):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227974. rdar://problem/37145538

    2018-02-01  Dean Jackson  <dino@apple.com>

            REGRESSION (r219342): Scaled HTML widget is not responding to a clicks outside the body
            https://bugs.webkit.org/show_bug.cgi?id=182394
            <rdar://problem/34840816>

            Reviewed by Simon Fraser.

            If a scale < 1 is applied to the page, then the visual viewport will be bigger
            than the layout viewport. Our hit testing code would then ignore any hits
            that were outside the layout viewport.

            The fix is to only apply a hit testing clip if the page is scaling up, not down.

            Update the existing fast/dom/elementFromPoint-scaled-scrolled.html test.

            * page/FrameView.cpp:
            (WebCore::FrameView::layoutViewportToAbsoluteRect const): Deleted. This helper is
            no longer used, and it would have probably been more confusing to have it accept
            a flag to ignore the scale if it is less than 1.
            * page/FrameView.h:
            * rendering/RenderLayer.cpp:
            (WebCore::RenderLayer::hitTest): No need to take the layout rect, remove the origin,
            and pass it to a helper that added the origin back. The only thing the helper was
            doing for us was applying a scale factor, which we only want to do if it was
            scaling up.

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227967. rdar://problem/37145562

    2018-02-01  Chris Dumez  <cdumez@apple.com>

            We no longer need to queue service worker jobs until the connection to the service worker process has been established
            https://bugs.webkit.org/show_bug.cgi?id=182375

            Reviewed by Youenn Fablet.

            We no longer need to queue service worker jobs until the connection to the service worker process
            has been established. We initially did this to work around the fact that registrations restored
            from disk would not have an active worker until the service worker process had been established.
            However, this issue has been fixed in r227696.

            This is basically a revert of r227220, which is no longer needed after r227696.

            No new tests, initial fix was covered by an API test that still passes.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::clearAll):
            (WebCore::SWServer::clear):
            (WebCore::SWServer::scheduleJob):
            (WebCore::SWServer::serverToContextConnectionCreated):
            * workers/service/server/SWServer.h:

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227959. rdar://problem/37145559

    2018-02-01  Chris Dumez  <cdumez@apple.com>

            Queue a microtask when a waitUntil() promise is settled
            https://bugs.webkit.org/show_bug.cgi?id=182372
            <rdar://problem/37101019>

            Reviewed by Mark Lam.

            Queue a microtask when a waitUntil() promise is settled, as per:
            - https://w3c.github.io/ServiceWorker/#dom-extendableevent-waituntil (step 5)

            Otherwise, we decrement m_pendingPromiseCount too quickly and it may cause
            following calls to waitUntil() to throw when they shouldn't.

            No new tests, rebaselined existing test.

            * workers/service/ExtendableEvent.cpp:
            (WebCore::ExtendableEvent::addExtendLifetimePromise):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227948. rdar://problem/37145473

    2018-01-31  Per Arne Vollan  <pvollan@apple.com>

            Layout Test fast/events/beforeunload-dom-manipulation-crash.html is crashing
            https://bugs.webkit.org/show_bug.cgi?id=181204
            <rdar://problem/36256274>

            Reviewed by Ryosuke Niwa.

            When a frame element is moved in the DOM tree during the execution of a beforeunload handler,
            the frame will be detached when removed from its previous position in the DOM tree. When being
            detached, an attempt will also be made to stop the load by calling FrameLoader::stopAllLoaders().
            However, this method will return early when executed in a beforeunload handler, since navigation
            is not allowed then. The end result is a detached frame which will continue to load, and hitting
            asserts in DocumentLoader::dataReceived(), and DocumentLoader::notifyFinished(). It should be
            possible to stop a frame load, even when executing a beforeunload handler.

            No new tests. Covered by the existing test fast/events/beforeunload-dom-manipulation-crash.html.

            * history/PageCache.cpp:
            (WebCore::PageCache::addIfCacheable): Fix a failing API test by allowing scripts to be executed
            under the PageCache::prune method.
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::isStopLoadingAllowed const):
            (WebCore::FrameLoader::stopAllLoaders):
            * loader/FrameLoader.h:
            * svg/graphics/SVGImage.cpp:
            (WebCore::SVGImage::~SVGImage): Disable scripts disallowed assertions in this scope, since it is
            safe in this context.

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227936. rdar://problem/37145449

    2018-01-31  Said Abou-Hallawa  <sabouhallawa@apple.com>

            BitmapImage::drawPattern() may not draw a complete frame even after all the data is received
            https://bugs.webkit.org/show_bug.cgi?id=182277

            Reviewed by Simon Fraser.

            BitmapImage::drawPattern() needs to destroy the incomplete decoded frame
            before trying to draw it as a pattern.

            Test: http/tests/images/draw-pattern-slow-load-large-image.html

            * loader/cache/CachedImage.cpp:
            (WebCore::CachedImage::updateBufferInternal): We need to disable CachedImage
            data buffering for testing. This simulates slow network where intervals
            between data chunks can last for seconds.
            * loader/cache/CachedImage.h:
            * platform/graphics/BitmapImage.cpp:
            (WebCore::BitmapImage::drawPattern): Destroy the incomplete decoded frame
            before drawing this frame as a pattern. We do not destroy incomplete decoded
            frame once new data is received because it may be drawn by async image
            drawing while waiting for the newer frame to finish decoding.
            * testing/Internals.cpp:
            (WebCore::Internals::setForceUpdateImageDataEnabledForTesting):
            * testing/Internals.h:
            * testing/Internals.idl:

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227934. rdar://problem/37145534

    2018-01-31  Ryosuke Niwa  <rniwa@webkit.org>

            Add a release assertion to ensure timers are deleted in the right thread
            https://bugs.webkit.org/show_bug.cgi?id=182351

            Reviewed by David Kilzer.

            Added a relese assertion in ~TimerBase that the current thread is the one in which the timer was created.

            We use canAccessThreadLocalDataForThread for this purpose since the condition is more complicated
            when WebThread is being used.

            * platform/Timer.cpp:
            (WebCore::TimerBase::~TimerBase): Added the assertion.
            * platform/Timer.h:
            (WebCore::TimerBase::m_thread): Always store the current thread in a timer.

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227932. rdar://problem/37145456

    2018-01-31  Youenn Fablet  <youenn@apple.com>

            Change SWServer::claim to set the iterator value as soon as possible
            https://bugs.webkit.org/show_bug.cgi?id=182337

            Reviewed by Chris Dumez.

            No change of behavior, this is a "let's go safe way" fix.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::claim):

2018-02-04  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227926. rdar://problem/37145475

    2018-01-31  Ryosuke Niwa  <rniwa@webkit.org>

            Release assertion in Performance::resourceTimingBufferFullTimerFired when the resource timing buffer is shrunk
            https://bugs.webkit.org/show_bug.cgi?id=182319
            <rdar://problem/36904312>

            Reviewed by Chris Dumez.

            The crash was caused by a wrong release assertion. Handle author scripts shrinking the resource timing buffer
            while resourcetimingbufferfull event is being dispatched.

            Also fixed a bug that a superflous resourcetimingbufferfull event will be fired when new resource timing entries
            are queued while resourcetimingbufferfull event is being dispatched.

            Test: http/tests/performance/performance-resource-timing-resourcetimingbufferfull-queue-resource-entry.html
                  http/tests/performance/performance-resource-timing-resourcetimingbufferfull-shrinking-buffer-crash.html

            * page/Performance.cpp:
            (WebCore::Performance::resourceTimingBufferFullTimerFired):

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227909. rdar://problem/37079020

    2018-01-31  Youenn Fablet  <youenn@apple.com>

            com.apple.WebKit.Storage crashing at com.apple.WebCore: WebCore::SWServerRegistration::removeClientUsingRegistration
            https://bugs.webkit.org/show_bug.cgi?id=182316
            <rdar://problem/37025976>

            Reviewed by Chris Dumez.

            SWServer.m_clientToControllingWorker and SWServerRegistration.m_clientsUsingRegistration might currently get out of sync.
            This is a defensive fix to ensure storage process will not crash in Release.
            We keep the ASSERT as this probably means there is an abnormal situation that other patches might fix.

            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::removeClientUsingRegistration):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226783. rdar://problem/37077980

    2018-01-04  Filip Pizlo  <fpizlo@apple.com>

            CodeBlocks should be in IsoSubspaces
            https://bugs.webkit.org/show_bug.cgi?id=180884

            Reviewed by Saam Barati.

            No new tests because no new behavior.

            Adopting new parallel constraint API, so that more of the logic of doing parallel
            constraint solving is shared between the DOM's output constraints and JSC's output
            constraints.

            * bindings/js/DOMGCOutputConstraint.cpp:
            (WebCore::DOMGCOutputConstraint::executeImpl):
            (WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
            (WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
            * bindings/js/DOMGCOutputConstraint.h:

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227790. rdar://problem/37050332

    2018-01-30  Brent Fulgham  <bfulgham@apple.com>

            Add telemetry to track storage access API adoption
            https://bugs.webkit.org/show_bug.cgi?id=182197
            <rdar://problem/35803309>

            Reviewed by Chris Dumez.

            Partial roll-out of r227755.

            The original patch assumed the WebContent process kept track of user interaction. This is
            only tracked in the UIProcess, so we can get rid of some of the logging code adding in
            r227755.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::ResourceLoadObserver::logFrameNavigation):
            (WebCore::ResourceLoadObserver::logSubresourceLoading):
            (WebCore::ResourceLoadObserver::setTimeToLivePartitionFree): Deleted.
            (WebCore::ResourceLoadObserver::wasAccessedWithinInteractionWindow const): Deleted.
            * loader/ResourceLoadObserver.h:

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227870. rdar://problem/37059541

    2018-01-30  Youenn Fablet  <youenn@apple.com> and Oleksandr Skachkov  <gskachkov@gmail.com>

            FetchResponse should support ConsumeData callback on chunk data is received
            https://bugs.webkit.org/show_bug.cgi?id=181600
            <rdar://problem/36932547>

            Reviewed by Alex Christensen.

            Test: imported/w3c/web-platform-tests/service-workers/service-worker/fetch-event-respond-with-body-loaded-in-chunk.https.html

            Apply same read-by-chunk strategy for body coming from network as for body coming from ReadableStream.
            Refactor to have one consumeBodyReceivedByChunk method for both cases.
            This allows streaming data from a service worker to WebProcess as would be done by NetworkProcess.

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::addAll):
            (WebCore::DOMCache::put):
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::BodyLoader::didSucceed):
            (WebCore::FetchResponse::BodyLoader::didReceiveData):
            (WebCore::FetchResponse::BodyLoader::consumeDataByChunk):
            (WebCore::FetchResponse::consumeBody):
            (WebCore::FetchResponse::consumeBodyReceivedByChunk):
            * Modules/fetch/FetchResponse.h:
            * workers/service/context/ServiceWorkerFetch.cpp:
            (WebCore::ServiceWorkerFetch::processResponse):

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227860. rdar://problem/37050332

    2018-01-30  Brent Fulgham  <bfulgham@apple.com>

            Add telemetry to track storage access API adoption
            https://bugs.webkit.org/show_bug.cgi?id=182197
            <rdar://problem/35803309>

            Reviewed by Chris Dumez.

            Part 2: Add telemetry for the Storage Access API case

            Adds a new convenience method to identify origin/page/frame combinations that
            have been granted access to the Storage Access API. This is used for debug
            logging in the NetworkProcess. It is not used in production builds.

            * platform/network/NetworkStorageSession.h:
            * platform/network/cf/NetworkStorageSessionCFNet.cpp:
            (WebCore::NetworkStorageSession::hasStorageAccessForFrame const): Added.

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227760. rdar://problem/37019484

    2018-01-29  Oleksandr Skachkov  <gskachkov@gmail.com>

            FetchResponse should support ConsumeData callback on chunk data is received: handling ReadableStream bodies
            https://bugs.webkit.org/show_bug.cgi?id=182008

            Reviewed by Youenn Fablet.

            Modify FetchResponse to support ConsumeData callback with
            handling of ReadableStream by chunks

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::put):
            * Modules/fetch/FetchBodyConsumer.cpp:
            (WebCore::FetchBodyConsumer::resolve):
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::consumeBodyFromReadableStream):
            * Modules/fetch/FetchResponse.h:
            * Modules/streams/ReadableStreamChunk.h: Added.
            * Modules/streams/ReadableStreamSink.cpp:
            (WebCore::ReadableStreamToSharedBufferSink::enqueue):
            (WebCore::ReadableStreamToSharedBufferSink::close):
            * Modules/streams/ReadableStreamSink.h:
            * WebCore.xcodeproj/project.pbxproj:
            * workers/service/context/ServiceWorkerFetch.cpp:
            (WebCore::ServiceWorkerFetch::processResponse):

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227755. rdar://problem/37050332

    2018-01-29  Brent Fulgham  <bfulgham@apple.com>

            Add telemetry to track storage access API adoption
            https://bugs.webkit.org/show_bug.cgi?id=182197
            <rdar://problem/35803309>

            Reviewed by Chris Dumez.

            Part 1: Add telemetry for the user interaction case

            This patch adds telemetry to track how frequently third-party cookies are
            used in a first party context due to user interaction. This will help
            understand cases where the new Storage Access API can help, and to help
            us understand if we have considered relevant use cases in its design.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::ResourceLoadObserver::setTimeToLivePartitionFree): Let the observer
            know the first party interaction duration.
            (WebCore::ResourceLoadObserver::wasAccessedWithinInteractionWindow const): Added.
            (WebCore::ResourceLoadObserver::logFrameNavigation): Note when a third party
            resource is accessed as a first party due to user interaction.
            (WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
            * loader/ResourceLoadObserver.h:
            * loader/ResourceLoadStatistics.cpp:
            (WebCore::ResourceLoadStatistics::encode const): Handle new fields.
            (WebCore::ResourceLoadStatistics::decode): Ditto.
            * loader/ResourceLoadStatistics.h:

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227858. rdar://problem/37049295

    2018-01-30  Ryosuke Niwa  <rniwa@webkit.org>

            Release assert in updateLayout() via AXObjectCache::childrenChanged
            https://bugs.webkit.org/show_bug.cgi?id=182279
            <rdar://problem/36994456>

            Reviewed by Antti Koivisto.

            Disable the assertion in Document::updateLayout and Document::updateStyle* in this particular circumstance as fixing it
            would require a large architectural refactoring of the accessibility code.

            Test: accessibility/accessibility-object-update-during-style-resolution-crash.html

            * accessibility/AXObjectCache.cpp:
            (WebCore::AXObjectCache::childrenChanged): Disabled the release assertion here.
            * dom/Document.cpp:
            (WebCore::Document::isSafeToUpdateStyleOrLayout const): Check LayoutAssertionDisableScope::shouldDisable.
            * dom/ScriptDisallowedScope.h:
            (WebCore::ScriptDisallowedScope::LayoutAssertionDisableScope): Added.
            (WebCore::ScriptDisallowedScope::LayoutAssertionDisableScope::LayoutAssertionDisableScope): Added.
            (WebCore::ScriptDisallowedScope::LayoutAssertionDisableScope::~LayoutAssertionDisableScope): Added.
            (WebCore::ScriptDisallowedScope::LayoutAssertionDisableScope::shouldDisable): Added.
            * page/LayoutContext.cpp:
            (WebCore::LayoutContext::layout): Check LayoutAssertionDisableScope::shouldDisable.

2018-01-31  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227841. rdar://problem/37059544

    2018-01-30  Dean Jackson  <dino@apple.com>

            CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::Document::updateStyleIfNeeded
            https://bugs.webkit.org/show_bug.cgi?id=182299
            <rdar://problem/36853088>

            Reviewed by Simon Fraser.

            Mostly speculative fix for the case where a scrollTo moves an
            animated SVG image into view, causing its animation to restart during
            a paint operation. This was causing a release ASSERT, so we now defer
            the resumption of the animation into a timer.

            Test: svg/animated-svgImage-scroll.html

            * rendering/RenderElement.cpp:
            (WebCore::RenderElement::repaintForPausedImageAnimationsIfNeeded): Enqueue the
            animation if it is an SVGImage.
            * svg/graphics/SVGImage.cpp: Add a timer to enqueue animation starts.
            (WebCore::SVGImage::SVGImage):
            (WebCore::SVGImage::startAnimationTimerFired):
            (WebCore::SVGImage::enqueueStartAnimation):
            (WebCore::SVGImage::stopAnimation):
            * svg/graphics/SVGImage.h:

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227625. rdar://problem/37019502

    2018-01-25  Youenn Fablet  <youenn@apple.com>

            DocumentLoader should interrupt ongoing load when getting a redirection from network that matches a service worker
            https://bugs.webkit.org/show_bug.cgi?id=182115

            Reviewed by Alex Christensen.

            Covered by rebased test.

            In case a navigation load is going to the network process,
            we need to interrupt it if having a redirection that leads to a new request going to a service worker.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::redirectReceived):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227796. rdar://problem/37037868

    2018-01-30  Chris Dumez  <cdumez@apple.com>

            Service worker registration soft updates happen too frequently
            https://bugs.webkit.org/show_bug.cgi?id=182296
            <rdar://problem/37031862>

            Reviewed by Youenn Fablet.

            Move code that updates the registration's last update check time from after
            the script bytecheck to before, as per:
            - https://w3c.github.io/ServiceWorker/#update (step 7.19)

            This way, the last update check time gets updated even if the newly fetched
            script is identical to the previous one, which is the common case.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::updateWorker):
            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::scriptFetchFinished):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227789. rdar://problem/37035797

    2018-01-30  Chris Dumez  <cdumez@apple.com>

            Make sure we never create a WebSWClientConnection with an invalid sessionID
            https://bugs.webkit.org/show_bug.cgi?id=182276
            <rdar://problem/36582633>

            Reviewed by Alex Christensen.

            Make sure we never create a WebSWClientConnection with an invalid sessionID as this
            could corrupt our hash tables.

            * dom/Document.cpp:
            (WebCore::Document::privateBrowsingStateDidChange):
            * workers/service/ServiceWorker.cpp:
            (WebCore::ServiceWorker::postMessage):
            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::ready):
            (WebCore::ServiceWorkerContainer::getRegistration):
            (WebCore::ServiceWorkerContainer::didFinishGetRegistrationRequest):
            (WebCore::ServiceWorkerContainer::getRegistrations):
            (WebCore::ServiceWorkerContainer::didFinishGetRegistrationsRequest):
            (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
            (WebCore::ServiceWorkerContainer::ensureSWClientConnection):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227768. rdar://problem/37019510

    2018-01-29  Youenn Fablet  <youenn@apple.com>

            Cache API should make sure to resolve caches.open promises in the same order as called
            https://bugs.webkit.org/show_bug.cgi?id=182193
            <rdar://problem/36930363>

            Reviewed by Chris Dumez.

            Covered by LayoutTests/http/wpt/cache-storage/cache-open-delete-in-parallel.https.html.

            * Modules/cache/DOMCacheStorage.cpp:
            (WebCore::DOMCacheStorage::doRemove): Removed optimization consisting in removing the cache from DOMCacheStorage object synchronously.
            This optimization prevents going to the network process to try deleting the cache.

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227759. rdar://problem/37019477

    2018-01-29  Andy Estes  <aestes@apple.com>

            [iOS] Restrict synthetic clicks to the origin that handled the underlying touch event
            https://bugs.webkit.org/show_bug.cgi?id=182252
            <rdar://problem/21555881>

            Reviewed by Tim Horton.

            Test: http/tests/events/touch/ios/cross-frame-single-tap-same-origin.https.html

            * dom/Document.h:
            (WebCore::Document::handlingTouchEvent const):
            * page/EventHandler.h:
            (WebCore::EventHandler::touchEventTargetSubframe const):
            (WebCore::EventHandler::touches const):

            Exposed some information needed by WebPage::updatePotentialTapSecurityOrigin().

            * page/Frame.h:
            * page/ios/FrameIOS.mm:
            (WebCore::Frame::betterApproximateNode):
            (WebCore::Frame::qualifyingNodeAtViewportLocation):

            Changed NodeQualifier from a function pointer to a WTF::Function.

            (WebCore::Frame::nodeRespondingToClickEvents):

            Turned ancestorRespondingToClickEvents() into a lambda that captures originRestriction. In
            the lambda, if there is an origin restriction, return nullptr if the hit test result's inner
            Node is not in the restricted origin.

            (WebCore::Frame::nodeRespondingToScrollWheelEvents):

            Turned ancestorRespondingToScrollWheelEvents() into a lambda.

            (WebCore::ancestorRespondingToScrollWheelEvents):

            Moved to lambda in nodeRespondingToScrollWheelEvents().

            (WebCore::ancestorRespondingToClickEvents):

            Moved to lambda in nodeRespondingToClickEvents().

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227753. rdar://problem/37019534

    2018-01-29  Antti Koivisto  <antti@apple.com>

            CalcExpressionBlendLength::evaluate hits stack limit
            https://bugs.webkit.org/show_bug.cgi?id=182243

            Reviewed by Zalan Bujtas.

            Speculative fix to prevent nesting of CalcExpressionBlendLength.

            No test, don't know how to make one.

            * platform/CalculationValue.cpp:
            (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength):

            CalcExpressionBlendLength is only used in Length values of animated style. Normally such styles are not used
            as input for further blending but there are some paths where this could in principle happen. Repeated
            application (for each animation frame) could construct CalcExpressionBlendLength expression that blows
            the stack when evaluated.

            Speculatively fix by flattening any nesting.

            * platform/CalculationValue.h:
            (WebCore::CalcExpressionBlendLength::CalcExpressionBlendLength): Deleted.

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227745. rdar://problem/37019493

    2018-01-29  Chris Dumez  <cdumez@apple.com>

            Drop unnecessary "ServiceWorker Task Thread" in SWServer
            https://bugs.webkit.org/show_bug.cgi?id=182253

            Reviewed by Youenn Fablet.

            Drop unnecessary "ServiceWorker Task Thread" in SWServer. We're spinning a thread for
            each SWServer that is never used.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::~SWServer):
            (WebCore::SWServer::SWServer):
            (WebCore::SWServer::taskThreadEntryPoint): Deleted.
            (WebCore::SWServer::postTask): Deleted.
            (WebCore::SWServer::postTaskReply): Deleted.
            (WebCore::SWServer::handleTaskRepliesOnMainThread): Deleted.
            * workers/service/server/SWServer.h:

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227702. rdar://problem/37019515

    2018-01-26  Dean Jackson  <dino@apple.com>

            REGRESSION (r222961): Clear function not clearing whole screen when antialias is set to false
            https://bugs.webkit.org/show_bug.cgi?id=179368
            <rdar://problem/36111549>

            Reviewed by Sam Weinig.

            When we changed from using a CAOpenGLLayer to a regular CALayer, we should
            have also swapped the "opaque" property to "contentsOpaque".

            Covered by the existing test: fast/canvas/webgl/context-attributes-alpha.html
            (when run on some hardware!)

            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer initWithGraphicsContext3D:]):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227697. rdar://problem/37019483

    2018-01-26  Simon Fraser  <simon.fraser@apple.com>

            REGRESSiON (r226492): Crash under Element::absoluteEventBounds() on a SVGPathElement which has not been laid out yet
            https://bugs.webkit.org/show_bug.cgi?id=182185
            rdar://problem/36836262

            Reviewed by Zalan Bujtas.

            Document::absoluteRegionForEventTargets() can fire when layout is dirty, and SVGPathElement's path() can be null if it
            hasn't been laid out yet. So protect against a null path in getBBox().

            Not easily testable because internals.nonFastScrollableRects() forces layout, and the crash depends on the timing of
            absoluteRegionForEventTargets().

            * svg/SVGPathElement.cpp:
            (WebCore::SVGPathElement::getBBox):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227696. rdar://problem/37019435

    2018-01-26  Chris Dumez  <cdumez@apple.com>

            Offlined content does not work for apps on home screen
            https://bugs.webkit.org/show_bug.cgi?id=182070
            <rdar://problem/36843906>

            Reviewed by Youenn Fablet.

            Already registered service workers were unable to intercept the very first
            load because registration matching was happening after the registration
            was loaded from disk, but *before* its active worker was populated.

            We now initialize the registrations' active worker as soon as we load
            them from disk. We do not necessarily have a SW Context process connection
            identifier yet at this point so I made it optional on the SWServerWorker.
            This identifier gets set on the SWServerWorker when the worker is actually
            launched and gets cleared when the SWServerWorker gets terminated.

            Covered by new API test.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::addRegistrationFromStore):
            (WebCore::SWServer::installContextData):
            (WebCore::SWServer::terminateWorkerInternal):
            (WebCore::SWServer::workerContextTerminated):
            (WebCore::SWServer::fireInstallEvent):
            (WebCore::SWServer::fireActivateEvent):
            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::SWServerWorker):
            * workers/service/server/SWServerWorker.h:
            (WebCore::SWServerWorker::contextConnectionIdentifier const):
            (WebCore::SWServerWorker::setContextConnectionIdentifier):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227686. rdar://problem/37019446

    2018-01-26  Antoine Quint  <graouts@apple.com>

            [iOS] prefers-reduced-motion media query is not working
            https://bugs.webkit.org/show_bug.cgi?id=182169
            <rdar://problem/36801631>

            Reviewed by Dean Jackson.

            The code that would eventually query UIKit for the system setting was not run since USE(NEW_THEME) is off on iOS.
            Adding a PLATFORM(IOS) flag here allows the code to run.

            * css/MediaQueryEvaluator.cpp:
            (WebCore::prefersReducedMotionEvaluate):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227680. rdar://problem/37019528

    2018-01-26  Youenn Fablet  <youenn@apple.com>

            CSP post checks should be done for service worker responses
            https://bugs.webkit.org/show_bug.cgi?id=182160

            Reviewed by Daniel Bates.

            Covered by updated test.

            Add security checks when receiving a service worker response.

            * loader/SubresourceLoader.cpp:
            (WebCore::SubresourceLoader::didReceiveResponse):
            * loader/cache/CachedResourceLoader.h:

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227651. rdar://problem/37019465

    2018-01-25  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r217236): [iOS] PDFDocumentImage does not update its cached ImageBuffer if it has a sub-rectangle of the image
            https://bugs.webkit.org/show_bug.cgi?id=182083

            Reviewed by Simon Fraser.

            Test: fast/images/pdf-as-image-dest-rect-change.html

            Revert the change r217236 back. Fix the issue of throwing out the cached
            ImageBuffer of the PDF document image when moving its rectangle.

            * platform/graphics/cg/PDFDocumentImage.cpp:
            (WebCore::PDFDocumentImage::cacheParametersMatch): Return the if-statement
            which was deleted in r217236 back but intersect it with dstRect. The context
            clipping rectangle can be more than the dstRect.
            (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
            -- Remove a wrong optimization which used to work for Mac only if the context
               interpolation quality is not set to low or none quality. This optimization
               does not consider the case when srcRect or destRect change after caching
               the ImageBuffer. Or even if m_cachedImageRect does not include the
               whole clipping rectangle.
            -- Move back the call to cacheParametersMatch() before changing the
               m_cachedImageRect.
            -- Always intersect the clipping rectangle with the dstRect to ensure we
               only look at the dirty rectangle inside the image boundary.
            -- If cacheParametersMatch() returns true, set m_cachedDestinationRect to
               dstRect and move m_cachedImageRect by the difference between the new
               and the old dstRects since no re-caching will happen.
            * platform/graphics/cg/PDFDocumentImage.h:
            * testing/Internals.cpp:
            (WebCore::pdfDocumentImageFromImageElement):
            (WebCore::Internals::pdfDocumentCachingCount):
            * testing/Internals.h:
            * testing/Internals.idl:
            Add an internal API which returns the number of drawing the PDF into an
            ImageBuffer.

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227639. rdar://problem/37019431

    2018-01-25  Chris Dumez  <cdumez@apple.com>

            Access to service workers / Cache API should be disabled in sandboxed frames without allow-same-origin flag
            https://bugs.webkit.org/show_bug.cgi?id=182140
            <rdar://problem/36879952>

            Reviewed by Youenn Fablet.

            Throw a SecurityError when accessing navigator.serviceWorker or window.caches inside a sandboxed iframe
            without the allow-same-origin flag. This behavior is consistent with Chrome. Firefox, however, seems
            to return these objects but have their API reject promises with a SecurityError instead.

            No new tests, rebaselined existing tests.

            * Modules/cache/DOMWindowCaches.cpp:
            (WebCore::DOMWindowCaches::caches): Deleted.
            * Modules/cache/DOMWindowCaches.h:
            * Modules/cache/DOMWindowCaches.idl:
            * page/NavigatorBase.cpp:
            * page/NavigatorBase.h:
            * page/NavigatorServiceWorker.idl:

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227638. rdar://problem/37019454

    2018-01-25  Chris Dumez  <cdumez@apple.com>

            Clients.get(id) should only returns clients in the service worker's origin
            https://bugs.webkit.org/show_bug.cgi?id=182149
            <rdar://problem/36882310>

            Reviewed by Youenn Fablet.

            When looking for SW clients with a given identifier, only look in the list of
            clients that have the same origin as the service worker.

            No new tests, rebaselined existing test.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::serviceWorkerClientWithOriginByID const):
            (WebCore::SWServer::serviceWorkerClientByID const): Deleted.
            * workers/service/server/SWServer.h:
            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::findClientByIdentifier const):
            * workers/service/server/SWServerWorker.h:

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227637. rdar://problem/37019468

    2018-01-25  Youenn Fablet  <youenn@apple.com>

            WebPluginInfoProvider should handle null host queries
            https://bugs.webkit.org/show_bug.cgi?id=182112

            Reviewed by Chris Dumez.

            No change of behavior.

            Removed assertion that is not always true, as shown by API tests.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::responseReceived):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227635. rdar://problem/37019482

    2018-01-25  Youenn Fablet  <youenn@apple.com>

            ShapeOutside should use same origin credentials mode
            https://bugs.webkit.org/show_bug.cgi?id=182141

            Reviewed by Chris Dumez.

            Covered by updated test.
            As per https://drafts.csswg.org/css-shapes/#shape-outside-property, ShapeOutside images
            should be fetched with anonymous cors mode, meaning credentials should be set to same-origin.

            * style/StylePendingResources.cpp:
            (WebCore::Style::loadPendingImage):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227632. rdar://problem/37019496

    2018-01-25  John Wilander  <wilander@apple.com>

            Make sure we have a frame as we iterate in ResourceLoadObserver::nonNullOwnerURL()
            https://bugs.webkit.org/show_bug.cgi?id=182116
            <rdar://problem/36210134>

            Reviewed by Alex Christensen.

            No new tests. No known repro case, just crash logs.

            * loader/ResourceLoadObserver.cpp:
            (WebCore::ResourceLoadObserver::nonNullOwnerURL const):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227631. rdar://problem/37019444

    2018-01-25  Jer Noble  <jer.noble@apple.com>

            Move ImageDecoderAVFObjC from using AVSampleBufferGenerator to AVAssetReaderOutput for parsing
            https://bugs.webkit.org/show_bug.cgi?id=182091

            Reviewed by Eric Carlson.

            No new tests; should be covered by existing tests.

            AVSampleBufferGenerator is not available on iOS, so in order to enable ImageDecoderAVFObjC there,
            we must adopt a similar API which is available both on iOS and macOS: AVAssetReaderOutput. Unlike
            the generator, AVAssetReaderOutput doesn't necessarily generate samples in decode order, so we'll
            repurpose the SampleMap from EME to hold the decoded samples as well as their generated images.

            * Modules/mediasource/SampleMap.cpp:
            * Modules/mediasource/SampleMap.h:
            (WebCore::SampleMap::size const):
            * platform/MIMETypeRegistry.cpp:
            (WebCore::MIMETypeRegistry::isSupportedImageVideoOrSVGMIMEType):
            * platform/MediaSample.h:
            (WebCore::MediaSample::hasAlpha const):
            * platform/graphics/ImageDecoder.cpp:
            (WebCore::ImageDecoder::create):
            (WebCore::ImageDecoder::supportsMediaType):
            * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Make non-final.
            (WebCore::MediaSampleAVFObjC::sampleBuffer const):
            (WebCore::MediaSampleAVFObjC::MediaSampleAVFObjC):
            * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.h:
            * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
            (WebCore::ImageDecoderAVFObjCSample::create):
            (WebCore::ImageDecoderAVFObjCSample::sampleBuffer const):
            (WebCore::ImageDecoderAVFObjCSample::image const):
            (WebCore::ImageDecoderAVFObjCSample::setImage):
            (WebCore::ImageDecoderAVFObjCSample::ImageDecoderAVFObjCSample):
            (WebCore::ImageDecoderAVFObjCSample::cacheMetadata):
            (WebCore::toSample):
            (WebCore::ImageDecoderAVFObjC::readSamples):
            (WebCore::ImageDecoderAVFObjC::storeSampleBuffer):
            (WebCore::ImageDecoderAVFObjC::advanceCursor):
            (WebCore::ImageDecoderAVFObjC::setTrack):
            (WebCore::ImageDecoderAVFObjC::encodedDataStatus const):
            (WebCore::ImageDecoderAVFObjC::repetitionCount const):
            (WebCore::ImageDecoderAVFObjC::frameIsCompleteAtIndex const):
            (WebCore::ImageDecoderAVFObjC::frameDurationAtIndex const):
            (WebCore::ImageDecoderAVFObjC::frameHasAlphaAtIndex const):
            (WebCore::ImageDecoderAVFObjC::createFrameImageAtIndex):
            (WebCore::ImageDecoderAVFObjC::setData):
            (WebCore::ImageDecoderAVFObjC::clearFrameBufferCache):
            (WebCore::ImageDecoderAVFObjC::sampleAtIndex const):
            (WebCore::ImageDecoderAVFObjC::readSampleMetadata): Deleted.

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227626. rdar://problem/37019471

    2018-01-25  Youenn Fablet  <youenn@apple.com>

            DocumentThreadableLoader should ensure service worker is not reused if redirection comes from the network
            https://bugs.webkit.org/show_bug.cgi?id=182137

            Reviewed by Chris Dumez.

            Covered by rebased test.
            In case redirection does not come from memory cache or service worker, disable service worker interception when following the redirection.

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::redirectReceived):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227624. rdar://problem/37019501

    2018-01-25  Chris Dumez  <cdumez@apple.com>

            Registering same scope as the script directory without the last slash should fail
            https://bugs.webkit.org/show_bug.cgi?id=182122
            <rdar://problem/36877167>

            Reviewed by Youenn Fablet.

            This aligns our behavior with Firefox and Chrome.

            No new tests, rebaselined existing test.

            * workers/service/ServiceWorkerJob.cpp:
            (WebCore::ServiceWorkerJob::didReceiveResponse):

2018-01-30  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227529. rdar://problem/37019438

    2018-01-24  Eric Carlson  <eric.carlson@apple.com>

            REGRESSION(r227457): Release assert in updateLayout while destructing a media element
            https://bugs.webkit.org/show_bug.cgi?id=182038
            <rdar://problem/36812083>

            Reviewed by Jer Noble.

            * html/MediaElementSession.cpp:
            (WebCore::isMainContentForPurposesOfAutoplay): Early return if element.isSuspended().
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::clientCharacteristicsChanged): Call scheduleUpdateNowPlayingInfo
            instead of updateNowPlayingInfo.

2018-01-29  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227737. rdar://problem/36746140

    2018-01-29  Brady Eidson  <beidson@apple.com>

            Make it possible for apps that use both WK1 and WK2 to use MessagePorts.
            https://bugs.webkit.org/show_bug.cgi?id=182229

            Reviewed by Chris Dumez.

            Covered by existing LayoutTests and a new API test.

            * dom/messageports/MessagePortChannel.cpp:
            (WebCore::MessagePortChannel::checkRemotePortForActivity): Don't use the global singleton
              provider. Instead use the provider that belongs to the owning registry.

            * dom/messageports/MessagePortChannelProviderImpl.cpp:
            (WebCore::MessagePortChannelProviderImpl::MessagePortChannelProviderImpl): Pass a reference
              to *this to the Registry.
            * dom/messageports/MessagePortChannelProviderImpl.h:

            * dom/messageports/MessagePortChannelRegistry.cpp:
            (WebCore::MessagePortChannelRegistry::MessagePortChannelRegistry): Keep a Provider member so
              MessagePortChannels can get to it instead of relying on the global singleton provider.
            * dom/messageports/MessagePortChannelRegistry.h:
            (WebCore::MessagePortChannelRegistry::provider):

2018-01-26  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227570. rdar://problem/36873398

    2018-01-24  Antti Koivisto  <antti@apple.com>

            Assertion failure in RenderMultiColumnSet::requiresBalancing() on fast/multicol/spanner-crash-when-adding-summary.html
            https://bugs.webkit.org/show_bug.cgi?id=179308
            <rdar://problem/34592771>

            Reviewed by Zalan Bujtas.

            The issue here is that we fail to tear down render tree for a summary element because adding another summary element
            takes it out of the composed tree. This leaves behind renderers that break some multicolumn assumptions.

            * rendering/updating/RenderTreeUpdater.cpp:
            (WebCore::RenderTreeUpdater::tearDownRenderers):
            (WebCore::RenderTreeUpdater::tearDownLeftoverShadowHostChildren):

            When tearing down renderers go through the real children of the shadow hosts at the end and see if we left any renderers behind.
            If so, tear them down too.

            * rendering/updating/RenderTreeUpdater.h:

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227612. rdar://problem/36873390

    2018-01-25  Youenn Fablet  <youenn@apple.com>

            Set integrity fetch options for loading scripts and CSS
            https://bugs.webkit.org/show_bug.cgi?id=182077

            Reviewed by Chris Dumez.

            Covered by updated test.

            Set integrity fetch option in script and CSS loading.

            * bindings/js/CachedModuleScriptLoader.cpp:
            (WebCore::CachedModuleScriptLoader::load):
            * bindings/js/CachedScriptFetcher.cpp:
            (WebCore::CachedScriptFetcher::requestModuleScript const):
            (WebCore::CachedScriptFetcher::requestScriptWithCache const):
            * bindings/js/CachedScriptFetcher.h:
            * dom/LoadableClassicScript.cpp:
            (WebCore::LoadableClassicScript::load):
            * dom/ScriptElementCachedScriptFetcher.cpp:
            (WebCore::ScriptElementCachedScriptFetcher::requestModuleScript const):
            * dom/ScriptElementCachedScriptFetcher.h:
            * html/HTMLLinkElement.cpp:
            (WebCore::HTMLLinkElement::process):

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227578. rdar://problem/36873356

    2018-01-24  Chris Dumez  <cdumez@apple.com>

            close() operation should not be exposed inside a ServiceWorkerGlobalScope
            https://bugs.webkit.org/show_bug.cgi?id=182057

            Reviewed by Youenn Fablet.

            Move close() from WorkerGlobalScope to DedicatedWorkerGlobalScope as per:
            - https://html.spec.whatwg.org/multipage/workers.html#dedicatedworkerglobalscope

            This change to the specification was made to avoid exposing this deprecated
            features to service workers (which are new).

            No new tests, rebaselined existing test.

            * workers/DedicatedWorkerGlobalScope.idl:
            * workers/WorkerGlobalScope.idl:

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227567. rdar://problem/36873353

    2018-01-24  Daniel Bates  <dabates@apple.com>

            [CSP] Check policy for targeted windows when navigating to a JavaScript URL
            https://bugs.webkit.org/show_bug.cgi?id=182018
            <rdar://problem/36795781>

            Reviewed by Brent Fulgham.

            Move the CSP check to be earlier in the function.

            Test: http/tests/security/contentSecurityPolicy/window-open-javascript-url-with-target-blocked.html

            * loader/FrameLoader.cpp:
            (WebCore::createWindow):

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227566. rdar://problem/36722508

    2018-01-24  Chris Dumez  <cdumez@apple.com>

            Add a IPC::SendSyncOption indicating we should not process incoming IPC while waiting for the sync reply
            https://bugs.webkit.org/show_bug.cgi?id=182021
            <rdar://problem/21629943>

            Reviewed by Ryosuke Niwa.

            Add layout testing infrastructure for the new flag.

            Test: fast/misc/testIncomingSyncIPCMessageWhileWaitingForSyncReply.html

            * page/ChromeClient.h:
            * testing/Internals.cpp:
            (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply):
            * testing/Internals.h:
            * testing/Internals.idl:

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227533. rdar://problem/36873383

    2018-01-24  Daniel Bates  <dabates@apple.com>

            REGRESSION (r226138): Selecting a line that ends with zero-width joiner (ZWJ) may cause text transformation
            https://bugs.webkit.org/show_bug.cgi?id=181993
            <rdar://problem/36421080>

            Reviewed by David Hyatt.

            Re-implement paint optimization that was inadvertently removed in r226138. This optimization
            works around an issue where selecting the last printable character in a line that is followed
            followed by a zero-width joiner transforms the selected character.

            We need to fix <https://bugs.webkit.org/show_bug.cgi?id=181964> to improve the interaction
            of selection and zero-width joiner characters. For now, re-implement a paint optimization
            to perform a single paint operation when the style of the non-selected text is identical
            to the style of the selected text.

            Test: fast/text/mac/select-character-before-zero-width-joiner.html

            * rendering/InlineTextBox.cpp:
            (WebCore::InlineTextBox::MarkerSubrangeStyle::areBackgroundMarkerSubrangeStylesEqual):
            (WebCore::InlineTextBox::MarkerSubrangeStyle::areForegroundMarkerSubrangeStylesEqual):
            (WebCore::InlineTextBox::MarkerSubrangeStyle::areDecorationMarkerSubrangeStylesEqual):
            Add helper functions to determine when marker styles are identical. We make use of these
            equality functions to coalesce adjacent subranges that have the same visual style and
            hence reduce the number of drawing commands to paint all the subranges in a line.

            (WebCore::InlineTextBox::paint): Coalesce subranges before painting.

            (WebCore::InlineTextBox::subdivideAndResolveStyle): Split out the logic to coalesce
            subranges with the same style into its own function InlineTextBox::coalesceAdjacentSubranges()
            and kept this function focused on subdivision and style resolution. Manually compute
            the frontmost subranges so that we can resolve style for each subrange with respect to
            the correct base style. Formerly we always resolved style with respect the specified
            base style. Now we resolve style with respect the previous frontmost subrange to ensure
            styles cascade as expected. This change causes no visual difference now. Once we implement
            <https://bugs.webkit.org/show_bug.cgi?id=175784> we will be able to test this change
            with respect to selection of ::spelling-error/::grammar-error pseudo elements.

            (WebCore::InlineTextBox::coalesceAdjacentSubranges): Extracted logic from InlineTextBox::subdivideAndResolveStyle().

            (WebCore::InlineTextBox::MarkerSubrangeStyle::operator== const): Deleted.
            (WebCore::InlineTextBox::MarkerSubrangeStyle::operator!= const): Deleted.
            Comparing MarkerSubrangeStyle objects should be performed using the appropriate
            are*MarkerSubrangeStylesEqual() non-member function.

            * rendering/InlineTextBox.h:
            * rendering/MarkerSubrange.cpp:
            (WebCore::subdivide): Remove overlap strategy FrontmostWithLongestEffectiveRange
            as this strategy is now implemented by InlineTextBox::subdivideAndResolveStyle() and
            InlineTextBox::coalesceAdjacentSubranges() that compute the set of frontmost subranges and
            coalesces adjacent subranges with the same style into the longest effective subrange,
            respectively. Unlike WebCore::subdivide(), InlineTextBox knows what the base style should
            be for the subranges and can more aggressively coalesce adjacent subranges of different
            types that have the same visual style.
            * rendering/MarkerSubrange.h:

2018-01-25  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227430. rdar://problem/36873610

    2018-01-23  Simon Fraser  <simon.fraser@apple.com>

            Element with position:fixed stops scrolling at the bottom of the page, but is painted in the right place on Chacos.com.
            https://bugs.webkit.org/show_bug.cgi?id=181741
            rdar://problem/36593581

            Reviewed by Tim Horton.

            The #ifdef for iOS was wrong; on iOS, visibleSize() is in content coordinates and matches
            unscaledDocumentRect, so there's no need to scale it. Doing so computed the wrong unscaledMaximumScrollPosition
            which broke hit-testing when the document minimum scale was > 1.

            Test: fast/visual-viewport/ios/min-scale-greater-than-one.html

            * page/FrameView.cpp:
            (WebCore::FrameView::unscaledMaximumScrollPosition const):

2018-01-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227581. rdar://problem/36846010

    2018-01-24  Youenn Fablet  <youenn@apple.com>

            Opaque being-loaded responses should clone their body
            https://bugs.webkit.org/show_bug.cgi?id=182056

            Reviewed by Brady Eidson.

            Test: http/wpt/service-workers/clone-opaque-being-loaded-response.https.html

            When cloning a being-loaded response, make sure we create a ReadableStream.
            Before the patch, the readableStream was not created in that case for opaque responses.

            * Modules/fetch/FetchBodyOwner.cpp:
            (WebCore::FetchBodyOwner::readableStream):
            (WebCore::FetchBodyOwner::createReadableStream):
            * Modules/fetch/FetchBodyOwner.h:
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::clone):

2018-01-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227531. rdar://problem/36830355

    2018-01-24  Youenn Fablet  <youenn@apple.com>

            Fetch response should copy its url from the request if null
            https://bugs.webkit.org/show_bug.cgi?id=182048

            Reviewed by Chris Dumez.

            No change of behavior.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::responseReceived): Add assertion to check that the response URL is not null.

2018-01-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227525. rdar://problem/36830360

    2018-01-24  Antti Koivisto  <antti@apple.com>

            RenderBlockRareData::m_enclosingFragmentedFlow should be WeakPtr
            https://bugs.webkit.org/show_bug.cgi?id=182045
            <rdar://problem/36334787>

            Reviewed by Zalan Bujtas.

            For safety.

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::cachedEnclosingFragmentedFlow const):
            (WebCore::RenderBlock::updateCachedEnclosingFragmentedFlow const):
            (WebCore::RenderBlock::locateEnclosingFragmentedFlow const):

2018-01-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227524. rdar://problem/36830369

    2018-01-23  Dean Jackson  <dino@apple.com>

            REGRESSION (r222961?): sRGB images shown in WebGL are over-saturated on a wide gamut monitor
            https://bugs.webkit.org/show_bug.cgi?id=182033
            <rdar://problem/36377780>

            Reviewed by Antoine Quint.

            My fix for YouTube360 changed the way we composite WebGL on macOS. Unfortunately it dropped
            a flag telling the compositor the colorspace of the content should be sRGB. Reinstate this
            by explicitly setting the colorspace on the IOSurface we use for WebGL back buffers.

            This *should* be covered by the test in:
            fast/canvas/webgl/match-page-color-space.html
            ... however, it shows a problem with our testing infrastructure. As long as it is not
            testing on a Wide Gamut display, and explicitly setting the color profile, an automated
            test won't pick up this regression. I could add an Internals helper to query the colorspace
            of the WebGL content, but that doesn't actually verify the composited result, which is
            all that matters.

            * platform/graphics/cocoa/WebGLLayer.mm:
            (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):

2018-01-24  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227479. rdar://problem/36830349

    2018-01-23  Wenson Hsieh  <wenson_hsieh@apple.com>

            Harden against layout passes triggered when iterating through HTMLFormElement::associatedElements
            https://bugs.webkit.org/show_bug.cgi?id=182037
            <rdar://problem/36747812>

            Reviewed by Ryosuke Niwa.

            Observe that HTMLFormElement::associatedElements returns a const reference to a Vector of raw
            FormAssociatedElement pointers. In various call sites that iterate through these associated elements using this
            function, some require synchronous layout updates per iteration, which can lead to a bad time when combined with
            the first observation.

            To address this, we introduce HTMLFormElement::copyAssociatedElementsVector. This returns a new vector
            containing strong Refs to each associated element. From each call site that may trigger synchronous layout and
            execute arbitrary script while iterating over associated form elements, we instead use iterate over protected
            FormAssociatedElements.

            From each call site that currently doesn't (and shouldn't) require a layout update, we use the old version that
            returns a list of raw FormAssociatedElement pointers, but add ScriptDisallowedScopes to ensure that we never
            execute script there in the future.

            Test: fast/forms/form-data-associated-element-iteration.html

            * html/DOMFormData.cpp:
            (WebCore::DOMFormData::DOMFormData):

            Change to use copyAssociatedElementsVector().

            * html/FormController.cpp:
            (WebCore::recordFormStructure):
            (WebCore::FormController::restoreControlStateIn):

            Change to use copyAssociatedElementsVector().

            * html/HTMLFieldSetElement.cpp:
            (WebCore::HTMLFieldSetElement::copyAssociatedElementsVector const):
            (WebCore:: const):
            (WebCore::HTMLFieldSetElement::length const):

            Refactor to use unsafeAssociatedElements().

            * html/HTMLFieldSetElement.h:
            * html/HTMLFormControlsCollection.cpp:
            (WebCore:: const):
            (WebCore::HTMLFormControlsCollection::copyFormControlElementsVector const):
            (WebCore::HTMLFormControlsCollection::customElementAfter const):
            (WebCore::HTMLFormControlsCollection::updateNamedElementCache const):

            Refactor these to use unsafeAssociatedElements().

            * html/HTMLFormControlsCollection.h:
            * html/HTMLFormElement.cpp:
            (WebCore::HTMLFormElement::unsafeAssociatedElements const):
            (WebCore::HTMLFormElement::copyAssociatedElementsVector const):
            * html/HTMLFormElement.h:
            * loader/FormSubmission.cpp:
            (WebCore::FormSubmission::create):

            Refactor to use copyAssociatedElementsVector().

2018-01-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227457. rdar://problem/36807161

    2018-01-23  Eric Carlson  <eric.carlson@apple.com>

            Resign NowPlaying status when no media element is eligible
            https://bugs.webkit.org/show_bug.cgi?id=181914
            <rdar://problem/35294116>

            Reviewed by Jer Noble.

            Updated API test.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::removedFromAncestor): Call mediaSession->clientCharacteristicsChanged
            so NowPlaying status will be updated.

            * html/MediaElementSession.cpp:
            (WebCore::MediaElementSession::playbackPermitted const): Return early when the media
            element has been suspended.
            (WebCore::MediaElementSession::canShowControlsManager const): Return false when being queried
            for NowPlaying status in an inactive document or when element has been suspended.
            (WebCore::isMainContentForPurposesOfAutoplay): Return early if it isn't safe to update
            style because HitTest can force a layout.
            (WebCore::MediaElementSession::updateIsMainContent const): Ditto.

            * platform/audio/PlatformMediaSessionManager.cpp:
            (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Implement in for all
            ports.
            * platform/audio/PlatformMediaSessionManager.h:
            (WebCore::PlatformMediaSessionManager::registeredAsNowPlayingApplication const):
            * platform/audio/ios/MediaSessionManagerIOS.h:
            * platform/audio/mac/MediaSessionManagerMac.h:
            * platform/audio/mac/MediaSessionManagerMac.mm:
            (WebCore::MediaSessionManagerMac::updateNowPlayingInfo): Call MRMediaRemoteSetCanBeNowPlayingApplication
            whenever status changes.
            (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Deleted, implemented
            in the base class.

2018-01-23  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227425. rdar://problem/36791667

    2018-01-23  Brady Eidson  <beidson@apple.com>

            Allow passing MessagePorts across processes (e.g. ServiceWorkers).
            https://bugs.webkit.org/show_bug.cgi?id=181178

            Reviewed by Andy Estes.

            Test: http/tests/workers/service/basic-messageport.html

            * dom/MessagePort.cpp:
            (WebCore::MessagePort::MessagePort):
            (WebCore::MessagePort::~MessagePort):

            * dom/messageports/MessagePortChannel.cpp:
            (WebCore::MessagePortChannel::entanglePortWithProcess):
            * dom/messageports/MessagePortChannel.h:

            * workers/service/SWClientConnection.cpp:
            (WebCore::SWClientConnection::postMessageToServiceWorkerClient):
            * workers/service/SWClientConnection.h:

            * workers/service/ServiceWorker.cpp:
            (WebCore::ServiceWorker::postMessage):

            * workers/service/ServiceWorkerClient.cpp:
            (WebCore::ServiceWorkerClient::postMessage):

            * workers/service/context/SWContextManager.cpp:
            (WebCore::SWContextManager::postMessageToServiceWorker):
            * workers/service/context/SWContextManager.h:

2018-01-23  Jason Marcell  <jmarcell@apple.com>

        Revert r227216. rdar://problem/36722508

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227351. rdar://problem/36746029

    2018-01-22  Ryosuke Niwa  <rniwa@webkit.org>

            Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011
            https://bugs.webkit.org/show_bug.cgi?id=181616
            <rdar://problem/36484908>

            Reviewed by Wenson Hsieh.

            The bug was caused by WebContentReader::readHTML and WebContentMarkupReader::readHTML not sanitizing plain HTML string
            as done for web archives even when custom pasteboard data is enabled. Fixed the bug by doing the sanitization.

            Unfortunately, we can't make file URLs available in this case because WebContent process doesn't have sandbox extensions
            to access local files referenced by the HTML source in the clipboard, and we can't make WebContent process request for
            a sandbox extension¸on an arbitrary local file, as it would defeat the whole point of sandboxing.

            Instead, we strip away all HTML attributes referencing a URL whose scheme is not HTTP, HTTPS, or data when sanitizing
            text/html from the clipboard to avoid exposing local file paths, which can reveal privacy & security sensitive data
            such as the user's full name, and the location of private containers of other applications in the system.

            Tests: PasteHTML.DoesNotSanitizeHTMLWhenCustomPasteboardDataIsDisabled
                   PasteHTML.DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled
                   PasteHTML.ExposesHTMLTypeInDataTransfer
                   PasteHTML.KeepsHTTPURLs
                   PasteHTML.SanitizesHTML
                   PasteHTML.StripsFileURLs

            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs.
            (WebCore::WebContentMarkupReader::readHTML): Ditto.
            * editing/markup.cpp:
            (WebCore::removeSubresourceURLAttributes): Added.
            (WebCore::sanitizeMarkup): Added.
            * editing/markup.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227357. rdar://problem/36763204

    2018-01-22  Per Arne Vollan  <pvollan@apple.com>

            [Win] Null pointer crash under WebCore::RenderStyle::colorIncludingFallback.
            https://bugs.webkit.org/show_bug.cgi?id=181801
            <rdar://problem/35614900>

            Reviewed by Brent Fulgham.

            Do not paint synchronously when popup items have been added or changed while the popup is visible.
            If new popup items have been added after the popup was shown, a synchronous paint operation will
            possibly access their style before it is ready, leading to a null pointer crash. The invalidated
            area will be painted asynchronously.

            No new tests. To reproduce this crash, it is necessary to open a popup with JavaScript, add new
            popup items, and then end the test. Opening the popup can be done by sending a mousedown event
            with the eventsender. However, on Windows the mousedown event is sent synchronously, and will
            block as long as the popup is open and running the popup event loop. This means no JS can be
            executed until the popup is closed, causing the test to always time out before new popup items
            can be added. I have verified the fix with a manual test case.

            * platform/win/PopupMenuWin.cpp:
            (WebCore::PopupMenuWin::updateFromElement):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227353. rdar://problem/36763011

    2018-01-22  Chris Dumez  <cdumez@apple.com>

            RELEASE_ASSERT(registration) hit in SWServer::installContextData(const ServiceWorkerContextData&)
            https://bugs.webkit.org/show_bug.cgi?id=181941
            <rdar://problem/36744892>

            Reviewed by Youenn Fablet.

            Make sure we clear SWServer::m_pendingContextDatas & SWServer::m_pendingJobs as needed
            when clearing Website data. Otherwise, we will hit assertion when those gets processed
            after the connection to the SW process has been established (not to mentioned we failed
            to clear some in-memory data even though the user asked us to).

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::clearAll):
            (WebCore::SWServer::clear):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227277. rdar://problem/36763214

    2018-01-21  Andy Estes  <aestes@apple.com>

            [ios] LayoutTest imported/w3c/web-platform-tests/payment-request/rejects_if_not_active.https.html is crashing in JSC::JSONParse
            https://bugs.webkit.org/show_bug.cgi?id=177832
            <rdar://problem/34805315>

            Reviewed by Tim Horton.

            Test: http/tests/paymentrequest/rejects_if_not_active.https.html

            * Modules/paymentrequest/PaymentRequest.cpp:
            (WebCore::PaymentRequest::show): Rejected promise if the document is not active.

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227340. rdar://problem/36746140

    2018-01-22  Brady Eidson  <beidson@apple.com>

            In WebKit2, make the MessagePortChannelRegistry live in the UI process.
            https://bugs.webkit.org/show_bug.cgi?id=181922

            Reviewed by Andy Estes.

            No new tests (Refactor, no behavior change)

            Add encoder/decoders and EXPORT a whole bunch of stuff.

            * WebCore.xcodeproj/project.pbxproj:

            * dom/MessagePort.h:

            * dom/messageports/MessagePortChannel.cpp:
            (WebCore::MessagePortChannel::processForPort):
            * dom/messageports/MessagePortChannel.h:

            * dom/messageports/MessagePortChannelProvider.h:
            * dom/messageports/MessagePortChannelRegistry.h:

            * dom/messageports/MessageWithMessagePorts.h:
            (WebCore::MessageWithMessagePorts::encode const):
            (WebCore::MessageWithMessagePorts::decode):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227275. rdar://problem/36745983

    2018-01-20  Brady Eidson  <beidson@apple.com>

            Make garbage collection of MessagePort objects be asynchronous.
            https://bugs.webkit.org/show_bug.cgi?id=181910

            Reviewed by Andy Estes.

            No new tests (Covered by existing tests, including GC-specific ones).

            The basic premise here is as follows:
            - You can *always* GC a MessagePort that is closed
            - You can *always* GC a MessagePort that has no onmessage handler, as incoming messages cannot
              possibly revive it.
            - You can GC a MessagePort, even if it has a message handler, as long as there are no messages
              in flight between it and the remote port, and as long as the remote port is "maybe eligible for GC."

            A MessagePort is considered "maybe eligible for GC" once hasPendingActivity is asked once.

            A MessagePort loses "maybe eligible for GC" status once it is used for sending or receiving a message.

            The changes to MessagePort.cpp implement the above with a tiny little bool-driven state machine.
            * dom/MessagePort.cpp:
            (WebCore::MessagePort::postMessage):
            (WebCore::MessagePort::disentangle):
            (WebCore::MessagePort::registerLocalActivity):
            (WebCore::MessagePort::start):
            (WebCore::MessagePort::close):
            (WebCore::MessagePort::contextDestroyed):
            (WebCore::MessagePort::dispatchMessages):
            (WebCore::MessagePort::hasPendingActivity const):
            (WebCore::MessagePort::isLocallyReachable const):
            (WebCore::MessagePort::addEventListener):
            (WebCore::MessagePort::removeEventListener):
            * dom/MessagePort.h:

            - Remove the lock and any background-thread code paths
            - Add ASSERT(isMainThread())s throughout
            * dom/messageports/MessagePortChannel.cpp:
            (WebCore::MessagePortChannel::MessagePortChannel):
            (WebCore::MessagePortChannel::includesPort):
            (WebCore::MessagePortChannel::entanglePortWithProcess):
            (WebCore::MessagePortChannel::disentanglePort):
            (WebCore::MessagePortChannel::closePort):
            (WebCore::MessagePortChannel::postMessageToRemote):
            (WebCore::MessagePortChannel::takeAllMessagesForPort):
            (WebCore::MessagePortChannel::checkRemotePortForActivity):
            (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
            * dom/messageports/MessagePortChannel.h:

            Add a callback for a MessagePortChannel to go ask the remote MessagePort object about local activity:
            * dom/messageports/MessagePortChannelProvider.h:
            * dom/messageports/MessagePortChannelProviderImpl.cpp:
            (WebCore::MessagePortChannelProviderImpl::checkRemotePortForActivity):
            (WebCore::MessagePortChannelProviderImpl::checkProcessLocalPortForActivity):
            (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync): Deleted.
            * dom/messageports/MessagePortChannelProviderImpl.h:

            - Remove the lock and any background-thread code paths
            - Add ASSERT(isMainThread())s throughout
            * dom/messageports/MessagePortChannelRegistry.cpp:
            (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
            (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
            (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
            (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
            (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
            (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
            (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
            (WebCore::MessagePortChannelRegistry::checkRemotePortForActivity):
            (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
            (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): Deleted.
            * dom/messageports/MessagePortChannelRegistry.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227282. rdar://problem/36746077

    2018-01-21  Ryosuke Niwa  <rniwa@webkit.org>

            Turning off custom pasteboard data doesn't actually turn it off in WK2
            https://bugs.webkit.org/show_bug.cgi?id=181920
            <rdar://problem/36686429>

            Reviewed by Wenson Hsieh.

            Replaced the global settings for custom pasteboard data by regular runtime enabled flags.

            * dom/DataTransfer.cpp:
            (WebCore::DataTransfer::getDataForItem const):
            (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
            (WebCore::DataTransfer::setDataFromItemList):
            (WebCore::DataTransfer::types const):
            (WebCore::DataTransfer::commitToPasteboard):
            * dom/DataTransferItemList.cpp:
            (WebCore::shouldExposeTypeInItemList):
            * editing/Editor.cpp:
            (WebCore::createDataTransferForClipboardEvent):
            * editing/cocoa/WebContentReaderCocoa.mm:
            (WebCore::createFragmentAndAddResources):
            (WebCore::WebContentReader::readWebArchive):
            * page/DeprecatedGlobalSettings.cpp:
            (WebCore::DeprecatedGlobalSettings::defaultCustomPasteboardDataEnabled): Deleted.
            * page/DeprecatedGlobalSettings.h:
            (WebCore::DeprecatedGlobalSettings::setCustomPasteboardDataEnabled): Deleted.
            (WebCore::DeprecatedGlobalSettings::customPasteboardDataEnabled): Deleted.
            * page/RuntimeEnabledFeatures.h:
            (WebCore::RuntimeEnabledFeatures::setCustomPasteboardDataEnabled):
            (WebCore::RuntimeEnabledFeatures::customPasteboardDataEnabled const):
            * testing/InternalSettings.cpp:
            (WebCore::InternalSettings::Backup::Backup):
            (WebCore::InternalSettings::Backup::restoreTo):
            (WebCore::InternalSettings::setCustomPasteboardDataEnabled):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227339. rdar://problem/36745908

    2018-01-22  Youenn Fablet  <youenn@apple.com>

            Fetch Headers from an Opaque response should be filtered out
            https://bugs.webkit.org/show_bug.cgi?id=181926

            Reviewed by Chris Dumez.

            Covered by updated test.

            Refactor to use the same FetchResponse::create for Cache API and cloning.
            In this method, ensure that response and headers are filtered correctly according response tainting.
            Make also sure that synthetic responses do not get filtered (not needed since created by JavaScript).

            Introduce helper routine to set the header map of a resource response.
            Use this routine when cloning a synthetic response as in that case, m_internalResponse has no header at all.

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::updateRecords):
            * Modules/fetch/FetchResponse.cpp:
            (WebCore::FetchResponse::create):
            (WebCore::FetchResponse::clone):
            * Modules/fetch/FetchResponse.h:
            * platform/network/ResourceResponseBase.cpp:
            (WebCore::ResourceResponseBase::setHTTPHeaderFields):
            * platform/network/ResourceResponseBase.h:
            * testing/ServiceWorkerInternals.cpp:
            (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227343. rdar://problem/36746168

    2018-01-22  Antti Koivisto  <antti@apple.com>

            REGRESSION(r224535): Can't write reviews in the App Store
            https://bugs.webkit.org/show_bug.cgi?id=181936
            <rdar://problem/36670246>

            Reviewed by Zalan Bujtas.

            * page/LayoutContext.cpp:
            (WebCore::LayoutContext::updateStyleForLayout):

            r224535 was about media queries but it also removed a seemingly spurious call to SyleScope::didChangeStyleSheetEnvironment
            from the path that does not involve media queries.
            Turns out UITextContentView somehow depended on it, so revert this specific change.

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227346. rdar://problem/36746149

    2018-01-22  Antti Koivisto  <antti@apple.com>

            REGRESSION (Safari 11): Buttons inside a fieldset legend cannot be clicked on in Safari 11
            https://bugs.webkit.org/show_bug.cgi?id=179666
            <rdar://problem/35534292>

            Reviewed by Zalan Bujtas.

            The legend element of a fieldset is in the border area, outside the clip rect.
            With overflow:hidden mouse events won't reach it.

            Test case by Dhaya Benmessaoud.

            Test: fast/forms/legend-overflow-hidden-hit-test.html

            * rendering/RenderBlock.cpp:
            (WebCore::RenderBlock::nodeAtPoint):
            (WebCore::RenderBlock::hitTestExcludedChildrenInBorder):

            Add a special case to hit testing to handle legend, similarly to what is done for painting.

            * rendering/RenderBlock.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227348. rdar://problem/36746180

    2018-01-22  Youenn Fablet  <youenn@apple.com>

            Safari Tech Preview can't use GitHub login at forums.swift.org
            https://bugs.webkit.org/show_bug.cgi?id=181908
            <rdar://problem/36715111>

            Reviewed by Chris Dumez.

            Test: http/wpt/service-workers/navigation-redirect.https.html

            For subresource loads, redirections will not change who is in charge of continuing the load (service worker or network process).
            For navigation loads, we need to match the registration for every redirection since this is using the Manual redirect mode.
            This allows starting the load with a service worker and finishing the load with another service worker, which will become the controller.

            Implement this by wrapping the registration matching of an URL within DocumentLoader::matchRegistration.
            Use that method in DocumentLoader::redirectReceived.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::matchRegistration):
            (WebCore::doRegistrationsMatch):
            (WebCore::DocumentLoader::redirectReceived):
            (WebCore::DocumentLoader::startLoadingMainResource):
            * loader/DocumentLoader.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227213. rdar://problem/36722644

    2018-01-19  Jonathan Bedard  <jbedard@apple.com>

            Unreviewed build fix, remove unused lambda captures.

            * dom/messageports/MessagePortChannel.cpp:
            (WebCore::MessagePortChannel::takeAllMessagesForPort):
            * dom/messageports/MessagePortChannelRegistry.cpp:
            (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227190. rdar://problem/36722644

    2018-01-18  Brady Eidson  <beidson@apple.com>

            Make in-process MessagePorts be (mostly) asynchronous
            https://bugs.webkit.org/show_bug.cgi?id=181454

            Reviewed by Alex Christensen.

            No new tests (Covered *brutally* by existing tests)

            Part of making MessagePorts be a thing we can pass across processes is making them work async.

            The existing "MessagePortChannel" method of abstraction was not cut out for this.
            This patch gets rid of MessagePortChannel and adds a new MessagePortChannelProvider abstraction.
            It then gets the new machinery working in-process (with some pieces of out-of-process in place)

            One synchronous behavior this patch maintains is the hasPendingActivity() check used to support GC.
            That will (creatively) be made async in the next followup.

            More generally from MessagePorts, this patch also adds a "MessageWithMessagePorts" object to be used
            with all forms of postMessage(). Much better.

            * CMakeLists.txt:
            * Sources.txt:
            * WebCore.xcodeproj/project.pbxproj:

            * dom/InProcessMessagePortChannel.cpp: Removed.
            * dom/InProcessMessagePortChannel.h: Removed.
            * dom/MessagePortChannel.cpp: Removed.
            * dom/MessagePortChannel.h: Removed.

            * dom/MessageChannel.cpp:
            (WebCore::MessageChannel::create):
            (WebCore::MessageChannel::MessageChannel):
            (WebCore::m_port2): Deleted.
            * dom/MessageChannel.h:
            (WebCore::MessageChannel::create): Deleted.

            * dom/MessagePort.cpp:
            (WebCore::MessagePort::create):
            (WebCore::MessagePort::MessagePort):
            (WebCore::MessagePort::~MessagePort):
            (WebCore::MessagePort::entangle):
            (WebCore::MessagePort::postMessage):
            (WebCore::MessagePort::disentangle):
            (WebCore::MessagePort::messageAvailable):
            (WebCore::MessagePort::start):
            (WebCore::MessagePort::close):
            (WebCore::MessagePort::contextDestroyed):
            (WebCore::MessagePort::dispatchMessages):
            (WebCore::MessagePort::hasPendingActivity const):
            (WebCore::MessagePort::locallyEntangledPort const):
            (WebCore::MessagePort::disentanglePorts):
            (WebCore::MessagePort::entanglePorts):
            (WebCore::MessagePort::entangleWithRemote): Deleted.
            * dom/MessagePort.h:

            * dom/MessagePortIdentifier.h:
            (WebCore::MessagePortIdentifier::logString const):

            * dom/ScriptExecutionContext.cpp:
            (WebCore::ScriptExecutionContext::processMessageWithMessagePortsSoon):
            (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
            (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon): Deleted.
            * dom/ScriptExecutionContext.h:

            Add a single object that represents two intertwined ports, tracks their pending
            messages, tracks which process they're in, etc etc:
            * dom/messageports/MessagePortChannel.cpp: Added.
            (WebCore::MessagePortChannel::create):
            (WebCore::MessagePortChannel::MessagePortChannel):
            (WebCore::MessagePortChannel::~MessagePortChannel):
            (WebCore::MessagePortChannel::includesPort):
            (WebCore::MessagePortChannel::entanglePortWithProcess):
            (WebCore::MessagePortChannel::disentanglePort):
            (WebCore::MessagePortChannel::closePort):
            (WebCore::MessagePortChannel::postMessageToRemote):
            (WebCore::MessagePortChannel::takeAllMessagesForPort):
            (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
            * dom/messageports/MessagePortChannel.h: Added.
            (WebCore::MessagePortChannel::port1 const):
            (WebCore::MessagePortChannel::port2 const):
            (WebCore::MessagePortChannel::logString const):

            Abstraction for creating and operating on MessagePorts in a potentially cross-process way:
            * dom/messageports/MessagePortChannelProvider.cpp: Added.
            (WebCore::MessagePortChannelProvider::singleton):
            (WebCore::MessagePortChannelProvider::setSharedProvider):
            * dom/messageports/MessagePortChannelProvider.h: Added.
            (WebCore::MessagePortChannelProvider::~MessagePortChannelProvider):

            Adds a concrete implementation of that provider to be used in-process (e.g. WK1):
            * dom/messageports/MessagePortChannelProviderImpl.cpp: Added.
            (WebCore::MessagePortChannelProviderImpl::~MessagePortChannelProviderImpl):
            (WebCore::MessagePortChannelProviderImpl::performActionOnAppropriateThread):
            (WebCore::MessagePortChannelProviderImpl::createNewMessagePortChannel):
            (WebCore::MessagePortChannelProviderImpl::entangleLocalPortInThisProcessToRemote):
            (WebCore::MessagePortChannelProviderImpl::messagePortDisentangled):
            (WebCore::MessagePortChannelProviderImpl::messagePortClosed):
            (WebCore::MessagePortChannelProviderImpl::postMessageToRemote):
            (WebCore::MessagePortChannelProviderImpl::takeAllMessagesForPort):
            (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync):
            * dom/messageports/MessagePortChannelProviderImpl.h: Added.

            Adds a main thread object to handle the set of all MessagePortChannels that are open.
            For now it lives in the WebProcess, but for out-of-process it will live in the UIProcess:
            * dom/messageports/MessagePortChannelRegistry.cpp: Added.
            (WebCore::MessagePortChannelRegistry::~MessagePortChannelRegistry):
            (WebCore::MessagePortChannelRegistry::didCreateMessagePortChannel):
            (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
            (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
            (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
            (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
            (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
            (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
            (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
            (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): This is named against style
              and weird on purpose - to call attention to how bad it is and how it's temporary.
            (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
            * dom/messageports/MessagePortChannelRegistry.h: Added.

            Add an object that represents a "SerializedScriptValue for the message payload and the ports
            that are being transferred along with that payload". This is used in all forms of postMessage():
            * dom/messageports/MessageWithMessagePorts.cpp: Added.
            * dom/messageports/MessageWithMessagePorts.h: Added.

            * page/DOMWindow.cpp:
            (WebCore::PostMessageTimer::PostMessageTimer):
            (WebCore::PostMessageTimer::event):
            (WebCore::DOMWindow::postMessage):

            * platform/Logging.h:

            * workers/DedicatedWorkerGlobalScope.cpp:
            (WebCore::DedicatedWorkerGlobalScope::postMessage):

            * workers/Worker.cpp:
            (WebCore::Worker::postMessage):

            * workers/WorkerGlobalScopeProxy.h:

            * workers/WorkerMessagingProxy.cpp:
            (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
            (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
            * workers/WorkerMessagingProxy.h:

            * workers/WorkerObjectProxy.h:

            * workers/service/ServiceWorker.cpp:
            (WebCore::ServiceWorker::postMessage):

            * workers/service/ServiceWorkerClient.cpp:
            (WebCore::ServiceWorkerClient::postMessage):

            * workers/service/context/SWContextManager.cpp:
            (WebCore::SWContextManager::postMessageToServiceWorker):

            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::fireMessageEvent):
            (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
            * workers/service/context/ServiceWorkerThread.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227176. rdar://problem/36723030

    2018-01-18  Ryan Haddad  <ryanhaddad@apple.com>

            Unreviewed build fix, removed unused lambda capture.

            * workers/service/context/SWContextManager.cpp:
            (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227174. rdar://problem/36723030

    2018-01-18  Chris Dumez  <cdumez@apple.com>

            We should be able to terminate service workers that are unresponsive
            https://bugs.webkit.org/show_bug.cgi?id=181563
            <rdar://problem/35280031>

            Reviewed by Alex Christensen.

            Test: http/tests/workers/service/postmessage-after-terminating-hung-worker.html

            * workers/service/context/SWContextManager.cpp:
            (WebCore::SWContextManager::terminateWorker):
            Before calling WorkerThread::stop(), set a timer with the given timeout parameter.
            If the worker thread has not stopped when the timer fires, forcefully exit the
            service worker process. The StorageProcess will take care of relaunching the
            service worker process if it exits abruptly.

            (WebCore::SWContextManager::serviceWorkerFailedToTerminate):
            Log error message if we failed to terminate a service worker and call exit().

            (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):

            * workers/service/context/SWContextManager.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227280. rdar://problem/36722450

    2018-01-19  Ryosuke Niwa  <rniwa@webkit.org>

            Release assertion in canExecuteScript when executing scripts during page cache restore
            https://bugs.webkit.org/show_bug.cgi?id=181902

            Reviewed by Antti Koivisto.

            The crash was caused by an erroneous instantiation of ScriptDisallowedScope::InMainThread in CachedPage::restore.
            It can execute arbitrary scripts since CachedFrame::open can update style, layout, and evaluate media queries.

            This is fine because there is no way to put this page back into a page cache until the load is commited via
            FrameLoader::commitProvisionalLoad is invoked later which only happens after CachedPage::restore had exited.

            Also added a release assert to make sure this condition holds.

            Tests: fast/history/page-cache-execute-script-during-restore.html
                   fast/history/page-cache-navigate-during-restore.html

            * history/CachedPage.cpp:
            (WebCore::CachedPageRestorationScope::CachedPageRestorationScope): Added.
            (WebCore::CachedPageRestorationScope::~CachedPageRestorationScope): Added.
            (WebCore::CachedPage::restore): Don't instantiate ScriptDisallowedScope::InMainThread. Set isRestoringCachedPage
            on the cached pate to release-assert that there won't be any attempt to put this very page back into the cache.
            * history/PageCache.cpp:
            (WebCore::canCachePage): Added a release assert to make sure the page which is in the process of being restored
            from the page cache is not put into the page cache.
            * page/Page.h:
            (WebCore::Page::setIsRestoringCachedPage): Added.
            (WebCore::Page::isRestoringCachedPage const): Added.

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227278. rdar://problem/36722580

    2018-01-21  Jer Noble  <jer.noble@apple.com>

            REGRESSION (macOS 10.13.2): imported/w3c/web-platform-tests/media-source/mediasource-* LayoutTests failing
            https://bugs.webkit.org/show_bug.cgi?id=181891

            Reviewed by Eric Carlson.

            In macOS 10.13.2, CoreMedia changed the definition of CMSampleBufferGetDuration() to return
            the presentation duration rather than the decode duration. For media streams where those two
            durations are identical (or at least, closely similar), this isn't a problem. But the media
            file used in the WPT tests have an unusual frame cadence: decode durations go {3000, 1, 5999,
            1, 5999,...} and presentation durations go {3000, 2999, 3000, 2999}. This caused one check in
            the "Coded Frame Processing" algorithm to begin failing, where it checks that the delta
            between the last sample's decode time and the new decode time is no more than 2x as far as
            the last sample's duration. That's not a problem as long as the "duration" is the "decode
            duration" and the samples are all adjacent. Once the "duration" is "presentation duration",
            all the assumptions in the algorithm are invalidated. In the WPT test case, the delta between
            decode times is 5999, and 2 * the presentation duration is 5998, causing all samples up to
            the next sync sample to be dropped.

            To work around this change in behavior, we'll adopt the same technique used by Mozilla's MSE
            implementation, which was done for similar reasons. Rather than track the "last frame duration",
            we'll record the "greatest frame duration", and use actual decode timestamps to derive this
            duration. The "greatest frame duration" field will be reset at the same times as "last frame
            duration", and will be used only in the part of the algorithm that checks for large decode
            timestamp gaps.

            * Modules/mediasource/SourceBuffer.cpp:
            (WebCore::SourceBuffer::TrackBuffer::TrackBuffer):
            (WebCore::SourceBuffer::resetParserState):
            (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227274. rdar://problem/36722660

    2018-01-20  Andy Estes  <aestes@apple.com>

            [Apple Pay] Stop eagerly loading PassKit.framework
            https://bugs.webkit.org/show_bug.cgi?id=181911
            <rdar://problem/36555369>

            Reviewed by Tim Horton.

            r226458 and r226123 added code that caused PassKit.framework to be eagerly loaded when
            initializing a WKWebView. This is costly and should only be done when Apple Pay is first used.

            To avoid eagerly loading PassKit, this patch does two things:

            1. Instead of sending the available payment networks as part of WebPageCreationParameters,
            PaymentCoordinator asks for them using a syncrhonous message the first time they are needed.
            2. Instead of setting the Apple Pay preference to false when PassKit can't be loaded,
            the following API entry points check for a missing PassKit and return false, or throw
            exceptions, or reject promises:
                - ApplePaySession.canMakePayments()
                - ApplePaySession.canMakePaymentsWithActiveCard()
                - ApplePaySession.openPaymentSetup()
                - ApplePaySession.begin()

            No new tests for (1), which causes no change in behavior. (2) was manually verified by
            locally moving aside PassKit.framework, but that's not possible to do in an automated test.

            * Modules/applepay/PaymentCoordinator.cpp:
            (WebCore::PaymentCoordinator::PaymentCoordinator):
            (WebCore::PaymentCoordinator::validatedPaymentNetwork const):
            (WebCore::toHashSet): Deleted.
            * Modules/applepay/PaymentCoordinator.h:
            * Modules/applepay/PaymentCoordinatorClient.h:
            * loader/EmptyClients.cpp:
            * page/MainFrame.cpp:
            (WebCore::MainFrame::MainFrame):

            Removed PaymentCoordinator::m_availablePaymentNetworks and made
            PaymentCoordinator::validatedPaymentNetwork() call
            PaymentCoordinatorClient::validatedPaymentNetwork() instead.

            * page/PageConfiguration.h:

            Removed availablePaymentNetworks from PageConfiguration.

            * testing/Internals.cpp:
            (WebCore::Internals::Internals):
            * testing/MockPaymentCoordinator.cpp:
            (WebCore::MockPaymentCoordinator::validatedPaymentNetwork):
            * testing/MockPaymentCoordinator.h:

            Implemented PaymentCoordinatorClient::validatedPaymentNetwork().

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227272. rdar://problem/36722635

    2018-01-20  Jer Noble  <jer.noble@apple.com>

            Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
            https://bugs.webkit.org/show_bug.cgi?id=181840
            <rdar://problem/36186214>

            Reviewed by Simon Fraser.

            Test: media/video-fullscreen-reload-crash.html

            Short circuit play() or pause() operations if the document is suspended or stopped.

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::playInternal):
            (WebCore::HTMLMediaElement::pauseInternal):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227270. rdar://problem/36722650

    2018-01-20  Youenn Fablet  <youenn@apple.com>

            fetch redirect is incompatible with "no-cors" mode
            https://bugs.webkit.org/show_bug.cgi?id=181866
            <rdar://problem/35827140>

            Reviewed by Chris Dumez.

            Covered by updated tests.

            Return a network error when no-cors mode and redirect mode is manual or error.
            Update preflight implementation to no longer use manual redirect mode to simulate https://fetch.spec.whatwg.org/#http-network-or-cache-fetch.
            Instead implement redirectReceived callback to treat any redirect response as the preflight response.

            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::canRequest):
            * loader/CrossOriginPreflightChecker.cpp:
            (WebCore::CrossOriginPreflightChecker::redirectReceived):
            (WebCore::CrossOriginPreflightChecker::startPreflight):
            * loader/CrossOriginPreflightChecker.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227266. rdar://problem/36723017

    2018-01-19  Wenson Hsieh  <wenson_hsieh@apple.com>

            [macOS] [WK2] Drag location is computed incorrectly when dragging content from subframes
            https://bugs.webkit.org/show_bug.cgi?id=181896
            <rdar://problem/35479043>

            Reviewed by Tim Horton.

            In r218837, I packaged most of the information needed to start a drag into DragItem, which is propagated to the client layer
            via the startDrag codepath. However, this introduced a bug in computing the event position and drag location in window
            coordinates. Consider the case where we're determining the drag image offset for a dragged element in a subframe:

            Before the patch, the drag location (which starts out in the subframe's content coordinates) would be converted to root view
            coordinates, which would then be converted to mainframe content coordinates, which would then be converted to window coordinates
            using the mainframe's view. After the patch, we carry out the same math until the last step, where we erroneously use the
            _subframe's_ view to convert to window coordinates from content coordinates. This results in the position of the iframe relative
            to the mainframe being accounted for twice.

            To fix this, we simply use the main frame's view to convert from mainframe content coordinates to window coordinates while
            computing the drag location. As for the event position in window coordinates, this is currently unused by any codepath in WebKit,
            so we can just remove it altogether.

            Since this bug only affects drag and drop in the macOS WebKit2 port, there's currently no way to test this. I'll be using
            <https://bugs.webkit.org/show_bug.cgi?id=181898> to track adding test support for drag and drop on macOS WebKit2. Manually tested
            dragging in both WebKit1 and WebKit2 on macOS. dragLocationInWindowCoordinates isn't used at all for iOS drag and drop.

            * page/DragController.cpp:
            (WebCore::DragController::doSystemDrag):
            * platform/DragItem.h:
            (WebCore::DragItem::encode const):
            (WebCore::DragItem::decode):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227245. rdar://problem/36722470

    2018-01-19  Youenn Fablet  <youenn@apple.com>

            Cache storage errors like Quota should trigger console messages
            https://bugs.webkit.org/show_bug.cgi?id=181879
            <rdar://problem/36669048>

            Reviewed by Chris Dumez.

            Covered by rebased test.

            * Modules/cache/DOMCache.cpp:
            (WebCore::DOMCache::retrieveRecords):
            (WebCore::DOMCache::batchDeleteOperation):
            (WebCore::DOMCache::batchPutOperation):
            * Modules/cache/DOMCacheEngine.cpp:
            (WebCore::DOMCacheEngine::errorToException):
            (WebCore::DOMCacheEngine::logErrorAndConvertToException):
            * Modules/cache/DOMCacheEngine.h:
            * Modules/cache/DOMCacheStorage.cpp:
            (WebCore::DOMCacheStorage::retrieveCaches):
            (WebCore::DOMCacheStorage::doOpen):
            (WebCore::DOMCacheStorage::doRemove):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227242. rdar://problem/36722539

    2018-01-19  Youenn Fablet  <youenn@apple.com>

            Do not go to the storage process when registering a service worker client if there is no service worker registered
            https://bugs.webkit.org/show_bug.cgi?id=181740
            <rdar://problem/36650400>

            Reviewed by Chris Dumez.

            Register a document as service worker client only if there is an existing service worker connection.
            This allows not creating any connection if no service worker is registered.

            Add internals API to test whether a service worker connection was created or not.
            This is used by API tests that cover the changes.

            * dom/Document.cpp:
            (WebCore::Document::privateBrowsingStateDidChange): No need to create a service worker connection if client is not registered yet.
            (WebCore::Document::setServiceWorkerConnection): No need to unregister/register if service worker connection is the same.
            Similarly, if Document is to be destroyed or suspended, we should not register it.
            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::commitData):
            * testing/Internals.cpp:
            (WebCore::Internals::hasServiceWorkerConnection):
            * testing/Internals.h:
            * testing/Internals.idl:
            * workers/service/ServiceWorkerProvider.cpp:
            (WebCore::ServiceWorkerProvider::registerServiceWorkerClients):
            * workers/service/ServiceWorkerProvider.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227240. rdar://problem/36722464

    2018-01-19  Dean Jackson  <dino@apple.com>

            REGRESSION (r221092): Swipe actions are hard to perform in FastMail app
            https://bugs.webkit.org/show_bug.cgi?id=181817
            <rdar://problem/35274055>

            Add a setting for controlling whether touch listeners are passive
            by default on document/window/body.

            Updated existing test.

            * dom/EventTarget.cpp:
            (WebCore::EventTarget::addEventListener):
            * page/Settings.yaml:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227238. rdar://problem/36722424

    2018-01-19  Daniel Bates  <dabates@apple.com>

            Update frame-ancestor directive to match Content Security Policy Level 3
            https://bugs.webkit.org/show_bug.cgi?id=178891
            <rdar://problem/35209458>

            Reviewed by Alex Christensen.

            Derived from Blink e667cc2e501fabab3605b838e4ee0d642a9c4a59:
            <https://chromium.googlesource.com/chromium/src.git/+/e667cc2e501fabab3605b838e4ee0d642a9c4a59>

            Update frame-ancestor directive to match against the origin of the ancestor document per the
            Content Security Policy Level 3 spec.: <https://w3c.github.io/webappsec-csp/> (15 January 2018).
            Specifically this change in behavior was made to CSP 3 in <https://github.com/w3c/webappsec/issues/311>.
            In earlier versions of the spec, the frame-ancestor directive matched against the URL of the
            ancestor document.

            Disregarding allow-same-origin sandboxed iframes, a document with policy "frame-ancestor 'self'"
            will be blocked from loading in a sandboxed iframe as a result of this change.

            Tests: http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-allow-same-origin-sandboxed-cross-url-allow.html
                   http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html

            * page/csp/ContentSecurityPolicyDirectiveList.cpp:
            (WebCore::checkFrameAncestors):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227225. rdar://problem/36722527

    2018-01-19  Joseph Pecoraro  <pecoraro@apple.com>

            AppCache: Log a Deprecation warning to the Console when AppCache is used
            https://bugs.webkit.org/show_bug.cgi?id=181778

            Reviewed by Alex Christensen.

            * html/HTMLHtmlElement.cpp:
            (WebCore::HTMLHtmlElement::insertedByParser):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227221. rdar://problem/36722533

    2018-01-19  Chris Dumez  <cdumez@apple.com>

            ASSERT(registration || isTerminating()) hit in SWServerWorker::skipWaiting()
            https://bugs.webkit.org/show_bug.cgi?id=181761
            <rdar://problem/36594564>

            Reviewed by Youenn Fablet.

            There is a short period of time, early in the registration process where a
            SWServerWorker object exists for a registration but is not in the registration's
            installing/waiting/active slots yet. As a result, if a registration is cleared
            during this period (for e.g. due to the user clearing all website data), that
            SWServerWorker will not be terminated. We then hit assertion later on when this
            worker is trying to do things (like call skipWaiting).

            To address the issue, we now keep a reference this SWServerWorker on the
            registration, via a new SWServerRegistration::m_preInstallationWorker data member.
            When the registration is cleared, we now take care of terminating this worker.

            No new tests, covered by existing tests that crash flakily in debug builds.

            * workers/WorkerThread.cpp:
            (WebCore::WorkerThread::stop):
            if the mutex is locked, then the worker thread is still starting. We spin the
            runloop and try to stop again later. This avoids the deadlock shown in
            Bug 181763 as the worker thread may need to interact with the main thread
            during startup.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::installContextData):
            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::scriptContextFailedToStart):
            (WebCore::SWServerJobQueue::install):
            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::~SWServerRegistration):
            (WebCore::SWServerRegistration::setPreInstallationWorker):
            (WebCore::SWServerRegistration::clear):
            * workers/service/server/SWServerRegistration.h:
            (WebCore::SWServerRegistration::preInstallationWorker const):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227220. rdar://problem/36722596

    2018-01-19  Chris Dumez  <cdumez@apple.com>

            Service worker registrations restored from disk may not be reused when the JS calls register() again
            https://bugs.webkit.org/show_bug.cgi?id=181810
            <rdar://problem/36591711>

            Reviewed by Youenn Fablet.

            The issue was that when restoring a registration from disk, we would not set its active worker right
            away. We only set it later in installContextData(). installContextData() is only called after we’ve
            launched the service worker process and established a connection to it.

            However, we would start processing jobs (such as registrations) before we’ve established the connection
            to the service worker process. SWServerJobQueue::runRegisterJob(), in order to reuse an existing
            registration checks the registration’s active worker has the right script URL. The issue was that when
            this code would execute, we may not have set the registration’s active service worker yet, in which case,
            we would update the existing registration instead of reusing it as-is.

            To address the issue, we now delay the processing of jobs until the connection to the service worker
            process has been established and we've installed all pending contexts via installContextData().

            Changed is covered by new API test.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::Connection::scheduleJobInServer):
            (WebCore::SWServer::scheduleJob):
            (WebCore::SWServer::serverToContextConnectionCreated):
            * workers/service/server/SWServer.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227219. rdar://problem/36722501

    2018-01-19  James Craig  <jcraig@apple.com>

            AX: when invert colors is on, double-invert image and picture elements in UserAgentStyleSheet
            https://bugs.webkit.org/show_bug.cgi?id=181281
            <rdar://problem/36291776>

            Reviewed by Simon Fraser.

            Updated "Smart Invert" to include img and picture element inversion and tests.

            Tests: accessibility/smart-invert-reference.html
                   accessibility/smart-invert.html

            * css/html.css:
            (@media (inverted-colors)):
            (img:not(picture>img), picture, video):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227216. rdar://problem/36722508

    2018-01-19  Chris Dumez  <cdumez@apple.com>

            The WebContent process should not process incoming IPC while waiting for a sync IPC reply
            https://bugs.webkit.org/show_bug.cgi?id=181560

            Reviewed by Ryosuke Niwa.

            Add internals API for testing purposes.

            Test: fast/misc/testIncomingSyncIPCMessageWhileWaitingForSyncReply.html

            * page/ChromeClient.h:
            * testing/Internals.cpp:
            (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply):
            * testing/Internals.h:
            * testing/Internals.idl:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227161. rdar://problem/36722461

    2018-01-18  Youenn Fablet  <youenn@apple.com>

            Do not go to the storage process when loading a main resource if there is no service worker registered
            https://bugs.webkit.org/show_bug.cgi?id=181395

            Reviewed by Chris Dumez.

            No observable behavior change.
            Instead of creating a connection to know whether there is a potential service worker,
            Ask the service worker provider that will use the connection if needed.
            Otherwise, it will use a default value provided by the UIProcess.

            Tested by cleaning all service workers and checking the computed value of the default value,
            then observing whether pages registering service workers work well.

            * loader/DocumentLoader.cpp:
            (WebCore::DocumentLoader::startLoadingMainResource):
            * workers/service/ServiceWorkerProvider.cpp:
            (WebCore::ServiceWorkerProvider::mayHaveServiceWorkerRegisteredForOrigin):
            * workers/service/ServiceWorkerProvider.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227153. rdar://problem/36722558

    2018-01-18  Chris Dumez  <cdumez@apple.com>

            Service Workers restored from persistent storage have 'redundant' state
            https://bugs.webkit.org/show_bug.cgi?id=181749
            <rdar://problem/36556486>

            Reviewed by Youenn Fablet.

            Tested by new API test.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::installContextData):
            Make sure the SWServerWorker's state is set to "activated" after it is assigned to
            the registrations' active slot. Otherwise, it stays in its default state (redundant).

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227145. rdar://problem/36722475

    2018-01-18  Antti Koivisto  <antti@apple.com>

            REGRESSION (r223604): Setting :before/after pseudo element on <noscript> asserts
            https://bugs.webkit.org/show_bug.cgi?id=181795
            <rdar://problem/36334524>

            Reviewed by David Kilzer.

            <noscript> disallows renderer generation outside CSS mechanisms, however we would still construct
            PseudoElements for them during style resolution. These were never removed properly because the
            pseudo element removal was tied to render tree teardown. Without proper removal the associated
            animations were also not canceled.

            Test: fast/css-generated-content/noscript-pseudo-anim-crash.html

            * dom/Element.cpp:
            (WebCore::Element::removedFromAncestor):

            Take care to get rid of PseudoElements when the element is removed from the tree.
            This also cancels any associated animations.

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227141. rdar://problem/36722585

    2018-01-17  Per Arne Vollan  <pvollan@apple.com>

            REGRESSION (r224780): Text stroke not applied to video captions.
            https://bugs.webkit.org/show_bug.cgi?id=181743
            <rdar://problem/35874338>

            Reviewed by Simon Fraser.

            Tests: media/track/track-css-visible-stroke-expected.html
                   media/track/track-css-visible-stroke.html

            After r224780, it is no longer possible to mix text stroke styles with webkit
            legacy text stroke styles.

            * css/StyleResolver.cpp:
            (WebCore::isValidCueStyleProperty):
            * page/CaptionUserPreferencesMediaAF.cpp:
            (WebCore::CaptionUserPreferencesMediaAF::captionsTextEdgeCSS const):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227140. rdar://problem/36722478

    2018-01-18  Andy Estes  <aestes@apple.com>

            [Payment Request] Support a default shipping address for Apple Pay
            https://bugs.webkit.org/show_bug.cgi?id=181754
            <rdar://problem/36009733>

            Reviewed by Brady Eidson.

            Move shippingContact from ApplePayPaymentRequest to ApplePayRequestBase. This allows
            merchants to specify a default shipping address when using Apple Pay with Payment Request.

            This also fixes a bug found during testing where
            +[NSPersonNameComponentsFormatter localizedStringFromPersonNameComponents:style:options:]
            would throw an exception when passed a nil NSPersonNameComponents.

            Test: http/tests/ssl/applepay/ApplePayRequestShippingContact.https.html

            * Modules/applepay/ApplePayPaymentRequest.h:
            * Modules/applepay/ApplePayPaymentRequest.idl:
            * Modules/applepay/ApplePayRequestBase.cpp:
            (WebCore::convertAndValidate):
            * Modules/applepay/ApplePayRequestBase.h:
            * Modules/applepay/ApplePayRequestBase.idl:
            * Modules/applepay/ApplePaySession.cpp:
            (WebCore::convertAndValidate):
            * Modules/applepay/ApplePaySessionPaymentRequest.h:
            (WebCore::ApplePaySessionPaymentRequest::version const):
            (WebCore::ApplePaySessionPaymentRequest::setVersion):
            * Modules/applepay/cocoa/PaymentContactCocoa.mm:
            (WebCore::convert):
            * Modules/applepay/paymentrequest/ApplePayRequest.idl:
            * testing/MockPaymentCoordinator.cpp:
            (WebCore::MockPaymentCoordinator::showPaymentUI):
            (WebCore::MockPaymentCoordinator::completeMerchantValidation):
            * testing/MockPaymentCoordinator.h:

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227135. rdar://problem/36722512

    2018-01-18  Wenson Hsieh  <wenson_hsieh@apple.com>

            [iOS] Specify -[NSURL _title] for the associated URL when copying an image element
            https://bugs.webkit.org/show_bug.cgi?id=181783
            <rdar://problem/35785445>

            Reviewed by Ryosuke Niwa.

            Always specify the -[NSURL _title] to be either the title specified in a PasteboardImage's inner PasteboardURL,
            or if no title is specified, fall back to the user-visible URL string. This is because at least one internal
            client always tries to use the -_title property to determine the title of a pasted URL, or if none is specified,
            the -suggestedName. Since we need to set suggestedName to the preferred file name of the copied image and we
            don't want the suggested name to become the title of the link, we need to explicitly set the link title.

            In doing so, this patch also fixes a bug wherein we forget to set the _title of the NSURL we're registering to
            an NSItemProvider.

            Tests:  ActionSheetTests.CopyImageElementWithHREFAndTitle (new)
                    ActionSheetTests.CopyImageElementWithHREF (modified)

            * platform/ios/PlatformPasteboardIOS.mm:
            (WebCore::PlatformPasteboard::write):

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227082. rdar://problem/36722629

    2018-01-17  Antti Koivisto  <antti@apple.com>

            REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
            https://bugs.webkit.org/show_bug.cgi?id=181742
            <rdar://problem/36334726>

            Reviewed by David Kilzer.

            Test: fast/media/mediaqueryevaluator-crash.html

            * css/MediaQueryEvaluator.cpp:
            (WebCore::MediaQueryEvaluator::MediaQueryEvaluator):

            Use WeakPtr<Document> instead of a plain Frame pointer.

            (WebCore::MediaQueryEvaluator::evaluate const):

            Get the frame via document.

            * css/MediaQueryEvaluator.h:
            * dom/Document.cpp:
            (WebCore::Document::prepareForDestruction):

            Take care to clear style resolver.

2018-01-22  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227079. rdar://problem/36722442

    2018-01-17  Youenn Fablet  <youenn@apple.com>

            Put fetch request keepAlive behind a runtime flag
            https://bugs.webkit.org/show_bug.cgi?id=181592

            Reviewed by Chris Dumez.

            No change of behavior.

            * Modules/fetch/FetchRequest.idl:
            * page/RuntimeEnabledFeatures.h:
            (WebCore::RuntimeEnabledFeatures::fetchAPIKeepAliveEnabled const):
            (WebCore::RuntimeEnabledFeatures::setFetchAPIKeepAliveEnabled):

2018-01-18  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227147. rdar://problem/36429159

    2018-01-18  Antti Koivisto  <antti@apple.com>

            REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
            https://bugs.webkit.org/show_bug.cgi?id=181460
            <rdar://problem/36379776>

            Reviewed by Ryosuke Niwa.

            * css/parser/CSSParser.cpp:
            (WebCore::CSSParserContext::CSSParserContext):

            Don't do the expensive security origin test if the supplied sheet base URL is null. This
            is true for rules coming from the same document.

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227121. rdar://problem/36609529

    2018-01-17  Jer Noble  <jer.noble@apple.com>

            WebVTT served via HLS never results in cues
            https://bugs.webkit.org/show_bug.cgi?id=181773

            Reviewed by Eric Carlson.

            Test: http/tests/media/hls/hls-webvtt-tracks.html

            Three independant errors conspired to keep in-band WebVTT samples from parsing:

            - The definition of ISOWebVTTCue::boxTypeName() was incorrect.
            - ISOWebVTTCue::parse() didn't call it's superclass's parse() method (leading to an incorrect size and offset).
            - Use String::fromUTF8() rather than String.adopt(StringVector&&).

            * platform/graphics/iso/ISOVTTCue.cpp:
            (WebCore::ISOWebVTTCue::parse):
            * platform/graphics/iso/ISOVTTCue.h:
            (WebCore::ISOWebVTTCue::boxTypeName):

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227094. rdar://problem/36600688

    2018-01-17  Eric Carlson  <eric.carlson@apple.com>

            Use existing RGB colorspace instead of creating a new one
            https://bugs.webkit.org/show_bug.cgi?id=181765
            <rdar://problem/36595753>

            Reviewed by Dean Jackson.

            * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
            (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream): Use sRGBColorSpaceRef instead
            of creating a new static colorspace.

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226934. rdar://problem/36567980

    2018-01-12  Chris Dumez  <cdumez@apple.com>

            ASSERTION FAILED: registration || isTerminating() in WebCore::SWServerWorker::skipWaiting()
            https://bugs.webkit.org/show_bug.cgi?id=181603
            <rdar://problem/36476050>

            Reviewed by Youenn Fablet.

            No new tests, covered by existing tests that crash flakily.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::terminateWorkerInternal):
            If the connection to the context process is gone, make sure we make the worker as terminated
            so that it does not stay in Running state and in SWServer::m_runningOrTerminatingWorkers.

            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::~SWServerRegistration):
            Add assertions to make sure none of the registration's workers are still running when
            the registration is destroyed.

            (WebCore::SWServerRegistration::updateRegistrationState):
            Make sure registration workers that are overwritten are not still running.

            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::setState):
            If a worker's state is set to redundant, make sure we also terminate it.

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227103. rdar://problem/36598105

    2018-01-17  John Wilander  <wilander@apple.com>

            Resource Load Statistics: Block cookies for prevalent resources without user interaction
            https://bugs.webkit.org/show_bug.cgi?id=177394
            <rdar://problem/34613960>

            Reviewed by Alex Christensen.

            Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
                   http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
                   http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
                   http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html

            * platform/network/NetworkStorageSession.h:
                Now exports NetworkStorageSession::nsCookieStorage().
            * platform/network/cf/NetworkStorageSessionCFNet.cpp:
            (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
                Fixes the FIXME.

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227093. rdar://problem/36598105

    2018-01-17  Matt Lewis  <jlewis3@apple.com>

            Unreviewed, rolling out r227076.

            This breaks internal builds

            Reverted changeset:

            "Resource Load Statistics: Block cookies for prevalent
            resources without user interaction"
            https://bugs.webkit.org/show_bug.cgi?id=177394
            https://trac.webkit.org/changeset/227076

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227087. rdar://problem/36597993

    2018-01-17  Zalan Bujtas  <zalan@apple.com>

            Multicol: RenderMultiColumnFlow should not inherit the flow state
            https://bugs.webkit.org/show_bug.cgi?id=181762
            <rdar://problem/35448565>

            Reviewed by Simon Fraser.

            Do not compute the inherited flow state flag for RenderMultiColumnFlow.
            It is (by definition) always inside a fragmented flow.

            Test: fast/multicol/crash-when-out-of-flow-positioned-becomes-in-flow.html

            * rendering/RenderObject.cpp:
            (WebCore::RenderObject::computedFragmentedFlowState):

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227076. rdar://problem/36598105

    2018-01-17  John Wilander  <wilander@apple.com>

            Resource Load Statistics: Block cookies for prevalent resources without user interaction
            https://bugs.webkit.org/show_bug.cgi?id=177394
            <rdar://problem/34613960>

            Reviewed by Alex Christensen.

            Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
                   http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
                   http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
                   http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html

            * platform/network/NetworkStorageSession.h:
                Now exports NetworkStorageSession::nsCookieStorage().
            * platform/network/cf/NetworkStorageSessionCFNet.cpp:
            (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
                Fixes the FIXME.

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227075. rdar://problem/36598185

    2018-01-17  Daniel Bates  <dabates@apple.com>

            REGRESSION (r222795): Cardiogram never signs in
            https://bugs.webkit.org/show_bug.cgi?id=181693
            <rdar://problem/36286293>

            Reviewed by Ryosuke Niwa.

            Exempt Cardiogram from the XHR header restrictions in r222795.

            Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
            However Cardiogram also depends on such functionality.

            Test: fast/xmlhttprequest/set-dangerous-headers-from-file-when-setting-enabled.html

            * page/Settings.yaml:
            * platform/RuntimeApplicationChecks.h:
            * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
            (WebCore::IOSApplication::isCardiogram):
            * xml/XMLHttpRequest.cpp:
            (WebCore::XMLHttpRequest::setRequestHeader):

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227074. rdar://problem/36598123

    2018-01-17  Daniel Bates  <dabates@apple.com>

            ASSERTION FAILED: !m_completionHandler in PingHandle::~PingHandle()
            https://bugs.webkit.org/show_bug.cgi?id=181746
            <rdar://problem/36586248>

            Reviewed by Chris Dumez.

            Call PingHandle::pingLoadComplete() with an error when NSURLConnection queries
            whether the ping is able to respond to an authentication request. (Pings do not
            respond to authenticate requests.) It will call the completion handler, nullify
            the completion handler, and deallocate the PingHandle. Nullifying the completion
            handler is necessary to avoid the assertion failure in ~PingHandle().

            Test: http/tests/misc/before-unload-load-image.html

            * platform/network/PingHandle.h:

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227073. rdar://problem/36598265

    2018-01-17  Daniel Bates  <dabates@apple.com>

            WebCoreResourceHandleAsOperationQueueDelegate/ResourceHandleCFURLConnectionDelegateWithOperationQueue may
            be deleted in main thread callback
            https://bugs.webkit.org/show_bug.cgi?id=181747
            <rdar://problem/36588120>

            Reviewed by Alex Christensen.

            Retain the delegate (e.g. WebCoreResourceHandleAsOperationQueueDelegate) before scheduling
            a main thread callback and blocking on a semaphore for its reply because the main thread
            callback can do anything, including deleting the delegate, before the non-main thread
            has a chance to execute. For instance, a PingHandle will delete itself (and hence delete
            its resource handle delegate) in most of the code paths invoked by the delegate.

            * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
            (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
            (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):

2018-01-17  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227070. rdar://problem/36598339

    2018-01-17  Chris Dumez  <cdumez@apple.com>

            'fetch' event may be sent to a service worker before its state is set to 'activated'
            https://bugs.webkit.org/show_bug.cgi?id=181698
            <rdar://problem/36554856>

            Reviewed by Youenn Fablet.

            'fetch' event may be sent to a service worker before its state is set to 'activated'.
            When the registration's active worker needs to intercept a load, and its state is 'activating',
            we queue the request to send the fetch event in SWServerWorker::m_whenActivatedHandlers.
            Once the SWServerWorker::setState() is called with 'activated' state, we then call the
            handlers in m_whenActivatedHandlers to make send the fetch event now that the worker is
            activated. The issue is that even though the worker is activated and its state was set to
            'activated' on Storage process side, we had not yet notified the ServiceWorker process
            of the service worker's new state yet.

            To address the issue, we now make sure that SWServerWorker::m_whenActivatedHandlers are
            called *after* we've sent the IPC to the ServiceWorker process to update the worker's
            state to 'activated'. Also, we now call ServiceWorkerFetch::dispatchFetchEvent()
            asynchronously in a postTask() as the service worker's state is also updated asynchronously
            in a postTask. This is as per specification [1], which says to "queue a task" to fire
            the fetch event.

            [1] https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)

            No new tests, covered by imported/w3c/web-platform-tests/service-workers/service-worker/fetch-waits-for-activate.https.html
            which hits the new assertion without the fix.

            * workers/service/context/ServiceWorkerFetch.cpp:
            (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
            Add assertions to make sure that we dispatch the fetch event on the right worker and
            that the worker is in 'activated' state.

            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::ServiceWorkerThread::postFetchTask):
            Queue a task to fire the fetch event as per:
            - https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
            We need to match the specification exactly here or things will happen in the wrong
            order. In particular, things like "update registration state" and "update worker state"
            might happen *after* firing the fetch event, even though the IPC for "update registration/worker
            state" was sent before the "fire fetch event" one, because the code for updating a registration/
            worker state already queues a task, as per the specification.

            * workers/service/server/SWServerRegistration.cpp:
            (WebCore::SWServerRegistration::updateWorkerState):
            * workers/service/server/SWServerRegistration.h:
            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::setState):
            Move code to send the IPC to the Service Worker process whenever the service worker's state
            needs to be updated from SWServerRegistration::updateWorkerState() to SWServerWorker::setState().
            This way, we can make sure the IPC is sent *before* we call the m_whenActivatedHandlers handlers,
            as they may also send IPC to the Service Worker process, and we need to make sure this IPC happens
            after so that the service worker is in the right state.

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226880. rdar://problem/36569616

    2018-01-12  Commit Queue  <commit-queue@webkit.org>

            Unreviewed, rolling out r226721.
            https://bugs.webkit.org/show_bug.cgi?id=181583

            Lets do a slightly different fix (Requested by anttik on
            #webkit).

            Reverted changeset:

            "REGRESSION(r225650): The scores of MotionMark tests Multiply
            and Leaves dropped by 8%"
            https://bugs.webkit.org/show_bug.cgi?id=181460
            https://trac.webkit.org/changeset/226721

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227010. rdar://problem/36567991

    2018-01-16  Chris Dumez  <cdumez@apple.com>

            SWServerWorker::m_contextConnectionIdentifier may get out of date
            https://bugs.webkit.org/show_bug.cgi?id=181687
            <rdar://problem/36548111>

            Reviewed by Brady Eidson.

            SWServerWorker::m_contextConnectionIdentifier may get out of date. This happens when the
            context process crashes and is relaunched.

            No new tests, added assertion in terminateWorkerInternal() that hits without this fix.

            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::runServiceWorker):
            (WebCore::SWServer::terminateWorkerInternal):
            (WebCore::SWServer::unregisterServiceWorkerClient):
            * workers/service/server/SWServerWorker.h:
            (WebCore::SWServerWorker::setContextConnectionIdentifier):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226916. rdar://problem/36568057

    2018-01-11  Dean Jackson  <dino@apple.com>

            [WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
            https://bugs.webkit.org/show_bug.cgi?id=181558
            <rdar://problem/36189833>

            Reviewed by Eric Carlson.

            Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
            our simulated vertexAttrib0 buffer might be too large. We need
            to check for out-of-memory, but we can also detect some of the issues
            earlier in our validation code. Additionally, make sure that we don't
            accidentally cast an unsigned to a signed.

            Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

            * html/canvas/WebGL2RenderingContext.cpp:
            (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
            code to look for overflow, rather than relying on looking for sign changes.
            * html/canvas/WebGLRenderingContext.cpp:
            (WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
            (WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
            (WebCore::WebGLRenderingContextBase::drawElements):
            (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
            use GC3Duint, since that's what the indicies are.
            (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
            (WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
            (WebCore::WebGLRenderingContextBase::drawElementsInstanced):
            * html/canvas/WebGLRenderingContextBase.h:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227009. rdar://problem/36567976

    2018-01-16  Jer Noble  <jer.noble@apple.com>

            Reset MediaSourcePrivateAVFObjC's m_sourceBufferWithSelectedVideo when the underlying SourceBufferPrivate is removed.
            https://bugs.webkit.org/show_bug.cgi?id=181707
            <rdar://problem/34809474>

            Reviewed by Eric Carlson.

            Test: media/media-source/media-source-remove-unload-crash.html

            * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
            (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227006. rdar://problem/36567998

    2018-01-16  Zalan Bujtas  <zalan@apple.com>

            AX: Do not trigger layout in updateBackingStore() unless it is safe to do so
            https://bugs.webkit.org/show_bug.cgi?id=181703
            <rdar://problem/36365706>

            Reviewed by Ryosuke Niwa.

            Document::isSafeToUpdateStyleOrLayout() can tell whether it is safe to run layout.

            Unable to create test with WebInspector involved.

            * accessibility/AccessibilityObject.cpp:
            (WebCore::AccessibilityObject::updateBackingStore):
            * dom/Document.cpp:
            (WebCore::Document::isSafeToUpdateStyleOrLayout const):
            (WebCore::Document::updateStyleIfNeeded):
            (WebCore::Document::updateLayout):
            (WebCore::isSafeToUpdateStyleOrLayout): Deleted.
            * dom/Document.h:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r227000. rdar://problem/36567987

    2018-01-16  Simon Fraser  <simon.fraser@apple.com>

            Text looks bad on some CSS spec pages
            https://bugs.webkit.org/show_bug.cgi?id=181700
            rdar://problem/36552107

            Reviewed by Tim Horton.

            When making new tiles in a TileController, we failed to set their "supports antialiased layer text"
            setting, so tile caches could end up with a mixture of layers that do and do not support
            antialiased layer text.

            No tests because the tiled drawing tests don't dump out tiles inside of tile caches.

            * platform/graphics/ca/TileController.cpp:
            (WebCore::TileController::createTileLayer):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226993. rdar://problem/36567965

    2018-01-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

            REGRESSION(r221292): svg/animations/animateTransform-pattern-transform.html crashes with security assertion
            https://bugs.webkit.org/show_bug.cgi?id=179986

            Reviewed by Simon Fraser.

            This patch reverts all or parts of the following changes-sets
                <http://trac.webkit.org/changeset/221292>
                <http://trac.webkit.org/changeset/197967>
                <http://trac.webkit.org/changeset/196670>

            A JS statement like this:
                var item = text.x.animVal.getItem(0);

            Creates the following C++ objects:
                SVGAnimatedListPropertyTearOff<SVGLengthListValues> for 'text.x'
                SVGListPropertyTearOff<SVGLengthListValues> for 'text.x.animVal'
                SVGPropertyTearOff<SVGLengthValue> for 'text.x.animVal.getItem(0)'

            If 'item' changes, the attribute 'x' of the element '<text>' will change
            as well. But this binding works only in one direction. If the attribute
            'x' of the element '<text>' changes, e.g.:

                text.setAttribute('x', '10,20,30');

            This will detach 'item' from the element <text> and any further changes
            in 'item' won't affect the attribute 'x' of element <text>.

            The one direction binding can only work if this chain of tear-off objects
            is kept connected. This is implemented by RefCounted back pointers from
            SVGPropertyTearOff and SVGListPropertyTearOff to SVGAnimatedListPropertyTearOff.

            The security crashes and the memory leaks are happening because of the
            raw forward pointers:
                -- SVGAnimatedListPropertyTearOff maintains raw pointers of type
                   SVGListPropertyTearOff for m_baseVal and m_animVal
                -- The m_wrappers and m_animatedWrappers of SVGAnimatedListPropertyTearOff
                   are vectors of raw pointer Vector<SVGLength*>

            To control the life cycle of the raw pointers, SVGListPropertyTearOff and
            SVGPropertyTearOff call SVGAnimatedListPropertyTearOff::propertyWillBeDeleted()
            to notify it they are going to be deleted. In propertyWillBeDeleted(), we
            clear the pointers so they are not used after being freed. This mechanism
            has been error-prone and we've never got it 100% right.

            The solution we need to adopt with SVG tear-off objects is the following:
                -- All the forward pointers should be weak pointers.
                -- All the back pointers should be ref pointers.

            This solution may not look intuitive but it solves the bugs and keeps the
            one direction binding. The forward weak pointers allows the tear-off
            objects to go aways if no reference from JS exists. The back ref pointers
            maintains the chain of objects and guarantees the correct binding.

            * svg/SVGPathSegList.h:
            * svg/SVGTransformList.h:
            * svg/properties/SVGAnimatedListPropertyTearOff.h:
            (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
            (WebCore::SVGAnimatedListPropertyTearOff::animVal):
            * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
            * svg/properties/SVGAnimatedProperty.h:
            (WebCore::SVGAnimatedProperty::isAnimatedListTearOff const):
            (WebCore::SVGAnimatedProperty::propertyWillBeDeleted): Deleted.
            * svg/properties/SVGAnimatedPropertyTearOff.h:
            * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
            * svg/properties/SVGListProperty.h:
            (WebCore::SVGListProperty::initializeValuesAndWrappers):
            (WebCore::SVGListProperty::getItemValuesAndWrappers):
            (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
            (WebCore::SVGListProperty::replaceItemValuesAndWrappers):
            (WebCore::SVGListProperty::removeItemValuesAndWrappers):
            (WebCore::SVGListProperty::appendItemValuesAndWrappers):
            (WebCore::SVGListProperty::createWeakPtr const):
            * svg/properties/SVGListPropertyTearOff.h:
            (WebCore::SVGListPropertyTearOff::removeItemFromList):
            (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff): Deleted.
            * svg/properties/SVGPropertyTearOff.h:
            (WebCore::SVGPropertyTearOff::createWeakPtr const):
            (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226990. rdar://problem/36568066

    2018-01-16  Eric Carlson  <eric.carlson@apple.com>

            AVSampleBufferDisplayLayer should be flushed when application activates
            https://bugs.webkit.org/show_bug.cgi?id=181623
            <rdar://problem/36487738>

            Reviewed by Darin Adler.

            No new tests, I wasn't able to reproduce it in a test.

            * WebCore.xcodeproj/project.pbxproj:
            * dom/Document.cpp:
            (WebCore::Document::addApplicationStateChangeListener): New.
            (WebCore::Document::removeApplicationStateChangeListener): Ditto.
            (WebCore::Document::forEachApplicationStateChangeListener): Ditto.
            * dom/Document.h:

            * html/HTMLMediaElement.cpp:
            (WebCore::HTMLMediaElement::registerWithDocument): Register for application state changes.
            (WebCore::HTMLMediaElement::unregisterWithDocument): Unregister.
            (WebCore::HTMLMediaElement::applicationWillResignActive): Pass through to the player.
            (WebCore::HTMLMediaElement::applicationDidBecomeActive): Ditto.
            * html/HTMLMediaElement.h:

            * page/ApplicationStateChangeListener.h: Added.
            (WebCore::ApplicationStateChangeListener::applicationWillResignActive):
            (WebCore::ApplicationStateChangeListener::applicationDidBecomeActive):
            * page/Page.cpp:
            (WebCore::Page::forEachDocument):
            (WebCore::Page::applicationWillResignActive):
            (WebCore::Page::applicationDidEnterBackground):
            (WebCore::Page::applicationWillEnterForeground):
            (WebCore::Page::applicationDidBecomeActive):
            * page/Page.h:
            * platform/graphics/MediaPlayer.cpp:
            (WebCore::MediaPlayer::applicationWillResignActive):
            (WebCore::MediaPlayer::applicationDidBecomeActive):
            * platform/graphics/MediaPlayer.h:
            * platform/graphics/MediaPlayerPrivate.h:
            (WebCore::MediaPlayerPrivateInterface::applicationWillResignActive):
            (WebCore::MediaPlayerPrivateInterface::applicationDidBecomeActive):

            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
            * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Switch
            to release logging.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueCorrectedVideoSample): Split out of enqueueVideoSample.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample): Move code that updates
            the display later to enqueueCorrectedVideoSample. Rearrange logic to the image painter sample
            buffer has the correct timestamp.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerErrorDidChange): Switch to release logging.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerStatusDidChange): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::applicationDidBecomeActive): f the display
            layer is in the "failed" state, flush the renderer and update the display mode.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayers): Switch to release logging.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::cancelLoad): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::prepareToPlay): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVolume): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setMuted): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateReadyState) Ditto.:
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): Ditto.
            (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateSampleTimes): Deleted.

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226982. rdar://problem/36567983

    2018-01-16  Jer Noble  <jer.noble@apple.com>

            Crash playing audio-only HLS stream via hls.js (MSE)
            https://bugs.webkit.org/show_bug.cgi?id=181691
            <rdar://problem/32967295>

            Reviewed by Eric Carlson.

            Add a weak-link check to the block called by -[AVSampleBufferDisplayLayer requestMediaDataWhenReadyOnQueue:usingBlock:].

            * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
            (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):
            (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples):
            (WebCore::SourceBufferPrivateAVFObjC::setVideoLayer):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226951. rdar://problem/36568098

    2018-01-15  Youenn Fablet  <youenn@apple.com>

            RealtimeMediaSource should be ThreadSafeRefCounted
            https://bugs.webkit.org/show_bug.cgi?id=181649

            Reviewed by Eric Carlson.

            Difficult to write a test as this is really racy.
            RealtimeIncomingVideoSourceCocoa::OnFrame is taking a reference on a background thread
            to send a task to the main thread.
            This requires it to be thread safe ref counted.

            * platform/mediastream/RealtimeMediaSource.h:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226930. rdar://problem/36567972

    2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>

            Data URL fonts split in the middle of an alphabet cause random letters to disappear
            https://bugs.webkit.org/show_bug.cgi?id=175845
            <rdar://problem/33996578>

            Reviewed by Brent Fulgham.

            It is fairly common practice for a font foundry to split a font up into two files such that a semi-random
            half of the alphabet is present in one of the files, and the other half is present in the other file. This
            practice involves representing the files as data URLs, so as to minimize the time it takes to load them.

            Because resource loading is asynchronous (even for data URLs), it is possible today to get a paint after
            the first file is loaded but before the second file is loaded. Indeed, because of the way font fallback
            works, we will never start loading the second file until a layout has occurred with the first font.

            Because a site usually only uses this pattern for a handful of fonts, and I've never seen this pattern
            being used for CJK fonts, it isn't very expensive to opportunistically decode these data URLs eagerly.
            Using this method doesn't actually guarantee that the two fonts will load in between successive paints,
            but it at least makes this much more likely. This patch implements this strategy, along with a size
            threshold to make sure that we won't decode any super large data URLs when it isn't necessary.

            Test: fast/text/font-load-data-partitioned-alphabet.html

            * css/CSSFontFace.cpp:
            (WebCore::CSSFontFace::opportunisticallyStartFontDataURLLoading):
            * css/CSSFontFace.h:
            * css/CSSFontFaceSource.cpp:
            (WebCore::CSSFontFaceSource::opportunisticallyStartFontDataURLLoading):
            * css/CSSFontFaceSource.h:
            * css/CSSFontSelector.cpp:
            (WebCore::CSSFontSelector::opportunisticallyStartFontDataURLLoading):
            * css/CSSFontSelector.h:
            * platform/graphics/FontCascadeFonts.cpp:
            (WebCore::opportunisticallyStartFontDataURLLoading):
            (WebCore::FontCascadeFonts::glyphDataForVariant):
            * platform/graphics/FontSelector.h:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226929. rdar://problem/36567962

    2018-01-12  Alex Christensen  <achristensen@webkit.org>

            History state should be updated during client redirects with asynchronous policy decisions
            https://bugs.webkit.org/show_bug.cgi?id=181358
            <rdar://problem/35547689>

            Reviewed by Andy Estes.

            When decidePolicyForNavigationAction is responded to asynchronously during a client redirect,
            HistoryController::updateForRedirectWithLockedBackForwardList does not update the history because
            the document loader has not been marked as a client redirect because the FrameLoader only looks
            at its provisional document loader to mark it as a client redirect.  When decidePolicyForNavigationAction
            is responded to asynchronously, though, the FrameLoader's provisional document loader has moved to
            its policy document loader.  To get both asynchronous and synchronous cases, let's just mark the document
            loader as a client redirect whether it's the provisional or policy document loader.

            Covered by a new API test.

            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::loadURL):
            (WebCore::FrameLoader::loadPostRequest):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226919. rdar://problem/36567968

    2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>

            [Cocoa] CTFontCopyDefaultCascadeListForLanguages() can return nullptr
            https://bugs.webkit.org/show_bug.cgi?id=181615
            <rdar://problem/36334637>

            Reviewed by Jon Lee.

            Speculative fix. We are getting crash reports saying that this call can return nullptr, and we
            don't check for it.

            No new tests because I couldn't find the specific input that causes it to return nullptr. (I
            tried running this code with every 0, 1, and 2 length locale string, every weight value, and
            every italic value, and couldn't get it to crash. I also inspected the code to figure out what
            values would cause it to return nullptr, and I couldn't find anything other than if the system
            has a totally busted font setup.)

            * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
            (WebCore::SystemFontDatabase::computeCascadeList):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226908. rdar://problem/36568060

    2018-01-12  Dean Jackson  <dino@apple.com>

            drawElements should be invalid if vertexAttrib0 doesn't have data
            https://bugs.webkit.org/show_bug.cgi?id=181609
            <rdar://problem/36392883>

            Reviewed by Antoine Quint.

            If a vertex attribute has been enabled, but no data provided, then
            draw validation should fail.

            Test: fast/canvas/webgl/drawElements-empty-vertex-data.html

            * html/canvas/WebGLRenderingContextBase.cpp:
            (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If there were
            never any data in the vertex buffer, then we incorrectly compared with 0.

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226906. rdar://problem/36568006

    2018-01-12  Youenn Fablet  <youenn@apple.com>

            FormDataElement::lengthInBytes should use ThreadableBlobRegistry
            https://bugs.webkit.org/show_bug.cgi?id=181554

            Reviewed by Chris Dumez.

            Covered by updated test.

            Fix blobRegistry() use and add support for creating a response that may trigger the issue.


            * platform/network/FormData.cpp:
            (WebCore::FormDataElement::lengthInBytes const): Was using directly blobRegistry() while ThreadableBlobRegistry is more appropriate
            in case this is called from workers.
            * Modules/fetch/FetchBody.h:
            * Modules/fetch/FetchResponse.h:
            * fileapi/Blob.h:
            * testing/ServiceWorkerInternals.cpp:
            (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
            * testing/ServiceWorkerInternals.h:
            * testing/ServiceWorkerInternals.idl:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226904. rdar://problem/36568017

    2018-01-12  Youenn Fablet  <youenn@apple.com>

            WebProcess should pass the registration identifier and not the worker identifier for fetch events
            https://bugs.webkit.org/show_bug.cgi?id=181591

            Reviewed by Chris Dumez.

            Test: http/wpt/service-workers/update-service-worker.https.html

            Store service worker registration identifier in ResourceLoaderOptions instead of service worker identifier.

            * loader/DocumentThreadableLoader.cpp:
            (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
            (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
            * loader/ResourceLoaderOptions.h:
            * loader/WorkerThreadableLoader.cpp:
            (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
            * loader/cache/CachedResourceLoader.cpp:
            (WebCore::CachedResourceLoader::prepareFetch):
            (WebCore::CachedResourceLoader::determineRevalidationPolicy const):
            * loader/cache/CachedResourceRequest.cpp:
            (WebCore::CachedResourceRequest::setSelectedServiceWorkerRegistrationIdentifierIfNeeded):
            (WebCore::CachedResourceRequest::setNavigationServiceWorkerRegistrationData):
            (WebCore::CachedResourceRequest::setSelectedServiceWorkerIdentifierIfNeeded): Deleted.
            * loader/cache/CachedResourceRequest.h:
            * workers/WorkerScriptLoader.cpp:
            (WebCore::WorkerScriptLoader::loadSynchronously):
            (WebCore::WorkerScriptLoader::loadAsynchronously):
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::activeWorkerFromRegistrationID):
            * workers/service/server/SWServer.h:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226898. rdar://problem/36568103

    2018-01-12  Jer Noble  <jer.noble@apple.com>

            WebGL video texture black in Safari 11.0.2 and wrong colored in Safari Preview 11.1
            https://bugs.webkit.org/show_bug.cgi?id=181445
            <rdar://problem/36383183>

            Reviewed by Dean Jackson.

            Tests: added compile-time correctness tests for YCbCrMatrix values.

            Perform the derivation from YCbCr coefficients into matrices in constexpr expressions
            at compile-time. This allows us to also perform compile-time correctness checks to catch
            regressions which may cause incorrect color conversions.

            Since we now have general-purpose derivation of matrix values from coefficients,
            adding missing specificed matrices is trivial, so add support for SMPTE 240M and BT.2020
            matrices.

            * platform/graphics/cv/VideoTextureCopierCV.cpp:
            (WebCore::GLfloatColor::GLfloatColor):
            (WebCore::GLfloatColor::abs):
            (WebCore::GLfloatColor::isApproximatelyEqualTo const):
            (WebCore::YCbCrMatrix::operator Vector<GLfloat> const):
            (WebCore::YCbCrMatrix::YCbCrMatrix):
            (WebCore::YCbCrMatrix::operator* const):
            (WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226842. rdar://problem/36568025

    2018-01-11  Chris Dumez  <cdumez@apple.com>

            Setting Window.opener to null should disown its opener
            https://bugs.webkit.org/show_bug.cgi?id=181505
            <rdar://problem/36443151>

            Reviewed by Ryosuke Niwa.

            Setting Window.opener to null should disown its opener as per:
            - https://html.spec.whatwg.org/#dom-opener

            With this change, tabs opened by clicking link inside Gmail no
            longer have the Gmail window as opener.

            Tests: fast/dom/Window/window-opener-set-to-null.html
                   fast/dom/Window/window-opener-shadowing.html

            * bindings/js/JSDOMWindowCustom.cpp:
            (WebCore::JSDOMWindow::setOpener):
            * page/DOMWindow.cpp:
            (WebCore::DOMWindow::disownOpener):
            * page/DOMWindow.h:
            * page/DOMWindow.idl:

2018-01-16  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226790. rdar://problem/36568094

    2018-01-11  Youenn Fablet  <youenn@apple.com>

            Replace WebRTCLegacyAPIDisabled by WebRTCLegacyAPIEnabled and switch off WebRTC legacy flag by default
            https://bugs.webkit.org/show_bug.cgi?id=181480

            Reviewed by Eric Carlson.

            No change of behavior.

            * page/RuntimeEnabledFeatures.h: Set default value to false.

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Apply patch. rdar://problem/36303061

    Disable WebKit features we don't want to ship after branching
    <rdar://problem/36303061>

    2018-01-12  Maciej Stachowiak  <mjs@apple.com>

            Disable WebKit features we don't want to ship after branching
            <rdar://problem/36303061>

            Reviewed by Maciej Stachowiak.

            * Configurations/FeatureDefines.xcconfig:

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226905. rdar://problem/36483899

    2018-01-12  Jer Noble  <jer.noble@apple.com>

            Wrap CDMFairPlayStreaming and related classes in ENABLE(ENCRYPTED_MEDIA) checks
            https://bugs.webkit.org/show_bug.cgi?id=181602

            Reviewed by Maciej Stachowiak.

            * platform/graphics/avfoundation/CDMFairPlayStreaming.h:
            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
            * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226745. rdar://problem/36392368

    2018-01-10  Youenn Fablet  <youenn@apple.com>

            Use no-cache fetch mode when loading main documents with location.reload()
            https://bugs.webkit.org/show_bug.cgi?id=181285

            Reviewed by Alex Christensen.

            Covered by rebased tests.

            Start to translate cache policy used for navigation as FetchOptions::Cache.
            This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
            To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

            For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
            as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
            Keep reload mode for ReloadFromOrigin.

            * loader/DocumentLoader.cpp:
            (WebCore::toFetchOptionsCache):
            (WebCore::DocumentLoader::loadMainResource):
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::loadFrameRequest):
            (WebCore::FrameLoader::loadURL):
            (WebCore::FrameLoader::load):
            (WebCore::FrameLoader::reload):
            (WebCore::FrameLoader::defaultRequestCachingPolicy):
            (WebCore::FrameLoader::loadDifferentDocumentItem):
            * loader/NavigationScheduler.cpp:

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226825. rdar://problem/36458902

    2018-01-11  James Craig  <jcraig@apple.com>

            AX: when invert colors is on, double-invert video elements in UserAgentStyleSheet
            https://bugs.webkit.org/show_bug.cgi?id=168447
            <rdar://problem/30559874>

            Reviewed by Simon Fraser.

            Double-invert video when platform "invert colors" setting is enabled. Behavior matches
            current "Smart Invert" feature of Safari Reader on macOS/iOS and other iOS native apps.

            Tests: accessibility/smart-invert-reference.html
                   accessibility/smart-invert.html

            * Modules/modern-media-controls/controls/media-controls.css:
            (@media (inverted-colors)):
            (:host):
            (picture):
            * css/html.css:
            (@media (inverted-colors)):
            (video):

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226822. rdar://problem/36458924

    2018-01-11  Filip Pizlo  <fpizlo@apple.com>

            Rename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
            https://bugs.webkit.org/show_bug.cgi?id=181543

            Rubber stamped by Michael Saboff.

            No new tests because I'm just renaming things.

            * ForwardingHeaders/heap/BlockDirectoryInlines.h: Copied from Source/WebCore/ForwardingHeaders/heap/MarkedAllocatorInlines.h.
            * ForwardingHeaders/heap/MarkedAllocatorInlines.h: Removed.
            * bindings/js/DOMGCOutputConstraint.cpp:

2018-01-12  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226813. rdar://problem/36458922

    2018-01-11  Chris Dumez  <cdumez@apple.com>

            ASSERTION FAILED: registration in WebCore::SWServerWorker::skipWaiting()
            https://bugs.webkit.org/show_bug.cgi?id=181222
            <rdar://problem/36332686>

            Reviewed by Youenn Fablet.

            Replace assertion in SWServerWorker::skipWaiting() that assumes the worker
            has a registration. Nowadays, a SWServerWorker can stay alive for a short
            period without having a registration, while it is terminating.

            No new tests, unskipped existing test.

            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::skipWaiting):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226818. rdar://problem/36458899

    2018-01-11  Alex Christensen  <achristensen@webkit.org>

            REGRESSION(r225003): Loading hangs in environments where dispatch_async does not work
            https://bugs.webkit.org/show_bug.cgi?id=181553
            <rdar://problem/35733938>

            Reviewed by Eric Carlson.

            There is an environment where dispatch_async does not work, but performSelectorOnMainThread works.
            r225003 broke loading in this environment.  This fixes it and updates the test that r225003 fixed.
            It failed sometimes because loading was happening in a different order than html parsing, so I made
            the test not depend on html parsing timing by updating media/video-src-remove.html.

            * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
            (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226804. rdar://problem/36450810

    2018-01-11  Youenn Fablet  <youenn@apple.com>

            RTCController should disable ICE candidate filtering in case of getUserMedia based on the RTCPerrConnection origin
            https://bugs.webkit.org/show_bug.cgi?id=180851

            Reviewed by Eric Carlson.

            Test: http/wpt/webrtc/third-party-frame-ice-candidate-filtering.html

            RTCController now stores all the client origins (top+frame origins) of frames that got access to camera/microphone access.
            For any such client origin, PeerConnection objects ICE candidate filtering is disabled.
            ICE candidate filtering is reset whenever navigating/reloading the page.

            * Modules/mediastream/RTCController.cpp:
            (WebCore::RTCController::reset):
            (WebCore::matchDocumentOrigin):
            (WebCore::RTCController::shouldDisableICECandidateFiltering):
            (WebCore::RTCController::add):
            (WebCore::RTCController::disableICECandidateFilteringForAllOrigins):
            (WebCore::RTCController::disableICECandidateFiltering):
            (WebCore::RTCController::enableICECandidateFiltering):
            * Modules/mediastream/RTCController.h:
            * Modules/mediastream/RTCPeerConnection.cpp:
            (WebCore::RTCPeerConnection::create):
            * Modules/mediastream/UserMediaRequest.cpp:
            (WebCore::UserMediaRequest::allow):
            * page/Page.cpp:
            (WebCore::Page::disableICECandidateFiltering):
            * testing/Internals.cpp:
            (WebCore::Internals::setICECandidateFiltering):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226796. rdar://problem/36450730

    2018-01-11  Antoine Quint  <graouts@apple.com>

            Only listen to webkitplaybacktargetavailabilitychanged when media controls are visible to the user
            https://bugs.webkit.org/show_bug.cgi?id=181547
            <rdar://problem/35947650>

            Reviewed by Eric Carlson.

            Because listening to "webkitplaybacktargetavailabilitychanged" events incurs some higher power usage on iOS,
            we only listen to such events when controls are visible to the user. In other words, the MediaControls need to
            have both "visible" set to "true" and "faded" set to "false". To support this, we add a delegate method on
            MediaControls such that it can tell the MediaController that the "visible" property changed. With this message,
            MediaController can inform its MediaControllerSupport objects that user visibility of the controls changed, which
            lets AirplaySupport disable itself when controls are no longer visible.

            Test: media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls.html

            * Modules/modern-media-controls/controls/media-controls.js:
            (MediaControls.prototype.set visible):
            * Modules/modern-media-controls/media/airplay-support.js:
            (AirplaySupport.prototype.controlsUserVisibilityDidChange):
            * Modules/modern-media-controls/media/media-controller-support.js:
            (MediaControllerSupport.prototype.controlsUserVisibilityDidChange):
            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController.prototype.mediaControlsVisibilityDidChange):
            (MediaController.prototype.mediaControlsFadedStateDidChange):
            (MediaController.prototype._controlsUserVisibilityDidChange):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226795. rdar://problem/36450750

    2018-01-11  Antoine Quint  <graouts@apple.com>

            [iOS] There should be no controls markup generated in fullscreen
            https://bugs.webkit.org/show_bug.cgi?id=181540
            <rdar://problem/35060379>

            Reviewed by Eric Carlson.

            We completely forgo the display of any content when fullscreen on iOS by setting the
            "visible" flag to "false" on the MediaControls, which will prevent any DOM content from
            being added.

            * Modules/modern-media-controls/media/media-controller.js:
            (MediaController.prototype.handleEvent):
            (MediaController.prototype._updateiOSFullscreenProperties):
            (MediaController):
            (MediaController.prototype._updateSupportingObjectsEnabledState): Deleted.

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226791. rdar://problem/36450803

    2018-01-10  Simon Fraser  <simon.fraser@apple.com>

            On macOS, getBoundingClientRect gives incorrect values when pinch-zoomed
            https://bugs.webkit.org/show_bug.cgi?id=181511
            rdar://problem/33741427

            Reviewed by Zalan Bujtas.

            When reverting "client coordinates are relative to layout viewport" in r219829
            I broke documentToClientOffset() on macOS by failing to take pinch zoom scale into
            account (frameScaleFactor() is always 1 on iOs, so this bug doesn't manifest there).

            Covered by existing tests.

            * page/FrameView.cpp:
            (WebCore::FrameView::documentToClientOffset const):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226778. rdar://problem/36450800

    2018-01-11  Michael Saboff  <msaboff@apple.com>

            Add a DOM gadget for Spectre testing
            https://bugs.webkit.org/show_bug.cgi?id=181351

            Reviewed by Ryosuke Niwa.

            This change is used to test Spectre mitigations.

            Added a new DOM class to test for Spectre issues in the DOM layer.
            This additional functionality is disabled by default and must be enabled
            through the JSC option "enableSpectreGadgets".

            * CMakeLists.txt:
            * DerivedSources.make:
            * Sources.txt:
            * WebCore.xcodeproj/project.pbxproj:
            * bindings/js/WebCoreBuiltinNames.h:
            * dom/SpectreGadget.cpp: Added.
            (WebCore::SpectreGadget::SpectreGadget):
            (WebCore::SpectreGadget::create):
            (WebCore::SpectreGadget::setReadLength):
            (WebCore::SpectreGadget::charCodeAt):
            (WebCore::SpectreGadget::clflushReadLength):
            * dom/SpectreGadget.h: Added.
            * dom/SpectreGadget.idl: Added.
            * page/RuntimeEnabledFeatures.cpp:
            (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
            * page/RuntimeEnabledFeatures.h:

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226766. rdar://problem/36459143

    2018-01-10  Andy Estes  <aestes@apple.com>

            [Payment Request] Rename ApplePayMerchantValidationEvent to MerchantValidationEvent
            https://bugs.webkit.org/show_bug.cgi?id=181437
            <rdar://problem/36376481>

            Reviewed by Tim Horton.

            Renamed ApplePayMerchantValidationEvent to MerchantValidationEvent and changed complete() to accept a Promise.

            Test: http/tests/paymentrequest/payment-request-merchant-validation.https.html

            * DerivedSources.make:
            * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
            (WebCore::ApplePayPaymentHandler::merchantValidationCompleted):
            (WebCore::ApplePayPaymentHandler::validateMerchant):
            * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
            * Modules/paymentrequest/MerchantValidationEvent.cpp: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp.
            (WebCore::MerchantValidationEvent::create):
            (WebCore::MerchantValidationEvent::MerchantValidationEvent):
            (WebCore::MerchantValidationEvent::eventInterface const):
            (WebCore::MerchantValidationEvent::complete):
            * Modules/paymentrequest/MerchantValidationEvent.h: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h.
            * Modules/paymentrequest/MerchantValidationEvent.idl: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl.
            * Modules/paymentrequest/PaymentHandler.h:
            * Modules/paymentrequest/PaymentRequest.cpp:
            (WebCore::PaymentRequest::completeMerchantValidation):
            * Modules/paymentrequest/PaymentRequest.h:
            * Modules/paymentrequest/PaymentRequest.idl:
            * WebCore.xcodeproj/project.pbxproj:
            * dom/EventNames.h:
            * dom/EventNames.in:

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226753. rdar://problem/36429138

    2018-01-10  Wenson Hsieh  <wenson_hsieh@apple.com>

            REGRESSION(r222507): Composition highlight doesn't render when using IME
            https://bugs.webkit.org/show_bug.cgi?id=181485
            <rdar://problem/35896516>

            Reviewed by Ryosuke Niwa.

            Fixes the order of arguments passed to paintTextSubrangeBackground from paintCompositionBackground.

            Test: editing/marked-text-appearance.html

            * rendering/InlineTextBox.cpp:
            (WebCore::InlineTextBox::paintCompositionBackground):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226721. rdar://problem/36429159

    2018-01-10  Antti Koivisto  <antti@apple.com>

            REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
            https://bugs.webkit.org/show_bug.cgi?id=181460
            <rdar://problem/36379776>

            Reviewed by Ryosuke Niwa.

            * css/parser/CSSParser.cpp:
            (WebCore::CSSParserContext::CSSParserContext):

            Don't do the expensive security origin test if the sheet base URL and document URL are identical.
            This is true for inline style and inline stylesheets.

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226705. rdar://problem/36429137

    2018-01-10  Youenn Fablet  <youenn@apple.com>

            Add Service Worker CSP persistency
            https://bugs.webkit.org/show_bug.cgi?id=181434

            Reviewed by Alex Christensen.

            Covered by manual testing.
            Future work on service worker test infrastructure should allow automating such tests.

            Add support for service worker CSP data persistency.
            Add a version parameter to increment each time the schema is changing.
            This allows the same store to be used by multiple WebKits.

            * workers/service/server/RegistrationDatabase.cpp:
            (WebCore::v1RecordsTableSchema):
            (WebCore::RegistrationDatabase::openSQLiteDatabase):
            (WebCore::RegistrationDatabase::doPushChanges):
            (WebCore::RegistrationDatabase::importRecords):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226677. rdar://problem/36429157

    2018-01-09  Chris Dumez  <cdumez@apple.com>

            Make service workers behave correctly with regards to Page Cache
            https://bugs.webkit.org/show_bug.cgi?id=181446
            <rdar://problem/36164291>

            Reviewed by Youenn Fablet.

            Make service workers behave correctly with regards to Page Cache:
            1. If a document has an active service worker, do not let it go into PageCache
            2. When a document goes into page cache, unregister it from the list of service worker clients
            3. When a document is restored from page cache, add it nack to the list of service worker clients

            Tests: http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache.html
                   http/tests/workers/service/client-removed-from-clients-while-in-page-cache.html
                   http/tests/workers/service/no-page-cache-when-controlled.html
                   http/tests/workers/service/other_resources/test.html

            * dom/Document.cpp:
            (WebCore::Document::suspend):
            (WebCore::Document::resume):
            * history/PageCache.cpp:
            (WebCore::canCacheFrame):
            * page/DiagnosticLoggingKeys.cpp:
            (WebCore::DiagnosticLoggingKeys::serviceWorkerKey):
            * page/DiagnosticLoggingKeys.h:

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226668. rdar://problem/36429139

    2018-01-09  Myles C. Maxfield  <mmaxfield@apple.com>

            font-display:fallback can cause a visual flash (which is supposed to be impossible)
            https://bugs.webkit.org/show_bug.cgi?id=181374

            Reviewed by Simon Fraser.

            A FontCascade represents an entire font-family fallback list, but sometimes we need to pull out a single
            representative font from the list to calculate things like line height. Previously, if the first item in
            the font-family list was in the middle of being downloaded, this representative font was hardcoded to be
            Times. However, when actually laying out and drawing the glyphs, we have logic to skip the interstitial
            Times if there are any installed fonts present in the font-family list (so you wouldn't ever actually
            see Times). This means that line height (among other things) was being calculated as if Times was used,
            but in reality, some other font from the font-family list was being used.

            Alone, this isn't a huge problem, but font-display:fallback makes a font transition between "timed out"
            and "failed," and when the font hits the failed state, the representative font skips over the cancelled
            item and hits the next item in the fallback list. This means that line heights will change, which causes
            a visual flash, even when font-display:fallback is specified.

            The solution is simply to educate the logic which identifies this representative font so that it
            understands what to do for currently-loading fonts.

            Tests: fast/text/font-display/swap-flash.html

            * platform/graphics/FontCascadeFonts.h:
            (WebCore::FontCascadeFonts::primaryFont):
            * rendering/line/BreakingContext.h:
            (WebCore::textWidth):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226653. rdar://problem/36429147

    2018-01-09  Antti Koivisto  <antti@apple.com>

            Blank page except for inner iframes because pending stylesheets cause style.isNotFinal() to be true
            https://bugs.webkit.org/show_bug.cgi?id=180940
            <rdar://problem/36116507>

            Reviewed by Darin Adler.

            Test: http/tests/local/loading-stylesheet-import-remove.html

            If a <link> referencing a stylesheet containing an @import that was still loading was removed
            from the document, the loading state was never cleared. For head stylesheets this blocked
            rendering permanently.

            Test reduction by Justin Ridgewell.

            * html/HTMLLinkElement.cpp:
            (WebCore::HTMLLinkElement::removedFromAncestor):

            Test if the stylesheet it loading before clearing the pointer.

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226599. rdar://problem/36429130

    2018-01-08  Said Abou-Hallawa  <sabouhallawa@apple.com>

            A canvas should not be tainted if it draws a data URL SVGImage with a <foreignObject>
            https://bugs.webkit.org/show_bug.cgi?id=180301

            Reviewed by Dean Jackson.

            Don't taint the canvas if it draws a data URL SVGImage with a <foreignObject>.
            There should not be a cross-origin data leak in this case.

            Tests: svg/as-image/svg-canvas-data-url-svg-with-feimage-not-tainted.html
                   svg/as-image/svg-canvas-data-url-svg-with-foreign-object-not-tainted.html
                   svg/as-image/svg-canvas-data-url-svg-with-image-not-tainted.html

            * html/ImageBitmap.cpp:
            (WebCore::taintsOrigin):
            * html/canvas/CanvasRenderingContext.cpp:
            (WebCore::CanvasRenderingContext::wouldTaintOrigin):

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226013. rdar://problem/36096522

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226127. rdar://problem/36123315

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226140. rdar://problem/36139222

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226168. rdar://problem/36145846

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226179. rdar://problem/36156495

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226181. rdar://problem/36148601

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226196. rdar://problem/36157613

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226221. rdar://problem/36167692

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226237. rdar://problem/36183940

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226240. rdar://problem/36180916

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226246. rdar://problem/36184788

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226265. rdar://problem/36188262

2018-01-11  Jason Marcell  <jmarcell@apple.com>

        Revert r226273. rdar://problem/36196266

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226638. rdar://problem/36392286

    2018-01-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

            Check Image::m_image is not null in ImageLoader::decode()
            https://bugs.webkit.org/show_bug.cgi?id=180386
            <rdar://problem/34634483>

            Reviewed by Tim Horton.

            Ensure ImageLoader::m_image is not null before referencing it.

            * loader/ImageLoader.cpp:
            (WebCore::ImageLoader::decode):

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226628. rdar://problem/36392341

    2018-01-09  Youenn Fablet  <youenn@apple.com>

            Add CSP support to service workers
            https://bugs.webkit.org/show_bug.cgi?id=181385

            Reviewed by Chris Dumez.

            Covered by rebased tests.

            Added recovery of CSP information from WorkerScriptLoader.
            Added plumbing to pass the CSP information to Service Workers.
            Did not add persistency support for the CSP information as this requires changing the SQL database schema.
            This will be done in a follow-up.

            * workers/WorkerScriptLoader.cpp:
            (WebCore::WorkerScriptLoader::loadAsynchronously):
            (WebCore::WorkerScriptLoader::didReceiveResponse):
            * workers/WorkerScriptLoader.h:
            (WebCore::WorkerScriptLoader::contentSecurityPolicy const):
            * workers/service/SWClientConnection.cpp:
            (WebCore::SWClientConnection::finishedFetchingScript):
            (WebCore::SWClientConnection::failedFetchingScript):
            * workers/service/SWClientConnection.h:
            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::addRegistration):
            (WebCore::ServiceWorkerContainer::jobFailedWithException):
            (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
            (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
            * workers/service/ServiceWorkerContainer.h:
            * workers/service/ServiceWorkerContextData.cpp:
            (WebCore::ServiceWorkerContextData::isolatedCopy const):
            * workers/service/ServiceWorkerContextData.h:
            (WebCore::ServiceWorkerContextData::encode const):
            (WebCore::ServiceWorkerContextData::decode):
            * workers/service/ServiceWorkerFetchResult.h:
            (WebCore::ServiceWorkerFetchResult::encode const):
            (WebCore::ServiceWorkerFetchResult::decode):
            * workers/service/ServiceWorkerGlobalScope.cpp:
            (WebCore::ServiceWorkerGlobalScope::create):
            * workers/service/ServiceWorkerGlobalScope.h:
            * workers/service/ServiceWorkerJob.cpp:
            (WebCore::ServiceWorkerJob::notifyFinished):
            * workers/service/ServiceWorkerJobClient.h:
            * workers/service/context/ServiceWorkerThread.cpp:
            (WebCore::ServiceWorkerThread::ServiceWorkerThread):
            (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
            * workers/service/server/RegistrationDatabase.cpp:
            (WebCore::v1RecordsTableSchema):
            (WebCore::RegistrationDatabase::importRecords):
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::updateWorker):
            (WebCore::SWServer::installContextData):
            * workers/service/server/SWServer.h:
            * workers/service/server/SWServerJobQueue.cpp:
            (WebCore::SWServerJobQueue::scriptFetchFinished):
            * workers/service/server/SWServerWorker.cpp:
            (WebCore::SWServerWorker::SWServerWorker):
            (WebCore::m_contentSecurityPolicy):
            (WebCore::SWServerWorker::contextData const):
            * workers/service/server/SWServerWorker.h:

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226626. rdar://problem/36392359

    2018-01-09  Youenn Fablet  <youenn@apple.com>

            SWClientConnection should not keep references to service worker jobs
            https://bugs.webkit.org/show_bug.cgi?id=181381

            Reviewed by Chris Dumez.

            Difficult to test determiniscally but corresponding crash log should no longer happen in debug builds.

            Stopped passing ServiceWorkerJob references from ServiceWorkerContainer (potentially in service worker thread) to SWClientConnection (main thread).
            Instead pass job identifiers and related data to the main thread.

            Minor refactoring to use ServiceWorkerJobIdentifier instead of ServiceWorkerJobDataIdentifier which contains more data than needed.

            * workers/service/SWClientConnection.cpp:
            (WebCore::SWClientConnection::scheduleJob):
            (WebCore::SWClientConnection::failedFetchingScript):
            (WebCore::SWClientConnection::postTaskForJob):
            (WebCore::SWClientConnection::jobRejectedInServer):
            (WebCore::SWClientConnection::registrationJobResolvedInServer):
            (WebCore::SWClientConnection::unregistrationJobResolvedInServer):
            (WebCore::SWClientConnection::startScriptFetchForServer):
            (WebCore::SWClientConnection::clearPendingJobs):
            (WebCore::SWClientConnection::finishedFetchingScript): Deleted.
            * workers/service/SWClientConnection.h:
            * workers/service/ServiceWorkerContainer.cpp:
            (WebCore::ServiceWorkerContainer::scheduleJob):
            (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
            (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
            (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
            * workers/service/ServiceWorkerContainer.h:
            * workers/service/server/SWServer.cpp:
            (WebCore::SWServer::rejectJob):
            (WebCore::SWServer::resolveRegistrationJob):
            (WebCore::SWServer::resolveUnregistrationJob):
            (WebCore::SWServer::startScriptFetch):
            * workers/service/server/SWServer.h:

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226623. rdar://problem/36392380

    2018-01-09  Carlos Garcia Campos  <cgarcia@igalia.com>

            REGRESSION(r224460): Text fields sometimes get "messed up"
            https://bugs.webkit.org/show_bug.cgi?id=181115

            Reviewed by Zalan Bujtas.

            Add the scroll position to paint offset before computing the clip rectangle. Before r224460, scroll position was
            substracted after the clip rectangle was computed.

            * rendering/LayoutState.cpp:
            (WebCore::LayoutState::computeClipRect):

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226617. rdar://problem/36392336

    2018-01-09  Ryosuke Niwa  <rniwa@webkit.org>

            Release assert in addResourceTiming when a cache resource is requested during style recalc
            https://bugs.webkit.org/show_bug.cgi?id=181137
            <rdar://problem/35666574>

            Reviewed by Simon Fraser.

            Make the dispatching of resourcetimingbufferfull event asynchronous to avoid dispatching it
            synchronously during a style resolution when CachedResourceLoader::requestImage requests
            a previously loaded image.

            We now schedule a timer when the resource timing buffer becomes full, and dispatch the event
            when the timer fires. Meanwhile, we have a backup buffer to which additional resource timing
            entries would be added. Once the event is dispatched, we refill the buffer exposed to author
            scripts. When refilling the buffer results in it becoming full again, we keep repeating the
            process of firing resourcetimingbufferfull and re-filling the buffer until either we stop
            making progress (i.e. the script didn't increase the number of empty entires in the buffer)
            or the backup buffer (at the time we started this process) becomes empty.

            Also fixed a bug that we were firing resourcetimingbufferfull event when the last entry that
            fits within the buffer size was added instead of when an entry is being added to an already
            full buffer. To make this work, the patch introduces m_resourceTimingBufferFullFlag,
            representing the concept "resource timing buffer full" flag in the resource timing specification.

            Test: http/tests/performance/performance-resource-timing-resourcetimingbufferfull-crash.html

            * page/Performance.cpp:
            (WebCore::Performance::Performance):
            (WebCore::Performance::clearResourceTimings):
            (WebCore::Performance::setResourceTimingBufferSize):
            (WebCore::Performance::addResourceTiming):
            (WebCore::Performance::resourceTimingBufferFullTimerFired):
            * page/Performance.h:

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226542. rdar://problem/36392364

    2018-01-08  John Wilander  <wilander@apple.com>

            Storage Access API: Remove access for all frames under a page when the page is closed
            https://bugs.webkit.org/show_bug.cgi?id=181398
            <rdar://problem/36357879>

            Reviewed by Alex Christensen.

            No new tests. Discussed with Alex Christensen and we concluded that
            both a layout test and an API test would require a lot of work and
            we have existing tests for clearing out storage access for frames.

            * platform/network/NetworkStorageSession.h:
            * platform/network/cf/NetworkStorageSessionCFNet.cpp:
            (WebCore::NetworkStorageSession::removeStorageAccessForAllFramesOnPage):

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226526. rdar://problem/36392384

    2018-01-08  Youenn Fablet  <youenn@apple.com>

            Stop exposing fetch and extendable events to window
            https://bugs.webkit.org/show_bug.cgi?id=181325

            Reviewed by Chris Dumez.

            Covered by updated tests.

            Marked FetchEvent and ExtendableEvent as visible in ServiceWorker environments only.
            Moved related Internals testing routines to ServiceWorkerInternals.

            * testing/Internals.cpp:
            (WebCore::Internals::waitForFetchEventToFinish): Deleted.
            (WebCore::Internals::createBeingDispatchedFetchEvent): Deleted.
            * testing/Internals.h:
            * testing/Internals.idl:
            * testing/ServiceWorkerInternals.cpp:
            (WebCore::ServiceWorkerInternals::waitForFetchEventToFinish):
            (WebCore::ServiceWorkerInternals::createBeingDispatchedFetchEvent):
            * testing/ServiceWorkerInternals.h:
            * testing/ServiceWorkerInternals.idl:
            * workers/service/ExtendableEvent.idl:
            * workers/service/FetchEvent.idl:

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Cherry-pick r226521. rdar://problem/36392339

    2018-01-08  Antti Koivisto  <antti@apple.com>

            REGRESSION (r219145): Toggling layer borders on a static document no longer works immediately
            https://bugs.webkit.org/show_bug.cgi?id=176260
            <rdar://problem/34219966>

            Reviewed by Simon Fraser.

            Optimization reveled bugs in debug indicator painting.

            Test: compositing/debug-borders-dynamic.html

            * platform/graphics/ca/GraphicsLayerCA.cpp:
            (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
            (WebCore::GraphicsLayerCA::updateDebugIndicators):
            (WebCore::GraphicsLayerCA::updateDebugBorder): Deleted.

            - Rename to indicate this is not just about debug borders.
            - Trigger display so repaint counters get painted. This helper is only called when the indicators change.

            * platform/graphics/ca/GraphicsLayerCA.h:
            * rendering/RenderLayerCompositor.cpp:
            (WebCore::RenderLayerCompositor::cacheAcceleratedCompositingFlags):

            Ensure we do compositing update on debug border change even when there is no layout.

2018-01-09  Jason Marcell  <jmarcell@apple.com>

        Revert r226432. rdar://problem/10353542

2018-01-08  Jeremy Jones  <jeremyj@apple.com>

        Standard controls sometimes say video is in pip when it isnt.
        https://bugs.webkit.org/show_bug.cgi?id=181095
        rdar://problem/36182687

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::exitFullscreen):

2018-01-08  Jer Noble  <jer.noble@apple.com>

        REGRESSION: [iOS] ASSERTION FAILED: !node.isConnected() in WebCore::notifyNodeInsertedIntoDocument
        https://bugs.webkit.org/show_bug.cgi?id=181091

        Reviewed by Darin Adler.

        Move the work previously performed in insertedIntoAncestor() into didFinishInsertingNode().

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::prepareForLoad):

2018-01-08  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Use isolated fill and stroke source containers
        https://bugs.webkit.org/show_bug.cgi?id=181386

        Reviewed by Carlos Garcia Campos.

        Generate fill and stroke source objects upon invocation of various Cairo
        operations, initializing necessary data from the GraphicsContextState
        object.

        Cairo::FillSource and Cairo::StrokeSource structs are introduced, both
        being default-constructible as well as providing a constructor that
        accepts a GraphicsContextState object from which the appropriate
        resources are created.

        The FillSource and StrokeSource objects are then passed to
        PlatformContextCairo's prepareForFilling() and prepareForStroking()
        methods. Here the helper prepareCairoContextSource() function is now
        invoked with cairo_pattern_t objects as pattern or gradient sources, or
        the source color if neither cairo_pattern_t object is specified.

        The FillSource and StrokeSource constructors mimic the previous behavior
        of prepareCairoContextSource(). In case the source is a Pattern object,
        a cairo_pattern_t object is created from that. In case of FillSource,
        we also retrieve pattern size, transform and repetition information. In
        case the source os a Gradient object, we create a 'base' cairo_pattern_t
        object for a completely opaque alpha channel. Additionally, if the alpha
        value on the state is not 1, we create an alpha-adjusted cairo_pattern_t
        that is potentially used for any filling or stroking operation that has
        to preserve transparency. If neither Pattern or Gradient objects are set
        on the GraphicsContextState, we default to the current fill or stroke
        color.

        Overall, there's no change in behavior, this is simply a refactoring
        that enables us to construct Cairo objects for filling and stroking
        sources at the time of Cairo operation dispatch, instead of pulling down
        GraphicsContextState deeper into the Cairo-specific code.

        No new tests -- no change in functionality.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawPathShadow):
        (WebCore::Cairo::fillCurrentCairoPath):
        (WebCore::Cairo::FillSource::FillSource):
        (WebCore::Cairo::StrokeSource::StrokeSource):
        (WebCore::Cairo::fillRect):
        (WebCore::Cairo::fillRectWithRoundedHole):
        (WebCore::Cairo::fillPath):
        (WebCore::Cairo::strokeRect):
        (WebCore::Cairo::strokePath):
        (WebCore::Cairo::drawGlyphs):
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::strokeRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        (WebCore::prepareCairoContextSource):
        (WebCore::PlatformContextCairo::prepareForFilling):
        (WebCore::PlatformContextCairo::prepareForStroking):
        (WebCore::PlatformContextCairo::clipForPatternFilling):
        * platform/graphics/cairo/PlatformContextCairo.h:

2018-01-08  Youenn Fablet  <youenn@apple.com>

        navigator.onLine does not work inside service workers
        https://bugs.webkit.org/show_bug.cgi?id=181079
        <rdar://problem/36178606>

        Reviewed by Darin Adler.

        Test: http/wpt/service-workers/online.https.html

        Added support for onLine by reusing a similar implementation as regular workers.
        Added ServiceWorkerInternals as an interface for an object exposed as self.internals in WTR.
        This object has currently one method to trigger change in the online/offline status.
        This allows writing a test for the onLine feature.

        Note that self.internals is inserted asynchronously after the script was evaluated.
        When writing a worker script using self.internals, one must make sure to use self.internals when initialized.
        online-worker.js for instance makes use of self.internals in a postMessage callback.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WorkerScriptController.h:
        * dom/ScriptExecutionContext.h:
        * testing/ServiceWorkerInternals.cpp: Added.
        (WebCore::ServiceWorkerInternals::ServiceWorkerInternals):
        (WebCore::ServiceWorkerInternals::setOnline):
        * testing/ServiceWorkerInternals.h: Added.
        * testing/ServiceWorkerInternals.idl: Added.
        * testing/js/WebCoreTestSupport.cpp:
        (WebCoreTestSupport::setupNewlyCreateServiceWorker):
        * testing/js/WebCoreTestSupport.h:
        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::registerServiceWorkerThreadForInstall):
        (WebCore::SWContextManager::startedServiceWorker):
        * workers/service/context/SWContextManager.h:
        (WebCore::SWContextManager::setServiceWorkerCreationCallback):
        (WebCore::SWContextManager::workerByID):
        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
        (WebCore::ServiceWorkerThreadProxy::~ServiceWorkerThreadProxy):
        (WebCore::ServiceWorkerThreadProxy::networkStateChanged):
        (WebCore::ServiceWorkerThreadProxy::notifyNetworkStateChange):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-01-08  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Contain shadow blur requirement state in a separate object
        https://bugs.webkit.org/show_bug.cgi?id=181380

        Reviewed by Carlos Garcia Campos.

        Instead of picking up the necessary state parameters from a
        GraphicsContextState object, store the necessary parameters in a helper
        ShadowBlurUsage struct. Mimicking the mustUseShadowBlur() function that
        is being removed, values of the shadow color, shadow blur, and shadow
        transform ignorance are stored there. Additionally, the required()
        method accepts a PlatformContextCairo object through which it can
        retrieve the current CTM and determine whether it's an identity, finally
        deciding whether shadow blur can or cannot be ignored.

        Goal of this change is to limit usage of GraphicsContextState directly
        in operations implemented inside the Cairo namespace. Instead, the
        state parameters should be passed directly, or an equivalent but limited
        state object should be constructed for invocation of such operations.

        This is likely only an intermediate solution. It's possible it will be
        replaced by a more complete shadow state struct that would be used for
        any operation that is required to draw shadows, if necessary.

        No new tests -- no change in functionality.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawGlyphsShadow):
        (WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage):
        (WebCore::Cairo::ShadowBlurUsage::required const):
        (WebCore::Cairo::fillRectWithRoundedHole):
        (WebCore::Cairo::drawGlyphs):
        (WebCore::Cairo::mustUseShadowBlur): Deleted.
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::fillRectWithRoundedHole):

2018-01-08  Philippe Normand  <pnormand@igalia.com>

        [GStreamer][Soup] Remove dead getCreateOrReadBuffer code path
        https://bugs.webkit.org/show_bug.cgi?id=181376

        Reviewed by Carlos Garcia Campos.

        This code path is no longer used now that the GStreamer HTTP
        source element uses data coming directly from the network process.

        * SourcesGTK.txt:
        * SourcesWPE.txt:
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResource::getOrCreateReadBuffer): Deleted.
        * loader/MediaResourceLoader.h:
        * loader/SubresourceLoader.h:
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedRawResourceClient.h:
        (WebCore::CachedRawResourceClient::finishedTimingForWorkerLoad):
        (WebCore::CachedRawResourceClient::getOrCreateReadBuffer): Deleted.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::getOrCreateReadBuffer): Deleted.
        * loader/soup/CachedRawResourceSoup.cpp: Removed.
        * loader/soup/SubresourceLoaderSoup.cpp: Removed.
        * platform/graphics/PlatformMediaResourceLoader.h:
        (WebCore::PlatformMediaResourceClient::loadFinished):
        (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Deleted.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (CachedResourceStreamingClient::getOrCreateReadBuffer): Deleted.
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::getOrCreateReadBuffer): Deleted.
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::ensureReadBuffer):

2018-01-08  Zan Dobersek  <zdobersek@igalia.com> and Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] use FastMalloc-based GstAllocator
        https://bugs.webkit.org/show_bug.cgi?id=165793

        Reviewed by Philippe Normand.

        Add GstAllocatorFastMalloc, a GstAllocator implementation using fast malloc. It's only used when fast malloc is
        enabled and can be disabled using an environment variable for debugging purposes.

        * platform/GStreamer.cmake:
        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::initializeGStreamer):
        * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp: Added.
        (gstMemoryFastMallocNew):
        (gstAllocatorFastMallocAlloc):
        (gstAllocatorFastMallocFree):
        (gstAllocatorFastMallocMemMap):
        (gstAllocatorFastMallocMemUnmap):
        (gstAllocatorFastMallocMemCopy):
        (gstAllocatorFastMallocMemShare):
        (gstAllocatorFastMallocMemIsSpan):
        (gst_allocator_fast_malloc_class_init):
        (gst_allocator_fast_malloc_init):
        * platform/graphics/gstreamer/GstAllocatorFastMalloc.h: Added.

2018-01-07  Ms2ger  <Ms2ger@igalia.com>

        Implement createImageBitmap(ImageBitmap)
        https://bugs.webkit.org/show_bug.cgi?id=181287

        Reviewed by Darin Adler.

        Tests: imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
               imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args.html

        * html/ImageBitmap.cpp:
        (WebCore::ImageBitmap::createPromise):

2018-01-07  Ryosuke Niwa  <rniwa@webkit.org>

        Reduce the precision of "high" resolution time to 1ms
        https://bugs.webkit.org/show_bug.cgi?id=180910
        <rdar://problem/36085943>

        Reviewed by Saam Barati.

        Reduced the high prevision time's resolution to 1ms, the same precision as Date.now().

        Also fixed the bug in fillRTCStats that we weren't reducing the time resolution in RTCStats dictionaries.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::fillRTCStats):
        * page/Performance.cpp:
        (WebCore::Performance::reduceTimeResolution):

2018-01-06  Simon Fraser  <simon.fraser@apple.com>

        Possible crash computing event regions
        https://bugs.webkit.org/show_bug.cgi?id=181368
        rdar://problem/34847081

        Reviewed by Zalan Bujtas.

        Don't trigger layout in Element::absoluteEventHandlerBounds(), since this can run arbirary script
        which might delete elements or re-enter Document::absoluteRegionForEventTargets().

        It's OK to not trigger layout, because if layout is dirty, the next layout will update event regions again.

        Add a LayoutDisallowedScope to check that Document::absoluteRegionForEventTargets() doesn't
        trigger layout, and move the check for LayoutDisallowedScope::isLayoutAllowed() from Document::updateLayout()
        to LayoutContext::layout(), since some layouts don't happen via the former (e.g. the one being removed here).

        The test checks that the assertion does not fire. I was not able to get a reliable test for any crash.

        Test: fast/events/event-handler-regions-layout.html

        * dom/Document.cpp:
        (WebCore::Document::updateLayout):
        (WebCore::Document::absoluteRegionForEventTargets):
        * dom/Element.cpp:
        (WebCore::Element::absoluteEventHandlerBounds):
        * page/LayoutContext.cpp:
        (WebCore::LayoutContext::layout):
        * rendering/LayoutDisallowedScope.h: Move the #ifdefs around to avoid defining the enum twice.
        (WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::isLayoutAllowed):

2018-01-06  Simon Fraser  <simon.fraser@apple.com>

        Crash under RenderLayer::scrollTo() with marquee
        https://bugs.webkit.org/show_bug.cgi?id=181349
        rdar://problem/36190168

        Reviewed by Zalan Bujtas.

        Don't call updateWidgetPositions() synchonously during RenderLayer scrolling, because it
        can run arbitrary script which may trigger destruction of this RenderLayer.

        Instead, queue up updateWidgetPositions() on a zero-delay timer.

        Under some circumstances this may allow a paint to occur before the widgets have been
        updated (which could be fixed with a more invasive change), but in practice I saw no
        painting issues with plug-ins or iframes inside overflow scroll, in WebKit or LegacyWebKit.

        Test: fast/scrolling/marquee-scroll-crash.html

        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):
        (WebCore::FrameView::updateWidgetPositions):
        (WebCore::FrameView::scheduleUpdateWidgetPositions):
        (WebCore::FrameView::updateWidgetPositionsTimerFired):
        * page/FrameView.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2018-01-05  Dean Jackson  <dino@apple.com>

        Accurately clip copyTexImage2D and copyTexSubImage2D
        https://bugs.webkit.org/show_bug.cgi?id=181356
        <rdar://problem/35083877>

        Reviewed by Eric Carlson.

        The code to make sure copyTexSubImage2D and copyTexImage2D will not try to read
        out of bounds had a bad bug introduced here:
        https://bugs.webkit.org/show_bug.cgi?id=51421

        With appropriate parameters, it would produce a rectangle with
        negative dimensions. Most GL drivers just ignored this, but some
        are not happy.

        Test: fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::clip2D): Reimplement this in a more sane manner, and use
        checked arithmetic while here.
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::clip1D): Deleted.
        (WebCore::clip2D): Deleted.

2018-01-06  Antti Koivisto  <antti@apple.com>

        Use WeakPtr for RenderTreePosition::m_nextSibling
        https://bugs.webkit.org/show_bug.cgi?id=181363

        Reviewed by Zalan Bujtas.

        For safety. In most cases it is null and won't cause us to instantiate WeakReferences for
        many new objects.

        * rendering/updating/RenderTreePosition.cpp:
        (WebCore::RenderTreePosition::computeNextSibling):
        * rendering/updating/RenderTreePosition.h:
        (WebCore::RenderTreePosition::RenderTreePosition):
        (WebCore::RenderTreePosition::nextSibling const):

2018-01-05  David Kilzer  <ddkilzer@apple.com>

        Re-enable -Wcast-qual in WebCore for Apple ports
        <https://webkit.org/b/177895>
        <rdar://problem/34960830>

        Reviewed by Joseph Pecoraro.

        * Configurations/Base.xcconfig:
        (WARNING_CFLAGS): Remove FIXME and add -Wcast-qual back to
        arguments.

        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
        (WebCore::createAndStoreMasterKey):
        - Use checked_cf_cast<SecACLRef>().

        * editing/cocoa/DataDetection.mm:
        (WebCore::detectItemAtPositionWithRange):
        - Manually cast CFTypeRef to DDResultRef until
          DDResultGetTypeID() is available as SPI.

        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::initElementsFromArray):
        - Use checked_cf_cast<IOHIDElementRef>().

        * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
        (WebCore::MediaSampleAVFObjC::createImageSample):
        (WebCore::CMSampleBufferIsRandomAccess):
        (WebCore::CMSampleBufferIsNonDisplaying):
        (WebCore::MediaSampleAVFObjC::createNonDisplayingCopy const):
        - Use checked_cf_cast<CFMutableDictionaryRef>() and
          checked_cf_cast<CFDictionaryRef>().

        * platform/graphics/cocoa/IOSurface.h:
        (WebCore::IOSurface::asLayerContents):
        - Use reinterpret_cast<id>() to cast from IOSurfaceRef to id.

        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
        (WebCore::WebCoreDecompressionSession::automaticDequeue):
        (WebCore::WebCoreDecompressionSession::imageForTime):
        (WebCore::WebCoreDecompressionSession::getDecodeTime):
        (WebCore::WebCoreDecompressionSession::getPresentationTime):
        (WebCore::WebCoreDecompressionSession::getDuration):
        - Use checked_cf_cast<CMSampleBufferRef>().

        * platform/graphics/Font.h:
        (WebCore::Font::m_kernedCFStringAttributes):
        (WebCore::Font::m_nonKernedCFStringAttributes):
        - Change type from RetainPtr<CFDictionaryRef> to
          RetainPtr<CFMutableDictionaryRef> since that's what they are.
        * platform/graphics/mac/SimpleFontDataCoreText.cpp:
        (WebCore::Font::getCFStringAttributes const):
        - Replace local `mutableAttributes` variable with
          `attributesDictionary.get()` since it returns the correct type
          now.

        * platform/ios/wak/WAKView.mm:
        (-[WAKView _initWithViewRef:]):
        (_WAKCopyWrapper):
        * platform/ios/wak/WKView.mm:
        (_WKViewClearSuperview):
        (WKViewFirstChild):
        (WKViewNextSibling):
        - Use static_cast<WKViewRef>(const_cast<void*>()) to convert
          const void* variable to WKViewRef.

        * platform/mac/PasteboardMac.mm:
        (WebCore::flipImageSpec):
        (WebCore::setDragImageImpl):
        - Use const_cast<> to remove 'const' modifier from
          unsigned char pointers.  This regressed while -Wcast-qual was
          disabled for WebCore.

        * platform/mac/SSLKeyGeneratorMac.mm:
        (WebCore::signedPublicKeyAndChallengeString):
        - Use checked_cf_cast<SecACLRef>().

        * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.cpp:
        (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame):
        - Use checked_cf_cast<CFMutableDictionaryRef>().

        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::copyCONNECTProxyResponse):
        - Use checked_cf_cast<CFHTTPMessageRef>().

        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::platformCertificateInfo const):
        - Use checked_cf_cast<SecTrustRef>().

        * platform/network/mac/CertificateInfoMac.mm:
        (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate const):
        (WebCore::CertificateInfo::dump const):
        - Use checked_cf_cast<SecCertificateRef>().

        * testing/cocoa/WebArchiveDumpSupport.mm:
        (WebCoreTestSupport::createCFURLResponseFromResponseData):
        - Use checked_cf_cast<>() for CFMutable* types.

2018-01-05  John Wilander  <wilander@apple.com>

        Storage Access API: Refactor to make naming accurate and explicit, simplify access table, and prepare for access removal for page
        https://bugs.webkit.org/show_bug.cgi?id=181357
        <rdar://problem/36331031>

        Reviewed by Alex Christensen.

        No new tests. The only changed functionality that isn't covered
        by existing tests is cross-origin iframes in the same partition
        should be handled as already having access. This cannot be
        tested in layout tests since they don't support subdomains.

        This change does the following:
        - Changes function and message names to reflect how this feature
          was eventually implemented, i.e. access per frame.
        - Makes it explicit that the UI process is only involved in
          granting storage access and not removing storage access.
          The latter is done directly by the web process.
        - Simplifies the network process' entry map since only needs to
          be able to give access to one domain in one frame at a time.
          Access goes away on frame navigation so there can only be one
          domain at a time per frame. Also, the map now uses pageIDs as
          main keys to prepare for efficient access removal for all
          frames under a page.
        - Fixes a bug in so that a cross-origin iframe with the same
          partition as the top frame correctly is handled as already
          having access.

        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::cookieStoragePartition const):
            The only change here is the changed named of the call to
            NetworkStorageSession::hasStorageAccessForFrame().
        (WebCore::NetworkStorageSession::hasStorageAccessForFrame const):
        (WebCore::NetworkStorageSession::grantStorageAccessForFrame):
        (WebCore::NetworkStorageSession::removeStorageAccessForFrame):
        (WebCore::NetworkStorageSession::isStorageAccessGranted const): Deleted.
        (WebCore::NetworkStorageSession::setStorageAccessGranted): Deleted.
        (WebCore::NetworkStorageSession::removeStorageAccess): Deleted.

2018-01-05  Youenn Fablet  <youenn@apple.com>

        Implement Cache API partitioning based on ClientOrigin
        https://bugs.webkit.org/show_bug.cgi?id=181240

        Reviewed by Alex Christensen.

        Covered by updated tests.

        Previously, cache storage was partitioned according the origin of the client, represented as a String.
        We now partition according both client and top origins, represented as a ClientOrigin

        Minor refactoring to use more makePendingActivity.
        Added support for IPC serialization of ClientOrigin.
        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.

        * Modules/cache/CacheStorageConnection.cpp:
        (WebCore::CacheStorageConnection::open):
        (WebCore::CacheStorageConnection::retrieveCaches):
        * Modules/cache/CacheStorageConnection.h:
        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
        (WebCore::CacheStorageConnection::doOpen):
        (WebCore::CacheStorageConnection::doRetrieveCaches):
        * Modules/cache/DOMCacheStorage.cpp:
        (WebCore::DOMCacheStorage::origin const):
        (WebCore::DOMCacheStorage::retrieveCaches):
        (WebCore::DOMCacheStorage::open):
        (WebCore::DOMCacheStorage::remove):
        * Modules/cache/DOMCacheStorage.h:
        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::WorkerCacheStorageConnection::doOpen):
        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
        * Modules/cache/WorkerCacheStorageConnection.h:
        * page/ClientOrigin.h:
        (WebCore::ClientOrigin::isolatedCopy const):
        (WebCore::ClientOrigin::encode const):
        (WebCore::ClientOrigin::decode):
        * page/SecurityOriginData.cpp:
        (WebCore::SecurityOriginData::toString const):
        (WebCore::SecurityOriginData::debugString const): Deleted.
        * page/SecurityOriginData.h:
        (WebCore::SecurityOriginData::debugString const):
        * testing/Internals.cpp:
        (WebCore::Internals::clearCacheStorageMemoryRepresentation):

2018-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Add a way to write blob data to a file URL from the UI process
        https://bugs.webkit.org/show_bug.cgi?id=181236

        Reviewed by Brady Eidson.

        Add support for writing a blob to a designated file path. See comments below for more detail. No new tests, as
        there change in behavior yet. See part 2: https://bugs.webkit.org/show_bug.cgi?id=181199.

        * page/DragController.cpp:
        (WebCore::DragController::dragAttachmentElement):
        * platform/PromisedBlobInfo.h:

        Remove PromisedBlobData entirely. This was added with the premise of having the web process deliver blob data to
        the UI process. However, the new approach I'm taking just has the UI process tell the network process to write
        a blob to a given location, so a data structure to deliver blob data over IPC is no longer necessary.

        (WebCore::PromisedBlobData::hasData const): Deleted.
        (WebCore::PromisedBlobData::hasFile const): Deleted.
        (WebCore::PromisedBlobData::operator bool const): Deleted.
        (WebCore::PromisedBlobData::fulfills const): Deleted.
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::populateBlobsForFileWriting):

        Introduce a new helper to build a list of blob data for file writing.

        (WebCore::writeFilePathsOrDataBuffersToFile):

        Introduce a new static helper to write blob data (a list of file paths and data buffers) to a given file handle.
        Automatically closes the given file handle upon exit.

        (WebCore::BlobRegistryImpl::writeBlobsToTemporaryFiles):
        (WebCore::BlobRegistryImpl::writeBlobToFilePath):

        Pull out common logic in writeBlobsToTemporaryFiles and writeBlobToFilePath into helper methods (see above), and
        refactor both methods to use the helpers.

        * platform/network/BlobRegistryImpl.h:

2018-01-05  Alex Christensen  <achristensen@webkit.org>

        Forbid < and > in URL hosts
        https://bugs.webkit.org/show_bug.cgi?id=181308
        <rdar://problem/36012757>

        Reviewed by Tim Horton.

        https://url.spec.whatwg.org/#forbidden-host-code-point does not include these characters yet, but I think it should.
        Firefox fails to parse URLs with < or > in the host.  Chrome percent encodes them.  Safari needs to do something.
        The web platform tests are unclear on this case, and they will need to be updated with the specification.
        They do show a change in behavior, though.

        * platform/URLParser.cpp:
        Add < and > to the list of forbidden host code points.

2018-01-05  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Add Mac screen capture source
        https://bugs.webkit.org/show_bug.cgi?id=181333
        <rdar://problem/36323219>

        Reviewed by Dean Jackson.

        * SourcesCocoa.txt: Add ScreenDisplayCaptureSourceMac.mm.

        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * platform/cocoa/CoreVideoSoftLink.cpp: Declare new constants used.
        * platform/cocoa/CoreVideoSoftLink.h:

        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
        (WebCore::displayReconfigurationCallBack): Call refreshCaptureDevices.
        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa): Unregister for display
        reconfiguration callbacks.
        (WebCore::DisplayCaptureManagerCocoa::captureDevices): Register for display reconfigrations.
        (WebCore::DisplayCaptureManagerCocoa::refreshCaptureDevices): Use CGActiveDisplayList to
        get list of active screens.
        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID): Validate screen
        ID, return CaptureDevice.
        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:

        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::VideoCaptureSourceFactoryMac::createVideoCaptureSource): Deal with screen capture
        on macOS.

        Implement Mac screen capture with CGDisplayStream.
        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.h: Added.
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::~DisplaySurface):
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::operator=):
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::ioSurface const):
        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm: Added.
        (WebCore::roundUpToMacroblockMultiple):
        (WebCore::ScreenDisplayCaptureSourceMac::updateDisplayID):
        (WebCore::ScreenDisplayCaptureSourceMac::create):
        (WebCore::ScreenDisplayCaptureSourceMac::ScreenDisplayCaptureSourceMac):
        (WebCore::ScreenDisplayCaptureSourceMac::~ScreenDisplayCaptureSourceMac):
        (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):
        (WebCore::ScreenDisplayCaptureSourceMac::startProducingData):
        (WebCore::ScreenDisplayCaptureSourceMac::stopProducingData):
        (WebCore::ScreenDisplayCaptureSourceMac::sampleBufferFromPixelBuffer):
        (WebCore::ScreenDisplayCaptureSourceMac::pixelBufferFromIOSurface):
        (WebCore::ScreenDisplayCaptureSourceMac::generateFrame):
        (WebCore::ScreenDisplayCaptureSourceMac::startDisplayStream):
        (WebCore::ScreenDisplayCaptureSourceMac::applySize):
        (WebCore::ScreenDisplayCaptureSourceMac::applyFrameRate):
        (WebCore::ScreenDisplayCaptureSourceMac::commitConfiguration):
        (WebCore::ScreenDisplayCaptureSourceMac::displayWasReconfigured):
        (WebCore::ScreenDisplayCaptureSourceMac::displayReconfigurationCallBack):
        (WebCore::ScreenDisplayCaptureSourceMac::frameAvailable):

2018-01-05  Don Olmstead  <don.olmstead@sony.com>

        [curl] Can't load file:// URL with a URL fragment identifier
        https://bugs.webkit.org/show_bug.cgi?id=181170

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::invokeDidReceiveResponseForFile):

2018-01-05  Don Olmstead  <don.olmstead@sony.com>

        TextCodec uses std::array but does not include it
        https://bugs.webkit.org/show_bug.cgi?id=181340

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * platform/text/TextCodec.h:

2018-01-05  Said Abou-Hallawa  <sabouhallawa@apple.com>

        SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded() should do nothing if the property is not animating
        https://bugs.webkit.org/show_bug.cgi?id=181316
        <rdar://problem/36147545>

        Reviewed by Simon Fraser.

        This is a speculative change to fix a crash which appeared after r226065.
        The crash is very intermittent and sometimes very hard to reproduce. The
        basic code analysis did not show how this crash can even happen.

        * svg/SVGAnimatedTypeAnimator.h:
        (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues): For SVG property
        with two values, e.g. <SVGAngleValue, SVGMarkerOrientType>,  we need to
        detach the wrappers of the animated property if the animated values are
        going to change. This is similar to what we did in resetFromBaseValue().

        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):

2018-01-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r226401.

        This caused timeouts on multiple platforms.

        Reverted changeset:

        "Implement Cache API partitioning based on ClientOrigin"
        https://bugs.webkit.org/show_bug.cgi?id=181240
        https://trac.webkit.org/changeset/226401

2018-01-05  Dan Bernstein  <mitz@apple.com>

        Fixed the build following AppKit API deprecations in a recent SDKs

        * platform/mac/PasteboardMac.mm:
        (WebCore::setDragImageImpl): Suppressed deprecation warnings.
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::paint): Ditto.

2018-01-05  Joseph Pecoraro  <pecoraro@apple.com>

        ServiceWorkers: Enable UserTiming / ResourceTiming
        https://bugs.webkit.org/show_bug.cgi?id=181297
        <rdar://problem/36307306>

        Reviewed by Youenn Fablet.

        Tests: http/tests/workers/service/service-worker-resource-timing.https.html
               http/tests/workers/service/service-worker-user-timing.https.html

        * loader/ResourceTiming.cpp:
        (WebCore::ResourceTiming::ResourceTiming):
        We used to clear extra NetworkLoadMetrics data early on. However,
        for Workers we want to pass the complete NetworkLoadMetrics to
        the Worker so that a Worker inspector has access to it.

        * page/PerformanceResourceTiming.cpp:
        (WebCore::PerformanceResourceTiming::PerformanceResourceTiming):
        Instead move the clearing of extra data to here, when the NetworkLoadMetrics
        have finally settled into being used only for a performance entry.

2018-01-04  Philippe Normand  <pnormand@igalia.com>

        [EME][GStreamer] Fix wrong ifdef
        https://bugs.webkit.org/show_bug.cgi?id=181289

        Reviewed by Alex Christensen.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Remove the
        ENCRYPTED_MEDIA ifdef from the VIDEO_TRACK ifdef block. Both have
        nothing to do together.

2018-01-05  Fujii Hironori  <Hironori.Fujii@sony.com>

        [Cairo] Canvas: Path::clear should clear its transform
        https://bugs.webkit.org/show_bug.cgi?id=181320

        Reviewed by Carlos Garcia Campos.

        Path of Cairo port has its cairo context. Path::clear() didn't
        clear the transform matrix of the context.

        Test: fast/canvas/reset-scaling-by-height-change.html

        * platform/graphics/cairo/PathCairo.cpp:
        (WebCore::Path::clear): Reset the transform matrix of Path.

2018-01-04  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: replace HTMLCanvasElement with CanvasRenderingContext for instrumentation logic
        https://bugs.webkit.org/show_bug.cgi?id=180770

        Reviewed by Joseph Pecoraro.

        No change in functionality.

        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::createContext2d):
        (WebCore::HTMLCanvasElement::createContextWebGL):
        (WebCore::HTMLCanvasElement::createContextWebGPU):
        (WebCore::HTMLCanvasElement::createContextBitmapRenderer):
        (WebCore::HTMLCanvasElement::reset):
        (WebCore::HTMLCanvasElement::paint):
        (WebCore::HTMLCanvasElement::setImageBuffer const):
        (WebCore::HTMLCanvasElement::addObserver): Deleted.
        (WebCore::HTMLCanvasElement::removeObserver): Deleted.
        (WebCore::HTMLCanvasElement::cssCanvasClients): Deleted.
        (WebCore::HTMLCanvasElement::notifyObserversCanvasChanged): Deleted.
        * html/OffscreenCanvas.h:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext.cpp:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::create):
        * html/canvas/CanvasRenderingContext2DBase.h:
        * html/canvas/ImageBitmapRenderingContext.h:
        * html/canvas/ImageBitmapRenderingContext.cpp:
        (WebCore::ImageBitmapRenderingContext::create):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::create):
        * html/canvas/WebGLRenderingContext.h:
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::create):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::create):
        * html/canvas/WebGPURenderingContext.cpp:
        (WebCore::WebGPURenderingContext::create):
        Instead of adding didCreateCanvasRenderingContext calls at the construction sites of each
        context, we can make the constructors private and force the usage of static `create` functions.
        This way, we have access to the fully constructed object and have a guaranteed path for creation.

        * html/CanvasBase.h:
        * html/CanvasBase.cpp:
        (WebCore::CanvasBase::~CanvasBase):
        (WebCore::CanvasBase::renderingContext const):
        (WebCore::CanvasBase::addObserver):
        (WebCore::CanvasBase::removeObserver):
        (WebCore::CanvasBase::notifyObserversCanvasChanged):
        (WebCore::CanvasBase::notifyObserversCanvasResized):
        (WebCore::CanvasBase::notifyObserversCanvasDestroyed):
        (WebCore::CanvasBase::cssCanvasClients const):
        * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged):
        * css/CSSCanvasValue.h:
        Move the CanvasObserver class to CanvasBase so that it can also be used for OffscreenCanvas.

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodes):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemory):
        (WebCore::InspectorInstrumentation::recordCanvasAction):
        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrame):
        (WebCore::InspectorInstrumentation::didEnableExtension):
        (WebCore::InspectorInstrumentation::didCreateProgram):
        (WebCore::InspectorInstrumentation::willDeleteProgram):
        (WebCore::InspectorInstrumentation::isShaderProgramDisabled):
        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvas):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas): Deleted.
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvasImpl):
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodesImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemoryImpl):
        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrameImpl):
        (WebCore::InspectorInstrumentation::didEnableExtensionImpl):
        (WebCore::InspectorInstrumentation::didCreateProgramImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl): Deleted.

        * inspector/agents/InspectorCanvasAgent.h:
        * inspector/agents/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::enable):
        (WebCore::InspectorCanvasAgent::requestNode):
        (WebCore::InspectorCanvasAgent::requestContent):
        (WebCore::InspectorCanvasAgent::requestCSSCanvasClientNodes):
        (WebCore::contextAsScriptValue):
        (WebCore::InspectorCanvasAgent::resolveCanvasContext):
        (WebCore::InspectorCanvasAgent::startRecording):
        (WebCore::InspectorCanvasAgent::stopRecording):
        (WebCore::InspectorCanvasAgent::updateShader):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didChangeCSSCanvasClientNodes):
        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::didChangeCanvasMemory):
        (WebCore::InspectorCanvasAgent::recordCanvasAction):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        (WebCore::InspectorCanvasAgent::didFinishRecordingCanvasFrame):
        (WebCore::InspectorCanvasAgent::consoleStartRecordingCanvas):
        (WebCore::InspectorCanvasAgent::didEnableExtension):
        (WebCore::InspectorCanvasAgent::didCreateProgram):
        (WebCore::InspectorCanvasAgent::canvasRecordingTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::unbindCanvas):
        (WebCore::InspectorCanvasAgent::findInspectorCanvas):
        (WebCore::InspectorCanvasAgent::unbindProgram):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas): Deleted.

        * inspector/InspectorCanvas.h:
        * inspector/InspectorCanvas.cpp:
        (WebCore::InspectorCanvas::create):
        (WebCore::InspectorCanvas::InspectorCanvas):
        (WebCore::InspectorCanvas::canvasElement):
        (WebCore::InspectorCanvas::resetRecordingData):
        (WebCore::InspectorCanvas::recordAction):
        (WebCore::InspectorCanvas::buildObjectForCanvas):
        (WebCore::InspectorCanvas::getCanvasContentAsDataURL):
        (WebCore::InspectorCanvas::buildInitialState):
        (WebCore::InspectorCanvas::~InspectorCanvas): Deleted.

        * inspector/InspectorShaderProgram.h:
        * inspector/InspectorShaderProgram.cpp:
        (WebCore::InspectorShaderProgram::context const):

        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::record):
        (WebCore::PageConsoleClient::recordEnd):

        * dom/Document.h:
        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        (WebCore::Document::nameForCSSCanvasElement const):
        We have no reason to save the CSS canvas name for each InspectorCanvas object, so instead we
        can just query for the name based on the CanvasRenderingContext's HTMLCanvasElement (assuming
        it is not an OffscreenCanvas) when we need it.

2018-01-04  Chris Fleizach  <cfleizach@apple.com>

        AX: Implement updated CSS3 Speech for 'speak' and 'speak-as' properties
        https://bugs.webkit.org/show_bug.cgi?id=180361

        Reviewed by Zalan Bujtas.

        Change speak -> speakAs, and allow a combination of properties.

        Tests: Updated accessibility/mac/css-speech-speak.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::speakAsProperty const):
        (WebCore::AccessibilityObject::speakProperty const): Deleted.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::speakAsProperty const):
        (WebCore::AccessibilityRenderObject::speakProperty const): Deleted.
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilitySpeechHint]):
        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase baseAccessibilitySpeechHint]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::speakAsToCSSValue):
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator ESpeakAs const):
        (WebCore::CSSPrimitiveValue::operator ESpeak const): Deleted.
        * css/CSSProperties.json:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertSpeakAs):
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        (WebCore::CSSParserFastPaths::isKeywordPropertyID):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeSpeakAs):
        (WebCore::CSSPropertyParser::parseSingleValue):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::speakAs const):
        (WebCore::RenderStyle::setSpeakAs):
        (WebCore::RenderStyle::initialSpeakAs):
        (WebCore::RenderStyle::speak const): Deleted.
        (WebCore::RenderStyle::setSpeak): Deleted.
        (WebCore::RenderStyle::initialSpeak): Deleted.
        * rendering/style/RenderStyleConstants.h:
        (WebCore::operator| ):
        (WebCore::operator|= ):
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator== const):
        * rendering/style/StyleRareInheritedData.h:

2018-01-04  Brian Burg  <bburg@apple.com>

        Web Inspector: Capture Element Screenshot looks fuzzy
        https://bugs.webkit.org/show_bug.cgi?id=175734
        <rdar://problem/33803377>

        Reviewed by Joseph Pecoraro and Simon Fraser.

        Screenshots taken by Web Inspector were being downscaled from the
        internal size to the logical size, causing them to be blurry when
        later upscaled to the internal size.

        Replace ScaleBehavior { Scaled, Unscaled } with PreserveResolution { No, Yes }.
        This is a lot less confusing to read both inside ImageBuffer and at its use sites.

        Remove unused CoordinateSystem argument for ImageBuffer::toDataURL,
        and replace it with PreserveResolution. Plumb PreserveResolution into toCFData
        so that PreserveResolution::Yes will preserve the internal size of
        the image buffer, just as it does in other methods that take PreserveResolution.

        At the use site in InspectorPageAgent, always request PreserveResolution::Yes snapshots
        when taking an element screenshot. For now, keep using downscaled (smaller)
        snapshots when capturing canvas previews, as the previews are not full-size.

        Test: inspector/page/hidpi-snapshot-size.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::makePresentationCopy):
        (WebCore::HTMLCanvasElement::copiedImage const):
        * html/canvas/CanvasRenderingContext2DBase.cpp:
        (WebCore::CanvasRenderingContext2DBase::createPattern):
        * inspector/agents/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::snapshotNode):
        (WebCore::InspectorPageAgent::snapshotRect):
        * page/TextIndicator.cpp:
        (WebCore::takeSnapshot):
        * platform/DragImage.cpp:
        (WebCore::createDragImageFromSnapshot):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::drawPattern):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::toDataURL const):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::createBitmapImageAfterScalingIfNeeded):
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::toDataURL const):
        (WebCore::ImageBuffer::toData const):
        (WebCore::ImageBuffer::toCFData const):
        * platform/graphics/gtk/ImageBufferGtk.cpp:
        (WebCore::ImageBuffer::toDataURL const):
        * platform/graphics/win/ImageBufferDirect2D.cpp:
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::toDataURL const):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer):

2018-01-04  John Wilander  <wilander@apple.com>

        Storage Access API: Turn feature on by default in Settings.yaml
        https://bugs.webkit.org/show_bug.cgi?id=181298
        <rdar://problem/36302506>

        Reviewed by Brent Fulgham.

        No new tests. This is just a feature settings change.

        * page/Settings.yaml:

2018-01-04  Zalan Bujtas  <zalan@apple.com>

        WebContent process crashes while loading https://www.classicspecs.com
        https://bugs.webkit.org/show_bug.cgi?id=181290
        <rdar://problem/36225906>

        Reviewed by Simon Fraser.

        Floats can overhang multiple blocks (they are called intruding floats).
        Each block keeps track of such intruding floats. When an overhanging float box is destroyed,
        we need to deregister it from all those blocks. We do it by walking up the ancestor block chain
        and check if the parent (grandparent etc) block still contains this float. Once we find the topmost block, 
        we start deregistering it by traversing back on the descendant blocks.
        Normally we do it in RenderElement::takeChildInternal right before the box is getting detached.
        However in certain cases (like when the float's parent happens to be an anonymous wrapper)
        by the time we get to ::takeChildInternal the subtree is already detached and we can't access all the
        ancestors.
        This patch ensure that the floating box is still attached during de-registration. 

        Test: fast/block/float/crash-when-intruding-float-has-anonymous-parent-and-detach.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::removeFromParentAndDestroyCleaningUpAnonymousWrappers):

2018-01-04  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Add Mock screen capture source
        https://bugs.webkit.org/show_bug.cgi?id=181291
        <rdar://problem/36298164>

        Reviewed by Dean Jackson.

        Tests:  http/tests/media/media-stream/get-display-media-prompt.html
                GetDisplayMediaTest.BasicPrompt
                GetDisplayMediaTest.Constraints

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::MediaDevices): Add static_assert to ensure MediaDevices::DisplayCaptureSurfaceType
        and RealtimeMediaSourceSettings::DisplaySurfaceType values are equivalent.
        (WebCore::MediaDevices::getSupportedConstraints): Remove bogus code.
        * Modules/mediastream/MediaDevices.h: Add DisplayCaptureSurfaceType.
        * Modules/mediastream/MediaDevices.idl: Ditto.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getSettings const): Add a FIXME.
        * Modules/mediastream/MediaStreamTrack.h: Add displaySurface and logicalSurface.

        * Modules/mediastream/MediaTrackSupportedConstraints.h: Remove displaySurface and logicalSurface.
        * Modules/mediastream/MediaTrackSupportedConstraints.idl:

        * SourcesCocoa.txt: Add DisplayCaptureManagerCocoa.cpp and DisplayCaptureSourceCocoa.cpp.

        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * platform/mediastream/CaptureDevice.h:
        (WebCore::CaptureDevice::encode const): Add.
        (WebCore::CaptureDevice::decode):

        * platform/mediastream/RealtimeMediaSourceCenter.cpp:
        (WebCore::RealtimeMediaSourceCenter::getMediaStreamDevices): Include display capture "devices".
        (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Deal with display capture devices.
        (WebCore::RealtimeMediaSourceCenter::captureDeviceWithPersistentID): Ditto.
        * platform/mediastream/RealtimeMediaSourceCenter.h:

        * platform/mediastream/RealtimeMediaSourceSettings.h:
        (WebCore::RealtimeMediaSourceSettings::displaySurface const): Return a DisplaySurfaceType.
        (WebCore::RealtimeMediaSourceSettings::setDisplaySurface): Take a DisplaySurfaceType.

        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
        (WebCore::DisplayCaptureManagerCocoa::singleton):
        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa):
        (WebCore::DisplayCaptureManagerCocoa::captureDevices):
        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID):
        (WebCore::DisplayCaptureManagerCocoa::captureDeviceWithPersistentID):
        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:

        * platform/mediastream/mac/DisplayCaptureSourceCocoa.cpp: Added.
        (WebCore::DisplayCaptureSourceCocoa::DisplayCaptureSourceCocoa):
        (WebCore::DisplayCaptureSourceCocoa::~DisplayCaptureSourceCocoa):
        (WebCore::DisplayCaptureSourceCocoa::capabilities const):
        (WebCore::DisplayCaptureSourceCocoa::settings const):
        (WebCore::DisplayCaptureSourceCocoa::settingsDidChange):
        (WebCore::DisplayCaptureSourceCocoa::startProducingData):
        (WebCore::DisplayCaptureSourceCocoa::stopProducingData):
        (WebCore::DisplayCaptureSourceCocoa::elapsedTime):
        (WebCore::DisplayCaptureSourceCocoa::applyFrameRate):
        (WebCore::DisplayCaptureSourceCocoa::emitFrame):
        * platform/mediastream/mac/DisplayCaptureSourceCocoa.h:

        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::displayCaptureDeviceManager): New.
        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:

        * platform/mock/MockRealtimeMediaSource.cpp:
        (WebCore::deviceMap): Add screen capture "devices".
        (WebCore::MockRealtimeMediaSource::displayDevices): New.
        * platform/mock/MockRealtimeMediaSource.h:

        * platform/mock/MockRealtimeMediaSourceCenter.cpp: Clean up includes.
        * platform/mock/MockRealtimeMediaSourceCenter.h:

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource): Mock two screen devices.
        (WebCore::MockRealtimeVideoSource::updateSettings): Deal with mock screens.
        (WebCore::MockRealtimeVideoSource::initializeCapabilities): Ditto.
        (WebCore::MockRealtimeVideoSource::initializeSupportedConstraints): Ditto.
        (WebCore::MockRealtimeVideoSource::drawText): Ditto.
        (WebCore::MockRealtimeVideoSource::generateFrame): Ditto.
        * platform/mock/MockRealtimeVideoSource.h:
        (WebCore::MockRealtimeVideoSource::mockCamera const):
        (WebCore::MockRealtimeVideoSource::mockScreen const):

2018-01-04  Youenn Fablet  <youenn@apple.com>

        FetchResponse should set its internal response text encoding name
        https://bugs.webkit.org/show_bug.cgi?id=181284

        Reviewed by Alex Christensen.

        Covered by rebased test.

        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::create): Set response text encoding based on content type charset.

2018-01-04  John Wilander  <wilander@apple.com>

        Storage Access API: Remove JavaScript confirm() prompt from Document::requestStorageAccess()
        https://bugs.webkit.org/show_bug.cgi?id=181276
        <rdar://problem/36290463>

        Reviewed by Alex Christensen.

        No new tests. Existing test expectations updated.

        * dom/Document.cpp:
        (WebCore::Document::requestStorageAccess):

2018-01-04  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Issues with Ahem's ex / x-height
        https://bugs.webkit.org/show_bug.cgi?id=180581

        Reviewed by Michael Catanzaro.

        Get the x-height value from the TT_OS2 table if available.

        Fixes: fast/text/break-word-pre-wrap.html
               imported/w3c/web-platform-tests/css/css-shapes-1/shape-outside/values/shape-outside-shape-arguments-000.html

        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
        (WebCore::Font::platformInit):

2018-01-04  Philippe Normand  <pnormand@igalia.com>

        Unreviewed, GTK build fix attempt after r226357

        * platform/graphics/gstreamer/GStreamerUtilities.h: The
        GST_BUFFER_DTS_OR_PTS macro was added in GStreamer 1.8 but old
        versions of Debian might not have this release yet.

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Implement Cache API partitioning based on ClientOrigin
        https://bugs.webkit.org/show_bug.cgi?id=181240

        Reviewed by Alex Christensen.

        Covered by updated tests.

        Previously, cache storage was partitioned according the origin of the client, represented as a String.
        We now partition according both client and top origins, represented as a ClientOrigin

        Minor refactoring to use more makePendingActivity.
        Added support for IPC serialization of ClientOrigin.
        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.

        * Modules/cache/CacheStorageConnection.cpp:
        (WebCore::CacheStorageConnection::open):
        (WebCore::CacheStorageConnection::retrieveCaches):
        * Modules/cache/CacheStorageConnection.h:
        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
        (WebCore::CacheStorageConnection::doOpen):
        (WebCore::CacheStorageConnection::doRetrieveCaches):
        * Modules/cache/DOMCacheStorage.cpp:
        (WebCore::DOMCacheStorage::origin const):
        (WebCore::DOMCacheStorage::retrieveCaches):
        (WebCore::DOMCacheStorage::open):
        (WebCore::DOMCacheStorage::remove):
        * Modules/cache/DOMCacheStorage.h:
        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::WorkerCacheStorageConnection::doOpen):
        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
        * Modules/cache/WorkerCacheStorageConnection.h:
        * page/ClientOrigin.h:
        (WebCore::ClientOrigin::isolatedCopy const):
        (WebCore::ClientOrigin::encode const):
        (WebCore::ClientOrigin::decode):
        * page/SecurityOriginData.cpp:
        (WebCore::SecurityOriginData::toString const):
        (WebCore::SecurityOriginData::debugString const): Deleted.
        * page/SecurityOriginData.h:
        (WebCore::SecurityOriginData::debugString const):
        * testing/Internals.cpp:
        (WebCore::Internals::clearCacheStorageMemoryRepresentation):

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Service Worker should expose redirect mode for navigation loads as manual
        https://bugs.webkit.org/show_bug.cgi?id=181067

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        * loader/CrossOriginAccessControl.cpp: Removing ContentType header only if affecting CORS checks.
        This allows extending header filtering in service worker to all modes, including Navigate.
        * workers/service/context/ServiceWorkerFetch.cpp:
        (WebCore::ServiceWorkerFetch::dispatchFetchEvent): Ideally, document loading code should set redirect to manual.
        Since it is not the case yet and that would require changes to various places, manual is set before exposing the corresponding fetch event.

2018-01-04  Youenn Fablet  <youenn@apple.com>

        ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope should be a no-op if worker is being terminated
        https://bugs.webkit.org/show_bug.cgi?id=181245

        Reviewed by Alex Christensen.

        Stop appending tasks to a terminating worker and returning false in that case.
        This mirrors what is done for regular workers.

        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::terminateWorker):
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Cancel pending script loads when service worker is being terminated
        https://bugs.webkit.org/show_bug.cgi?id=181250

        Reviewed by Alex Christensen.

        Covered by service worker tests no longer crashing in ASAN builds.

        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::notifyFinished): Clearing loader when finished.
        (WebCore::WorkerScriptLoader::cancel): Implementing cancel of a script loader by cancelling the underlying threadable loader.
        * workers/WorkerScriptLoader.h:
        * workers/service/ServiceWorkerContainer.cpp: Canceling loads of all pending jobs.
        (WebCore::ServiceWorkerContainer::stop):
        * workers/service/ServiceWorkerJob.cpp:
        (WebCore::ServiceWorkerJob::cancelPendingLoad):
        * workers/service/ServiceWorkerJob.h:

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Implement  https://fetch.spec.whatwg.org/#main-fetch default referrer policy setting
        https://bugs.webkit.org/show_bug.cgi?id=181239

        Reviewed by Alex Christensen.

        Covered by updated and rebased test.

        Setting the request referrer policy to the Document referrer policy if no one is set.
        If Document has no referrer policy, use no-referrer-when-downgrade as per the spec.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
        (WebCore::CachedResourceLoader::requestResource):
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::updateReferrerPolicy):
        (WebCore::CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders):
        * loader/cache/CachedResourceRequest.h:

2018-01-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Create attachment elements when dropping files on iOS
        https://bugs.webkit.org/show_bug.cgi?id=181192
        <rdar://problem/36280945>

        Reviewed by Tim Horton.

        Implements support for dropping data as attachment elements on iOS. See comments below for more detail.

        Tests:  WKAttachmentTests.InsertDroppedRichAndPlainTextFilesAsAttachments
                WKAttachmentTests.InsertDroppedZipArchiveAsAttachment
                WKAttachmentTests.InsertDroppedItemProvidersInOrder

        * WebCore.xcodeproj/project.pbxproj:
        * editing/WebContentReader.cpp:
        (WebCore::WebContentReader::ensureFragment):

        Add a new helper to create the WebContentReader's fragment, if it hasn't already been created.

        * editing/WebContentReader.h:
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readFilePaths):

        Rename readFilenames to readFilePaths (which better reflects its parameters, which are file paths). Also, move
        the implementation of readFilePaths to shared iOS/macOS code in WebContentReaderCocoa, and remove the stub
        implementation on iOS.

        There's a bit of code here that I kept macOS-only which deals with inserting file paths as plain text in
        editable areas, but it's unclear to me why and if WebKit clients currently find this useful, so I left a FIXME
        to investigate removing this altogether. Code for handling this plain text insertion of file paths on Mac was
        introduced in r67403.

        * editing/ios/WebContentReaderIOS.mm:
        (WebCore::WebContentReader::readFilenames): Deleted.
        * editing/mac/WebContentReaderMac.mm:
        (WebCore::WebContentReader::readFilenames): Deleted.
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod const):

        Teach DragController to accept all types conforming to "public.item" and "public.content" on iOS, only when
        attachment elements are enabled. This allows us to load content from item providers that we otherwise would not
        have loaded, since we now have the ability to fall back to attachment element insertion if the type is not have
        a default representation using standard web content.

        * platform/Pasteboard.h:
        * platform/PasteboardItemInfo.h: Added.
        (WebCore::PasteboardItemInfo::encode const):
        (WebCore::PasteboardItemInfo::decode):

        Add PasteboardItemInfo, a struct that describes an item on the pasteboard. Also, implement encoding and decoding
        support for PasteboardItemInfo. So far, the item info only describes file information about the pasteboard item,
        and flags indicating whether the item prefers attachment or inline presentation.

        * platform/PasteboardStrategy.h:

        Replace getFilenamesForDataInteraction with informationForItemAtIndex. Instead of returning all of the file
        paths associated with any item on the pasteboard, fetch a PasteboardItemInfo at a given item index, which
        includes information about the file path as well as some other metadata we'll need when deciding how to read
        pasteboard contents as a document fragment.

        * platform/PlatformPasteboard.h:
        * platform/cocoa/PasteboardCocoa.mm:
        (WebCore::Pasteboard::read):
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::readRespectingUTIFidelities):

        Teach the iOS Pasteboard to read web content using attachment elements, if enabled. There are two scenarios in
        which we would want to insert an attachment element:
        (1) The item provider uses a preferred presentation style of attachment, in which case we bail out of trying to
            handle the drop using the default mechanisms, and simply insert it as an attachment. We need this to deal
            with the case where we drop text or HTML files from the Files app, so that we don't try and insert the
            contents of the text or HTML as inline web content.
        (2) The item provider doesn't have a preferred attachment presentation style, but there's nothing WebKit would
            otherwise do with the dropped content, so insert an attachment element as a fallback. Examples where this is
            relevant are dropping a PDF or ZIP archive without attachment presentation style explicitly set.
        We first check if we fall into case (1). If so, we can bail early by inserting an attachment; otherwise, we
        proceed normally and see if we can read the contents of the drop as web content. If, at the end of default drop
        handling, we don't still have a way to represent the dropped content, enter case (2).

        (WebCore::Pasteboard::readFilePaths):
        (WebCore::Pasteboard::readFilenames): Deleted.

        Rename readFilenames to readFilePaths, and reimplement it using informationForItemAtIndex.

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::pasteboardItemPresentationStyle):
        (WebCore::PlatformPasteboard::informationForItemAtIndex):
        (WebCore::PlatformPasteboard::filenamesForDataInteraction): Deleted.

        Implement informationForItemAtIndex and remove filenamesForDataInteraction. As before, we ask the pasteboard
        (i.e. WebItemProviderPasteboard) for information about dropped file URLs. This time, we limit this to a single
        file, so we don't end up creating multiple attachment elements for each representation of a single item
        provider. See below for -preferredFileUploadURLAtIndex:fileType: for more detail.

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderLoadResult initWithItemProvider:typesToLoad:]):
        (-[WebItemProviderLoadResult canBeRepresentedAsFileUpload]):

        Remove this synthesized instance variable and instead just check the item provider's preferredPresentationStyle.

        (-[WebItemProviderLoadResult description]):

        Add a verbose -description to the load result object. Useful for debugging what was content was loaded from an
        item provider on drop.

        (-[WebItemProviderPasteboard preferredFileUploadURLAtIndex:fileType:]):

        Return the highest fidelity loaded type identifier for a given item.

        (-[WebItemProviderPasteboard allDroppedFileURLs]):
        (-[WebItemProviderPasteboard typeIdentifiersToLoadForRegisteredTypeIdentfiers:]):

        Prefer flat RTFD to RTFD. In the case where attachments are enabled and we're accepting all types of content
        using attachment elements as a fallback representation, if the source writes attributed strings to the
        pasteboard with com.apple.rtfd at a higher fidelity than com.apple.flat-rtfd, we'll end up loading only
        com.apple.rtfd and dropping the text as an attachment element because we cannot convert the dropped content to
        markup. Instead, if flat RTFD is present in the item provider, always prefer that over RTFD so that dropping as
        regular web content isn't overridden when attachment elements are enabled.

        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
        (-[WebItemProviderPasteboard droppedFileURLs]): Deleted.
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::containsCompatibleContent const):

        DragData::containsCompatibleContent should be true when attachment elements are enabled, and there are files we
        can drop as attachment elements.

        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::readFilePaths):
        (WebCore::Pasteboard::readFilenames): Deleted.

2018-01-03  Ting-Wei Lan  <lantw44@gmail.com>

        Replace hard-coded paths in shebangs with #!/usr/bin/env
        https://bugs.webkit.org/show_bug.cgi?id=181040

        Reviewed by Alex Christensen.

        * bindings/scripts/InFilesCompiler.pm:
        * bindings/scripts/InFilesParser.pm:
        * bindings/scripts/generate-bindings-all.pl:
        * bindings/scripts/generate-bindings.pl:
        * bindings/scripts/preprocess-idls.pl:
        * css/make-css-file-arrays.pl:
        * css/makeprop.pl:
        * css/makevalues.pl:
        * dom/make_event_factory.pl:
        * dom/make_names.pl:
        * extract-localizable-strings.pl:
        * make-hash-tools.pl:

2018-01-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Add plumbing for starting a drag with promised blob data
        https://bugs.webkit.org/show_bug.cgi?id=181201

        Reviewed by Tim Horton.

        Adds logic to allow dragging an attachment element as a file by sending promised blob information to the UI
        process. See comments below for more detail.

        The only change in behavior is that dragging an attachment element will no longer write web content and injected
        bundle data to the pasteboard if the attachment element's file attribute is nonnull. This will cause one
        existing WK1 layout test to fail, but will otherwise not affect any attachment editing clients. On iOS,
        attachment elements in the Mail viewer can be dragged, but each attachment's file is null, so we fall back to
        current behavior; on macOS, Mail currently overrides the drag completely, beginning at -mouseDown:, so this
        doesn't make a difference to macOS Mail either.

        * editing/Editor.h:
        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::getPasteboardTypesAndDataForAttachment):

        Add a helper method to retrieve an attachment element as web archive data, for moving attachments within the
        same document. Also gives the injected editor bundle a chance to supply custom pasteboard types.

        * loader/EmptyClients.cpp:
        * page/DragClient.h:
        (WebCore::DragClient::prepareToDragPromisedBlob):

        Add new DragClient methods to send information about a promised blob to the UI process.

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

        Call dragAttachmentElement when starting a drag on an attachment element.

        (WebCore::DragController::dragAttachmentElement):

        Try to begin dragging a given attachment element, propagating promised blob information to the client layers.
        Returns true iff the attachment is backed by blob data (i.e. the file is nonnull).

        * platform/PromisedBlobInfo.h:

        Add a list of additional types and data to PromisedBlobInfo. In addition to the promised blob info, this would
        allow injected bundle data and other private types alongside the main attachment data on the pasteboard.

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        Remove the 'resolutionScale' parameter from ImageBufferDataCG get/putBytes
        https://bugs.webkit.org/show_bug.cgi?id=181268

        Reviewed by Alex Christensen.

        These functions were always called with resolutionScale=1.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::getUnmultipliedImageData const):
        (WebCore::ImageBuffer::getPremultipliedImageData const):
        (WebCore::ImageBuffer::putByteArray):
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::getData const):
        (WebCore::ImageBufferData::putData):
        (WebCore::affineWarpBufferData): Deleted.
        * platform/graphics/cg/ImageBufferDataCG.h:

2018-01-03  John Wilander  <wilander@apple.com>

        Storage Access API: Refactor XPC for access removal to go straight from the web process to the network process
        https://bugs.webkit.org/show_bug.cgi?id=181270
        <rdar://problem/36289544>

        Reviewed by Alex Christensen.

        No new tests. Existing test re-enabled.

        This change refactors how the web process tells the network process
        to remove storage access. Previously, this was done over the UI process
        just like requests for storage access. But since no further reasoning
        is needed, the message should go straight from the web process to the
        network process for performance reasons and to minimize the risk of a
        race.

        As a consequence, the XPC code for storage access removal in the UI
        process is deleted.

        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::cookieStoragePartition const):
            Removes the storageAccessAPIEnabled check since the flag
            doesn't get propagated when the network process is created.
            Figuring this out will take some work which is unnecessary
            when we already gate access to the feature in Document.idl.

2018-01-03  James Craig  <jcraig@apple.com>

        AX: when invert colors is on, double-invert certain media elements in UserAgentStyleSheet
        https://bugs.webkit.org/show_bug.cgi?id=168447
        <rdar://problem/30559874>

        Reviewed by Simon Fraser.

        Double-invert video when platform 'invert colors' setting is enabled. Behavior matches 
        current 'Smart Invert' feature of Safari Reader on macOS/iOS and other iOS native apps.

        Tests: accessibility/smart-invert-reference.html
               accessibility/smart-invert.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (@media (inverted-colors)):
        (:host):
        (picture):
        * css/html.css:
        (@media (inverted-colors)):
        (video):

2018-01-03  Youenn Fablet  <youenn@apple.com>

        LayoutTest http/tests/media/media-stream/disconnected-frame.html to consistently fail an assertion: !m_adoptionIsRequired
        https://bugs.webkit.org/show_bug.cgi?id=181264

        Reviewed by Eric Carlson.

        Covered by http/tests/media/media-stream/disconnected-frame.html not crashing anymore in Debug builds.
        Calling suspendIfNeeded in create method instead of constructor.

        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::create):
        (WebCore::UserMediaRequest::UserMediaRequest):

2018-01-03  Antti Koivisto  <antti@apple.com>

        Remove DeprecatedCSSOMValue::equals
        https://bugs.webkit.org/show_bug.cgi?id=181241

        Reviewed by Zalan Bujtas.

        This is dead code.

        * css/DeprecatedCSSOMValue.cpp:
        (WebCore::compareCSSOMValues): Deleted.
        (WebCore::DeprecatedCSSOMValue::equals const): Deleted.
        * css/DeprecatedCSSOMValue.h:
        (WebCore::DeprecatedCSSOMValue::operator== const): Deleted.
        (WebCore::DeprecatedCSSOMComplexValue::equals const): Deleted.
        * css/DeprecatedCSSOMValueList.cpp:
        (WebCore::DeprecatedCSSOMValueList::equals const): Deleted.
        * css/DeprecatedCSSOMValueList.h:

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        feLighting is broken with primitiveUnits="objectBoundingBox"
        https://bugs.webkit.org/show_bug.cgi?id=181197

        Reviewed by Tim Horton.

        With <filter primitiveUnits="objectBoundingBox"> we need to convert the coordinates
        of fePointLights and feSpotLights into user space coordinates. Following
        https://www.w3.org/TR/SVG/filters.html#FilterElementPrimitiveUnitsAttribute
        this is done by treating them as fractions of the bounding box on the referencing
        element, with treatment for z following https://www.w3.org/TR/SVG/coords.html#Units_viewport_percentage
        
        To do this, store the bounds of the referencing elemenet on SVGFilterBuilder as
        targetBoundingBox, and store the primitiveUnits type. Then do the conversion of lighting
        coordinates in SVGFESpecularLightingElement::build() and SVGFEDiffuseLightingElement::build().

        Remove SVGFELightElement::findLightSource(), since we need to be able to pass the SVGFilterBuilder
        to the lightSource() function so hoist the code up.

        Tests: svg/filters/feDiffuseLighting-fePointLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feDiffuseLighting-fePointLight-primitiveUnits-objectBoundingBox.svg
               svg/filters/feDiffuseLighting-feSpotLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feDiffuseLighting-feSpotLight-primitiveUnits-objectBoundingBox.svg
               svg/filters/feSpecularLighting-fePointLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feSpecularLighting-fePointLight-primitiveUnits-objectBoundingBox.svg

        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::buildPrimitives const):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFEDistantLightElement.cpp:
        (WebCore::SVGFEDistantLightElement::lightSource const):
        * svg/SVGFEDistantLightElement.h:
        * svg/SVGFELightElement.cpp:
        (WebCore::SVGFELightElement::findLightSource): Deleted.
        * svg/SVGFELightElement.h:
        * svg/SVGFEPointLightElement.cpp:
        (WebCore::SVGFEPointLightElement::lightSource const):
        * svg/SVGFEPointLightElement.h:
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/SVGFESpotLightElement.cpp:
        (WebCore::SVGFESpotLightElement::lightSource const):
        * svg/SVGFESpotLightElement.h:
        * svg/graphics/filters/SVGFilterBuilder.h:
        (WebCore::SVGFilterBuilder::setTargetBoundingBox):
        (WebCore::SVGFilterBuilder::targetBoundingBox const):
        (WebCore::SVGFilterBuilder::primitiveUnits const):
        (WebCore::SVGFilterBuilder::setPrimitiveUnits):

2018-01-03  Antti Koivisto  <antti@apple.com>

        Crash beneath CSSValue::equals @ csas.cz
        https://bugs.webkit.org/show_bug.cgi?id=181243
        <rdar://problem/35990826>

        Reviewed by Alex Christensen.

        Test: fast/text/oblique-degree-equals-crash.html

        * css/CSSFontStyleValue.cpp:
        (WebCore::CSSFontStyleValue::equals const):

        Null check both oblique pointers.

2018-01-03  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Slow open time enumerating system fonts (FontCache::systemFontFamilies)
        https://bugs.webkit.org/show_bug.cgi?id=180979
        <rdar://problem/36146670>

        Reviewed by Matt Baker.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (fontNameIsSystemFont):
        (WebCore::FontCache::systemFontFamilies):
        Switch to the original Mac algorithm before r180979 that uses
        CTFontManagerCopyAvailableFontFamilyNames. Previously this wasn't
        available on iOS but now it is. This is a performance improvement on
        both platforms, but significantly so on macOS. It also finds more,
        valid, family names.

2018-01-03  Michael Catanzaro  <mcatanzaro@igalia.com>

        ASSERTION FAILED: !source || is<Target>(*source) in CoordinatedGraphicsLayer::removeFromParent
        https://bugs.webkit.org/show_bug.cgi?id=166568

        Reviewed by Simon Fraser.

        When a GraphicsLayer has a mask layer, it fails to properly unparent the mask layer before
        it is destroyed. This leaves the mask layer with a dangling parent pointer. Fix it, while
        taking care not to introduce yet another virtual function call during the execution of the
        destructor.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::willBeDestroyed):

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        SVG lighting filter lights are in the wrong coordinate system
        https://bugs.webkit.org/show_bug.cgi?id=181147

        Reviewed by Zalan Bujtas.

        Point and spot light coordinates weren't being converted into buffer-relative
        coordinates before being fed into the lighting math, resulting in incorrect light
        rendering on Retina devices, and when the filter primitive region was clipped.

        Fix by storing absoluteUnclippedSubregion on FilterEffect, which allows us to map
        lighting points from user space coordinates into the coordinates of the buffer being
        used for rendering. Also scale the light z coordinate by doing a dummy point mapping in x.

        Rename members of PointLightSource and SpotLightSource to make it clear which coordinate
        system they are in.

        Tests include HiDPI tests.

        Tests: svg/filters/fePointLight-coordinates-expected.svg
               svg/filters/fePointLight-coordinates.svg
               svg/filters/feSpotLight-coordinates-expected.svg
               svg/filters/feSpotLight-coordinates.svg
               svg/filters/hidpi/fePointLight-coordinates-expected.svg
               svg/filters/hidpi/fePointLight-coordinates.svg
               svg/filters/hidpi/feSpotLight-coordinates-expected.svg
               svg/filters/hidpi/feSpotLight-coordinates.svg

        * platform/graphics/FloatPoint3D.h: Make it easy to get and set the X and Y coords as a FloatPoint.
        (WebCore::FloatPoint3D::xy const):
        (WebCore::FloatPoint3D::setXY):
        * platform/graphics/GeometryUtilities.cpp:
        (WebCore::mapPoint):
        (WebCore::mapRect):
        * platform/graphics/GeometryUtilities.h: Helper to make a point between rects.
        * platform/graphics/filters/DistantLightSource.cpp:
        (WebCore::DistantLightSource::initPaintingData):
        * platform/graphics/filters/DistantLightSource.h:
        * platform/graphics/filters/FELighting.cpp:
        (WebCore::FELighting::drawLighting):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::mapPointFromUserSpaceToBuffer const):
        * platform/graphics/filters/FilterEffect.h:
        (WebCore::FilterEffect::setUnclippedAbsoluteSubregion):
        * platform/graphics/filters/LightSource.h:
        * platform/graphics/filters/PointLightSource.cpp:
        (WebCore::PointLightSource::initPaintingData):
        (WebCore::PointLightSource::computePixelLightingData const):
        (WebCore::PointLightSource::setX):
        (WebCore::PointLightSource::setY):
        (WebCore::PointLightSource::setZ):
        * platform/graphics/filters/PointLightSource.h:
        (WebCore::PointLightSource::position const):
        (WebCore::PointLightSource::PointLightSource):
        * platform/graphics/filters/SpotLightSource.cpp:
        (WebCore::SpotLightSource::initPaintingData):
        (WebCore::SpotLightSource::computePixelLightingData const):
        (WebCore::SpotLightSource::setX):
        (WebCore::SpotLightSource::setY):
        (WebCore::SpotLightSource::setZ):
        (WebCore::SpotLightSource::setPointsAtX):
        (WebCore::SpotLightSource::setPointsAtY):
        (WebCore::SpotLightSource::setPointsAtZ):
        * platform/graphics/filters/SpotLightSource.h:
        (WebCore::SpotLightSource::position const):
        (WebCore::SpotLightSource::direction const):
        (WebCore::SpotLightSource::SpotLightSource):
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::buildPrimitives const):
        * rendering/svg/RenderSVGResourceFilterPrimitive.cpp:
        (WebCore::RenderSVGResourceFilterPrimitive::determineFilterPrimitiveSubregion):

2018-01-03  Youenn Fablet  <youenn@apple.com>

        Select service worker for documents with data/blob URLS
        https://bugs.webkit.org/show_bug.cgi?id=181213

        Reviewed by Alex Christensen.

        Covered by updated test.

        Reusing the service worker of the parent for blob/data URL documents.

        * loader/DocumentLoader.cpp:
        (WebCore::isLocalURL):
        (WebCore::DocumentLoader::commitData):

2018-01-03  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r226352.

        Breaks Sierra and El Capitan builds.

        Reverted changeset:

        "Web Inspector: Slow open time enumerating system fonts
        (FontCache::systemFontFamilies)"
        https://bugs.webkit.org/show_bug.cgi?id=180979
        https://trac.webkit.org/changeset/226352

2018-01-03  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] The bus synchronous handler should be in the base player class
        https://bugs.webkit.org/show_bug.cgi?id=181237

        Reviewed by Carlos Garcia Campos.

        Because this is where video rendering is handled.

        No new tests, this is only a refactoring.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::setPipeline):

2018-01-03  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] move MediaSample implementation out of mse/
        https://bugs.webkit.org/show_bug.cgi?id=179165

        Reviewed by Carlos Garcia Campos.

        This module isn't specific to MSE and can potentially be reused
        elsewhere, for WebRTC for instance. Additionally the
        ::platformSample() method was implemented and the code was cleaned up.

        * platform/GStreamer.cmake:
        * platform/MediaSample.h:
        * platform/graphics/gstreamer/GStreamerMediaSample.cpp: Renamed from Source/WebCore/platform/graphics/gstreamer/mse/GStreamerMediaSample.cpp.
        (WebCore::GStreamerMediaSample::platformSample):
        * platform/graphics/gstreamer/GStreamerMediaSample.h: Renamed from Source/WebCore/platform/graphics/gstreamer/mse/GStreamerMediaSample.h.
        * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
        (WebCore::PlaybackPipeline::enqueueSample):

2018-01-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix resource load stats tests on GLib based ports after r226355.

        The monitor can be created in the work queue thread too.

        * platform/glib/FileMonitorGLib.cpp:
        (WebCore::FileMonitor::FileMonitor):

2018-01-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Crash destroying WebCore::FileMonitor
        https://bugs.webkit.org/show_bug.cgi?id=181138

        Reviewed by Michael Catanzaro.

        Ensure that platform file monitor is always created and destroyed in the work queue thread synchronously.

        * platform/FileMonitor.h:
        * platform/glib/FileMonitorGLib.cpp:
        (WebCore::FileMonitor::FileMonitor):
        (WebCore::FileMonitor::~FileMonitor):
        (WebCore::FileMonitor::didChange):

2018-01-02  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Slow open time enumerating system fonts (FontCache::systemFontFamilies)
        https://bugs.webkit.org/show_bug.cgi?id=180979
        <rdar://problem/36146670>

        Reviewed by Matt Baker.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::systemFontFamilies):
        Switch to the original Mac algorithm before r180979 that uses
        CTFontManagerCopyAvailableFontFamilyNames. Previously this wasn't
        available on iOS but now it is. This is a performance improvement on
        both platforms, but significantly so on macOS. It also finds more,
        valid, family names.

2018-01-02  Yusuke Suzuki  <utatane.tea@gmail.com>

        Unreviewed, fix GCC warning by using #include
        https://bugs.webkit.org/show_bug.cgi?id=181189

        This file is included in C++ files. Use #include instead of #import to suppress warning in GCC.

        * platform/PromisedBlobInfo.h:

2017-12-28  Yusuke Suzuki  <utatane.tea@gmail.com>

        Remove std::chrono completely
        https://bugs.webkit.org/show_bug.cgi?id=181186

        Reviewed by Alex Christensen.

        Use MonotonicTime, WallTime, and Seconds instead.
        Changes are mechanical ones. But persistent network cache data is changed.
        So we bump the version number of the cache storage.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::removeAllDatabasesForOriginPath):
        (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince):
        (WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins):
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
        * Modules/webdatabase/DatabaseTracker.h:
        * dom/Document.cpp:
        (WebCore::Document::lastModified):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::clearMediaCache):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::clearMediaCache):
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::parseAccessControlMaxAge):
        (WebCore::CrossOriginPreflightResultCacheItem::parse):
        (WebCore::CrossOriginPreflightResultCacheItem::allowsRequest const):
        * loader/CrossOriginPreflightResultCache.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::freshnessLifetime const):
        (WebCore::CachedResource::responseReceived):
        (WebCore::CachedResource::updateResponseAfterRevalidation):
        * loader/cache/CachedResource.h:
        * platform/FileSystem.cpp:
        (WebCore::FileSystem::getFileModificationTime):
        * platform/FileSystem.h:
        * platform/SearchPopupMenu.h:
        * platform/cocoa/SearchPopupMenuCocoa.h:
        * platform/cocoa/SearchPopupMenuCocoa.mm:
        (WebCore::toSystemClockTime):
        (WebCore::toNSDateFromSystemClock):
        (WebCore::removeRecentlyModifiedRecentSearches):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::clearMediaCache):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::clearMediaCache):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::toSystemClockTime):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.h:
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::clearMediaCache):
        * platform/network/CacheValidation.cpp:
        (WebCore::computeCurrentAge):
        (WebCore::computeFreshnessLifetimeForHTTPFamily):
        (WebCore::updateRedirectChainStatus):
        (WebCore::redirectChainAllowsReuse):
        (WebCore::parseCacheControlDirectives):
        * platform/network/CacheValidation.h:
        (WebCore::RedirectChainCacheStatus::RedirectChainCacheStatus):
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseHTTPDate):
        * platform/network/HTTPParsers.h:
        * platform/network/PlatformCookieJar.h:
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::cacheControlMaxAge const):
        (WebCore::parseDateValueInHeader):
        (WebCore::ResourceResponseBase::date const):
        (WebCore::ResourceResponseBase::age const):
        (WebCore::ResourceResponseBase::expires const):
        (WebCore::ResourceResponseBase::lastModified const):
        * platform/network/ResourceResponseBase.h:
        * platform/network/cf/CookieJarCFNet.cpp:
        (WebCore::deleteAllCookiesModifiedSince):
        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::CookieJarCurlFileSystem::deleteAllCookiesModifiedSince):
        (WebCore::deleteAllCookiesModifiedSince):
        * platform/network/curl/CookieJarCurl.h:
        * platform/network/curl/CurlCacheEntry.cpp:
        (WebCore::CurlCacheEntry::CurlCacheEntry):
        (WebCore::CurlCacheEntry::isCached):
        (WebCore::CurlCacheEntry::parseResponseHeaders):
        * platform/network/curl/CurlCacheEntry.h:
        * platform/network/mac/CookieJarMac.mm:
        (WebCore::deleteAllCookiesModifiedSince):
        * platform/network/soup/CookieJarSoup.cpp:
        (WebCore::deleteAllCookiesModifiedSince):
        * platform/win/SearchPopupMenuWin.cpp:
        (WebCore::SearchPopupMenuWin::loadRecentSearches):
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::addSearchResult):

2018-01-02  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Introduce data structures and IPC support for writing promised blobs
        https://bugs.webkit.org/show_bug.cgi?id=181189

        Reviewed by Tim Horton.

        Introduces a new header containing structs to be used for writing blob data when dragging. PromisedBlobInfo
        represents information needed to declare data on the pasteboard that will eventually be provided via a Blob.
        This includes the type and filename of the Blob-backed content. PromisedBlobData represents information needed
        to actually deliver the Blob's content to the platform, and is sent some time after its corresponding
        PromisedBlobInfo. The content may either be in the form of a file path (as is the case using the previous
        declareAndWriteAttachment codepath) or a data buffer (which we would use if the Blob is not already backed by a
        file on disk).

        No new tests, since there is no observable change in functionality yet.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/PromisedBlobInfo.h: Added.
        (WebCore::PromisedBlobInfo::operator bool const):
        (WebCore::PromisedBlobData::hasData const):
        (WebCore::PromisedBlobData::hasFile const):
        (WebCore::PromisedBlobData::operator bool const):
        (WebCore::PromisedBlobData::fulfills const):

2018-01-02  Brady Eidson  <beidson@apple.com>

        Make MessagePortChannel::takeAllMessagesFromRemote asynchronous.
        https://bugs.webkit.org/show_bug.cgi?id=181205

        Reviewed by Alex Christensen.

        No new tests (No behavior change)

        This is needed for the ongoing WK2 MessagePort work.

        For WK1 in-process MessagePorts it is still synchronous; no behavior change.

        * dom/InProcessMessagePortChannel.cpp:
        (WebCore::InProcessMessagePortChannel::takeAllMessagesFromRemote):
        * dom/InProcessMessagePortChannel.h:

        * dom/MessagePort.cpp:
        (WebCore::MessagePort::dispatchMessages):
        * dom/MessagePortChannel.h:

2018-01-02  Jiewen Tan  <jiewen_tan@apple.com>

        Add a WebAuthentication runtime feature flag
        https://bugs.webkit.org/show_bug.cgi?id=181220
        <rdar://problem/36055305>

        Reviewed by Brent Fulgham.

        This patch basically renames the CredentialManagement runtime feature flag into
        WebAuthentication runtime feature flag.

        No tests.

        * Modules/credentialmanagement/BasicCredential.idl:
        * Modules/credentialmanagement/CredentialsContainer.idl:
        * Modules/credentialmanagement/NavigatorCredentials.idl:
        * Modules/webauthn/PublicKeyCredential.idl:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setWebAuthenticationEnabled):
        (WebCore::RuntimeEnabledFeatures::webAuthenticationEnabled const):
        (WebCore::RuntimeEnabledFeatures::setCredentialManagementEnabled): Deleted.
        (WebCore::RuntimeEnabledFeatures::credentialManagementEnabled const): Deleted.

2018-01-02  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Don't Blob-convert images and attachments with https:, http: or data: urls
        https://bugs.webkit.org/show_bug.cgi?id=181143
        <rdar://problem/36200381>

        Reviewed by Tim Horton.

        Clients such as Mail would expect pasting or dropping an image with src="https://..." to result in the source
        URL being preserved (i.e. staying as remote images) instead of creating image attachments out of them. This
        patch hooks into the shouldConvertToBlob() check added in r226272 so that it applies to attachment element
        replacement as well.

        Test: WKAttachmentTests.DoNotInsertDataURLImagesAsAttachments

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::shouldConvertToBlob):
        (WebCore::replaceRichContentWithAttachments):

2018-01-02  Brady Eidson  <beidson@apple.com>

        Identify MessagePorts by a globally unique MessagePortIdentifier.
        https://bugs.webkit.org/show_bug.cgi?id=181172

        Reviewed by Alex Christensen.

        No new tests (Behavior change covered by all existing tests).

        This cleans up the abstract MessagePortChannel interface to be in terms of identifiers
        instead of actual MessagePort objects.
        
        The identifiers are compounded with the current ProcessIdentifier meaning they are global
        across all processes for the running UI process, enabling easy cross-process communication.
        
        (Actual cross-process communication comes in a followup)
        
        * WebCore.xcodeproj/project.pbxproj:
        
        * dom/InProcessMessagePortChannel.cpp:
        (WebCore::InProcessMessagePortChannel::createChannelBetweenPorts):
        (WebCore::InProcessMessagePortChannel::isConnectedTo):
        (WebCore::InProcessMessagePortChannel::entangleWithRemoteIfOpen):
        (WebCore::InProcessMessagePortChannel::entangleIfOpen): Deleted.
        * dom/InProcessMessagePortChannel.h:
        
        * dom/MessageChannel.cpp:
        (WebCore::MessageChannel::MessageChannel):
        (WebCore::m_port2):
        
        * dom/MessagePort.cpp:
        (WebCore::allMessagePortsLock):
        (WebCore::MessagePort::ref const):
        (WebCore::MessagePort::deref const):
        (WebCore::MessagePort::existingMessagePortForIdentifier):
        (WebCore::MessagePort::MessagePort):
        (WebCore::MessagePort::~MessagePort):
        (WebCore::MessagePort::postMessage):
        (WebCore::MessagePort::entangleWithRemote):
        (WebCore::MessagePort::entanglePorts):
        (WebCore::MessagePort::entangle): Deleted.
        * dom/MessagePort.h:
        
        * dom/MessagePortChannel.h:
        
        * dom/MessagePortIdentifier.h: Added.
        (WebCore::operator==):
        (WebCore::MessagePortIdentifier::encode const):
        (WebCore::MessagePortIdentifier::decode):
        (WebCore::MessagePortIdentifier::hash const):
        (WTF::MessagePortIdentifierHash::hash):
        (WTF::MessagePortIdentifierHash::equal):
        (WTF::HashTraits<WebCore::MessagePortIdentifier>::emptyValue):
        (WTF::HashTraits<WebCore::MessagePortIdentifier>::constructDeletedValue):
        (WTF::HashTraits<WebCore::MessagePortIdentifier>::isDeletedValue):

2018-01-02  Youenn Fablet  <youenn@apple.com>

        Memory cache should not reuse resources with different credential fetch option
        https://bugs.webkit.org/show_bug.cgi?id=181212

        Reviewed by Alex Christensen.

        Covered by rebased test.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::determineRevalidationPolicy const):

2018-01-02  Jiewen Tan  <jiewen_tan@apple.com>

        Update Credential Management API for WebAuthentication
        https://bugs.webkit.org/show_bug.cgi?id=181082
        <rdar://problem/36055239>

        Reviewed by Brent Fulgham.

        Part 2/2

        This patch implements Core API from Credential Management API: https://www.w3.org/TR/credential-management-1/#core.
        which is required by WebAuthN. It also sets the CredentialManagement runtime flag to enable testing. Note that it
        introduces a dummy PublicKeyCredential interface for testing functionalities of the Credential interface, which
        cannot be instantiated.

        Tests: http/wpt/credential-management/credentialscontainer-create-basics.https.html
               http/wpt/credential-management/credentialscontainer-get-basics.https.html
               http/wpt/credential-management/credentialscontainer-preventSilentAccess-basics.https.html
               http/wpt/credential-management/idl.https.html

        * CMakeLists.txt:
        * DerivedSources.make:
        * Modules/credentialmanagement/BasicCredential.cpp:
        (WebCore::BasicCredential::BasicCredential):
        (WebCore::BasicCredential::type const):
        * Modules/credentialmanagement/BasicCredential.h:
        (WebCore::BasicCredential::discovery const):
        * Modules/credentialmanagement/BasicCredential.idl:
        * Modules/credentialmanagement/CredentialCreationOptions.h:
        * Modules/credentialmanagement/CredentialCreationOptions.idl:
        * Modules/credentialmanagement/CredentialRequestOptions.h:
        * Modules/credentialmanagement/CredentialRequestOptions.idl:
        * Modules/credentialmanagement/CredentialsContainer.cpp:
        (WebCore::CredentialsContainer::CredentialsContainer):
        (WebCore::CredentialsContainer::isSameOriginWithItsAncestors):
        (WebCore::CredentialsContainer::dispatchTask):
        (WebCore::CredentialsContainer::get):
        (WebCore::CredentialsContainer::store):
        (WebCore::CredentialsContainer::isCreate):
        (WebCore::CredentialsContainer::preventSilentAccess):
        * Modules/credentialmanagement/CredentialsContainer.h:
        (WebCore::CredentialsContainer::create):
        (WebCore::CredentialsContainer::CredentialsContainer): Deleted.
        * Modules/credentialmanagement/CredentialsContainer.idl:
        * Modules/credentialmanagement/NavigatorCredentials.cpp:
        (WebCore::NavigatorCredentials::credentials):
        * Modules/credentialmanagement/NavigatorCredentials.h:
        * Modules/credentialmanagement/NavigatorCredentials.idl:
        * Modules/webauthn/PublicKeyCredential.cpp: Copied from Source/WebCore/Modules/credentialmanagement/BasicCredential.cpp.
        (WebCore::PublicKeyCredential::PublicKeyCredential):
        (WebCore::PublicKeyCredential::collectFromCredentialStore):
        (WebCore::PublicKeyCredential::discoverFromExternalSource):
        (WebCore::PublicKeyCredential::store):
        (WebCore::PublicKeyCredential::create):
        * Modules/webauthn/PublicKeyCredential.h: Copied from Source/WebCore/Modules/credentialmanagement/BasicCredential.cpp.
        * Modules/webauthn/PublicKeyCredential.idl: Copied from Source/WebCore/Modules/credentialmanagement/BasicCredential.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * page/RuntimeEnabledFeatures.h:

2018-01-02  Oleksandr Skachkov  <gskachkov@gmail.com>

        WebAssembly: sending module to iframe fails
        https://bugs.webkit.org/show_bug.cgi?id=179263

        Reviewed by JF Bastien.

        Allow use WebAssembly.Module as input parameters for postMessage 
        in window and iframe object. To prevent sending message to iframe
        that is not ready, in iframe-* test we are waiting message from
        iframe only after that we send message to it.   

        Tests: wasm/iframe-parent-postmessage.html
               wasm/iframe-postmessage.html
               wasm/window-postmessage.html

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpIfTerminal):
        * bindings/js/SerializedScriptValue.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::postMessage):

== Rolled over to ChangeLog-2018-01-01 ==