2020-06-16 Russell Epstein Cherry-pick r263129. rdar://problem/64428805 FileListCreator should only be used for resolving directories https://bugs.webkit.org/show_bug.cgi?id=213259 Reviewed by David Kilzer. Depending on whether directories should be resolved, FileListCreator::create would either synchronously execute its completion handler then return nullptr or asynchronously dispatch its completion handler then return a non-null RefPtr. Interfaces with sometimes-synchronous callbacks can be hard to use correctly; e.g., r262962 fixes a problem where FileInputType::m_fileListCreator was being modified in an unexpected order. This patch makes the interface between FileInputType and FileListCreator less error-prone and more explicit by renaming FileListCreator to DirectoryFileListCreator, making its job solely to create directory FileLists on a background queue, and giving it an explicit start member function. For non-directories, FileInputType::filesChosen now bypasses DirectoryFileListCreator and directly converts from Vector to FileList. Covered by existing tests. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * html/DirectoryFileListCreator.cpp: Renamed from html/FileListCreator.cpp. (WebCore::createFileList): Removed the template and ShouldResolveDirectories parameter. (WebCore::DirectoryFileListCreator::DirectoryFileListCreator): Moved the work queue dispatching to DirectoryFileListCreator::start. (WebCore::DirectoryFileListCreator::start): Added; moved the work queue dispatching here from the ctor. * html/DirectoryFileListCreator.h: Renamed from html/FileListCreator.h. (WebCore::DirectoryFileListCreator::create): Stopped performing non-directory creation and changed the return value back to Ref<>. * html/FileInputType.cpp: (WebCore::FileInputType::filesChosen): Moved most of the work done in the FileListCreator completion handler to didCreateFileList. When !FileInputType::allowsDirectories, used Vector::map to convert paths to a Vector>, used that to create a FileList, then called didCreateFileList. Otherwise, created and started a DirectoryFileListCreator that calls didCreateFileList in its completion handler. (WebCore::FileInputType::didCreateFileList): Added; sets the new file list and icon and clears m_directoryFileListCreator. * html/FileInputType.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@263129 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-16 Andy Estes FileListCreator should only be used for resolving directories https://bugs.webkit.org/show_bug.cgi?id=213259 Reviewed by David Kilzer. Depending on whether directories should be resolved, FileListCreator::create would either synchronously execute its completion handler then return nullptr or asynchronously dispatch its completion handler then return a non-null RefPtr. Interfaces with sometimes-synchronous callbacks can be hard to use correctly; e.g., r262962 fixes a problem where FileInputType::m_fileListCreator was being modified in an unexpected order. This patch makes the interface between FileInputType and FileListCreator less error-prone and more explicit by renaming FileListCreator to DirectoryFileListCreator, making its job solely to create directory FileLists on a background queue, and giving it an explicit start member function. For non-directories, FileInputType::filesChosen now bypasses DirectoryFileListCreator and directly converts from Vector to FileList. Covered by existing tests. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * html/DirectoryFileListCreator.cpp: Renamed from html/FileListCreator.cpp. (WebCore::createFileList): Removed the template and ShouldResolveDirectories parameter. (WebCore::DirectoryFileListCreator::DirectoryFileListCreator): Moved the work queue dispatching to DirectoryFileListCreator::start. (WebCore::DirectoryFileListCreator::start): Added; moved the work queue dispatching here from the ctor. * html/DirectoryFileListCreator.h: Renamed from html/FileListCreator.h. (WebCore::DirectoryFileListCreator::create): Stopped performing non-directory creation and changed the return value back to Ref<>. * html/FileInputType.cpp: (WebCore::FileInputType::filesChosen): Moved most of the work done in the FileListCreator completion handler to didCreateFileList. When !FileInputType::allowsDirectories, used Vector::map to convert paths to a Vector>, used that to create a FileList, then called didCreateFileList. Otherwise, created and started a DirectoryFileListCreator that calls didCreateFileList in its completion handler. (WebCore::FileInputType::didCreateFileList): Added; sets the new file list and icon and clears m_directoryFileListCreator. * html/FileInputType.h: 2020-06-16 Russell Epstein Cherry-pick r262739. rdar://problem/64413138 Use usual promise in readableStreamTee https://bugs.webkit.org/show_bug.cgi?id=212715 Reviewed by Mark Lam. The spec[1] is organized to be OK to use usual promises here. This patch uses usual promises instead of internal ones. [1]: https://streams.spec.whatwg.org/#readable-stream-tee * Modules/streams/ReadableStreamInternals.js: (readableStreamTee): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262739 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-08 Yusuke Suzuki Use usual promise in readableStreamTee https://bugs.webkit.org/show_bug.cgi?id=212715 Reviewed by Mark Lam. The spec[1] is organized to be OK to use usual promises here. This patch uses usual promises instead of internal ones. [1]: https://streams.spec.whatwg.org/#readable-stream-tee * Modules/streams/ReadableStreamInternals.js: (readableStreamTee): 2020-06-16 Russell Epstein Cherry-pick r263092. rdar://problem/64412673 O(n^2) behavior in media query resolution https://bugs.webkit.org/show_bug.cgi?id=213243 Reviewed by Anders Carlsson. We were traversing all rules in a RuleSet inside a loop over all media queries that change value. This becomes problematic when you have thousands of media queries. * style/RuleSet.cpp: (WebCore::Style::RuleSet::evaluteDynamicMediaQueryRules): Instead collect the rule positions that need flipping into a map and then traverse only once to do the actual flipping. Longer term we should maintain a data stucture that can map directly from a position to RuleDatas. This will require some data structure rethink so this patch takes a simpler approach. (WebCore::Style::RuleSet::MediaQueryCollector::pop): * style/RuleSet.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@263092 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-16 Antti Koivisto O(n^2) behavior in media query resolution https://bugs.webkit.org/show_bug.cgi?id=213243 Reviewed by Anders Carlsson. We were traversing all rules in a RuleSet inside a loop over all media queries that change value. This becomes problematic when you have thousands of media queries. * style/RuleSet.cpp: (WebCore::Style::RuleSet::evaluteDynamicMediaQueryRules): Instead collect the rule positions that need flipping into a map and then traverse only once to do the actual flipping. Longer term we should maintain a data stucture that can map directly from a position to RuleDatas. This will require some data structure rethink so this patch takes a simpler approach. (WebCore::Style::RuleSet::MediaQueryCollector::pop): * style/RuleSet.h: 2020-06-16 Russell Epstein Cherry-pick r262594. rdar://problem/64413274 HTMLAppletElement::updateWidget should check for renderer after the overlapping test. https://bugs.webkit.org/show_bug.cgi?id=212789 Reviewed by Simon Fraser. createJavaAppletWidget needs to check if the plugin(replacement) is obscured. Since the overlapping test requires up-to-date geometry, it initiates a top level style recalc/layout. We need to check if the apple element still has a renderer after the style recalc. * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::updateWidget): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262594 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-04 Zalan Bujtas HTMLAppletElement::updateWidget should check for renderer after the overlapping test. https://bugs.webkit.org/show_bug.cgi?id=212789 Reviewed by Simon Fraser. createJavaAppletWidget needs to check if the plugin(replacement) is obscured. Since the overlapping test requires up-to-date geometry, it initiates a top level style recalc/layout. We need to check if the apple element still has a renderer after the style recalc. * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::updateWidget): 2020-06-16 Russell Epstein Cherry-pick r262540. rdar://problem/64413268 Reset fragment line info when the relatively positioned inline box becomes static with block child. https://bugs.webkit.org/show_bug.cgi?id=212724 Reviewed by Simon Fraser. adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded was missing the case when the block container was inside an inline box. It happens when the inline box is relatively positioned while the child block box is absolutely positioned. RenderFragmentedFlow keeps track of the associated root lineboxes in m_lineToFragmentMap. In adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded, when the block is no longer part of the fragment we remove these cached lineboxes from the m_lineToFragmentMap. This patch fixes the case when the cached lineboxes are generated by a child block box. * rendering/RenderElement.cpp: (WebCore::RenderElement::adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262540 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-04 Zalan Bujtas Reset fragment line info when the relatively positioned inline box becomes static with block child. https://bugs.webkit.org/show_bug.cgi?id=212724 Reviewed by Simon Fraser. adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded was missing the case when the block container was inside an inline box. It happens when the inline box is relatively positioned while the child block box is absolutely positioned. RenderFragmentedFlow keeps track of the associated root lineboxes in m_lineToFragmentMap. In adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded, when the block is no longer part of the fragment we remove these cached lineboxes from the m_lineToFragmentMap. This patch fixes the case when the cached lineboxes are generated by a child block box. * rendering/RenderElement.cpp: (WebCore::RenderElement::adjustFragmentedFlowStateOnContainingBlockChangeIfNeeded): 2020-06-15 Russell Epstein Cherry-pick r262962. rdar://problem/64316002 FileInputType should use WeakPtr for FileListCreator lambdas https://bugs.webkit.org/show_bug.cgi?id=213130 Reviewed by David Kilzer. FileInputType::filesChosen was passing a completion handler to FileListCreator::create that captured |this|. If the FileListCreator instance still existed when |this| was destroyed, FileInputType::~FileInputType would clear the captured |this| by calling FileListCreator::clear. This can be simplified by having the FileListCreator completion handler capture a WeakPtr to |this|. Also, when FileInputType::allowsDirectories is false, m_fileListCreator would not be properly cleared after creating the file list. The FileListCreator completion handler would set m_fileListCreator to nullptr, but would be executed *before* FileListCreator::create returned and set m_fileListCreator to the newly-created FileListCreator object. Fixed this by having FileListCreator::create execute the completion handler immediately and return nullptr in cases where a FileListCreator does not need to be created for directory resolution. Covered by existing tests. * html/FileInputType.cpp: (WebCore::FileInputType::~FileInputType): (WebCore::FileInputType::filesChosen): * html/FileInputType.h: * html/FileListCreator.cpp: (WebCore::createFileList): (WebCore::FileListCreator::create): (WebCore::FileListCreator::FileListCreator): (WebCore::FileListCreator::createFileList): * html/FileListCreator.h: (WebCore::FileListCreator::create): Deleted. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262962 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-12 Andy Estes FileInputType should use WeakPtr for FileListCreator lambdas https://bugs.webkit.org/show_bug.cgi?id=213130 Reviewed by David Kilzer. FileInputType::filesChosen was passing a completion handler to FileListCreator::create that captured |this|. If the FileListCreator instance still existed when |this| was destroyed, FileInputType::~FileInputType would clear the captured |this| by calling FileListCreator::clear. This can be simplified by having the FileListCreator completion handler capture a WeakPtr to |this|. Also, when FileInputType::allowsDirectories is false, m_fileListCreator would not be properly cleared after creating the file list. The FileListCreator completion handler would set m_fileListCreator to nullptr, but would be executed *before* FileListCreator::create returned and set m_fileListCreator to the newly-created FileListCreator object. Fixed this by having FileListCreator::create execute the completion handler immediately and return nullptr in cases where a FileListCreator does not need to be created for directory resolution. Covered by existing tests. * html/FileInputType.cpp: (WebCore::FileInputType::~FileInputType): (WebCore::FileInputType::filesChosen): * html/FileInputType.h: * html/FileListCreator.cpp: (WebCore::createFileList): (WebCore::FileListCreator::create): (WebCore::FileListCreator::FileListCreator): (WebCore::FileListCreator::createFileList): * html/FileListCreator.h: (WebCore::FileListCreator::create): Deleted. 2020-06-15 Russell Epstein Cherry-pick r262918. rdar://problem/64315999 [iOS] nullptr deref in FileInputType::iconLoaded when the input's type attribute is modified by a change event listener https://bugs.webkit.org/show_bug.cgi?id=208244 Reviewed by Wenson Hsieh. Source/WebCore: When an element's type attribute changes, its existing InputType is detached from the HTMLInputElement by nulling InputType::m_element. When FileInputType::filesChosen is called, it dispatches the input and change events, which can run arbitrary JavaScript that might modify the element's type attribute. If this happens, FileInputType::m_element will be null after returning from FileInputType::setFiles and if there is an icon will be dereferenced by FileInputType::iconLoaded. Fixed this by checking for a non-null m_element before calling iconLoaded. While here, also fixed a bug where we sometimes checked the length of m_fileList before FileListCreator had finished setting m_fileList. This bug resulted in missing file icons whenever an had the webkitdirectory attribute. Tests: fast/forms/file/file-input-type-detached-on-change.html fast/forms/file/file-input-webkitdirectory-icon.html * html/FileInputType.cpp: (WebCore::FileInputType::filesChosen): Tools: * DumpRenderTree/TestRunner.cpp: (SetOpenPanelFilesMediaIconCallback): (TestRunner::staticFunctions): * WebKitTestRunner/InjectedBundle/TestRunner.cpp: (WTR::TestRunner::setOpenPanelFilesMediaIcon): LayoutTests: * fast/forms/file/file-input-type-detached-on-change-expected.txt: Added. * fast/forms/file/file-input-type-detached-on-change.html: Added. * fast/forms/file/file-input-webkitdirectory-icon-expected.html: Added. * fast/forms/file/file-input-webkitdirectory-icon.html: Added. * fast/forms/file/file-reset-in-change-using-open-panel-with-icon.html: * fast/forms/file/open-file-panel-crash.html: * fast/forms/file/resources/file-icon-bytes.js: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262918 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-11 Andy Estes [iOS] nullptr deref in FileInputType::iconLoaded when the input's type attribute is modified by a change event listener https://bugs.webkit.org/show_bug.cgi?id=208244 Reviewed by Wenson Hsieh. When an element's type attribute changes, its existing InputType is detached from the HTMLInputElement by nulling InputType::m_element. When FileInputType::filesChosen is called, it dispatches the input and change events, which can run arbitrary JavaScript that might modify the element's type attribute. If this happens, FileInputType::m_element will be null after returning from FileInputType::setFiles and if there is an icon will be dereferenced by FileInputType::iconLoaded. Fixed this by checking for a non-null m_element before calling iconLoaded. While here, also fixed a bug where we sometimes checked the length of m_fileList before FileListCreator had finished setting m_fileList. This bug resulted in missing file icons whenever an had the webkitdirectory attribute. Tests: fast/forms/file/file-input-type-detached-on-change.html fast/forms/file/file-input-webkitdirectory-icon.html * html/FileInputType.cpp: (WebCore::FileInputType::filesChosen): 2020-06-12 Alan Coon Cherry-pick r262978. rdar://problem/64315997 Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache https://bugs.webkit.org/show_bug.cgi?id=213147 Reviewed by Geoffrey Garen. Source/WebCore: Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache. This is a revert of r250437 due to push back from Web developers. No new tests, updated existing tests. * history/BackForwardCache.cpp: (WebCore::canCacheFrame): LayoutTests: Update layout test coverage. * http/tests/navigation/https-in-page-cache-expected.txt: * http/tests/navigation/resources/https-in-page-cache-1.php: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262978 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-12 Chris Dumez Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache https://bugs.webkit.org/show_bug.cgi?id=213147 Reviewed by Geoffrey Garen. Stop allowing pages served over HTTPS with "Cache-Control: no-store" into the back/forward cache. This is a revert of r250437 due to push back from Web developers. No new tests, updated existing tests. * history/BackForwardCache.cpp: (WebCore::canCacheFrame): 2020-06-12 Alan Coon Cherry-pick r262707. rdar://problem/64226888 File URLs with hostnames are misleading https://bugs.webkit.org/show_bug.cgi?id=212739 Reviewed by Alex Christensen. Source/WebCore: Showing a file URL like file://example.org/test is misleading to users. To prevent this, we just do a redirection to the same file URL with an empty host. Remove the port at the same time. Covered by added API test. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Tools: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html: Added. * TestWebKitAPI/Tests/WebKitCocoa/OpenAndCloseWindow.mm: (TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262707 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-08 Youenn Fablet File URLs with hostnames are misleading https://bugs.webkit.org/show_bug.cgi?id=212739 Reviewed by Alex Christensen. Showing a file URL like file://example.org/test is misleading to users. To prevent this, we just do a redirection to the same file URL with an empty host. Remove the port at the same time. Covered by added API test. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): 2020-06-11 Alan Coon Cherry-pick r261217. rdar://problem/62978240 Fix animation ordering to make imported/w3c/web-platform-tests/css/css-animations/Element-getAnimations.tentative.html pass https://bugs.webkit.org/show_bug.cgi?id=211468 Reviewed by David Kilzer. LayoutTests/imported/w3c: Mark the final two failures in imported/w3c/web-platform-tests/css/css-animations/Element-getAnimations.tentative.html as PASS. * web-platform-tests/css/css-animations/Element-getAnimations.tentative-expected.txt: Source/WebCore: The "Animation composite order" section of the CSS Animations Level 2 specification (https://drafts.csswg.org/css-animations-2/#animation-composite-order) defines the relative composite order of animations. We bake this into compareAnimationsByCompositeOrder(), but this function would not yield consistent results if it is called in a non-stable sort, because if both CSSAnimation objects passed to this function have the same backing Animation object, they would not return the same value if passed in a different order. The Web Animations spec always ensures that procedures that sort using the composite order are called as part of a stable sort. So we change all call sites to use std::stable_sort and add an assertion in case we have two CSSAnimation objects with the same backing Animation objects to catch cases like this in the future. Finally, since we already know only relevant animations can find their way into the output of Document::getAnimations(), we also ensure we iterate over m_animations (which holds only relevant animations) rather than m_allAnimations (which may not). * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::getAnimations const): * animation/KeyframeEffectStack.cpp: (WebCore::KeyframeEffectStack::ensureEffectsAreSorted): * animation/WebAnimationUtilities.cpp: (WebCore::compareAnimationsByCompositeOrder): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@261217 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-05-05 Antoine Quint Fix animation ordering to make imported/w3c/web-platform-tests/css/css-animations/Element-getAnimations.tentative.html pass https://bugs.webkit.org/show_bug.cgi?id=211468 Reviewed by David Kilzer. The "Animation composite order" section of the CSS Animations Level 2 specification (https://drafts.csswg.org/css-animations-2/#animation-composite-order) defines the relative composite order of animations. We bake this into compareAnimationsByCompositeOrder(), but this function would not yield consistent results if it is called in a non-stable sort, because if both CSSAnimation objects passed to this function have the same backing Animation object, they would not return the same value if passed in a different order. The Web Animations spec always ensures that procedures that sort using the composite order are called as part of a stable sort. So we change all call sites to use std::stable_sort and add an assertion in case we have two CSSAnimation objects with the same backing Animation objects to catch cases like this in the future. Finally, since we already know only relevant animations can find their way into the output of Document::getAnimations(), we also ensure we iterate over m_animations (which holds only relevant animations) rather than m_allAnimations (which may not). * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::getAnimations const): * animation/KeyframeEffectStack.cpp: (WebCore::KeyframeEffectStack::ensureEffectsAreSorted): * animation/WebAnimationUtilities.cpp: (WebCore::compareAnimationsByCompositeOrder): 2020-06-10 Alan Coon Cherry-pick r262870. rdar://problem/64232759 Improve CSP compliance under PSON https://bugs.webkit.org/show_bug.cgi?id=212995 Reviewed by Chris Dumez. LayoutTests/imported/w3c: Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action. * web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt: Source/WebCore: Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html The form submission logic was only considering CSP if the form action was a JavaScript URL. This is incorrect, as CSP might apply to any URL. This is also covered by the existing form-action CSP tests. * loader/FrameLoader.cpp: (WebCore::FrameLoader::submitForm): All URLs should be evaluted for compliance with CSP. LayoutTests: Add a new test to confirm that CSP rules are honored for form-action operations during process swap. This also rebaselines an existing test, since CSP is now checked before any navigations performed by a form action. * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined. * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt. * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262870 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-10 Brent Fulgham Improve CSP compliance under PSON https://bugs.webkit.org/show_bug.cgi?id=212995 Reviewed by Chris Dumez. Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html The form submission logic was only considering CSP if the form action was a JavaScript URL. This is incorrect, as CSP might apply to any URL. This is also covered by the existing form-action CSP tests. * loader/FrameLoader.cpp: (WebCore::FrameLoader::submitForm): All URLs should be evaluted for compliance with CSP. 2020-06-10 Alan Coon Cherry-pick r262841. rdar://problem/64226920 REGRESSION(r262798): fast/mediastream/media-stream-track-interrupted.html is failing https://bugs.webkit.org/show_bug.cgi?id=213011 Reviewed by Eric Carlson. Source/WebCore: Before the patch, a source that is muted and for which its observers get ended will not be ended. This is a potential issue as the source can get unmuted, in which case, the audio shared unit might be asked to restart. This is crashing in debug as we would not have the AudioSession correct category for audio capture. Test: fast/mediastream/track-ended-while-muted.html Also covered by fast/mediastream/media-stream-track-interrupted.html no longer flakily crashing in debug. * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::requestToEnd): End the source even if muted. * platform/mediastream/RealtimeMediaSource.h: * testing/Internals.cpp: (WebCore::Internals::isMediaStreamSourceEnded const): * testing/Internals.h: * testing/Internals.idl: Add necessary test infrastructure. LayoutTests: * fast/mediastream/track-ended-while-muted-expected.txt: Added. * fast/mediastream/track-ended-while-muted.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262841 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-06-10 Youenn Fablet REGRESSION(r262798): fast/mediastream/media-stream-track-interrupted.html is failing https://bugs.webkit.org/show_bug.cgi?id=213011 Reviewed by Eric Carlson. Before the patch, a source that is muted and for which its observers get ended will not be ended. This is a potential issue as the source can get unmuted, in which case, the audio shared unit might be asked to restart. This is crashing in debug as we would not have the AudioSession correct category for audio capture. Test: fast/mediastream/track-ended-while-muted.html Also covered by fast/mediastream/media-stream-track-interrupted.html no longer flakily crashing in debug. * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::requestToEnd): End the source even if muted. * platform/mediastream/RealtimeMediaSource.h: * testing/Internals.cpp: (WebCore::Internals::isMediaStreamSourceEnded const): * testing/Internals.h: * testing/Internals.idl: Add necessary test infrastructure. 2020-06-10 Alan Coon Apply patch. rdar://problem/64226920 2020-06-10 Youenn Fablet BaseAudioSharedUnit should unmute its clients in case of suspension even if not having any audio unit https://bugs.webkit.org/show_bug.cgi?id=212970 CoreAudioCaptureSource(s), when muted, are now calling stopProducingData. This will, in turn, make the BaseAudioSharedUnit stop and no longer have any audio unit. In that case, when resume is called on the BaseAudioSharedUnit, it will exit early as the audio unit is null. This will prevent to unmute the CoreAudioCaptureSource(s). Fix this by removing the audio unit check in BaseAudioSharedUnit::resume. Add infrastructure testing to be able to write a test. Covered by added test. * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/mac/BaseAudioSharedUnit.cpp: (WebCore::BaseAudioSharedUnit::resume): * platform/mediastream/mac/CoreAudioCaptureSource.cpp: (WebCore::CoreAudioCaptureSource::setInterruptedForTesting): * platform/mediastream/mac/CoreAudioCaptureSource.h: * testing/Internals.cpp: (WebCore::Internals::isMediaStreamSourceInterrupted const): * testing/Internals.h: * testing/Internals.idl: 2020-06-09 Dean Jackson REGRESSION: [Safari Mojave for High Sierra] Accessing some of the featured pages on apple.com causes the webpage to crash https://bugs.webkit.org/show_bug.cgi?id=212940 Reviewed by Tim Horton. The code to use the singleton for a SwitchingGPUClient was assuming it has always been set, which was not the case when ENABLE(WEBPROCESS_WINDOWSERVER_BLOCKING) was not true. * platform/graphics/GraphicsContext3DManager.cpp: Check the state of the singleton before calling it. (WebCore::GraphicsContext3DManager::updateHighPerformanceState): (WebCore::GraphicsContext3DManager::disableHighPerformanceGPUTimerFired): * platform/graphics/mac/SwitchingGPUClient.h: Add a method to check if the singleton has been set. (WebCore::SwitchingGPUClient::hasSingleton): 2020-06-06 Andy Estes Unreviewed build fix for platforms where APPLE_PAY_INSTALLMENTS is disabled. * testing/MockPaymentCoordinator.idl: Moved installmentConfiguration to a partial interface. 2020-06-04 Alan Coon Cherry-pick r260142. rdar://problem/63993130 REGRESSION (r258977): Crash under Document::visibilityStateChanged https://bugs.webkit.org/show_bug.cgi?id=210555 Reviewed by Youenn Fablet. Re-introduce null check of page in Document::visibilityStateChanged() which got inadvertently dropped in r258977. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260142 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-15 Chris Dumez REGRESSION (r258977): Crash under Document::visibilityStateChanged https://bugs.webkit.org/show_bug.cgi?id=210555 Reviewed by Youenn Fablet. Re-introduce null check of page in Document::visibilityStateChanged() which got inadvertently dropped in r258977. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): 2020-06-02 Andy Estes Apply patch. rdar://problem/63626670 2020-05-22 Andy Estes [Apple Pay] Add new ApplePayInstallmentConfiguration members https://bugs.webkit.org/show_bug.cgi?id=212160 Reviewed by Alex Christensen. Test: http/tests/ssl/applepay/ApplePayInstallmentItems.https.html * DerivedSources-input.xcfilelist: * DerivedSources-output.xcfilelist: * DerivedSources.make: * SourcesCocoa.txt: * WebCore.xcodeproj/project.pbxproj: Added IDLs, headers, and derived sources for ApplePayInstallment{Item,ItemType,RetailChannel}. * Modules/applepay/ApplePayInstallmentConfiguration.idl: * Modules/applepay/ApplePayInstallmentConfigurationWebCore.h: Added items, applicationMetadata, and retailChannel members. Added missing conditionals to merchantIdentifier and referrerIdentifier. * Modules/applepay/ApplePayInstallmentItem.h: * Modules/applepay/ApplePayInstallmentItem.idl: * Modules/applepay/ApplePayInstallmentItemType.h: * Modules/applepay/ApplePayInstallmentItemType.idl: * Modules/applepay/ApplePayInstallmentRetailChannel.h: * Modules/applepay/ApplePayInstallmentRetailChannel.idl: Added. * Modules/applepay/ApplePayRequestBase.cpp: (WebCore::convertAndValidate): Changed to call PaymentInstallmentConfiguration::create, returning an exception if present. * Modules/applepay/PaymentInstallmentConfiguration.mm: (WebCore::fromDecimalNumber): Allowed for a large maximum number of fractional digits to support formatting high-precision currency and APRs (note that this formatter is only used for test support). (WebCore::applePayItemType): (WebCore::platformItemType): Added to convert between PKInstallmentItemType and ApplePayInstallmentItemType. (WebCore::applePayRetailChannel): (WebCore::platformRetailChannel): Added to convert between PKInstallmentRetailChannel and ApplePayInstallmentRetailChannel. (WebCore::makeNSArrayElement): (WebCore::makeVectorElement): Added to convert between NSArray and Vector. (WebCore::createPlatformConfiguration): Added a parameter for passing in applicationMetadata as an NSDictionary. Set properties on PKPaymentInstallmentConfiguration for new ApplePayInstallmentConfiguration members. (WebCore::PaymentInstallmentConfiguration::create): Added; converts the applicationMetadata JSON string (if present) to an NSDictionary, returning a TypeError if the JSON string does not deserialize to an NSDictionary (as PassKit requires). (WebCore::PaymentInstallmentConfiguration::PaymentInstallmentConfiguration): Added a parameter for passing in applicationMetadata as an NSDictionary. Made private. (WebCore::PaymentInstallmentConfiguration::applePayInstallmentConfiguration const): Set members on ApplePayInstallmentConfiguration for new PKPaymentInstallmentConfiguration properties. * Modules/applepay/PaymentInstallmentConfigurationWebCore.h: 2020-05-20 Russell Epstein Apply patch. rdar://problem/63343507 2020-05-20 Youenn Fablet Video capture does not get unmuted in case of tab switch on iOS https://bugs.webkit.org/show_bug.cgi?id=211509 Reviewed by Eric Carlson. Document is muting the capture video source in case of page being hidden. When unhiding, only the RealtimeVideoSource is unmuted, not the capture video source (AVVideoCaptureSource). Fort that reason, make sure to unmute the capture video source as well as the RealtimeVideoSource. To ensure we validate that the active source is tied to a track of the document, we add RealtimeSource::isSameAs which handles the case of a RealtimeVideoSource wrapping an AVVideoCaptureSource. Covered by updated test and manual testing. * Modules/mediastream/MediaStreamTrack.cpp: (WebCore::MediaStreamTrack::MediaStreamTrack): (WebCore::isSourceCapturingForDocument): (WebCore::MediaStreamTrack::updateCaptureAccordingToMutedState): * Modules/mediastream/MediaStreamTrack.h: * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): * platform/mediastream/RealtimeMediaSource.cpp: * platform/mediastream/RealtimeMediaSource.h: * platform/mediastream/RealtimeMediaSourceCenter.cpp: * platform/mediastream/RealtimeMediaSourceCenter.h: * platform/mediastream/RealtimeMediaSourceFactory.h: * platform/mediastream/RealtimeVideoSource.h: * platform/mediastream/ios/CoreAudioCaptureSourceIOS.mm: * platform/mediastream/mac/CoreAudioCaptureSource.h: * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp: * platform/mock/MockRealtimeMediaSourceCenter.cpp: 2020-05-20 Russell Epstein Apply patch. rdar://problem/63393729 2020-05-20 Youenn Fablet Follow-up fix to https://trac.webkit.org/changeset/261583/webkit rdar://problem/63393729 Add a test to ensure we unregister from the source even if not playing. Test: webrtc/remoteAudio-never-played.html * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp: (WebCore::AudioTrackPrivateMediaStreamCocoa::clear): Make sure to unregister unconditionally to cover the case of a renderer that never plays. 2020-05-19 Russell Epstein Apply patch. rdar://problem/63156096 2020-05-19 Youenn Fablet Sending WebRTC network packets should not go through the main thread https://bugs.webkit.org/show_bug.cgi?id=211291 Reviewed by Eric Carlson. Covered by existing tests. * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp: (WebCore::LibWebRTCProvider::getStaticFactoryAndThreads): * platform/mediastream/libwebrtc/LibWebRTCProvider.h: Add the ability for WebKit LibWebRTCProvider to do some processing on creation of the RTC threads. 2020-05-12 Alan Coon Cherry-pick r259853. rdar://problem/63156090 Bump priority of LibWebRTCAudioModule thread https://bugs.webkit.org/show_bug.cgi?id=210107 Reviewed by Eric Carlson. LibWebRTCAudioModule operates on its own thread and is responsible to generate and push remote audio track data to audio renderers. It does this every 50 milliseconds and any delay in this task will trigger audio crackling. Migrate LibWebRTCAudioModule from a thread based approach to a WorkQueue. This gives cleaner code and allows to set the WorkQueue QOS to QOS::UserInteractive so that it does not get imnterrupted too often. We expect the audio task to be done every 50 ms. If it takes less than 50 ms to dispatch the task and execute, we dispatch a new task with some delay to keep the exact 50ms delay. Otherwise, we dispatch a task without any delay to try recovering as much as we can. Manullay tested on iOS using mock sources on pages rendering multiple audio tracks. This reduces audio crackling a lot but not completely. * platform/mediastream/libwebrtc/LibWebRTCAudioModule.cpp: (WebCore::LibWebRTCAudioModule::LibWebRTCAudioModule): (WebCore::LibWebRTCAudioModule::StartPlayout): (WebCore::LibWebRTCAudioModule::StartPlayoutOnAudioThread): * platform/mediastream/libwebrtc/LibWebRTCAudioModule.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259853 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-10 Youenn Fablet Bump priority of LibWebRTCAudioModule thread https://bugs.webkit.org/show_bug.cgi?id=210107 Reviewed by Eric Carlson. LibWebRTCAudioModule operates on its own thread and is responsible to generate and push remote audio track data to audio renderers. It does this every 50 milliseconds and any delay in this task will trigger audio crackling. Migrate LibWebRTCAudioModule from a thread based approach to a WorkQueue. This gives cleaner code and allows to set the WorkQueue QOS to QOS::UserInteractive so that it does not get imnterrupted too often. We expect the audio task to be done every 50 ms. If it takes less than 50 ms to dispatch the task and execute, we dispatch a new task with some delay to keep the exact 50ms delay. Otherwise, we dispatch a task without any delay to try recovering as much as we can. Manullay tested on iOS using mock sources on pages rendering multiple audio tracks. This reduces audio crackling a lot but not completely. * platform/mediastream/libwebrtc/LibWebRTCAudioModule.cpp: (WebCore::LibWebRTCAudioModule::LibWebRTCAudioModule): (WebCore::LibWebRTCAudioModule::StartPlayout): (WebCore::LibWebRTCAudioModule::StartPlayoutOnAudioThread): * platform/mediastream/libwebrtc/LibWebRTCAudioModule.h: 2020-05-12 Alan Coon Revert r261514. rdar://problem/62978925 2020-05-11 Russell Epstein Apply patch. rdar://problem/62978903 2020-05-11 Youenn Fablet MediaPlayerPrivateMediaStreamAVFObjC should unobserve the tracks from its audio and video track sets https://bugs.webkit.org/show_bug.cgi?id=211444 Test: fast/mediastream/MediaStream-removeTrack-while-playing.html * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): We keep maps of audio and video tracks we are observing. Use these two maps to properly unobserve all tracks at destruction time. While this is not strictly needed since we are using weak pointers, this helps keeping the code healthy. * platform/mediastream/MediaStreamTrackPrivate.cpp: (WebCore::MediaStreamTrackPrivate::forEachObserver): Add a debug ASSERT so that we ensure add/remove observers is done properly. 2020-05-11 Alan Coon Cherry-pick r258991. rdar://problem/62978907 Fix build after https://trac.webkit.org/changeset/258977/webkit https://bugs.webkit.org/show_bug.cgi?id=209545 Unreviewed. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): Add ENABLE(MEDIA_STREAM) compilation flag. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258991 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-25 youenn fablet Fix build after https://trac.webkit.org/changeset/258977/webkit https://bugs.webkit.org/show_bug.cgi?id=209545 Unreviewed. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): Add ENABLE(MEDIA_STREAM) compilation flag. 2020-05-11 Alan Coon Cherry-pick r258977. rdar://problem/62978907 Audio fails to capture stream in WebRTC if AudioSession gets interrupted https://bugs.webkit.org/show_bug.cgi?id=208516 Reviewed by Eric Carlson. In case of page going to hidden, continue calling each capture factory to mute the corresponding sources if needed. In case of page being visible again, reset all tracks according page muted state. This allows restarting tracks that have been muted while page was hidden (video tracks or suspended audio tracks). Since tracks can go to muted when visibility changes, we no longer return early when setting the muted state of a page to the same value. Instead we apply it which ensures we comply with what UIProcess wants. We start removing the concept of a RealtimeMediaSource be interrupted. Instead we use muting of sources. This allows UIProcess or the page to override any muted state, for instance if page goes in foreground again. We update the AudioSharedUnit to allow restarting capture even if suspended. This ensures that we are able to restart capturing even if we do not receive the audio session end of interruption. Also, this notification sometimes takes a long time to happen and we do not want to wait for it when user is interacting with the page. A future refactoring will further remove RealtimeMediaSource interrupted-related code. Manually tested. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): * page/Page.cpp: (WebCore::Page::setMuted): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::isInterrupted const): * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::setInterrupted): (WebCore::RealtimeMediaSource::setMuted): * platform/mediastream/mac/BaseAudioSharedUnit.cpp: (WebCore::BaseAudioSharedUnit::startProducingData): (WebCore::BaseAudioSharedUnit::resume): (WebCore::BaseAudioSharedUnit::suspend): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258977 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-25 Youenn Fablet Audio fails to capture stream in WebRTC if AudioSession gets interrupted https://bugs.webkit.org/show_bug.cgi?id=208516 Reviewed by Eric Carlson. In case of page going to hidden, continue calling each capture factory to mute the corresponding sources if needed. In case of page being visible again, reset all tracks according page muted state. This allows restarting tracks that have been muted while page was hidden (video tracks or suspended audio tracks). Since tracks can go to muted when visibility changes, we no longer return early when setting the muted state of a page to the same value. Instead we apply it which ensures we comply with what UIProcess wants. We start removing the concept of a RealtimeMediaSource be interrupted. Instead we use muting of sources. This allows UIProcess or the page to override any muted state, for instance if page goes in foreground again. We update the AudioSharedUnit to allow restarting capture even if suspended. This ensures that we are able to restart capturing even if we do not receive the audio session end of interruption. Also, this notification sometimes takes a long time to happen and we do not want to wait for it when user is interacting with the page. A future refactoring will further remove RealtimeMediaSource interrupted-related code. Manually tested. * dom/Document.cpp: (WebCore::Document::visibilityStateChanged): * page/Page.cpp: (WebCore::Page::setMuted): * platform/audio/PlatformMediaSessionManager.h: (WebCore::PlatformMediaSessionManager::isInterrupted const): * platform/mediastream/RealtimeMediaSource.cpp: (WebCore::RealtimeMediaSource::setInterrupted): (WebCore::RealtimeMediaSource::setMuted): * platform/mediastream/mac/BaseAudioSharedUnit.cpp: (WebCore::BaseAudioSharedUnit::startProducingData): (WebCore::BaseAudioSharedUnit::resume): (WebCore::BaseAudioSharedUnit::suspend): 2020-05-07 Russell Epstein Cherry-pick r261208. rdar://problem/62978272 Crash in match_constness::type& WTF::downcast -- ASAN https://bugs.webkit.org/show_bug.cgi?id=211479 Patch by Pinki Gyanchandani on 2020-05-05 Reviewed by Geoffrey Garen. Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property. New test would be added to Internal repository. * css/StyleProperties.cpp: (WebCore::StyleProperties::pageBreakPropertyValue const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@261208 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-05-05 Pinki Gyanchandani Crash in match_constness::type& WTF::downcast -- ASAN https://bugs.webkit.org/show_bug.cgi?id=211479 Reviewed by Geoffrey Garen. Added check to downcast CSSValue to CSSPrimitiveValue, only if valid CSSPrimitveValue is associated with the property. New test would be added to Internal repository. * css/StyleProperties.cpp: (WebCore::StyleProperties::pageBreakPropertyValue const): 2020-05-07 Russell Epstein Cherry-pick r260682. rdar://problem/62978266 [WTF] allThreads registration is racy with allThreads unregistration https://bugs.webkit.org/show_bug.cgi?id=210995 Reviewed by Keith Miller. Source/WebCore: * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::ResourceUsageThread::platformCollectCPUData): Source/WTF: There is a race between registering a thread to allThreads and unregistering a thread from allThreads. 1. Caller: A new thread is created, but not registering it to allThreads yet. 2. Thread: The thread is running. 3. Thread: The thread finishes its execution before the thread is registered into allThreads. 4. Thread: The thread unregisters itself from allThreads. 5. Caller: Registers the new thread to allThreads after it already finished its execution. 6. The thread is never removed from allThreads. This patch adds m_didUnregisterFromAllThreads flag to Thread, and add the thread to allThreads only when this flag is false. Covered by LayoutTests/inspector/cpu-profiler/threads.html. * wtf/Threading.cpp: (WTF::Thread::create): (WTF::Thread::didExit): * wtf/Threading.h: (WTF::Thread::Thread): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260682 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-24 Yusuke Suzuki [WTF] allThreads registration is racy with allThreads unregistration https://bugs.webkit.org/show_bug.cgi?id=210995 Reviewed by Keith Miller. * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::ResourceUsageThread::platformCollectCPUData): 2020-05-07 Russell Epstein Cherry-pick r260598. rdar://problem/62978929 Allow credentials for same-origin css mask images https://bugs.webkit.org/show_bug.cgi?id=210895 Patch by Alex Christensen on 2020-04-23 Reviewed by Brent Fulgham. Source/WebCore: Test: http/tests/security/css-mask-image-credentials.html r230006 went a step too far in restricting what is allowed with css mask images. Basic authentication credentials should be allowed with such requests as they are in Chrome and Firefox. This can be seen by doing run-webkit-httpd then opening http://127.0.0.1:8000/security/css-mask-image-credentials.html In Chrome and Firefox you'll see it forward to a page that has a blue square. In Safari before this change you'll see a yellow square and a basic authentication prompt. In Safari after this change you'll see the same blue square you see in Chrome and Firefox. * style/StylePendingResources.cpp: (WebCore::Style::loadPendingImage): LayoutTests: * http/tests/security/css-mask-image-credentials-expected.html: Added. * http/tests/security/css-mask-image-credentials.html: Added. * http/tests/security/resources/css-mask-image-credentials-2.html: Added. * http/tests/security/resources/image-credential-check.php: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260598 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-23 Alex Christensen Allow credentials for same-origin css mask images https://bugs.webkit.org/show_bug.cgi?id=210895 Reviewed by Brent Fulgham. Test: http/tests/security/css-mask-image-credentials.html r230006 went a step too far in restricting what is allowed with css mask images. Basic authentication credentials should be allowed with such requests as they are in Chrome and Firefox. This can be seen by doing run-webkit-httpd then opening http://127.0.0.1:8000/security/css-mask-image-credentials.html In Chrome and Firefox you'll see it forward to a page that has a blue square. In Safari before this change you'll see a yellow square and a basic authentication prompt. In Safari after this change you'll see the same blue square you see in Chrome and Firefox. * style/StylePendingResources.cpp: (WebCore::Style::loadPendingImage): 2020-05-07 Russell Epstein Cherry-pick r260528. rdar://problem/62978914 REGRESSION (r249160): Deleting newline after pasting text ending in a newline results in a discontinuity https://bugs.webkit.org/show_bug.cgi?id=210677 Reviewed by Zalan Bujtas. Source/WebCore: Test: fast/text/delete-line-break-in-pre.html * rendering/RenderTextLineBoxes.cpp: (WebCore::RenderTextLineBoxes::dirtyRange): r249160 changed InlineTextBox end offset to be consistently first-past-end. The code here that updates lineBreakPos needs to take this into account too. LayoutTests: * fast/text/delete-line-break-in-pre-expected.html: Added. * fast/text/delete-line-break-in-pre.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260528 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-22 Antti Koivisto REGRESSION (r249160): Deleting newline after pasting text ending in a newline results in a discontinuity https://bugs.webkit.org/show_bug.cgi?id=210677 Reviewed by Zalan Bujtas. Test: fast/text/delete-line-break-in-pre.html * rendering/RenderTextLineBoxes.cpp: (WebCore::RenderTextLineBoxes::dirtyRange): r249160 changed InlineTextBox end offset to be consistently first-past-end. The code here that updates lineBreakPos needs to take this into account too. 2020-05-07 Russell Epstein Cherry-pick r260201. rdar://problem/62978925 [macOS] Update ScreenTime as playback state changes https://bugs.webkit.org/show_bug.cgi?id=210518 Reviewed by Eric Carlson. Follow up to r260182; Pass a WeakPtr into our task queue in sessionWillEndPlayback rather than a bare pointer. * platform/audio/cocoa/MediaSessionManagerCocoa.mm: (WebCore::MediaSessionManagerCocoa::sessionWillEndPlayback): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260201 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-16 Jer Noble [macOS] Update ScreenTime as playback state changes https://bugs.webkit.org/show_bug.cgi?id=210518 Reviewed by Eric Carlson. Follow up to r260182; Pass a WeakPtr into our task queue in sessionWillEndPlayback rather than a bare pointer. * platform/audio/cocoa/MediaSessionManagerCocoa.mm: (WebCore::MediaSessionManagerCocoa::sessionWillEndPlayback): 2020-05-07 Russell Epstein Cherry-pick r259877. rdar://problem/62978910 [CSS Shadow Parts] Bad style sharing between sibling elements with different part attributes https://bugs.webkit.org/show_bug.cgi?id=210249 Reviewed by Daniel Bates. Source/WebCore: Style sharing optimization was unconditionally allowed for elements that were styled with part pseudo element. This could lead to miscomputed style. Test case by Justin Fagnani. Test: fast/css/shadow-parts/shadow-part-style-sharing.html * style/StyleSharingResolver.cpp: (WebCore::Style::SharingResolver::canShareStyleWithElement): Only allow style sharing if parts match. LayoutTests: * fast/css/shadow-parts/shadow-part-style-sharing-expected.html: Added. * fast/css/shadow-parts/shadow-part-style-sharing.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259877 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-10 Antti Koivisto [CSS Shadow Parts] Bad style sharing between sibling elements with different part attributes https://bugs.webkit.org/show_bug.cgi?id=210249 Reviewed by Daniel Bates. Style sharing optimization was unconditionally allowed for elements that were styled with part pseudo element. This could lead to miscomputed style. Test case by Justin Fagnani. Test: fast/css/shadow-parts/shadow-part-style-sharing.html * style/StyleSharingResolver.cpp: (WebCore::Style::SharingResolver::canShareStyleWithElement): Only allow style sharing if parts match. 2020-05-07 Russell Epstein Cherry-pick r259611. rdar://problem/62978871 Delete line boxes when moving text renderers between block flows https://bugs.webkit.org/show_bug.cgi?id=210000 Reviewed by Antti Koivisto. After style and/or tree mutation the existing line boxes are destroyed during the subsequent layout. When the text renderer moves between block flows and the destination block flow initiates a different type of line layout, we need to make sure the previous line content is cleaned up properly. * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::layoutSimpleLines): (WebCore::RenderBlockFlow::layoutLFCLines): * rendering/RenderText.cpp: (WebCore::RenderText::removeAndDestroyTextBoxes): (WebCore::RenderText::dirtyLineBoxes): (WebCore::RenderText::deleteLineBoxes): * rendering/RenderText.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259611 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-06 Zalan Bujtas Delete line boxes when moving text renderers between block flows https://bugs.webkit.org/show_bug.cgi?id=210000 Reviewed by Antti Koivisto. After style and/or tree mutation the existing line boxes are destroyed during the subsequent layout. When the text renderer moves between block flows and the destination block flow initiates a different type of line layout, we need to make sure the previous line content is cleaned up properly. * rendering/RenderBlockFlow.cpp: (WebCore::RenderBlockFlow::layoutSimpleLines): (WebCore::RenderBlockFlow::layoutLFCLines): * rendering/RenderText.cpp: (WebCore::RenderText::removeAndDestroyTextBoxes): (WebCore::RenderText::dirtyLineBoxes): (WebCore::RenderText::deleteLineBoxes): * rendering/RenderText.h: 2020-05-07 Russell Epstein Cherry-pick r259525. rdar://problem/62978878 Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr. https://bugs.webkit.org/show_bug.cgi?id=127096 Reviewed by Alex Christensen. ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr. And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller. No new tests, covered by existing test. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadOrRedirectSubframe): (WebCore::SubframeLoader::loadSubframe): * loader/SubframeLoader.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259525 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-03 Jack Lee Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr. https://bugs.webkit.org/show_bug.cgi?id=127096 Reviewed by Alex Christensen. ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr. And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller. No new tests, covered by existing test. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::loadOrRedirectSubframe): (WebCore::SubframeLoader::loadSubframe): * loader/SubframeLoader.h: 2020-05-07 Russell Epstein Cherry-pick r259353. rdar://problem/62978934 Don't use raw pointers in ShadowRoot. https://bugs.webkit.org/show_bug.cgi?id=209843 Reviewed by Brent Fulgham. * dom/Element.cpp: (WebCore::Element::addShadowRoot): * dom/ShadowRoot.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259353 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 Jer Noble Don't use raw pointers in ShadowRoot. https://bugs.webkit.org/show_bug.cgi?id=209843 Reviewed by Brent Fulgham. * dom/Element.cpp: (WebCore::Element::addShadowRoot): * dom/ShadowRoot.h: 2020-05-07 Russell Epstein Cherry-pick r259348. rdar://problem/62978878 Notify accessibility when a node is removed from its ancestor. https://bugs.webkit.org/show_bug.cgi?id=209819 Reviewed by Chris Fleizach. Covered by existing tests in LayoutTests/accessibility. * dom/Node.cpp: (WebCore::Node::removedFromAncestor): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259348 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 Jack Lee Notify accessibility when a node is removed from its ancestor. https://bugs.webkit.org/show_bug.cgi?id=209819 Reviewed by Chris Fleizach. Covered by existing tests in LayoutTests/accessibility. * dom/Node.cpp: (WebCore::Node::removedFromAncestor): 2020-05-07 Russell Epstein Cherry-pick r257929. rdar://problem/62978899 In case an activating service worker is terminated, it should go to activated state https://bugs.webkit.org/show_bug.cgi?id=208440 Reviewed by Chris Dumez. Source/WebCore: Covered by updated test. * workers/service/server/SWServerWorker.cpp: (WebCore::SWServerWorker::setState): As per spec, if an activated service worker is terminated or its activate event is timing out, we should move it to activate state. LayoutTests: * http/wpt/service-workers/service-worker-spinning-activate.https.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257929 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-05 youenn fablet In case an activating service worker is terminated, it should go to activated state https://bugs.webkit.org/show_bug.cgi?id=208440 Reviewed by Chris Dumez. Covered by updated test. * workers/service/server/SWServerWorker.cpp: (WebCore::SWServerWorker::setState): As per spec, if an activated service worker is terminated or its activate event is timing out, we should move it to activate state. 2020-05-07 Alan Coon Cherry-pick r260480. rdar://problem/62977665 Cherry-pick r260301. rdar://problem/62083309 [WebGL] Confirm there are no errors when setting up framebuffers https://bugs.webkit.org/show_bug.cgi?id=210632 Reviewed by Simon Fraser. We're seeing crashes on macOS inside GraphicsContextGL::reshape(). Specifically when we submit work at the end of the function via glFlush. At the moment the cause is a mystery, because we should bail out before then if the multisample renderbuffer was not complete. In the hope that it helps somewhat, add a call to glGetError to double check that there isn't anything horribly wrong before we talk to the GPU. * html/canvas/WebGL2RenderingContext.cpp: (WebCore::WebGL2RenderingContext::WebGL2RenderingContext): If the underlying GCGL context was marked as "LOST" during initialization, skip the rest of our initialization. * html/canvas/WebGLRenderingContext.cpp: Ditto. (WebCore::WebGLRenderingContext::WebGLRenderingContext): * html/canvas/WebGLRenderingContextBase.cpp: Ditto. (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: Check for a GL error during setup and, if there is one, skip directly into a LOST state. (WebCore::GraphicsContext3D::reshape): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260301 268f45cc-cd09-0410-ab3c-d52691b4dbfc git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-609.2.9.1-branch@260480 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-21 Alan Coon Cherry-pick r260301. rdar://problem/62083309 [WebGL] Confirm there are no errors when setting up framebuffers https://bugs.webkit.org/show_bug.cgi?id=210632 Reviewed by Simon Fraser. We're seeing crashes on macOS inside GraphicsContextGL::reshape(). Specifically when we submit work at the end of the function via glFlush. At the moment the cause is a mystery, because we should bail out before then if the multisample renderbuffer was not complete. In the hope that it helps somewhat, add a call to glGetError to double check that there isn't anything horribly wrong before we talk to the GPU. * html/canvas/WebGL2RenderingContext.cpp: (WebCore::WebGL2RenderingContext::WebGL2RenderingContext): If the underlying GCGL context was marked as "LOST" during initialization, skip the rest of our initialization. * html/canvas/WebGLRenderingContext.cpp: Ditto. (WebCore::WebGLRenderingContext::WebGLRenderingContext): * html/canvas/WebGLRenderingContextBase.cpp: Ditto. (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: Check for a GL error during setup and, if there is one, skip directly into a LOST state. (WebCore::GraphicsContext3D::reshape): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260301 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-17 Dean Jackson [WebGL] Confirm there are no errors when setting up framebuffers https://bugs.webkit.org/show_bug.cgi?id=210632 Reviewed by Simon Fraser. We're seeing crashes on macOS inside GraphicsContextGL::reshape(). Specifically when we submit work at the end of the function via glFlush. At the moment the cause is a mystery, because we should bail out before then if the multisample renderbuffer was not complete. In the hope that it helps somewhat, add a call to glGetError to double check that there isn't anything horribly wrong before we talk to the GPU. * html/canvas/WebGL2RenderingContext.cpp: (WebCore::WebGL2RenderingContext::WebGL2RenderingContext): If the underlying GCGL context was marked as "LOST" during initialization, skip the rest of our initialization. * html/canvas/WebGLRenderingContext.cpp: Ditto. (WebCore::WebGLRenderingContext::WebGLRenderingContext): * html/canvas/WebGLRenderingContextBase.cpp: Ditto. (WebCore::WebGLRenderingContextBase::WebGLRenderingContextBase): * platform/graphics/angle/GraphicsContextGLANGLE.cpp: Check for a GL error during setup and, if there is one, skip directly into a LOST state. (WebCore::GraphicsContextGLOpenGL::reshape): * platform/graphics/opengl/GraphicsContextGLOpenGLCommon.cpp: (WebCore::GraphicsContextGLOpenGL::reshape): 2020-04-12 Alan Coon Cherry-pick r259316. rdar://problem/61269751 IndexedDB: destroy WebIDBServer when session is removed in network process https://bugs.webkit.org/show_bug.cgi?id=209606 Reviewed by Geoffrey Garen. Source/WebCore: Rename immediateCloseForUserDelete to immediateClose as we now use it in destructor of IDBServer to make sure everything in database finishes correctly. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::~IDBServer): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins): * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::immediateClose): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: Source/WebKit: Tested manually to verify WebIDBServer is removed and its thread ends when session is removed. * NetworkProcess/IndexedDB/WebIDBServer.cpp: (WebKit::WebIDBServer::~WebIDBServer): (WebKit::WebIDBServer::addConnection): (WebKit::WebIDBServer::removeConnection): (WebKit::WebIDBServer::close): * NetworkProcess/IndexedDB/WebIDBServer.h: * NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::destroySession): (WebKit::NetworkProcess::connectionToWebProcessClosed): Source/WTF: Add function to kill CrossThreadTaskHandler and make thread finish. Also add a callback to be called before thread finishes. * wtf/CrossThreadTaskHandler.cpp: (WTF::CrossThreadTaskHandler::CrossThreadTaskHandler): (WTF::CrossThreadTaskHandler::setCompletionCallback): (WTF::CrossThreadTaskHandler::kill): * wtf/CrossThreadTaskHandler.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259316 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-31 Sihui Liu IndexedDB: destroy WebIDBServer when session is removed in network process https://bugs.webkit.org/show_bug.cgi?id=209606 Reviewed by Geoffrey Garen. Rename immediateCloseForUserDelete to immediateClose as we now use it in destructor of IDBServer to make sure everything in database finishes correctly. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::~IDBServer): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins): * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::immediateClose): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: 2020-04-12 Alan Coon Cherry-pick r257901. rdar://problem/61269751 Remove unused variable m_allUniqueIDBDatabases in IDBServer https://bugs.webkit.org/show_bug.cgi?id=208613 Reviewed by Chris Dumez. * Modules/indexeddb/server/IDBServer.h: (WebCore::IDBServer::IDBServer::addDatabase): Deleted. (WebCore::IDBServer::IDBServer::removeDatabase): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase): (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257901 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-04 Sihui Liu Remove unused variable m_allUniqueIDBDatabases in IDBServer https://bugs.webkit.org/show_bug.cgi?id=208613 Reviewed by Chris Dumez. * Modules/indexeddb/server/IDBServer.h: (WebCore::IDBServer::IDBServer::addDatabase): Deleted. (WebCore::IDBServer::IDBServer::removeDatabase): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase): (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase): 2020-04-10 Alan Coon Cherry-pick r259830. rdar://problem/61596886 REGRESSION: CSS animations inside an embedded SVG image do not animate https://bugs.webkit.org/show_bug.cgi?id=209370 Patch by Said Abou-Hallawa on 2020-04-09 Reviewed by Simon Fraser. Source/WebCore: If WebAnimation is enabled and the SVGImage includes CSS animations, the DocumentTimeline is added to the SVGDocument of the embedded SVGImage. Because the SVGImage has its own Page the RenderingUpdate is scheduled and the updateRendering steps run in this Page. The Page of the SVGImage is inactive such that scheduling RenderingUpdate fails; therefore the updateRendering steps never run and the CSS animation never advances. The fix is: 1) Scheduling the RenderingUpdate: This has to happen in the Page which contains the renderer of the SVGImage. Because DocumentTimeline is added to SVGDocument, this scheduling will go through these hubs: - DocumentTimeline - Page - ChromeClient -> SVGImageChromeClient - SVGImage - ImageObserver -> CachedImageObserver - CachedImage - CachedImageClient -> RenderElement - Page 2) Running the updateRendering steps: Each document in the Page will enumerate its cached SVGImages. The updateRendering of the Page of each SVGImage will be called. To make enumerating the cached SVGImages of a Document faster, the URL of the cached SVGImage will be added to the cachedSVGImagesURLs of CachedResourceLoader when notifyFinished() is called for associated CachedImage. Tests: svg/animations/css-animation-background-svg.html svg/animations/css-animation-embedded-svg.html svg/animations/css-animation-hover-svg.html * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::scheduleAnimationResolution): (WebCore::DocumentTimeline::updateAnimationsAndSendEvents): * html/ImageBitmap.cpp: * loader/cache/CachedImage.cpp: (WebCore::CachedImage::hasSVGImage const): (WebCore::CachedImage::CachedImageObserver::scheduleTimedRenderingUpdate): (WebCore::CachedImage::scheduleTimedRenderingUpdate): * loader/cache/CachedImage.h: * loader/cache/CachedImageClient.h: (WebCore::CachedImageClient::scheduleTimedRenderingUpdate): * loader/cache/CachedResourceLoader.cpp: (WebCore::isSVGImageCachedResource): (WebCore::cachedResourceSVGImage): (WebCore::CachedResourceLoader::notifyFinished): (WebCore:: const): * loader/cache/CachedResourceLoader.h: * page/ChromeClient.h: (WebCore::ChromeClient::scheduleTimedRenderingUpdate): * page/Page.cpp: (WebCore::Page::scheduleTimedRenderingUpdate): (WebCore::Page::updateRendering): * page/Page.h: * platform/graphics/ImageObserver.h: * rendering/RenderElement.cpp: (WebCore::RenderElement::notifyFinished): (WebCore::RenderElement::scheduleTimedRenderingUpdate): * rendering/RenderElement.h: * rendering/RenderImage.cpp: (WebCore::RenderImage::notifyFinished): * svg/graphics/SVGImage.h: * svg/graphics/SVGImageClients.h: LayoutTests: * svg/animations/css-animation-background-svg-expected.html: Added. * svg/animations/css-animation-background-svg.html: Added. * svg/animations/css-animation-embedded-svg-expected.html: Added. * svg/animations/css-animation-embedded-svg.html: Added. * svg/animations/css-animation-hover-svg-expected.html: Added. * svg/animations/css-animation-hover-svg.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259830 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-09 Said Abou-Hallawa REGRESSION: CSS animations inside an embedded SVG image do not animate https://bugs.webkit.org/show_bug.cgi?id=209370 Reviewed by Simon Fraser. If WebAnimation is enabled and the SVGImage includes CSS animations, the DocumentTimeline is added to the SVGDocument of the embedded SVGImage. Because the SVGImage has its own Page the RenderingUpdate is scheduled and the updateRendering steps run in this Page. The Page of the SVGImage is inactive such that scheduling RenderingUpdate fails; therefore the updateRendering steps never run and the CSS animation never advances. The fix is: 1) Scheduling the RenderingUpdate: This has to happen in the Page which contains the renderer of the SVGImage. Because DocumentTimeline is added to SVGDocument, this scheduling will go through these hubs: - DocumentTimeline - Page - ChromeClient -> SVGImageChromeClient - SVGImage - ImageObserver -> CachedImageObserver - CachedImage - CachedImageClient -> RenderElement - Page 2) Running the updateRendering steps: Each document in the Page will enumerate its cached SVGImages. The updateRendering of the Page of each SVGImage will be called. To make enumerating the cached SVGImages of a Document faster, the URL of the cached SVGImage will be added to the cachedSVGImagesURLs of CachedResourceLoader when notifyFinished() is called for associated CachedImage. Tests: svg/animations/css-animation-background-svg.html svg/animations/css-animation-embedded-svg.html svg/animations/css-animation-hover-svg.html * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::scheduleAnimationResolution): (WebCore::DocumentTimeline::updateAnimationsAndSendEvents): * html/ImageBitmap.cpp: * loader/cache/CachedImage.cpp: (WebCore::CachedImage::hasSVGImage const): (WebCore::CachedImage::CachedImageObserver::scheduleTimedRenderingUpdate): (WebCore::CachedImage::scheduleTimedRenderingUpdate): * loader/cache/CachedImage.h: * loader/cache/CachedImageClient.h: (WebCore::CachedImageClient::scheduleTimedRenderingUpdate): * loader/cache/CachedResourceLoader.cpp: (WebCore::isSVGImageCachedResource): (WebCore::cachedResourceSVGImage): (WebCore::CachedResourceLoader::notifyFinished): (WebCore:: const): * loader/cache/CachedResourceLoader.h: * page/ChromeClient.h: (WebCore::ChromeClient::scheduleTimedRenderingUpdate): * page/Page.cpp: (WebCore::Page::scheduleTimedRenderingUpdate): (WebCore::Page::updateRendering): * page/Page.h: * platform/graphics/ImageObserver.h: * rendering/RenderElement.cpp: (WebCore::RenderElement::notifyFinished): (WebCore::RenderElement::scheduleTimedRenderingUpdate): * rendering/RenderElement.h: * rendering/RenderImage.cpp: (WebCore::RenderImage::notifyFinished): * svg/graphics/SVGImage.h: * svg/graphics/SVGImageClients.h: 2020-04-10 Alan Coon Cherry-pick r259829. rdar://problem/61596883 Remove legacy X-WebKit-CSP header support https://bugs.webkit.org/show_bug.cgi?id=210256 Source/WebCore: Reviewed by Geoffrey Garen. Supporting this header is causes compatibly issues for some sites and they appear to be misconfigured. Additionally, no other browser has supported these headers in many years. This patch removes all support for the legacy X-WebKit-CSP header. * dom/Document.cpp: (WebCore::Document::processHttpEquiv): * page/csp/ContentSecurityPolicyDirectiveList.cpp: (WebCore::ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList): * page/csp/ContentSecurityPolicyResponseHeaders.cpp: (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): * page/csp/ContentSecurityPolicyResponseHeaders.h: * platform/network/HTTPHeaderNames.in: * platform/network/ResourceResponseBase.cpp: (WebCore::isSafeCrossOriginResponseHeader): LayoutTests: Reviewed by Geoffrey Garen. Fix tests so they ensure we don't respect legacy CSP headers anymore. * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-invalidnonce-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/module-scriptnonce-invalidnonce.html: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked.html: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce-expected.txt: * http/tests/security/contentSecurityPolicy/1.1/scriptnonce-invalidnonce.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259829 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-09 Keith Miller Remove legacy X-WebKit-CSP header support https://bugs.webkit.org/show_bug.cgi?id=210256 Reviewed by Geoffrey Garen. Supporting this header is causes compatibly issues for some sites and they appear to be misconfigured. Additionally, no other browser has supported these headers in many years. This patch removes all support for the legacy X-WebKit-CSP header. * dom/Document.cpp: (WebCore::Document::processHttpEquiv): * page/csp/ContentSecurityPolicyDirectiveList.cpp: (WebCore::ContentSecurityPolicyDirectiveList::ContentSecurityPolicyDirectiveList): * page/csp/ContentSecurityPolicyResponseHeaders.cpp: (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): * page/csp/ContentSecurityPolicyResponseHeaders.h: * platform/network/HTTPHeaderNames.in: * platform/network/ResourceResponseBase.cpp: (WebCore::isSafeCrossOriginResponseHeader): 2020-04-10 Alan Coon Cherry-pick r259798. rdar://problem/61596876 Use more WeakPtr in RenderTreeBuilder::FirstLetter https://bugs.webkit.org/show_bug.cgi?id=210251 Reviewed by Zalan Bujtas. For safety. * rendering/updating/RenderTreeBuilderFirstLetter.cpp: (WebCore::RenderTreeBuilder::FirstLetter::createRenderers): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259798 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-09 Antti Koivisto Use more WeakPtr in RenderTreeBuilder::FirstLetter https://bugs.webkit.org/show_bug.cgi?id=210251 Reviewed by Zalan Bujtas. For safety. * rendering/updating/RenderTreeBuilderFirstLetter.cpp: (WebCore::RenderTreeBuilder::FirstLetter::createRenderers): 2020-04-09 Alan Coon Revert r259689. rdar://problem/61269751 2020-04-07 Russell Epstein Cherry-pick r259388. rdar://problem/61269730 [iOS] Allow WebKit to use camera in multi-tasking mode https://bugs.webkit.org/show_bug.cgi?id=209904 Reviewed by Youenn Fablet. Source/WebCore: * platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::setupSession): Source/WebCore/PAL: * pal/cocoa/AVFoundationSoftLink.h: * pal/cocoa/AVFoundationSoftLink.mm: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259388 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-02 Eric Carlson [iOS] Allow WebKit to use camera in multi-tasking mode https://bugs.webkit.org/show_bug.cgi?id=209904 Reviewed by Youenn Fablet. * platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::setupSession): 2020-04-07 Russell Epstein Cherry-pick r259363. rdar://problem/61269736 CRASH in MediaPlayerPrivateMediaSourceAVFObjC::addAudioRenderer(), uncaught ObjC exception https://bugs.webkit.org/show_bug.cgi?id=209827 Reviewed by Eric Carlson. -[AVSampleBufferAudioRenderer init] can, in exceptional conditions, return nil. Passing a nil object, or another object that AVSampleBufferRenderSynchronizer considers "invalid", into -[AVSampleBufferRenderSynchronizer addRenderer:] will throw an exception. Protect against this scenario in two ways: - Check the return value of -[AVSampleBufferAudioRenderer init], and if nil, log an error, log to console, and set the network state to "DecodeError". - Wrap calls to -addRenderer: in @try/@catch blocks, which if caught, log an error, assert, and set the network state to "DecodeError". * Modules/mediasource/MediaSource.cpp: (WebCore::MediaSource::failedToCreateRenderer): * Modules/mediasource/MediaSource.h: * platform/graphics/MediaSourcePrivateClient.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h: * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm: (WebCore::MediaSourcePrivateAVFObjC::failedToCreateAudioRenderer): (WebCore::MediaSourcePrivateAVFObjC::failedToCreateVideoRenderer): * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259363 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 Jer Noble CRASH in MediaPlayerPrivateMediaSourceAVFObjC::addAudioRenderer(), uncaught ObjC exception https://bugs.webkit.org/show_bug.cgi?id=209827 Reviewed by Eric Carlson. -[AVSampleBufferAudioRenderer init] can, in exceptional conditions, return nil. Passing a nil object, or another object that AVSampleBufferRenderSynchronizer considers "invalid", into -[AVSampleBufferRenderSynchronizer addRenderer:] will throw an exception. Protect against this scenario in two ways: - Check the return value of -[AVSampleBufferAudioRenderer init], and if nil, log an error, log to console, and set the network state to "DecodeError". - Wrap calls to -addRenderer: in @try/@catch blocks, which if caught, log an error, assert, and set the network state to "DecodeError". * Modules/mediasource/MediaSource.cpp: (WebCore::MediaSource::failedToCreateRenderer): * Modules/mediasource/MediaSource.h: * platform/graphics/MediaSourcePrivateClient.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer): * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h: * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm: (WebCore::MediaSourcePrivateAVFObjC::failedToCreateAudioRenderer): (WebCore::MediaSourcePrivateAVFObjC::failedToCreateVideoRenderer): * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled): 2020-04-07 Russell Epstein Cherry-pick r259338. rdar://problem/61269727 Support resolution of IPv6 STUN/TURN addresses https://bugs.webkit.org/show_bug.cgi?id=209808 Reviewed by Eric Carlson. Source/WebCore: Add family access to IPAddress to support both IPv4 and IPv6. Store IPAddress internal value as IPv6 and cast them to IPv4 on demand. * platform/network/DNS.h: * platform/network/soup/DNSResolveQueueSoup.cpp: (WebCore::resolvedWithObserverCallback): Source/WebKit: Update code to support IPv6 addresses when doing DNS resolution of TURN/STUN servers. Refactor code to share more code between Cocoa ports and non Cocoa ports. Manually tested with external IPv6 TURN servers. * NetworkProcess/webrtc/NetworkRTCProvider.cpp: (WebKit::NetworkRTCProvider::createResolver): * NetworkProcess/webrtc/NetworkRTCResolverCocoa.cpp: (WebKit::resolvedName): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259338 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 youenn fablet Support resolution of IPv6 STUN/TURN addresses https://bugs.webkit.org/show_bug.cgi?id=209808 Reviewed by Eric Carlson. Add family access to IPAddress to support both IPv4 and IPv6. Store IPAddress internal value as IPv6 and cast them to IPv4 on demand. * platform/network/DNS.h: * platform/network/soup/DNSResolveQueueSoup.cpp: (WebCore::resolvedWithObserverCallback): 2020-04-07 Russell Epstein Cherry-pick r259316. rdar://problem/61269751 IndexedDB: destroy WebIDBServer when session is removed in network process https://bugs.webkit.org/show_bug.cgi?id=209606 Reviewed by Geoffrey Garen. Source/WebCore: Rename immediateCloseForUserDelete to immediateClose as we now use it in destructor of IDBServer to make sure everything in database finishes correctly. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::~IDBServer): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins): * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::immediateClose): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: Source/WebKit: Tested manually to verify WebIDBServer is removed and its thread ends when session is removed. * NetworkProcess/IndexedDB/WebIDBServer.cpp: (WebKit::WebIDBServer::~WebIDBServer): (WebKit::WebIDBServer::addConnection): (WebKit::WebIDBServer::removeConnection): (WebKit::WebIDBServer::close): * NetworkProcess/IndexedDB/WebIDBServer.h: * NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::destroySession): (WebKit::NetworkProcess::connectionToWebProcessClosed): Source/WTF: Add function to kill CrossThreadTaskHandler and make thread finish. Also add a callback to be called before thread finishes. * wtf/CrossThreadTaskHandler.cpp: (WTF::CrossThreadTaskHandler::CrossThreadTaskHandler): (WTF::CrossThreadTaskHandler::setCompletionCallback): (WTF::CrossThreadTaskHandler::kill): * wtf/CrossThreadTaskHandler.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259316 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-31 Sihui Liu IndexedDB: destroy WebIDBServer when session is removed in network process https://bugs.webkit.org/show_bug.cgi?id=209606 Reviewed by Geoffrey Garen. Rename immediateCloseForUserDelete to immediateClose as we now use it in destructor of IDBServer to make sure everything in database finishes correctly. * Modules/indexeddb/server/IDBServer.cpp: (WebCore::IDBServer::IDBServer::~IDBServer): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince): (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins): * Modules/indexeddb/server/UniqueIDBDatabase.cpp: (WebCore::IDBServer::UniqueIDBDatabase::immediateClose): (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Deleted. * Modules/indexeddb/server/UniqueIDBDatabase.h: 2020-04-06 Alan Coon Cherry-pick r259538. rdar://problem/61352452 Additional sanity checks in compareAnimationsByCompositeOrder() https://bugs.webkit.org/show_bug.cgi?id=209996 Reviewed by Geoffrey Garen. compareAnimationsByCompositeOrder() is used by std::sort() which requires strict weak ordering. This adds additional checks to ensure strict weak ordering is maintained, first by ensuring the transitionProperty string is different before returning that comparison, then by only using if the animation is a CSSTransition or CSSAnimation if the left hand and right hand sides differ. This should leave all remaining cases to sort by the global animation list. No new tests; this should be covered by existing tests and should not change functionality otherwise. * animation/WebAnimationUtilities.cpp: (WebCore::compareAnimationsByCompositeOrder): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259538 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-04 Doug Kelly Additional sanity checks in compareAnimationsByCompositeOrder() https://bugs.webkit.org/show_bug.cgi?id=209996 Reviewed by Geoffrey Garen. compareAnimationsByCompositeOrder() is used by std::sort() which requires strict weak ordering. This adds additional checks to ensure strict weak ordering is maintained, first by ensuring the transitionProperty string is different before returning that comparison, then by only using if the animation is a CSSTransition or CSSAnimation if the left hand and right hand sides differ. This should leave all remaining cases to sort by the global animation list. No new tests; this should be covered by existing tests and should not change functionality otherwise. * animation/WebAnimationUtilities.cpp: (WebCore::compareAnimationsByCompositeOrder): 2020-04-06 Alan Coon Cherry-pick r259519. rdar://problem/61352446 ASSERTION FAILED: objectStoreInfo in SQLiteIDBBackingStore::getRecord https://bugs.webkit.org/show_bug.cgi?id=209976 Reviewed by Geoffrey Garen. Return error if objectStoreInfo is null in SQLiteIDBBackingStore::getRecord, because there is a possibility SQLiteIDBBackingStore does not have requested objectStoreInfo. * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259519 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-03 Sihui Liu ASSERTION FAILED: objectStoreInfo in SQLiteIDBBackingStore::getRecord https://bugs.webkit.org/show_bug.cgi?id=209976 Reviewed by Geoffrey Garen. Return error if objectStoreInfo is null in SQLiteIDBBackingStore::getRecord, because there is a possibility SQLiteIDBBackingStore does not have requested objectStoreInfo. * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord): 2020-04-06 Alan Coon Cherry-pick r259315. rdar://problem/61352448 Regression(r253357) DeviceMotionEvent acceleration and rotationRate are null https://bugs.webkit.org/show_bug.cgi?id=209831 Reviewed by Darin Adler. Source/WebCore: The issue was that DeviceMotionClientIOS::motionChanged() would only initialize the acceleration and rotationRate if [m_motionManager gyroAvailable] returned YES. After r253357, m_motionManager is nil because we get motion data from the UIProcess so [m_motionManager gyroAvailable] would always resolve to NO. To address the issue, I made the rotationRate parameters to motionChanged() optional and we rely on them being set to know if gyro data is available. Note that I did not make the acceleration optional because according to [1], all devices have an accelerometer. [1] https://developer.apple.com/documentation/coremotion/cmmotionmanager/1616094-devicemotionavailable?language=objc * platform/ios/DeviceMotionClientIOS.h: * platform/ios/DeviceMotionClientIOS.mm: (WebCore::DeviceMotionClientIOS::motionChanged): * platform/ios/DeviceOrientationUpdateProvider.h: * platform/ios/MotionManagerClient.h: (WebCore::MotionManagerClient::motionChanged): * platform/ios/WebCoreMotionManager.mm: (-[WebCoreMotionManager sendAccelerometerData:]): Source/WebKit: * UIProcess/ios/WebDeviceOrientationUpdateProviderProxy.h: * UIProcess/ios/WebDeviceOrientationUpdateProviderProxy.mm: (WebKit::WebDeviceOrientationUpdateProviderProxy::motionChanged): * WebProcess/WebCoreSupport/WebDeviceOrientationUpdateProvider.cpp: (WebKit::WebDeviceOrientationUpdateProvider::deviceMotionChanged): * WebProcess/WebCoreSupport/WebDeviceOrientationUpdateProvider.h: * WebProcess/WebCoreSupport/WebDeviceOrientationUpdateProvider.messages.in: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259315 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-31 Chris Dumez Regression(r253357) DeviceMotionEvent acceleration and rotationRate are null https://bugs.webkit.org/show_bug.cgi?id=209831 Reviewed by Darin Adler. The issue was that DeviceMotionClientIOS::motionChanged() would only initialize the acceleration and rotationRate if [m_motionManager gyroAvailable] returned YES. After r253357, m_motionManager is nil because we get motion data from the UIProcess so [m_motionManager gyroAvailable] would always resolve to NO. To address the issue, I made the rotationRate parameters to motionChanged() optional and we rely on them being set to know if gyro data is available. Note that I did not make the acceleration optional because according to [1], all devices have an accelerometer. [1] https://developer.apple.com/documentation/coremotion/cmmotionmanager/1616094-devicemotionavailable?language=objc * platform/ios/DeviceMotionClientIOS.h: * platform/ios/DeviceMotionClientIOS.mm: (WebCore::DeviceMotionClientIOS::motionChanged): * platform/ios/DeviceOrientationUpdateProvider.h: * platform/ios/MotionManagerClient.h: (WebCore::MotionManagerClient::motionChanged): * platform/ios/WebCoreMotionManager.mm: (-[WebCoreMotionManager sendAccelerometerData:]): 2020-04-06 Alan Coon Cherry-pick r258434. rdar://problem/61352465 Safari sometimes crashes when switch video into PiP mode https://bugs.webkit.org/show_bug.cgi?id=208904 Reviewed by Simon Fraser. With this patch, MediaControlTextTrackContainerElement won't paint its subtree to an image buffer (for the captions in video fullscreen or picture-in-picture mode) when the cues are updated. Instead, it only sets the flag m_needsGenerateTextTrackRepresentation to true after running layout based on the new cues. After that, it paints its subtree to an image buffer if needed at the end of Page::updateRendering() when the layout is clean. TextTrackRepresentationCocoa will use the image buffer to set the content of the layer for captions in video fullscreen or picture-in-picture mode. MediaControlTextTrackContainerElement class is responsible for rendering the captions in both: 1) a video player in the inline mode. 2) a video player in "video fullscreen" or picture-in-picture mode. This patch refactors some functions to make their responsibilities clear. * Modules/mediacontrols/MediaControlsHost.cpp: (WebCore::MediaControlsHost::updateTextTrackRepresentationImageIfNeeded): * Modules/mediacontrols/MediaControlsHost.h: * dom/Document.cpp: (WebCore::Document::setMediaElementShowingTextTrack): (WebCore::Document::clearMediaElementShowingTextTrack): (WebCore::Document::updateTextTrackRepresentationImageIfNeeded): * dom/Document.h: Functions textTracksAreReady(), textTrackReadyStateChanged() and configureTextTrackDisplay() should be wrapped with "#if ENABLE(VIDEO_TRACK)". * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setTextTrackRepresentation): (WebCore::HTMLMediaElement::textTracksAreReady const): (WebCore::HTMLMediaElement::textTrackReadyStateChanged): (WebCore::HTMLMediaElement::configureTextTrackDisplay): (WebCore::HTMLMediaElement::updateTextTrackRepresentationImageIfNeeded): * html/HTMLMediaElement.h: * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTextTrackContainerElement::createElementRenderer): (WebCore::MediaControlTextTrackContainerElement::updateDisplay): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationImageIfNeeded): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationIfNeeded): (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackStyle): (WebCore::MediaControlTextTrackContainerElement::enteredFullscreen): (WebCore::MediaControlTextTrackContainerElement::updateVideoDisplaySize): (WebCore::MediaControlTextTrackContainerElement::updateSizes): (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage): (WebCore::MediaControlTextTrackContainerElement::textTrackRepresentationBoundsChanged): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationStyle): Deleted. (WebCore::MediaControlTextTrackContainerElement::layoutIfNecessary): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateCueStyles): Deleted. * html/shadow/MediaControlElements.h: * html/shadow/MediaControls.cpp: (WebCore::MediaControls::updateTextTrackRepresentationImageIfNeeded): * html/shadow/MediaControls.h: * page/Page.cpp: (WebCore::Page::updateRendering): * rendering/RenderMediaControlElements.cpp: (WebCore::RenderMediaControlTextTrackContainer::RenderMediaControlTextTrackContainer): (WebCore::RenderMediaControlTextTrackContainer::layout): (WebCore::RenderTextTrackContainerElement::RenderTextTrackContainerElement): Deleted. (WebCore::RenderTextTrackContainerElement::layout): Deleted. * rendering/RenderMediaControlElements.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258434 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-13 Peng Liu Safari sometimes crashes when switch video into PiP mode https://bugs.webkit.org/show_bug.cgi?id=208904 Reviewed by Simon Fraser. With this patch, MediaControlTextTrackContainerElement won't paint its subtree to an image buffer (for the captions in video fullscreen or picture-in-picture mode) when the cues are updated. Instead, it only sets the flag m_needsGenerateTextTrackRepresentation to true after running layout based on the new cues. After that, it paints its subtree to an image buffer if needed at the end of Page::updateRendering() when the layout is clean. TextTrackRepresentationCocoa will use the image buffer to set the content of the layer for captions in video fullscreen or picture-in-picture mode. MediaControlTextTrackContainerElement class is responsible for rendering the captions in both: 1) a video player in the inline mode. 2) a video player in "video fullscreen" or picture-in-picture mode. This patch refactors some functions to make their responsibilities clear. * Modules/mediacontrols/MediaControlsHost.cpp: (WebCore::MediaControlsHost::updateTextTrackRepresentationImageIfNeeded): * Modules/mediacontrols/MediaControlsHost.h: * dom/Document.cpp: (WebCore::Document::setMediaElementShowingTextTrack): (WebCore::Document::clearMediaElementShowingTextTrack): (WebCore::Document::updateTextTrackRepresentationImageIfNeeded): * dom/Document.h: Functions textTracksAreReady(), textTrackReadyStateChanged() and configureTextTrackDisplay() should be wrapped with "#if ENABLE(VIDEO_TRACK)". * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setTextTrackRepresentation): (WebCore::HTMLMediaElement::textTracksAreReady const): (WebCore::HTMLMediaElement::textTrackReadyStateChanged): (WebCore::HTMLMediaElement::configureTextTrackDisplay): (WebCore::HTMLMediaElement::updateTextTrackRepresentationImageIfNeeded): * html/HTMLMediaElement.h: * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTextTrackContainerElement::createElementRenderer): (WebCore::MediaControlTextTrackContainerElement::updateDisplay): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationImageIfNeeded): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationIfNeeded): (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackStyle): (WebCore::MediaControlTextTrackContainerElement::enteredFullscreen): (WebCore::MediaControlTextTrackContainerElement::updateVideoDisplaySize): (WebCore::MediaControlTextTrackContainerElement::updateSizes): (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage): (WebCore::MediaControlTextTrackContainerElement::textTrackRepresentationBoundsChanged): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationStyle): Deleted. (WebCore::MediaControlTextTrackContainerElement::layoutIfNecessary): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateCueStyles): Deleted. * html/shadow/MediaControlElements.h: * html/shadow/MediaControls.cpp: (WebCore::MediaControls::updateTextTrackRepresentationImageIfNeeded): * html/shadow/MediaControls.h: * page/Page.cpp: (WebCore::Page::updateRendering): * rendering/RenderMediaControlElements.cpp: (WebCore::RenderMediaControlTextTrackContainer::RenderMediaControlTextTrackContainer): (WebCore::RenderMediaControlTextTrackContainer::layout): (WebCore::RenderTextTrackContainerElement::RenderTextTrackContainerElement): Deleted. (WebCore::RenderTextTrackContainerElement::layout): Deleted. * rendering/RenderMediaControlElements.h: 2020-04-03 Alan Coon Cherry-pick r259378. rdar://problem/61269720 Crash in WebCore::HTMLDocumentParser::insert https://bugs.webkit.org/show_bug.cgi?id=209892 Reviewed by Darin Adler. Speculative fix to check that the parser hasn't been detached before running preload scanner. No new tests since there is no reproduction and I couldn't come up with one. * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::pumpTokenizer): (WebCore::HTMLDocumentParser::insert): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259378 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 Ryosuke Niwa Crash in WebCore::HTMLDocumentParser::insert https://bugs.webkit.org/show_bug.cgi?id=209892 Reviewed by Darin Adler. Speculative fix to check that the parser hasn't been detached before running preload scanner. No new tests since there is no reproduction and I couldn't come up with one. * html/parser/HTMLDocumentParser.cpp: (WebCore::HTMLDocumentParser::pumpTokenizer): (WebCore::HTMLDocumentParser::insert): 2020-04-03 Alan Coon Cherry-pick r259355. rdar://problem/61269744 Bindings that override getOwnPropertySlotByIndex need to say they MayHaveIndexedAccessors https://bugs.webkit.org/show_bug.cgi?id=209762 Reviewed by Darin Adler. Source/JavaScriptCore: Change indexingType to indexingModeIncludingHistory to more clearly indicate the expected range of possible valid values. * runtime/StructureInlines.h: (JSC::Structure::create): Source/WebCore: There may be places where we rely on this for semantic correctness. I couldn't find any right now but we might as well be conservative since this isn't a performance regression. * bindings/js/JSDOMWindowProperties.h: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): * bindings/scripts/test/JS/JSInterfaceName.h: (WebCore::JSInterfaceName::createStructure): * bindings/scripts/test/JS/JSMapLike.h: (WebCore::JSMapLike::createStructure): * bindings/scripts/test/JS/JSReadOnlyMapLike.h: (WebCore::JSReadOnlyMapLike::createStructure): * bindings/scripts/test/JS/JSReadOnlySetLike.h: (WebCore::JSReadOnlySetLike::createStructure): * bindings/scripts/test/JS/JSSetLike.h: (WebCore::JSSetLike::createStructure): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: (WebCore::JSTestActiveDOMObject::createStructure): * bindings/scripts/test/JS/JSTestCEReactions.h: (WebCore::JSTestCEReactions::createStructure): * bindings/scripts/test/JS/JSTestCEReactionsStringifier.h: (WebCore::JSTestCEReactionsStringifier::createStructure): * bindings/scripts/test/JS/JSTestCallTracer.h: (WebCore::JSTestCallTracer::createStructure): * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h: (WebCore::JSTestClassWithJSBuiltinConstructor::createStructure): * bindings/scripts/test/JS/JSTestDOMJIT.h: (WebCore::JSTestDOMJIT::createStructure): * bindings/scripts/test/JS/JSTestEnabledBySetting.h: (WebCore::JSTestEnabledBySetting::createStructure): * bindings/scripts/test/JS/JSTestEnabledForContext.h: (WebCore::JSTestEnabledForContext::createStructure): * bindings/scripts/test/JS/JSTestEventConstructor.h: (WebCore::JSTestEventConstructor::createStructure): * bindings/scripts/test/JS/JSTestEventTarget.h: (WebCore::JSTestEventTarget::createStructure): * bindings/scripts/test/JS/JSTestException.h: (WebCore::JSTestException::createStructure): * bindings/scripts/test/JS/JSTestGenerateIsReachable.h: (WebCore::JSTestGenerateIsReachable::createStructure): * bindings/scripts/test/JS/JSTestGlobalObject.h: (WebCore::JSTestGlobalObject::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h: (WebCore::JSTestIndexedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h: (WebCore::JSTestIndexedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h: (WebCore::JSTestIndexedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestInterface.h: * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.h: (WebCore::JSTestInterfaceLeadingUnderscore::createStructure): * bindings/scripts/test/JS/JSTestIterable.h: (WebCore::JSTestIterable::createStructure): * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h: (WebCore::JSTestJSBuiltinConstructor::createStructure): * bindings/scripts/test/JS/JSTestMediaQueryListListener.h: (WebCore::JSTestMediaQueryListListener::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h: (WebCore::JSTestNamedAndIndexedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h: (WebCore::JSTestNamedAndIndexedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h: (WebCore::JSTestNamedAndIndexedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedConstructor.h: (WebCore::JSTestNamedConstructor::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h: (WebCore::JSTestNamedDeleterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h: (WebCore::JSTestNamedDeleterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h: (WebCore::JSTestNamedDeleterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h: (WebCore::JSTestNamedDeleterWithIndexedGetter::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: (WebCore::JSTestNamedGetterCallWith::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: (WebCore::JSTestNamedGetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: (WebCore::JSTestNamedGetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h: (WebCore::JSTestNamedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h: (WebCore::JSTestNamedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h: (WebCore::JSTestNamedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h: (WebCore::JSTestNamedSetterWithIndexedGetter::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h: (WebCore::JSTestNamedSetterWithIndexedGetterAndSetter::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h: (WebCore::JSTestNamedSetterWithOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h: (WebCore::JSTestNamedSetterWithUnforgableProperties::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h: (WebCore::JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestNode.h: * bindings/scripts/test/JS/JSTestObj.h: (WebCore::JSTestObj::createStructure): * bindings/scripts/test/JS/JSTestOverloadedConstructors.h: (WebCore::JSTestOverloadedConstructors::createStructure): * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.h: (WebCore::JSTestOverloadedConstructorsWithSequence::createStructure): * bindings/scripts/test/JS/JSTestOverrideBuiltins.h: (WebCore::JSTestOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestPluginInterface.h: (WebCore::JSTestPluginInterface::createStructure): * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.h: (WebCore::JSTestPromiseRejectionEvent::createStructure): * bindings/scripts/test/JS/JSTestSerialization.h: (WebCore::JSTestSerialization::createStructure): * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.h: (WebCore::JSTestSerializationIndirectInheritance::createStructure): * bindings/scripts/test/JS/JSTestSerializationInherit.h: (WebCore::JSTestSerializationInherit::createStructure): * bindings/scripts/test/JS/JSTestSerializationInheritFinal.h: (WebCore::JSTestSerializationInheritFinal::createStructure): * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h: (WebCore::JSTestSerializedScriptValueInterface::createStructure): * bindings/scripts/test/JS/JSTestStringifier.h: (WebCore::JSTestStringifier::createStructure): * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.h: (WebCore::JSTestStringifierAnonymousOperation::createStructure): * bindings/scripts/test/JS/JSTestStringifierNamedOperation.h: (WebCore::JSTestStringifierNamedOperation::createStructure): * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.h: (WebCore::JSTestStringifierOperationImplementedAs::createStructure): * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.h: (WebCore::JSTestStringifierOperationNamedToString::createStructure): * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.h: (WebCore::JSTestStringifierReadOnlyAttribute::createStructure): * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.h: (WebCore::JSTestStringifierReadWriteAttribute::createStructure): * bindings/scripts/test/JS/JSTestTypedefs.h: (WebCore::JSTestTypedefs::createStructure): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259355 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-04-01 Keith Miller Bindings that override getOwnPropertySlotByIndex need to say they MayHaveIndexedAccessors https://bugs.webkit.org/show_bug.cgi?id=209762 Reviewed by Darin Adler. There may be places where we rely on this for semantic correctness. I couldn't find any right now but we might as well be conservative since this isn't a performance regression. * bindings/js/JSDOMWindowProperties.h: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): * bindings/scripts/test/JS/JSInterfaceName.h: (WebCore::JSInterfaceName::createStructure): * bindings/scripts/test/JS/JSMapLike.h: (WebCore::JSMapLike::createStructure): * bindings/scripts/test/JS/JSReadOnlyMapLike.h: (WebCore::JSReadOnlyMapLike::createStructure): * bindings/scripts/test/JS/JSReadOnlySetLike.h: (WebCore::JSReadOnlySetLike::createStructure): * bindings/scripts/test/JS/JSSetLike.h: (WebCore::JSSetLike::createStructure): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: (WebCore::JSTestActiveDOMObject::createStructure): * bindings/scripts/test/JS/JSTestCEReactions.h: (WebCore::JSTestCEReactions::createStructure): * bindings/scripts/test/JS/JSTestCEReactionsStringifier.h: (WebCore::JSTestCEReactionsStringifier::createStructure): * bindings/scripts/test/JS/JSTestCallTracer.h: (WebCore::JSTestCallTracer::createStructure): * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h: (WebCore::JSTestClassWithJSBuiltinConstructor::createStructure): * bindings/scripts/test/JS/JSTestDOMJIT.h: (WebCore::JSTestDOMJIT::createStructure): * bindings/scripts/test/JS/JSTestEnabledBySetting.h: (WebCore::JSTestEnabledBySetting::createStructure): * bindings/scripts/test/JS/JSTestEnabledForContext.h: (WebCore::JSTestEnabledForContext::createStructure): * bindings/scripts/test/JS/JSTestEventConstructor.h: (WebCore::JSTestEventConstructor::createStructure): * bindings/scripts/test/JS/JSTestEventTarget.h: (WebCore::JSTestEventTarget::createStructure): * bindings/scripts/test/JS/JSTestException.h: (WebCore::JSTestException::createStructure): * bindings/scripts/test/JS/JSTestGenerateIsReachable.h: (WebCore::JSTestGenerateIsReachable::createStructure): * bindings/scripts/test/JS/JSTestGlobalObject.h: (WebCore::JSTestGlobalObject::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h: (WebCore::JSTestIndexedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h: (WebCore::JSTestIndexedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h: (WebCore::JSTestIndexedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestInterface.h: * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.h: (WebCore::JSTestInterfaceLeadingUnderscore::createStructure): * bindings/scripts/test/JS/JSTestIterable.h: (WebCore::JSTestIterable::createStructure): * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h: (WebCore::JSTestJSBuiltinConstructor::createStructure): * bindings/scripts/test/JS/JSTestMediaQueryListListener.h: (WebCore::JSTestMediaQueryListListener::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h: (WebCore::JSTestNamedAndIndexedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h: (WebCore::JSTestNamedAndIndexedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h: (WebCore::JSTestNamedAndIndexedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedConstructor.h: (WebCore::JSTestNamedConstructor::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h: (WebCore::JSTestNamedDeleterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h: (WebCore::JSTestNamedDeleterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h: (WebCore::JSTestNamedDeleterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h: (WebCore::JSTestNamedDeleterWithIndexedGetter::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: (WebCore::JSTestNamedGetterCallWith::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: (WebCore::JSTestNamedGetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: (WebCore::JSTestNamedGetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h: (WebCore::JSTestNamedSetterNoIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h: (WebCore::JSTestNamedSetterThrowingException::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h: (WebCore::JSTestNamedSetterWithIdentifier::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h: (WebCore::JSTestNamedSetterWithIndexedGetter::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h: (WebCore::JSTestNamedSetterWithIndexedGetterAndSetter::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h: (WebCore::JSTestNamedSetterWithOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h: (WebCore::JSTestNamedSetterWithUnforgableProperties::createStructure): * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h: (WebCore::JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestNode.h: * bindings/scripts/test/JS/JSTestObj.h: (WebCore::JSTestObj::createStructure): * bindings/scripts/test/JS/JSTestOverloadedConstructors.h: (WebCore::JSTestOverloadedConstructors::createStructure): * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.h: (WebCore::JSTestOverloadedConstructorsWithSequence::createStructure): * bindings/scripts/test/JS/JSTestOverrideBuiltins.h: (WebCore::JSTestOverrideBuiltins::createStructure): * bindings/scripts/test/JS/JSTestPluginInterface.h: (WebCore::JSTestPluginInterface::createStructure): * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.h: (WebCore::JSTestPromiseRejectionEvent::createStructure): * bindings/scripts/test/JS/JSTestSerialization.h: (WebCore::JSTestSerialization::createStructure): * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.h: (WebCore::JSTestSerializationIndirectInheritance::createStructure): * bindings/scripts/test/JS/JSTestSerializationInherit.h: (WebCore::JSTestSerializationInherit::createStructure): * bindings/scripts/test/JS/JSTestSerializationInheritFinal.h: (WebCore::JSTestSerializationInheritFinal::createStructure): * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h: (WebCore::JSTestSerializedScriptValueInterface::createStructure): * bindings/scripts/test/JS/JSTestStringifier.h: (WebCore::JSTestStringifier::createStructure): * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.h: (WebCore::JSTestStringifierAnonymousOperation::createStructure): * bindings/scripts/test/JS/JSTestStringifierNamedOperation.h: (WebCore::JSTestStringifierNamedOperation::createStructure): * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.h: (WebCore::JSTestStringifierOperationImplementedAs::createStructure): * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.h: (WebCore::JSTestStringifierOperationNamedToString::createStructure): * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.h: (WebCore::JSTestStringifierReadOnlyAttribute::createStructure): * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.h: (WebCore::JSTestStringifierReadWriteAttribute::createStructure): * bindings/scripts/test/JS/JSTestTypedefs.h: (WebCore::JSTestTypedefs::createStructure): 2020-04-03 Alan Coon Cherry-pick r256900. rdar://problem/61269733 SWServer::claim should check for the service worker to be active https://bugs.webkit.org/show_bug.cgi?id=207739 Reviewed by Alex Christensen. Source/WebCore: claim is only working for service workers that are active. But there might be a time when a service worker is active in its web process but redundant in networking process. Thus, we need to move the check from WebProcess to NetworkProcess. * workers/service/ServiceWorkerClients.cpp: (WebCore::ServiceWorkerClients::claim): * workers/service/context/SWContextManager.h: * workers/service/server/SWServer.cpp: (WebCore::SWServer::claim): * workers/service/server/SWServer.h: * workers/service/server/SWServerToContextConnection.cpp: (WebCore::SWServerToContextConnection::claim): * workers/service/server/SWServerToContextConnection.h: * workers/service/server/SWServerWorker.cpp: (WebCore::SWServerWorker::claim): Deleted. * workers/service/server/SWServerWorker.h: (WebCore::SWServerWorker::isActive const): Source/WebKit: Use Async Reply to remove the need for a map and passing integers around. * NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp: (WebKit::WebSWServerToContextConnection::claimCompleted): Deleted. * NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h: * NetworkProcess/ServiceWorker/WebSWServerToContextConnection.messages.in: * WebProcess/Storage/WebSWContextManagerConnection.cpp: (WebKit::WebSWContextManagerConnection::claim): (WebKit::WebSWContextManagerConnection::claimCompleted): Deleted. * WebProcess/Storage/WebSWContextManagerConnection.h: * WebProcess/Storage/WebSWContextManagerConnection.messages.in: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256900 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-18 Youenn Fablet SWServer::claim should check for the service worker to be active https://bugs.webkit.org/show_bug.cgi?id=207739 Reviewed by Alex Christensen. claim is only working for service workers that are active. But there might be a time when a service worker is active in its web process but redundant in networking process. Thus, we need to move the check from WebProcess to NetworkProcess. * workers/service/ServiceWorkerClients.cpp: (WebCore::ServiceWorkerClients::claim): * workers/service/context/SWContextManager.h: * workers/service/server/SWServer.cpp: (WebCore::SWServer::claim): * workers/service/server/SWServer.h: * workers/service/server/SWServerToContextConnection.cpp: (WebCore::SWServerToContextConnection::claim): * workers/service/server/SWServerToContextConnection.h: * workers/service/server/SWServerWorker.cpp: (WebCore::SWServerWorker::claim): Deleted. * workers/service/server/SWServerWorker.h: (WebCore::SWServerWorker::isActive const): 2020-03-31 Russell Epstein Cherry-pick r259305. rdar://problem/61131083 Invalid memory access @ WebCore::FrameLoader::dispatchDidCommitLoad https://bugs.webkit.org/show_bug.cgi?id=209786 Patch by Pinki Gyanchandani on 2020-03-31 Reviewed by Ryosuke Niwa. No new tests. Reduced test would be added later. Currently issue is verified with the original testcase in associated radar-58416328. Webkit1 only issue, where m_client.dispatchDidCommitLoad in FrameLoader::dispatchDidCommitLoad could cause the frame to be destroyed, and m_frame still being accessed outside. Changes made to protect the DocumentLoader and Frame. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::finishedLoading): (WebCore::DocumentLoader::handleSubstituteDataLoadNow): * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259305 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-31 Pinki Gyanchandani Invalid memory access @ WebCore::FrameLoader::dispatchDidCommitLoad https://bugs.webkit.org/show_bug.cgi?id=209786 Reviewed by Ryosuke Niwa. No new tests. Reduced test would be added later. Currently issue is verified with the original testcase in associated radar-58416328. Webkit1 only issue, where m_client.dispatchDidCommitLoad in FrameLoader::dispatchDidCommitLoad could cause the frame to be destroyed, and m_frame still being accessed outside. Changes made to protect the DocumentLoader and Frame. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::finishedLoading): (WebCore::DocumentLoader::handleSubstituteDataLoadNow): * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): 2020-03-31 Russell Epstein Cherry-pick r259244. rdar://problem/61131078 Assertion failure in HTMLFormElement::formElementIndex https://bugs.webkit.org/show_bug.cgi?id=209643 Reviewed by Darin Adler. The bug was caused by FormAssociatedElement::findAssociatedForm finding a wrong form element when it's called on an element which appears later in the removed subtree. When we find the new form element to associate this element with, check to make sure its root element is that of the tree scope. This condition will be false if this element is in in the midst of being removed. * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::findAssociatedForm): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259244 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-27 Ryosuke Niwa Assertion failure in HTMLFormElement::formElementIndex https://bugs.webkit.org/show_bug.cgi?id=209643 Reviewed by Darin Adler. The bug was caused by FormAssociatedElement::findAssociatedForm finding a wrong form element when it's called on an element which appears later in the removed subtree. When we find the new form element to associate this element with, check to make sure its root element is that of the tree scope. This condition will be false if this element is in in the midst of being removed. * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::findAssociatedForm): 2020-03-31 Russell Epstein Cherry-pick r258326. rdar://problem/61113047 Remove no longer used code in LibWebRTCMediaEndpoint to handle remote streams https://bugs.webkit.org/show_bug.cgi?id=208919 Reviewed by Eric Carlson. These stream APIs are legacy now and not useful anymore. Stop implementing the corresponding callbacks and remove related code. Coverd by existing tests. * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::addRemoteStream): Deleted. (WebCore::LibWebRTCMediaEndpoint::addRemoteTrack): Deleted. (WebCore::LibWebRTCMediaEndpoint::OnAddStream): Deleted. * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258326 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-12 youenn fablet Remove no longer used code in LibWebRTCMediaEndpoint to handle remote streams https://bugs.webkit.org/show_bug.cgi?id=208919 Reviewed by Eric Carlson. These stream APIs are legacy now and not useful anymore. Stop implementing the corresponding callbacks and remove related code. Coverd by existing tests. * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::addRemoteStream): Deleted. (WebCore::LibWebRTCMediaEndpoint::addRemoteTrack): Deleted. (WebCore::LibWebRTCMediaEndpoint::OnAddStream): Deleted. * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h: 2020-03-30 Alan Coon Cherry-pick r258837. rdar://problem/61064858 MediaDevices::refreshDevices should take device type into account https://bugs.webkit.org/show_bug.cgi?id=209417 Reviewed by Eric Carlson. Source/WebCore: Now that we set deviceId to the empty string when media capture is not granted, we can have two devices with the same ID. We also need to handle the device type. * Modules/mediastream/MediaDevices.cpp: (WebCore::MediaDevices::refreshDevices): LayoutTests: * fast/mediastream/media-device-info-expected.txt: * fast/mediastream/media-device-info.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258837 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-23 youenn fablet MediaDevices::refreshDevices should take device type into account https://bugs.webkit.org/show_bug.cgi?id=209417 Reviewed by Eric Carlson. Now that we set deviceId to the empty string when media capture is not granted, we can have two devices with the same ID. We also need to handle the device type. * Modules/mediastream/MediaDevices.cpp: (WebCore::MediaDevices::refreshDevices): 2020-03-30 Alan Coon Cherry-pick r258493. rdar://problem/61064864 Remove the use of empty WebRTC sources for receiver tracks https://bugs.webkit.org/show_bug.cgi?id=209061 Reviewed by Eric Carlson. LayoutTests/imported/w3c: * web-platform-tests/webrtc/RTCPeerConnection-track-stats.https-expected.txt: Source/WebCore: We no longer need to create receivers with empty sources since we now always have a libwebrtc receiver from which we can get the track. We remove that code path. This sldo allows using the right track parameters from the start, like track id. Covered by existing and rebased tests. * Modules/mediastream/RTCPeerConnection.h: * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::addPendingTrackEvent): (WebCore::LibWebRTCMediaEndpoint::collectTransceivers): (WebCore::LibWebRTCMediaEndpoint::newTransceiver): * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp: (WebCore::LibWebRTCPeerConnectionBackend::createReceiver): (WebCore::LibWebRTCPeerConnectionBackend::addTrack): (WebCore::LibWebRTCPeerConnectionBackend::addTransceiverFromTrackOrKind): (WebCore::LibWebRTCPeerConnectionBackend::newRemoteTransceiver): * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h: * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.cpp: (WebCore::LibWebRTCRtpReceiverBackend::createSource): * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.h: * platform/mediastream/RealtimeIncomingAudioSource.cpp: (WebCore::RealtimeIncomingAudioSource::RealtimeIncomingAudioSource): * platform/mediastream/RealtimeIncomingAudioSource.h: * platform/mediastream/RealtimeIncomingVideoSource.cpp: (WebCore::RealtimeIncomingVideoSource::RealtimeIncomingVideoSource): * platform/mediastream/RealtimeIncomingVideoSource.h: * testing/MockLibWebRTCPeerConnection.h: (WebCore::MockMediaStreamTrack::state const): (WebCore::MockRtpReceiver::SetObserver): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258493 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-16 youenn fablet Remove the use of empty WebRTC sources for receiver tracks https://bugs.webkit.org/show_bug.cgi?id=209061 Reviewed by Eric Carlson. We no longer need to create receivers with empty sources since we now always have a libwebrtc receiver from which we can get the track. We remove that code path. This sldo allows using the right track parameters from the start, like track id. Covered by existing and rebased tests. * Modules/mediastream/RTCPeerConnection.h: * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp: (WebCore::LibWebRTCMediaEndpoint::addPendingTrackEvent): (WebCore::LibWebRTCMediaEndpoint::collectTransceivers): (WebCore::LibWebRTCMediaEndpoint::newTransceiver): * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp: (WebCore::LibWebRTCPeerConnectionBackend::createReceiver): (WebCore::LibWebRTCPeerConnectionBackend::addTrack): (WebCore::LibWebRTCPeerConnectionBackend::addTransceiverFromTrackOrKind): (WebCore::LibWebRTCPeerConnectionBackend::newRemoteTransceiver): * Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.h: * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.cpp: (WebCore::LibWebRTCRtpReceiverBackend::createSource): * Modules/mediastream/libwebrtc/LibWebRTCRtpReceiverBackend.h: * platform/mediastream/RealtimeIncomingAudioSource.cpp: (WebCore::RealtimeIncomingAudioSource::RealtimeIncomingAudioSource): * platform/mediastream/RealtimeIncomingAudioSource.h: * platform/mediastream/RealtimeIncomingVideoSource.cpp: (WebCore::RealtimeIncomingVideoSource::RealtimeIncomingVideoSource): * platform/mediastream/RealtimeIncomingVideoSource.h: * testing/MockLibWebRTCPeerConnection.h: (WebCore::MockMediaStreamTrack::state const): (WebCore::MockRtpReceiver::SetObserver): 2020-03-30 Alan Coon Cherry-pick r258464. rdar://problem/61064870 Call SVGTRefElement::buildPendingResource in SVGElement::didFinishInsertingNode https://bugs.webkit.org/show_bug.cgi?id=208981 Reviewed by Antti Koivisto. This patch moves the call to SVGTRefElement::buildPendingResource from SVGElement::insertedIntoAncestor to SVGElement::didFinishInsertingNode. * svg/SVGElement.cpp: (WebCore::SVGElement::insertedIntoAncestor): Return true when the element has a pending resource ID. (WebCore::SVGElement::didFinishInsertingNode): Added. Calls buildPendingResourcesIfNeeded. * svg/SVGElement.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258464 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-14 Ryosuke Niwa Call SVGTRefElement::buildPendingResource in SVGElement::didFinishInsertingNode https://bugs.webkit.org/show_bug.cgi?id=208981 Reviewed by Antti Koivisto. This patch moves the call to SVGTRefElement::buildPendingResource from SVGElement::insertedIntoAncestor to SVGElement::didFinishInsertingNode. * svg/SVGElement.cpp: (WebCore::SVGElement::insertedIntoAncestor): Return true when the element has a pending resource ID. (WebCore::SVGElement::didFinishInsertingNode): Added. Calls buildPendingResourcesIfNeeded. * svg/SVGElement.h: b'2020-03-23 Russell Epstein \n\n Cherry-pick r258799. rdar://problem/60756681\n\n Content-Type & Nosniff Ignored on XML External Entity Resources\n \n \n \n Reviewed by Darin Adler.\n \n Source/WebCore:\n \n Test: http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml\n \n * platform/MIMETypeRegistry.cpp:\n (WebCore::MIMETypeRegistry::isXMLEntityMIMEType): Add.\n * platform/MIMETypeRegistry.h:\n (WebCore::MIMETypeRegistry::isXMLEntityMIMEType): Add.\n - Checks for XML external entity MIME types.\n \n * xml/parser/XMLDocumentParserLibxml2.cpp:\n (WebCore::externalEntityMimeTypeAllowedByNosniff): Add.\n - Checks whether the MIME type is valid based on the presence of\n the "X-Content-Type-Options: nosniff" header.\n (WebCore::openFunc):\n - Drop the contents of the resource that was returned and print\n an error message to the Web Inspector console if\n externalEntityMimeTypeAllowedByNosniff() says the MIME type is\n not allowed.\n \n LayoutTests:\n \n * http/tests/security/contentTypeOptions/nosniff-xml-external-entity-expected.txt: Add.\n * http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml: Add.\n \n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258799 268f45cc-cd09-0410-ab3c-d52691b4dbfc\n\n 2020-03-20 David Kilzer \n\n Content-Type & Nosniff Ignored on XML External Entity Resources\n \n \n\n Reviewed by Darin Adler.\n\n Test: http/tests/security/contentTypeOptions/nosniff-xml-external-entity.xhtml\n\n * platform/MIMETypeRegistry.cpp:\n (WebCore::MIMETypeRegistry::isXMLEntityMIMEType): Add.\n * platform/MIMETypeRegistry.h:\n (WebCore::MIMETypeRegistry::isXMLEntityMIMEType): Add.\n - Checks for XML external entity MIME types.\n\n * xml/parser/XMLDocumentParserLibxml2.cpp:\n (WebCore::externalEntityMimeTypeAllowedByNosniff): Add.\n - Checks whether the MIME type is valid based on the presence of\n the "X-Content-Type-Options: nosniff" header.\n (WebCore::openFunc):\n - Drop the contents of the resource that was returned and print\n an error message to the Web Inspector console if\n externalEntityMimeTypeAllowedByNosniff() says the MIME type is\n not allowed.\n\n b"2020-03-23 Russell Epstein \\n\\n Cherry-pick r258711. rdar://problem/60756645\\n\\n Source/WebCore:\\n AX: VO and safari: can\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n \\n Reviewed by Darin Adler.\\n \\n Test: accessibility/ios-simulator/has-touch-event-listener-with-shadow.html\\n \\n If a node is in a shadowRoot, going up the node parent tree will stop and not check the entire tree for touch event listeners\\n and a touch event won\'t be dispatched. We need to change to use the parentInComposedTree instead to go up the chain.\\n \\n * accessibility/ios/AccessibilityObjectIOS.mm:\\n (WebCore::AccessibilityObject::hasTouchEventListener const):\\n \\n LayoutTests:\\n AX: VO and safari: caan\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n \\n Reviewed by Darin Adler.\\n \\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow-expected.txt: Added.\\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow.html: Added.\\n \\n \\n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258711 268f45cc-cd09-0410-ab3c-d52691b4dbfc\\n\\n 2020-03-19 Chris Fleizach \\n\\n AX: VO and safari: can\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n\\n Reviewed by Darin Adler.\\n\\n Test: accessibility/ios-simulator/has-touch-event-listener-with-shadow.html\\n\\n If a node is in a shadowRoot, going up the node parent tree will stop and not check the entire tree for touch event listeners\\n and a touch event won\'t be dispatched. We need to change to use the parentInComposedTree instead to go up the chain.\\n\\n * accessibility/ios/AccessibilityObjectIOS.mm:\\n (WebCore::AccessibilityObject::hasTouchEventListener const):\\n\\n"2020-03-17 Alan Coon \n\n Apply patch. rdar://problem/60396271\n\n 2020-03-17 Zalan Bujtas \n\n SVG filter triggers unstable layout.\n https://bugs.webkit.org/show_bug.cgi?id=207444\n rdar://problem/59297004\n\n Reviewed by Simon Fraser.\n\n SVG filter code marks DOM nodes dirty and schedules style recalc outside of the SVG root\n while in layout. This could lead to unstable layout and cause battery drain.\n (See webkit.org/b/208903)\n\n * rendering/RenderLayer.cpp: Remove filterNeedsRepaint(). It\'s a dangerously misleading name and should\n not be part of RenderLayer.\n (WebCore::RenderLayer::calculateClipRects const):\n * rendering/RenderLayer.h:\n * rendering/RenderLayerFilters.cpp:\n (WebCore::RenderLayerFilters::notifyFinished):\n * rendering/svg/RenderSVGResourceContainer.cpp:\n (WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation):\n (WebCore::RenderSVGResourceContainer::markAllClientLayersForInvalidation):\n\n'2020-03-17 Alan Coon Cherry-pick r258459. rdar://problem/60539192 SVGMatrix should have the access right of its owner SVGTransform always https://bugs.webkit.org/show_bug.cgi?id=207462 Reviewed by Simon Fraser. Source/WebCore: The SVGMatrix needs to be reattached to its owner SVGTransform when the access right of this owner changes. The access right of the owner changes when it gets attached to or detached from a higher level owner. Test: svg/dom/SVGTransformList-anim-read-only.html * svg/SVGTransform.h: * svg/properties/SVGProperty.h: (WebCore::SVGProperty::attach): (WebCore::SVGProperty::detach): (WebCore::SVGProperty::reattach): LayoutTests: * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added. * svg/dom/SVGTransformList-anim-read-only.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258459 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-13 Said Abou-Hallawa SVGMatrix should have the access right of its owner SVGTransform always https://bugs.webkit.org/show_bug.cgi?id=207462 Reviewed by Simon Fraser. The SVGMatrix needs to be reattached to its owner SVGTransform when the access right of this owner changes. The access right of the owner changes when it gets attached to or detached from a higher level owner. Test: svg/dom/SVGTransformList-anim-read-only.html * svg/SVGTransform.h: * svg/properties/SVGProperty.h: (WebCore::SVGProperty::attach): (WebCore::SVGProperty::detach): (WebCore::SVGProperty::reattach): 2020-03-17 Alan Coon Cherry-pick r258455. rdar://problem/60539179 [Tree building] Block::attachIgnoringContinuation should allow inline tables as before child container https://bugs.webkit.org/show_bug.cgi?id=209095 Reviewed by Simon Fraser. Source/WebCore: It's perfectly valid to have an inline table as the anonymous container for the before child. It'll get wrapped inside an anonymous block right before we insert the block box candidate, so the final result will be something like: new block level child (this is the child we are inserting) anonymous block wrapper inline table (this is the before child's inline container) before child Test: fast/table/before-child-is-inline-table.html * rendering/updating/RenderTreeBuilderBlock.cpp: (WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation): LayoutTests: * fast/table/before-child-is-inline-table-expected.txt: Added. * fast/table/before-child-is-inline-table.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258455 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-13 Zalan Bujtas [Tree building] Block::attachIgnoringContinuation should allow inline tables as before child container https://bugs.webkit.org/show_bug.cgi?id=209095 Reviewed by Simon Fraser. It's perfectly valid to have an inline table as the anonymous container for the before child. It'll get wrapped inside an anonymous block right before we insert the block box candidate, so the final result will be something like: new block level child (this is the child we are inserting) anonymous block wrapper inline table (this is the before child's inline container) before child Test: fast/table/before-child-is-inline-table.html * rendering/updating/RenderTreeBuilderBlock.cpp: (WebCore::RenderTreeBuilder::Block::attachIgnoringContinuation): 2020-03-17 Alan Coon Cherry-pick r258267. rdar://problem/60539190 Consolidate detachment of document timeline into Document::commonTeardown. https://bugs.webkit.org/show_bug.cgi?id=208786 Patch by Jack Lee on 2020-03-11 Reviewed by Ryosuke Niwa. Move detachment of DocumentTimeline to Document::commonTeardown(). No new tests. Covered by existing document tests. * dom/Document.cpp: (WebCore::Document::removedLastRef): (WebCore::Document::commonTeardown): (WebCore::Document::prepareForDestruction): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258267 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-11 Jack Lee Consolidate detachment of document timeline into Document::commonTeardown. https://bugs.webkit.org/show_bug.cgi?id=208786 Reviewed by Ryosuke Niwa. Move detachment of DocumentTimeline to Document::commonTeardown(). No new tests. Covered by existing document tests. * dom/Document.cpp: (WebCore::Document::removedLastRef): (WebCore::Document::commonTeardown): (WebCore::Document::prepareForDestruction): 2020-03-17 Alan Coon Cherry-pick r255997. rdar://problem/60495055 Incorrect TextTrack sorting with invalid BCP47 language https://bugs.webkit.org/show_bug.cgi?id=207315 Patch by Doug Kelly on 2020-02-06 Reviewed by Jer Noble. When comparing TextTracks, this ensures all tracks are compared based on consistent parameters, including tracks with an invalid BCP47 language attribute. * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::textTrackCompare): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255997 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-06 Doug Kelly Incorrect TextTrack sorting with invalid BCP47 language https://bugs.webkit.org/show_bug.cgi?id=207315 Reviewed by Jer Noble. When comparing TextTracks, this ensures all tracks are compared based on consistent parameters, including tracks with an invalid BCP47 language attribute. * page/CaptionUserPreferencesMediaAF.cpp: (WebCore::textTrackCompare): 2020-03-09 Alan Coon Cherry-pick r257640. rdar://problem/60183771 updateCSSTransitionsForElementAndProperty should clone RenderStyles https://bugs.webkit.org/show_bug.cgi?id=208356 rdar://59869560 Reviewed by Antti Koivisto. Make ownership of the local variable clear by cloning the RenderStyles used in updateCSSTransitionsForElementAndProperty rather than referencing different versions. * animation/AnimationTimeline.cpp: (WebCore::AnimationTimeline::updateCSSTransitionsForElementAndProperty): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257640 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-28 Dean Jackson updateCSSTransitionsForElementAndProperty should clone RenderStyles https://bugs.webkit.org/show_bug.cgi?id=208356 rdar://59869560 Reviewed by Antti Koivisto. Make ownership of the local variable clear by cloning the RenderStyles used in updateCSSTransitionsForElementAndProperty rather than referencing different versions. * animation/AnimationTimeline.cpp: (WebCore::AnimationTimeline::updateCSSTransitionsForElementAndProperty): 2020-03-09 Alan Coon Cherry-pick r257746. rdar://problem/60183767 ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject. https://bugs.webkit.org/show_bug.cgi?id=208290 Reviewed by Chris Dumez. The call to executeScriptIgnoringException() may have changed the current global object of the window. We should be using the original global object that produced the result string. Also added a missing exception check needed after a potential rope resolution. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257746 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-03-02 Mark Lam ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject. https://bugs.webkit.org/show_bug.cgi?id=208290 Reviewed by Chris Dumez. The call to executeScriptIgnoringException() may have changed the current global object of the window. We should be using the original global object that produced the result string. Also added a missing exception check needed after a potential rope resolution. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL): 2020-02-21 Russell Epstein Cherry-pick r256856. rdar://problem/59654783 MediaSource.isTypeSupported() says "video/mp4;codecs=\"avc3.42C015\"" is not supported, but it is https://bugs.webkit.org/show_bug.cgi?id=207622 Reviewed by Eric Carlson. Revert the behavior change of MediaPlayerPrivateMediaSourceAVFObjC::supportsType() in r253952. * platform/graphics/avfoundation/objc/AVAssetMIMETypeCache.mm: (WebCore::AVAssetMIMETypeCache::canDecodeExtendedType): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256856 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-18 Peng Liu MediaSource.isTypeSupported() says "video/mp4;codecs=\"avc3.42C015\"" is not supported, but it is https://bugs.webkit.org/show_bug.cgi?id=207622 Reviewed by Eric Carlson. Revert the behavior change of MediaPlayerPrivateMediaSourceAVFObjC::supportsType() in r253952. * platform/graphics/avfoundation/objc/AVAssetMIMETypeCache.mm: (WebCore::AVAssetMIMETypeCache::canDecodeExtendedType): 2020-02-20 Eric Carlson Captions sometimes render at the wrong size when in fullscreen and PiP https://bugs.webkit.org/show_bug.cgi?id=207389 The TextTrackRepresentation, used to render captions when in fullscreen and PiP on iOS and and in PiP on macOS, frequently rendered captions before layout completed immediately after it was created. Fix this by having it not render until a layout happens. Additionally, make the code more efficient by hiding the TextTrackRepresentation's backing layer when cues are not visible instead of destroying the whole object. Drive by: RELEASE_LOG_DISABLED is always defined for PLATFORM(COCOA), so remove it from the macOS/iOS media players to make it easier to add logging to VideoFullscreenLayerManagerObjC. * html/HTMLMediaElement.cpp: (WebCore::convertEnumerationToString): (WebCore::HTMLMediaElement::configureTextTrackDisplay): * html/HTMLMediaElementEnums.h: (WTF::LogArgument::toString): * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTextTrackContainerElement::MediaControlTextTrackContainerElement): (WebCore::MediaControlTextTrackContainerElement::updateDisplay): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationStyle): (WebCore::MediaControlTextTrackContainerElement::layoutIfNecessary): (WebCore::MediaControlTextTrackContainerElement::updateVideoDisplaySize): (WebCore::MediaControlTextTrackContainerElement::updateSizes): (WebCore::MediaControlTextTrackContainerElement::updateCueStyles): (WebCore::MediaControlTextTrackContainerElement::logger const): (WebCore::MediaControlTextTrackContainerElement::logIdentifier const): (WebCore::MediaControlTextTrackContainerElement::updateTimerFired): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateStyleForTextTrackRepresentation): Deleted. * platform/graphics/TextTrackRepresentation.h: * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::MediaPlayerPrivateAVFoundation): (WebCore::MediaPlayerPrivateAVFoundation::logChannel const): * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage): (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::mediaPlayerLogger): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.h: * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm: (WebCore::VideoFullscreenLayerManagerObjC::VideoFullscreenLayerManagerObjC): (WebCore::VideoFullscreenLayerManagerObjC::setVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenFrame): (WebCore::VideoFullscreenLayerManagerObjC::didDestroyVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::syncTextTrackBounds): (WebCore::VideoFullscreenLayerManagerObjC::setTextTrackRepresentation): (WebCore::VideoFullscreenLayerManagerObjC::logChannel const): * platform/graphics/cocoa/TextTrackRepresentationCocoa.h: * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: (-[WebCoreTextTrackRepresentationCocoaHelper observeValueForKeyPath:ofObject:change:context:]): (TextTrackRepresentationCocoa::setHidden const): (TextTrackRepresentationCocoa::boundsChanged): * rendering/RenderMediaControlElements.cpp: (WebCore::RenderTextTrackContainerElement::layout): 2020-02-19 Alan Coon Apply patch. rdar://problem/59611912 2020-02-19 Antoine Quint [Web Animations] Style changes due to Web Animations should not trigger CSS Transitions https://bugs.webkit.org/show_bug.cgi?id=207760 Reviewed by Simon Fraser. While we would consider the unanimated style of CSS Animations specifically when considering what the "start" style values (before-change style in spec terminology) should be when considering whether to start a CSS Transition during style resolution, we would not consider other types of animations, specifically JS-created Web Animations. However, Web Platform Tests specifically test whether changes made using the Web Animations API may trigger transitions, and until now they would because the RenderStyle used to determine the before-change style was the style from the previous resolution, which would include animated values. To fix this, we make it so that KeyframeEffect objects now keep a copy of the unanimated style used when blending animated values for the very first time. That style is cleared each time keyframes change, which is rare, but may happen through the Web Animations API. Then in AnimationTimeline::updateCSSTransitionsForElementAndProperty(), we look for a KeyframeEffect currently affecting the property for which we're considering starting a CSS Transition, and use its unanimated style. If that unanimated style has not been set yet, this is because the KeyframeEffect has not had a chance to apply itself with a non-null progress. In this case, the before-change and after-change styles should be the same in order to prevent a transition from being triggered as the unanimated style for this keyframe effect will most likely be this after-change style, or any future style change that may happen before the keyframe effect starts blending animated values. Finally, tracking the unanimated style at the KeyframeEffect level means we no longer to track it specifically for CSSAnimation. * animation/AnimationTimeline.cpp: (WebCore::keyframeEffectForElementAndProperty): (WebCore::AnimationTimeline::updateCSSTransitionsForElementAndProperty): * animation/AnimationTimeline.h: * animation/CSSAnimation.cpp: (WebCore::CSSAnimation::create): (WebCore::CSSAnimation::CSSAnimation): * animation/CSSAnimation.h: * animation/KeyframeEffect.cpp: (WebCore::KeyframeEffect::animatesProperty const): Because the backing KeyframeList object may not have been created by the first time we query a KeyframeEffect during CSS Transitions resolution, we provide a method that will check the values provided by the Web Animations API to determine whether it targets a given CSS property. (WebCore::KeyframeEffect::clearBlendingKeyframes): (WebCore::KeyframeEffect::computeDeclarativeAnimationBlendingKeyframes): (WebCore::KeyframeEffect::computeCSSAnimationBlendingKeyframes): (WebCore::KeyframeEffect::apply): * animation/KeyframeEffect.h: (WebCore::KeyframeEffect::unanimatedStyle const): * style/StyleTreeResolver.cpp: (WebCore::Style::TreeResolver::createAnimatedElementUpdate): 2020-02-19 Russell Epstein Cherry-pick r256859. rdar://problem/59576018 [macOS] Web process may crash under ServicesOverlayController::buildPotentialHighlightsIfNeeded https://bugs.webkit.org/show_bug.cgi?id=207899 Reviewed by Tim Horton and Simon Fraser. Source/WebCore: Mitigates a null pointer crash in ServicesOverlayController::buildPotentialHighlightsIfNeeded(), wherein the focused frame may not have a FrameView when the ServicesOverlayController's selection invalidation timer fires. This is possible if, while being focused, the newly focused subframe is unparented and reparented, which causes it to momentarily have a null view. During this time, if a selection change had occurred earlier in the runloop, it will schedule the page overlay controller invalidation timer, which will fire and discover that the currently focused frame no longer has a FrameView. Test: editing/selection/selection-change-in-disconnected-frame-crash.html * page/mac/ServicesOverlayController.mm: (WebCore::ServicesOverlayController::buildSelectionHighlight): Source/WebKit: Add another missing null check on iOS, for the case where FrameView is null. * WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformEditorState const): Tools: Make it possible to run tests on macOS with services controls enabled, via a new TestOptions flag. * WebKitTestRunner/TestController.cpp: (WTR::updateTestOptionsFromTestHeader): * WebKitTestRunner/TestOptions.h: (WTR::TestOptions::hasSameInitializationOptions const): * WebKitTestRunner/cocoa/TestControllerCocoa.mm: (WTR::TestController::platformCreateWebView): LayoutTests: Add a new layout test to verify that we don't crash under this circumstance. * editing/selection/selection-change-in-disconnected-frame-crash-expected.txt: Added. * editing/selection/selection-change-in-disconnected-frame-crash.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256859 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-18 Wenson Hsieh [macOS] Web process may crash under ServicesOverlayController::buildPotentialHighlightsIfNeeded https://bugs.webkit.org/show_bug.cgi?id=207899 Reviewed by Tim Horton and Simon Fraser. Mitigates a null pointer crash in ServicesOverlayController::buildPotentialHighlightsIfNeeded(), wherein the focused frame may not have a FrameView when the ServicesOverlayController's selection invalidation timer fires. This is possible if, while being focused, the newly focused subframe is unparented and reparented, which causes it to momentarily have a null view. During this time, if a selection change had occurred earlier in the runloop, it will schedule the page overlay controller invalidation timer, which will fire and discover that the currently focused frame no longer has a FrameView. Test: editing/selection/selection-change-in-disconnected-frame-crash.html * page/mac/ServicesOverlayController.mm: (WebCore::ServicesOverlayController::buildSelectionHighlight): 2020-02-18 Alan Coon Apply patch. rdar://problem/59465474 2020-02-18 Antoine Quint [Web Animations] Ensure CSS Transition and CSS Animation events are queued, sorted and dispatched by their timeline https://bugs.webkit.org/show_bug.cgi?id=207364 Reviewed by Simon Fraser. Until now, AnimationPlaybackEvent events, which are new events introduced by the Web Animations spec, were enqueued in a shared queue on the DocumentTimeline and dispatched during the "update animations and send events" procedure. However, AnimationEvent and TransitionEvent events, dispatched by CSS Animations and CSS Transitions, were dispatched via a dedicated per-animation queue, which meant typically that those events were dispathed one runloop after the AnimationPlaybackEvent events. We now remove the dedicated per-animation queue and enqueue all events in the shared DocumentTimeline queue for dispatch during the "update animations and send events" procedure. To do this correctly, we need to do a couple of other things that ensure we don't regress tests. First, we update the DocumentTimeline::shouldRunUpdateAnimationsAndSendEventsIgnoringSuspensionState() to account for whether there are pending animation events, guaranteeing that an animation update is scheduled should there be any. Second, when animation events are enqueued in DocumentTimeline::enqueueAnimationEvent() we schedule an animation update if needed, since we know we now have pending events that will need to be delivered in an upcoming update. We also maintain a flag between the start of the "update animations and send events" procedure and the moment when the pending animation events queue is cleared prior to dispatching events so that events enqueued in the meantime do not prematurely schedule animation resolution. The need for a new animation resolution will be checked at the end of the procedure. Finally, declarative animations used to have a special suclass of WebAnimation::needsTick() that would check whether they had any pending events, ensuring they would not be removed prematurely. We now reset a flag to false as WebAnimation::tick() is called (as part of the "update animations and send events" procedure) and set it to true in case an animation is enqueued. This flag is then used in needsTick() to guarantee the animation is not removed before the DocumentTimeline has had a chance to dispatch the enqueued event. Note also that, for clarity, the DocumentTimeline::unscheduleAnimationResolution() was renamed to DocumentTimeline::clearTickScheduleTimer() since it wouldn't actually cancel a previous animation resolution schedule. * animation/CSSTransition.h: Fix a newly found build error due to the missing wtf/MonotonicTime.h header. * animation/DeclarativeAnimation.cpp: Remove all code related to the dedicated per-animation queue and instead call the new WebAnimation::enqueueAnimationEvent() method to enqueue events on the DocumentTimeline. (WebCore::DeclarativeAnimation::DeclarativeAnimation): (WebCore::DeclarativeAnimation::tick): (WebCore::DeclarativeAnimation::enqueueDOMEvent): * animation/DeclarativeAnimation.h: * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::detachFromDocument): Ensure the pending events queue is cleared when the timeline is detached from a document, ensuring that there no longer events that would cause a ref-cycle (DocumentTimeline -> AnimationPlaybackEvent -> WebAnimation -> DocumentTimeline). (WebCore::DocumentTimeline::suspendAnimations): (WebCore::DocumentTimeline::removeAnimation): (WebCore::DocumentTimeline::scheduleAnimationResolution): (WebCore::DocumentTimeline::clearTickScheduleTimer): (WebCore::DocumentTimeline::shouldRunUpdateAnimationsAndSendEventsIgnoringSuspensionState const): (WebCore::DocumentTimeline::updateCurrentTime): (WebCore::DocumentTimeline::updateAnimationsAndSendEvents): (WebCore::DocumentTimeline::internalUpdateAnimationsAndSendEvents): (WebCore::DocumentTimeline::scheduleNextTick): (WebCore::DocumentTimeline::animationAcceleratedRunningStateDidChange): (WebCore::DocumentTimeline::enqueueAnimationEvent): * animation/DocumentTimeline.h: * animation/WebAnimation.cpp: (WebCore::WebAnimation::enqueueAnimationPlaybackEvent): (WebCore::WebAnimation::enqueueAnimationEvent): (WebCore::WebAnimation::needsTick const): (WebCore::WebAnimation::tick): * animation/WebAnimation.h: 2020-02-14 Antoine Quint [Web Animations] Make all animation event types inherit from the same base class https://bugs.webkit.org/show_bug.cgi?id=207629 Reviewed by Simon Fraser. Currently we dispatch events CSS Transitions and CSS Animations events using a dedicated event queue on DeclarativeAnimation, while the events added by the Web Animations specification (of type AnimationPlaybackEvent) are dispatched using a shared queue on the DocumentTimeline that is processed during the "update animations and send events procedure". The Web Animations specification dictates that all events should be dispatched during that procedure, which includes sorting of such events based on their timeline time and associated animation relative composite order. In this patch, we prepare the work towards spec compliance for animation events dispatch by making all event types (AnimationPlaybackEvent, TransitionEvent and AnimationEvent) inherit from a single AnimationEventBase interface. This will allow DocumentTimeline to enqueue, sort and dispatch all such events with a single queue in a future patch. Due to CSSAnimationController, we must make the "timeline time" and "animation" parameters optional. When we drop support for CSSAnimationController we'll be able to enforce stronger requirements for these. No new test since this should not introduce any behavior change. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * animation/AnimationEventBase.cpp: Added. (WebCore::AnimationEventBase::AnimationEventBase): * animation/AnimationEventBase.h: Added. (WebCore::AnimationEventBase::create): (WebCore::AnimationEventBase::isAnimationPlaybackEvent const): (WebCore::AnimationEventBase::isAnimationEvent const): (WebCore::AnimationEventBase::isTransitionEvent const): (WebCore::AnimationEventBase::timelineTime const): (WebCore::AnimationEventBase::animation const): * animation/AnimationPlaybackEvent.cpp: (WebCore::AnimationPlaybackEvent::AnimationPlaybackEvent): (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const): * animation/AnimationPlaybackEvent.h: * animation/CSSAnimation.cpp: (WebCore::CSSAnimation::createEvent): * animation/CSSAnimation.h: * animation/CSSTransition.cpp: (WebCore::CSSTransition::createEvent): * animation/CSSTransition.h: * animation/DeclarativeAnimation.cpp: (WebCore::DeclarativeAnimation::enqueueDOMEvent): * animation/DeclarativeAnimation.h: * animation/WebAnimation.cpp: (WebCore::WebAnimation::enqueueAnimationPlaybackEvent): * dom/AnimationEvent.cpp: (WebCore::AnimationEvent::AnimationEvent): * dom/AnimationEvent.h: * dom/TransitionEvent.cpp: (WebCore::TransitionEvent::TransitionEvent): * dom/TransitionEvent.h: * page/animation/CSSAnimationController.cpp: (WebCore::CSSAnimationControllerPrivate::fireEventsAndUpdateStyle): 2020-02-18 Alan Coon Cherry-pick r256191. rdar://problem/59447003 Disallow setting base URL to a data or JavaScript URL https://bugs.webkit.org/show_bug.cgi?id=207136 Source/WebCore: Reviewed by Brent Fulgham. Inspired by . Block setting the base URL to a data URL or JavaScript URL as such usage is questionable. This makes WebKit match the behavior of Chrome and Firefox and is in the spirit of the discussion in . On Mac and iOS, this restriction is applied only to apps linked against a future SDK to avoid breaking shipped apps. For all other ports, this restriction is enabled by default. Tests: fast/url/relative2.html fast/url/segments-from-data-url2.html http/tests/security/allowed-base-url-data-url-via-setting.html http/tests/security/denied-base-url-data-url.html http/tests/security/denied-base-url-javascript-url.html * dom/Document.cpp: (WebCore::Document::processBaseElement): Condition updating the parsed base URL on whether is has an allowed scheme, if restrictions are enabled. Otherwise, do what we do now. If the scheme is disallowed then log a message to the console to explain this to web developers. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::scan): Pass whether to apply restrictons to the base URL to updatePredictedBaseURL(). This depends on whether the setting is enabled or not. (WebCore::TokenPreloadScanner::updatePredictedBaseURL): Modifed to take a boolean as to whether to apply restrictions. If restrictions are not to be applied do what we do now. Otherwise, only do what we do now if the scheme for the predicated base URL is allowed. * html/parser/HTMLPreloadScanner.h: * page/SecurityPolicy.cpp: (WebCore::SecurityPolicy::isBaseURLSchemeAllowed): Added. * page/SecurityPolicy.h: * page/Settings.yaml: Add a setting to toggle restrictions on the base URL scheme. Source/WebKit: Reviewed by Brent Fulgham. Apply base URL restrictions to apps linked to a future WebKit to avoid breaking existing apps. * Shared/WebPreferences.yaml: * UIProcess/API/Cocoa/WKWebView.mm: (shouldRestrictBaseURLSchemes): Added. (-[WKWebView _setupPageConfiguration:]): Update settings. * UIProcess/Cocoa/VersionChecks.h: Source/WebKitLegacy/mac: Reviewed by Brent Fulgham. Apply base URL restrictions to apps linked to a future WebKit to avoid breaking existing apps. * Misc/WebKitVersionChecks.h: * WebView/WebView.mm: (shouldRestrictBaseURLSchemes): Added. (-[WebView _commonInitializationWithFrameName:groupName:]): Update settings. Source/WTF: Reviewed by Brent Fulgham. Add some more macro definitions. * wtf/spi/darwin/dyldSPI.h: LayoutTests: RReviewed by Brent Fulgham. Add some tests. Update others to toggle the setting to apply or unapply the new behavior. The test denied-base-url-javascript-url.html is derived from the test base-url-javascript.html, included in . * fast/url/relative-expected.txt: * fast/url/relative.html: * fast/url/relative2-expected.txt: Copied from LayoutTests/fast/url/relative-expected.txt. * fast/url/relative2.html: Copied from LayoutTests/fast/url/relative.html. * fast/url/resources/utilities.js: (setShouldEllipsizeFileURLPaths): Added. Toggles ellipsizing the path portion of a file URL to simplify matching. Otherwise, file URLs could be machine-specific. (canonicalizedPathname): Added. (segments): Modified to optionally call canonicalizedPathname. (canonicalize): Ditto. * fast/url/segments-from-data-url-expected.txt: * fast/url/segments-from-data-url.html: * fast/url/segments-from-data-url2-expected.txt: Copied from LayoutTests/fast/url/segments-from-data-url-expected.txt. * fast/url/segments-from-data-url2.html: Copied from LayoutTests/fast/url/segments-from-data-url.html. * fetch/fetch-url-serialization-expected.txt: * http/tests/plugins/navigation-during-load-embed.html: * http/tests/plugins/navigation-during-load.html: * http/tests/security/allowed-base-url-data-url-via-setting-expected.txt: Added. * http/tests/security/allowed-base-url-data-url-via-setting.html: Added. * http/tests/security/denied-base-url-data-url-expected.txt: Added. * http/tests/security/denied-base-url-data-url.html: Added. * http/tests/security/denied-base-url-javascript-url-expected.txt: Added. * http/tests/security/denied-base-url-javascript-url.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256191 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-10 Daniel Bates Disallow setting base URL to a data or JavaScript URL https://bugs.webkit.org/show_bug.cgi?id=207136 Reviewed by Brent Fulgham. Inspired by . Block setting the base URL to a data URL or JavaScript URL as such usage is questionable. This makes WebKit match the behavior of Chrome and Firefox and is in the spirit of the discussion in . On Mac and iOS, this restriction is applied only to apps linked against a future SDK to avoid breaking shipped apps. For all other ports, this restriction is enabled by default. Tests: fast/url/relative2.html fast/url/segments-from-data-url2.html http/tests/security/allowed-base-url-data-url-via-setting.html http/tests/security/denied-base-url-data-url.html http/tests/security/denied-base-url-javascript-url.html * dom/Document.cpp: (WebCore::Document::processBaseElement): Condition updating the parsed base URL on whether is has an allowed scheme, if restrictions are enabled. Otherwise, do what we do now. If the scheme is disallowed then log a message to the console to explain this to web developers. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::scan): Pass whether to apply restrictons to the base URL to updatePredictedBaseURL(). This depends on whether the setting is enabled or not. (WebCore::TokenPreloadScanner::updatePredictedBaseURL): Modifed to take a boolean as to whether to apply restrictions. If restrictions are not to be applied do what we do now. Otherwise, only do what we do now if the scheme for the predicated base URL is allowed. * html/parser/HTMLPreloadScanner.h: * page/SecurityPolicy.cpp: (WebCore::SecurityPolicy::isBaseURLSchemeAllowed): Added. * page/SecurityPolicy.h: * page/Settings.yaml: Add a setting to toggle restrictions on the base URL scheme. 2020-02-17 Alan Coon Cherry-pick r256584. rdar://problem/59449390 MediaToolbox may not be available; check before calling MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207733 Reviewed by Maciej Stachowiak. * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256584 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-13 Jer Noble MediaToolbox may not be available; check before calling MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207733 Reviewed by Maciej Stachowiak. * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): 2020-02-17 Alan Coon Cherry-pick r255881. rdar://problem/59447271 Adopt MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207275 Reviewed by Eric Carlson. Source/WebCore: * platform/PlatformScreen.h: * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): Source/WebCore/PAL: * pal/cocoa/MediaToolboxSoftLink.cpp: * pal/cocoa/MediaToolboxSoftLink.h: Source/WebKit: The WebProcess sandbox can block access to the services necessary for MediaToolbox to determine whether the current display is capable of displaying HDR. Rather than opening up the sandbox, provide the information gathered by the UIProcess by way of MTOverrideShouldPlayHDRVideo(). * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::windowScreenDidChange): (WebKit::WebPage::displayID const): * WebProcess/WebPage/WebPage.h: * WebProcess/WebProcess.cpp: (WebKit::WebProcess::setScreenProperties): Deleted. * WebProcess/WebProcess.h: * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::setScreenProperties): (WebKit::WebProcess::updatePageScreenProperties): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255881 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-05 Jer Noble Adopt MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207275 Reviewed by Eric Carlson. * platform/PlatformScreen.h: * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): 2020-02-17 Alan Coon Cherry-pick r256632. rdar://problem/59478906 NetworkLoadMetrics should be shared by multiple ResourceResponse instances https://bugs.webkit.org/show_bug.cgi?id=207747 Reviewed by Keith Miller. Source/WebCore: ResourceResponse is value data, and it is copied multiple times in various places, (1) to create a new ResourceResponse which has slightly different fields, or (1) to hold ResourceResponse even after loading finishes. For example, DocumentLoader has Vector to replay response dispatching in the case of loading from BackForwardCache. The problem is that ResourceResponse is very large: 440 bytes. While we sometimes copy ResourceResponse to modify some part of it, NetworkLoadMetrics is immutable. It is set when response is created, and is never changed. And NetworkLoadMetrics is large: sizeof(NetworkLoadMetrics) is 184 bytes. Given that we have multiple copies of ResourceResponse in WebCore, we should share NetworkLoadMetrics by them. This patch puts Box in ResourceResponse to share it with all copied ResourceResponses. We do not make NetworkLoadMetrics RefCounted<> for now since some legit data structures embed NetworkLoadMetrics. This patch adds ArgumentCoder for Box so that we can encode / decode Box in ResourceResponse in IPC. To ensure NetworkLoadMetrics in ResourceResponse immutable, we add ResourceResponse::setDeprecatedNetworkLoadMetrics instead of modifying NetworkLoadMetrics already created in ResourceResponse. We also attempt to compact ResourceResponse more by using bit-fields. And removing m_isValid field in ParsedContentRange since this can be represented by the different field. These changes make sizeof(ResourceResponse) from 440 to 248. No behavior change. * inspector/agents/InspectorNetworkAgent.cpp: (WebCore::InspectorNetworkAgent::buildObjectForTiming): (WebCore::InspectorNetworkAgent::buildObjectForResourceResponse): * inspector/agents/InspectorNetworkAgent.h: * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::loadRequest): * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didFinishLoading): * page/PerformanceTiming.cpp: (WebCore::PerformanceTiming::domainLookupStart const): (WebCore::PerformanceTiming::domainLookupEnd const): (WebCore::PerformanceTiming::connectStart const): (WebCore::PerformanceTiming::connectEnd const): (WebCore::PerformanceTiming::secureConnectionStart const): (WebCore::PerformanceTiming::requestStart const): (WebCore::PerformanceTiming::responseStart const): * platform/network/NetworkLoadMetrics.h: * platform/network/ParsedContentRange.cpp: (WebCore::areContentRangeValuesValid): (WebCore::parseContentRange): (WebCore::ParsedContentRange::ParsedContentRange): (WebCore::ParsedContentRange::headerValue const): * platform/network/ParsedContentRange.h: (WebCore::ParsedContentRange::isValid const): (WebCore::ParsedContentRange::invalidValue): (WebCore::ParsedContentRange::MarkableTraits::isEmptyValue): (WebCore::ParsedContentRange::MarkableTraits::emptyValue): (WebCore::ParsedContentRange::ParsedContentRange): Deleted. * platform/network/ResourceHandle.h: * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::ResourceResponseBase): (WebCore::ResourceResponseBase::crossThreadData const): (WebCore::ResourceResponseBase::fromCrossThreadData): (WebCore::ResourceResponseBase::compare): * platform/network/ResourceResponseBase.h: (WebCore::ResourceResponseBase::deprecatedNetworkLoadMetricsOrNull const): (WebCore::ResourceResponseBase::setDeprecatedNetworkLoadMetrics): (WebCore::ResourceResponseBase::encode const): (WebCore::ResourceResponseBase::decode): (WebCore::ResourceResponseBase::deprecatedNetworkLoadMetrics const): Deleted. * platform/network/cf/ResourceResponse.h: (WebCore::ResourceResponse::ResourceResponse): * platform/network/cocoa/NetworkLoadMetrics.mm: (WebCore::copyTimingData): * platform/network/curl/CurlResourceHandleDelegate.cpp: (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): * platform/network/curl/ResourceResponse.h: * platform/network/curl/ResourceResponseCurl.cpp: (WebCore::ResourceResponse::setDeprecatedNetworkLoadMetrics): Deleted. * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::getConnectionTimingData): * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]): Source/WebKit: Add ArgumentCoder support for Box. * NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]): * NetworkProcess/soup/NetworkDataTaskSoup.cpp: (WebKit::NetworkDataTaskSoup::dispatchDidReceiveResponse): * Platform/IPC/ArgumentCoders.h: (IPC::ArgumentCoder>::encode): (IPC::ArgumentCoder>::decode): Tools: * TestWebKitAPI/Tests/WebCore/ParsedContentRange.cpp: (TestWebKitAPI::TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256632 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-14 Yusuke Suzuki NetworkLoadMetrics should be shared by multiple ResourceResponse instances https://bugs.webkit.org/show_bug.cgi?id=207747 Reviewed by Keith Miller. ResourceResponse is value data, and it is copied multiple times in various places, (1) to create a new ResourceResponse which has slightly different fields, or (1) to hold ResourceResponse even after loading finishes. For example, DocumentLoader has Vector to replay response dispatching in the case of loading from BackForwardCache. The problem is that ResourceResponse is very large: 440 bytes. While we sometimes copy ResourceResponse to modify some part of it, NetworkLoadMetrics is immutable. It is set when response is created, and is never changed. And NetworkLoadMetrics is large: sizeof(NetworkLoadMetrics) is 184 bytes. Given that we have multiple copies of ResourceResponse in WebCore, we should share NetworkLoadMetrics by them. This patch puts Box in ResourceResponse to share it with all copied ResourceResponses. We do not make NetworkLoadMetrics RefCounted<> for now since some legit data structures embed NetworkLoadMetrics. This patch adds ArgumentCoder for Box so that we can encode / decode Box in ResourceResponse in IPC. To ensure NetworkLoadMetrics in ResourceResponse immutable, we add ResourceResponse::setDeprecatedNetworkLoadMetrics instead of modifying NetworkLoadMetrics already created in ResourceResponse. We also attempt to compact ResourceResponse more by using bit-fields. And removing m_isValid field in ParsedContentRange since this can be represented by the different field. These changes make sizeof(ResourceResponse) from 440 to 248. No behavior change. * inspector/agents/InspectorNetworkAgent.cpp: (WebCore::InspectorNetworkAgent::buildObjectForTiming): (WebCore::InspectorNetworkAgent::buildObjectForResourceResponse): * inspector/agents/InspectorNetworkAgent.h: * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::loadRequest): * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didFinishLoading): * page/PerformanceTiming.cpp: (WebCore::PerformanceTiming::domainLookupStart const): (WebCore::PerformanceTiming::domainLookupEnd const): (WebCore::PerformanceTiming::connectStart const): (WebCore::PerformanceTiming::connectEnd const): (WebCore::PerformanceTiming::secureConnectionStart const): (WebCore::PerformanceTiming::requestStart const): (WebCore::PerformanceTiming::responseStart const): * platform/network/NetworkLoadMetrics.h: * platform/network/ParsedContentRange.cpp: (WebCore::areContentRangeValuesValid): (WebCore::parseContentRange): (WebCore::ParsedContentRange::ParsedContentRange): (WebCore::ParsedContentRange::headerValue const): * platform/network/ParsedContentRange.h: (WebCore::ParsedContentRange::isValid const): (WebCore::ParsedContentRange::invalidValue): (WebCore::ParsedContentRange::MarkableTraits::isEmptyValue): (WebCore::ParsedContentRange::MarkableTraits::emptyValue): (WebCore::ParsedContentRange::ParsedContentRange): Deleted. * platform/network/ResourceHandle.h: * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::ResourceResponseBase): (WebCore::ResourceResponseBase::crossThreadData const): (WebCore::ResourceResponseBase::fromCrossThreadData): (WebCore::ResourceResponseBase::compare): * platform/network/ResourceResponseBase.h: (WebCore::ResourceResponseBase::deprecatedNetworkLoadMetricsOrNull const): (WebCore::ResourceResponseBase::setDeprecatedNetworkLoadMetrics): (WebCore::ResourceResponseBase::encode const): (WebCore::ResourceResponseBase::decode): (WebCore::ResourceResponseBase::deprecatedNetworkLoadMetrics const): Deleted. * platform/network/cf/ResourceResponse.h: (WebCore::ResourceResponse::ResourceResponse): * platform/network/cocoa/NetworkLoadMetrics.mm: (WebCore::copyTimingData): * platform/network/curl/CurlResourceHandleDelegate.cpp: (WebCore::CurlResourceHandleDelegate::curlDidReceiveResponse): * platform/network/curl/ResourceResponse.h: * platform/network/curl/ResourceResponseCurl.cpp: (WebCore::ResourceResponse::setDeprecatedNetworkLoadMetrics): Deleted. * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::getConnectionTimingData): * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm: (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]): 2020-02-17 Alan Coon Cherry-pick r256610. rdar://problem/59478918 [Web Animations] Make all animation event types inherit from the same base class https://bugs.webkit.org/show_bug.cgi?id=207629 Reviewed by Simon Fraser. Currently we dispatch events CSS Transitions and CSS Animations events using a dedicated event queue on DeclarativeAnimation, while the events added by the Web Animations specification (of type AnimationPlaybackEvent) are dispatched using a shared queue on the DocumentTimeline that is processed during the "update animations and send events procedure". The Web Animations specification dictates that all events should be dispatched during that procedure, which includes sorting of such events based on their timeline time and associated animation relative composite order. In this patch, we prepare the work towards spec compliance for animation events dispatch by making all event types (AnimationPlaybackEvent, TransitionEvent and AnimationEvent) inherit from a single AnimationEventBase interface. This will allow DocumentTimeline to enqueue, sort and dispatch all such events with a single queue in a future patch. Due to CSSAnimationController, we must make the "timeline time" and "animation" parameters optional. When we drop support for CSSAnimationController we'll be able to enforce stronger requirements for these. No new test since this should not introduce any behavior change. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * animation/AnimationEventBase.cpp: Added. (WebCore::AnimationEventBase::AnimationEventBase): * animation/AnimationEventBase.h: Added. (WebCore::AnimationEventBase::create): (WebCore::AnimationEventBase::isAnimationPlaybackEvent const): (WebCore::AnimationEventBase::isAnimationEvent const): (WebCore::AnimationEventBase::isTransitionEvent const): (WebCore::AnimationEventBase::timelineTime const): (WebCore::AnimationEventBase::animation const): * animation/AnimationPlaybackEvent.cpp: (WebCore::AnimationPlaybackEvent::AnimationPlaybackEvent): (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const): * animation/AnimationPlaybackEvent.h: * animation/CSSAnimation.cpp: (WebCore::CSSAnimation::createEvent): * animation/CSSAnimation.h: * animation/CSSTransition.cpp: (WebCore::CSSTransition::createEvent): * animation/CSSTransition.h: * animation/DeclarativeAnimation.cpp: (WebCore::DeclarativeAnimation::enqueueDOMEvent): * animation/DeclarativeAnimation.h: * animation/WebAnimation.cpp: (WebCore::WebAnimation::enqueueAnimationPlaybackEvent): * dom/AnimationEvent.cpp: (WebCore::AnimationEvent::AnimationEvent): * dom/AnimationEvent.h: * dom/TransitionEvent.cpp: (WebCore::TransitionEvent::TransitionEvent): * dom/TransitionEvent.h: * page/animation/CSSAnimationController.cpp: (WebCore::CSSAnimationControllerPrivate::fireEventsAndUpdateStyle): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256610 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-14 Antoine Quint [Web Animations] Make all animation event types inherit from the same base class https://bugs.webkit.org/show_bug.cgi?id=207629 Reviewed by Simon Fraser. Currently we dispatch events CSS Transitions and CSS Animations events using a dedicated event queue on DeclarativeAnimation, while the events added by the Web Animations specification (of type AnimationPlaybackEvent) are dispatched using a shared queue on the DocumentTimeline that is processed during the "update animations and send events procedure". The Web Animations specification dictates that all events should be dispatched during that procedure, which includes sorting of such events based on their timeline time and associated animation relative composite order. In this patch, we prepare the work towards spec compliance for animation events dispatch by making all event types (AnimationPlaybackEvent, TransitionEvent and AnimationEvent) inherit from a single AnimationEventBase interface. This will allow DocumentTimeline to enqueue, sort and dispatch all such events with a single queue in a future patch. Due to CSSAnimationController, we must make the "timeline time" and "animation" parameters optional. When we drop support for CSSAnimationController we'll be able to enforce stronger requirements for these. No new test since this should not introduce any behavior change. * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * animation/AnimationEventBase.cpp: Added. (WebCore::AnimationEventBase::AnimationEventBase): * animation/AnimationEventBase.h: Added. (WebCore::AnimationEventBase::create): (WebCore::AnimationEventBase::isAnimationPlaybackEvent const): (WebCore::AnimationEventBase::isAnimationEvent const): (WebCore::AnimationEventBase::isTransitionEvent const): (WebCore::AnimationEventBase::timelineTime const): (WebCore::AnimationEventBase::animation const): * animation/AnimationPlaybackEvent.cpp: (WebCore::AnimationPlaybackEvent::AnimationPlaybackEvent): (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const): * animation/AnimationPlaybackEvent.h: * animation/CSSAnimation.cpp: (WebCore::CSSAnimation::createEvent): * animation/CSSAnimation.h: * animation/CSSTransition.cpp: (WebCore::CSSTransition::createEvent): * animation/CSSTransition.h: * animation/DeclarativeAnimation.cpp: (WebCore::DeclarativeAnimation::enqueueDOMEvent): * animation/DeclarativeAnimation.h: * animation/WebAnimation.cpp: (WebCore::WebAnimation::enqueueAnimationPlaybackEvent): * dom/AnimationEvent.cpp: (WebCore::AnimationEvent::AnimationEvent): * dom/AnimationEvent.h: * dom/TransitionEvent.cpp: (WebCore::TransitionEvent::TransitionEvent): * dom/TransitionEvent.h: * page/animation/CSSAnimationController.cpp: (WebCore::CSSAnimationControllerPrivate::fireEventsAndUpdateStyle): 2020-02-17 Alan Coon Cherry-pick r256513. rdar://problem/59446986 REGRESSION (r255037): Zooming in and out on Quip in macOS Safari can cause the content to be offset to the side https://bugs.webkit.org/show_bug.cgi?id=207674 rdar://problem/59404866 Reviewed by Antti Koivisto. Source/WebCore: Remove the early return in ScrollingStateScrollingNode::setRequestedScrollData(); comparing with the last m_requestedScrollData is wrong, because requested scroll positions are not "state" in the scrolling tree, they are requests to scroll. Ideally, they would be represented in some different way in the scrolling tree. Test: fast/scrolling/programmatic-scroll-to-zero-zero.html * page/scrolling/ScrollingStateScrollingNode.cpp: (WebCore::ScrollingStateScrollingNode::setRequestedScrollData): LayoutTests: Test that does a programmatic scroll to 0,0, does a user scroll, then a second programmatic scroll to 0,0, which is expected to work. * fast/scrolling/programmatic-scroll-to-zero-zero-expected.html: Added. * fast/scrolling/programmatic-scroll-to-zero-zero.html: Added. * platform/ios/TestExpectations: Skip the new test on iOS (it relies on eventSender) and sort the grouping. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256513 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-13 Simon Fraser REGRESSION (r255037): Zooming in and out on Quip in macOS Safari can cause the content to be offset to the side https://bugs.webkit.org/show_bug.cgi?id=207674 rdar://problem/59404866 Reviewed by Antti Koivisto. Remove the early return in ScrollingStateScrollingNode::setRequestedScrollData(); comparing with the last m_requestedScrollData is wrong, because requested scroll positions are not "state" in the scrolling tree, they are requests to scroll. Ideally, they would be represented in some different way in the scrolling tree. Test: fast/scrolling/programmatic-scroll-to-zero-zero.html * page/scrolling/ScrollingStateScrollingNode.cpp: (WebCore::ScrollingStateScrollingNode::setRequestedScrollData): 2020-02-17 Alan Coon Cherry-pick r256400. rdar://problem/59446986 Unreviewed, partial rollout of r255037. * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::computeLayerPosition const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256400 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-11 Ryan Haddad Unreviewed, partial rollout of r255037. * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::computeLayerPosition const): 2020-02-17 Alan Coon Cherry-pick r255037. rdar://problem/59446986 Fixed elements no longer stay fixed with elastic overscroll https://bugs.webkit.org/show_bug.cgi?id=206227 rdar://problem/58707084 Reviewed by Antti Koivisto. Source/WebCore: Intended behavior on iOS and macOS is for position:fixed and sticky elements to maintain their position relative to the view bounds when rubber-banding ("overscrolling"). This broke some time back. This change restores the correct behavior with the call to layoutViewportRespectingRubberBanding() in ScrollingTreeFixedNode::applyLayerPositions() and ScrollingTreeStickyNode::computeLayerPosition(). layoutViewportRespectingRubberBanding() computes a layout viewport without clamping. The rest of the changes are to support testing. internals.unconstrainedScrollTo() didn't work for main frame scrolling because of scroll position clamping in various places, so propagate ScrollClamping in more places (and replace the redundant ScrollPositionClamp with ScrollClamping). "requested scroll position" updates now carry along both clamping and "is programmatic" data, wrapped in a struct which is passed around the scrolling tree. This allows us to not clamp the scroll position (for testing) in more places. Internals::unconstrainedScrollTo() needs one weird hack to trigger a layout (and thus a scrolling tree commit), because the layout is normally triggered by a layout viewport change, but when rubber-banding we clamp the layoutViewport used for layout, so those layouts are never triggered. Tests: tiled-drawing/scrolling/fixed/fixed-during-rubberband.html tiled-drawing/scrolling/sticky/sticky-during-rubberband.html * Sources.txt: * WebCore.xcodeproj/project.pbxproj: * dom/Element.cpp: (WebCore::Element::scrollTo): * page/DOMWindow.cpp: (WebCore::DOMWindow::scrollTo const): * page/FrameView.cpp: (WebCore::FrameView::setScrollPosition): (WebCore::FrameView::requestScrollPositionUpdate): * page/FrameView.h: * page/scrolling/AsyncScrollingCoordinator.cpp: (WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate): * page/scrolling/AsyncScrollingCoordinator.h: * page/scrolling/ScrollingCoordinator.cpp: * page/scrolling/ScrollingCoordinator.h: (WebCore::ScrollingCoordinator::requestScrollPositionUpdate): * page/scrolling/ScrollingStateScrollingNode.cpp: (WebCore::ScrollingStateScrollingNode::ScrollingStateScrollingNode): (WebCore::ScrollingStateScrollingNode::setRequestedScrollData): (WebCore::ScrollingStateScrollingNode::dumpProperties const): (WebCore::ScrollingStateScrollingNode::setRequestedScrollPosition): Deleted. * page/scrolling/ScrollingStateScrollingNode.h: (WebCore::RequestedScrollData::operator== const): (WebCore::ScrollingStateScrollingNode::requestedScrollData const): (WebCore::ScrollingStateScrollingNode::requestedScrollPosition const): Deleted. (WebCore::ScrollingStateScrollingNode::requestedScrollPositionRepresentsProgrammaticScroll const): Deleted. * page/scrolling/ScrollingTree.h: (WebCore::ScrollingTree::scrollingTreeNodeRequestsScroll): * page/scrolling/ScrollingTreeFrameScrollingNode.cpp: (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportForScrollPosition const): (WebCore::ScrollingTreeFrameScrollingNode::layoutViewportRespectingRubberBanding const): * page/scrolling/ScrollingTreeFrameScrollingNode.h: * page/scrolling/ScrollingTreeScrollingNode.cpp: (WebCore::ScrollingTreeScrollingNode::commitStateAfterChildren): (WebCore::ScrollingTreeScrollingNode::adjustedScrollPosition const): (WebCore::ScrollingTreeScrollingNode::scrollBy): (WebCore::ScrollingTreeScrollingNode::scrollTo): (WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling): * page/scrolling/ScrollingTreeScrollingNode.h: * page/scrolling/cocoa/ScrollingTreeFixedNode.mm: (WebCore::ScrollingTreeFixedNode::applyLayerPositions): * page/scrolling/cocoa/ScrollingTreeStickyNode.mm: (WebCore::ScrollingTreeStickyNode::computeLayerPosition const): * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm: (WebCore::ScrollingTreeFrameScrollingNodeMac::commitStateAfterChildren): (WebCore::ScrollingTreeFrameScrollingNodeMac::adjustedScrollPosition const): * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.h: * page/scrolling/mac/ScrollingTreeOverflowScrollingNodeMac.mm: (WebCore::ScrollingTreeOverflowScrollingNodeMac::commitStateAfterChildren): (WebCore::ScrollingTreeOverflowScrollingNodeMac::adjustedScrollPosition const): * page/scrolling/mac/ScrollingTreeScrollingNodeDelegateMac.mm: (WebCore::ScrollingTreeScrollingNodeDelegateMac::immediateScrollByWithoutContentEdgeConstraints): * platform/ScrollTypes.cpp: Added. (WebCore::operator<<): * platform/ScrollTypes.h: * platform/ScrollView.cpp: (WebCore::ScrollView::setContentsScrollPosition): (WebCore::ScrollView::setScrollPosition): * platform/ScrollView.h: * platform/ScrollableArea.cpp: (WebCore::ScrollableArea::setScrollOffsetFromAnimation): * platform/ScrollableArea.h: (WebCore::ScrollableArea::requestScrollPositionUpdate): * rendering/RenderLayer.cpp: (WebCore::RenderLayer::scrollToOffset): * testing/Internals.cpp: (WebCore::Internals::unconstrainedScrollTo): Source/WebKit: Intended behavior on iOS and macOS is for position:fixed and sticky elements to maintain their position relative to the view bounds when rubber-banding ("overscrolling"). This broke some time back. This change restores the correct behavior with the call to layoutViewportRespectingRubberBanding() in ScrollingTreeFixedNode::applyLayerPositions() and ScrollingTreeStickyNode::computeLayerPosition(). layoutViewportRespectingRubberBanding() computes a layout viewport without clamping. The rest of the changes are to support testing. internals.unconstrainedScrollTo() didn't work for main frame scrolling because of scroll position clamping in various places, so propagate ScrollClamping in more places (and replace the redundant ScrollPositionClamp with ScrollClamping). "requested scroll position" updates now carry along both clamping and "is programmatic" data, wrapped in a struct which is passed around the scrolling tree. This allows us to not clamp the scroll position (for testing) in more places. * Shared/RemoteLayerTree/RemoteScrollingCoordinatorTransaction.cpp: (ArgumentCoder::encode): (ArgumentCoder::decode): (ArgumentCoder::encode): (ArgumentCoder::decode): (WebKit::dump): * UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.cpp: (WebKit::RemoteScrollingCoordinatorProxy::scrollingTreeNodeRequestsScroll): * UIProcess/RemoteLayerTree/RemoteScrollingCoordinatorProxy.h: * UIProcess/RemoteLayerTree/RemoteScrollingTree.cpp: (WebKit::RemoteScrollingTree::scrollingTreeNodeRequestsScroll): * UIProcess/RemoteLayerTree/RemoteScrollingTree.h: * UIProcess/RemoteLayerTree/ios/ScrollingTreeFrameScrollingNodeRemoteIOS.mm: (WebKit::ScrollingTreeFrameScrollingNodeRemoteIOS::commitStateAfterChildren): * UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm: (WebKit::ScrollingTreeScrollingNodeDelegateIOS::commitStateAfterChildren): LayoutTests: * tiled-drawing/scrolling/fixed/fixed-during-rubberband-expected.html: Added. * tiled-drawing/scrolling/fixed/fixed-during-rubberband.html: Added. * tiled-drawing/scrolling/sticky/sticky-during-rubberband-expected.html: Added. * tiled-drawing/scrolling/sticky/sticky-during-rubberband.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255037 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-17 Alan Coon Cherry-pick r256191. rdar://problem/59447003 Disallow setting base URL to a data or JavaScript URL https://bugs.webkit.org/show_bug.cgi?id=207136 Source/WebCore: Reviewed by Brent Fulgham. Inspired by . Block setting the base URL to a data URL or JavaScript URL as such usage is questionable. This makes WebKit match the behavior of Chrome and Firefox and is in the spirit of the discussion in . On Mac and iOS, this restriction is applied only to apps linked against a future SDK to avoid breaking shipped apps. For all other ports, this restriction is enabled by default. Tests: fast/url/relative2.html fast/url/segments-from-data-url2.html http/tests/security/allowed-base-url-data-url-via-setting.html http/tests/security/denied-base-url-data-url.html http/tests/security/denied-base-url-javascript-url.html * dom/Document.cpp: (WebCore::Document::processBaseElement): Condition updating the parsed base URL on whether is has an allowed scheme, if restrictions are enabled. Otherwise, do what we do now. If the scheme is disallowed then log a message to the console to explain this to web developers. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::scan): Pass whether to apply restrictons to the base URL to updatePredictedBaseURL(). This depends on whether the setting is enabled or not. (WebCore::TokenPreloadScanner::updatePredictedBaseURL): Modifed to take a boolean as to whether to apply restrictions. If restrictions are not to be applied do what we do now. Otherwise, only do what we do now if the scheme for the predicated base URL is allowed. * html/parser/HTMLPreloadScanner.h: * page/SecurityPolicy.cpp: (WebCore::SecurityPolicy::isBaseURLSchemeAllowed): Added. * page/SecurityPolicy.h: * page/Settings.yaml: Add a setting to toggle restrictions on the base URL scheme. Source/WebKit: Reviewed by Brent Fulgham. Apply base URL restrictions to apps linked to a future WebKit to avoid breaking existing apps. * Shared/WebPreferences.yaml: * UIProcess/API/Cocoa/WKWebView.mm: (shouldRestrictBaseURLSchemes): Added. (-[WKWebView _setupPageConfiguration:]): Update settings. * UIProcess/Cocoa/VersionChecks.h: Source/WebKitLegacy/mac: Reviewed by Brent Fulgham. Apply base URL restrictions to apps linked to a future WebKit to avoid breaking existing apps. * Misc/WebKitVersionChecks.h: * WebView/WebView.mm: (shouldRestrictBaseURLSchemes): Added. (-[WebView _commonInitializationWithFrameName:groupName:]): Update settings. Source/WTF: Reviewed by Brent Fulgham. Add some more macro definitions. * wtf/spi/darwin/dyldSPI.h: LayoutTests: RReviewed by Brent Fulgham. Add some tests. Update others to toggle the setting to apply or unapply the new behavior. The test denied-base-url-javascript-url.html is derived from the test base-url-javascript.html, included in . * fast/url/relative-expected.txt: * fast/url/relative.html: * fast/url/relative2-expected.txt: Copied from LayoutTests/fast/url/relative-expected.txt. * fast/url/relative2.html: Copied from LayoutTests/fast/url/relative.html. * fast/url/resources/utilities.js: (setShouldEllipsizeFileURLPaths): Added. Toggles ellipsizing the path portion of a file URL to simplify matching. Otherwise, file URLs could be machine-specific. (canonicalizedPathname): Added. (segments): Modified to optionally call canonicalizedPathname. (canonicalize): Ditto. * fast/url/segments-from-data-url-expected.txt: * fast/url/segments-from-data-url.html: * fast/url/segments-from-data-url2-expected.txt: Copied from LayoutTests/fast/url/segments-from-data-url-expected.txt. * fast/url/segments-from-data-url2.html: Copied from LayoutTests/fast/url/segments-from-data-url.html. * fetch/fetch-url-serialization-expected.txt: * http/tests/plugins/navigation-during-load-embed.html: * http/tests/plugins/navigation-during-load.html: * http/tests/security/allowed-base-url-data-url-via-setting-expected.txt: Added. * http/tests/security/allowed-base-url-data-url-via-setting.html: Added. * http/tests/security/denied-base-url-data-url-expected.txt: Added. * http/tests/security/denied-base-url-data-url.html: Added. * http/tests/security/denied-base-url-javascript-url-expected.txt: Added. * http/tests/security/denied-base-url-javascript-url.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256191 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-10 Daniel Bates Disallow setting base URL to a data or JavaScript URL https://bugs.webkit.org/show_bug.cgi?id=207136 Reviewed by Brent Fulgham. Inspired by . Block setting the base URL to a data URL or JavaScript URL as such usage is questionable. This makes WebKit match the behavior of Chrome and Firefox and is in the spirit of the discussion in . On Mac and iOS, this restriction is applied only to apps linked against a future SDK to avoid breaking shipped apps. For all other ports, this restriction is enabled by default. Tests: fast/url/relative2.html fast/url/segments-from-data-url2.html http/tests/security/allowed-base-url-data-url-via-setting.html http/tests/security/denied-base-url-data-url.html http/tests/security/denied-base-url-javascript-url.html * dom/Document.cpp: (WebCore::Document::processBaseElement): Condition updating the parsed base URL on whether is has an allowed scheme, if restrictions are enabled. Otherwise, do what we do now. If the scheme is disallowed then log a message to the console to explain this to web developers. * html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::scan): Pass whether to apply restrictons to the base URL to updatePredictedBaseURL(). This depends on whether the setting is enabled or not. (WebCore::TokenPreloadScanner::updatePredictedBaseURL): Modifed to take a boolean as to whether to apply restrictions. If restrictions are not to be applied do what we do now. Otherwise, only do what we do now if the scheme for the predicated base URL is allowed. * html/parser/HTMLPreloadScanner.h: * page/SecurityPolicy.cpp: (WebCore::SecurityPolicy::isBaseURLSchemeAllowed): Added. * page/SecurityPolicy.h: * page/Settings.yaml: Add a setting to toggle restrictions on the base URL scheme. 2020-02-17 Alan Coon Revert r256693. rdar://problem/59478981 2020-02-17 Alex Christensen Fix build after r256689 * css/StyleProperties.h: Add missing include that wasn't on the branch. 2020-02-14 Russell Epstein Cherry-pick r256636. rdar://problem/59478734 [Web Animations] Missing call to DocumentTimeline::resumeAnimations() in Frame::resumeActiveDOMObjectsAndAnimations() https://bugs.webkit.org/show_bug.cgi?id=207784 Patch by Antoine Quint on 2020-02-14 Reviewed by Dean Jackson. After auditing the code, there was one call to CSSAnimationController::resumeAnimationsForDocument() that missed a matching DocumentTimeline::resumeAnimations() call should the Web Animations flag be on. * page/Frame.cpp: (WebCore::Frame::resumeActiveDOMObjectsAndAnimations): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256636 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-14 Antoine Quint [Web Animations] Missing call to DocumentTimeline::resumeAnimations() in Frame::resumeActiveDOMObjectsAndAnimations() https://bugs.webkit.org/show_bug.cgi?id=207784 Reviewed by Dean Jackson. After auditing the code, there was one call to CSSAnimationController::resumeAnimationsForDocument() that missed a matching DocumentTimeline::resumeAnimations() call should the Web Animations flag be on. * page/Frame.cpp: (WebCore::Frame::resumeActiveDOMObjectsAndAnimations): 2020-02-14 Russell Epstein Cherry-pick r256623. rdar://problem/59478938 Ensure animations that lose their effect don't schedule an animation update https://bugs.webkit.org/show_bug.cgi?id=207713 rdar://59174840 Patch by Sunny He on 2020-02-14 Reviewed by Antoine Quint. Source/WebCore: An active animation for which the effect is removed may be considered for an upcoming animation resolution. However, WebAnimation::timeToNextTick() expects a valid effect to be available to be able to determine timing. We now check an animation is relevant before calling timeToNextTick() and add an ASSERT() in that function to catch cases where an animation effect might not be available. Source/WebCore: Test: webanimations/animation-null-effect.html * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::scheduleNextTick): * animation/WebAnimation.cpp: (WebCore::WebAnimation::timeToNextTick const): LayoutTests: * webanimations/animation-null-effect-expected.txt: Added. * webanimations/animation-null-effect.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256623 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-14 Sunny He Ensure animations that lose their effect don't schedule an animation update https://bugs.webkit.org/show_bug.cgi?id=207713 rdar://59174840 Reviewed by Antoine Quint. Source/WebCore: An active animation for which the effect is removed may be considered for an upcoming animation resolution. However, WebAnimation::timeToNextTick() expects a valid effect to be available to be able to determine timing. We now check an animation is relevant before calling timeToNextTick() and add an ASSERT() in that function to catch cases where an animation effect might not be available. Test: webanimations/animation-null-effect.html * animation/DocumentTimeline.cpp: (WebCore::DocumentTimeline::scheduleNextTick): * animation/WebAnimation.cpp: (WebCore::WebAnimation::timeToNextTick const): 2020-02-14 Russell Epstein Cherry-pick r256580. rdar://problem/59478981 Dark Mode: In Notes, list item becomes invisible in dark mode after outdenting https://bugs.webkit.org/show_bug.cgi?id=207676 Reviewed by Wenson Hsieh and Timothy Hatcher. Source/WebCore: The bug was caused by EditingStyle::inverseTransformColorIfNeeded converting -apple-system-label to transparent color in ReplaceSelectionCommand when InsertListCommand invokes moveParagraphs. This patch fixes the bug in EditingStyle::inverseTransformColorIfNeeded by treating any semantic color name or semantic RGB color value as if the color was not specified. It also fixes the bug that removeStyleFromRulesAndContext was incapable of removing superflous semantic color names that appear in the inline since the context's computed style only contain RGB values by replacing the inline style's color values with that of the computed style. This fix is necessary to eliminate -apple-system-label in the pasted content, which can cause issues when such a content is sync'ed to other devices via iCloud, etc... Tests: PasteHTML.TransformColorsOfDarkContentButNotSemanticColor PasteHTML.DoesNotTransformColorsOfLightContentDuringOutdent * editing/EditingStyle.cpp: (WebCore::EditingStyle::removeStyleFromRulesAndContext): (WebCore::EditingStyle::inverseTransformColorIfNeeded): Tools: Added regression tests for pasting content with -apple-system-label and outdenting content. * TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm: (PasteHTML.TransformColorsOfDarkContentButNotSemanticColor): (PasteHTML.DoesNotTransformColorsOfLightContentDuringOutdent): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256580 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-13 Ryosuke Niwa Dark Mode: In Notes, list item becomes invisible in dark mode after outdenting https://bugs.webkit.org/show_bug.cgi?id=207676 Reviewed by Wenson Hsieh and Timothy Hatcher. The bug was caused by EditingStyle::inverseTransformColorIfNeeded converting -apple-system-label to transparent color in ReplaceSelectionCommand when InsertListCommand invokes moveParagraphs. This patch fixes the bug in EditingStyle::inverseTransformColorIfNeeded by treating any semantic color name or semantic RGB color value as if the color was not specified. It also fixes the bug that removeStyleFromRulesAndContext was incapable of removing superflous semantic color names that appear in the inline since the context's computed style only contain RGB values by replacing the inline style's color values with that of the computed style. This fix is necessary to eliminate -apple-system-label in the pasted content, which can cause issues when such a content is sync'ed to other devices via iCloud, etc... Tests: PasteHTML.TransformColorsOfDarkContentButNotSemanticColor PasteHTML.DoesNotTransformColorsOfLightContentDuringOutdent * editing/EditingStyle.cpp: (WebCore::EditingStyle::removeStyleFromRulesAndContext): (WebCore::EditingStyle::inverseTransformColorIfNeeded): 2020-02-14 Russell Epstein Cherry-pick r256482. rdar://problem/59478881 Shrink CachedResource https://bugs.webkit.org/show_bug.cgi?id=207618 Reviewed by Mark Lam. Source/WebCore: This patch shrinks sizeof(CachedResource) by 80 bytes by aggressively using bit-fields and Markable<>. For each enum class, we define `bitsOfXXX` value, which indicates # of bits to represent it. And using this value for bit-field's width. No behavior change. * loader/FetchOptions.h: (WebCore::FetchOptions::encode const): * loader/ResourceLoaderOptions.h: (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): (WebCore::ResourceLoaderOptions::loadedFromOpaqueSource): * loader/cache/CachedImage.cpp: (WebCore::CachedImage::CachedImage): (WebCore::CachedImage::shouldDeferUpdateImageData const): (WebCore::CachedImage::didUpdateImageData): * loader/cache/CachedImage.h: * loader/cache/CachedResource.cpp: (WebCore::CachedResource::CachedResource): (WebCore::CachedResource::load): (WebCore::CachedResource::finish): * loader/cache/CachedResource.h: (WebCore::CachedResource::setStatus): * page/csp/ContentSecurityPolicyResponseHeaders.h: (WebCore::ContentSecurityPolicyResponseHeaders::MarkableTraits::isEmptyValue): (WebCore::ContentSecurityPolicyResponseHeaders::MarkableTraits::emptyValue): (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): * platform/network/NetworkLoadMetrics.h: (WebCore::NetworkLoadMetrics::isolatedCopy const): (WebCore::NetworkLoadMetrics::clearNonTimingData): (WebCore::NetworkLoadMetrics::operator== const): (WebCore::NetworkLoadMetrics::encode const): (WebCore::NetworkLoadMetrics::decode): * platform/network/ResourceLoadPriority.h: * platform/network/ResourceRequestBase.h: (WebCore::ResourceRequestBase::ResourceRequestBase): * platform/network/ResourceResponseBase.h: * platform/network/StoredCredentialsPolicy.h: Source/WTF: * wtf/Markable.h: (WTF::Markable::asOptional const): Add helper method to get Optional easily from Markable. * wtf/ObjectIdentifier.h: (WTF::ObjectIdentifier::MarkableTraits::isEmptyValue): (WTF::ObjectIdentifier::MarkableTraits::emptyValue): (WTF::ObjectIdentifier::ObjectIdentifier): Add MarkableTraits for ObjectIdentifier. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256482 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Yusuke Suzuki Shrink CachedResource https://bugs.webkit.org/show_bug.cgi?id=207618 Reviewed by Mark Lam. This patch shrinks sizeof(CachedResource) by 80 bytes by aggressively using bit-fields and Markable<>. For each enum class, we define `bitsOfXXX` value, which indicates # of bits to represent it. And using this value for bit-field's width. No behavior change. * loader/FetchOptions.h: (WebCore::FetchOptions::encode const): * loader/ResourceLoaderOptions.h: (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): (WebCore::ResourceLoaderOptions::loadedFromOpaqueSource): * loader/cache/CachedImage.cpp: (WebCore::CachedImage::CachedImage): (WebCore::CachedImage::shouldDeferUpdateImageData const): (WebCore::CachedImage::didUpdateImageData): * loader/cache/CachedImage.h: * loader/cache/CachedResource.cpp: (WebCore::CachedResource::CachedResource): (WebCore::CachedResource::load): (WebCore::CachedResource::finish): * loader/cache/CachedResource.h: (WebCore::CachedResource::setStatus): * page/csp/ContentSecurityPolicyResponseHeaders.h: (WebCore::ContentSecurityPolicyResponseHeaders::MarkableTraits::isEmptyValue): (WebCore::ContentSecurityPolicyResponseHeaders::MarkableTraits::emptyValue): (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): * platform/network/NetworkLoadMetrics.h: (WebCore::NetworkLoadMetrics::isolatedCopy const): (WebCore::NetworkLoadMetrics::clearNonTimingData): (WebCore::NetworkLoadMetrics::operator== const): (WebCore::NetworkLoadMetrics::encode const): (WebCore::NetworkLoadMetrics::decode): * platform/network/ResourceLoadPriority.h: * platform/network/ResourceRequestBase.h: (WebCore::ResourceRequestBase::ResourceRequestBase): * platform/network/ResourceResponseBase.h: * platform/network/StoredCredentialsPolicy.h: 2020-02-14 Russell Epstein Cherry-pick r256423. rdar://problem/59478731 Compress ImmutableStyleProperties by using PackedPtr https://bugs.webkit.org/show_bug.cgi?id=207604 Reviewed by Mark Lam. ImmutableStyleProperties is kept so long and consumes enough memory. We already attempted to compact it by storing CSSProperty's members separately. But we can compact further by using PackedPtr. This patch makes, 1. Use PackedPtr for CSSValue* in ImmutableStyleProperties so that we can cut some bytes 2. Reorder CSSValue* and StylePropertyMetadata arrays since StylePropertyMetadata requires alignment while PackedPtr is not. No behavior change. * css/StyleProperties.cpp: (WebCore::sizeForImmutableStylePropertiesWithPropertyCount): (WebCore::ImmutableStyleProperties::ImmutableStyleProperties): (WebCore::ImmutableStyleProperties::~ImmutableStyleProperties): (WebCore::ImmutableStyleProperties::findCustomPropertyIndex const): * css/StyleProperties.h: (WebCore::ImmutableStyleProperties::valueArray const): (WebCore::ImmutableStyleProperties::metadataArray const): (WebCore::ImmutableStyleProperties::propertyAt const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256423 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-11 Yusuke Suzuki Compress ImmutableStyleProperties by using PackedPtr https://bugs.webkit.org/show_bug.cgi?id=207604 Reviewed by Mark Lam. ImmutableStyleProperties is kept so long and consumes enough memory. We already attempted to compact it by storing CSSProperty's members separately. But we can compact further by using PackedPtr. This patch makes, 1. Use PackedPtr for CSSValue* in ImmutableStyleProperties so that we can cut some bytes 2. Reorder CSSValue* and StylePropertyMetadata arrays since StylePropertyMetadata requires alignment while PackedPtr is not. No behavior change. * css/StyleProperties.cpp: (WebCore::sizeForImmutableStylePropertiesWithPropertyCount): (WebCore::ImmutableStyleProperties::ImmutableStyleProperties): (WebCore::ImmutableStyleProperties::~ImmutableStyleProperties): (WebCore::ImmutableStyleProperties::findCustomPropertyIndex const): * css/StyleProperties.h: (WebCore::ImmutableStyleProperties::valueArray const): (WebCore::ImmutableStyleProperties::metadataArray const): (WebCore::ImmutableStyleProperties::propertyAt const): 2020-02-14 Russell Epstein Cherry-pick r254681. rdar://problem/59474790 [Win] Fix AppleWin build https://bugs.webkit.org/show_bug.cgi?id=206299 Reviewed by Brent Fulgham. .: This patch has been created by don.olmstead@sony.com and pvollan@apple.com. Add target files for WTF and JavaScriptCore. Also, to make sure headers are copied to the forwarding headers directory, add the CMake keywork ALL when adding custom target for copying files. * Source/cmake/TargetJavaScriptCore.cmake: Added. * Source/cmake/TargetWTF.cmake: Added. * Source/cmake/WebKitMacros.cmake: Source/JavaScriptCore: Include required target. Build internal builds with VS2019. * CMakeLists.txt: * JavaScriptCore.vcxproj/JavaScriptCore.proj: Source/WebCore: Include required targets. Build internal builds with VS2019. * CMakeLists.txt: * WebCore.vcxproj/WebCore.proj: Source/WebKitLegacy: Include required targets. Build internal builds with VS2019. * CMakeLists.txt: * WebKitLegacy.vcxproj/WebKitLegacy.proj: Source/WTF: Build internal builds with VS2019. * WTF.vcxproj/WTF.proj: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254681 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-01-16 Per Arne Vollan [Win] Fix AppleWin build https://bugs.webkit.org/show_bug.cgi?id=206299 Reviewed by Brent Fulgham. Include required targets. Build internal builds with VS2019. * CMakeLists.txt: * WebCore.vcxproj/WebCore.proj: 2020-02-14 Russell Epstein Cherry-pick r252849. rdar://problem/59446998 Crash in WebCore::ServiceWorkerRegistrationKey::hash() const https://bugs.webkit.org/show_bug.cgi?id=204497 Reviewed by Alex Christensen. Source/WebCore: Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a ServiceWorkerContainer that might have a job whose promise is not related to the same context. In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared. But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key. This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): * workers/service/ServiceWorkerRegistrationKey.h: (WebCore::ServiceWorkerRegistrationKey::encode const): Add release asserts to make sure we do not store/transfer empty registration keys. Source/WebKit: * WebProcess/Storage/WebSWClientConnection.cpp: (WebKit::WebSWClientConnection::scheduleJobInServer): Add a release assert to be able to further debug the crash. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@252849 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2019-11-25 Youenn Fablet Crash in WebCore::ServiceWorkerRegistrationKey::hash() const https://bugs.webkit.org/show_bug.cgi?id=204497 Reviewed by Alex Christensen. Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a ServiceWorkerContainer that might have a job whose promise is not related to the same context. In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared. But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key. This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): * workers/service/ServiceWorkerRegistrationKey.h: (WebCore::ServiceWorkerRegistrationKey::encode const): Add release asserts to make sure we do not store/transfer empty registration keys. 2020-02-14 Russell Epstein Cherry-pick r256494. rdar://problem/59446989 CSSValuePool's constant CSS values should not be allocated dynamically (and same for Vectors) https://bugs.webkit.org/show_bug.cgi?id=207666 Reviewed by Mark Lam. r252785 changes contents (CSSValues and Vectors) of CSSValuePool from static ones to dynamically allocated ones. This was done since we would like to use static CSSValues even in the other threads (workers etc.) for OffscreenCanvas feature. But this causes memory regression in Membuster since we allocates many CSSValues and large Vectors, and they are kept persistently. This patch removes dynamic allocation part of r252785 to recover memory regression. The key of this patch is introducing Static CSSValue feature. When incrementing / decrementing m_refCount of CSSValue, we add / subtract by 0x2. And we put 0x1 as a static-flag. So, even if this CSSValue is used by multiple threads, we never see that CSSValue gets 0 m_refCount if it is marked as static (having 0x1). This is the same design to our static StringImpl. No behavior change. * css/CSSInheritedValue.h: * css/CSSInitialValue.h: * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): * css/CSSPrimitiveValue.h: * css/CSSRevertValue.h: * css/CSSUnsetValue.h: * css/CSSValue.cpp: * css/CSSValue.h: (WebCore::CSSValue::ref const): (WebCore::CSSValue::hasOneRef const): (WebCore::CSSValue::refCount const): (WebCore::CSSValue::hasAtLeastOneRef const): (WebCore::CSSValue::deref): (WebCore::CSSValue::makeStatic): * css/CSSValuePool.cpp: (WebCore::StaticCSSValuePool::StaticCSSValuePool): (WebCore::StaticCSSValuePool::init): (WebCore::CSSValuePool::CSSValuePool): (WebCore::CSSValuePool::singleton): (WebCore::CSSValuePool::createIdentifierValue): (WebCore::CSSValuePool::createColorValue): (WebCore::CSSValuePool::createValue): * css/CSSValuePool.h: (WebCore::CSSValuePool::createInheritedValue): (WebCore::CSSValuePool::createImplicitInitialValue): (WebCore::CSSValuePool::createExplicitInitialValue): (WebCore::CSSValuePool::createUnsetValue): (WebCore::CSSValuePool::createRevertValue): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256494 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Yusuke Suzuki CSSValuePool's constant CSS values should not be allocated dynamically (and same for Vectors) https://bugs.webkit.org/show_bug.cgi?id=207666 Reviewed by Mark Lam. r252785 changes contents (CSSValues and Vectors) of CSSValuePool from static ones to dynamically allocated ones. This was done since we would like to use static CSSValues even in the other threads (workers etc.) for OffscreenCanvas feature. But this causes memory regression in Membuster since we allocates many CSSValues and large Vectors, and they are kept persistently. This patch removes dynamic allocation part of r252785 to recover memory regression. The key of this patch is introducing Static CSSValue feature. When incrementing / decrementing m_refCount of CSSValue, we add / subtract by 0x2. And we put 0x1 as a static-flag. So, even if this CSSValue is used by multiple threads, we never see that CSSValue gets 0 m_refCount if it is marked as static (having 0x1). This is the same design to our static StringImpl. No behavior change. * css/CSSInheritedValue.h: * css/CSSInitialValue.h: * css/CSSPrimitiveValue.cpp: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): * css/CSSPrimitiveValue.h: * css/CSSRevertValue.h: * css/CSSUnsetValue.h: * css/CSSValue.cpp: * css/CSSValue.h: (WebCore::CSSValue::ref const): (WebCore::CSSValue::hasOneRef const): (WebCore::CSSValue::refCount const): (WebCore::CSSValue::hasAtLeastOneRef const): (WebCore::CSSValue::deref): (WebCore::CSSValue::makeStatic): * css/CSSValuePool.cpp: (WebCore::StaticCSSValuePool::StaticCSSValuePool): (WebCore::StaticCSSValuePool::init): (WebCore::CSSValuePool::CSSValuePool): (WebCore::CSSValuePool::singleton): (WebCore::CSSValuePool::createIdentifierValue): (WebCore::CSSValuePool::createColorValue): (WebCore::CSSValuePool::createValue): * css/CSSValuePool.h: (WebCore::CSSValuePool::createInheritedValue): (WebCore::CSSValuePool::createImplicitInitialValue): (WebCore::CSSValuePool::createExplicitInitialValue): (WebCore::CSSValuePool::createUnsetValue): (WebCore::CSSValuePool::createRevertValue): 2020-02-14 Russell Epstein Cherry-pick r256474. rdar://problem/59446973 Web Inspector: inspector/cpu-profiler/threads.html is flaky crashing https://bugs.webkit.org/show_bug.cgi?id=207588 Reviewed by Yusuke Suzuki. * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::ResourceUsageThread::platformCollectCPUData): Use a fence to force Thread to be completely ready for use by other threads prior to storing it. Otherwise, ResourceUsageThread may see it too early. * workers/WorkerThread.cpp: (WebCore::WorkerThread::start): Ignore worker threads that are not fully initialized. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256474 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Brian Burg Web Inspector: inspector/cpu-profiler/threads.html is flaky crashing https://bugs.webkit.org/show_bug.cgi?id=207588 Reviewed by Yusuke Suzuki. * page/cocoa/ResourceUsageThreadCocoa.mm: (WebCore::ResourceUsageThread::platformCollectCPUData): Use a fence to force Thread to be completely ready for use by other threads prior to storing it. Otherwise, ResourceUsageThread may see it too early. * workers/WorkerThread.cpp: (WebCore::WorkerThread::start): Ignore worker threads that are not fully initialized. 2020-02-14 Russell Epstein Cherry-pick r256470. rdar://problem/59446998 ServiceWorkerContainer::jobResolvedWithRegistration scopeExit should capture all lambda parameters by value https://bugs.webkit.org/show_bug.cgi?id=207657 Reviewed by Chris Dumez. shouldNotifyWhenResolved is captured by reference in the notifyIfExitEarly ScopeExit lambda. The ScopeExit is not always called synchronously so it is unsafe to capture values by reference here. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256470 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Youenn Fablet ServiceWorkerContainer::jobResolvedWithRegistration scopeExit should capture all lambda parameters by value https://bugs.webkit.org/show_bug.cgi?id=207657 Reviewed by Chris Dumez. shouldNotifyWhenResolved is captured by reference in the notifyIfExitEarly ScopeExit lambda. The ScopeExit is not always called synchronously so it is unsafe to capture values by reference here. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): 2020-02-14 Russell Epstein Cherry-pick r256447. rdar://problem/59446998 RELEASE_ASSERT() under WebSWClientConnection::didResolveRegistrationPromise() https://bugs.webkit.org/show_bug.cgi?id=207637 Reviewed by Youenn Fablet. We were capturing data by reference in the notifyIfExitEarly ScopeExit lambda and then capturing it in the task posted to the event loop, which was unsafe. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256447 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Chris Dumez RELEASE_ASSERT() under WebSWClientConnection::didResolveRegistrationPromise() https://bugs.webkit.org/show_bug.cgi?id=207637 Reviewed by Youenn Fablet. We were capturing data by reference in the notifyIfExitEarly ScopeExit lambda and then capturing it in the task posted to the event loop, which was unsafe. * workers/service/ServiceWorkerContainer.cpp: (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration): 2020-02-14 Russell Epstein Cherry-pick r256427. rdar://problem/59447029 Fix crash due to uninitialized currentStyle in CSSTransition https://bugs.webkit.org/show_bug.cgi?id=205959 Patch by Sunny He on 2020-02-12 Reviewed by Antoine Quint. Source/WebCore: Test: legacy-animation-engine/transitions/svg-bad-scale-crash.html * animation/CSSTransition.cpp: (WebCore::CSSTransition::create): (WebCore::CSSTransition::CSSTransition): * animation/CSSTransition.h: LayoutTests: Fix crash due to uninitialized currentStyle in CSSTransition * legacy-animation-engine/transitions/svg-bad-scale-crash-expected.txt: Added. * legacy-animation-engine/transitions/svg-bad-scale-crash.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256427 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Sunny He Fix crash due to uninitialized currentStyle in CSSTransition https://bugs.webkit.org/show_bug.cgi?id=205959 Reviewed by Antoine Quint. Test: legacy-animation-engine/transitions/svg-bad-scale-crash.html * animation/CSSTransition.cpp: (WebCore::CSSTransition::create): (WebCore::CSSTransition::CSSTransition): * animation/CSSTransition.h: 2020-02-14 Russell Epstein Cherry-pick r256395. rdar://problem/59447024 Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type Patch by Rob Buis and David Kilzer on 2020-02-11 Reviewed by Rob Buis. Source/WebCore: Return StringView directly rather than wrapping it in Optional, since StringView's can be null tested. Tests: TestWebKitAPI.ParsedContentType * platform/network/ParsedContentType.cpp: (WebCore::parseToken): (WebCore::parseQuotedString): (WebCore::ParsedContentType::parseContentType): Don't set type parameter if parameterName is null string. Remove unneeded `parameterName` variable; use keyRange.toString() instead. Tools: * TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp: (TestWebKitAPI::TEST): Add more tests. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256395 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-11 Rob Buis Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type Reviewed by Rob Buis. Return StringView directly rather than wrapping it in Optional, since StringView's can be null tested. Tests: TestWebKitAPI.ParsedContentType * platform/network/ParsedContentType.cpp: (WebCore::parseToken): (WebCore::parseQuotedString): (WebCore::ParsedContentType::parseContentType): Don't set type parameter if parameterName is null string. Remove unneeded `parameterName` variable; use keyRange.toString() instead. 2020-02-14 Russell Epstein Cherry-pick r256377. rdar://problem/59446971 Regression: RTCRtpSender.getCapabilities("video") returns null on iOS 13.4 (17E5223h) https://bugs.webkit.org/show_bug.cgi?id=207325 Reviewed by Eric Carlson. Source/WebCore: Manually tested and covered by API test. * platform/mediastream/libwebrtc/LibWebRTCProviderCocoa.cpp: (WebCore::LibWebRTCProvider::webRTCAvailable): Return true unconditionally on iOS since libwebrtc.dylib is always available. Tools: * TestWebKitAPI/Tests/WebKit/GetUserMedia.mm: (TestWebKitAPI::TEST): Add a test validating that RTCRtpSender.getCapabilities does not return null. * TestWebKitAPI/Tests/WebKit/getUserMedia.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256377 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-11 Youenn Fablet Regression: RTCRtpSender.getCapabilities("video") returns null on iOS 13.4 (17E5223h) https://bugs.webkit.org/show_bug.cgi?id=207325 Reviewed by Eric Carlson. Manually tested and covered by API test. * platform/mediastream/libwebrtc/LibWebRTCProviderCocoa.cpp: (WebCore::LibWebRTCProvider::webRTCAvailable): Return true unconditionally on iOS since libwebrtc.dylib is always available. 2020-02-14 Russell Epstein Cherry-pick r256207. rdar://problem/59447263 Don't update selection when calling setSelectionRange on a disconnected input element https://bugs.webkit.org/show_bug.cgi?id=207357 Reviewed by Antti Koivisto. LayoutTests/imported/w3c: Rebaselined the test that progressed a little. The test now passes offset checks but still fails direction check. * web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea-expected.txt: Source/WebCore: Don't update FrameSelection when the text form control element is disconnected from document. * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setSelectionRange): LayoutTests: Rebaselined the test that has progressed with this change. * platform/ios-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: * platform/mac-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: * platform/mac/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256207 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-07 Ryosuke Niwa Don't update selection when calling setSelectionRange on a disconnected input element https://bugs.webkit.org/show_bug.cgi?id=207357 Reviewed by Antti Koivisto. Don't update FrameSelection when the text form control element is disconnected from document. * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::setSelectionRange): 2020-02-13 Russell Epstein Revert r256407. rdar://problem/59299143 2020-02-13 Alan Coon Cherry-pick r256564. rdar://problem/59440718 iOS: Autoscrolling is too fast and way too aggressive https://bugs.webkit.org/show_bug.cgi?id=207717 Reviewed by Simon Fraser. * page/EventHandler.h: * page/ios/EventHandlerIOS.mm: (WebCore::EventHandler::startSelectionAutoscroll): (WebCore::EventHandler::cancelSelectionAutoscroll): (WebCore::adjustAutoscrollDestinationForInsetEdges): (WebCore::EventHandler::targetPositionInWindowForSelectionAutoscroll const): (WebCore::autoscrollAdjustmentFactorForScreenBoundaries): Deleted. Make a few small changes to autoscrolling on iOS to make it feel better: - Store the autoscrolling position in "unscrolled" coordinates, and do all work in this space, converting back when it's time to actually scroll. This fixes the problem where you have to wiggle your finger to autoscroll, because now when the timer fires, the point actually moves (before, it was all stored in "content" coordinates, so wouldn't actually change until the client pushed a new point). - Reintroduce the macOS-style linear scaling of scrolling velocity in (and beyond) the inset region. We scale the fractional distance into the inset region to a 20pt/50ms scroll velocity; when you exit the inset it continues scaling up linearly from there. - Only apply insets in the direction that the autoscroll drag is occurring in. This avoids a problem where e.g. horizontally selecting text on the first visible line of a page would cause us to scroll up, as it sat within the top inset. Instead, we only apply an inset in the direction of the drag, and do not allow its magnitude to exceed the currently dragged distance. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256564 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-13 Tim Horton iOS: Autoscrolling is too fast and way too aggressive https://bugs.webkit.org/show_bug.cgi?id=207717 Reviewed by Simon Fraser. * page/EventHandler.h: * page/ios/EventHandlerIOS.mm: (WebCore::EventHandler::startSelectionAutoscroll): (WebCore::EventHandler::cancelSelectionAutoscroll): (WebCore::adjustAutoscrollDestinationForInsetEdges): (WebCore::EventHandler::targetPositionInWindowForSelectionAutoscroll const): (WebCore::autoscrollAdjustmentFactorForScreenBoundaries): Deleted. Make a few small changes to autoscrolling on iOS to make it feel better: - Store the autoscrolling position in "unscrolled" coordinates, and do all work in this space, converting back when it's time to actually scroll. This fixes the problem where you have to wiggle your finger to autoscroll, because now when the timer fires, the point actually moves (before, it was all stored in "content" coordinates, so wouldn't actually change until the client pushed a new point). - Reintroduce the macOS-style linear scaling of scrolling velocity in (and beyond) the inset region. We scale the fractional distance into the inset region to a 20pt/50ms scroll velocity; when you exit the inset it continues scaling up linearly from there. - Only apply insets in the direction that the autoscroll drag is occurring in. This avoids a problem where e.g. horizontally selecting text on the first visible line of a page would cause us to scroll up, as it sat within the top inset. Instead, we only apply an inset in the direction of the drag, and do not allow its magnitude to exceed the currently dragged distance. 2020-02-13 Russell Epstein Cherry-pick r256485. rdar://problem/59430261 Composition highlight rects should be rounded and inset https://bugs.webkit.org/show_bug.cgi?id=207655 Reviewed by Tim Horton. Source/WebCore: Apply a couple of minor adjustments to the appearance of composition highlight rects that appear behind marked text, in the case where the client specifies attributed marked text with background colors. Test: editing/input/composition-highlights.html * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::paintMarkedTextBackground): (WebCore::InlineTextBox::paintCompositionBackground): In the case where custom composition rects are specified, add a half-pixel inset to all sides of the background rect, and add a slight corner radius around each background rect. * rendering/InlineTextBox.h: Source/WebKit: Stitch adjacent highlight rects together if they have the same highlight color; this minimizes the number of composition highlight rects we hand to the web process when changing the marked text. * UIProcess/ios/WKContentViewInteraction.mm: (compositionHighlights): LayoutTests: Make this existing layout test work with the new composition highlight appearance by covering up the edges of the composition highlight rect with a black border. Due to subpixel insets around the composition highlight rect, the reference image would be offset by a half pixel without this change (even when changing the spans to have a `border-radius`). * editing/input/composition-highlights-expected.html: * editing/input/composition-highlights.html: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256485 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-12 Wenson Hsieh Composition highlight rects should be rounded and inset https://bugs.webkit.org/show_bug.cgi?id=207655 Reviewed by Tim Horton. Apply a couple of minor adjustments to the appearance of composition highlight rects that appear behind marked text, in the case where the client specifies attributed marked text with background colors. Test: editing/input/composition-highlights.html * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::paintMarkedTextBackground): (WebCore::InlineTextBox::paintCompositionBackground): In the case where custom composition rects are specified, add a half-pixel inset to all sides of the background rect, and add a slight corner radius around each background rect. * rendering/InlineTextBox.h: 2020-02-13 Russell Epstein Cherry-pick r256230. rdar://problem/59332513 Adjust the minor version number for the desktop user agent string. https://bugs.webkit.org/show_bug.cgi?id=207498 Patch by Keith Rollin on 2020-02-10 Reviewed by Wenson Hsieh. This helps with Netflix compatibility on the iPad. No new tests -- no new or changed functionality. * platform/ios/UserAgentIOS.mm: (WebCore::standardUserAgentWithApplicationName): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256230 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-10 Keith Rollin Adjust the minor version number for the desktop user agent string. https://bugs.webkit.org/show_bug.cgi?id=207498 Reviewed by Wenson Hsieh. This helps with Netflix compatibility on the iPad. No new tests -- no new or changed functionality. * platform/ios/UserAgentIOS.mm: (WebCore::standardUserAgentWithApplicationName): 2020-02-12 Alan Coon Cherry-pick r254859. rdar://problem/59298172 Minor improvements to StorageAreaMap https://bugs.webkit.org/show_bug.cgi?id=206433 Reviewed by Darin Adler. Source/WebCore: Use inline initialization for some of StorageMap's data member. Also specify uint8_t as underlying type of StorageType enum class for better packing. * inspector/InspectorInstrumentation.h: * storage/StorageArea.h: * storage/StorageMap.cpp: (WebCore::StorageMap::StorageMap): * storage/StorageType.h: Source/WebKit: Minor improvements to StorageAreaMap: 1. The class does not need to be RefCounted, as it is solely owned by StorageNamespaceImpl. Having it RefCounted was actually dangerous because StorageAreaMap had a raw pointer data member to its owner: m_storageNamespace. This raw pointer could become stale if you extend the lifetime of the StorageAreaMap object to outlive its StorageNamespaceImpl. 2. Make StorageAreaMap::connect() private as it is never called from outside the class 3. Reorder data members for better packing 4. Use modern loops in the implementation 5. Rename loadValuesIfNeeded() to ensureStorageMap() and have it return the StorageMap object. This makes calls site more concise and it makes it clearer when this method needs to be called. 6. Mark class as final 7. Replace LOG_ERROR() with RELEASE_LOG_ERROR() so that we can see error logging in sysdiagnoses 8. Use more references instead of raw pointers to make it clear when null checks are not needed * WebProcess/WebStorage/StorageAreaImpl.cpp: (WebKit::StorageAreaImpl::create): (WebKit::StorageAreaImpl::StorageAreaImpl): * WebProcess/WebStorage/StorageAreaImpl.h: * WebProcess/WebStorage/StorageAreaMap.cpp: (WebKit::StorageAreaMap::StorageAreaMap): (WebKit::StorageAreaMap::length): (WebKit::StorageAreaMap::key): (WebKit::StorageAreaMap::item): (WebKit::StorageAreaMap::setItem): (WebKit::StorageAreaMap::removeItem): (WebKit::StorageAreaMap::clear): (WebKit::StorageAreaMap::contains): (WebKit::StorageAreaMap::resetValues): (WebKit::StorageAreaMap::ensureStorageMap): (WebKit::StorageAreaMap::applyChange): (WebKit::StorageAreaMap::dispatchSessionStorageEvent): (WebKit::StorageAreaMap::dispatchLocalStorageEvent): (WebKit::StorageAreaMap::connect): (WebKit::StorageAreaMap::disconnect): * WebProcess/WebStorage/StorageAreaMap.h: * WebProcess/WebStorage/StorageAreaMap.messages.in: * WebProcess/WebStorage/StorageNamespaceImpl.cpp: (WebKit::StorageNamespaceImpl::storageArea): * WebProcess/WebStorage/StorageNamespaceImpl.h: git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254859 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-01-21 Chris Dumez Minor improvements to StorageAreaMap https://bugs.webkit.org/show_bug.cgi?id=206433 Reviewed by Darin Adler. Use inline initialization for some of StorageMap's data member. Also specify uint8_t as underlying type of StorageType enum class for better packing. * inspector/InspectorInstrumentation.h: * storage/StorageArea.h: * storage/StorageMap.cpp: (WebCore::StorageMap::StorageMap): * storage/StorageMap.h: * storage/StorageType.h: 2020-02-12 Alan Coon Revert r256409. rdar://problem/59298138 2020-02-12 Alan Coon Revert r256457. rdar://problem/59298138 2020-02-12 Russell Epstein Cherry-pick r256060. rdar://problem/59298138 Captions sometimes render at the wrong size when in fullscreen and PiP https://bugs.webkit.org/show_bug.cgi?id=207389 Reviewed by Jer Noble. The TextTrackRepresentation, used to render captions when in fullscreen and PiP on iOS and and in PiP on macOS, frequently rendered captions before layout completed immediately after it was created. Fix this by having it not render until a layout happens. Additionally, make the code more efficient by hiding the TextTrackRepresentation's backing layer when cues are not visible instead of destroying the whole object. Drive by: RELEASE_LOG_DISABLED is always defined for PLATFORM(COCOA), so remove it from the macOS/iOS media players to make it easier to add logging to VideoFullscreenLayerManagerObjC. * html/HTMLMediaElement.cpp: (WebCore::convertEnumerationToString): (WebCore::HTMLMediaElement::configureTextTrackDisplay): * html/HTMLMediaElementEnums.h: (WTF::LogArgument::toString): * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTextTrackContainerElement::MediaControlTextTrackContainerElement): (WebCore::MediaControlTextTrackContainerElement::updateDisplay): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationStyle): (WebCore::MediaControlTextTrackContainerElement::layoutIfNecessary): (WebCore::MediaControlTextTrackContainerElement::updateVideoDisplaySize): (WebCore::MediaControlTextTrackContainerElement::updateSizes): (WebCore::MediaControlTextTrackContainerElement::updateCueStyles): (WebCore::MediaControlTextTrackContainerElement::logger const): (WebCore::MediaControlTextTrackContainerElement::logIdentifier const): (WebCore::MediaControlTextTrackContainerElement::updateTimerFired): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateStyleForTextTrackRepresentation): Deleted. * platform/graphics/TextTrackRepresentation.h: * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::MediaPlayerPrivateAVFoundation): (WebCore::MediaPlayerPrivateAVFoundation::logChannel const): * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage): (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::mediaPlayerLogger): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.h: * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm: (WebCore::VideoFullscreenLayerManagerObjC::VideoFullscreenLayerManagerObjC): (WebCore::VideoFullscreenLayerManagerObjC::setVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenFrame): (WebCore::VideoFullscreenLayerManagerObjC::didDestroyVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::syncTextTrackBounds): (WebCore::VideoFullscreenLayerManagerObjC::setTextTrackRepresentation): (WebCore::VideoFullscreenLayerManagerObjC::logChannel const): * platform/graphics/cocoa/TextTrackRepresentationCocoa.h: * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: (-[WebCoreTextTrackRepresentationCocoaHelper observeValueForKeyPath:ofObject:change:context:]): (TextTrackRepresentationCocoa::setHidden const): (TextTrackRepresentationCocoa::boundsChanged): * rendering/RenderMediaControlElements.cpp: (WebCore::RenderTextTrackContainerElement::layout): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256060 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-07 Eric Carlson Captions sometimes render at the wrong size when in fullscreen and PiP https://bugs.webkit.org/show_bug.cgi?id=207389 Reviewed by Jer Noble. The TextTrackRepresentation, used to render captions when in fullscreen and PiP on iOS and and in PiP on macOS, frequently rendered captions before layout completed immediately after it was created. Fix this by having it not render until a layout happens. Additionally, make the code more efficient by hiding the TextTrackRepresentation's backing layer when cues are not visible instead of destroying the whole object. Drive by: RELEASE_LOG_DISABLED is always defined for PLATFORM(COCOA), so remove it from the macOS/iOS media players to make it easier to add logging to VideoFullscreenLayerManagerObjC. * html/HTMLMediaElement.cpp: (WebCore::convertEnumerationToString): (WebCore::HTMLMediaElement::configureTextTrackDisplay): * html/HTMLMediaElementEnums.h: (WTF::LogArgument::toString): * html/shadow/MediaControlElements.cpp: (WebCore::MediaControlTextTrackContainerElement::MediaControlTextTrackContainerElement): (WebCore::MediaControlTextTrackContainerElement::updateDisplay): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentationStyle): (WebCore::MediaControlTextTrackContainerElement::layoutIfNecessary): (WebCore::MediaControlTextTrackContainerElement::updateVideoDisplaySize): (WebCore::MediaControlTextTrackContainerElement::updateSizes): (WebCore::MediaControlTextTrackContainerElement::updateCueStyles): (WebCore::MediaControlTextTrackContainerElement::logger const): (WebCore::MediaControlTextTrackContainerElement::logIdentifier const): (WebCore::MediaControlTextTrackContainerElement::updateTimerFired): Deleted. (WebCore::MediaControlTextTrackContainerElement::updateStyleForTextTrackRepresentation): Deleted. * platform/graphics/TextTrackRepresentation.h: * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::MediaPlayerPrivateAVFoundation): (WebCore::MediaPlayerPrivateAVFoundation::logChannel const): * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC): (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame): (WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateAudioTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoTracks): (WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage): (-[WebCoreAVFMovieObserver observeValueForKeyPath:ofObject:change:context:]): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::mediaPlayerLogger): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC): (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.h: * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm: (WebCore::VideoFullscreenLayerManagerObjC::VideoFullscreenLayerManagerObjC): (WebCore::VideoFullscreenLayerManagerObjC::setVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer): (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenFrame): (WebCore::VideoFullscreenLayerManagerObjC::didDestroyVideoLayer): (WebCore::VideoFullscreenLayerManagerObjC::syncTextTrackBounds): (WebCore::VideoFullscreenLayerManagerObjC::setTextTrackRepresentation): (WebCore::VideoFullscreenLayerManagerObjC::logChannel const): * platform/graphics/cocoa/TextTrackRepresentationCocoa.h: * platform/graphics/cocoa/TextTrackRepresentationCocoa.mm: (-[WebCoreTextTrackRepresentationCocoaHelper observeValueForKeyPath:ofObject:change:context:]): (TextTrackRepresentationCocoa::setHidden const): (TextTrackRepresentationCocoa::boundsChanged): * rendering/RenderMediaControlElements.cpp: (WebCore::RenderTextTrackContainerElement::layout): 2020-02-11 Alan Coon Cherry-pick r255668. rdar://problem/59299120 MediaDevices should handle changes of iframe allow attribute value https://bugs.webkit.org/show_bug.cgi?id=207112 Reviewed by Eric Carlson. LayoutTests/imported/w3c: * web-platform-tests/mediacapture-streams/MediaStream-default-feature-policy.https-expected.txt: * web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt: Source/WebCore: MediaDevices was computing whether it could access camera or microphone at creation time. Since the iframe allow attribute can be modified, we cannot do that. Instead, we get the feature policy everytime this is needed. Refactor code to use the newly added routine to check for feature policy. Update logging to give origin and allow attribute value of the frame that fail the feature policy check. Test: http/tests/webrtc/enumerateDevicesInFrames.html * Modules/mediastream/MediaDevices.cpp: (WebCore::MediaDevices::MediaDevices): (WebCore::MediaDevices::refreshDevices): (WebCore::MediaDevices::enumerateDevices): (WebCore::MediaDevices::listenForDeviceChanges): * Modules/mediastream/MediaDevices.h: * Modules/mediastream/UserMediaController.cpp: (WebCore::UserMediaController::logGetUserMediaDenial): (WebCore::UserMediaController::logGetDisplayMediaDenial): (WebCore::UserMediaController::logEnumerateDevicesDenial): * Modules/mediastream/UserMediaController.h: * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::start): * html/FeaturePolicy.cpp: (WebCore::policyTypeName): (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners): * html/FeaturePolicy.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::printErrorMessage const): * page/DOMWindow.h: LayoutTests: * TestExpectations: * fullscreen/full-screen-enabled-expected.txt: * fullscreen/full-screen-enabled-prefixed-expected.txt: * fullscreen/full-screen-iframe-not-allowed-expected.txt: * fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt: * fullscreen/full-screen-restrictions-expected.txt: * http/tests/fullscreen/fullscreen-feature-policy-expected.txt: * http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt: * http/tests/media/media-stream/get-display-media-iframe-allow-attribute-expected.txt: * http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: * http/tests/ssl/media-stream/get-user-media-nested-expected.txt: * http/tests/webrtc/enumerateDevicesInFrames-expected.txt: Added. * http/tests/webrtc/enumerateDevicesInFrames.html: Added. git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255668 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-04 youenn fablet MediaDevices should handle changes of iframe allow attribute value https://bugs.webkit.org/show_bug.cgi?id=207112 Reviewed by Eric Carlson. MediaDevices was computing whether it could access camera or microphone at creation time. Since the iframe allow attribute can be modified, we cannot do that. Instead, we get the feature policy everytime this is needed. Refactor code to use the newly added routine to check for feature policy. Update logging to give origin and allow attribute value of the frame that fail the feature policy check. Test: http/tests/webrtc/enumerateDevicesInFrames.html * Modules/mediastream/MediaDevices.cpp: (WebCore::MediaDevices::MediaDevices): (WebCore::MediaDevices::refreshDevices): (WebCore::MediaDevices::enumerateDevices): (WebCore::MediaDevices::listenForDeviceChanges): * Modules/mediastream/MediaDevices.h: * Modules/mediastream/UserMediaController.cpp: (WebCore::UserMediaController::logGetUserMediaDenial): (WebCore::UserMediaController::logGetDisplayMediaDenial): (WebCore::UserMediaController::logEnumerateDevicesDenial): * Modules/mediastream/UserMediaController.h: * Modules/mediastream/UserMediaRequest.cpp: (WebCore::UserMediaRequest::start): * html/FeaturePolicy.cpp: (WebCore::policyTypeName): (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners): * html/FeaturePolicy.h: * page/DOMWindow.cpp: (WebCore::DOMWindow::printErrorMessage const): * page/DOMWindow.h: 2020-02-11 Alan Coon Cherry-pick r255562. rdar://problem/59299120 Do not copy feature policy in isFeaturePolicyAllowedByDocumentAndAllOwners https://bugs.webkit.org/show_bug.cgi?id=207110 Reviewed by Eric Carlson. Use auto& instead of auto to not copy the feature policy object. Add some auto* to improve code readability. No change of behavior. * html/FeaturePolicy.cpp: (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255562 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-03 youenn fablet Do not copy feature policy in isFeaturePolicyAllowedByDocumentAndAllOwners https://bugs.webkit.org/show_bug.cgi?id=207110 Reviewed by Eric Carlson. Use auto& instead of auto to not copy the feature policy object. Add some auto* to improve code readability. No change of behavior. * html/FeaturePolicy.cpp: (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners): 2020-02-11 Alan Coon Cherry-pick r256073. rdar://problem/59299148 Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content https://bugs.webkit.org/show_bug.cgi?id=207409 rdar://problem/59275641 Patch by Alex Christensen on 2020-02-07 Reviewed by Chris Dumez. Source/WebCore: Covered by an API test. * history/CachedFrame.cpp: (WebCore::CachedFrame::setHasInsecureContent): * history/CachedFrame.h: (WebCore::CachedFrame::usedLegacyTLS const): * loader/EmptyFrameLoaderClient.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): (WebCore::FrameLoader::commitProvisionalLoad): (WebCore::FrameLoader::dispatchDidCommitLoad): * loader/FrameLoader.h: * loader/FrameLoaderClient.h: Source/WebKit: * Scripts/webkit/messages.py: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::hasInsecureContent): * UIProcess/WebPageProxy.h: * UIProcess/WebPageProxy.messages.in: * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::dispatchDidCommitLoad): (WebKit::WebFrameLoaderClient::savePlatformDataToCachedFrame): * WebProcess/WebCoreSupport/WebFrameLoaderClient.h: Source/WebKitLegacy/mac: * WebCoreSupport/WebFrameLoaderClient.h: * WebCoreSupport/WebFrameLoaderClient.mm: (WebFrameLoaderClient::dispatchDidCommitLoad): Source/WebKitLegacy/win: * WebCoreSupport/WebFrameLoaderClient.cpp: (WebFrameLoaderClient::dispatchDidCommitLoad): * WebCoreSupport/WebFrameLoaderClient.h: Tools: * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm: (TestWebKitAPI::TEST): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256073 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-07 Alex Christensen Remember if we used legacy TLS in the back/forward cache like we remember if we have only secure content https://bugs.webkit.org/show_bug.cgi?id=207409 rdar://problem/59275641 Reviewed by Chris Dumez. Covered by an API test. * history/CachedFrame.cpp: (WebCore::CachedFrame::setHasInsecureContent): * history/CachedFrame.h: (WebCore::CachedFrame::usedLegacyTLS const): * loader/EmptyFrameLoaderClient.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::receivedFirstData): (WebCore::FrameLoader::commitProvisionalLoad): (WebCore::FrameLoader::dispatchDidCommitLoad): * loader/FrameLoader.h: * loader/FrameLoaderClient.h: 2020-02-11 Alan Coon Cherry-pick r255881. rdar://problem/59299143 Adopt MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207275 Reviewed by Eric Carlson. Source/WebCore: * platform/PlatformScreen.h: * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): Source/WebCore/PAL: * pal/cocoa/MediaToolboxSoftLink.cpp: * pal/cocoa/MediaToolboxSoftLink.h: Source/WebKit: The WebProcess sandbox can block access to the services necessary for MediaToolbox to determine whether the current display is capable of displaying HDR. Rather than opening up the sandbox, provide the information gathered by the UIProcess by way of MTOverrideShouldPlayHDRVideo(). * WebProcess/WebPage/WebPage.cpp: (WebKit::WebPage::windowScreenDidChange): (WebKit::WebPage::displayID const): * WebProcess/WebPage/WebPage.h: * WebProcess/WebProcess.cpp: (WebKit::WebProcess::setScreenProperties): Deleted. * WebProcess/WebProcess.h: * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::setScreenProperties): (WebKit::WebProcess::updatePageScreenProperties): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255881 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-05 Jer Noble Adopt MTOverrideShouldPlayHDRVideo() https://bugs.webkit.org/show_bug.cgi?id=207275 Reviewed by Eric Carlson. * platform/PlatformScreen.h: * platform/mac/PlatformScreenMac.mm: (WebCore::setShouldOverrideScreenSupportsHighDynamicRange): 2020-02-11 Alan Coon Cherry-pick r255846. rdar://problem/59299151 Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache https://bugs.webkit.org/show_bug.cgi?id=207207 Reviewed by Chris Dumez. Source/WebCore: * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::includeCertificateInfo const): * platform/network/ResourceResponseBase.h: (WebCore::ResourceResponseBase::usedLegacyTLS const): (WebCore::ResourceResponseBase::encode const): (WebCore::ResourceResponseBase::decode): Source/WebKit: In PageLoadState::didCommitLoad, I was resetting the value of _negotiatedLegacyTLS to false. That created a race condition when loading the main resource because the NetworkProcess would message the UIProcess setting _negotiatedLegacyTLS to false, while the NetworkProcess would message the WebProcess which would message the UIProcess to call PageLoadState::didCommitLoad which would reset it to false. Now it resets it to the correct value, whatever it is. Updating the ResourceResponseBase serialization code has the desirable side effect that the disk cache will remember whether legacy TLS was used to fetch each resource. This will make it so _negotiatedLegacyTLS is true if we read content from the disk cache that was originally fetched using legacy TLS. In order to not increase the memory footprint of ResourceResponse, I changed m_httpStatusCode from an int to a short. It just needs to be able to cover the values 0-600 or so, which really only needs 10 bits. Covered by new API tests. * NetworkProcess/NetworkCORSPreflightChecker.cpp: (WebKit::NetworkCORSPreflightChecker::didReceiveResponse): * NetworkProcess/NetworkCORSPreflightChecker.h: * NetworkProcess/NetworkDataTask.cpp: (WebKit::NetworkDataTask::didReceiveResponse): (WebKit::NetworkDataTask::negotiatedLegacyTLS const): Deleted. * NetworkProcess/NetworkDataTask.h: (WebKit::NetworkDataTaskClient::negotiatedLegacyTLS const): Deleted. * NetworkProcess/NetworkDataTaskBlob.cpp: (WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse): * NetworkProcess/NetworkLoad.cpp: (WebKit::NetworkLoad::didReceiveResponse): (WebKit::NetworkLoad::notifyDidReceiveResponse): (WebKit::NetworkLoad::throttleDelayCompleted): (WebKit::NetworkLoad::negotiatedLegacyTLS const): Deleted. * NetworkProcess/NetworkLoad.h: * NetworkProcess/NetworkResourceLoader.h: * NetworkProcess/PingLoad.cpp: (WebKit::PingLoad::didReceiveResponse): * NetworkProcess/PingLoad.h: * NetworkProcess/cocoa/NetworkDataTaskCocoa.h: * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: (WebKit::NetworkDataTaskCocoa::didReceiveResponse): * NetworkProcess/cocoa/NetworkSessionCocoa.mm: (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]): * NetworkProcess/curl/NetworkDataTaskCurl.cpp: (WebKit::NetworkDataTaskCurl::invokeDidReceiveResponse): * NetworkProcess/soup/NetworkDataTaskSoup.cpp: (WebKit::NetworkDataTaskSoup::dispatchDidReceiveResponse): * UIProcess/PageLoadState.cpp: (WebKit::PageLoadState::didCommitLoad): * UIProcess/PageLoadState.h: * UIProcess/ProvisionalPageProxy.cpp: (WebKit::ProvisionalPageProxy::didCommitLoadForFrame): * UIProcess/ProvisionalPageProxy.h: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::commitProvisionalPage): (WebKit::WebPageProxy::didCommitLoadForFrame): * UIProcess/WebPageProxy.h: * UIProcess/WebPageProxy.messages.in: * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: (WebKit::WebFrameLoaderClient::dispatchDidCommitLoad): Source/WTF: * wtf/persistence/PersistentDecoder.cpp: (WTF::Persistence::Decoder::decode): * wtf/persistence/PersistentDecoder.h: * wtf/persistence/PersistentEncoder.cpp: (WTF::Persistence::Encoder::encode): * wtf/persistence/PersistentEncoder.h: Tools: HTTPServer now supports HTTPS. Tell your friends! * TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm: (testCertificate): (testIdentity): (credentialWithIdentity): * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm: (TestWebKitAPI::webViewWithNavigationDelegate): (TestWebKitAPI::TEST): * TestWebKitAPI/cocoa/HTTPServer.h: * TestWebKitAPI/cocoa/HTTPServer.mm: (TestWebKitAPI::HTTPServer::HTTPServer): (TestWebKitAPI::HTTPServer::request const): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255846 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-02-05 Alex Christensen Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache https://bugs.webkit.org/show_bug.cgi?id=207207 Reviewed by Chris Dumez. * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::includeCertificateInfo const): * platform/network/ResourceResponseBase.h: (WebCore::ResourceResponseBase::usedLegacyTLS const): (WebCore::ResourceResponseBase::encode const): (WebCore::ResourceResponseBase::decode): 2020-02-11 Alan Coon Cherry-pick r255162. rdar://problem/59299120 Support 'allow="fullscreen"' feature policy https://bugs.webkit.org/show_bug.cgi?id=206806 Patch by Jer Noble on 2020-01-27 Reviewed by Youenn Fablet. Source/WebCore: Test: http/tests/fullscreen/fullscreen-feature-policy.html The unprefixed version of the Fullscreen API has deprecated the 'allowfullscreen' iframe attribute in favor of the 'allow="fullscreen"' style attribute used by Feature Policy. Add support for such, including the specified handling for the legacy 'allowfullscreen' attribute. Note: this patch will (intentionally) change the default behavior of