2009-03-19 Oliver Hunt Reviewed by NOBODY (OOPS!). Incorrect bound check in SVGList::insertItemBefore SVGList::insertItemBefore would not perform a bounds check on the index it was provided, potentially leading to a buffer overflow. Test: svg/dom/svglist-exception-on-out-bounds-error.html * svg/SVGList.h: (WebCore::SVGList::insertItemBefore): 2009-02-26 Mark Rowe Merge r41190. 2009-02-24 Sam Weinig Reviewed by Geoffrey Garen. Related to Allow disabling javascript: urls. * WebCore.base.exp: * html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::parseMappedAttribute): * loader/FrameLoader.cpp: (WebCore::FrameLoader::executeIfJavaScriptURL): * page/Page.cpp: (WebCore::Page::Page): (WebCore::Page::setJavaScriptURLsAreAllowed): (WebCore::Page::javaScriptURLsAreAllowed): * page/Page.h: 2009-01-28 Ada Chan Merge the rest of r33579. Reviewed by Steve Falkenburg. * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::makeFinalRequest): * platform/network/cf/ResourceRequestCFNet.cpp: (WebCore::ResourceRequest::doUpdatePlatformRequest): * platform/network/win/CookieJarWin.cpp: (WebCore::setCookies): (WebCore::cookies): (WebCore::cookiesEnabled): 2009-01-20 Mark Rowe Merge r33579. 2008-05-19 Ada Chan Added CookieStorageWin.h/cpp, introducing methods to get/set the current CFHTTPCookieStorageRef. When setting cookies-related attributes in CFURLRequest, make sure we get them from the current CFHTTPCookieStorageRef. Also, set the cookie storage in CFURLRequest. Reviewed by Steve Falkenburg. * WebCore.vcproj/WebCore.vcproj: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::makeFinalRequest): * platform/network/cf/ResourceRequestCFNet.cpp: (WebCore::ResourceRequest::doUpdatePlatformRequest): * platform/network/win/CookieJarCFNetWin.cpp: (WebCore::setCookies): (WebCore::cookies): (WebCore::cookiesEnabled): * platform/network/win/CookieStorageWin.cpp: Added. (WebCore::currentCookieStorage): (WebCore::setCurrentCookieStorage): * platform/network/win/CookieStorageWin.h: Added. 2009-01-19 Mark Rowe Merge r33993. 2008-05-21 Beth Dakin Reviewed by Anders. Fix for REGRESSION (r31438?): Crash beneath ResourceHandle::setDefersLoading while running fast/loader/ simultaneous-reloads-assert.html (null CFURLConnection) * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::setDefersLoading): Added simple null- check. 2009-01-19 Mark Rowe Merge r39247. 2008-12-11 Steve Falkenburg Delete the previous timer-queue timer in the main thread, just prior to scheduling a new timer. The code previously called DeleteTimerQueueTimer in the timer callback proc. The new technique simplifies the code, since we now create and delete timers on the same thread, and don't access the timer queue or timer handles in the callback. This allows us to remove some mutex use, and more importantly, it solves a race condition that was occuring between ChangeTimerQueueTimer and DeleteTimerQueueTimer. Since the timer callback isn't passed the timer handle, we were retrieving that handle via a global. If the timer callback code was entered, but then a new timer was immediately scheduled (prior to the callback acquiring the mutex and calling DeleteTimerQueueTimer), there was a small window where the timer could be re-scheduled via ChangeTimerQueueTimer and then immediately deleted once the already running callback acquired the mutex and then called DeleteTimerQueueTimer. This resulted in the newly scheduled timer never firing. Reviewed by Oliver Hunt. * platform/win/SharedTimerWin.cpp: (WebCore::queueTimerProc): Don't delete the timer in the callback. (WebCore::setSharedTimerFireTime): Always delete and create the timer instead of using ChangeTimerQueueTimer. (WebCore::stopSharedTimer): Call DeleteTimerQueueTimer directly. 2008-10-27 Mark Rowe Merge r37628. 2008-10-15 Jon Honeycutt Remove unneeded check of whether a Page defers loading before running it in a modal dialog. No test possible. Reviewed by Tim Hatcher. * page/Chrome.cpp: 2008-10-27 Mark Rowe Merge r37897. 2008-10-27 Anders Carlsson Reviewed by Kevin Decker. Crash in fast/loader/simultaneous-reloads-assert.html Make sure to null check the NSURLConnection object. * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::start): (WebCore::ResourceHandle::setDefersLoading): 2008-10-22 Mark Rowe Merge r37793. 2008-10-22 Brady Eidson Reviewed by Adam Roben - autocomplete="off" doesn't work on Windows Visual Studio makes a poor decision regarding the combination of enums and bitfields, such that a statement like "m_autocomplete = Off" followed by "return m_autocomplete == Off" would return "false" instead of the much more correct "true." In the past we have worked around this by declaring the bitfield member as an unsigned instead of the enum type. For more discussion, see http://trac.webkit.org/changeset/25329 * html/HTMLInputElement.h: Work around insane Visual Studio enum issue *sigh* 2008-10-21 Mark Rowe Merge r37704. 2008-10-19 Dan Bernstein Reviewed by Timothy Hatcher. - lower the default button repaint frequency * rendering/RenderButton.cpp: (WebCore::RenderButton::styleDidChange): Changed the timer interval from 0.01 to 0.03. 2008-10-21 Mark Rowe Merge r31577. 2008-04-02 Mark Rowe Reviewed by Oliver Hunt. Ensure that debug symbols are generated for x86_64 and ppc64 builds. * Configurations/Base.xcconfig: 2008-10-13 Steve Falkenburg Roll out r36884. * platform/graphics/GraphicsContext.h: * platform/graphics/win/GraphicsContextCGWin.cpp: (WebCore::CGContextWithHDC): (WebCore::GraphicsContext::GraphicsContext): 2008-10-07 Mark Rowe Merge r35415. 2008-07-28 Brady Eidson Reviewed by Sam Weinig Test: security/autocomplete-cleared-on-back.html - autocomplete="off" should work when going back Taken care of in two ways: 1 - Listening for the page cache notification to clear the form, in cases where the page is being restored from the page cache 2 - Not saving such form elements when doing the normal "save state" to a history item, for cases with no page cache * html/HTMLFormElement.cpp: (WebCore::HTMLFormElement::~HTMLFormElement): (WebCore::HTMLFormElement::parseMappedAttribute): (WebCore::HTMLFormElement::didRestoreFromCache): (WebCore::HTMLFormElement::willMoveToNewOwnerDocument): (WebCore::HTMLFormElement::didMoveToNewOwnerDocument): * html/HTMLFormElement.h: * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::~HTMLInputElement): (WebCore::HTMLInputElement::setInputType): (WebCore::HTMLInputElement::saveState): (WebCore::HTMLInputElement::parseMappedAttribute): (WebCore::HTMLInputElement::needsCacheCallback): (WebCore::HTMLInputElement::registerForCacheCallbackIfNeeded): Only register if the type or attribute indicate we should. (WebCore::HTMLInputElement::unregisterForCacheCallbackIfNeeded): Only unregister if both the type and attribute are clear of needing registration. (WebCore::HTMLInputElement::didRestoreFromCache): (WebCore::HTMLInputElement::willMoveToNewOwnerDocument): (WebCore::HTMLInputElement::didMoveToNewOwnerDocument): * html/HTMLInputElement.h: 2008-10-07 Mark Rowe Merge r35362. 2008-07-25 Brady Eidson Reviewed by Sam Test: security/set-form-autocomplete-attribute.html Part of the fix for - Improper handling of autocomplete The autocomplete attribute works on both
and elements, but was not inherited properly when someone asked an if it should autocomplete. I fixed this up based on the rules in the current WF2 spec so if the element has its own autocomplete attribute set, it will follow that but otherwise it will inherit from its parent * WebCore.base.exp: * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::init): (WebCore::HTMLInputElement::autoComplete): (WebCore::HTMLInputElement::parseMappedAttribute): * html/HTMLInputElement.h: (WebCore::HTMLInputElement::): 2008-10-06 Mark Rowe Merge r33567. 2008-05-18 Darin Adler Reviewed by Sam. - fix crash due to stale ownerNode pointer Test: fast/dom/StyleSheet/ownerNode-lifetime.html * bindings/js/JSStyleSheetCustom.cpp: (WebCore::JSStyleSheet::mark): Added code to mark ownerNode. Includes a comment about how it would be even better to solve this in the DOM rather than just in the JavaScript binding. * css/StyleSheet.idl: Added CustomMarkFunction attribute. 2008-10-06 Mark Rowe Merge r36108. 2008-09-04 Brady Eidson Reviewed by Mitz - Safari times out connections after 1 or 2 minutes A 60-second default timeout was added in http://trac.webkit.org/changeset/17144 in an attempt to model default NSURLRequest behavior in a cross-platform manner. Sadly by always enforcing this 60 second timeout, WebCore was stomping over the wishes of any Webkit client that wished to enforce a much larger default timeout using NSURLRequest API. Additionally, upon reviewing what all other browsers do, it seems apparent that "no limit" is desirable behavior on the web and this restores previous Safari/WebKit behavior. It would be easy to write a layout test for this, but to be effective it would have to run for at least 61 seconds, which seems insane until will can parallelize run-webkit-tests * manual-tests/timeout-test.html: Added. * manual-tests/timeout-test.php: Added. * platform/network/ResourceRequestBase.h: (WebCore::ResourceRequestBase::ResourceRequestBase): Rename the constant to "unspecifiedTimeoutInterval" and make it UINT_MAX so platforms that do set it have an effective "no timeout." (Windows, for example) * platform/network/mac/ResourceRequestMac.mm: (WebCore::ResourceRequest::doUpdatePlatformRequest): If the timeout for this request is "unspecifiedTimeoutInterval", then don't bother setting the timeout using NSURLRequest API, allowing WebKit applications to enforce their own default timeout. 2008-10-06 Mark Rowe Merge r36811. 2008-09-23 Alexey Proskuryakov Reviewed by Oliver Hunt, okayed by Darin Adler. REGRESSION: ATOK has no phrase boundary on Safari/Mail.app * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::paintCompositionUnderline): Add 2 pixel spacing between clauses. 2008-10-06 Mark Rowe Merge r37008. 2008-09-27 Anders Carlsson Reviewed by Sam Weinig. https://bugs.webkit.org/show_bug.cgi?id=21178 Check if the plug-in is allowed to load the resource. This matches Firefox. Test: http/tests/plugins/local-geturl-from-remote.html * plugins/PluginView.cpp: (WebCore::PluginView::load): 2008-10-04 Mark Rowe Merge r35278. 2008-07-21 Mark Rowe Reviewed by Sam Weinig. Revamp the handling of CFBundleShortVersionString to be fixed at the major component of the version number. * Configurations/Version.xcconfig: * Info.plist: 2008-09-21 Steve Falkenburg Merge r36748, r36750 2008-09-21 Steve Falkenburg Removed unnecessary nested timer check. Rubber-stamped by Dan Bernstein. * platform/win/SharedTimerWin.cpp: (WebCore::TimerWindowWndProc): 2008-09-21 Steve Falkenburg Improve timer resolution on WinXP. https://bugs.webkit.org/show_bug.cgi?id=20979 Removed last-chance timer. It should not be necessary. Change timeEndPeriod timer to fire in 300ms instead of 20ms. Calling timeBeginPeriod/timeEndPeriod too often throws off accuracy. Remove Vista checks. We now run the same code on both XP and Vista. Call through to JSC::getCurrentUTCTimeWithMicroseconds from WebCore::currentTime. The code previously called GetSystemTimeAsFileTime, which is always low-resolution on XP, even within timeBeginPeriod(1). Reviewed by Maciej Stachowiak. * platform/win/SharedTimerWin.cpp: (WebCore::): (WebCore::TimerWindowWndProc): (WebCore::setSharedTimerFireTime): * platform/win/SystemTimeWin.cpp: (WebCore::currentTime): 2008-09-21 Mark Rowe Merge r35182. 2008-07-15 Adam Roben WebCore part of adding WebKit[Set]ShouldUseFontSmoothing functions Reviewed by John Sullivan. * platform/graphics/win/FontCGWin.cpp: (WebCore::Font::drawGlyphs): Pass the result of WebCoreShouldUseFontSmoothing() into wkSetFontSmoothingStyle. * platform/win/WebCoreTextRenderer.cpp: (WebCore::WebCoreSetShouldUseFontSmoothing): (WebCore::WebCoreShouldUseFontSmoothing): Added. * platform/win/WebCoreTextRenderer.h: 2008-09-14 Mark Rowe Merge r35950. 2008-08-27 Timothy Hatcher Add support for support for -webkit-appearance: default-button on the Mac platform. Reviewed by Dave Hyatt. * WebCore.base.exp: Export new symbols. * platform/mac/WebCoreSystemInterface.h: Add wkAdvanceDefaultButtonPulseAnimation. * platform/mac/WebCoreSystemInterface.mm: Ditto. * rendering/RenderButton.cpp: (WebCore::RenderButton::RenderButton): Remove #if PLATFORM(WIN). (WebCore::RenderButton::setStyle): Ditto. * rendering/RenderButton.h: Ditto. * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::adjustRepaintRect): Add a case for DefaultButtonAppearance. (WebCore::RenderThemeMac::setButtonCellState): Set the key equivalent to the return key if the button is default, otherwise reset the key equivalent. (WebCore::RenderThemeMac::paintButton): If the button is default call setDefaultButtonCell: on the window, then wkAdvanceDefaultButtonPulseAnimation before painting. Restore the window's previous default button cell when finished. 2008-09-14 Mark Rowe Merge r32881. 2008-05-05 Steve Falkenburg Add support for default button appearance. Add WebCore setting for app chrome mode. Reviewed by Dave Hyatt. * css/CSSPrimitiveValueMappings.h: (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): * css/CSSValueKeywords.in: Added default-button value keyword. * page/Settings.cpp: (WebCore::Settings::Settings): (WebCore::Settings::setApplicationChromeMode): * page/Settings.h: (WebCore::Settings::inApplicationChromeMode): * rendering/RenderButton.cpp: (WebCore::RenderButton::RenderButton): (WebCore::RenderButton::setStyle): (WebCore::RenderButton::timerFired): * rendering/RenderButton.h: * rendering/RenderStyle.h: (WebCore::): * rendering/RenderTheme.cpp: (WebCore::RenderTheme::adjustStyle): (WebCore::RenderTheme::paint): (WebCore::RenderTheme::paintBorderOnly): (WebCore::RenderTheme::paintDecorations): (WebCore::RenderTheme::isControlStyled): (WebCore::RenderTheme::isDefault): * rendering/RenderTheme.h: (WebCore::): * rendering/RenderThemeSafari.cpp: (WebCore::RenderThemeSafari::determineState): (WebCore::RenderThemeSafari::adjustRepaintRect): (WebCore::RenderThemeSafari::adjustButtonStyle): * rendering/RenderThemeWin.cpp: (WebCore::RenderThemeWin::supportsFocus): 2008-04-03 Anders Carlsson Reviewed by Sam. REGRESSION: Adding an image to the header image well causes Journal page to incorrectly draw * dom/Document.cpp: (WebCore::Document::childrenChanged): Make sure to chain up to ContainerNode::childrenChanged. 2008-04-03 Mark Rowe Merge r31320 to Safari-3-1-branch. 2008-03-26 Adam Roben Fix Bug 17768: REGRESSION (r30146): Inspector no longer shows elements properties We were throwing an exception from Object.describe because of some undefined variables. Reviewed by Tim Hatcher. * page/inspector/utilities.js: (Object.describe): Reinstate the type1 and type2 variables that were removed in r30146. They're still used when formatting a function. 2008-03-31 Mark Rowe Merge r31438 to Safari-3-1-branch. 2008-03-29 Sam Weinig Reviewed by Darin Adler. Fix for Since NSURL is allowing invalid urls to be loaded, we need to check the URL validity at the ResourceHandle level and fire off a cannotShowURL error. * loader/FrameLoader.cpp: (WebCore::FrameLoader::cannotShowURLError): * loader/FrameLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::cannotShowURLError): (WebCore::ResourceLoader::wasBlocked): (WebCore::ResourceLoader::cannotShowURL): * loader/ResourceLoader.h: * platform/KURL.h: (WebCore::KURL::isValid): * platform/network/ResourceHandle.cpp: (WebCore::ResourceHandle::create): (WebCore::ResourceHandle::scheduleFailure): (WebCore::ResourceHandle::fireFailure): (WebCore::portAllowed): * platform/network/ResourceHandle.h: (WebCore::ResourceHandle::): * platform/network/ResourceHandleClient.h: (WebCore::ResourceHandleClient::cannotShowURL): * platform/network/ResourceHandleInternal.h: (WebCore::ResourceHandleInternal::ResourceHandleInternal): 2008-03-31 Mark Rowe Merge r31434 to Safari-3-1-branch. 2008-03-29 Sam Weinig Reviewed by Brady Eidson. Fix crash when canceling a resource load while port blocked failure timer is going. Test: fast/loader/cancel-load-during-port-block-timer.html * platform/network/ResourceHandle.cpp: (WebCore::ResourceHandle::scheduleBlockedFailure): (WebCore::ResourceHandle::fireBlockedFailure): * platform/network/ResourceHandleInternal.h: (WebCore::ResourceHandleInternal::ResourceHandleInternal): Make the Timer a member variable of ResourceHandleInternal so that it can be canceled if the ResourceHandle is destroyed. 2008-03-31 Mark Rowe Merge r30722 to Safari-3-1-branch. 2008-03-03 Mark Rowe Reviewed by Dan Bernstein. Fix http://bugs.webkit.org/show_bug.cgi?id=17313 Bug 17313: querySelectorAll() causing crashes when called via dojo.query() wrapper Node::querySelector and SelectorNodeList were not sufficiently initializing the CSSStyleSelector before using it to resolve styles, which lead to it having a stale m_style member in some situations. This stale m_style member resulted in a wild store that would write over whatever object now resided at the location m_style pointed to. Test: fast/dom/SelectorAPI/bug-17313.html * dom/Node.cpp: (WebCore::Node::querySelector): Call initForStyleResolve to further initialize the CSSStyleSelector. * dom/SelectorNodeList.cpp: (WebCore::SelectorNodeList::SelectorNodeList): Ditto. 2008-03-31 Mark Rowe Merge r31153 to Safari-3-1-branch. 2008-03-19 Dan Bernstein Reviewed by John Sullivan. - fix CrashTracer: [USER] 33 crashes in Safari at com.apple.WebCore: WebCore::FrameView::layout + 431 Test: fast/dynamic/subtree-parent-static-y.html * rendering/RenderObject.cpp: (WebCore::RenderObject::markContainingBlocksForLayout): Avoid calling this method on the parent if the parent is the new layout subtree root, which would result in marking all the way to the top, when it should actually do nothing. 2008-03-28 Mark Rowe Merge r31071 to Safari-3-1-branch. 2008-03-14 Anders Carlsson Reviewed by Sam. https://bugs.webkit.org/show_bug.cgi?id=17792 REGRESSION (Safari 3.0.4-3.1): Ordering tickets from Sweden's biggest train operator doesn't work Pass the frame loader that should be used for looking up the frame name to FrameLoader::createWindow so that somewindow.open calls where the active window and 'somewindow' differ return the correct frame. * bindings/js/JSDOMWindowBase.cpp: (WebCore::createWindow): * loader/FrameLoader.cpp: (WebCore::FrameLoader::createWindow): * loader/FrameLoader.h: 2008-03-28 Mark Rowe Merge r31336 to Safari-3-1-branch. 2008-03-26 Justin Garcia Reviewed by Harrison. REGRESSION (Safari 3.1): Mail's plain text reply omits blank line following the attribution * editing/markup.cpp: (WebCore::createFragmentFromText): When asked to create a fragment from "Attribution:\n" with a context from [html, 0] to [html, 0], we'd return "Attribution
". Don't enclose paragraphs in clones of the context's enclosing block if that block is the html or body element. Currently no way to test [DOMHTMLElement createFragmentFromText:]. 2008-03-20 Mark Rowe Merge r31144 to Safari-3-1-branch. 2008-03-18 Sam Weinig Reviewed by Anders Carlsson. Fix for http://bugs.webkit.org/show_bug.cgi?id=17057 REGRESSION: Frequent random crashes in WebCore::JSNodeList::indexGetter Tests: fast/dom/NodeList/5725058-crash-scenario-1.html fast/dom/NodeList/5725058-crash-scenario-2.html fast/dom/NodeList/5725058-crash-scenario-3.html * dom/ChildNodeList.cpp: (WebCore::ChildNodeList::ChildNodeList): * dom/ChildNodeList.h: Remove rootNodeChildrenChanged() method and fix the constructor to not pass in a needsNotifications argument to DynamicNodeList, as it no longer takes one. * dom/ClassNodeList.cpp: (WebCore::ClassNodeList::ClassNodeList): Don't pass the needsNotifications argument to DynamicNodeList. * dom/ContainerNode.cpp: (WebCore::ContainerNode::childrenChanged): Rename call to hasNodeLists() to hasNodeListCaches(). * dom/Document.cpp: (WebCore::Document::Document): (WebCore::Document::~Document): Zero out the m_document variable to signify to destructors down the destruction chain that this is a Document type node being destructed, and thus, accessing document() is prohibited. * dom/Document.h: (WebCore::Document::addNodeListCache): Renamed from addNodeList. (WebCore::Document::removeNodeListCache): Renamed from removeNodeList, adds assertion. (WebCore::Document::hasNodeListCaches): Renamed from hasNodeListCaches. Rename m_numNodeLists to m_numNodeListCaches. * dom/DynamicNodeList.cpp: (WebCore::DynamicNodeList::DynamicNodeList): (WebCore::DynamicNodeList::~DynamicNodeList): (WebCore::DynamicNodeList::invalidateCache): (WebCore::DynamicNodeList::Caches::Caches): * dom/DynamicNodeList.h: (WebCore::DynamicNodeList::hasOwnCaches): Remove the needsNotifications concept from DynamicNodeList, instead, manually invalidate the cache for lists that own their own cache. * dom/NameNodeList.cpp: (WebCore::NameNodeList::NameNodeList): * dom/NameNodeList.h: Remove rootNodeAttributeChanged() method and fix the constructor to not pass in a needsNotifications argument to DynamicNodeList, as it no longer takes one. * dom/Node.cpp: (WebCore::Node::~Node): Decrement the document's nodeListCache count if we had a NodeListsNodeData cache and this is not the Document being destructor, as tagged by a null m_document. (WebCore::Node::childNodes): Increment the document's nodeListCache count if we need create the NodeListsNodeData. (WebCore::Node::registerDynamicNodeList): Increment the document's nodeListCache count if we need create the NodeListsNodeData. Change to invalidate all the caches, instead of just the ChildNodeList, if document has had no NodeListCaches. (WebCore::Node::unregisterDynamicNodeList): Change to remove the cache from the m_listsWithCaches set if it is owned by the NodeList and clear the m_nodeLists if it is empty. (WebCore::Node::notifyLocalNodeListsAttributeChanged): Move logic to NodeListsNodeData::invalidateAttributeCaches and clear the cache pointer if it is empty. (WebCore::Node::notifyLocalNodeListsChildrenChanged): Move logic to NodeListsNodeData::invalidateCaches and clear the cache pointer if it is empty. (WebCore::Node::notifyNodeListsChildrenChanged): Cleanup. (WebCore::Node::getElementsByName): Increment the document's nodeListCache count if we need create the NodeListsNodeData. (WebCore::Node::getElementsByClassName): Increment the document's nodeListCache count if we need create the NodeListsNodeData. (WebCore::NodeListsNodeData::invalidateCaches): Added. (WebCore::NodeListsNodeData::invalidateAttributeCaches): Added. (WebCore::NodeListsNodeData::isEmpty): Added. * dom/TagNodeList.cpp: (WebCore::TagNodeList::TagNodeList): Don't pass the needsNotifications argument to DynamicNodeList. 2008-03-17 Mark Rowe Merge r31069 to Safari-3-1-branch. 2008-03-14 Dan Bernstein Reviewed by Mark Rowe. - fix shadow offsets are smaller than specified * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::setShadow): Made the workaround for unconditional. 2008-03-03 Mark Rowe Merge r30992 to Safari-3-1-branch. 2008-03-12 David Harrison Reviewed by Darin. CrashTracer: [REGRESSION] 2290 crashes in Safari at com.apple.WebCore: -[WebCoreAXObject isWebArea] + 8 The problem was that we lost track of the AX cache for a subframe when Frame::disconnectOwnerElement() was called, so we were unable to locate the AXObjects to de-register from AppKit's accessibility registry. Also saw that cache clearing was missing from Document::detach(), and fixed that. Also added a debug-only check that AXObjectCache::remove() not finding the AXObject is expected. Lastly, RenderWidget::destroy() now skips trying to remove the AXObject if accessibility has never been enabled. * dom/Document.cpp: (WebCore::Document::attach): Assert that there is no AX cache (since there is no renderer). (WebCore::Document::detach): Destroy the AX cache installed on this document. (WebCore::Document::clearAXObjectCache): New. Destroy the AX cache associated with this document. (WebCore::Document::axObjectCache): Added some comments. * dom/Document.h: Declare clearAXObjectCache(). * page/Frame.cpp: (WebCore::Frame::disconnectOwnerElement): Destroy the AX cache associated with this frame's document. * page/mac/AXObjectCacheMac.mm: (WebCore::AXObjectCache::remove): * page/mac/WebCoreAXObject.mm: (-[WebCoreAXObject initWithRenderer:]): (-[WebCoreAXObject detach]): * rendering/RenderObject.cpp: (WebCore::RenderObject::RenderObject): (WebCore::RenderObject::~RenderObject): * rendering/RenderObject.h: (WebCore::RenderObject::setHasAXObject): (WebCore::RenderObject::hasAXObject): Add debug-only check that AXObjectCache::remove() not finding the AXObject is expected. * rendering/RenderWidget.cpp: (WebCore::RenderWidget::destroy): Skip call to remove the AXObject if accessibility has never been enabled. A simple speed optimization in the very common case that the accessibility APIs are not being used. Same as in RenderObject::destroy(). 2008-03-03 Mark Rowe Merge r30716 to Safari-3-1-branch. 2008-03-03 David Hyatt Fix for REGRESSION: Google Docs Spreadsheet crash This is also http://bugs.webkit.org/show_bug.cgi?id=17543, fixed table layout corrupts heap. Make sure not to access position -1 of the size 0 vectors. Reviewed by ggaren * rendering/FixedTableLayout.cpp: (WebCore::FixedTableLayout::layout): 2008-03-03 Jon Honeycutt Reviewed by Darin, Anders. Merge r30698 to Safari-3-1-branch. * plugins/PluginDatabase.h: Added isPreferredPluginPath(), preferredPluginCompare() qsort comparator. * plugins/PluginPackage.h: Added bool m_allowsMultipleInstances. (WebCore::PluginPackage::allowsMultipleInstances): Added; returns true if plug-in can have multiple instances, false otherwise. * plugins/win/PluginDatabaseWin.cpp: (WebCore::PluginDatabase::preferredPluginCompare): qsort comparator function, calls PluginPackage::compare(). (WebCore::PluginDatabase::pluginForMIMEType): Builds a list of plug-ins for a MIME type, sorts them, and returns the first item. (WebCore::PluginDatabase::MIMETypeForExtension): Builds a list of plug-ins that handle this extension, sorts them, and returns the MIME type the first plug-in in the list associates with this extension. (WebCore::PluginDatabase::isPreferredPluginPath): Returns true if the passed path is the "preferred" plug-in path. * plugins/win/PluginPackageWin.cpp: (WebCore::PluginPackage::PluginPackage): Set m_allowsMultipleInstances to true. (WebCore::PluginPackage::fetchInfo): If this is the VLC plug-in, set m_allowsMultipleInstances to false. (WebCore::PluginPackage::compare): Compare two plug-ins, first checking whether a plug-in has an issue that should push it to the back, then whether it's in a preferred directory that should move it to the front, then by filename, version, and parent directory. (WebCore::PluginPackage::load): If this plug-in doesn't allow multiple instances, and the package has been loaded, return false. 2008-02-29 Mark Rowe Merge r30692 to Safari-3-1-branch. 2008-02-29 Brady Eidson Reviewed by build-fix karma Bonehead mistake. Revert function to previous version for all non-Windows+CFNetwork platforms * platform/network/ProtectionSpace.cpp: (WebCore::ProtectionSpace::receivesCredentialSecurely): Make my previous change conditionally 2008-02-29 Mark Rowe Merge r30689 to Safari-3-1-branch. 2008-02-29 Brady Eidson Reviewed by Darin - Incorrect password handling text in credential sheet * platform/network/ProtectionSpace.cpp: (WebCore::ProtectionSpace::receivesCredentialSecurely): Call functional CFNetwork method to get "secureness" of the auth challenge instead of figuring it out ourselves 2008-02-28 Dave Hyatt Reviewed by Darin Adler. Fix REGRESSION: Loading HTML5 spec is 5x slower on TOT than in 3.0.4. Disable dynamic updating of the + selector when the DOM changes, since it hurt performance on the HTML5 spec. * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::checkSelector): 2008-02-28 Mark Rowe Reviewed by Dave Hyatt. REGRESSION (r29976): discovermagazine.com lays out incorrect (17564) Roll r29976 out of Safari-3-1-branch. * css/CSSGrammar.y: 2008-02-27 Mark Rowe Merge r30634 to Safari-3-1-branch. 2008-02-27 Sam Weinig Reviewed by Darin. Fix for - Don't allow cross-origin calls using window.functionName.call(otherFrame) syntax. * bindings/js/JSLocation.cpp: (WebCore::jsLocationProtoFuncToString): Do same-origin check. * bindings/js/kjs_window.cpp: (KJS::windowProtoFuncAToB): Ditto. (KJS::windowProtoFuncBToA): Ditto. (KJS::windowProtoFuncOpen): Ditto. (KJS::windowProtoFuncClearTimeout): Ditto. * bindings/scripts/CodeGeneratorJS.pm: Ditto. 2008-02-26 Mark Rowe Merge r30617 to Safari-3-1-branch. 2008-02-26 Antti Koivisto Reviewed by Darin. Fix REGRESSION: 1.5% -2% Sunspider regression from r30009 (ebay photo upload hang) Generate better code with VS: - Use ALWAYS_INLINE macro to guarantee versions of allowsAccessFrom() are reduced to single functions - Refactor error reporting so that there is no need to construct/destruct Strings in common cases - Add a separate version of the function for cases where error messages are not wanted * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::customGetOwnPropertySlot): * bindings/js/kjs_window.cpp: (KJS::Window::allowsAccessFrom): (KJS::Window::allowsAccessFromNoErrorMessage): (KJS::Window::allowsAccessFromPrivate): (KJS::Window::crossDomainAccessErrorMessage): * bindings/js/kjs_window.h: 2008-02-22 Mark Rowe Build fix. * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::send): Qualify references to symbols in the KJS namespace. 2008-02-22 Mark Rowe Merge r30493 to Safari-3-1-branch. 2008-02-22 Geoffrey Garen Reviewed by Sam Weinig. Fixed Repro leak of JSXMLHttpRequest and associated objects @ www.viamichelin.it, which was probably an underlying cause of Gmail out of memory (17455) If SubresourceLoader::create returned NULL, we would ref() / gcProtect() the XMLHttpRequest but think we hadn't, therefore never calling deref() / gcUnprotect(). This could happen at gmail.com, since gmail.com attempts to send XMLHttpRequests from unload handlers in order to gather usage statistics. (According to comments in the code, SubresourceLoader::create returns NULL when called from an unload handler.) The solution is to ref() / gcProtect() only if SubresourceLoader::create doesn't return NULL. This make sense, since we only need to protect the request as long as it has an outstanding network transaction. * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::XMLHttpRequest): (WebCore::XMLHttpRequest::send): 2008-02-22 Mark Rowe Merge r30489 to Safari-3-1-branch. 2008-02-22 Jon Honeycutt Reviewed by Anders. REGRESSION(r30376): Crash loading plugin page during stress test (after only 5 min) - null dereference Full-frame plug-ins create PluginStream objects without loaders, as the PluginView receives the loading callbacks. We were trying to call setDefersLoading on these null pointers. * plugins/PluginStream.cpp: (WebCore::PluginStream::startStream): Add null check. (WebCore::PluginStream::destroyStream): Same. (WebCore::PluginStream::deliverData): Same. 2008-02-22 Timothy Hatcher Merge r30472 to Safari-3-1-branch. 2008-02-21 Sam Weinig Reviewed by Anders Carlsson. Fix for - Parse URLs before checking whether they are javascript: urls (which require security checks). * bindings/js/JSAttrCustom.cpp: (WebCore::JSAttr::setValue): * bindings/js/JSElementCustom.cpp: (WebCore::allowSettingSrcToJavascriptURL): * bindings/js/JSHTMLFrameElementCustom.cpp: (WebCore::allowSettingJavascriptURL): * bindings/js/JSHTMLIFrameElementCustom.cpp: (WebCore::JSHTMLIFrameElement::setSrc): 2008-02-22 Timothy Hatcher REGRESSION (Ceto-Fireclaw): Margins/padding expand on hover for some headlines on The Huffington Post Roll out r29649. * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::computeLogicalBoxHeights): (WebCore::InlineFlowBox::placeBoxesVertically): (WebCore::InlineFlowBox::shrinkBoxesWithNoTextChildren): * rendering/RenderObject.h: * rendering/bidi.cpp: (WebCore::inlineFlowRequiresLineBox): (WebCore::RenderBlock::findNextLineBreak): 2008-02-21 Mark Rowe Merge r30461 to Safari-3-1-branch. 2008-02-21 Antti Koivisto Reviewed by Sam Weinig. REGRESSION: 1.5% -2% Sunspider regression from r30009 (ebay photo upload hang) Ensure all versions of allowsAccessFrom are inlined to single functions. This is a 2% win in browser hosted Sunspider. * bindings/js/kjs_window.cpp: (KJS::Window::allowsAccessFrom): (KJS::Window::allowsAccessFromPrivate): * bindings/js/kjs_window.h: 2008-02-21 Mark Rowe Merge r30458 to Safari-3-1-branch. 2008-02-21 Geoffrey Garen Reviewed by David Harrison. Fixed REGRESSION: A crash occurs at WebCore::Frame::scriptProxy() when completing a search with Package Tracker widget Test: fast/dom/script-element-without-frame-crash.html * html/HTMLTokenizer.cpp: (WebCore::HTMLTokenizer::parseTag): Added back a NULL check that was accidentally removed in r30325. 2008-02-21 Mark Rowe Merge r30433 to Safari-3-1-branch. 2008-02-20 Sam Weinig Reviewed by Darin and Geoff. - work around missing video on YouTube front page with a site-specific hack * WebCore.base.exp: Updated. * bindings/js/kjs_navigator.cpp: (WebCore::needsYouTubeQuirk): Added. Return true on Windows only when the quirk is needed. (WebCore::Navigator::getValueProperty): For the appVersion property, if needsYouTubeQuirk return true, then return the empty string. * page/Settings.cpp: (WebCore::Settings::Settings): Set m_needsSiteSpecificQuirks to false. (WebCore::Settings::setNeedsSiteSpecificQuirks): Added. * page/Settings.h: Added m_needsSiteSpecificQuirks. (WebCore::Settings::needsSiteSpecificQuirks): Added. 2008-02-20 Timothy Hatcher Merge r30423 to Safari-3-1-branch. 2008-02-20 Alexey Proskuryakov Build fix. * xml/XMLHttpRequest.cpp: (WebCore::isSafeRequestHeader): (WebCore::XMLHttpRequest::setRequestHeader): 2008-02-20 Timothy Hatcher Merge r30422 to Safari-3-1-branch. 2008-02-20 Alexey Proskuryakov Reviewed by Darin. Unable to set the Referer header in Dashboard using XMLHttpRequest Cannot be tested in DRT. * xml/XMLHttpRequest.cpp: (WebCore::canSetRequestHeader): Assume that a request that can load local files can also set any headers. 2008-02-18 Mark Rowe Merge r30395 to Safari-3-1-branch. 2008-02-18 Brady Eidson Reviewed by Darin Fix for - ObjC Exception can cause JSLock to never be released Test: platform/mac/plugins/webScriptObject-exception-deadlock.html * bindings/objc/WebScriptObject.mm: (-[WebScriptObject valueForKey:]): The line `resultObj = [super valueForKey:key]; // defaults to throwing an exception` says it all - it throws an exception. This method also happens to hold the JSLock. Problematically, when the exeception is thrown and the method exited, the JSLock is never released. Fix that without otherwise changing behavior by holding the JSLock in two individual scopes - Right before the exception and right after. 2008-02-18 Mark Rowe Merge r30392 to Safari-3-1-branch. 2008-02-18 Dan Bernstein Reviewed by Dave Hyatt. - fix crash in svgFontAndFaceElementForFontData on digitalstrom.org/cms Test: fast/css/font-face-multiple-remote-sources.html * css/CSSFontFace.cpp: (WebCore::CSSFontFace::fontLoaded): * css/CSSSegmentedFontFace.cpp: (WebCore::CSSSegmentedFontFace::fontLoaded): 2008-02-18 Mark Rowe Merge r30389 to Safari-3-1-branch. 2008-02-18 Stephanie Lewis Reviewed by Adam. Remove workaround for . * platform/network/cf/ResourceResponseCFNet.cpp: (WebCore::ResourceResponse::doUpdateResourceResponse): 2008-02-18 Mark Rowe Merge r30370 to Safari-3-1-branch. 2008-02-18 Jon Honeycutt Reviewed by Darin. Crash in Flash when clicking "Yes" to abort slow script Flash 9 dialog at http://www.kidzui.com When navigating to a new page, we stop all outstanding PluginStreams. Flash hangs in the call to NPP_URLNotify. It eventually displays the "slow script" dialog, which relinquishes control to the system. While this dialog is running, the request we are in the process of cancelling completes, and we re-enter Flash to deliver the data. When the dialog is dismissed, the internal state of Flash has changed, and Flash crashes with a null dereference. To work around this, we can defer loading before entering plug-in code, so that even if a plug-in yields to the system, we won't get callbacks while we're handling a callback. * plugins/PluginStream.cpp: (WebCore::PluginStream::startStream): Defers loads while calling into plug-in. (WebCore::PluginStream::destroyStream): Same. (WebCore::PluginStream::deliverData): Same. (WebCore::PluginStream::didFail): Protect 'this' from deletion by destroyStream. Null out m_loader only after destroyStream returns. (WebCore::PluginStream::didFinishLoading): Same. 2008-02-17 Steve Falkenburg Build fix. * WebCore.vcproj/build-generated-files.sh: 2008-02-17 Mark Rowe Merge r30331 to Safari-3-1-branch. 2008-02-15 Brady Eidson Reviewed by Darin Fix for and - Database threads and callback scripts can run after a page has closed or loaded a new document Deciding to make the Database I/O semantic the same as loaders/XHR when a document is shut down, this patch implements a policy of shutting down the databases in a document at the same time. This includes removing all pending transactions in a database, cutting off an queued statements in the current transaction, and preventing further callbacks from being made. No new layout tests with this patch as the current layout tests were catching this issue in a plethora of ways already (crashing, unexpected exceptions and output, etc) * dom/Document.cpp: (WebCore::Document::~Document): Don't actually stop the database thread here - it better have been stopped already. Add an assertion to that effect. (WebCore::Document::addOpenDatabase): Add a new database handle to this Document's open database set (WebCore::Document::removeOpenDatabase): Remove such a handle (WebCore::Document:: stopDatabases): Call "close" on all open Database handles for this document * dom/Document.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoading): In addition to canceling all resource loads and XHRs, stop all database I/O * platform/MessageQueue.h: (WebCore::MessageQueue::killed): * platform/sql/SQLiteTransaction.cpp: (WebCore::SQLiteTransaction::stop): Added. Explicit stop to cut off a transaction so it won't try anymore SQL activity * platform/sql/SQLiteTransaction.h: * storage/Database.cpp: (WebCore::Database::Database): (WebCore::Database::~Database): (WebCore::Database::markAsDeletedAndClose): Check if the thread has terminated before committing to waiting on the thread. (WebCore::Database::stop): Stop this database, including all queued transactions and callbacks * storage/Database.h: (WebCore::Database::stopped): * storage/DatabaseThread.cpp: (WebCore::DatabaseThread::terminationRequested): * storage/DatabaseThread.h: * storage/SQLTransaction.cpp: (WebCore::SQLTransaction::executeSQL): Throw an exception if a new executeSQL comes in after a database is closed (WebCore::SQLTransaction::checkAndHandleClosedDatabase): Added. Clears queued statements and clear the next step when the database has been closed since the last step/callback was run. Also stops the current SQLite transaction, if any (WebCore::SQLTransaction::performNextStep): (WebCore::SQLTransaction::performPendingCallback): * storage/SQLTransaction.h: 2008-02-17 Mark Rowe Merge r30330 to Safari-3-1-branch. 2008-02-15 Adele Peterson Reviewed by Darin. Fix for REGRESSION (r29348): Shift + Tab does not change indent level on Google Docs The immediate cause of this bug was that we stopped sending keypress events for the tab key when it is used to advance focus. We had a special case for forward-tab in designMode, where the default behavior was to insert a tab key (or respect the keypress handler behavior). This change makes the shift-tab behavior match the forward-tab behavior. If the site had put their event handler (which does the indenting) on the keydown event, then this problem would have been avoided. This is something we should look into and maybe advise the site on in the future. However, it's a low-risk change to just make tab and shift-tab uniform in this respect, so I think this is the way to go for right now. * page/EventHandler.cpp: (WebCore::EventHandler::defaultTabEventHandler): 2008-02-17 Mark Rowe Merge r30329 to Safari-3-1-branch. 2008-02-15 Anders Carlsson Reviewed by Alice. REGRESSION: "Loading" status remains when uploading file to .Mac iDisk via Safari Use the new CFNetwork functions for setting body parts. * platform/network/cf/FormDataStreamCFNet.cpp: (WebCore::setHTTPBody): (WebCore::httpBodyFromRequest): 2008-02-17 Mark Rowe Merge r30328 to Safari-3-1-branch. 2008-02-15 Geoffrey Garen Reviewed by Anders Carlsson. Fixed REGRESSION (r27898): Greenfield online surveys no longer work due to XMLHttpRequest exceptions Reverted some exception throwing code from r12194. To comply with the W3C draft spec, we used to throw an exception when trying to access responseText and responseXML at the wrong time, but that turned out to be a compatibility problem. Now, matching Firefox and previous versions of WebKit, we never throw an exception when accessing responseText or responseXML. See http://www.mail-archive.com/public-webapi@w3.org/msg02756.html. * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::getResponseText): (WebCore::XMLHttpRequest::getResponseXML): 2008-02-17 Mark Rowe Merge r30326 to Safari-3-1-branch. 2008-02-15 Justin Garcia Reviewed by Dan Bernstein. REGRESSION (r30062): Crash in InlineTextBox::isLineBreak() when Undoing a replace Rolled out * editing/SelectionController.cpp: (WebCore::SelectionController::nodeWillBeRemoved): 2008-02-17 Mark Rowe Merge r30325 to Safari-3-1-branch. 2008-02-15 Alice Liu Reviewed by Darin. Fixed REGRESSION (r28496): After deactivating JavaScript, scripts embedded in the HTML page continue to run Before this patch, Frame::scriptProxy() would only return null in the case that javascript was disabled and if the script proxy field wasn't set (which would only be the case if the window hasn't loaded anything yet). Not all callers of scriptProxy() always check for a non-null return value. Those that did check would effectively be checking if javascript was enabled before proceeding. This fix consists of 2 elements: first, make sure that scriptProxy() will never return null, regardless of whether javascript is disabled. This will mean that callers who don't check for null won't crash. Second, callers who did check for null now instead check for javascript being disabled. This means that code paths intended for preventing javascript from being run will be making the correct check. Another minor addition to this patch is that I added a function on Frame to be a shortcut for checking if javascript is enabled. * bindings/js/JSCustomSQLStatementCallback.cpp: (WebCore::JSCustomSQLStatementCallback::handleEvent): * bindings/js/JSCustomSQLStatementErrorCallback.cpp: (WebCore::JSCustomSQLStatementErrorCallback::handleEvent): * bindings/js/JSCustomSQLTransactionCallback.cpp: (WebCore::JSCustomSQLTransactionCallback::handleEvent): * bindings/js/JSCustomSQLTransactionErrorCallback.cpp: (WebCore::JSCustomSQLTransactionErrorCallback::handleEvent): * bindings/js/JSCustomVoidCallback.cpp: (WebCore::JSCustomVoidCallback::handleEvent): * bindings/js/JSCustomXPathNSResolver.cpp: (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI): * bindings/js/ScheduledAction.cpp: (WebCore::ScheduledAction::execute): * bindings/js/kjs_events.cpp: (WebCore::JSAbstractEventListener::handleEvent): (WebCore::JSLazyEventListener::parseCode): * bindings/js/kjs_html.cpp: (WebCore::runtimeObjectImplementsCall): * bindings/js/kjs_proxy.cpp: (WebCore::KJSProxy::isEnabled): * bindings/js/kjs_proxy.h: * bindings/js/kjs_window.cpp: (KJS::Window::retrieveWindow): (KJS::Window::retrieve): * dom/Document.cpp: (WebCore::Document::createHTMLEventListener): * dom/EventTarget.cpp: (WebCore::EventTarget::dispatchGenericEvent): * html/HTMLPlugInElement.cpp: (WebCore::HTMLPlugInElement::createNPObject): * html/HTMLScriptElement.cpp: (WebCore::HTMLScriptElement::evaluateScript): * html/HTMLTokenizer.cpp: (WebCore::HTMLTokenizer::parseTag): (WebCore::HTMLTokenizer::processToken): * loader/FrameLoader.cpp: (WebCore::FrameLoader::executeScript): (WebCore::FrameLoader::userGestureHint): (WebCore::FrameLoader::open): (WebCore::FrameLoader::dispatchWindowObjectAvailable): (WebCore::FrameLoader::switchOutLowBandwidthDisplayIfReady): * manual-tests/disable-javascript-reload.html: Added. * page/Frame.cpp: (WebCore::Frame::scriptProxy): (WebCore::Frame::bindingRootObject): (WebCore::Frame::windowScriptNPObject): * page/Frame.h: * page/InspectorController.cpp: (WebCore::canPassNodeToJavaScript): * page/mac/FrameMac.mm: (WebCore::Frame::windowScriptObject): * svg/SVGDocumentExtensions.cpp: (WebCore::SVGDocumentExtensions::createSVGEventListener): 2008-02-17 Mark Rowe Merge r30323 to Safari-3-1-branch. 2008-02-15 Dan Bernstein Reviewed by Alexey Proskuryakov. - WebCore part of fixing http://bugs.webkit.org/show_bug.cgi?id=17360 REGRESSION: mp4 file downloaded from server is downloaded as html Test: http/tests/loading/text-content-type-with-binary-extension.html Refined the workaround for to exclude files with extensions that are known to be associated with binary MIME types. * WebCore.xcodeproj/project.pbxproj: Added WebCoreURLResponse.{h,mm}. * platform/network/mac/ResourceResponseMac.mm: (WebCore::ResourceResponse::doUpdateResourceResponse): Moved the workaround logic into WebCoreURLResponse. * platform/network/mac/WebCoreURLResponse.h: Added. * platform/network/mac/WebCoreURLResponse.mm: Added. (createBinaryExtensionsSet): Returns a set of extensions known to belong to MIME types of binary data. (-[NSURLResponse _webcore_MIMEType]): (-[NSHTTPURLResponse _webcore_MIMEType]): Forces the MIME type from application/octet-stream to text/plain if that is the specified Content-Type, unless the extension is in the binary extensions set. 2008-02-15 Mark Rowe Merge r30285 to Safari-3-1-branch. 2008-02-15 Adam Roben * bindings/scripts/CodeGenerator.pm: Touch this to force bindings to regenerate. 2008-02-15 Mark Rowe Merge r30269 to Safari-3-1-branch. 2008-02-14 Adam Roben Conditionalize cross-document messaging support The cross-document messaging parts of HTML 5 are in flux and we want ports to be able to turn off the support as needed. Note that the support is turned off by default right now. A subsequent commit will turn it on by default. Reviewed by Darin. * GNUmakefile.am: * WebCore.vcproj/build-generated-files.sh: * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::customGetOwnPropertySlot): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * dom/Event.cpp: (WebCore::Event::isMessageEvent): * dom/Event.h: * dom/MessageEvent.cpp: * dom/MessageEvent.h: * dom/MessageEvent.idl: * page/DOMWindow.cpp: (WebCore::DOMWindow::postMessage): * page/DOMWindow.h: * page/DOMWindow.idl: 2008-02-15 Mark Rowe Merge r30240 to Safari-3-1-branch. 2008-02-14 Ada Chan Fix leaks of RegularExpression objects in Frame.cpp. Reviewed by Jon and Darin. * page/Frame.cpp: (WebCore::createRegExpForLabels): (WebCore::Frame::searchForLabelsBeforeElement): (WebCore::Frame::matchLabelsAgainstElement): 2008-02-15 Mark Rowe Merge r30239 to Safari-3-1-branch. 2008-02-14 Stephanie Lewis Reviewed by Geoff. Update order files. * WebCore.order: 2008-02-15 Mark Rowe Merge r30238 to Safari-3-1-branch. 2008-02-14 Oliver Hunt Reviewed by Geoff G and Weinig. REGRESSION (r29428): Assigning to window.status does not update status bar Revert the portions of r29428 responsible for breaking the ability to set window.status * page/DOMWindow.cpp: (WebCore::DOMWindow::setStatus): (WebCore::DOMWindow::defaultStatus): (WebCore::DOMWindow::setDefaultStatus): * page/DOMWindow.h: * page/DOMWindow.idl: 2008-02-15 Mark Rowe Merge r30237 to Safari-3-1-branch. 2008-02-14 Anders Carlsson Reviewed by Darin. Crash in WebCore::DeprecatedString::operator= + 31 at news.google.com Use pointers in the cache map tables. Otherwise when we rehash, we will end up destroying Cache objects that node lists might point to. * dom/Node.cpp: (WebCore::NodeListsNodeData::~NodeListsNodeData): (WebCore::Node::getElementsByName): (WebCore::Node::getElementsByClassName): 2008-02-15 Mark Rowe Merge r30233 to Safari-3-1-branch. 2008-02-14 Timothy Hatcher Reviewed by Darin Adler. A deadlock during storage layout tests Make sure not to hold the m_openDatabaseMapGuard mutex when calling Database::markAsDeletedAndClose(), since that can cause a deadlock during the synchronous DatabaseThread call it triggers. * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteDatabaseFile): 2008-02-15 Mark Rowe Merge r30222 to Safari-3-1-branch. 2008-02-13 Justin Garcia Reviewed by Oliver Hunt. Fixes the editing/deleting/5729680.html failure. It succeeds when run by itself but fails when run with other tests because FramePrivate's m_selectionGranularity isn't reset when a Frame receives a new document. It was also uninitialized in the constructor. * loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Initialize m_selectionGranularity. * page/Frame.cpp: (WebCore::FramePrivate::FramePrivate): Ditto. 2008-02-15 Mark Rowe Merge r30218 to Safari-3-1-branch. 2008-02-13 Jon Honeycutt Reviewed by Anders. Hangs after closing video trailer popup with VLC plugin VLC hangs on NPP_Destroy if we call NPP_SetWindow with a null window handle. * plugins/PluginQuirkSet.h: Added new quirk PluginQuirkDontSetNullWindowHandleOnDestroy. (WebCore::): * plugins/win/PluginViewWin.cpp: (WebCore::PluginView::stop): Selectively call NPP_SetWindow. (WebCore::PluginView::determineQuirks): Set new quirk for VLC plug-in. 2008-02-15 Mark Rowe Merge r30213 to Safari-3-1-branch. 2008-02-13 Justin Garcia Reviewed by Adam Roben. REGRESSION (r27873): Removing the last character of a word in Mail or Safari also removes the following space * editing/Editor.cpp: (WebCore::Editor::deleteWithDirection): Fixed a typo. 2008-02-15 Mark Rowe Merge r30195 to Safari-3-1-branch. 2008-02-13 Alexey Proskuryakov Reviewed by Darin. Database termination issues Test: storage/close-during-stress-test.html * dom/Document.cpp: (WebCore::Document::databaseThread): * dom/Document.h: Don't re-create the database thread if it has been already terminated. * storage/Database.h: (WebCore::Database::document): Changed m_database to a RefPtr to avoid having a hanging reference. * storage/DatabaseThread.cpp: (WebCore::DatabaseThread::requestTermination): * storage/SQLTransaction.cpp: (WebCore::SQLTransaction::~SQLTransaction): Removed logging. Transactions are deleted during GC, so it's usually not importatnt to know when it happens. 2008-02-15 Mark Rowe Merge r30189 to Safari-3-1-branch. 2008-02-12 Timothy Hatcher Reviewed by Brady Eidson. Can't delete database if the website that uses it has been opened in this session Close the Database on the database thread before deleting the file. Tested and works on Windows and Mac. * platform/sql/SQLiteDatabase.cpp: (WebCore::SQLiteDatabase::close): Assert we are on the opening thread. * storage/Database.cpp: (WebCore::Database::markAsDeletedAndClose): Unschedule any pending Database tasks, and start and imediate DatabaseCloseTask. (WebCore::Database::close): Close the SQLDatabase. * storage/Database.h: Renamed markAsDeleted to markAsDeletedAndClose. * storage/DatabaseTask.cpp: (WebCore::DatabaseCloseTask::DatabaseCloseTask): New task. (WebCore::DatabaseCloseTask::doPerformTask): Call close on the Database. (WebCore::DatabaseCloseTask::debugTaskName): Return "DatabaseCloseTask". * storage/DatabaseTask.h: Add DatabaseCloseTask. * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteDatabaseFile): Call the renamed markAsDeletedAndClose. 2008-02-15 Mark Rowe Merge r30184 to Safari-3-1-branch. 2008-02-12 Brady Eidson Reviewed by Darin Adler Fix for - Database API needs to support SuccessCallback Layout tests will come shortly with a mess of DRT changes * platform/SecurityOrigin.cpp: (WebCore::SecurityOrigin::SecurityOrigin): Standardize on "empty string" instead of null string as different paths of constructing a SecurityOrigin were causing different hashes for the "same" SecurityOrigin * storage/Database.cpp: (WebCore::Database::changeVersion): Pass in the successCallback (WebCore::Database::transaction): Ditto * storage/SQLTransaction.cpp: (WebCore::SQLTransaction::SQLTransaction): (WebCore::SQLTransaction::debugStepName): (WebCore::SQLTransaction::performNextStep): Update ASSERTs for the new valid steps (WebCore::SQLTransaction::performPendingCallback): Ditto (WebCore::SQLTransaction::postflightAndCommit): Schedule the success callback if it exists - otherwise skip straight to cleanupAfterSuccessCallback() (WebCore::SQLTransaction::deliverSuccessCallback): Deliver success callback on the main thread, then schedule cleanupAfterSuccessCallback() (WebCore::SQLTransaction::cleanupAfterSuccessCallback): Cleanup and end the transaction (WebCore::SQLTransaction::handleTransactionError): (WebCore::SQLTransaction::deliverTransactionErrorCallback): (WebCore::SQLTransaction::cleanupAfterTransactionErrorCallback): * storage/SQLTransaction.h: 2008-02-15 Mark Rowe Merge r30179 to Safari-3-1-branch. 2008-02-12 Dan Bernstein Reviewed by Adam Roben. - fix http://bugs.webkit.org/show_bug.cgi?id=17041 Eastern Asian fonts do not display without specific box in Control Panel Revised the system fallback font lookup logic to use MLang font linking again. To avoid reintroducing bug 16548 and , for CJK characters, try linking based on a single code page at a time, starting with the user's default code page (if it is one of the CJK code pages) followed by the other CJK code pages in a prescribed order that matches what Firefox does. * platform/graphics/win/FontCacheWin.cpp: (WebCore::getCJKCodePageMasks): Added. Returns the search order for CJK code pages, with the user's default code page first. (WebCore::currentFontContainsCharacter): Factored out of getFontDataForCharacters(). (WebCore::createMLangFont): Ditto. (WebCore::FontCache::getFontDataForCharacters): 2008-02-15 Mark Rowe Merge r30174 to Safari-3-1-branch. 2008-02-12 Dan Bernstein Reviewed by Timothy Hatcher. - Remove workaround for from post-Tiger builds * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::setShadow): 2008-02-15 Mark Rowe Merge r30173 to Safari-3-1-branch. 2008-02-12 Brady Eidson Release build fix * storage/DatabaseTask.cpp: 2008-02-15 Mark Rowe Merge r30172 to Safari-3-1-branch. 2008-02-12 Alexey Proskuryakov and Brady Eidson Reviewed by Brady. http://bugs.webkit.org/show_bug.cgi?id=17177 Storage tasks are getting lost REGRESSION: Cannot schedule more than one transaction at a time Major thread safety issue in Database code * platform/MessageQueue.h: Added a thread-safe queue abstraction. * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: Added MessageQueue.h. * dom/Document.cpp: (WebCore::Document::~Document): Fixed a race condition resulting in a hanging reference. * storage/Database.idl: Fixed parameter declarations to actually match implementation (which is custom, so it got out of sync). * storage/DatabaseTask.h: (WebCore::DatabaseTask::database): (WebCore::DatabaseTransactionTask::transaction): Changed tasks to hold more information internally. Added helpers for better debug logging. * storage/DatabaseTask.cpp: (WebCore::DatabaseTask::DatabaseTask): (WebCore::DatabaseTask::performTask): (WebCore::DatabaseOpenTask::DatabaseOpenTask): (WebCore::DatabaseOpenTask::doPerformTask): (WebCore::DatabaseOpenTask::debugTaskName): (WebCore::DatabaseTransactionTask::DatabaseTransactionTask): (WebCore::DatabaseTransactionTask::~DatabaseTransactionTask): (WebCore::DatabaseTransactionTask::doPerformTask): (WebCore::DatabaseTransactionTask::debugTaskName): (WebCore::DatabaseTableNamesTask::DatabaseTableNamesTask): (WebCore::DatabaseTableNamesTask::doPerformTask): (WebCore::DatabaseTableNamesTask::debugTaskName): Implementation for the above. (WebCore::DatabaseTask::lockForSynchronousScheduling): (WebCore::DatabaseTask::waitForSynchronousCompletion): Fixed a potential race condition: if the task completed before we entered a wait, we'd never wake up. There was an assertion guarding against this, but no actual guarantee that I could see. * storage/DatabaseThread.cpp: (WebCore::DatabaseThread::DatabaseThread): (WebCore::DatabaseThread::requestTermination): (WebCore::DatabaseThread::databaseThread): (WebCore::DatabaseThread::scheduleTask): (WebCore::DatabaseThread::scheduleImmediateTask): (WebCore::DatabaseThread::unscheduleDatabaseTasks): * storage/DatabaseThread.h: Changed to use MessageQueue. * storage/Database.cpp: (WebCore::guidMutex): (WebCore::guidToVersionMap): (WebCore::guidToDatabaseMap): (WebCore::Database::openDatabase): (WebCore::Database::Database): (WebCore::Database::~Database): (WebCore::Database::openAndVerifyVersion): (WebCore::guidForOriginAndName): (WebCore::Database::changeVersion): (WebCore::Database::transaction): (WebCore::Database::scheduleTransaction): (WebCore::Database::scheduleTransactionStep): (WebCore::Database::scheduleTransactionCallback): (WebCore::Database::version): (WebCore::Database::deliverPendingCallback): (WebCore::Database::tableNames): * storage/Database.h: Changed m_transactionQueue to a MessageQueue. Got rid of callback tracking - these can take care of themselves. Got rid of a DatabaseThread member, as the Document can be asked for it. Moved private static members and helpers out of the header. Lost CurrentThreadSetter debug helper on the way. We may need to re-add something like that later. * storage/SQLTransaction.h: * storage/SQLTransaction.cpp: Added a lot of debug logging. (WebCore::SQLTransaction::scheduleToRunStatements): Removed "m_currentStatement = 0" assignment, as it created a race condition. Everything seems to work better without it, although a real fix would be to get rid of this variable - it's evil shared data that isn't even protected in any way. * manual-tests/database-threading-stress-test-2.html: Added. * manual-tests/database-threading-stress-test.html: Added. 2008-02-15 Mark Rowe Merge r30171 to Safari-3-1-branch. 2008-02-12 Adam Roben Fix Bug 17328: REGRESSION (r30147): Inspector is unstyled on Windows Reviewed by Mitz. Test: fast/loader/local-css-allowed-in-strict-mode.html * platform/network/cf/ResourceResponseCFNet.cpp: (WebCore::ResourceResponse::doUpdateResourceResponse): Add a case for .css files. 2008-02-15 Mark Rowe Merge r30162 to Safari-3-1-branch. 2008-02-11 Dan Bernstein Reviewed by Dave Hyatt. - fix http://bugs.webkit.org/show_bug.cgi?id=17320 :last-child does not set the "uses sibling rules" flag Test: fast/css/last-child-style-sharing.html * css/CSSGrammar.y: Changed to call setUsesSiblingRules(true) for all CSS3 selectors that require it. 2008-02-15 Mark Rowe Merge r30157 to Safari-3-1-branch. 2008-02-11 Sam Weinig Reviewed by Darin Adler. Make the cross-domain security model more closely match Firefox by always returning the native built-in functions when accessing functions cross-domain. Fixes for: Match Firefox's cross-domain model more accurately by return the built-in version of functions even if they have been overridden Crash when setting the Window objects prototype to a custom Object and then calling a method on it Tests: fast/dom/Window/window-custom-prototype-crash.html fast/dom/Window/window-function-frame-getter-precedence.html http/tests/security/cross-frame-access-get-override.html http/tests/security/cross-frame-access-location-get-override.html http/tests/security/cross-frame-access-location-get.html http/tests/security/cross-frame-access-location-put.html * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::customGetOwnPropertySlot): - Return the native-built in version of an cross-domain allowed function (eg. window.focus) whether or not it has been overridden, instead of undefined. - When doing findEntry lookup, use the the tables directly (JSDOMWindowPrototype::info.propHashTable) instead of calling the virtual classInfo() method to avoid the unnecessary overhead. - Allow access to the native toString function cross-domain. It always returns "[object Window]". - Use the new nonCachingStaticFunctionGetter when return allowed functions cross-frame so that the function an overridden function is not inadvertantly returned from the PropertyMap.\ * bindings/js/JSHistoryCustom.cpp: (WebCore::JSHistory::customGetOwnPropertySlot): - Implement the same model as described above for the History object, always returning the native built-in function cross-domain. - Allow access to the native toString function cross-domain. - Clean up the code to make it clear that the custom functionality is only there for cross-domain access. * bindings/js/JSLocation.cpp: (WebCore::JSLocation::getOwnPropertySlot): - Match the generated classes by moving all the custom logic into a separate customGetOwnPropertySlot function. This will help moving to a generated class in the future. (WebCore::JSLocation::customGetOwnPropertySlot): - Implement the same model as described above for the Location object, always returning the native built-in function cross-domain. - Clean up the code to make it clear that the custom functionality is only there for cross-domain access. (WebCore::JSLocation::put): (WebCore::JSLocation::deleteProperty): (WebCore::JSLocation::getPropertyNames): * bindings/js/JSLocation.h: - Clean up to match the rest of the file a little better. * bindings/js/kjs_binding.cpp: (WebCore::allowsAccessFromFrame): (WebCore::printErrorMessageForFrame): (WebCore::nonCachingStaticFunctionGetter): (WebCore::objectToStringFunctionGetter): * bindings/js/kjs_binding.h: - Put common functionality related to cross-domain access here to serve as a central shared point. This includes moving and augmenting the allowsAccessFromFrame method that was in both JSHistoryCustom.cpp and JSLocation.cpp. * bindings/js/kjs_dom.cpp: (WebCore::checkNodeSecurity): - Use the new allowsAccessFromFrame method. * bindings/js/kjs_window.cpp: (KJS::Window::childFrameGetter): Cleanup. (KJS::Window::namedItemGetter): Cleanup. (KJS::Window::getOwnPropertySlot): - Do the prototype lookup early to match Firefox in having function lookup have a higher precedence than the index or shortcut name getters. - Cleanup function to make it more understandable and slightly more efficient. (KJS::Window::allowsAccessFrom): - Add a new variant of this method that takes a reference to a String, which, on failure, will contain the error message to print out. The caller can then pass this to printErrorMessage. This allows for code to check allowsAccessFrom and act on the result without printing out the error message. For convenience, a version with out the String parameter has been left which prints out the message automatically. (KJS::Window::printErrorMessage): * bindings/js/kjs_window.h: 2008-02-15 Mark Rowe Merge r30154 to Safari-3-1-branch. 2008-02-11 Timothy Hatcher Reviewed by Brady Eidson. Many m_quotaMap uses do not hold the m_quotaMapGuard * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::hasEntryForOrigin): Hold m_quotaMapGuard when using m_quotaMap. (WebCore::DatabaseTracker::origins): Ditto. (WebCore::DatabaseTracker::setQuota): Ditto. (WebCore::DatabaseTracker::deleteAllDatabases): Call origins() and itterate over the origins to call deleteOrigin(). (WebCore::DatabaseTracker::deleteOrigin): Hold m_quotaMapGuard when using m_quotaMap. 2008-02-15 Mark Rowe Merge r30153 to Safari-3-1-branch. 2008-02-11 David Hyatt Fix for bug 17286, crash accessing a null RenderStyle. Add a simple null check. Reviewed by aroben Added fast/css/empty-generated-content.html * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::checkOneSelector): 2008-02-15 Mark Rowe Merge r30146 to Safari-3-1-branch. 2008-02-11 Adam Roben Fix Bug 14316: Inspector's Console truncates long strings We no longer call Object.describe to format all the output of commands enetered into the Console. The ConsolePanel object now has a set of formatting functions that append a formatted representation of the passed-in object to the passed-in container node. Reviewed by Sam. * page/inspector/ConsolePanel.js: (WebInspector.ConsolePanel._onEnterPressed): Updated for rename of _outputToNode to _format. (WebInspector.ConsolePanel._format): Renamed from _outputToNode. Use Object.type to get the type of the object, then call the appropriate formatting function. (WebInspector.ConsolePanel._formatvalue): Added. (WebInspector.ConsolePanel._formatstring): Added. This function contains the actual fix for the bug, since it doesn't truncate the string no matter how long it is. (WebInspector.ConsolePanel._formatregexp): Added. (WebInspector.ConsolePanel._formatarray): Added. This is a bit more functional than Object.describe for arrays, since it recursively formats each item in the array. One advantage of this is that Nodes in arrays will be linkified instead of just turning into "[Object HTMLBodyElement]" or similar. (WebInspector.ConsolePanel._formatnode): Added. (WebInspector.ConsolePanel._formatobject): Added. (WebInspector.ConsolePanel. * page/inspector/utilities.js: (Object.type): Added. Code was pulled out of Object.describe and reorganized slightly. (Object.describe): Call Object.type. There should be no change in behavior of this function. 2008-02-15 Mark Rowe Merge r30116 to Safari-3-1-branch. 2008-02-09 David Hyatt Fix for bug 17254, nth-* selectors do not work with negative coefficients. Reviewed by Mitz. fast/css/negative-nth-child.html * css/CSSStyleSelector.cpp: (WebCore::parseNth): 2008-02-15 Mark Rowe Merge r30112 to Safari-3-1-branch. 2008-02-09 David Hyatt Fix for bug 17203, high CPU usage loading HTML5 spec. This patch significantly improves the performance of CSS3 selectors. (1) Split the notion of being affected by positional rules into "forward" and "backward." The "forward" selectors do not need to re-resolve during parsing, since children are appended on the end. Only the "backward" selectors like last-child or nth-last-child have to re-resolve when a close tag is encountered. (2) Extend childrenChanged to specify whether the children were changed by the parser or not. This allows Element::childrenChanged to know when the parser is adding children so that it can ignore those adds when possible. (3) Make sure all Elements now know whether or not their children are currently parsing. Backwards selectors like last-child will always return false when children are still being parsed. When an Element finishes parsing its children, finishParsingChildren() gets called and will make sure the children re-resolve properly. (4) Added a beginParsingChildren method and renamed finishParsing to finishedParsingChildren. (5) Eliminated one-off hacks that did the same thing in HTMLObjectElement and HTMLAppletElement. (6) Patched many incorrect implementations of finishedParsingChildren that did not properly call into their base class (mostly new SVG elements that got added for SVG fonts around the time this became a requirement). Reviewed by Eric * css/CSSStyleSelector.cpp: (WebCore::CSSStyleSelector::checkSelector): (WebCore::CSSStyleSelector::checkOneSelector): * dom/Attr.cpp: (WebCore::Attr::childrenChanged): * dom/Attr.h: * dom/ContainerNode.cpp: (WebCore::ContainerNode::addChild): * dom/Document.cpp: (WebCore::Document::childrenChanged): * dom/Document.h: * dom/Element.cpp: (WebCore::Element::Element): (WebCore::Element::recalcStyle): (WebCore::checkFirstChildRules): (WebCore::checkLastChildRules): (WebCore::checkEmptyRules): (WebCore::checkStyleRules): (WebCore::Element::childrenChanged): (WebCore::Element::finishParsingChildren): * dom/Element.h: (WebCore::Element::finishedParsingChildren): (WebCore::Element::beginParsingChildren): * dom/Node.cpp: * dom/Node.h: (WebCore::Node::finishParsingChildren): (WebCore::Node::beginParsingChildren): (WebCore::Node::childrenChanged): * dom/StyledElement.cpp: (WebCore::StyledElement::StyledElement): * dom/StyledElement.h: * dom/XMLTokenizer.cpp: (WebCore::XMLTokenizer::startElementNs): (WebCore::XMLTokenizer::endElementNs): (WebCore::): * html/HTMLAppletElement.cpp: (WebCore::HTMLAppletElement::HTMLAppletElement): (WebCore::HTMLAppletElement::finishParsingChildren): * html/HTMLAppletElement.h: * html/HTMLElementFactory.cpp: (WebCore::objectConstructor): * html/HTMLGenericFormElement.cpp: (WebCore::HTMLFormControlElementWithState::finishParsingChildren): * html/HTMLGenericFormElement.h: * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::HTMLObjectElement): (WebCore::HTMLObjectElement::finishParsingChildren): (WebCore::HTMLObjectElement::childrenChanged): * html/HTMLObjectElement.h: * html/HTMLOptGroupElement.cpp: (WebCore::HTMLOptGroupElement::childrenChanged): * html/HTMLOptGroupElement.h: * html/HTMLOptionElement.cpp: (WebCore::HTMLOptionElement::childrenChanged): * html/HTMLOptionElement.h: * html/HTMLParser.cpp: (WebCore::HTMLParser::insertNode): (WebCore::HTMLParser::pushBlock): (WebCore::HTMLParser::popOneBlockCommon): * html/HTMLScriptElement.cpp: (WebCore::HTMLScriptElement::childrenChanged): (WebCore::HTMLScriptElement::finishParsingChildren): * html/HTMLScriptElement.h: * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::childrenChanged): * html/HTMLSelectElement.h: * html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::finishParsingChildren): (WebCore::HTMLStyleElement::childrenChanged): * html/HTMLStyleElement.h: * html/HTMLTextAreaElement.cpp: (WebCore::HTMLTextAreaElement::childrenChanged): * html/HTMLTextAreaElement.h: * html/HTMLTitleElement.cpp: (WebCore::HTMLTitleElement::childrenChanged): * html/HTMLTitleElement.h: * rendering/RenderApplet.cpp: (WebCore::RenderApplet::createWidgetIfNecessary): * rendering/RenderPartObject.cpp: (WebCore::RenderPartObject::updateWidget): * rendering/RenderStyle.cpp: (WebCore::RenderStyle::RenderStyle): * rendering/RenderStyle.h: (WebCore::RenderStyle::childrenAffectedByForwardPositionalRules): (WebCore::RenderStyle::setChildrenAffectedByForwardPositionalRules): (WebCore::RenderStyle::childrenAffectedByBackwardPositionalRules): (WebCore::RenderStyle::setChildrenAffectedByBackwardPositionalRules): * svg/SVGAnimationElement.cpp: (WebCore::SVGAnimationElement::finishParsingChildren): * svg/SVGAnimationElement.h: * svg/SVGClipPathElement.cpp: (WebCore::SVGClipPathElement::childrenChanged): * svg/SVGClipPathElement.h: * svg/SVGDefinitionSrcElement.cpp: (WebCore::SVGDefinitionSrcElement::childrenChanged): * svg/SVGDefinitionSrcElement.h: * svg/SVGElement.cpp: (WebCore::SVGElement::finishParsingChildren): * svg/SVGElement.h: * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::childrenChanged): * svg/SVGFontFaceElement.h: * svg/SVGFontFaceFormatElement.cpp: (WebCore::SVGFontFaceFormatElement::childrenChanged): * svg/SVGFontFaceFormatElement.h: * svg/SVGFontFaceSrcElement.cpp: (WebCore::SVGFontFaceSrcElement::childrenChanged): * svg/SVGFontFaceSrcElement.h: * svg/SVGFontFaceUriElement.cpp: (WebCore::SVGFontFaceUriElement::childrenChanged): * svg/SVGFontFaceUriElement.h: * svg/SVGGElement.cpp: (WebCore::SVGGElement::childrenChanged): * svg/SVGGElement.h: * svg/SVGGradientElement.cpp: (WebCore::SVGGradientElement::childrenChanged): * svg/SVGGradientElement.h: * svg/SVGMarkerElement.cpp: (WebCore::SVGMarkerElement::childrenChanged): * svg/SVGMarkerElement.h: * svg/SVGMaskElement.cpp: (WebCore::SVGMaskElement::childrenChanged): * svg/SVGMaskElement.h: * svg/SVGPatternElement.cpp: (WebCore::SVGPatternElement::childrenChanged): * svg/SVGPatternElement.h: * svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::finishParsingChildren): (WebCore::SVGStyleElement::childrenChanged): * svg/SVGStyleElement.h: * svg/SVGStyledElement.cpp: (WebCore::SVGStyledElement::childrenChanged): * svg/SVGStyledElement.h: * svg/SVGTitleElement.cpp: (WebCore::SVGTitleElement::childrenChanged): * svg/SVGTitleElement.h: * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::childrenChanged): * svg/SVGUseElement.h: 2008-02-15 Mark Rowe Merge r30104 to Safari-3-1-branch. 2008-02-08 Timothy Hatcher Reviewed by Brady Eidson. Removing database then trying to recreate it causes trouble Added open Database support to DatabaseTracker. So any Database that is deleted will be marked as deleted and will fail to open any transaction or execute any new SQL queries. * storage/Database.cpp: (WebCore::Database::Database): Call DatabaseTracker::addOpenDatabase. (WebCore::Database::~Database): Call DatabaseTracker::removeOpenDatabase. (WebCore::Database::markAsDeleted): Set the m_deleted flag. (WebCore::Database::version): Return a null String if m_deleted is true. * storage/Database.h: (WebCore::Database::deleted): Return m_deleted. * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::addOpenDatabase): Add the Database to a map of origins and names. (WebCore::DatabaseTracker::removeOpenDatabase): Remove the Database from the map. (WebCore::DatabaseTracker::deleteDatabaseFile): Call markAsDeleted on all the open Databases matching the origin/name. * storage/DatabaseTracker.h: * storage/SQLStatement.cpp: (WebCore::SQLStatement::setDatabaseDeletedError): Set the error about the user deleting the database. * storage/SQLStatement.h: * storage/SQLTransaction.cpp: (WebCore::SQLTransaction::executeSQL): If the Database is deleted, call setDatabaseDeletedError. (WebCore::SQLTransaction::openTransactionAndPreflight): Set the error about the user deleting the database if the Database was marked as deleted. 2008-02-15 Mark Rowe Merge r30101 to Safari-3-1-branch. 2008-02-08 Anders Carlsson Reviewed by Mitz. http://bugs.webkit.org/show_bug.cgi?id=16102 Crash in FrameLoader::stopLoadingSubframes() on IMDB page Store the child frame in a RefPtr to prevent it from being deleted when the frame tree changes while calling stopAllLoaders(). * loader/FrameLoader.cpp: (WebCore::FrameLoader::stopLoadingSubframes): 2008-02-15 Mark Rowe Merge r30098 to Safari-3-1-branch. 2008-02-08 Alp Toker Reviewed by Adam Roben. Avoid null-dereference crasher noticed in the GTK+ port and also affecting the Win release build. Covered by existing tests. * dom/Document.cpp: (WebCore::Document::userStyleSheet): 2008-02-15 Mark Rowe Merge r30097 to Safari-3-1-branch. 2008-02-08 Anders Carlsson Reviewed by Adam. REGRESSION: PLT 0.7% slower due to 29926 (change Text::createWithLengthLimit to take a UChar pointer) Revert r29926 which caused the regression. * dom/Text.cpp: (WebCore::Text::createWithLengthLimit): * dom/Text.h: * html/HTMLParser.cpp: (WebCore::HTMLParser::parseToken): * loader/TextDocument.cpp: (WebCore::TextTokenizer::write): 2008-02-15 Mark Rowe Merge r30096 to Safari-3-1-branch. 2008-02-08 Sam Weinig Reviewed by Hyatt. Fix for http://bugs.webkit.org/show_bug.cgi?id=17213 The querySelectorAll method on an element node does not search only the element's descendants Test: fast/dom/SelectorAPI/elementRoot.html * dom/Node.cpp: (WebCore::Node::querySelector): Make sure to stay within the root node when traversing the tree. * dom/SelectorNodeList.cpp: (WebCore::SelectorNodeList::SelectorNodeList): ditto. 2008-02-15 Mark Rowe Merge r30087 to Safari-3-1-branch. 2008-02-06 Kimmo Kinnunen Reviewed by Tim Hatcher. Fixes: http://bugs.webkit.org/show_bug.cgi?id=17191 HTML5: Client-side database queries should return values of type number Test: storage/sql-data-types.html Make the DB queries return a value as a number if it was inserted as a number to the database. * platform/sql/SQLiteStatement.cpp: (WebCore::SQLiteStatement::getColumnValue): new member function to return SQLValues * platform/sql/SQLiteStatement.h: * storage/SQLStatement.cpp: (WebCore::SQLStatement::execute): use getColumnValue instead of getColumnText 2008-02-15 Mark Rowe Merge r30085 to Safari-3-1-branch. 2008-02-07 Ada Chan certificate authentication support broken in Safari 3.0 Added mechanism to communicate client certificate info back to CFNetwork. Reviewed by Adam. * platform/network/ResourceHandle.h: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::clientCerts): Keep a mapping of hosts to client certificates. (WebCore::makeFinalRequest): If we have a client certificate for the host, pass it to CFNetwork by setting it in the SSL properties. (WebCore::ResourceHandle::setClientCertificate): Map client certificate to the host. 2008-02-15 Mark Rowe Merge r30081 to Safari-3-1-branch. 2008-02-07 Adam Roben Fix Bug 17138: REGRESSION: Node highlight not updated properly Reviewed by Darin. No test possible. * page/InspectorController.cpp: (WebCore::InspectorController::drawNodeHighlight): Update the overlayRect after scrolling to make sure that we translate the context by the correct amount. 2008-02-15 Mark Rowe Merge r30080 to Safari-3-1-branch. 2008-02-07 Adam Roben Qt and GTK+ build fixes * platform/gtk/FileSystemGtk.cpp: Added a missing #include. * platform/qt/FileSystemQt.cpp: Ditto. 2008-02-15 Mark Rowe Merge r30079 to Safari-3-1-branch. 2008-02-07 Adam Roben Some cleanup of Mac-only user stylesheet code I moved UserStyleSheetLoader out of Frame.cpp into its own files, and moved some Mac-only Frame methods to FrameMac.mm. Reviewed by Darin. * WebCore.xcodeproj/project.pbxproj: Added new files to project. * loader/mac/UserStyleSheetLoader.cpp: Added. (UserStyleSheetLoader::UserStyleSheetLoader): (UserStyleSheetLoader::~UserStyleSheetLoader): * loader/mac/UserStyleSheetLoader.h: Added. * page/Frame.cpp: Removed setUserStyleSheet[Location] * page/mac/FrameMac.mm: (WebCore::Frame::setUserStyleSheetLocation): Moved here from Frame.cpp. (WebCore::Frame::setUserStyleSheet): Ditto. 2008-02-15 Mark Rowe Merge r30078 to Safari-3-1-branch. 2008-02-07 Adam Roben Fix GMail never loads when a user stylesheet is specified The fix in r29841 did not guarantee that the user stylesheet would not still be loading by the time GMail called document.write, and so was not a complete fix. This change reworks the user stylesheet loading mechanism on non-Mac platforms to load the stylesheet synchronously from disk, and then keeps it in memory. This obsoletes the issue of what our behavior should be before the user stylesheet has loaded and what should happen when it finishes loading, as the user stylesheet will always be available when the Document first asks for it. Note, however, that this removes the ability to specify a non-file: URL for the user stylesheet. This change was not made for the Mac platform because it's possible that WebKit clients are relying on non-file: URLs for user stylesheets. It would also be nice to move back to an asynchronous loading model someday, but that is not currently possible since we don't have an asynchronous loading mechanism that is not tied to a particular Frame. The responsibility of loading and storing the user stylesheet has moved from Frame to Page, since the user stylesheet URL is set on the Page-level Settings object. Reviewed by Darin. * dom/Document.cpp: (WebCore::Document::Document): Changed to call userStyleSheet(). (WebCore::Document::setUserStyleSheet): Made Mac-only. (WebCore::Document::userStyleSheet): Changed to call up to Page on non-Mac platforms. (WebCore::Document::recalcStyleSelector): Changed to call userStyleSheet(). * dom/Document.h: - Made setUserStyleSheet and the m_usersheet member Mac-only - Changed userStyleSheet to return a String instance instead of a String reference, since we now might return a new null String. * loader/FrameLoader.cpp: (WebCore::FrameLoader::begin): Made the call to Frame::setUserStyleSheetLocation Mac-only. * page/Frame.cpp: Made UserStyleSheetLoader and related code Mac-only. (WebCore::Frame::~Frame): Ditto. (WebCore::Frame::reapplyStyles): Made the call to setUserStyleSheet[Location] Mac-only. On non-Mac platforms the Document will pick up the new stylesheet in Document::reapplyStyles. (WebCore::FramePrivate::FramePrivate): Made m_userStyleSheetLoader Mac-only. * page/Frame.h: Made setUserStyleSheet[Location] Mac-only. * page/FramePrivate.h: Made m_userStyleSheetLoader Mac-only. * page/Page.cpp: (WebCore::Page::Page): Initialize new members. (WebCore::Page::userStyleSheetLocationChanged): Added. Does nothing on Mac. On non-Mac, resets all members relating to the user stylesheet so we'll know to load it again the next time it's asked for. (WebCore::Page::userStyleSheet): Added. Loads the user stylesheet if the user stylesheet location has changed since the last time we loaded it, or if the file has been modified since we last loaded it, then returns the contents of the user stylesheet as a String. * page/Page.h: Added new methods/members. * page/Settings.cpp: (WebCore::Settings::setUserStyleSheetLocation): Changed to call Page::userStyleSheetLocationChanged. * page/Settings.h: Changed userStyleSheetLocation to return the KURL by reference instead of making a copy. * platform/FileSystem.h: Added declaration for getFileModificationTime. * platform/KURL.h: Added declaration for fileSystemPath method. * platform/cf/KURLCFNet.cpp: (WebCore::KURL::fileSystemPath): Added. * platform/posix/FileSystemPOSIX.cpp: (WebCore::getFileModificationTime): Added. * platform/qt/KURLQt.cpp: (WebCore::KURL::fileSystemPath): Stubbed out. * platform/win/FileSystemWin.cpp: (WebCore::getFileModificationTime): Added. * platform/qt/FileSystemQt.cpp: Stubbed out getFileModificationTime. * platform/gtk/FileSystemGtk.cpp: Ditto. * platform/wx/FileSystemWx.cpp: Ditto. * platform/qt/TemporaryLinkStubs.cpp: Stubbed out SharedBuffer::createWithContentsOfFile. * platform/gtk/TemporaryLinkStubs.cpp: Ditto, along with KURL::fileSystemPath. * platform/wx/TemporaryLinkStubs.cpp: Ditto. 2008-02-15 Mark Rowe Merge r30077 to Safari-3-1-branch. 2008-02-07 Adam Roben Clean up FileSystemWin.cpp This cleanup also makes us call _wstat64 instead of _wstat32i64. The only difference between these two functions is that _wstat64 gives 64-bit time values, while _wstat32i64 only gives 32-bit time values. Reviewed by Darin. All tests pass. * platform/win/FileSystemWin.cpp: (WebCore::statFile): New static helper that wraps _wstat64. (WebCore::getFileSize): Changed to call statFile. (WebCore::fileExists): Ditto. 2008-02-15 Mark Rowe Merge r30076 to Safari-3-1-branch. 2008-02-07 Adam Roben Rename fileSize to getFileSize Rubberstamped by Darin. * platform/FileSystem.h: * platform/gtk/FileSystemGtk.cpp: * platform/network/cf/FormDataStreamCFNet.cpp: (WebCore::setHTTPBody): * platform/network/curl/ResourceHandleManager.cpp: (WebCore::ResourceHandleManager::setupPOST): * platform/posix/FileSystemPOSIX.cpp: * platform/qt/FileSystemQt.cpp: * platform/win/FileSystemWin.cpp: * platform/wx/FileSystemWx.cpp: * storage/Database.cpp: (WebCore::Database::databaseSize): * storage/DatabaseTracker.cpp: (WebCore::DatabaseTracker::usageForDatabase): * storage/OriginUsageRecord.cpp: (WebCore::OriginUsageRecord::diskUsage): 2008-02-15 Mark Rowe Merge r30075 to Safari-3-1-branch. 2008-02-06 Adam Roben Make KURL::isLocalFile treat the URL's protocol case-insensitively Reviewed by Darin. * platform/KURL.cpp: (WebCore::KURL::isLocalFile): Use equalIgnoringCase instead of ==. 2008-02-14 Dan Bernstein Reviewed by Adele Peterson. - roll out changes to CSS2 system colors from r28775 * css/CSSStyleSelector.cpp: (WebCore::): (WebCore::colorForCSSValue): * rendering/RenderTheme.cpp: * rendering/RenderTheme.h: * rendering/RenderThemeMac.h: * rendering/RenderThemeMac.mm: 2008-02-07 David Hyatt Fix for bug 6248, implement the nth-* CSS3 selectors. Patch based on original KHTML work from Allan Jensen and improved upon by Nick Shanks. Reviewed by Eric * css/CSSGrammar.y: * css/CSSParser.cpp: (WebCore::CSSParser::lex): * css/CSSSelector.cpp: (WebCore::CSSSelector::extractPseudoType): * css/CSSSelector.h: (WebCore::CSSSelector::): * css/CSSStyleSelector.cpp: (WebCore::parseNth): (WebCore::matchNth): (WebCore::CSSStyleSelector::checkOneSelector): * css/tokenizer.flex: * rendering/RenderStyle.cpp: (WebCore::RenderStyle::RenderStyle): * rendering/RenderStyle.h: (WebCore::RenderStyle::childIndex): (WebCore::RenderStyle::setChildIndex): 2008-02-07 Dan Bernstein Reviewed by Dave Hyatt. - fix REGRESSION (r29834): Float contained in relative-positioned block is painted twice Test: fast/block/float/relative-painted-twice.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::addOverhangingFloats): Added another case where the child should not take over painting the float: when they do not have the same enclosing layer. In that case, the float is already being painted by one of its closer ancestors. 2008-02-07 Dan Bernstein Reviewed by Darin Adler. - fix http://bugs.webkit.org/show_bug.cgi?id=17194 Changing text to bold changes font family Test: platform/mac/fast/text/family-for-font-matched-by-name.html * platform/mac/WebFontCache.mm: (+[WebFontCache internalFontWithFamily:traits:size:]): Changed to use the family of the font whose name matches the desired family if there is no exact family match. 2008-02-07 Beth Dakin Reviewed by Geoff. Fix for Traffic or Street View button on Google Maps is sometimes not positioned correctly (17000) On the Mac, timers fire in the order that they are registered. Geoff and I discovered that this is not necessarily true on Windows, and that turned out to be the cause of this intermittent layout problem at Google Maps. This patch adds a new member variable to Timer to remember the timer's insertion point into the heap. Now when comparing timers, if two timers were registered at the same time, their insertion orders are compared to determine which should fire first. This code actually never runs on Debug builds on the Mac; the system clock on the Mac is accurate enough that it knows that the two timers were not registered at *exactly* the same time. This is not the case on Windows. In theory, if we sped up Javascript enough on the Mac, this code would run and would prevent misrenderings such as the one found on Google Maps. * platform/Timer.cpp: (WebCore::operator<): (WebCore::TimerBase::setNextFireTime): * platform/Timer.h: 2008-02-06 Justin Garcia Reviewed by Darin Adler. Huge plain text pastes are slow This was fixed in r27369 and then r29367 and r29667 caused performance to regress. * editing/EditCommand.cpp: (WebCore::EditCommand::apply): Only updateLayout() for high level commands. (WebCore::EditCommand::unapply): Ditto. (WebCore::EditCommand::reapply): Ditto. * editing/Editor.cpp: (WebCore::Editor::appliedEditing): Added a note about shouldChangeSelection calls that shouldn't be made, a bug I filed as . (WebCore::Editor::unappliedEditing): Ditto. (WebCore::Editor::reappliedEditing): Ditto. * editing/SelectionController.cpp: (WebCore::SelectionController::nodeWillBeRemoved): Don't try to test the selection base and extent with the expensive isCandidate operation if the node that will be removed is in a fragment, since such a removal is guaranteed to have no effect on a selection. This is to speed up the paste operation, which does many removes from a fragment. 2008-02-06 Kevin Ollivier Reviewed by Darin Adler. Rather than directly handing scroll wheel events, use PlatformWheelEvent to send them to WebCore first, so that mouse wheel scrolling info can be retrieved via JavaScript. http://bugs.webkit.org/show_bug.cgi?id=17179 * platform/ScrollView.h: * platform/wx/MouseWheelEventWx.cpp: (WebCore::PlatformWheelEvent::PlatformWheelEvent): * platform/wx/ScrollViewWx.cpp: (WebCore::ScrollView::ScrollViewPrivate::bindEvents): (WebCore::ScrollView::wheelEvent): (WebCore::ScrollView::maximumScroll): 2008-02-06 Mark Rowe Fix Windows builds. * WebCore.vcproj/WebCore.vcproj: Unbreak the XML of the project file. 2008-02-06 Mark Rowe Mac build fix. Track rename that happened in r30056. * platform/graphics/mac/GraphicsContextMac.mm: 2008-02-06 Brent Fulgham Reviewed by Adam Roben. http://bugs.webkit.org/show_bug.cgi?id=16979 Conditionalize CoreGraphics vs Cairo support in Windows port. * WebCore.vcproj/WebCore.vcproj: * bridge/win/FrameCGWin.cpp: Copied from WebCore/bridge/win/FrameWin.cpp. (WebCore::imageFromSelection): * bridge/win/FrameCairoWin.cpp: Added. (WebCore::imageFromSelection): * bridge/win/FrameWin.cpp: (WebCore::computePageRectsForFrame): * platform/graphics/SimpleFontData.h: * platform/graphics/cairo/GraphicsContextCairo.cpp: * platform/graphics/cairo/GraphicsContextPlatformPrivateCairo.h: Copied from WebCore/platform/graphics/cairo/GraphicsContextCairo.cpp. (WebCore::GraphicsContextPlatformPrivate::GraphicsContextPlatformPrivate): (WebCore::GraphicsContextPlatformPrivate::~GraphicsContextPlatformPrivate): (WebCore::GraphicsContextPlatformPrivate::beginTransparencyLayer): (WebCore::GraphicsContextPlatformPrivate::endTransparencyLayer): * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::savePlatformState): (WebCore::GraphicsContext::restorePlatformState): * platform/graphics/cg/GraphicsContextPlatformPrivate.h: Removed. * platform/graphics/cg/GraphicsContextPlatformPrivateCG.h: Copied from WebCore/platform/graphics/cg/GraphicsContextPlatformPrivate.h. * platform/graphics/win/FontCGWin.cpp: Copied from WebCore/platform/graphics/win/FontWin.cpp. (WebCore::Font::drawGlyphs): * platform/graphics/win/FontCairoWin.cpp: Added. (WebCore::Font::drawGlyphs): * platform/graphics/win/FontWin.cpp: * platform/graphics/win/GraphicsContextCGWin.cpp: Copied from WebCore/platform/graphics/win/GraphicsContextWin.cpp. (WebCore::CGContextWithHDC): (WebCore::GraphicsContext::inTransparencyLayer): (WebCore::GraphicsContext::getWindowsContext): (WebCore::GraphicsContext::releaseWindowsContext): (WebCore::GraphicsContextPlatformPrivate::scale): (WebCore::GraphicsContextPlatformPrivate::rotate): (WebCore::GraphicsContextPlatformPrivate::translate): (WebCore::GraphicsContextPlatformPrivate::concatCTM): (WebCore::setCGStrokeColor): (WebCore::GraphicsContext::drawLineForMisspellingOrBadGrammar): * platform/graphics/win/GraphicsContextCairoWin.cpp: Added. (WebCore::GraphicsContext::GraphicsContext): (WebCore::GraphicsContext::getWindowsContext): (WebCore::GraphicsContext::inTransparencyLayer): (WebCore::GraphicsContext::releaseWindowsContext): (WebCore::GraphicsContext::concatCTM): * platform/graphics/win/GraphicsContextWin.cpp: * platform/graphics/win/ImageCGWin.cpp: Copied from WebCore/platform/graphics/win/ImageWin.cpp. (WebCore::BitmapImage::getHBITMAPOfSize): (WebCore::BitmapImage::drawFrameMatchingSourceSize): * platform/graphics/win/ImageCairoWin.cpp: Added. (WebCore::BitmapImage::getHBITMAPOfSize): (WebCore::BitmapImage::drawFrameMatchingSourceSize): * platform/graphics/win/ImageWin.cpp: * platform/graphics/win/SimpleFontDataCGWin.cpp: Copied from WebCore/platform/graphics/win/SimpleFontDataWin.cpp. (WebCore::scaleEmToUnits): (WebCore::SimpleFontData::platformInit): (WebCore::SimpleFontData::platformWidthForGlyph): * platform/graphics/win/SimpleFontDataCairoWin.cpp: Added. (WebCore::SimpleFontData::platformInit): (WebCore::SimpleFontData::platformDestroy): (WebCore::SimpleFontData::platformWidthForGlyph): * platform/graphics/win/SimpleFontDataWin.cpp: (WebCore::SimpleFontData::setShouldApplyMacAscentHack): (WebCore::SimpleFontData::shouldApplyMacAscentHack): * platform/win/DragImageCGWin.cpp: Copied from WebCore/platform/win/DragImageWin.cpp. (WebCore::scaleDragImage): (WebCore::createDragImageFromImage): * platform/win/DragImageCairoWin.cpp: Added. (WebCore::scaleDragImage): (WebCore::createDragImageFromImage): * platform/win/DragImageWin.cpp: 2008-02-06 Anders Carlsson Reviewed by Darin. Change httpBodyFromStream to take the request instead of the stream. * platform/network/cf/FormDataStreamCFNet.cpp: (WebCore::httpBodyFromRequest): * platform/network/cf/FormDataStreamCFNet.h: * platform/network/cf/ResourceRequestCFNet.cpp: (WebCore::ResourceRequest::doUpdateResourceRequest): 2008-02-06 Kevin McCullough Reviewed by Darin. - Added manual tests for REGRESSION: cross-domain error when one URL uses an explicit port number and another doesn't * manual-tests/Default-port-frame.html: Added. * manual-tests/resources/Default-port-frame-contents.html: Added. 2008-02-06 Oliver Hunt Reviewed by NOBODY (Build fix). Fix windows build * WebCore.vcproj/build-generated-files.sh: 2008-02-06 Kevin McCullough Rubberstamped by Darin. REGRESSION (r29952): Can't send message from Yahoo Mail beta - Reverted the change that caused the regression. * dom/Document.cpp: (WebCore::Document::createElement): (WebCore::Document::createElementNS): (WebCore::Document::getElementById): (WebCore::Document::parseQualifiedName): (WebCore::Document::createAttributeNS): * dom/Document.idl: 2008-02-06 Geoffrey Garen Reviewed by Oliver Hunt. Fixed REGRESSION: Many leaks on buildbot The problem was refCount underflow in NamedAttrMap. Neither our regression tests nor the stress test have yet discovered another instance of this problem. * dom/NamedAttrMap.cpp: (WebCore::NamedAttrMap::addAttribute): Changed to use PassRefPtr, for fast and correct refCount management. Also, change a rediculously slow malloc to a slightly less rediculously slow realloc. * dom/NamedAttrMap.h: (WebCore::NamedAttrMap::insertAttribute): Changed to use PassRefPtr, for fast and correct refCount management. * html/HTMLTokenizer.cpp: (WebCore::Token::addAttribute): Use a RefPtr, to guarantee that the object starts with a refCount of 1. 2008-02-06 Darin Adler Reviewed by Tim Hatcher. - fix NULL-deref crash in PropertyMap::put opening web inspector with View Source window as target * page/InspectorController.cpp: (WebCore::canPassNodeToJavaScript): Added. Returns false if the node is in a document with JavaScript disabled. (WebCore::InspectorController::inspect): Check canPassNodeToJavaScript and do nothing if it returns false. 2008-02-06 David Hyatt Fix for bug 16799, object elements should return absolute URLs from .data. Reviewed by Mark Rowe * dom/Document.cpp: (WebCore::Document::completeURL): * html/HTMLAnchorElement.cpp: (WebCore::HTMLAnchorElement::href): * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::data): 2008-02-05 Antti Koivisto Reviewed by Darin.