ChangeLog   [plain text]


2011-03-18  Mark Rowe  <mrowe@apple.com>

        Merge r80787.

    2011-03-10  Chris Evans  <cevans@chromium.org>

        Reviewed by Adam Barth.

        Error in StyleElement::process with large nodesets
        https://bugs.webkit.org/show_bug.cgi?id=56150

        Test: none due to excessive runtime and CRASH() vs. real crash.

        * dom/StyleElement.cpp:
        (WebCore::StyleElement::process): Handle large node sets better.

2011-03-18  Mark Rowe  <mrowe@apple.com>

        Merge r79689.

    2011-02-25  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        When trying to find which lines to dirty for a changed child, make sure
        that we do test if the adjacent next linebox contains that changed child
        and if yes, dirty it. This can happen in cases when we have a word break
        between text nodes.
        https://bugs.webkit.org/show_bug.cgi?id=55206

        Test: fast/text/word-break-next-linebox-not-dirty-crash-main.html

        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):

2011-02-03  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * plugins/PluginView.cpp:
        (WebCore::PluginView::start):
        (WebCore::PluginView::getURLNotify):
        (WebCore::PluginView::getURL):
        (WebCore::PluginView::handlePost):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r73444.

    2010-12-06  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        Pass security origin to make local file decision correctly
        https://bugs.webkit.org/show_bug.cgi?id=48603

        * bindings/generic/BindingDOMWindow.h:
        (WebCore::BindingDOMWindow::createWindow): Pass security origin.
        (WebCore::BindingDOMWindow::open): Ditto.
        * bindings/generic/BindingFrame.h:
        (WebCore::BindingFrame::navigateIfAllowed): Ditto.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setLocation): Pass security origin.
        (WebCore::createWindow): Ditto.
        (WebCore::JSDOMWindow::open): Ditto.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::setLocation): Pass security origin.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Pass security origin.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::openInInspectedWindow):
        Pass security origin.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::changeLocation): Added a security origin
        argument, passed through to urlSelected.
        (WebCore::FrameLoader::urlSelected): Replaced the resource request
        and frame name arguments with a frame load request arguments in one
        overload, and changed the other overload to pass in the current
        frame's document for the security origin.
        (WebCore::FrameLoader::loadFrameRequest): Moved the canDisplay
        check before the referrer computation because it no longer needs
        to look at the referrer. Replaced the call to canDisplay that
        used the target frame's security origin and the call to
        deprecatedCanDisplay with a single call to canDisplay that uses
        the requester security origin.

        * loader/FrameLoader.h: Updated for argument changes above.

        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation): Added
        a security origin.
        (WebCore::ScheduledURLNavigation::fire): Pass the security origin
        in to FrameLoader::changeLocation.
        (WebCore::ScheduledURLNavigation::securityOrigin): Added.
        (WebCore::ScheduledRedirect::ScheduledRedirect): Added a security
        origin argument.
        (WebCore::ScheduledLocationChange::ScheduledLocationChange): Ditto.
        (WebCore::ScheduledRefresh::ScheduledRefresh): Ditto.
        (WebCore::ScheduledRefresh::fire): Pass the security origin in to
        FrameLoader::changeLocation.
        (WebCore::ScheduledFormSubmission::fire): Include the security
        origin when constructing form submission.
        (WebCore::NavigationScheduler::scheduleRedirect): Include the security
        origin when creating the scheduled navigation object.
        (WebCore::NavigationScheduler::scheduleLocationChange): Ditto.
        (WebCore::NavigationScheduler::scheduleRefresh): Ditto.

        * loader/NavigationScheduler.h: Added the security origin argument
        to scheduleLocationChange.

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::loadOrRedirectSubframe): Pass in the security
        origin when calling scheduleLocationChange.
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::selectCache): Ditto.

        * page/ContextMenuController.cpp:
        (WebCore::openNewWindow): Pass in the security origin.
        (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.

        * page/FrameLoadRequest.h: Added a security origin called the requester
        to all FrameLoadRequest objects.

        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::findInRequest): Added the security origin.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r59596.

    2010-05-16  Chris Jerdonek  <cjerdonek@webkit.org>

        Reviewed by =Adam Barth.

        Refactored FrameLoader::changeLocation() and urlSelected() to share more code.

        https://bugs.webkit.org/show_bug.cgi?id=38827

        No change in behavior, so no new tests.

        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):
          - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum.
        * bindings/js/ScriptController.h:
          - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum.
        * bindings/v8/ScriptController.h:
          - Changed a parameter from boolean to the ShouldReplaceDocumentIfJavaScriptURL enum.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::changeLocation):
          - Changed to call the new private overload of urlSelected().
        (WebCore::FrameLoader::urlSelected):
          - Added a private overload of urlSelected().
          - Changed the public urlSelected() to call the private overload.
        (WebCore::FrameLoader::submitForm):
        * loader/FrameLoader.h:
          - Added a private overload of urlSelected().
        * loader/FrameLoaderTypes.h:
          - Added a ShouldReplaceDocumentIfJavaScriptURL enum.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r71769.

    2010-11-10  Alexey Proskuryakov  <ap@apple.com>

        Release build fix.

        * css/StyleSheet.cpp: isAcceptableStyleSheetParent() is a debug-only function.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r71767.

    2010-11-08  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=45205
        <rdar://problem/8391455> Detached elements shouldn't have style sheets.

        Tests: fast/dom/StyleSheet/detached-style-2.html
               fast/dom/StyleSheet/detached-style-pi.xhtml
               fast/dom/StyleSheet/detached-style.html
               fast/dom/StyleSheet/detached-style-pi-2.xhtml

        * bindings/js/JSStyleSheetCustom.cpp: (WebCore::JSStyleSheet::markChildren):
        There is no longer a need to mark owner nodes - StyleSheet->ownerNode() is only non-null when
        the node is in document.

        * css/StyleSheet.cpp: (WebCore::StyleSheet::StyleSheet): Added an assertion checking that
        all nodes that can be StyleSheet parents have been verified.

        * css/StyleSheet.h: (WebCore::StyleSheet::clearOwnerNode): Added.

        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::~ProcessingInstruction): Clear stylesheet's owner node. This
        shouldn't have observable effect, since a processing instruction that is in document can only
        be destroyed with document, and a reachable stylsheet keeps document alive.
        (WebCore::ProcessingInstruction::removedFromDocument): Clear the relationship between node and style sheet when removed.
        (WebCore::ProcessingInstruction::setCSSStyleSheet): If the element was removed during load, we still
        don't want to create a style sheet.

        * dom/StyleElement.cpp:
        (WebCore::StyleElement::sheet): There is no reason for lazy creation. It was a wrong fix for
        bug 14462, whose regression test still passes.
        (WebCore::StyleElement::removedFromDocument): Clear the relationship between node and style sheet when removed.
        (WebCore::StyleElement::finishParsingChildren): Don't call sheet(), it doens't have side effects any more.
        (WebCore::StyleElement::createSheet): Assert that the element is in document. We never want
        to create a style sheet for an element that isn't.

        * dom/StyleElement.h: (WebCore::StyleElement::sheet): Made implementation inline, now that
        it's a simple getter.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::~HTMLLinkElement): Clear stylesheet's owner node.
        (WebCore::HTMLLinkElement::process): Assert that there is no style sheet lingering for any reason.
        (WebCore::HTMLLinkElement::removedFromDocument): Clear the relationship between node and style sheet when removed.
        (WebCore::HTMLLinkElement::setCSSStyleSheet): If the element was removed during load, we still
        don't want to create a style sheet.

        * html/HTMLStyleElement.cpp: (WebCore::HTMLStyleElement::~HTMLStyleElement):
        * html/HTMLStyleElement.h:
        * svg/SVGStyleElement.cpp: (WebCore::SVGStyleElement::~SVGStyleElement):
        * svg/SVGStyleElement.h:
        Clear stylesheet's owner node. As above, this shouldn't have observable effect.

        * xml/XSLTProcessor.h:
        * xml/XSLTProcessor.cpp: (WebCore::XSLTProcessor::~XSLTProcessor):
        * dom/Document.cpp: (WebCore::Document::~Document):
        * css/CSSParser.cpp: (WebCore::CSSParser::parseSelector):
        Assert that stylesheet won't outlive its owner node. We don't really use refcounting here.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r73620.

    2010-12-09  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        As part of r73559, I added the referenceNode check to validate whether the root
        node of the iterator matches the node which is getting moved to other document.
        referenceNode is initialized to root, however can get moved using previousNode
        and nextNode methods, so it is required to use root directly.
        https://bugs.webkit.org/show_bug.cgi?id=50764

        Test: fast/dom/node-iterator-reference-node-moved-crash.html

        * dom/Document.cpp:
        (WebCore::Document::moveNodeIteratorsToNewDocument): change referenceNode to root.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r73559.

    2010-12-08  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Detach node iterator and move to new document when node gets moved.
        https://bugs.webkit.org/show_bug.cgi?id=50697

        Test: fast/dom/node-iterator-document-moved-crash.html

        * dom/Document.cpp: Method that takes a node and new document as argument.
        It detaches the node iterators belonging to the current document and attaches
        them to the new document.
        (WebCore::Document::moveNodeIteratorsToNewDocument):
        * dom/Document.h: Function definition.
        * dom/Node.cpp: When node is moved to another document, call the function to move
        the iterators appropriately.
        (WebCore::Node::setDocument):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r71431.

    2010-11-05  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Crash in ApplyStyleCommand::surroundNodeRangeWithElement
        https://bugs.webkit.org/show_bug.cgi?id=48581

        The crash was caused by a false assertion that we can always recover selection in
        ApplyStyleCommand::removeInlineStyle.  Fixed the crash by removing the assertion
        and adding an early exit to the call site.  Also converted raw pointers to RefPtr
        in surroundNodeRangeWithElement and addInlineStyleIfNeeded.

        Test (non-Mac platforms): editing/style/iframe-onload-crash.html

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyInlineStyle):
        (WebCore::ApplyStyleCommand::removeInlineStyle):
        (WebCore::ApplyStyleCommand::surroundNodeRangeWithElement):
        (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded):
        * editing/ApplyStyleCommand.h:

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r70792.

    2010-10-28  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Adele Peterson.

        AX: multi select group option does not handle setting of AXSelectedChildren correctly
        https://bugs.webkit.org/show_bug.cgi?id=48464

        Ensure that when selecting an item from a <select> element, it accounts for <optgroups>.

        Test: platform/mac/accessibility/select-element-selection-with-optgroups.html

        * accessibility/AccessibilityListBoxOption.cpp:
        (WebCore::AccessibilityListBoxOption::setSelected):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r69033.

    2010-10-04  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        AX: doAXRangeForLine does not work
        https://bugs.webkit.org/show_bug.cgi?id=47101

        Asking for NSAccessibilityRangeForLine was returning a null range for any line number > 0.
        The code was using a SelectionController to extend to the next line. Rather than change the implementation
        of that core functionality, it is cleaner to use endOfLine to find the end of the line.

        Test: platform/mac/accessibility/range-for-line-textarea.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::doAXRangeForLine):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r70335.

    2010-10-22  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Add code in getMatchedCSSRules to block cross origin access to stylesheet data. Prevent access
        in Javascript to non author stylesheets.
        https://bugs.webkit.org/show_bug.cgi?id=46853

        Tests: http/tests/security/cross-origin-getMatchedCSSRules.html
               http/tests/security/cross-origin-getMatchedCSSRules2.html

        * css/CSSRule.h:
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::matchRulesForList):
        (WebCore::CSSStyleSelector::SelectorChecker::SelectorChecker):
        (WebCore::CSSStyleSelector::styleRulesForElement):
        (WebCore::CSSStyleSelector::pseudoStyleRulesForElement):
        * css/CSSStyleSelector.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getMatchedCSSRules):
        * page/DOMWindow.idl:

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r68541.

    2010-09-28  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        CrashTracer: 1,382 crashes in Safari at com.apple.WebCore: WebCore::VisiblePosition::canonicalPosition + 78
        https://bugs.webkit.org/show_bug.cgi?id=45927

        AXTextMarkers store pointers to Nodes without any retain or reference. If a Node is deallocated and then
        a client tries to use a text marker that references that node, it leads to this crash.

        The AXObjectCache instance now keeps a HashSet of Node's being used. When a node becomes deallocated, it removes itself
        from the HashSet. When creating a VisiblePosition from an AXTextMarker, the cache can then check if the node is valid
        before proceeding.

        Test: platform/mac/accessibility/crash-invalid-text-marker-node.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
            Modify to check whether a node is valid before proceeeding.
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::setNodeInUse):
        (WebCore::AXObjectCache::removeNodeForUse):
        (WebCore::AXObjectCache::isNodeInUse):
            Methods for managing whether a node is in use by text markers.
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (textMarkerForVisiblePosition):
        (-[AccessibilityObjectWrapper textMarkerForVisiblePosition:]):
        (visiblePositionForTextMarker):
        (-[AccessibilityObjectWrapper visiblePositionForTextMarker:]):
        (visiblePositionForStartOfTextMarkerRange):
        (visiblePositionForEndOfTextMarkerRange):
        (-[AccessibilityObjectWrapper doAXAttributedStringForTextMarkerRange:]):
        (textMarkerRangeFromVisiblePositions):
        (-[AccessibilityObjectWrapper textMarkerRangeFromVisiblePositions:endPosition:]):
        (-[AccessibilityObjectWrapper visiblePositionRangeForTextMarkerRange:]):
        (-[AccessibilityObjectWrapper textMarkerRangeForSelection]):
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:]):
        (-[AccessibilityObjectWrapper doAXAttributedStringForRange:]):
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
             Change these calls so that the axObjectCache() can be passed in to create the visible position.
        * dom/Document.cpp:
        (WebCore::Document::axObjectCacheExists):
        * dom/Document.h:
        * dom/Node.cpp:
        (WebCore::Node::~Node):
             If accessibility is enabled, inform the axObjectCache() that this node is disappearing.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r74524.

    2010-12-22  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Darin Adler.

        Cache snapshots of plug-ins before painting, to avoid script running during painting
        https://bugs.webkit.org/show_bug.cgi?id=51493
        
        When FrameView is asked to do a flattening paint (e.g. when Safari snapshots,
        or when printing), plug-ins which otherwise use the CA rendering model
        are sent a paint event. Some plug-ins may run script while handling this event,
        or out of process plug-ins may process queued requests at this time. Running
        script while inside layout or painting can have bad consequences, because it
        can result in arbitrary changes to the render tree.
        
        This patch avoids sending plug-ins paint events inside of painting. Instead,
        we ask the plug-ins to cache a snapshot before we paint, and then the software
        paint simply draws that snapshot.
        
        Requires manual test, because the bug happens when Safari does
        a page snapshot. It's not possible to tell the Test Netscape Plug-in
        to paint without laying out, making an automated test impossible.

        * manual-tests/plugins/plugin-paint-causes-layout.html: Added.

        * page/FrameView.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::paintContents): Notify all enclosed widgets
        that a flattening paint is going to happen.
        (WebCore::FrameView::notifyWidgetsInAllFrames): Utility method 
        that tells the RenderView in all subframes to notify their widgets.

        * platform/Widget.h:
        (WebCore::Widget::notifyWidget): Generic method that can be used
        to send messages to widgets. Current messages are just 'before flattening paint'
        and 'after flattening paint'. Message has no payload.

        * rendering/RenderView.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::getRetainedWidgets):
        (WebCore::RenderView::releaseWidgets): Factor code out of updateWidgetPositions(),
        since we use it in two places now.
        
        (WebCore::RenderView::updateWidgetPositions): Use getRetainedWidgets() etc.
        (WebCore::RenderView::notifyWidgets): Retain all the widgets, then send
        them all the message.

        * rendering/RenderWidget.h:
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::notifyWidget): Pass the message to the widget.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r66795.

    2010-09-04  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Nikolas Zimmermann.

        Prevent premature deletion of svg use shadow tree
        https://bugs.webkit.org/show_bug.cgi?id=43260

        Test: svg/custom/use-invalid-style.svg

        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::insertedIntoDocument):
        (WebCore::SVGUseElement::removedFromDocument):
        (WebCore::SVGUseElement::detach):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r66115.

    2010-08-25  David Hyatt  <hyatt@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/8302217> recalcStyles called immediately on each change when updating document-level stylesheets
        https://bugs.webkit.org/show_bug.cgi?id=36303

        Parameterize updateStyleSelector to optionally defer the forced style recalc following the rebuilding of the
        sheets used by the CSSStyleSelector.  Rename the method to styleSelectorChanged().  Add the capability to do 
        a forced style recalc to the style recalc timer.

        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::setNeedsStyleRecalc):
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::styleSheetChanged):
        * css/CSSVariablesDeclaration.cpp:
        (WebCore::CSSVariablesDeclaration::setNeedsStyleRecalc):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::scheduleStyleRecalc):
        (WebCore::Document::updateStyleIfNeeded):
        (WebCore::Document::updateLayoutIgnorePendingStylesheets):
        (WebCore::Document::clearPageUserSheet):
        (WebCore::Document::clearPageGroupUserSheets):
        (WebCore::Document::processHttpEquiv):
        (WebCore::Document::setSelectedStylesheetSet):
        (WebCore::Document::removePendingSheet):
        (WebCore::Document::styleSelectorChanged):
        (WebCore::Document::setInPageCache):
        * dom/Document.h:
        (WebCore::):
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::removedFromDocument):
        * dom/StyleElement.cpp:
        (WebCore::StyleElement::removedFromDocument):
        * dom/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::end):
        * dom/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::doEnd):
        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::determineParseMode):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::setDisabledState):
        (WebCore::HTMLLinkElement::process):
        (WebCore::HTMLLinkElement::removedFromDocument):
        * page/Frame.cpp:
        (WebCore::Frame::setPrinting):
        (WebCore::Frame::reapplyStyles):
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        * page/Page.cpp:
        (WebCore::Page::setViewMode):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::setDesiredColumnCountAndWidth):
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::rebuildFontFace):
        (WebCore::SVGFontFaceElement::removeFromMappedElementSheet):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r75882.

    2011-01-15  David Kilzer  <ddkilzer@apple.com>

        <http://webkit.org/b/52512> REGRESSION(r73818): range.cloneContents() ignores end offset

        Reviewed by Adele Peterson.

        The fix for Bug 50710 in r73799 introduced an off-by-one error
        when copying nodes to a local NodeVector for processing.  A fix
        was attempted for Bug 50854 in r73818, but instead of stopping
        at the end offset, it iterates through all the sibling nodes
        because the loop variable (i) is never incremented.  To clean
        this up, revert back to the code in r73799 and fix the
        off-by-one error.

        Test: fast/dom/Range/range-clone-contents.html

        * dom/Range.cpp:
        (WebCore::Range::processContents): Fix the loop that copies
        nodes to a local NodeVector by restoring the code from r73799
        and fixing the off-by-one error.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r73799.

    2010-12-10  Emil Eklund  <eae@chromium.org>

        Reviewed by Adam Barth.

        Fix crash in Range::processContents when modified during mutation event.
        https://bugs.webkit.org/show_bug.cgi?id=50710

        Test: fast/dom/Range/range-extractContents.html

        * dom/Range.cpp:
        (WebCore::Range::processContents):
        Replace raw pointers with RefPtrs and add checks.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r72230.

    2010-11-17  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Modified codepath for object fallback content which has failed to load.
        Refactored CachedResource error handling to use more granular statuses instead of a boolean value.
        https://bugs.webkit.org/show_bug.cgi?id=46921

        Test: fast/html/object-image-nested-fallback.html

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderFallbackContent):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::error):
        * loader/cache/CachedCSSStyleSheet.h:
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::ensureCustomFontData):
        (WebCore::CachedFont::error):
        * loader/cache/CachedFont.h:
        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::data):
        (WebCore::CachedImage::error):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        (WebCore::CachedResource::canUseCacheValidator):
        (WebCore::CachedResource::mustRevalidate):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::error):
        (WebCore::CachedResource::httpStatusCodeError):
        (WebCore::CachedResource::errorOccurred):
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::error):
        * loader/cache/CachedScript.h:
        * loader/cache/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::error):
        * loader/cache/CachedXSLStyleSheet.h:
        * loader/loader.cpp:
        (WebCore::Loader::load):
        (WebCore::Loader::didFinishLoading):
        (WebCore::Loader::didFail):
        (WebCore::Loader::didReceiveData):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r69125.

    2010-10-05  Nate Chapin  <japhet@chromium.org>

        Reviewed by David Levin.

        Remove unused CachedResource::Status values (New and NotCached).
        https://bugs.webkit.org/show_bug.cgi?id=47132

        Refactor only, no new tests.

        * loader/CachedResource.h:
        * loader/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::checkCacheObjectStatus):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r74854.

    2011-01-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        forbid sandboxed frames to call top.close() when allow-same-origin is not setted
        https://bugs.webkit.org/show_bug.cgi?id=38340

        We now pass the ScriptExecutionContext to window.close so it can find
        the Frame and check whether navigation is allowed.  This check will
        almost always pass because you can only close top-level frames, but the
        check will fail when the calling script is sandboxed.

        Tests: fast/frames/sandboxed-iframe-close-top-noclose.html
               fast/frames/sandboxed-iframe-close-top.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::close):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r73801.

    2010-12-10  Emil Eklund  <eae@chromium.org>

        Reviewed by Adam Barth.

        Fix crash in ReplaceSelectionCommand::doApply when selection is modified
        during execution.
        https://bugs.webkit.org/show_bug.cgi?id=50840

        Test: editing/execCommand/insertHTML-mutation-crash.html

        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::ReplaceSelectionCommand::copyStyleToChildren):
        Replaced raw node pointer with RefPtr.
        
        (WebCore::ReplaceSelectionCommand::doApply):
        Replaced raw node pointer with RefPtr and added null check.

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r74788.

    2010-12-30  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dirk Schulze.

        Prevent stringToLengthType() from skipping past end-of-string on invalid length unit. 
        https://bugs.webkit.org/show_bug.cgi?id=51692

        * svg/SVGLength.cpp:
        (WebCore::stringToLengthType):
        (WebCore::SVGLength::setValueAsString):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r68307.

    2010-09-24  Andreas Kling  <andreas.kling@nokia.com>

        Reviewed by Dirk Schulze.

        SVG: Make SVGLength's stringToLengthType() stricter and faster
        https://bugs.webkit.org/show_bug.cgi?id=46066

        Only accept unit names immediately following the numeric value.
        This behavior matches Gecko.

        Also, using String::endsWith("foo") caused a temporary WTF::String to be created.
        Avoid this by comparing characters directly.

        10.5% speedup on <http://data.xeoh.net/svg.benchmark/>

        Test: svg/custom/invalid-length-units.html

        * svg/SVGLength.cpp:
        (WebCore::stringToLengthType):
        (WebCore::SVGLength::setValueAsString):

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r72135.

    2010-11-16  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/8672000> REGRESSION (r72040): Error image with alt text can cause style to be frozen in a subtree
        https://bugs.webkit.org/show_bug.cgi?id=49579

        r72040 introduced a call to setNeedsStyleRecalc() from RenderImage::imageChanged(). When imageChanged()
        got called beneath recalcStyle() on some ancestor element, the result was that the ancestor’s
        childNeedsStyleRecalc flag got cleared, but its descendants all the way down to the image did not.
        Thereafter, setNeedsStyleRecalc() would fail to propagate from that subtree up to the root. The fix
        is to avoid the newly-added setNeedsStyleRecalc() in most cases, including during reclacStyle(), and
        just keep it for when it is needed.

        Tests: fast/block/float/015.html
               fast/images/style-access-during-imageChanged-style-freeze.html

        * dom/Document.cpp:
        (WebCore::Document::isPendingStyleRecalc): Added.
        * dom/Document.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageChanged): Only defer intrinsic size compoutation if a style recalc
        is coming (indicating that current style() is stale).

2011-02-01  Mark Rowe  <mrowe@apple.com>

        Merge r72040.

    2010-11-15  Dan Bernstein  <mitz@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8662770> Error image has incorrect size when a custom font is used

        Test: fast/images/style-access-during-imageChanged-crash.html

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::RenderImage): Added initialization of m_needsToSetSizeForAltText.
        (WebCore::RenderImage::imageSizeForError): Factored the non-alt-text dependent size computation
        out of setImageSizeForAltText() into this function.
        (WebCore::RenderImage::setImageSizeForAltText): Changed to use imageSizeForError().
        (WebCore::RenderImage::styleDidChange): Added. If m_needsToSetSizeForAltText is true, sets the
        intrinsic size and calls imageDimensionsChanged() as needed to cause layout or invalidation.
        (WebCore::RenderImage::imageChanged): Moved som comed from here...
        (WebCore::RenderImage::imageDimensionsChanged): ...to here.
        * rendering/RenderImage.h:

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r71724.

    2010-11-09  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Fieldsets avoid floats. Legend elements are expected to have their parent
        as fieldset. When this not the case, floats get added incorrectly added to the
        legend blocks. This patch tries to prevent those floats addition.
        https://bugs.webkit.org/show_bug.cgi?id=49214

        Test: fast/blockflow/overhanging-float-legend-crash.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::avoidsFloats):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::isLegend):
        * rendering/RenderObject.h:

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r71686.

    2010-11-09  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Antti Koivisto.

        Call to SVGSMILElement::applyResultsToTarget can blow away the SVGSMILElement.
        Refptr the SVGSMILElement in the ResultElementMap to protect it.
        https://bugs.webkit.org/show_bug.cgi?id=49274

        Test: svg/animations/animate-update-crash.xhtml

        * svg/animation/SMILTimeContainer.cpp:
        (WebCore::SMILTimeContainer::updateAnimations):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r71641.

    2010-11-09  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dave Hyatt.

        https://bugs.webkit.org/show_bug.cgi?id=49204
        <rdar://problem/8643412>
        
        Add checks to the CSSStyleSelector code to ensure that the
        casts to the various CSSValue types are safe, and do more
        rigorous checking of the lengths of CSSValueLists, and
        non-null members of Pair in some cases.

        * css/CSSBorderImageValue.h:
        (WebCore::CSSBorderImageValue::isBorderImageValue):
        * css/CSSCursorImageValue.h:
        (WebCore::CSSCursorImageValue::isCursorImageValue):
        * css/CSSImageValue.h:
        (WebCore::CSSImageValue::isImageValue):
        * css/CSSReflectValue.h:
        (WebCore::CSSReflectValue::isReflectValue):
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::resolveVariablesForDeclaration):
        (WebCore::CSSRuleSet::addRulesFromSheet):
        (WebCore::CSSRuleSet::addStyleRule):
        (WebCore::applyCounterList):
        (WebCore::CSSStyleSelector::applyProperty):
        (WebCore::CSSStyleSelector::mapFillSize):
        (WebCore::CSSStyleSelector::mapAnimationDelay):
        (WebCore::CSSStyleSelector::mapAnimationDirection):
        (WebCore::CSSStyleSelector::mapAnimationFillMode):
        (WebCore::CSSStyleSelector::mapAnimationName):
        (WebCore::CSSStyleSelector::mapAnimationPlayState):
        (WebCore::CSSStyleSelector::mapNinePieceImage):
        (WebCore::CSSStyleSelector::createTransformOperations):
        * css/CSSValue.h:
        (WebCore::CSSValue::isBorderImageValue):
        (WebCore::CSSValue::isCursorImageValue):
        (WebCore::CSSValue::isFontFamilyValue):
        (WebCore::CSSValue::isReflectValue):
        (WebCore::CSSValue::isShadowValue):
        * css/FontFamilyValue.h:
        (WebCore::FontFamilyValue::isFontFamilyValue):
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applySVGProperty):
        * css/ShadowValue.h:
        (WebCore::ShadowValue::isShadowValue):
        * platform/graphics/transforms/TransformOperations.h:
        (WebCore::TransformOperations::clear):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r73937.

    2010-12-13  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dimitri Glazkov.

        Build fix for r73927
        https://bugs.webkit.org/show_bug.cgi?id=50946

        Reverting CSSCanvasValue::canvasDestroyed to its code before r73927
        because it's breaking the build and I changed it only because it
        appeared redunudant after r73927.

        No behavior changed so no new tests needed.

        * css/CSSCanvasValue.cpp:
        (WebCore::CSSCanvasValue::canvasDestroyed):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r73927.

    2010-12-13  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dimitri Glazkov.

        HTMLCanvasElement should handle multiple observers.
        https://bugs.webkit.org/show_bug.cgi?id=50899

        Test: fast/canvas/canvas-bg-multiple-removal.html

        * css/CSSCanvasValue.cpp:
        (WebCore::CSSCanvasValue::~CSSCanvasValue):
        (WebCore::CSSCanvasValue::canvasDestroyed):
        (WebCore::CSSCanvasValue::element):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::~HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::addObserver):
        (WebCore::HTMLCanvasElement::removeObserver):
        (WebCore::HTMLCanvasElement::didDraw):
        (WebCore::HTMLCanvasElement::reset):
        * html/HTMLCanvasElement.h:

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r59357.

    2010-05-13  Yoshiki Hayashi  <yhayashi@google.com>

        Reviewed by Darin Adler.

        Fix a bug in handleRunInChild where only the first child run-in block
        is inserted because removeChildNode clears next sibling.
        https://bugs.webkit.org/show_bug.cgi?id=25047

        Test: fast/css/run-in-children.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::handleRunInChild):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72833.

    2010-11-29  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=50181
        CSS style declarations don't GC protect parents

        Test: fast/dom/StyleSheet/gc-declaration-parent-rule.html

        * bindings/js/JSCSSStyleDeclarationCustom.cpp: (WebCore::JSCSSStyleDeclaration::markChildren):
        Protect the parent rule.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72590.

    2010-11-22  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=49860
        CSS style rules don't GC protect objects reachable as their properties

        Test: fast/dom/StyleSheet/gc-rule-children-wrappers.html

        * Android.jscbindings.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        Added new files, sorted appropriate sections for easier adding.

        * bindings/js/JSCSSFontFaceRuleCustom.cpp: Added.
        (WebCore::JSCSSFontFaceRule::markChildren):
        * bindings/js/JSCSSImportRuleCustom.cpp: Added.
        (WebCore::JSCSSImportRule::markChildren):
        * bindings/js/JSCSSMediaRuleCustom.cpp: Added.
        (WebCore::JSCSSMediaRule::markChildren):
        * bindings/js/JSCSSPageRuleCustom.cpp: Added.
        (WebCore::JSCSSPageRule::markChildren):
        * bindings/js/JSCSSStyleRuleCustom.cpp: Added.
        (WebCore::JSCSSStyleRule::markChildren):
        * bindings/js/JSWebKitCSSKeyframeRuleCustom.cpp: Added.
        (WebCore::JSWebKitCSSKeyframeRule::markChildren):
        * bindings/js/JSWebKitCSSKeyframesRuleCustom.cpp: Added.
        (WebCore::JSWebKitCSSKeyframesRule::markChildren):
        Mark objects reachable through these ones.

        * css/CSSFontFaceRule.idl:
        * css/CSSImportRule.idl:
        * css/CSSMediaRule.idl:
        * css/CSSPageRule.idl:
        * css/CSSStyleRule.idl:
        * css/WebKitCSSKeyframeRule.idl:
        * css/WebKitCSSKeyframesRule.idl:
        Added CustomMarkFunction IDL attribute.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72348.

    2010-11-18  Alexey Proskuryakov  <ap@apple.com>

        Windows build fix.

        https://bugs.webkit.org/show_bug.cgi?id=49762
        Stylesheet wrappers are not GC protected

        * bindings/js/JSBindingsAllInOne.cpp: Added new custom binding files.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72344.

    2010-11-18  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Geoffrey Garen.

        https://bugs.webkit.org/show_bug.cgi?id=49762
        Stylesheet wrappers are not GC protected

        Tests: fast/dom/StyleSheet/gc-inline-style-cssvalues.html
               fast/dom/StyleSheet/gc-styleheet-wrapper.xhtml

        * Android.jscbindings.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        Added the new custom bindings files.

        * WebCore.xcodeproj/project.pbxproj: Added the new custom bindings files. Also, added some
        existing headers.

        * bindings/js/JSDOMBinding.cpp: (WebCore::isObservableThroughDOM): If a node has a stylesheet
        with a wrapper, it may be the only thing having the stylesheet's wrapper alive, so its own
        wrapper has to stay alive, too.
        While at it, also fixed the same issue with inline style declarations.
        Also, added a FIXME comment about one with attribute nodes. We implement a less conservative
        approach for nodes, so perhaps fixing this is not as easy as removing a hasCustomProperties()
        check.

        * bindings/js/JSHTMLLinkElementCustom.cpp: Added.
        (WebCore::JSHTMLLinkElement::markChildren):
        * bindings/js/JSHTMLStyleElementCustom.cpp: Added.
        (WebCore::JSHTMLStyleElement::markChildren):
        * bindings/js/JSProcessingInstructionCustom.cpp: Added.
        (WebCore::JSProcessingInstruction::markChildren):
        Mark stylesheets owned by these nodes. As always in markChildren() functions, we do it
        conservatively, without checking whether the stylesheet or any of its children have custom
        properties.

        * dom/ProcessingInstruction.idl:
        * html/HTMLLinkElement.idl:
        * html/HTMLStyleElement.idl:
        These have custom mark functions now.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72301.

    2010-11-18  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=49700
        XSLTProcessor.importNode is only tested with document nodes, and hits an assertion

        Test: fast/xsl/import-non-document-node.xhtml

        * css/CSSStyleSheet.cpp:
        (WebCore::isAcceptableCSSStyleSheetParent):
        (WebCore::CSSStyleSheet::CSSStyleSheet):
        * css/StyleSheet.cpp:
        (WebCore::StyleSheet::StyleSheet):
        Moved the assertion - hopefully, it's valid for CSS stylesheets.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r71947.

    2010-11-12  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Simon Fraser.

        https://bugs.webkit.org/show_bug.cgi?id=49473

        No change in behavior, so no tests.

        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::WebKitCSSMatrix): We don't inherit from StyleBase any more, so
        no need to initialize always-null parent.
        (WebCore::WebKitCSSMatrix::setMatrixValue): Since there was never a parent, useStrictParsing()
        just returned true.

        * css/WebKitCSSMatrix.h: Just inherit from RefCounted<WebKitCSSMatrix>. Removed unused default
        constructor and copy constructor.

        * html/canvas/WebGLRenderingContext.h: Removed an unnneded forward declaration.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r71684.

    2010-11-09  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=49281
        Remove broken code for embedded CSS xml-stylesheet

        * dom/Document.cpp: (WebCore::Document::recalcStyleSelector): This made no sense, was untested,
        and didn't match Firefox.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72924.

    2010-11-30  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler and Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=44152
        <rdar://problem/8324423> CSSOM should match DOM in discarding wrapper-less parents.

        We have existing behaviors where parent objects in detached subtrees are not preserved:
        - if a root of a node tree doesn't have a wrapper, it's immediately destroyed, making
        its children parentNode attribute null;
        - relationship between a <style> or <link> node and its stylesheet is immediately broken
        when the node is removed from document (in this case, regardless of wrapper existence).

        Both match Firefox. For consistency, CSSOM should do the same. In fact, it already partially
        does - CSSRule.parentRule gets zeroed out when the parent rule is destroyed.

        Tests: fast/dom/StyleSheet/detached-parent-rule-without-wrapper.html
               fast/dom/StyleSheet/detached-stylesheet-without-wrapper.html

        * css/StyleSheet.cpp: (WebCore::StyleSheet::~StyleSheet): Clear out child rule parent.

        * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::insertedIntoDocument): Keep
        the new assertion from firing. This function was adding a rule to style sheet, without
        telling the rule about it.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72819.

    2010-11-29  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=50165
        CSS style rules don't GC protect parents

        Tests: fast/dom/StyleSheet/gc-parent-rule.html
               fast/dom/StyleSheet/gc-parent-stylesheet.html

        * bindings/js/JSCSSRuleCustom.cpp: (WebCore::JSCSSRule::markChildren): Mark parents. The code
        is super naive compared to what we have for nodes - but CSSOM has shallow hierarchies, so
        it should be OK.

        * css/CSSRule.idl: Added CustomMarkFunction.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r75548.

    2011-01-11  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        RefPtr the FrameView to prevent scrollbar from getting deleted inside
        its scroll event.
        https://bugs.webkit.org/show_bug.cgi?id=52238

        Test: scrollbars/scrollable-iframe-remove-crash.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::scrollTo):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r67634.

    2010-09-16  Andreas Kling  <andreas.kling@nokia.com>

        Reviewed by Simon Fraser.

        CSS: Fix crash in getTimingFunctionValue()
        https://bugs.webkit.org/show_bug.cgi?id=45896

        Use a RefPtr to avoid deleting the TimingFunction prematurely.

        This is covered by existing tests, e.g transitions/inherit-other-props.html
        but will only actually crash on picky platforms (or in valgrind.)

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::getTimingFunctionValue):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r70594.

    2010-10-26  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Kent Tamura.

        Crash in CompositeEditCommand::splitTreeToNode
        https://bugs.webkit.org/show_bug.cgi?id=48349

        The bug was caused by indentIntoBlockquote's passing null pointer to splitTreeToNode.
        Fixed the crash by adding early exits.

        Test: editing/execCommand/indent-node-to-split-to-crash.html

        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::splitTreeToNode):
        * editing/IndentOutdentCommand.cpp:
        (WebCore::IndentOutdentCommand::indentIntoBlockquote):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r74045.

    2010-12-14  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=50974 
        getComputedStyle() returns wrong values for zoomed elements when 
        display is none
        -and corresponding-
        <rdar://problem/8522731>

        If there is no renderer but the RenderStyle's value is a fixed 
        length, send it through zoomAdjustedPixelValue(). There's not much 
        we can do for other length types without a renderer.
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::zoomAdjustedPixelValueForLength):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r67568.

    2010-09-14  Erik Arvidsson  <arv@chromium.org>

        Reviewed by Darin Adler.

        getComputedStyle() returns different values for different zoom levels
        https://bugs.webkit.org/show_bug.cgi?id=32230

        Test: fast/css/getComputedStyle/computed-style-with-zoom.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::zoomAdjustedPixelValue):
        (WebCore::zoomAdjustedNumberValue):
        (WebCore::valueForReflection):
        (WebCore::getPositionOffsetValue):
        (WebCore::getBorderRadiusCornerValue):
        (WebCore::computedTransform):
        (WebCore::CSSComputedStyleDeclaration::getFontSizeCSSValuePreferringKeyword):
        (WebCore::CSSComputedStyleDeclaration::valueForShadow):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSComputedStyleDeclaration.h:
        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getSVGPropertyCSSValue):
        * rendering/RenderObject.h:
        (WebCore::adjustForAbsoluteZoom):
        * rendering/style/RenderStyle.h:
        (WebCore::adjustForAbsoluteZoom):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r59477.

    2010-05-14  Shinichiro Hamaji  <hamaji@chromium.org>

        Unreviewed.  Attempt to fix chromium's memory bot error.

        More :visited link optimizations to reduce memory usage
        https://bugs.webkit.org/show_bug.cgi?id=39084

        The original change (r59386) adds check for m_element in initElement.
        As don't initialize m_element in the constructor of CSSStyleSelector,
        valgrind complains.

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::CSSStyleSelector):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72639.

    2010-11-23  Cris Neckar  <cdn@chromium.org>

        Reviewed by Dimitri Glazkov.

        Removed unneeded conversions to RenderBlock.
        https://bugs.webkit.org/show_bug.cgi?id=49896

        Test: fast/css/input-search-table-column-crash.html

        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::adjustControlHeightBasedOnLineHeight):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72685.

    2010-11-24  Cris Neckar  <cdn@chromium.org>

        Reviewed by Adam Barth.

        Added check when parsing local fonts to ensure that a value's unit type is either string or ident.
        https://bugs.webkit.org/show_bug.cgi?id=49883

        Test: fast/css/local_font_invalid.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceSrc):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r69051.

    2010-10-04  Enrica Casucci  <enrica@apple.com>

        Reviewed by Darin Adler.

        Crash at WebCore::nextCandidate + 27
        https://bugs.webkit.org/show_bug.cgi?id=47118
        <rdar://problem/7282934>

        When we canonicalize a Position to create a VisiblePosition, the position
        is passed by reference. In canonicalPosition we call updateLayoutIgnorePendingStylesheets
        that can produce a lot of side effects, including changing the selection.
        This becomes a serious problem whne the position passed as reference is one of
        the selection endpoints.
        
        Test: editing/selection/focus-crash.html

        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::canonicalPosition):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r74155.

    2010-12-15  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Chris Marrin.

        Reflection does not render properly when -webkit-transform is toggled, untoggled, and retoggled
        https://bugs.webkit.org/show_bug.cgi?id=50967
        
        If a reflection on a compositied, transformed element is toggled on, off and on,
        then we pick up a cached layer clone that has the wrong transform set on it.
        
        The fix is to reset those properties on the layer clones that get changed
        when the GraphicsLayer gains a structural layer (for reflection flattening).

        Test: compositing/reflections/remove-add-reflection.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::ensureStructuralLayer):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r72163.

    2010-11-16  Antti Koivisto  <koivisto@iki.fi>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=31223
        Make primitive values immutable.
        
        Make CSSPrimitiveValue setFloatValue and setStringValue always throw NO_MODIFICATION_ALLOWED exception.
    
        Reasoning:
        - these setters never worked correctly, style was not invalidated so changing values would have no effect on rendering
        - computed style is immutable in all cases, and it wasn't
        - no other engine seems to support mutable primitives, as a result there is no content using these APIs
        - mutable primitive values are pointless, the usual way to change the value of a propertly is to replace it with a new value
        - allowing mutation of primitive values makes optimizations harder

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::setFloatValue):
        (WebCore::CSSPrimitiveValue::setStringValue):

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r74759.

    2010-12-29  Dan Bernstein  <mitz@apple.com>

        Reviewed by Kenneth Russel.

        A more robust fix for https://bugs.webkit.org/show_bug.cgi?id=51681

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::attach): Added. Like recalcStyle(), calls
        CanvasRenderingContext2D::updateFont() if necessary. This covers the case of a detach/
        attach-type style recalc.
        * html/HTMLCanvasElement.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal): Removed the early return added in
        r74716. A font that is loading custom fonts is okay to use, as long as it is valid.
        (WebCore::CanvasRenderingContext2D::accessFont): Added a call to
        Document::updateStyleIfNeeded(). This ensures that any pending style recalc will take place
        and update the font if it is invalid.
        * platform/graphics/Font.h:
        (WebCore::Font::loadingCustomFonts): Made this private.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r74716.

    2010-12-28  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Kenneth Russell.

        Fix crash with invalid font in m_fontList by not drawing text when a custom font is in the
        process of loading.
        https://bugs.webkit.org/show_bug.cgi?id=51681

        Test: canvas/philip/tests/2d.text-custom-font-load-crash.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal): bail out if a custom font is loading.
        * platform/graphics/Font.cpp:
        (WebCore::Font::operator==): Replace condition with new function loadingCustomFonts()
        (WebCore::Font::drawText): Replace condition with new function loadingCustomFonts()
        (WebCore::Font::drawEmphasisMarks): Replace condition with new function loadingCustomFonts()
        * platform/graphics/Font.h:
        (WebCore::Font::loadingCustomFonts): new function that returns if a custom font is loading.

2011-01-31  Mark Rowe  <mrowe@apple.com>

        Merge r62016.

    2010-06-28  Robin Cao  <robin.cao@torchmobile.com.cn>

        Reviewed by Dan Bernstein.

        canvas fillText with @font-face crashes
        https://bugs.webkit.org/show_bug.cgi?id=35486

        The font object in CanvasRenderingContext2D may become invalid at some point.
        Override recalcStyle() in HTMLCanvasElement, and update the font object from there if needed.

        A test already exists: canvas/philip/tests/2d.text.draw.fontface.repeat.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::recalcStyle):
        * html/HTMLCanvasElement.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::updateFont):
        * html/canvas/CanvasRenderingContext2D.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r72046.

    2010-11-15  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=49565
        Remove Attr.style accessor

        * dom/Attr.idl: Only keep the accessor for Objective C API. Inspector doesn't seem to need
        it any more.

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r76828.

    2011-01-27  Cris Neckar  <cdn@chromium.org>

        Reviewed by Dimitri Glazkov.

        Clear the parent on a css keyframe's m_style when removing it from the stylesheet.
        https://bugs.webkit.org/show_bug.cgi?id=52320

        Test: fast/css/css-keyframe-style-crash.html

        * css/CSSRuleList.cpp:
        (WebCore::CSSRuleList::deleteRule):
        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::WebKitCSSKeyframesRule::~WebKitCSSKeyframesRule):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r71182.

    2010-11-02  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Iframes nested inside a compositing layer don't repaint correctly
        https://bugs.webkit.org/show_bug.cgi?id=48880
        <rdar://problem/8194698>
        
        The isEnclosedInCompositingLayer() is used to modify the behavior of
        -[WebClipView visibleRect:] in WebKit, so that scrolling-related repaints
        are correct in composited iframes. Previously it only asked whether the
        frame's renderer was in a compositing layer, but we actually need to
        consult all ancestors.
        
        Test: compositing/iframes/nested-iframe-scrolling.html

        * page/FrameView.cpp:
        (WebCore::FrameView::isEnclosedInCompositingLayer):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r74574.

    2010-12-23  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Eric Seidel.

        CSSCursorImageValue destructor should clear referenced element.
        https://bugs.webkit.org/show_bug.cgi?id=51417

        Calls correct method to clear image and renames method to avoid future confusion.

        Test: svg/css/cursor-image-replace.svg

        * css/CSSCursorImageValue.cpp:
        (WebCore::CSSCursorImageValue::~CSSCursorImageValue):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::cursorImageValueRemoved):
        * svg/SVGElement.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r71642.

    2010-11-09  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dave Hyatt.

        https://bugs.webkit.org/show_bug.cgi?id=49197
        <rdar://problem/8642746>
        
        When starting an accelerated transform animation on a renderer, check
        that it's a RenderBox before allow transform animations (and before
        calling borderBoxRect()), because transforms are currently disallowed
        on inline elements.

        Test: animations/animation-on-inline-crash.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::startAnimation):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r68860.

    2010-09-30  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        While updating :before and :after content, make sure that the generated
        container is allowed to add the child type.
        https://bugs.webkit.org/show_bug.cgi?id=46106

        Test: fast/css-generated-content/text-before-table-col-crash.html

        * rendering/RenderObjectChildList.cpp:
        (WebCore::RenderObjectChildList::updateBeforeAfterContent):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r70681.

    2010-10-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Add a function to make sure child is allowed before adding to a
        render view. 
        https://bugs.webkit.org/show_bug.cgi?id=48328 

        Test: fast/inline/inline-child-height-width-calc-crash.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::isChildAllowed):
        * rendering/RenderView.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r69345.

    2010-10-07  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Set the m_selectedChildren flag on the root inline box if one of the leaf 
        inline box from the bidi runs walk has a selection state. Remove the flag
        setting logic from addToLine, since line boxes created in createLinesBoxes
        should not be propagating selection state to root inline box.
        https://bugs.webkit.org/show_bug.cgi?id=47201

        Test: editing/selection/root-inlinebox-selected-children-crash.html

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addToLine):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlock::constructLine):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r69735.

    2010-10-12  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Darin Adler.

        Prevent block logical height of a root inline box from overflowing by clamping it
        at INT_MAX. Otherwise, we will not be able to properly dirty the set of lines during
        removal a floating object.
        https://bugs.webkit.org/show_bug.cgi?id=45611        

        Test: fast/overflow/overflow-block-logical-height-crash.html

        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::alignBoxesInBlockDirection):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r69476.

    2010-10-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        Overhanging floats are not added to flexible boxes since they behave like
        block formatting contexts. This causes the intruding floats added in siblings
        to not get cleared. Enforce the float release by checking if the parent is a
        flexible box and if yes, use that as the outermost block.
        
        https://bugs.webkit.org/show_bug.cgi?id=47104

        Test: fast/flexbox/overhanging-floats-removed.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r68819.

    2010-09-30  Cris Neckar  <cdn@chromium.org>

        Reviewed by Darin Adler.

        Added check to test for removed counter node when calling findPlaceForCounter() in updateCounters().
        Added refcounting to counternodes in countermaps.
        https://bugs.webkit.org/show_bug.cgi?id=46387

        Test: fast/css/counters/counter-traverse-table-cell.html

        * rendering/CounterNode.cpp:
        (WebCore::CounterNode::create):
        * rendering/CounterNode.h:
        * rendering/RenderCounter.cpp:
        (WebCore::makeCounterNode):
        (WebCore::destroyCounterNodeWithoutMapRemoval):
        (WebCore::RenderCounter::destroyCounterNodes):
        (WebCore::RenderCounter::destroyCounterNode):
        (WebCore::updateCounters):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r70797.

    2010-10-28  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by David Hyatt.

        Fix for Bug 14550 - Non-layout style change does not update nested first-letter
        https://bugs.webkit.org/show_bug.cgi?id=14550

        If a render text fragment is accompanied by a first letter, update the
        first letter's style when the fragment's style is changed.

        Test: fast/css/first-letter-nested.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::styleDidChange): Stop calling updateFirstLetter
        from here.
        * rendering/RenderBlock.h: Make updateFirstLetter accessbile from
        RenderTextFragment.
        * rendering/RenderTextFragment.cpp:
        (WebCore::RenderTextFragment::styleDidChange): If appropriate, update
        first letter after removing stale cached pseudo style.
        (WebCore::RenderTextFragment::blockForAccompanyingFirstLetter): Helper
        to get the block for the first letter.
        * rendering/RenderTextFragment.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::removeCachedPseudoStyle): Remove the specified
        pseudo style from cache.
        * rendering/style/RenderStyle.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r73432.

    2010-12-07  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Nikolas Zimmermann.

        Clear old SVG cursor entry before adding a new one
        https://bugs.webkit.org/show_bug.cgi?id=50549

        Test: svg/css/cursor-replace.svg

        * css/CSSCursorImageValue.cpp:
        (WebCore::CSSCursorImageValue::~CSSCursorImageValue):
        * svg/SVGCursorElement.cpp:
        (WebCore::SVGCursorElement::~SVGCursorElement):
        (WebCore::SVGCursorElement::removeClient):
        (WebCore::SVGCursorElement::removeReferencedElement):
        * svg/SVGCursorElement.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::setCursorElement):
        (WebCore::SVGElement::cursorElementRemoved):
        (WebCore::SVGElement::setCursorImageValue):
        (WebCore::SVGElement::cursorImageElementRemoved):
        * svg/SVGElement.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r74636.

    2010-12-24  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Nikolas Zimmermann.

        SVGElementInstance::m_useElement should be cleared when use element is removed from document
        https://bugs.webkit.org/show_bug.cgi?id=51486

        Test: svg/custom/use-instanceRoot-with-use-removed.svg

        * svg/SVGElementInstance.cpp:
        (WebCore::SVGElementInstance::invalidateAllInstancesOfElement):
        * svg/SVGElementInstance.h:
        (WebCore::SVGElementInstance::clearUseElement):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::removedFromDocument):
        (WebCore::ShadowTreeUpdateBlocker::if):
        (WebCore::SVGUseElement::detachInstance):
        (WebCore::SVGUseElement::detach):
        * svg/SVGUseElement.h:

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r72802.

    2010-11-29  W. James MacLean  <wjmaclean@chromium.org>

       Reviewed by Dirk Schulze.

       Large input numbers cause overflow during SVG parsing, leading to crash
       https://bugs.webkit.org/show_bug.cgi?id=49546

       Values outside the range supported by float lead to Infinity() or NaN()
       during parsing, leading to subsequent crashes. Modified
       parser to verify number is in the supported range, and return false if not.

       Tests: svg/custom/svg-parse-overflow-1.html
              svg/custom/svg-parse-overflow-2.html
              svg/custom/svg-parse-overflow-3.html
              svg/custom/svg-parse-overflow-4.html
              svg/custom/svg-parse-overflow-5.html

       * svg/SVGParserUtilities.cpp:
       (WebCore::isValidRange):
       (WebCore::genericParseNumber):

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r68321.

    2010-09-24  Andreas Kling  <andreas.kling@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        SVG: Avoid calling pow() in genericParseNumber() unless necessary
        https://bugs.webkit.org/show_bug.cgi?id=46537

        0.4% speedup on <http://themaninblue.com/experiment/AnimationBenchmark/svg/>

        * svg/SVGParserUtilities.cpp:
        (WebCore::genericParseNumber): Only call pow() when we have an exponent.

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r70740.

    2010-10-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Eric Seidel.

        Fix for Bug 48310 - SVG font-face-name without name attribute causes a crash
        https://bugs.webkit.org/show_bug.cgi?id=48310

        Test: svg/custom/font-face-name-without-name-attr.svg

        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::rebuildFontFace): Don't create src
        property if the src value list is empty.
        * svg/SVGFontFaceSrcElement.cpp:
        (WebCore::SVGFontFaceSrcElement::srcValue): Don't add empty src
        values to the src value list.

2011-01-28  Mark Rowe  <mrowe@apple.com>

        Merge r74779.

    2010-12-29  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Darin Adler.

        Check SVG element type in FrameView::scrollToAnchor
        https://bugs.webkit.org/show_bug.cgi?id=51718

        Test: svg/custom/scroll-to-anchor-in-symbol.svg

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r64379.

    2010-07-30  W. James MacLean  <wjmaclean@google.com>

        Reviewed by Nikolas Zimmermann.

        SVG - numeric overflow for very large elements
        https://bugs.webkit.org/show_bug.cgi?id=25645

        Two of the expected test outputs were incorrect now that parsing of large values
        is handled correctly.
        - Revised FloatRect to remove bad float-to-int conversions in enclosingIntRect()
        - Revised _parseNumber to do right-to-left float-based parsing of input value

        Test: svg/custom/massive-coordinates.svg

        * platform/graphics/FloatRect.cpp:
        (WebCore::safeFloatToInt):
        (WebCore::enclosingIntRect):
        * svg/SVGParserUtilities.cpp:
        (WebCore::_parseNumber):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r75168.

    2011-01-06  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Simon Fraser.

        Null out the parent stylesheet pointer when a css rule is removed.
        https://bugs.webkit.org/show_bug.cgi?id=51993

        Tests: fast/dom/StyleSheet/removed-media-rule-deleted-parent-crash.html
               fast/dom/StyleSheet/removed-stylesheet-rule-deleted-parent-crash.html

        * css/CSSRuleList.cpp:
        (WebCore::CSSRuleList::deleteRule):
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::deleteRule):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r74954.

    2011-01-01  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Darin Adler.

        Fixes before child calculation when adding anonymous childs to table parts.
        https://bugs.webkit.org/show_bug.cgi?id=50932

        Fix in r74364 was incomplete. When before child is equal to the table part(to
        which the new child is getting added), it confuses the table part to add it
        incorrectly as an after child. The patch fixes by passing the before child as
        the table part's first child.

        Tests: fast/css-generated-content/table-before-after-child-add.html
               fast/css-generated-content/table-cell-before-after-child-add.html
               fast/css-generated-content/table-row-before-after-child-add.html
               fast/css-generated-content/table-row-before-after-child-add.html

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::addChild):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::addChild):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r74787.

    2010-12-30  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Eric Seidel.

        Create a helper function for finding descendent video elements for a node.
        https://bugs.webkit.org/show_bug.cgi?id=51696

        Test: media/video-element-other-namespace-crash.html

        * html/MediaDocument.cpp:
        (WebCore::descendentVideoElement): helper function.
        (WebCore::MediaDocument::defaultEventHandler): use the new helper function. fix code repetitions.
        (WebCore::MediaDocument::replaceMediaElementTimerFired): use the new helper function.

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r75519.

    2011-01-11  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        RefPtr text node in setOuterText since calling appendData
        on a text node can fire away dom event listener which might
        remove the text node from underneath.
        https://bugs.webkit.org/show_bug.cgi?id=52163

        Test: fast/dom/text-node-append-data-remove-crash.html

        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::setOuterText):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r69936.

    2010-10-17  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Nikolas Zimmermann.

        Duplicate use element children in shadow tree.
        https://bugs.webkit.org/show_bug.cgi?id=47561

        Test: svg/custom/use-nested-children.svg

        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::expandUseElementsInShadowTree):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72625.

    2010-11-23  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        dispatchEvent call in EventSource endRequest can lead to calling endRequest
        again which frees up the pending activity. Make sure we have request in flight
        to prevent that from happening.
        https://bugs.webkit.org/show_bug.cgi?id=49448

        Test: http/tests/eventsource/eventsource-status-error-iframe-crash.html

        * page/EventSource.cpp:
        (WebCore::EventSource::endRequest):
        (WebCore::EventSource::close):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r71256.

    2010-11-03  Nate Chapin  <japhet@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Wait to stop all loads for a frame being detached until after its
        chidlren have been detached. This ensures that any loads started
        by a child's unload event handler will be properly cancelled.
        https://bugs.webkit.org/show_bug.cgi?id=46579

        Tests: fast/loader/ping-error.html
               http/tests/navigation/image-load-in-subframe-unload-handler.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::detachFromParent):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r74084.

    2010-12-14  Brady Eidson  <beidson@apple.com>

        Reviewed by Alexey Proskuryakov.

        <rdar://problem/8225016> and https://bugs.webkit.org/show_bug.cgi?id=40138
        Authorization header is sent from an HTTP Auth protected site on redirect
        Test: http/tests/misc/authentication-sent-to-redirect.html

        Add helper to clear the Auth headers from a resource request:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::clearHTTPAuthorization):
        * platform/network/ResourceRequestBase.h:

        Only Mac and Windows CFNetwork ports seem to have this problem, so plug it for them:
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::willSendRequest):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::willSendRequest):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r70517.

    2010-10-26  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        Protect the frame from being blown away in loadWithDocumentLoader function call.
        dispatchBeforeLoadEvent can cause the frame to be freed, which gets later used in
        continueLoadAfterNavigationPolicy call.
        https://bugs.webkit.org/show_bug.cgi?id=48281

        Test: fast/events/form-iframe-target-before-load-crash.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadWithDocumentLoader):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72817.

    2010-11-29  Gavin Peters  <gavinp@chromium.org>

        Reviewed by Adam Barth.

        Web page can prevent WebKit from loading subresources on other
        pages (cache poisoning)
        https://bugs.webkit.org/show_bug.cgi?id=35404

        Tests: http/tests/misc/unloadable-script.html
               loader/reload-subresource-when-type-changes.html

        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::requestResource):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72969.

    2010-11-30  Chris Guillory  <chris.guillory@google.com>

        Reviewed by Chris Fleizach.

        Computing style on a stale node while sending pending accessibility notification.
        https://bugs.webkit.org/show_bug.cgi?id=50162

        Retain node pointer members of AccessibilityImageMapLink.

        Test: accessibility/image-map-title-causes-crash.html

        * accessibility/AccessibilityImageMapLink.cpp:
        (WebCore::AccessibilityImageMapLink::parentObject):
        (WebCore::AccessibilityImageMapLink::anchorElement):
        (WebCore::AccessibilityImageMapLink::url):
        (WebCore::AccessibilityImageMapLink::elementRect):
        * accessibility/AccessibilityImageMapLink.h:
        (WebCore::AccessibilityImageMapLink::areaElement):
        (WebCore::AccessibilityImageMapLink::mapElement):
        (WebCore::AccessibilityImageMapLink::node):
        * dom/Document.cpp:
        (WebCore::Document::clearAXObjectCache):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r60992.

    2010-06-10  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Shinichiro Hamaji.

        Fix Bug 40452: REGRESSION: printing is broken if stylesheet has @page
        https://bugs.webkit.org/show_bug.cgi?id=40452

        Test: printing/page-rule-in-media-query.html

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSRuleSet::addRulesFromSheet):
        (WebCore::CSSRuleSet::addStyleRule):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r68923.

    2010-10-01  Enrica Casucci  <enrica@apple.com>

        Reviewed by Darin Adler.

        DOMFocusIn/DOMFocusOut return focusin/focusout Event.type
        https://bugs.webkit.org/show_bug.cgi?id=42580
        <rdar://problem/8107311>
        
        This change removes the aliased type machinery from the Event class.
        We now fire the event with the new name and the oldname.
        
        Tests: Modified fast/events/focusinout.html to check the event
        type.

        * dom/Document.cpp:
        (WebCore::Document::setFocusedNode):
        * dom/Event.cpp: Removed aliasedType and hasAliasedType.
        * dom/Event.h: Removed aliasedType and hasAliasedType.
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::fireEventListeners): Removed aliasedType related code.

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r74286.

    2010-12-17  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Chris Marrin.

        Interrupted accelerated animation can break later transitions
        <rdar://problem/8767714>
        https://bugs.webkit.org/show_bug.cgi?id=51264
        
        If we're still waiting for the 'animationDidStart' callback when renderers
        get destroyed, then the m_waitingForStartTimeResponse flag could be left
        set to 'true', which causes later transitions to never start.
        
        Fix by clearing the m_waitingForStartTimeResponse flag when the m_startTimeResponseWaiters
        becomes empty.

        Test: transitions/interrupted-accelerated-transition.html

        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::removeFromStartTimeResponseWaitList):

2010-12-17  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Chris Marrin.

        Interrupted accelerated animation can break later transitions
        https://bugs.webkit.org/show_bug.cgi?id=51264

        Step 1: code cleanup.
        Rename "responseWait" variables to "startTimeResponseWait", to make it clear
        the kind of response that is being waited for.
        
        Make a couple of methods private.
        
        No behavioral changes, so no tests.

        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::AnimationControllerPrivate):
        (WebCore::AnimationControllerPrivate::endAnimationUpdate):
        (WebCore::AnimationControllerPrivate::receivedStartTimeResponse):
        (WebCore::AnimationControllerPrivate::addToStartTimeResponseWaitList):
        (WebCore::AnimationControllerPrivate::removeFromStartTimeResponseWaitList):
        (WebCore::AnimationControllerPrivate::startTimeResponse):
        * page/animation/AnimationControllerPrivate.h:

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72644.

    2010-11-22  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        r71925 broke the chrome new tab page. r71925 blocked drag and drop
        of same security origin objects onto themselves if their origin is
        marked unique. We need to allow drag and drop in that scenario.
        https://bugs.webkit.org/show_bug.cgi?id=49098

        Test: http/tests/security/drag-drop-same-unique-origin.html

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canReceiveDragData):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r71925.

    2010-11-11  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        Not allow drag and drop across different origins.
        https://bugs.webkit.org/show_bug.cgi?id=49098

        Test: http/tests/security/drag-drop-different-origin.html

        * page/DragController.cpp:
        (WebCore::DragController::tryDocumentDrag):
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canDropOnTarget):
        * page/SecurityOrigin.h:

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72013.

    2010-11-14  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Event dispatch call can blow away the node's renderer initialized
        before the call in updateSelectionForMouseDrag function. We need
        to initialize it after the call.
        https://bugs.webkit.org/show_bug.cgi?id=49524

        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateSelectionForMouseDrag):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r70473.

    2010-10-25  Cris Neckar  <cdn@chromium.org>

        Reviewed by Dimitri Glazkov.

        Added check to ensure that events with the type "mousedown" are mouse events before dispatching.
        https://bugs.webkit.org/show_bug.cgi?id=48159

        Test: fast/events/keyboardevent-mousedown-crash.html

        * dom/Node.cpp:
        (WebCore::Node::defaultEventHandler):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r70550.

    2010-10-26  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Added checks to ensure that events types are right before casting. 
        https://bugs.webkit.org/show_bug.cgi?id=48345

        * html/ImageDocument.cpp:
        (WebCore::ImageEventListener::handleEvent):
        * inspector/InspectorDOMStorageResource.cpp:
        (WebCore::InspectorDOMStorageResource::handleEvent):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72304.

    2010-11-16  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Carlson.

        REGRESSION (Safari 5.0.1): HTML5 videos on YouTube never start playing on Windows
        https://bugs.webkit.org/show_bug.cgi?id=44439
        <rdar://problem/8342407>
        
        setUpCookiesForQuickTime() previously depended on having setFrameView() called first
        in order to get a Frame, and when it wasn't set, the cookie-copy failed.  Now, 
        setUpCookiesForQuickTime uses the MediaPlayerClient function mediaPlayerOwningDocument() 
        to retrieve the document and subsequently, the Frame.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::setUpCookiesForQuickTime):

2010-10-19  Yongjun Zhang  <yongjun_zhang@apple.com>

        <rdar://problem/8796252> Use WTF's StringBuffer.h.

        Reviewed by Aaron Golden.

        * css/CSSParser.cpp:
        * dom/Document.cpp:
        * platform/Length.cpp:
        * platform/text/StringBuffer.h: Removed.
        * platform/text/StringBuilder.cpp:
        * platform/text/TextCodecLatin1.cpp:
        * platform/text/TextCodecUTF16.cpp:
        * platform/text/TextCodecUserDefined.cpp:
        * rendering/RenderText.cpp:

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r68715.

    2010-09-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Add additional checks to StringBuilder.
        <rdar://problem/7761248>

        * platform/text/StringBuilder.cpp:
        (WebCore::checkAppend):
        (WebCore::StringBuilder::append):
        (WebCore::StringBuilder::toString):
        (WebCore::StringBuilder::clear):
        (WebCore::StringBuilder::length):
        * platform/text/StringBuilder.h:
        (WebCore::StringBuilder::StringBuilder):
        (WebCore::StringBuilder::setNonNull):
        (WebCore::StringBuilder::isNull):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r61181.

    2010-06-12  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Joe Pecoraro.

        Web Inspector: Should not expose window.console._inspectorCommandLineAPI to the web.

        https://bugs.webkit.org/show_bug.cgi?id=40500

        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor):
        (injectedScriptConstructor.):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r75851.

    2011-01-14  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        WebCore part of <rdar://problem/8441312> Crash in -[NSView _invalidateGStatesForTree]

        * WebCore.exp.in: Export RenderWidget::suspendWidgetHierarchyUpdates() and
        RenderWidget::resumeWidgetHierarchyUpdates().
        * manual-tests/plug-in-mutates-NSView-hierarchy-during-resize.html: Added.
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::setWidgetGeometry): Removed the assertion that widget hierarchy updates
        are disabled. When this assertion was added, this condition was a subset of the “calling out to
        plug-in code is forbidden” condition, hence the assertion was valid. The WebKit part of this
        change now suspends widget hierarchy updates even at times where plug-in code is expected to be
        called, which invalidates the assertion.

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r71426.

    2010-11-04  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=49008
        <rdar://problem/7906226> Frequent crashes on mail.yahoo.co.jp

        Instance::m_runtimeObject used to be zeroed out by RuntimeObject destructor. But the
        destructor may not be called immediately - GC first marks an object as dead, and only 
        destroys it when its cell is overwritten. So, m_runtimeObject would keep pointing to a dead
        object.

        Functions in JSPluginElementFunctions.cpp put the RuntimeObject on stack for later use,
        but if it's already dead, it can be overwritten before use.

        The solution is of course to use WeakGCPtr, which returns 0 for dead objects.

        * bridge/jsc/BridgeJSC.cpp:
        (JSC::Bindings::Instance::Instance):
        (JSC::Bindings::Instance::~Instance):
        (JSC::Bindings::Instance::createRuntimeObject):
        (JSC::Bindings::Instance::willDestroyRuntimeObject):
        (JSC::Bindings::Instance::willInvalidateRuntimeObject):
        * bridge/jsc/BridgeJSC.h:
        * bridge/runtime_object.cpp:
        (JSC::Bindings::RuntimeObject::~RuntimeObject):
        (JSC::Bindings::RuntimeObject::invalidate):

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r72114.

    2010-11-15  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        Harden additional string functions against large lengths
        https://bugs.webkit.org/show_bug.cgi?id=49574

        * platform/text/TextCodecUTF16.cpp:
        (WebCore::TextCodecUTF16::encode): Check for length that is
        too large for size_t.

        * platform/text/TextStream.cpp:
        (WebCore::TextStream::operator<<): Check for length that is
        too large for size_t.

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r71867.

    2010-11-11  Darin Adler  <darin@apple.com>

        Reviewed by Sam Weinig.

        Harden some string functions against large lengths
        https://bugs.webkit.org/show_bug.cgi?id=49293

        * rendering/RenderText.cpp:
        (WebCore::makeCapitalized): Check before incrementing length.

2011-01-27  Mark Rowe  <mrowe@apple.com>

        Merge r74887.

    2011-01-02  Dan Bernstein  <mitz@apple.com>

        Rubber-stamped by Simon Fraser.

        <rdar://problem/8812159> Update copyright strings

        * Info.plist:

2010-10-14  Mark Rowe  <mrowe@apple.com>

        Merge r62683.

    2010-07-06  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Incorrect compositing order with negative z-index
        https://bugs.webkit.org/show_bug.cgi?id=38959
        
        When painting the contents of compositing layers whose phase is "GraphicsLayerPaintBackground"
        (indicating that they are used for the background of elements with negative z-index children),
        we need to paint the non-composited negative-z-order descendants at the end of the background phase, so
        they appear behind composited negative-z-order descendants.

        Test: compositing/z-order/negative-z-index.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintIntoLayer):

2010-10-13  Mark Rowe  <mrowe@apple.com>

        Merge r69596.

    2010-10-12  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Simon Fraser.

        https://bugs.webkit.org/show_bug.cgi?id=47550
        <rdar://problem/8353386> For WebKit plug-ins, beforeload can be called recursively
        (esp. with AdBlock style extensions)

        No test - we don't have a WebKit-style plugin in DRT, and don't care enough to add one.

        The fix is to block plug-in scripting while in beforeload event - the plug-in is obviously
        not available yet, so scripting could only attempt to load it recursively.

        This didn't affect NPAPI plug-ins, because of a completely different code path taken in
        updateWidget(), see <https://bugs.webkit.org/show_bug.cgi?id=44575#c8>.

        * html/HTMLEmbedElement.cpp: (WebCore::HTMLEmbedElement::updateWidget):
        * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::updateWidget):
        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::HTMLPlugInElement):
        (WebCore::HTMLPlugInElement::pluginWidget):
        * html/HTMLPlugInElement.h:

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r60541.

    2010-06-01  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        SVG repaintRect should be empty if content got clipped away
        https://bugs.webkit.org/show_bug.cgi?id=39965
        
        The SVG repaintRect of the renderer was not empty, if the content got clipped away.
        The MaskerData/ClipperData <-> RenderObject mapping is set up during the layout phase now, to be able to
        relayout a RenderObject, if it's repaintRect is empty. This has the following reason:
        We apply the object to the resource on painting at the moment.
        With an empty repaintRect, paint() quits earlier and therefore the object doesn't get applied to the resource.
        This can cause problems, if the resource get changed by animations or scripts.
        On a change, the resource tells all it's callers to relayout.
        If the reference to the caller (our RenderObject) is missing, the object won't ever update
        and therefore won't get drawn.
        We already have LayoutTests that cover this problem. The complete repaintRect calculation
        (including the smallest clipping area and shadow size calculation) moved from the renderers to SVGRenderSupport.
        This eliminates redundant code.

        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::updateCachedBoundaries):
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::repaintRectInLocalCoordinates):
        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::repaintRectInLocalCoordinates):
        * rendering/RenderSVGResource.h:
        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::resourceBoundingBox):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::resourceBoundingBox):
        * rendering/RenderSVGResourceFilter.h:
        * rendering/RenderSVGResourceGradient.h:
        (WebCore::RenderSVGResourceGradient::resourceBoundingBox):
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::resourceBoundingBox):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::resourceBoundingBox):
        * rendering/RenderSVGResourceMasker.h:
        * rendering/RenderSVGResourcePattern.h:
        (WebCore::RenderSVGResourcePattern::resourceBoundingBox):
        * rendering/RenderSVGResourceSolidColor.h:
        (WebCore::RenderSVGResourceSolidColor::resourceBoundingBox):
        * rendering/RenderSVGText.cpp:
        (WebCore::RenderSVGText::strokeBoundingBox):
        (WebCore::RenderSVGText::repaintRectInLocalCoordinates):
        * rendering/SVGRenderSupport.cpp:
        (WebCore::SVGRenderBase::intersectRepaintRectWithResources):
        * rendering/SVGRenderSupport.h:
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeResources):
        * rendering/style/SVGRenderStyle.h:
        (WebCore::SVGRenderStyle::hasClipper):
        (WebCore::SVGRenderStyle::hasMasker):
        (WebCore::SVGRenderStyle::hasFilter):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r59081.

    2010-05-10  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        Further optimization for SVG's repaintRect calculation
        https://bugs.webkit.org/show_bug.cgi?id=38820
        
        This is a further optimization to get smaller repaintRects on SVG objects
        in combination with masker or clipper resources.
        Masker takes the unite of all stroke boundaries of it's childs.
        Both, clipper and masker, store this union to avoid multiple calls of the childs
        and the unite calculations now.
        The unite rect can be transformed to any targets objectBoundingBox, if the content
        unit of the resource is set to objectBoundingBoxMode.
        This speeds up the use of resources with multiple target objects.
        
        No behavior changes, the smaller repaintRects cause updates for DRT results.

        * rendering/RenderSVGResource.h:
        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::invalidateClients):
        (WebCore::RenderSVGResourceClipper::calculateClipContentRepaintRect):
        (WebCore::RenderSVGResourceClipper::resourceBoundingBox):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::resourceBoundingBox):
        * rendering/RenderSVGResourceFilter.h:
        * rendering/RenderSVGResourceGradient.h:
        (WebCore::RenderSVGResourceGradient::resourceBoundingBox):
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::resourceBoundingBox):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::invalidateClients):
        (WebCore::RenderSVGResourceMasker::createMaskImage):
        (WebCore::RenderSVGResourceMasker::calculateMaskContentRepaintRect):
        (WebCore::RenderSVGResourceMasker::resourceBoundingBox):
        * rendering/RenderSVGResourceMasker.h:
        * rendering/RenderSVGResourcePattern.h:
        (WebCore::RenderSVGResourcePattern::resourceBoundingBox):
        * rendering/RenderSVGResourceSolidColor.h:
        (WebCore::RenderSVGResourceSolidColor::resourceBoundingBox):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r66269.

    2010-08-27  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Tony Chang.

        Insertion point does not show when dragging text into an editable area
        https://bugs.webkit.org/show_bug.cgi?id=44295
        
        r65681 caused the caret to use the last-computed caret rect when
        painting, rather than forcing a style update. Because of this,
        we now need to eagerly update the caret rect when changing
        the drag selection.
        
        Not testable in DRT because the drag selection is always cleared
        before EventSender returns, so the drag caret can never show in
        the pixel results.

        Tested by running editing/selection/drag-in-iframe.html manually.

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::setSelection):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r65934.

    2010-08-24  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Tony Chang.

        After r65681, caret no longer displays promptly while editing form fields
        https://bugs.webkit.org/show_bug.cgi?id=44294
        
        The caret no longer eagerly updates its rect on every paint, so we have
        to manually update it after scrolling the selection into view when
        the selection changes.
        
        Tested by the pixel results of fast/forms/input-text-scroll-left-on-blur.html

        * page/Frame.cpp:
        (WebCore::Frame::revealSelection):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r65683.

    2010-08-19  Simon Fraser  <simon.fraser@apple.com>

        Fix Chromium build.
        
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::attributeChanged):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r65681.

    2010-08-19  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Nikolas Zimmermann.

        HTMLElement::isContentEditable() can cause an updateStyleIfNeeded() to happen in the middle of layout
        https://bugs.webkit.org/show_bug.cgi?id=21834
        <rdar://problem/8093653&8261394>
        
        If we're in the middle of layout, or painting, and something causes updateStyleIfNeeded() to
        get called, then we can end up entering recalcStyle() during layout or painting. This is bad
        because it can create/destry the renderers and RenderLayers which are in use by layout/painting.
        This is the cause of a number of random crashers, some of which show up more frequently
        in content which uses accelerated compositing.
        
        The changes here:
        1. Add an assertion in Document::updateStyleIfNeeded() that we are not laying out or painting.
        2. Remove calls to updateStyleIfNeeded() in editing and caret painting code
        3. Pass along information to CTM and BBox-related SVG methods to indicate whether it's safe
           to update style.

        Tested by new assertions and existing tests.

        * dom/Document.cpp:
        (WebCore::Document::updateStyleIfNeeded): New assertion that we are not mid-layout or painting.
        (WebCore::command): Call updateStyleIfNeeded() to ensure that subsequent calls to isContentEditable()
        return the correct result.

        * dom/Element.cpp:
        (WebCore::Element::focus): Move the supportsFocus() call to after style has been updated.

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::localCaretRect):
        (WebCore::SelectionController::caretRepaintRect):
        (WebCore::SelectionController::paintCaret):
        * editing/SelectionController.h:
        (WebCore::SelectionController::localCaretRectForPainting): When painting, use localCaretRectForPainting()
        which does not update style. Make localCaretRect() non-const so allowing it to update style without ugly casts.

        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::isContentEditable): Don't call updateStyleIfNeeded() here.
        (WebCore::HTMLElement::isContentRichlyEditable): Ditto.
        (WebCore::HTMLElement::contentEditable): Ditto.

        * page/FrameView.h:
        (WebCore::FrameView::isMidLayout): New accessor, used for asserting.

        * rendering/RenderPath.cpp:
        (WebCore::fillAndStrokePath): Pass DisallowStyleUpdate to getScreenCTM since we are painting.
        * rendering/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::transformOnNonScalingStroke): This is only called when
        painting, so use DisallowStyleUpdate.

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::attributeChanged): Changes to the style attribute should not have
        side effects, since a call to Element::getAttribute() is allowed to result in a call to
        setAttribute() for the style attribute. To avoid updateStyleIfNeeded() during painting,
        this must not cause SVG to do extra work.

        * svg/SVGLocatable.cpp: Pass StyleUpdateStrategy down to these methods to indicate
        whether it's OK to update style.
        (WebCore::SVGLocatable::getBBox):
        (WebCore::SVGLocatable::computeCTM):
        (WebCore::SVGLocatable::getTransformToElement):
        * svg/SVGLocatable.h:
        (WebCore::SVGLocatable::):
        * svg/SVGStyledLocatableElement.cpp:
        (WebCore::SVGStyledLocatableElement::getBBox):
        (WebCore::SVGStyledLocatableElement::getCTM):
        (WebCore::SVGStyledLocatableElement::getScreenCTM):
        * svg/SVGStyledLocatableElement.h:
        * svg/SVGStyledTransformableElement.cpp:
        (WebCore::SVGStyledTransformableElement::getCTM):
        (WebCore::SVGStyledTransformableElement::getScreenCTM):
        (WebCore::SVGStyledTransformableElement::getBBox):
        * svg/SVGStyledTransformableElement.h:
        * svg/SVGTextElement.cpp:
        (WebCore::SVGTextElement::getBBox):
        (WebCore::SVGTextElement::getCTM):
        (WebCore::SVGTextElement::getScreenCTM):
        * svg/SVGTextElement.h:

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r67281.

    2010-09-10  Dan Bernstein  <mitz@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8414282> Can’t dynamically change first-letter to/from floating

        Test: fast/dynamic/first-letter-display-change.html

        * rendering/RenderBlock.cpp:
        (WebCore::styleForFirstLetter): Factored this helper function out.
        (WebCore::RenderBlock::updateFirstLetter): Renamed variables so that the
        “update style” and “create new” branches use the same terminology. In the
        update case, if the style change requires a new renderer, handle it.
        * rendering/RenderTextFragment.h:
        (WebCore::toRenderTextFragment): Added.

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r63048.

    2010-07-10  Dan Bernstein  <mitz@apple.com>

        Reviewed by Anders Carlsson.

        <rdar://problem/8153214> Continuation outlines in layers do not paint correctly

        Test: fast/inline/continuation-outlines-with-layers-2.html

        Continuation outlines are normally painted by the containing block. However, when the
        block and the inline are not enclosed by the same self-painting layer, the inline has to
        paint its own outlines. This was handled correctly only for the case where the inline had
        its own self-painting layer, but now when an ancestor inline had the self-painting layer.

        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::paint): Instead of testing for having a self-painting layer, test
        whether any intermediate box between the inline and the containing block has a self-painting
        layer.
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintObject): Ditto.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::enclosingBoxModelObject): Added this utility method.
        * rendering/RenderObject.h:

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r68705.

    2010-09-29  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin Adler.

        Add additional check to Text::wholeText.
        <rdar://problem/8304795>

        * dom/Text.cpp:
        (WebCore::Text::wholeText):

2010-10-01  Mark Rowe  <mrowe@apple.com>

        Merge r68727.

    2010-09-29  Enrica Casucci  <enrica@apple.com>

        Reviewed by Darin Adler.

        Crash at lineBreakExistsAtPosition + 125
        <rdar://problem/7028809> 
        https://bugs.webkit.org/show_bug.cgi?id=46770
        
        lineBreakExistsAtPosition is called from InsertTextCommand::input,
        where we compute the downstream position of the endingSelection().
        Downstream can return the original position, that comes from a VisibleSelection
        but there is no guarantee that its renderer is still there. Everywhere we dereference
        a renderer we check if it's null.
        
        There is no regression test.
        
        * editing/htmlediting.cpp:
        (WebCore::lineBreakExistsAtPosition): Added check that the renderer is not null
        before dereferencing it.

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68340.

    2010-09-25  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Nikolas Zimmermann.

        Fix the macro to bail out after setting the SVG style to 'initial'. Check that color is
        SVGColor before calling colorFromSVGColorCSSValue which makes sure we don't set invalid
        color. Also, doing the static cast in the caller and keeping the function
        colorFromSVGColorCSSValue clean to accept only take SVGColor objects.
        
        https://bugs.webkit.org/show_bug.cgi?id=46471

        Test: svg/css/invalid-color-crash.svg

        * css/SVGCSSStyleSelector.cpp:
        (WebCore::colorFromSVGColorCSSValue):
        (WebCore::CSSStyleSelector::applySVGProperty):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r66028.

    2010-08-25  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Flash content draws in front of site's drop down menu at http://www.monster.com/
        https://bugs.webkit.org/show_bug.cgi?id=41330
        
        If an iframe with composited content became overlapped, we failed to
        consider that iframe for compositing if it had no RenderLayer, so the layering
        would be incorrect.
        
        Overlap is detected at painting time, but it's bad for FrameView::setIsOverlapped()
        to call setNeedsStyleRecalc(), because this would cause subsequent calls to
        FrameView::paintContents() in the same painting batch to bail with needsLayout().
        
        Instead, we do the setNeedsStyleRecalc() from RenderLayerCompositor::notifyIFramesOfCompositingChange(),
        so that the parent document has a chance to update style, and give the iframe a RenderLayer.
        Then setIsOverlapped() simply needs to schedule a layer update, which we do on a timer.
        
        When dumping layers via Frame::layerTreeAsText(), if a layer update is pending, then
        update the layers.
        
        Test: compositing/iframes/become-overlapped-iframe.html

        * page/Frame.cpp:
        (WebCore::Frame::layerTreeAsText):
        * page/FrameView.cpp:
        (WebCore::FrameView::setIsOverlapped):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::scheduleCompositingLayerUpdate):
        (WebCore::RenderLayerCompositor::compositingLayerUpdatePending):
        (WebCore::RenderLayerCompositor::updateCompositingLayersTimerFired):
        (WebCore::RenderLayerCompositor::updateCompositingLayers):
        (WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange):
        * rendering/RenderLayerCompositor.h:

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r67288.

    2010-09-10  Jer Noble  <jer.noble@apple.com>

        No review; build fix only.

        <CoreGraphics/CGAffineTransform.h> isn't on the build bots either.  Wrap
        all references to m_movieTransform in #if USE(ACCELERATED_COMPOSITING) guards.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::MediaPlayerPrivateQuickTimeVisualContext):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::naturalSize):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveAndResetMovieTransform):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h:

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r67286.

    2010-09-10  Jer Noble  <jer.noble@apple.com>

        No review; build fix only.

        <CoreGraphics/CGFloat.h> does not exist on the build bots.  Replace
        instances of CGFAbs() with abs().

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::naturalSize):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r67285.

    2010-09-10  Jer Noble  <jer.noble@apple.com>

        Reviewed by Simon Fraser.

        Movies with track or movie matrices don't display in <video> elements (Safari 5/Windows)
        https://bugs.webkit.org/show_bug.cgi?id=45333
        rdar://problem/81333126

        QuickTime will refuse to decode video frames for movies whose movie and track matrices
        are non-identity.  To work around this problem, extract the movie and track matrices
        from the movie, and set that matrix on the video layer instead.

        * WebCore.vcproj/QTMovieWin.vcproj:
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::LayoutClient::LayoutClient): Added.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::LayoutClient::layoutSublayersOfLayer):
            Layout the video layer according to its superlayer's size.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::MediaPlayerPrivateQuickTimeVisualContext):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::platformLayer):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::naturalSize):
            Apply the m_movieTransform to the size reported by QTMovie.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveAndResetMovieTransform):
            Calculate m_movieTransform and reset the movie and track matrices in the movie.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::createLayerForMovie):
            Create two nested layers instead of one.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::destroyLayerForMovie):
            Make sure to remove m_qtVideoLayer from any superlayer before dereferencing it.
        * platform/graphics/win/QTMovie.cpp:
        (QTMovie::videoTracks): Added.
        (QTMovie::getTransform): Added.
        (QTMovie::setTransform): Added.
        (QTMovie::resetTransform): Added.
        * platform/graphics/win/QTMovie.h:
        * platform/graphics/win/QTTrack.cpp: Added.
        * platform/graphics/win/QTTrack.h: Added.
        * platform/graphics/win/WKCACFLayer.cpp:
        (WebCore::WKCACFLayer::setBounds): Call setNeedsLayout() if a layoutClient is present.
        (WebCore::WKCACFLayer::setFrame): Call setNeedsLayout() if a layoutClient is present.

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68278.

    2010-09-24  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Simon Fraser.

        Comply with spec by generalizing container on which transforms can be applied.
        https://bugs.webkit.org/show_bug.cgi?id=46485

        Already covered by existing tests.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::getTransformFromContainer):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68158.

    2010-09-23  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Fix the memory safety issue by checking containerObject is a RenderBox
        before doing the transforms.
        https://bugs.webkit.org/show_bug.cgi?id=46365

        Test: compositing/overflow/get-transform-from-non-box-container.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::getTransformFromContainer):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68485.

    2010-09-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dan Bernstein.

        When the block RunIn is destroyed, its line box tree is not deleted. As a result, it
        gets later used during dirtying of inline text boxes step where this deleted parent is
        accessed. The fix is to delete the line box tree before destroying the runin block.

        https://bugs.webkit.org/show_bug.cgi?id=46376

        Test: fast/text/dirty-inline-textbox-crash.html

        * rendering/RenderText.cpp:
        (WebCore::RenderText::dirtyLineBoxes):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68408.

    2010-09-27  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Fix memory safety issue during positioning list marker as a result of assuming 
        that list item's parent can always be casted to a RenderBox. The display of the parent
        can be manipluated using css as Inline which causes a bad cast.

        https://bugs.webkit.org/show_bug.cgi?id=46384

        Test: fast/lists/parent-box-not-box-crash.html

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::positionListMarker):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::layout):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r64780.

    2010-08-05  Tony Chang  <tony@chromium.org>

        Reviewed by David Hyatt.

        Fix a crash when a hidden iframe with a custom scrollbar finishes loading an image.
        https://bugs.webkit.org/show_bug.cgi?id=42724

        Test: scrollbars/hidden-iframe-scrollbar-crash2.html

        * page/FrameView.cpp:
        (WebCore::FrameView::createScrollbar):
        * rendering/RenderScrollbar.cpp:
        (WebCore::RenderScrollbar::createCustomScrollbar): Pass in Frame
        (WebCore::RenderScrollbar::RenderScrollbar): Pass in Frame
        (WebCore::RenderScrollbar::owningRenderer): Use the frame to get the RenderBox
        (WebCore::RenderScrollbar::getScrollbarPseudoStyle):
        (WebCore::RenderScrollbar::updateScrollbarParts):
        (WebCore::RenderScrollbar::updateScrollbarPart):
        * rendering/RenderScrollbar.h:
        * rendering/RenderScrollbarPart.cpp:
        (WebCore::RenderScrollbarPart::computeScrollbarWidth): null check
        (WebCore::RenderScrollbarPart::computeScrollbarHeight): null check

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r65900.

    2010-08-23  Sam Weinig  <sam@webkit.org>

        Reviewed by Adam Barth.

        Fix for <rdar://problem/8153271> and <rdar://problem/8153288> 
        Change behavior of javascript: urls in <embed> and <object> back to 
        how they behaved before r50698.

        Tests: fast/loader/javascript-url-in-embed.html
               fast/loader/javascript-url-in-object.html

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestFrame):
        (WebCore::SubframeLoader::requestObject):
        (WebCore::SubframeLoader::loadOrRedirectSubframe):
        * loader/SubframeLoader.h:

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68096.

    2010-09-22  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=46222
        <rdar://problem/8461701> Document.getElementById() malfunctions if ID was changed via Attr node modification.

        Test: fast/dom/Attr/change-id-via-attr-node-value.html

        * dom/Attr.h:
        * dom/Attr.cpp:
        (WebCore::Attr::setValue): Separated a version callable from WebCore from one avaiable to JS.
        Attr::setValue() can be called from Element::setAttribute(), and we don't want to update
        m_elementsById (or to call attributeChanged()) twice in that case.
        (WebCore::Attr::childrenChanged): If Attr's node children change, id changes.

        * dom/Document.cpp: (WebCore::Document::removeElementById): Added an assertion that we are
        not trying to remove something that isn't there. If we are, we probably failed to update
        m_elementsById earlier.

        * dom/Element.cpp: (WebCore::Element::setAttribute): If the attribute has an Attr node, its
        children should be updated to match attribute value.

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r61709.

    2010-06-23  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Kenneth Rohde Christiansen.

        Firing the onchange event on select which changes its size > 1 causes the select
        object to change from a menulist to a listbox. However, when propogating the events,
        we do a bad cast assuming the object will remain a menulist. Added proper checks to
        make sure we check the renderer after the onchange is fired and propogate the event
        based on correct object type.
        https://bugs.webkit.org/show_bug.cgi?id=40828 

        Test: fast/events/select-onchange-crash.html

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::setSelectedIndex):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r62873.

    2010-07-02  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Adam Barth.

        Crash in RenderObject::containingBlock when clearing selection in a display:none node.
        https://bugs.webkit.org/show_bug.cgi?id=41523

        updateStyleIfNeeded before clearing the selection in the RenderView. Otherwise,
        m_selectionStart and m_selectionEnd in RenderView point to garbage object.
        This fixes the crash because updateStyleIfNeeded clears the selection before
        clobbering nodes that contain the selection.

        Test: editing/selection/crash-on-clear-selection.html

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::updateAppearance):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r67967.

    2010-09-21  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Take isValueList() checks out of the asserts for memory safety.
        https://bugs.webkit.org/show_bug.cgi?id=46194

        Test: editing/execCommand/apply-style-text-decoration-crash.html

        * editing/ApplyStyleCommand.cpp:
        (WebCore::StyleChange::extractTextStyles):
        (WebCore::ApplyStyleCommand::applyInlineStyleToPushDown):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r68461.

    2010-09-27  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        CrashTracer: 1,803 crashes in Safari at com.apple.WebCore: -[AccessibilityObjectWrapper accessibilityIsIgnored] + 56
        https://bugs.webkit.org/show_bug.cgi?id=46662

        Before calling updateBackingStore(), the wrapper object needs to be retained, lest it be invalidated during
        the updateBackingStore call. This consolidates all calls to updateBackingStore().

        Test: platform/mac/accessibility/removing-textarea-after-edit-crash.html

        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::AXObjectCache::postPlatformNotification):
            Use an ASSERT here to catch the crash because DRT won't cause AppKit to post notifications.
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper prepareAccessibilityMethod]):
        (-[AccessibilityObjectWrapper accessibilityActionNames]):
        (-[AccessibilityObjectWrapper accessibilityAttributeNames]):
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:]):
        (-[AccessibilityObjectWrapper accessibilityFocusedUIElement]):
        (-[AccessibilityObjectWrapper accessibilityHitTest:]):
        (-[AccessibilityObjectWrapper accessibilityIsAttributeSettable:]):
        (-[AccessibilityObjectWrapper accessibilityIsIgnored]):
        (-[AccessibilityObjectWrapper accessibilityParameterizedAttributeNames]):
        (-[AccessibilityObjectWrapper accessibilityPerformPressAction]):
        (-[AccessibilityObjectWrapper accessibilityPerformIncrementAction]):
        (-[AccessibilityObjectWrapper accessibilityPerformDecrementAction]):
        (-[AccessibilityObjectWrapper accessibilityPerformAction:]):
        (-[AccessibilityObjectWrapper accessibilitySetValue:forAttribute:]):
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        (-[AccessibilityObjectWrapper accessibilityIndexOfChild:]):
        (-[AccessibilityObjectWrapper accessibilityArrayAttributeCount:]):
        (-[AccessibilityObjectWrapper accessibilityArrayAttributeValues:index:maxCount:]):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r67407.

    2010-09-13  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        CrashTracer: 874 crashes in Safari at com.apple.WebCore: WebCore::AccessibilityTable::isTableExposableThroughAccessibility + 663
        https://bugs.webkit.org/show_bug.cgi?id=45697

        Inside of AccessibilityTableRow, parentTable() should not use getOrCreate() on the parent table, because the render table may
        be in a bad state and accessing internal variables can lead to a crash.

        Test: platform/mac/accessibility/updating-attribute-in-table-row-crash.html

        * accessibility/AccessibilityTableRow.cpp:
        (WebCore::AccessibilityTableRow::parentTable):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r61622.

    2010-06-22  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        AX: If an element that is a continuation is removed, its parent tree is not notified appropriately that their children have changed
        https://bugs.webkit.org/show_bug.cgi?id=41000

        Test: accessibility/removed-continuation-element-causes-crash.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::updateChildrenIfNecessary):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::childrenChanged):
        (WebCore::AccessibilityRenderObject::addChildren):
        * accessibility/AccessibilityRenderObject.h:

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r65313.

    2010-08-13  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        flaky websocket/tests/frame-length-overflow.html
        https://bugs.webkit.org/show_bug.cgi?id=43902

        Add m_shouldDiscardReceivedData flag to indicate it will no longer
        receive data from network.

        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::WebSocketChannel):
        (WebCore::WebSocketChannel::didReceiveData):
        (WebCore::WebSocketChannel::didFail):
        (WebCore::WebSocketChannel::processBuffer):
        - when frame length overflows, we couldn't process data any more.
          clear buffer and mark m_shouldDiscardReceivedData true to make sure
          it doesn't process the same buffer again.
        * websockets/WebSocketChannel.h:

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r65135.

    2010-08-11  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Fix length calculation to be more robust.
        https://bugs.webkit.org/show_bug.cgi?id=43777

        Test: websocket/tests/frame-length-overflow.html

        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::appendToBuffer): len is size_t.
         - add sanity check for integer wraps.
        (WebCore::WebSocketChannel::skipBuffer): len is size_t.
        (WebCore::WebSocketChannel::processBuffer): length is size_t.
         - add sanity check for integer wraps.
        * websockets/WebSocketChannel.h: change m_bufferSize and len to size_t.

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r63138.

    2010-07-12  Tony Chang  <tony@chromium.org>

        Reviewed by David Hyatt.

        crash in FrameView::detachCustomScrollbars
        https://bugs.webkit.org/show_bug.cgi?id=41196

        Test: scrollbars/hidden-iframe-scrollbar-crash.html

        * page/FrameView.cpp:
        (WebCore::FrameView::detachCustomScrollbars):

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r63836.

    2010-07-21  Alexey Proskuryakov  <ap@apple.com>

        Unreviewed Windows build fix.

        https://bugs.webkit.org/show_bug.cgi?id=42717
        <rdar://problem/7062824> A wrong password entered for site or proxy auth remains in WebCore
        credential storage, and is sent with subsequent requests

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): Don't use that direct a
        copy/paste, oops!

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r63834.

    2010-07-20  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=42717
        <rdar://problem/7062824> A wrong password entered for site or proxy auth remains in WebCore
        credential storage, and is sent with subsequent requests

        Tests: http/tests/security/401-logout/401-logout.php
               http/tests/xmlhttprequest/remember-bad-password.html

        * platform/network/CredentialStorage.cpp: (WebCore::CredentialStorage::remove):
        * platform/network/CredentialStorage.h:
        Added a way to remove stored credentials for a given protection space.

        * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        Remove stored credentials if they didn't work the first time.

2010-09-29  Mark Rowe  <mrowe@apple.com>

        Merge r59185.

    2010-05-11  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Brady Eidson.

        https://bugs.webkit.org/show_bug.cgi?id=37989
        Safari (still) doesn't always send basic credentials preemptively

        Test: http/tests/xmlhttprequest/basic-auth-default.html

        After fetching credentials from WebCore storage, put them back right away. This will add
        default credentials for the directory, since this may be the first time we learn about its
        associated protection space.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (WebCore::WebCoreSynchronousLoader::didReceiveChallenge):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::didReceiveAuthenticationChallenge):
        (-[WebCoreSynchronousLoader connection:didReceiveAuthenticationChallenge:]):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r67236.

    2010-09-10  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Darin Adler.

        SVGGElement::rendererIsNeeded should return false when parent isn't SVG
        https://bugs.webkit.org/show_bug.cgi?id=45562

        Test: svg/custom/g-outside-svg.html

        * svg/SVGGElement.cpp:
        (WebCore::SVGGElement::rendererIsNeeded):
        * svg/SVGGElement.h:

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r63865.

    2010-07-21  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Oliver Hunt.

        Prevent DeleteButtonController enable state from changing when not editing
        https://bugs.webkit.org/show_bug.cgi?id=42659

        Test: svg/custom/use-invalid-html.xhtml

        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::cloneChildNodes):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r65329.

    2010-08-13  Steve Block  <steveblock@google.com>

        Reviewed by Alexey Proskuryakov.

        Geolocation activity started after frame has been disconnected can cause crash
        https://bugs.webkit.org/show_bug.cgi?id=39879

        New requests started after the Frame has been disconnected are ignored. We do
        not invoke the error callback as this would allow buggy or malicious pages to
        hose the CPU. Such a page could hold a reference to a Geolocation object from
        a since closed Page and register new requests from the error callback to
        create an infinite loop.

        Tests: fast/dom/Geolocation/disconnected-frame-already.html

        * page/Geolocation.cpp:

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r60608.

    2010-06-02  Darin Fisher  <darin@chromium.org>

        Reviewed by Brady Eidson.

        location.href and outgoing referrer not updated properly by
        pushState/replaceState
        https://bugs.webkit.org/show_bug.cgi?id=40027

        Tests: fast/loader/stateobjects/pushstate-updates-location.html
               fast/loader/stateobjects/replacestate-updates-location.html
               http/tests/navigation/pushstate-updates-referrer.html
               http/tests/navigation/replacestate-updates-referrer.html

        * dom/Document.cpp:
        (WebCore::Document::updateURLForPushOrReplaceState):
        Update the FrameLoader's notion of the current URL as well!

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadInSameDocument):
        Use the 'url' parameter instead of m_URL since m_URL might have
        changed during the handling of the PopState event.  Eventually,
        this will become irrelevant since the PopState event should be
        dispatched asynchronously, but just in case we patch HashChange
        to be asynchronous before PopState, this change would be needed.

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r66911.

    2010-09-07  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Darin Adler.

        Remove redundant bounds check in originalText(). Add bounds check
        to previousCharacter(). No need of start() > 0 check since m_start
        is unsigned and we already do start() null check inside function.
        https://bugs.webkit.org/show_bug.cgi?id=45303

        Test: fast/text/one-letter-transform-crash.html

        * rendering/RenderTextFragment.cpp:
        (WebCore::RenderTextFragment::originalText):
        (WebCore::RenderTextFragment::previousCharacter):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r66052.

    2010-08-25  Cris Neckar  <cdn@chromium.org>

        Reviewed by Darin Adler.

        Added abort condition for RenderCounters when traversing a detached render tree.
        https://bugs.webkit.org/show_bug.cgi?id=43812

        Test: fast/css/counters/counter-traverse-object-crash.html

        * rendering/RenderCounter.cpp:
        (WebCore::findPlaceForCounter):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r64158.

    2010-07-27  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Darin Adler.

        Incomplete repaint of some Safari extension content which falls into a composited iframe
        <rdar://problem/8235044>
        
        syncCompositingStateRecursive() bails if it thinks that a layout is pending, because
        the layout may update layers and make this sync obsolete. However, it only checked for an
        active layout timer. This ignores other sources of pending style changes and layouts, like
        the document's style recalc timer. So use needsLayout(), which does check this.

        Unable to create a test because it depends on Safari extension behavior.

        * page/FrameView.cpp:
        (WebCore::FrameView::syncCompositingStateRecursive):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r65748.

    2010-08-20  Tony Chang  <tony@chromium.org>

        Reviewed by Adam Barth.

        crash when trying to access a stale Node pointer in FocusController::setFocusedNode
        https://bugs.webkit.org/show_bug.cgi?id=44226

        Test: fast/events/focus-change-crash2.html

        * page/FocusController.cpp:
        (WebCore::FocusController::setFocusedNode): add a ref to prevent the focused node from being deleted

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r65090.

    2010-08-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Hyatt.

        Take checks for ruby base existence out of the ASSERTs.
        https://bugs.webkit.org/show_bug.cgi?id=43795

        Test: fast/ruby/ruby-remove-no-base.html

        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::addChild):
        (WebCore::RenderRubyRun::removeChild):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r65280.

    2010-08-12  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dumitru Daniliuc.

        Clear PluginData's page pointer on page refresh
        https://bugs.webkit.org/show_bug.cgi?id=43888

        Test: plugins/access-after-page-destroyed.html

        * page/Page.cpp:
        (WebCore::Page::refreshPlugins):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r64293.

    2010-07-28  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Nate Chapin.

        Clear PluginData's page pointer on Page destruction
        https://bugs.webkit.org/show_bug.cgi?id=43147

        Test: plugins/access-after-page-destroyed.html

        * page/Page.cpp:
        (WebCore::Page::~Page):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r63622.

    2010-07-17  TJ Lee  <tjlee0909@gmail.com>

        Reviewed by Timothy Hatcher.

        HTMLLinkElement ignores dnsPrefetchingEnabled setting
        https://bugs.webkit.org/show_bug.cgi?id=42500

        Changed the HTML Link tag to check that the browser
        has DNS-prefetching enabled before calling ResourceHandle::prepareForURL.

        There are no test cases for this patch because it was unclear how to test
        this using a layout test. A possible test case would be to
        clear the DNS cache on the client's machine before loading a page with
        <link rel="dns-prefetch" href="SomeSiteThatsNotTheCurrentOne.com"> and
        then check the number of DNS cache entries.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::process):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r64077.

    2010-07-26  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Darin Fisher.

        Check history state against origin before setting
        https://bugs.webkit.org/show_bug.cgi?id=42858

        Tests: fast/loader/stateobjects/replacestate-base-illegal.html
               fast/loader/stateobjects/replacestate-base-legal.html

        * page/History.cpp:
        (WebCore::History::urlForState):
        (WebCore::History::stateObjectAdded):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r63773.

    2010-07-20  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Hyatt.

        Check the node is a text node before doing the static cast
        for editing commands.
        https://bugs.webkit.org/show_bug.cgi?id=42655

        Test: editing/execCommand/editing-nontext-node-crash.xhtml

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::fixupWhitespace):
        * editing/InsertLineBreakCommand.cpp:
        (WebCore::InsertLineBreakCommand::doApply):
        * editing/InsertParagraphSeparatorCommand.cpp:
        (WebCore::InsertParagraphSeparatorCommand::doApply):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r64083.

    2010-07-26  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Applying inline style to a text node whose parent is an inline editable root causes crash
        https://bugs.webkit.org/show_bug.cgi?id=39989

        The crash was caused by splitTextElementAtStart and splitTextElementAtEnd assuming that the parent
        and the grandparent of the specified text node is editable.

        Modified splitTextElementAtStart and splitTextElementAtEnd so that they call splitTextAtStart
        and splitTextAtEnd respectively when the grandparent is not editable.

        Also modified SplitTextNodeContainingElement to exit early if the grandparent of m_text is not editable.

        Test: editing/style/style-text-node-without-editable-parent.html

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::splitTextElementAtStart):
        (WebCore::ApplyStyleCommand::splitTextElementAtEnd):
        * editing/SplitTextNodeContainingElementCommand.cpp:
        (WebCore::SplitTextNodeContainingElementCommand::doApply):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r64028.

    2010-07-25  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Kent Tamura.

        splitTextAt*IfNeed and splitTextElementAt*IfNeed need to be cleaned up
        https://bugs.webkit.org/show_bug.cgi?id=42937

        Isolated the code to decide whether or not text node should be split into isValidCaretPositionInTextNode.
        Moved the condition check out of *IfNeeded methods to applyRelativeFontStyleChange and applyInlineStyle.

        No new tests added since this is a clean up.

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): Uses isValidCaretPositionInTextNode.
        (WebCore::ApplyStyleCommand::applyInlineStyle): Uses isValidCaretPositionInTextNode.
        (WebCore::ApplyStyleCommand::splitTextAtStart): Renamed from splitTextAtStartIfNeeded.
        (WebCore::ApplyStyleCommand::splitTextAtEnd): Renamed from splitTextAtEndIfNeeded.
        (WebCore::ApplyStyleCommand::splitTextElementAtStart): Renamed from splitTextElementAtStartIfNeeded.
        (WebCore::ApplyStyleCommand::splitTextElementAtEnd): Renamed from splitTextElementAtEndIfNeeded.
        (WebCore::ApplyStyleCommand::isValidCaretPositionInTextNode): Returns true if the position lies within a text node.
        * editing/ApplyStyleCommand.h:

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r65826.

    2010-08-23  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dimitri Glazkov.

        Fix security origin calculation in createPattern. Need to use
        cachedImage->response().url() instead of cachedImage->url().
        https://bugs.webkit.org/show_bug.cgi?id=44399.

        Test: http/tests/security/canvas-remote-read-remote-image-redirect.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createPattern):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r67390.

    2010-09-13  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        REGRESSION (r64816-r64889): Crash in WebCore::AccessibilityRenderObject
        https://bugs.webkit.org/show_bug.cgi?id=43807

        Ensure that visiblePositionForPoint can handle non RenderBoxModelObject types.

        Test: platform/mac/accessibility/visible-position-crash-for-text-node.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::visiblePositionForPoint):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r68108.

    2010-09-22  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        AX: aria-hidden change doesn't update the ax tree
        https://bugs.webkit.org/show_bug.cgi?id=45836

        Test: accessibility/aria-hidden-update.html

        * dom/Element.cpp:
        (WebCore::Element::updateAfterAttributeChanged):

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r67209.

    2010-09-10  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by David Kilzer.

        Mail crashes with searching for next misspelled word with VoiceOver
        https://bugs.webkit.org/show_bug.cgi?id=45501

        Test: platform/mac/accessibility/crash-in-element-for-text-marker.html

        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
            Check that the AX object is not nil before asking for the wrapper().

2010-09-28  Mark Rowe  <mrowe@apple.com>

        Merge r63466.

    2010-07-15  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Darin Adler.

        AX: Crash when table has empty thead tag
        https://bugs.webkit.org/show_bug.cgi?id=42391

        Test: accessibility/table-with-empty-thead-causes-crash.html

        * accessibility/AccessibilityTableColumn.cpp:
        (WebCore::AccessibilityTableColumn::headerObjectForSection):

2010-08-09  Mark Rowe  <mrowe@apple.com>

        Merge r63772.

    2010-07-20  Leo Yang  <leo.yang@torchmobile.com.cn>

        Reviewed by David Hyatt.

        Don't merge Anonymous block whose first child is inline run-in.
        Make run-in recalculate its style after its renderer is destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=41375.

        Test: fast/runin/crash-when-reparent-sibling.html

        * rendering/RenderBlock.cpp:
        (WebCore::canMergeContiguousAnonymousBlocks):
        * rendering/RenderObjectChildList.cpp:
        (WebCore::RenderObjectChildList::destroyLeftoverChildren):

2010-08-09  Mark Rowe  <mrowe@apple.com>

        Merge r64110.

    2010-07-27  Kent Tamura  <tkent@chromium.org>

        Reviewed by Ojan Vafai.

        Add a runtime setting for interactive form validation.
        https://bugs.webkit.org/show_bug.cgi?id=40520

        The interactive validation feature was disabled for non-strict
        modes by r61059 to avoid a compatibility issue. This removes the
        mode checking and introduce a runtime setting to enable/disable
        the feature instead.
        The default value is 'disable' and we'll remove the setting when
        the compatibility issue is resolved and interactive validation
        implementation is completed.

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::validateInteractively):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:
        (WebCore::Settings::setInteractiveFormValidationEnabled):
        (WebCore::Settings::interactiveFormValidationEnabled):

2010-08-09  Mark Rowe  <mrowe@apple.com>

        Merge r64095.

    2010-07-26  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Google image search results broken on pages with Flash
        https://bugs.webkit.org/show_bug.cgi?id=43014

        The test for overflow added in r63452 is wrong in that it ignores the effects
        of positioning on overflow.
        
        The correct approach is to start by using RenderView's layoutOverflowRect as the largest bounds,
        then getting the oveflow rect via backgroundClipRect() relative to the root layer.
        
        Test: compositing/geometry/limit-layer-bounds-overflow-root.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::layerOrAncestorIsTransformed):
        (WebCore::RenderLayerBacking::updateCompositedBounds):

2010-07-22  Mark Rowe  <mrowe@apple.com>

        Merge r63927.

    2010-07-22  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Fix for <rdar://problem/8222626>
        Send textDidChangeInTextField delegate callback only in response to typing or other forms of user text input.

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        Update project files.
        
        * dom/UserTypingGestureIndicator.cpp: Copied from dom/UserGestureIndicator.cpp.
        (WebCore::UserTypingGestureIndicator::processingUserTypingGesture):
        (WebCore::focusedNode):
        (WebCore::UserTypingGestureIndicator::focusedElementAtGestureStart):
        (WebCore::UserTypingGestureIndicator::UserTypingGestureIndicator):
        (WebCore::UserTypingGestureIndicator::~UserTypingGestureIndicator):
        * dom/UserTypingGestureIndicator.h: Copied from dom/UserGestureIndicator.h.
        Version of UserGestureIndicator that just tracks keyboard gestures and the focused
        node they were targeting.
        
        * editing/Editor.cpp:
        (WebCore::Editor::confirmComposition):
        (WebCore::Editor::setComposition):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::keyEvent):
        Put UserTypingGestureIndicator on the stack for user generated keyboard events.

2010-07-22  Mark Rowe  <mrowe@apple.com>

        Merge r63924.

    2010-07-22  Andy Estes  <aestes@apple.com>

        Reviewed by Maciej Stachowiak.

        When there are no beforeload listeners on a document,
        HTMLLinkElement::process() should be called immediately when the node is
        inserted into the document, rather than waiting until after attach is
        performed.
        <https://bugs.webkit.org/show_bug.cgi?id=42859>
        <rdar://problem/8194528>

        No new tests.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::insertedIntoDocument): If there are no
        beforeload listeners, call process() immediately.  Otherwise, add it as
        a post-attach callback.

2010-07-15  Mark Rowe  <mrowe@apple.com>

        Merge r63452.

    2010-07-15  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Avoid creating huge compositing layers for elements that project outside the viewport
        https://bugs.webkit.org/show_bug.cgi?id=42338

        The logic that computed the bounds of compositing layers naively used the
        union of the bounds of descendant, non-composited RenderLayers, without regard
        to what is actually visible. This could result in huge layers for page with
        elements are large negative offsets, or with large negative text-indent (both
        common).
        
        For elements without transforms on them or in their ancestor chain, and when
        no 3d transforms or hardware-accelerated animations are used, can clip compositing
        layers to the size of the document, or based on CSS overflow and clip.

        Tests: compositing/geometry/limit-layer-bounds-clipping-ancestor.html
               compositing/geometry/limit-layer-bounds-fixed-positioned.html
               compositing/geometry/limit-layer-bounds-overflow-repaint.html
               compositing/geometry/limit-layer-bounds-positioned-transition.html
               compositing/geometry/limit-layer-bounds-positioned.html
               compositing/geometry/limit-layer-bounds-transformed-overflow.html
               compositing/geometry/limit-layer-bounds-transformed.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::enclosingOverflowClipAncestor):  Walk up the RenderLayer tree
        looking for an ancestor that has overflow, or to the root. Along the way, check for
        transformed elements.
        (WebCore::RenderLayerBacking::updateCompositedBounds):  If we're in "consult
        overlap" mode, and we don't have transforms, then constrain the bounds
        of composited layers by the RenderView's layoutOverflowRect(), or by the
        enclosing layer with overflow.
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): If the offset from the renderer changes,
        we need to repaint the layer.

2010-07-15  Mark Rowe  <mrowe@apple.com>

        Merge r63283.

    2010-07-13  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Page flashes to mostly white towards the end of loading
        https://bugs.webkit.org/show_bug.cgi?id=42230
        
        We constrain the size of huge composited layers. When doing so, we
        need to use the constained size to set the position as well
        as the dimensions, to ensure the layer appears in the correct place.

        Test: compositing/tiling/constrained-layer-size.html

        * platform/graphics/mac/GraphicsLayerCA.mm:
        (WebCore::GraphicsLayerCA::updateLayerPosition):

2010-07-12  Mark Rowe  <mrowe@apple.com>

        Merge r63149.

    2010-07-12  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Don't go into compositing mode for 0x0 plugins
        https://bugs.webkit.org/show_bug.cgi?id=34009
        
        Don't use compositing for small (0-height or width, or 1x1) plugins, or iframes whose
        height or width is zero.
        
        Previously we made all compositing decisions inside styleChanged(). However,
        now that plugin and iframe compositing behavior depends on renderer size, we have
        to wait until layout before deciding whether to composite these. This behavior
        change is controlled by the m_compositingDependsOnGeometry flag. When set,
        updateCompositingLayers() always does a hierarchy update.

        Tests: compositing/iframes/iframe-size-from-zero.html
               compositing/iframes/iframe-size-to-zero.html
               compositing/plugins/1x1-composited-plugin.html
               compositing/plugins/large-to-small-composited-plugin.html
               compositing/plugins/small-to-large-composited-plugin.html

        * page/FrameView.cpp:
        (WebCore::FrameView::updateCompositingLayers): No longer bail if usesCompositing() is false; we
        have to always enter updateCompositingLayers().
        (WebCore::FrameView::repaintFixedElementsAfterScrolling): Ditto
        (WebCore::FrameView::enterCompositingMode): Remove bogus return of a void.

        * rendering/RenderLayerCompositor.h: Add m_compositingDependsOnGeometry.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor): Initialize m_compositingDependsOnGeometry to false.
        (WebCore::RenderLayerCompositor::updateCompositingLayers): If m_compositingDependsOnGeometry is true,
        we always need to run through the layer hierarchy looking for things which need to be composited, even if
        we're not (yet) in compositing mode.
        
        (WebCore::RenderLayerCompositor::computeCompositingRequirements): Because we can enter compositing mode
        on the fly inside updateCompositingLayers() now, the state of willBeComposited needs to be updated
        when processing the root layer, for the case where the compositing mode changes.
        
        (WebCore::RenderLayerCompositor::requiresCompositingForPlugin): Set the m_compositingDependsOnGeometry
        flag if we see a potentially-composited plugin. Once we have layout information, only composite the plugin
        if height * width > 1.
        
        (WebCore::RenderLayerCompositor::requiresCompositingForIFrame): Set the m_compositingDependsOnGeometry
        flag if we see a potentially-composited iframe. Once we have layout information, only composite the plugin
        if height or width is greater than zero.

2010-07-12  Mark Rowe  <mrowe@apple.com>

        Merge r63112.

    2010-07-12  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Need to do a layout when RenderLayers come and go because of compositing
        https://bugs.webkit.org/show_bug.cgi?id=42108
        
        If we create or destroy RenderLayers for reasons other than style changes
        (e.g. because of composited iframes or plugins), then we need to ensure
        that we do a layout.

        Test: compositing/iframes/layout-on-compositing-change.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::adjustStyleDifference):

2010-07-12  Mark Rowe  <mrowe@apple.com>

        Merge r62302.

    2010-07-01  Andy Estes  <aestes@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8113003> Correctly fire beforeload events for images
        added to the DOM using .innerHTML.
        https://bugs.webkit.org/show_bug.cgi?id=40919

        Test: fast/dom/beforeload/image-before-load-innerHTML.html

        * html/LegacyHTMLDocumentParser.cpp:
        (WebCore::LegacyHTMLDocumentParser::write): Do not fire synchronous
        image beforeload events immediately after parsing a document fragment.
        Let the events fire later, giving the fragment time to potentially be
        inserted into the document.

2010-07-12  Mark Rowe  <mrowe@apple.com>

        Merge r62271.

    2010-07-01  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dan Bernstein.

        Prevent crash on counter destruction
        https://bugs.webkit.org/show_bug.cgi?id=40032

        Added counter destruction to RenderWidget::destroy()

        Test: fast/css/counters/destroy-counter-crash.html

        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::destroy):

2010-07-12  Mark Rowe  <mrowe@apple.com>

        Merge r62304.

    2010-07-01  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=41488
        <rdar://problem/7487420> Crash in SubresourceLoader::create when load is initiated from plug-in destructor

        Test: plugins/js-from-destroy.html

        * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::create): Null check active
        document loader.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r62687.

    2010-07-07  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        REGRESSION: GMail becomes blank after closing other tabs
        https://bugs.webkit.org/show_bug.cgi?id=40421

        RenderLayerCompositor's attach/detachRootPlatformLayer methods use
        setNeedsStyleRecalc() in order to trigger acclerated compositing layers
        to be hooked together across iframe boundaries. However, it was possible
        for these to get called while inside of Document::recalcStyle(), which
        is bad because it can cause the recalc to fail to get processed.
        
        Fix this by using the existing queuePostAttachCallback() functionality
        to delay the call to setNeedsStyleRecalc() if post-attach callbacks 
        are suspended (indicating that we're inside recalcStyle()).
        
        No new tests because I wasn't able to make a test that shows the problem.

        * dom/ContainerNode.h: Make queuePostAttachCallback() public.
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::postAttachCallbacksAreSuspended): Added; returns
        whether s_attachDepth is non-zero.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::attachRootPlatformLayer): Call scheduleNeedsStyleRecalc()
        instead of setNeedsStyleRecalc().
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Ditto.
        (WebCore::needsStyleRecalcCallback): Here we call setNeedsStyleRecalc().
        (WebCore::RenderLayerCompositor::scheduleNeedsStyleRecalc):
        (WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange):
        * rendering/RenderLayerCompositor.h: Add scheduleNeedsStyleRecalc().

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r62894.

    2010-07-08  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Darin Adler.

        compositing/iframes/iframe-resize.html displays incorrectly after the resize
        https://bugs.webkit.org/show_bug.cgi?id=41794
        
        The clip and scroll layers of a composited iframe's RenderLayerCompositor are updated from
        from updateGraphicsLayerGeometry(), but this is too early to get the correct layoutWidth and
        layoutHeight from the FrameView which happen later in layout. So when a widget size changes,
        call updateAfterWidgetResize() directly on the RenderLayerBacking (if any).

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateAfterWidgetResize): New method that updates the clip
        and scroll layers of the iframe's content RenderLayerCompositor.
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Call updateAfterWidgetResize()
        * rendering/RenderLayerBacking.h: Add updateAfterWidgetResize().
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::setWidgetGeometry): Call updateAfterWidgetResize().

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r62875.

    2010-07-08  Adele Peterson  <adele@apple.com>

        Reviewed by Jon Honeycutt, Adam Roben, and Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=41721
        <rdar://problem/8158561> Missing plug-in indicator should have a pressed state

        Test: plugins/clicking-missing-plugin-fires-delegate.html

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::HTMLPlugInElement): Initialize m_isCapturingMouseEvents.
        (WebCore::HTMLPlugInElement::detach): If we're still capturing when getting detached, clear the capturing node on the EventHandler.
        (WebCore::HTMLPlugInElement::defaultEventHandler): Call handleMissingPluginIndicatorEvent when the missing plugin indicator is showing.
        * html/HTMLPlugInElement.h:
        (WebCore::HTMLPlugInElement::isCapturingMouseEvents):
        (WebCore::HTMLPlugInElement::setIsCapturingMouseEvents):
        * page/ChromeClient.h:
        (WebCore::ChromeClient::shouldMissingPluginMessageBeButton): Added default implementation.
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::replacementTextRoundedRectPressedColor):
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
        (WebCore::RenderEmbeddedObject::setMissingPluginIndicatorIsPressed): Added.  Causes a repaint when the state changes.
        (WebCore::RenderEmbeddedObject::paintReplaced): Call getReplacementTextGeometry.
        (WebCore::RenderEmbeddedObject::getReplacementTextGeometry): Factored this out so it can be used in paintReplaced and in isInMissingPluginIndicator.
        (WebCore::RenderEmbeddedObject::isInMissingPluginIndicator): Hit test to see if the mouse event is in the missing plugin indicator.
        (WebCore::RenderEmbeddedObject::handleMissingPluginIndicatorEvent): Capture mouse events as needed and track the pressed appearance.
        * rendering/RenderEmbeddedObject.h:

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r62451.

    2010-07-03  Jon Honeycutt  <jhoneycutt@apple.com>

        The missing plug-in indicator should be clickable

        https://bugs.webkit.org/show_bug.cgi?id=41550
        <rdar://problem/8132162>

        From an original patch by Kevin Decker.

        Reviewed by Darin Adler.

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::defaultEventHandler):
        If the renderer is a RenderEmbeddedWidget showing the missing plug-in
        indicator, and the event is a click even, call the ChromeClient's
        missingPluginButtonClicked() function.

        * page/ChromeClient.h:
        (WebCore::ChromeClient::missingPluginButtonClicked):
        Declare missingPluginButtonClicked(), and stub the default
        implementation.

        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
        Initialize m_showsMissingPluginIndicator.
        (WebCore::RenderEmbeddedObject::setShowsMissingPluginIndicator):
        Assert that we're not currently showing any replacement text. Set
        m_showsMissingPluginIndicator after setting the replacement text.
        (WebCore::RenderEmbeddedObject::setShowsCrashedPluginIndicator):
        Add the same assert as above.

        * rendering/RenderEmbeddedObject.h:
        (WebCore::RenderEmbeddedObject::showsMissingPluginIndicator):
        Getter for m_showsMissingPluginIndicator.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r62284.

    2010-07-01  Timothy Hatcher  <timothy@apple.com>

        Provide a WebView preference to disable DNS prefetching.

        https://bugs.webkit.org/show_bug.cgi?id=28825
        rdar://problem/7181249

        Reviewed by Darin Adler.

        * WebCore.base.exp: Added Settings::setDNSPrefetchingEnabled.
        * dom/Document.cpp:
        (WebCore::Document::initDNSPrefetch): Check settings->dnsPrefetchingEnabled().
        * page/Settings.cpp:
        (WebCore::Settings::Settings): Set m_dnsPrefetchingEnabled to true.
        (WebCore::Settings::setDNSPrefetchingEnabled): Added. Set m_dnsPrefetchingEnabled.
        * page/Settings.h:
        (WebCore::Settings::dnsPrefetchingEnabled): Added. Return m_dnsPrefetchingEnabled.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r59338.

    2010-05-12  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by David Hyatt.

        Composited plug-ins can cause missed painting
        https://bugs.webkit.org/show_bug.cgi?id=39033
        <rdar://problem/7972478>

        Fixed missed painting (and assertions in debug builds) related to compositing
        propagating out of iframes that contain plug-ins.
        
        When an iframe enters or leaves compositing mode, RenderLayerCompositor uses
        setNeedsStyleRecalc(SyntheticStyleChange) to trigger the parent document to re-evaluate
        whether the iframe itself should be composited. However, for iframes containing plug-ins,
        this can happen at inappropriate times. For example, when a browser tab is brought frontmost,
        plug-ins are instantiated for the first time (via -viewDidMoveToWindow), which triggers a 
        setNeedsStyleRecalc() on the object element. Soon after, the -viewWillDraw machinery
        does layout from the top down. During layout of the iframe, the iframe enters compositing mode,
        and does a setNeedsStyleRecalc() on the iframe element in its parent document. This leaves the
        FrameView as needsLayout(), so the FrameView::paintContents() asserts and bails.
        
        The fix is to avoid doing a setNeedsStyleRecalc() on the root while inside a recalcStyle on
        the iframe. We do this by switching the iframe into compositing mode eagerly as soon as we know
        the plug-in needs it.
        
        A secondary fix is to ensure that if a document has composited iframes, when that document becomes
        composited, we connect compositing layers between the iframes and the parent document.

        Tests: compositing/iframes/connect-compositing-iframe-delayed.html
               compositing/iframes/iframe-src-change.html

        * WebCore.base.exp: Export FrameView::enterCompositingMode()

        * page/FrameView.h: New method, enterCompositingMode(), that we can call from WebKit plug-in code.
        * page/FrameView.cpp:
        (WebCore::FrameView::enterCompositingMode):

        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::enableCompositingMode): When we switch into compositing mode, we
            force a style recaclc on any iframes to get them into compositing layers, so they can hook up
            with their content layers if necessary.
        (WebCore::RenderLayerCompositor::didMoveOnscreen): Only call attachRootPlatformLayer() if we really need to.
        (WebCore::RenderLayerCompositor::willMoveOffscreen): Only call detachRootPlatformLayer() if we really need to.
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Whitespace.
        (WebCore::RenderLayerCompositor::notifyIFramesOfCompositingChange): Fetch iframe elements, and send a 
            synthetic style recalc on them.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r61645.

    2010-06-22  Adele Peterson  <adele@apple.com>

        Reviewed by Darin Adler.

        Fix for Crash when the renderer for the button in <input type="number"> goes away during event handling
        https://bugs.webkit.org/show_bug.cgi?id=41013

        Test: fast/forms/input-number-crash.html

        * rendering/TextControlInnerElements.cpp: (WebCore::SpinButtonElement::defaultEventHandler):
        Nil check the RenderBox since its possible the renderer has gone away during event handling.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r61801.

    2010-06-24  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Brady Eidson.

        https://bugs.webkit.org/show_bug.cgi?id=41178
        Timed refresh in subframes isn't stopped when going into b/f cache

        Test: fast/history/timed-refresh-in-cached-frame.html

        * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): Top frame's stopLoading()
        won't help cached subframes; stop loading from here.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::stopLoading): Don't stop loading in child frames. This didn't work
        for cached frames due to frame tree having been already desonstructed, and it's not necessary
        in non-cached case because stopLoading() will be called for subframes via
        FrameLoader::detachFromParent() and closeURL().
        (WebCore::FrameLoader::pageHidden): This was a second code path that dispatched pagehide
        event - it's no longer needed, because everything goes through FrameLoader::stopLoading().
        (WebCore::FrameLoader::commitProvisionalLoad): Don't call pageHidden(), the code for adding
        frame to b/f cache will do everything.

        * loader/FrameLoader.h: Removed pageHidden().

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r61707.

    2010-06-23  Andy Estes  <aestes@apple.com>

        Reviewed by Alexey Proskuryakov.
        
        <rdar://problem/8107855> Prevent a crash in WebCore when removing an
        object element with an invalid data URL in in a listener to its
        beforeload event.
        https://bugs.webkit.org/show_bug.cgi?id=41054

        Tests: fast/dom/beforeload/remove-bad-object-in-beforeload-listener.html

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::renderFallbackContent): Exit early if the
        object element is not in the document.
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::updateWidget): If RenderWidget::destroy()
        was called during processing of onbeforeload, do not proceed with loading
        the object.

2010-07-09  Mark Rowe  <mrowe@apple.com>

        Merge r61424.

    2010-06-17  Andy Estes  <aestes@apple.com>

        Reviewed by Dan Bernstein.

        <rdar://problem/8091385> Prevent a crash in WebCore when removing a stylesheet link element in
        in a listener to its beforeload event.
        https://bugs.webkit.org/show_bug.cgi?id=40742
        
        Postpone loading of link elements until after they have been inserted into the DOM and
        attached. This prevents DOM mutations triggered by beforeload handlers from firing in the
        midst of DOM insertion, which can lead to assertion failures and crashes.

        Test: fast/dom/beforeload/remove-link-in-beforeload-listener.html

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::HTMLLinkElement): Initialize m_shouldProcessAfterAttach to false.
        (WebCore::HTMLLinkElement::processCallback): Add a static callback function which calls
        HTMLLinkElement::process().
        (WebCore::HTMLLinkElement::insertedIntoDocument): Instead of calling process() directly, set
        m_shouldProcessAfterAttach to true to indicate that process() should be called after attach().
        (WebCore::HTMLLinkElement::removedFromDocument): Set m_shouldProcessAfterAttach to false.
        (WebCore::HTMLLinkElement::attach): If m_shouldProcessAfterAttach is true, register
        HTMLLinkElement::processCallback() as a post-attach callback.
        * html/HTMLLinkElement.h: Add m_shouldProcessAfterAttach.
        (WebCore::HTMLLinkElement::canLazyAttach): Override canLazyAttach() to return false to
        indicate that a full attach should be performed.  This ensures the post-attach callbacks are
        fired.

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62625.

    2010-07-06  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Simon Fraser.

        Expose URL matching from WebUserContentURLPattern
        https://bugs.webkit.org/show_bug.cgi?id=41726
        <rdar://problem/7910144>

        * WebCore.exp.in: Export UserContentURLPattern::matches for use in WebKit.

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62477.

    2010-07-04  Alice Liu  <alice.liu@apple.com>

        Reviewed by Dan Bernstein.

        Crash reading past end of block in UniscribeController::shapeAndPlaceItem
        https://bugs.webkit.org/show_bug.cgi?id=41554

        Test: platform/win/fast/text/uniscribe-item-boundary-crash.html

        * platform/graphics/win/UniscribeController.cpp:
        (WebCore::UniscribeController::shapeAndPlaceItem):
        Don't look one past the end of str. Instead look to the next item, if applicable.

2010-07-07  Hayato Ito  <hayato@chromium.org>

        Reviewed by Darin Adler.

        Rolling out 'page-break-inside:avoid' part of the r54929.
        Rebased the related layout tests, which are now expected to fail, as well.

        https://bugs.webkit.org/show_bug.cgi?id=41532

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintChildren):

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62482.

    2010-07-05  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Darin Adler.

        Memory corruption with SVG <use> element
        https://bugs.webkit.org/show_bug.cgi?id=40994

        Fix race condition in svgAttributeChanged. Never call svgAttributeChanged() from attributeChanged()
        when we're synchronizing SVG attributes. It leads to either unnecessary extra work being done or
        crashes. Especially together with <polyline>/<polygon> which always synchronize the SVGAnimatedPoints
        datastructure with the points attribute, no matter if there are changes are not. This should be
        furhter optimized, but this fix is sane and fixes the root of the evil races.

        Test: svg/custom/use-property-synchronization-crash.svg

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::attributeChanged):

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62662.

    2010-07-06  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        <use> on <font-face> causes crashes, if SVGUseElement gets detached
        https://bugs.webkit.org/show_bug.cgi?id=41621

        Do not call removeFromMappedElementSheet() from the SVGFontFaceElement destructor,
        as that can potentially cause the element to be reattached while destructing.

        In order to fix the crash in the testcase, the order of calling the base-class detach
        method in SVGUseElement and the instance/shadow tree destruction has to be reversed,
        matching the order in removedFromDocument().

        Test: svg/custom/use-font-face-crash.svg

        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::~SVGFontFaceElement): Remove removeFromMappedElementSheet() call.
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::detach): Reverse order of calling base-class detach method and instance/shadow tree destruction.

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r59903.

    2010-05-20  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        WebSocket handshake incompatible change in draft-hixie-thewebsocketprotocol-76
        https://bugs.webkit.org/show_bug.cgi?id=35572

        WebSocket opening handshake is changed.  New protocol draft could be found at http://www.whatwg.org/specs/web-socket-protocol/
        It requires https://bugs.webkit.org/show_bug.cgi?id=38034 to pass websocket tests.

        * websockets/WebSocketHandshake.cpp:
        (WebCore::extractResponseCode):
        add lineLength parameter to return length of status line.
        (WebCore::hostName): Added.
        (WebCore::generateSecWebSocketKey): Added.
        (WebCore::generateKey3): Added.
        (WebCore::setChallengeNumber): Added.
        (WebCore::generateChallengeResponseExpected): Added.
        (WebCore::WebSocketHandshake::WebSocketHandshake):
         generate challenge response key and expected data.
        (WebCore::WebSocketHandshake::clientLocation):
         use hostName.
        (WebCore::WebSocketHandshake::clientHandshakeMessage):
         changed for draft 76 spec.
        (WebCore::WebSocketHandshake::clientHandshakeRequest):
        (WebCore::WebSocketHandshake::readServerHandshake):
         changed for draft 76 spec.
         m_mode is managed in this method.
        (WebCore::WebSocketHandshake::readHTTPHeaders):
         change error log messages.
        (WebCore::WebSocketHandshake::processHeaders):
         chagned for draft 76 spec.
        (WebCore::WebSocketHandshake::checkResponseHeaders):
         return boolean whether response header is ok or not and not change m_mode in it.
        * websockets/WebSocketHandshake.h:

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62664.

    2010-07-07  Andy Estes  <aestes@apple.com>

        Reviewed by Adam Barth.

        Allow a beforeload listener to prevent loading of images in <object> tags.
        https://bugs.webkit.org/show_bug.cgi?id=41027
        <rdar://problem/8120596>

        Tests: fast/dom/beforeload/image-object-before-load-innerHTML.html
               fast/dom/beforeload/image-object-before-load.html

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::attach): Do not call
        RenderImage::setCachedImage() at the end of attach(). Instead, allow
        this to happen conditionally after beforeload is dispatched.
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): Render fallback
        content if an object's load was cancelled.

2010-07-07  Mark Rowe  <mrowe@apple.com>

        Merge r62391.

    2010-06-24  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Alexey Proskuryakov.

        REGRESSION: Enter does not trigger submit of forms when focus is on select.
        https://bugs.webkit.org/show_bug.cgi?id=39532

        Restore behavior where hitting "Enter" on a select element attempts to submit
        form implicitly.

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::menuListDefaultEventHandler): Added htmlForm argument,
            and attempting to submit implicitly.
        (WebCore::SelectElement::listBoxDefaultEventHandler): Ditto.
        (WebCore::SelectElement::defaultEventHandler): Plumbed through htmlForm argument.
        * dom/SelectElement.h: Added htmlForm argument to method declaration.
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::defaultEventHandler): Changed to provide submitting form
            as the argument.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61667.

    2010-06-23  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Eric Seidel.

        Reproducible crash in com.apple.WebCore 0x01ed3784 WebCore::RenderLineBoxList::appendLineBox(WebCore::InlineFlowBox*) + 36
        https://bugs.webkit.org/show_bug.cgi?id=40953

        REGRESSION (r58209-58231): Memory corruption with invalid SVG
        https://bugs.webkit.org/show_bug.cgi?id=40173

        Fix several crashes, all related to <foreignObject> and/or invalid SVG documents.
        - Only allow <svg> nodes, as direct children of a <foreignObject>, not any other "partial" SVG content.
        - Assure to create RenderSVGRoot objects for <svg> nodes in <foreignObject>, treat them as "outermost SVG elements".
        - Never allow any partial SVG content to appear in any document. Only <svg> elements are allowed.

        Tests: svg/custom/bug45331.svg
               svg/foreignObject/disallowed-svg-nodes-as-direct-children.svg
               svg/foreignObject/no-crash-with-svg-content-in-html-document.svg
               svg/foreignObject/svg-document-as-direct-child.svg
               svg/foreignObject/svg-document-in-html-document.svg
               svg/foreignObject/text-tref-02-b.svg

        * dom/Element.cpp: Added childShouldCreateRenderer, with ENABLE(SVG) guards.
        (WebCore::Element::childShouldCreateRenderer): Only create a renderer for a SVG child, if we're a SVG element, or if the child is a <svg> element.
        * dom/Element.h: Added childShouldCreateRenderer, with ENABLE(SVG) guards.
        * svg/SVGForeignObjectElement.cpp:
        (WebCore::SVGForeignObjectElement::childShouldCreateRenderer): Disallow arbitary SVG content, only <svg> elements are allowed as direct children of a <foreignObject>
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::isOutermostSVG): Be sure to create RenderSVGRoot objects for <svg> elements inside <foreignObject>

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61044.

    2010-06-11  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Hyatt.

        Don't process floats if parent node is not a RenderBlock.
        https://bugs.webkit.org/show_bug.cgi?id=40033

        Test: svg/text/clear-floats-crash.svg

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::clearFloats):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61050.

    2010-06-10  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Dave Hyatt.

        Do not render CSS Styles :first-letter and :first-line in a SVG text element context. 
        https://bugs.webkit.org/show_bug.cgi?id=40031

        Test: svg/text/text-style-invalid.svg

        * rendering/RenderSVGText.cpp:
        (WebCore::RenderSVGText::firstLineBlock):
        (WebCore::RenderSVGText::updateFirstLetter):
        * rendering/RenderSVGText.h:

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r62279.

    2010-07-01  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8148656> <https://bugs.webkit.org/show_bug.cgi?id=41431>
        REGRESSION (r49411): Various crashes due to JavaScript execution during plug-in destruction

        Test: plugins/write-xssauditor-from-destroy.html

        Fix specific known cases that also crash in same process case. I don't know if there is
        any rule for when documentLoader should be checked for being null, it looks like a mess.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::referrer):
        * page/XSSAuditor.cpp:
        (WebCore::XSSAuditor::findInRequest):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61654.

    2010-06-22  David Levin  <levin@chromium.org>

        Reviewed by Alexey Proskuryakov.

        REGRESSION: (r47291): Upload progress events are not fired for simple cross-site XHR.
        https://bugs.webkit.org/show_bug.cgi?id=39029

        Specifically, WebKit should fire upload events if one or more event listeners are
        registered on the XMLHttpRequestUpload object when send is called in an async manner.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Allow upload events to be fired when there are
        handlers for them in the cross-origin simple request case.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60882.

    2010-06-08  Mark Rowe  <mrowe@apple.com>

        Reviewed by Adele Peterson.

        <rdar://problem/8072136> REGRESSION (r56051): Inspect Element context menu does nothing in applications linked against 10.4 SDK

        Revert the change to ContextMenu::addInspectElementItem from r56051. It was made without
        explanation and broke a reliance that WebKit has on the presence of a separator before the
        Inspect Element menu item. This also restores the context menu item to the correct location
        at the bottom of the context menu in applications built against the Mac OS X 10.4 SDK.

        * platform/ContextMenu.cpp:
        (WebCore::ContextMenu::addInspectElementItem):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r62135.

    2010-06-29  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Speculative fix for <rdar://problem/8071558> CrashTracer: [USER] 
        2300+ crashes in Safari at com.apple.WebCore: 
        WebCore::FrameView::scheduleRelayout + 352

        Unfortunately, we don't have a reproducible case for this bug, and 
        therefore, we do not have a layout test either. It is pretty clear 
        from the logs that m_frame->settings() is null in 
        FrameView::scheduleRelayout() in the crashing case. 
        m_frame->settings() is null whenever page is null. Everywhere else 
        in FrameView.cpp we null-check either page or settings before using 
        settings. It seems plausible to me that scheduleRelayout could be 
        called when page is null, so the fix is just to add null-checks. 

        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::scheduleRelayout):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r62134.

    2010-06-29  Dan Bernstein  <mitz@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/7975842> Certain text is repeated after using splitText()

        Tests: fast/text/setData-dirty-lines.html
               fast/text/splitText-dirty-lines.html

        * dom/CharacterData.cpp:
        (WebCore::CharacterData::setData): Call RenderText::setTextWithOffset() rather than
        setText(), because only the former correctly dirties line boxes.
        * dom/Text.cpp:
        (WebCore::Text::splitText): Ditto.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61921.

    2010-06-25  Dan Bernstein  <mitz@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/8000667> Certain text is repeated before and after a line break

        Test: fast/text/bidi-explicit-embedding-past-end.html

        * platform/text/BidiResolver.h:
        (WebCore::::createBidiRunsForLine): Committing explicit embedding past the end of the range
        creates BidiRuns up to the end of the range, so at that point, we can stop iterating.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r59396.

    2010-05-13  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dave Hyatt.

        Fix scrolling in composited iframes
        https://bugs.webkit.org/show_bug.cgi?id=39088
        <rdar://problem/7980099>
        
        When propagating compositing out of iframes, we have to update the position of the iframe content
        layers on scrolling.

        Test: compositing/iframes/scrolling-iframe.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged): Call updateContentLayerScrollPosition() when scrolling.

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Renamed setRootPlatformLayerClippingBox() to updateContentLayerOffset().

        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLayerCompositor.cpp: Rename m_clippingLayer to m_clipLayer to go better with m_scrollLayer.
        (WebCore::RenderLayerCompositor::updateContentLayerOffset): Renamed from setRootPlatformLayerClippingBox().
            Set the size of the clipping layer from the FrameView now, so that scrollbars are not clipped out.
            Update the scroll layer position too.
        (WebCore::RenderLayerCompositor::updateContentLayerScrollPosition): Set the position of the scroll layer
            when the ScrollView is scrolled.
        (WebCore::RenderLayerCompositor::rootPlatformLayer): m_clippingLayer rename.
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): m_clippingLayer rename. Also create m_scrollLayer at
            the same time as the clip layer, and clean it up as necessary.
        (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): m_clippingLayer rename, and clean up the m_scrollLayer too.
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer): m_clippingLayer rename

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61435.

    2010-06-18  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=40852
        <rdar://problem/8105498> Limit simultaneous DNS prefetch request number (40852)

        No change in functionality, so no tests.

        We still queue up to 64 names, but only make up to 8 requests at once. If there are names
        remaining in queue, we retry after a short timeout (which is easier than posting
        notifications from client callback).

        * platform/network/cf/DNSCFNet.cpp:
        (WebCore::DNSResolveQueue::add):
        (WebCore::DNSResolveQueue::fired):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61296.

    2010-06-16  Brady Eidson  <beidson@apple.com>

        Reviewed by Eric Carlson

        <rdar://problem/7249553> and https://bugs.webkit.org/show_bug.cgi?id=40749
        ResourceLoader::willCacheResponse() needs to null-check Frame::Settings()

        No new tests. (Discovered via crash reports, no reproducible cases noted)

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willCacheResponse):  Null check m_frame->settings(), 
          but also add an ASSERT so debug-build developers can learn more about why
          this might be happening.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60640.

    2010-06-03  James Robinson  <jamesr@chromium.org>

        Reviewed by Dan Bernstein.

        Take container's scroll offset and clip into account when initializing LayoutState
        https://bugs.webkit.org/show_bug.cgi?id=38506

        When doing a subtree layout, the initial LayoutState creation needs to
        take the layout root container's offset and its scroll offset into account
        to create the initial offset.  Otherwise if a subtree layout occurs
        for a layout root whose container has a non-zero scroll offset
        the LayoutState's offset and clip are wrong, resulting in a mispaint.
        See the test cases for examples.

        Tests: fast/repaint/layout-state-scrolloffset.html
               fast/repaint/layout-state-scrolloffset2.html
               fast/repaint/layout-state-scrolloffset3.html

        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::LayoutState):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61070.

    2010-06-12  Dan Bernstein  <mitz@apple.com>

        Reviewed by Oliver Hunt.

        <rdar://problem/8025267> REGRESSION (Safari 4-TOT): Crash when a frame’s resize handler removes the frame
        https://bugs.webkit.org/show_bug.cgi?id=40534

        Test: fast/replaced/frame-removed-during-resize.html

        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::updateWidgetPosition): Null-check m_widget, since resizing the widget
        may trigger an iframe’s resize handler, which may destroy the widget.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61200.

    2010-06-15  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        YouTube thumbnail borders vanish during transition
        https://bugs.webkit.org/show_bug.cgi?id=40551
        
        Turn off the direct image optimization if the image has a clip style, so that is is
        correctly rendered with the clip.

        Test: compositing/images/clip-on-directly-composited-image.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60908.

    2010-06-09  Mark Rowe  <mrowe@apple.com>

        Reviewed by Adele Peterson.

        <rdar://problem/8070662> REGRESSION (r51629): WebBackForwardList created via -init crashes when -addItem: is called.

        A WebBackForwardList created via -init results in a BackForwardList being created with a null m_page.
        BackForwardList needs to be careful not to dereference m_page without first ensuring it's not null.

        * history/BackForwardList.cpp:
        (WebCore::BackForwardList::addItem): Null-check m_page.
        (WebCore::BackForwardList::goBack): Ditto.
        (WebCore::BackForwardList::goForward): Ditto.
        (WebCore::BackForwardList::goToItem): Ditto.
        (WebCore::BackForwardList::setCapacity): Ditto.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61060.

    2010-06-12  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        REGRESSION: Can't submit a form with <input type=radio required>
        https://bugs.webkit.org/show_bug.cgi?id=40429

        Validity state was not updated correctly for radio buttons, and it
        prevents form submission even if a radio button group has a
        checked radio button.

        Test: fast/forms/interactive-validation-required-radio.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateCheckedRadioButtons):
         Call setNeedsValidityCheck() for all of radio buttons in the same group
         to update validity state.
        (WebCore::HTMLInputElement::setChecked):
         Remove setNeedsValidityCheck() call because it is called in
         updateCheckedRadioButtons().

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60984.

    2010-06-10  Tony Chang  <tony@chromium.org>

        Reviewed by Kent Tamura.

        crash when focus is changed while trying to focus next element
        https://bugs.webkit.org/show_bug.cgi?id=40407

        Test: fast/events/focus-change-crash.html

        * dom/Element.cpp:
        (WebCore::Element::focus):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60459.

    2010-05-31  Tony Chang  <tony@chromium.org>

        Reviewed by Dan Bernstein.

        REGRESSION (r58665): Infinite recursion in Position::getInlineBoxAndOffset()
        https://bugs.webkit.org/show_bug.cgi?id=39946
        
        r58665 added an infinite recursion check, but didn't take into consideration recursion between two
        Positions.  This adds a check for when
        downstreamIgnoringEditingBoundaries(p1) == p2 and upstreamIgnoringEditingBoundaries(p2) == p1

        Test: editing/selection/mixed-editability-12.html

        * dom/Position.cpp:
        (WebCore::Position::getInlineBoxAndOffset):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61068.

    2010-06-12  Dean Jackson  <dino@apple.com>

        Reviewed by Darin Adler.

        Animation keyframe timing functions are applying incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=38963
        
        When copying RenderStyles, we have to clone the AnimationList so that each keyframe
        can have its own timing function.

        Tests: animations/keyframe-timing-functions-transform.html
               animations/keyframe-timing-functions2.html

        * platform/animation/Animation.h:
        (WebCore::Animation::create):
        * platform/animation/AnimationList.cpp:
        (WebCore::AnimationList::AnimationList):
        * platform/animation/AnimationList.h:
        (WebCore::AnimationList::AnimationList):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r60727.

    2010-06-04  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by David Kilzer.

        AX: need an aria-help
        https://bugs.webkit.org/show_bug.cgi?id=40010

        Test: accessibility/aria-help.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::helpText):
        * html/HTMLAttributeNames.in:

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61132.

    2010-06-14  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        AX: AXUnknown objects are being returned
        https://bugs.webkit.org/show_bug.cgi?id=40574

        Test: platform/mac/accessibility/no-unknown-objects-when-title-attribute-present.html

        * accessibility/mac/AccessibilityObjectMac.mm:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61231.

    2010-06-15  Mark Rowe  <mrowe@apple.com>

        Rubber-stamped by David Harrison.

        sqlite3_prepare16_v2 is not documented as always setting "tail" during error cases.
        Explicitly initialize it to null, just to be safe.

        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare):

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61171.

    2010-06-14  Mark Rowe  <mrowe@apple.com>

        Reviewed by Brady Eidson.

        <rdar://problem/8071866> REGRESSION: Crash on launch on Tiger and Leopard with network home folder

        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare): Don't assume that tail is always non-null, since that may
        not be the case with some versions of SQLite. Instead we must null-check before dereferencing.

2010-07-01  Mark Rowe  <mrowe@apple.com>

        Merge r61365.

    2010-06-17  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Kilzer.

        (Landed by Dirk Pranke).

        Check for a null frame before setting drag selection.
        https://bugs.webkit.org/show_bug.cgi?id=38893
        Same Layout test as https://bugs.webkit.org/show_bug.cgi?id=37168.

        Test: editing/pasteboard/drag-drop-iframe-refresh-crash.html  

        Note that you need to run the test manually 20-30 times for the crash
        to reproduce.

        * editing/SelectionController.cpp:
        (WebCore::SelectionController::setSelection):

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r61045.

    2010-06-11  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dr Dan Bernstein.

        REGRESSION: crash when unloading an iFrame with Flash from the DOM
        https://bugs.webkit.org/show_bug.cgi?id=40161
        <rdar://problem/7994710>
        
        Null-check the ownerElement of the RenderView's document when unhooking the compositing
        root of an iframe whose layers are parented via the enclosing document. Fixes a crash when
        dynamically removing such an iframe.

        Test: compositing/iframes/remove-iframe-crash.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer):

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59143.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Fix asserting GTK build.

        r59137 changed the behavior of RenderObject::repaintUsingContainer(). I mistakenly
        thought that non-compositing builds would always pass a 0 repaintContainer, but
        actually the RenderView is passed in this case. So use this to repaint if 
        ACCELERATED_COMPOSITING is turned off.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintUsingContainer):

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59140.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Fix warning on Windows about unreachable code.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame):

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59137.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856
        
        RenderObject::repaintUsingContainer() incorrectly did a view-based
        repaint if the repaint container was the RenderView. Instead, we need
        to check to see if the RenderView's layer is composited, and, if so,
        whether it's painting into the window or not. This can occur when iframes
        are composited.

        The bug is timing-sensitive, involving compositing in iframes, and I was not able to
        concoct a good testcase.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::repaintUsingContainer):

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59136.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856

        Changes to allow compositing layers for iframes to switch between being hosted
        by the iframe's layer-backed NSView, and parented in the GraphicsLayer tree of the
        enclosing document.

        Tests: compositing/iframes/connect-compositing-iframe.html
               compositing/iframes/connect-compositing-iframe2.html
               compositing/iframes/connect-compositing-iframe3.html

        * page/FrameView.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::hasCompositedContent): New convenience method.
        (WebCore::FrameView::setIsOverlapped): If we're composited, poke the owner document in case it
            wants to re-evaluate compositing decisions.
        (WebCore::FrameView::isOverlapped): Just expose the existing flag.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::shouldBeNormalFlowOnly):
        (WebCore::RenderLayer::isSelfPaintingLayer):

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): If this is an iframe, we need
            to ensure that the layers for the iframe content are hooked up.
        (WebCore::RenderLayerBacking::updateDrawsContent): When an iframe toggles between different
            attachments, the 'drawsContent' behavior of its root layer changes, so needs to be updated.

        * rendering/RenderLayerCompositor.h:
        (WebCore::RenderLayerCompositor::updateCompositingLayers): Call destroyRootPlatformLayer()
            instead of detachRootPlatformLayer() and manually zeroing out the OwnPtrs.
        (WebCore::RenderLayerCompositor::updateBacking): If a RenderIFrame changes compositing mode,
            we need to ensure that its content compositor attachment is updated.
        (WebCore::RenderLayerCompositor::repaintOnCompositingChange): The existing code had a bug
            that caused repaints for RenderViews (which have no parent) to bail. We only want to bail
            for non-RenderViews that are not attached.
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): Factored the iframe-connecting
            code into a new method, parentIFrameContentLayers().
        (WebCore::RenderLayerCompositor::parentIFrameContentLayers): New method to share the code that hooks
            up the iframe's compositing layers to the parent.
        (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame): Add logic to propagate
            compositing out of iframes on Mac in two situations: 1) when the FrameView is overlapped, and 2)
            if the parent document is already composited.
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Clean up the logic here to better deal
            with dynamic changes of the attachment type.
        (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): Clean up and null out the clipping layer here.
        (WebCore::RenderLayerCompositor::attachRootPlatformLayer): Call rootLayerAttachmentChanged().
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Ditto. Also unparent the clipping and platform layers.
        (WebCore::RenderLayerCompositor::updateRootLayerAttachment): Call ensureRootPlatformLayer() to re-evaluate
            the layer attachment.
        (WebCore::RenderLayerCompositor::rootLayerAttachmentChanged): We need to update the drawsContent() status
            of the RenderView's layer's backing, because it changes depending on the attachment.

        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::paint): Do overlap testing if the frameView can do fast repaints (as before),
            but also now when the frameView has composited content.

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59134.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856

        Rename the static shouldPropagateCompositingToIFrameParent() to shouldPropagateCompositingToEnclosingIFrame(),
        to pave the way for runtime switches in the propagation behavior. We have to make sure we call it on
        the correct RenderLayerCompositor (that belonging to the iframe's content document).
        
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintingGoesToWindow): Now that we know the root layer attachment, we
        can simplify this method.

        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::enableCompositingMode): No need for the setNeedsStyleRecalc()
        here, because the ensureRootPlatformLayer() or destroyRootPlatformLayer() will have already done it.

        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): Use the root layer attachment to determine
        whether to parent the iframe's layers.
        
        (WebCore::RenderLayerCompositor::didMoveOnscreen): Method name change.
        (WebCore::RenderLayerCompositor::shouldPropagateCompositingToEnclosingIFrame): Name change.
        (WebCore::RenderLayerCompositor::requiresCompositingForIFrame): We need to consult the iframe contents
        document's compositor to ask whether propagation is appropriate.
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Name change.

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59133.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856
        
        Use an enum for the type of root layer attachment on a RenderLayerCompositor, so we can
        determine if the attachment is via the ChromeClient, via an enclosing iframe, or unattached.

        * rendering/RenderLayerCompositor.h: New RootLayerAttachment enum.
        (WebCore::RenderLayerCompositor::rootLayerAttachment): getter for the current attachment.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor): Init m_rootLayerAttachment.
        (WebCore::RenderLayerCompositor::~RenderLayerCompositor): Assert that is unattached.
        (WebCore::RenderLayerCompositor::updateCompositingLayers): Call destroyRootPlatformLayer instead of willMoveOffscreen,
        when there are no layers left. Also clear out the clipping layer.
        (WebCore::RenderLayerCompositor::didMoveOnscreen): Call attachRootPlatformLayer.
        (WebCore::RenderLayerCompositor::willMoveOffscreen): Call ensureRootPlatformLayer with the appropriate attachment.
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Only create the m_rootPlatformLayer if we don't have one
           already, but be sure to always set the root layer geometry orientation. Also only create the
           m_clippingLayer if we need to.
        (WebCore::RenderLayerCompositor::destroyRootPlatformLayer): Call detachRootPlatformLayer().
        (WebCore::RenderLayerCompositor::attachRootPlatformLayer): Code moved from didMoveOnscreen, but switching on
            attachment.
        (WebCore::RenderLayerCompositor::detachRootPlatformLayer): Code moved from willMoveOffscreen, but switching on
            attachment.

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59132.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856

        Clean up the geometry logic when propagating compositing out of iframes.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateRootLayerPosition): Geometry on m_rootPlatformLayer no longer
        needs to be special when there's a clipping layer.
        
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Don't set the clipping layer to have
        flipped geometry ever, and only set the root layer to have flipped geometry if it is not
        being hosted in an iframe. Also no need to set a custom anchor point on the clipping layer.

2010-06-28  Mark Rowe  <mrowe@apple.com>

        Merge r59129.

    2010-05-10  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson

        Allow compositing layers to be connected across iframe boundaries on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38856

        Clean up some methods related to composited iframes. No behavioral changes.

        * rendering/RenderLayerBacking.h: Move innerRenderLayerCompositor() to be a static method:
            RenderLayerCompositor::iframeContentsCompositor().
        * rendering/RenderLayerBacking.cpp: Remove innerRenderLayerCompositor().
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Call iframeContentsCompositor().
        
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::enableCompositingMode): Call enclosingIFrameElement()
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree): iframeContentsCompositor() is now a static method in this class.
        Also check that the iframe contents are in compositing mode (slightly clearer than relying on rootPlatformLayer() returning
        null).
        (WebCore::RenderLayerCompositor::iframeContentsCompositor): Moved from RenderLayerBacking.
        (WebCore::RenderLayerCompositor::didMoveOnscreen): Use enclosingIFrameElement() method.
        (WebCore::RenderLayerCompositor::willMoveOffscreen): Ditto.
        (WebCore::RenderLayerCompositor::enclosingIFrameElement): New method.
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer): Call enclosingIFrameElement().
        * rendering/RenderLayerCompositor.h: New method, iframeContentsCompositor().

2010-06-03  Mark Rowe  <mrowe@apple.com>

        Merge r59498.

    2010-05-14  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/7985864> Connection properties dictionary should use standard callbacks for keys, values
        https://bugs.webkit.org/show_bug.cgi?id=39132

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::createConnectionProperties):

2010-06-01  Mark Rowe  <mrowe@apple.com>

        Merge r60502.

    2010-06-01  Jer Noble  <jer.noble@apple.com>

        Reviewed by Sam Weinig.

        QuickTime 7.6.4 + Safari Nightly = Crash
        https://bugs.webkit.org/show_bug.cgi?id=40019
        rdar://problem/8035443
        
        Check the return value of QTCFPropertyListCreateXMLData before calling CFDataGetLength().

        * platform/graphics/win/QTCFDictionary.cpp:
        (QTCFDictionaryCreateCopyWithDataCallback):

2010-05-30  Mark Rowe  <mrowe@apple.com>

        Merge r59910.

    2010-05-20  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Adam Roben.

        Avoid flushing CA layers when a layout is pending
        https://bugs.webkit.org/show_bug.cgi?id=39463
        <rdar://problem/7999463>

        Avoid rendering the compositing layers to the screen if there's a layout pending,
        since the layer tree not in a state that should be presented to the user.
        
        This fixes flashes in some types of content that dynamically add and remove layers.

        Do this by adding a WKCACFLayerRendererClient for WKCACFLayerRenderer, which it can
        call through to ask whether now is a good time to render. If not, it schedules
        another render soon.
        
        * platform/graphics/win/WKCACFLayerRenderer.h:
        (WebCore::WKCACFLayerRendererClient::~WKCACFLayerRendererClient):
        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::acceleratedCompositingAvailable):
        (WebCore::WKCACFLayerRenderer::create):
        (WebCore::WKCACFLayerRenderer::WKCACFLayerRenderer):
        (WebCore::WKCACFLayerRenderer::render):

2010-05-27  Mark Rowe  <mrowe@apple.com>

        Merge r60317.

    2010-05-27  Eric Carlson  <eric.carlson@apple.com>

        Reviewed by Darin Adler.

        <rdar://problem/8016158> Crash in CVPixelBufferCreateResolvedAttributesDictionary with RLE
        compressed movie.

        Configure the visual context to generate Direct3D compatible pixel buffers when we are able to
        use a CAImageQueue so there will be less conversion required before display. This change also  
        works around the issue that causes the RLE compressed movie to crash.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::load): Pass enum to QTMovieVisualContext
        constructor instead of CFDictionary.
        * platform/graphics/win/QTMovieVisualContext.cpp:
        (SetNumberValue):
        (getPixelBufferCreationOptions): New, create options dictionary appropriate for the visual 
        context type.
        (pixelBufferCreationOptions): New, return options dictionary appropriate for the visual 
        context type.
        (QTMovieVisualContextPriv::QTMovieVisualContextPriv): Get the options dictionary from
        getPixelBufferCreationOptions insteaad of taking it as a parameter.
        (QTMovieVisualContext::QTMovieVisualContext): Take enum instead of CFDictionary for 
        visual context configuration type.
        * platform/graphics/win/QTMovieVisualContext.h:

2010-05-27  Mark Rowe  <mrowe@apple.com>

        Merge r60272.

    2010-05-26  Jer Noble  <jer.noble@apple.com>

        Patch edited by Adele Peterson and Mark Rowe.
        Reviewed by Eric Carlson

        Video elements show no video on Windows machines that do not support accelerated compositing
        https://bugs.webkit.org/show_bug.cgi?id=39446
        rdar://problem/7999794
        
        Create the visual context in setUpVideoRendering (as opposed to in load), and destroy it in
        tearDownVideoRendering (as opposed to in the destructor.)

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::~MediaPlayerPrivateQuickTimeVisualContext):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::load): Moved creation of the visual context to setUpVideoRendering.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::paint): Return early if the visual context isn't set up.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::currentRenderingMode): If the visual context isn't set up,
        return MediaRenderingNone.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::setUpVideoRendering): Create the visual context.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::tearDownVideoRendering): Destroy the visual context.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::hasSetUpVideoRendering): For software rendering mode, 
        make sure the visual context has been set up when saying the setup has been done.
        * platform/graphics/win/QTMovieVisualContext.cpp:
        (QTMovieVisualContextPriv::~QTMovieVisualContextPriv): Destruction moved to tearDownVideoRendering.
        Also, make sure to cancel the visual context's newImageAvailable callback in the visual context's destructor.
        (QTMovieVisualContext::create): Added.
        * platform/graphics/win/QTMovieVisualContext.h:

2010-05-27  Mark Rowe  <mrowe@apple.com>

        Merge r60252.

    2010-05-26  Alexey Proskuryakov  <ap@apple.com>

        Mac 32 bit build fix.

        * platform/graphics/mac/SimpleFontDataMac.mm: (WebCore::SimpleFontData::platformInit):
        Use static_cast instead of narrowPrecisionToFloat - the latter can't convert from float to float.

2010-05-27  Mark Rowe  <mrowe@apple.com>

        Merge r60247.

    2010-05-26  Dan Bernstein  <mitz@apple.com>

        Typed and reviewed by Alexey Proskuryakov.

        https://bugs.webkit.org/show_bug.cgi?id=39682
        <rdar://problem/8026774> REGRESSION: WebKit nightly adding insane height to div at random

        Test: fast/css/custom-font-xheight.html

        * platform/graphics/mac/SimpleFontDataMac.mm: (WebCore::SimpleFontData::platformInit):
        Calling an Objective C method that returns a structure with a null object can leave garbage in
        returned value. Custom fonts don't have an NSFont, they only have a CGFont. Call
        platformBoundsForGlyph() function instead, which works with CGFont.
        (WebCore::SimpleFontData::platformBoundsForGlyph): Fixed to work on Tiger (for fonts that
        have an NSFont), since this is now used in more cases.

2010-05-25  Steve Falkenburg  <sfalken@apple.com>

        Windows build fix.
        Branch doesn't have r59910, so remove the argument from WKCACFLayerRenderer::create.

        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp:
        (WebCore::MediaPlayerPrivateFullscreenWindow::MediaPlayerPrivateFullscreenWindow):

2010-05-25  Mark Rowe  <mrowe@apple.com>

        Merge r60207.

    2010-05-25  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp:

2010-05-25  Mark Rowe  <mrowe@apple.com>

        Merge r60190.

    2010-05-22  Jer Noble  <jer.noble@apple.com>

        Reviewed by Adam Roben.

        Full screen doesn't work for video elements
        https://bugs.webkit.org/show_bug.cgi?id=39557
        rdar://problem/8011813
        
        Add fullscreen support for MediaPlayerPrivateVisualContext.  A new class, MediaPlayerPrivateFullscreenWindow,
        provides the fullscreen hwnd and layer renderer.  Any WKCACFLayer can be provided to MediaPlayerPrivateFullscreenWindow
        so future additional MediaPlayerPrivate implementations can use the fullscreen window.
        
        Minor additions have been made to the FloatSize and IntSize classes.

        MediaPlayerPrivateQuickTimeVisualContext now calls retrieveCurrentImage after creating a new 
        videoLayer; this is an existing bug that was never really exposed before now.

        * WebCore.vcproj/WebCore.vcproj:
        * platform/graphics/FloatSize.h: Added aspectRatio() and scale(float).
        (WebCore::FloatSize::aspectRatio):
        (WebCore::FloatSize::scale):
        * platform/graphics/IntSize.h: Added aspectRatio().
        (WebCore::IntSize::aspectRatio):
        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: Added.
        * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.h: Added.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: Call retrieveCurrentImage() after creating the videoLayer.
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::supportsFullscreen):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveCurrentImage):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::createLayerForMovie):
        * platform/graphics/win/WKCACFLayer.cpp: 
        (WebCore::WKCACFLayer::WKCACFLayer):
        (WebCore::WKCACFLayer::removeFromSuperlayer):
        (WebCore::WKCACFLayer::setFrame):
        (WebCore::WKCACFLayer::internalSetNeedsDisplay):
        (WebCore::WKCACFLayer::setLayoutClient):
        (WebCore::WKCACFLayer::layoutSublayersProc):
        (WebCore::WKCACFLayer::layoutClient):
        (WebCore::WKCACFLayer::setNeedsLayout):
        * platform/graphics/win/WKCACFLayer.h: Add layout client class.
        (WebCore::WKCACFLayerLayoutClient::~WKCACFLayerLayoutClient):
        (WebCore::WKCACFLayer::frame): Added back frame()/setFrame().
        * platform/graphics/win/WebTiledLayer.cpp:
        (WebCore::WebTiledLayer::setFrame): Implamented setFrame() in subclass of WKCACFLayer
        * platform/graphics/win/WebTiledLayer.h:
        * platform/graphics/win/WebTiledLayer.cpp: Added setFrame() overriding WKCACFLayer's implementation
        (WebCore::WebTiledLayer::setFrame):
        * platform/graphics/win/WebTiledLayer.h:


2010-05-25  Mark Rowe  <mrowe@apple.com>

        Merge r60150.

    2010-05-25  Ada Chan  <adachan@apple.com>

        Reviewed by Steve Falkenburg.

        Add a base class for DOMTimer called SuspendableTimer which captures just the
        basic functionality of TimerBase and ActiveDOMObject combined.  It does not
        contain functionality specific to scripting timers.
        
        SuspendableTimer is used in fixing https://bugs.webkit.org/show_bug.cgi?id=39651

        * Android.mk:
        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::contextDestroyed):
        (WebCore::DOMTimer::stop):
        * page/DOMTimer.h:
        * page/SuspendableTimer.cpp: Added.
        (WebCore::SuspendableTimer::SuspendableTimer):
        (WebCore::SuspendableTimer::~SuspendableTimer):
        (WebCore::SuspendableTimer::hasPendingActivity):
        (WebCore::SuspendableTimer::stop):
        (WebCore::SuspendableTimer::suspend):
        (WebCore::SuspendableTimer::resume):
        (WebCore::SuspendableTimer::canSuspend):
        * page/SuspendableTimer.h: Added.

2010-05-25  Mark Rowe  <mrowe@apple.com>

        Merge r60092.

    2010-05-24  Brady Eidson  <beidson@apple.com>

        Reviewed by Darin Adler.

        Database origins aren't populated at launch (missing db in prefs sheet, possible other symptoms)
        <rdar://problem/8013233> and https://bugs.webkit.org/show_bug.cgi?id=39486

        Currently, a Tracker needs to know it's path before origins are populated. Testing databases and 
        related features is made very difficult with this regression, so instead of changing things in a
        complicated way to make this not the case, I've added an "initialize Tracker with this path" function
        that calls the DatabaseTracker constructor with the initial path.

        I checked the other platforms besides Mac and Win, and none of them seem to perform the 
        "initialize databases if necessary" step in their init routines, so this change shouldn't effect them.

        No new tests. (API specific layout test in DRT is forthcoming)

        * WebCore.base.exp:

        * storage/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::initializeTracker): Added to create the tracker with its initial path.
        (WebCore::DatabaseTracker::tracker): Move the static tracker out so tracker() and initializeTracker()
          can share it. Add a fallback to not change behavior of platforms that don't call the new 
          "initializeTracker()" method.
        (WebCore::DatabaseTracker::DatabaseTracker): Changed to take the initial path as an argument.
        * storage/DatabaseTracker.h:

        * storage/chromium/DatabaseTrackerChromium.cpp:
        (WebCore::DatabaseTracker::tracker): Adapt to new c'tor.
        (WebCore::DatabaseTracker::DatabaseTracker): Ditto.


2010-05-25  Mark Rowe  <mrowe@apple.com>

        Merge r60110.

    2010-05-24  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Carlson.

        HTML5 <video> tag performance worse than Flash
        https://bugs.webkit.org/show_bug.cgi?id=39577
        rdar://problem/7982458
        
        Added attachments() back to QTPixelBuffer, as they are necessary for CAImageQueue.
        
        WKCACFLayer contents()/setContents() now return/take a CFTypeRef instead of a CGImageRef, which allows
        a CAImageQueueRef to be set as a layer's contents.
        
        WKCAImageQueue is a simple C++ wrapper around the WebKitSystemInterface CAImageQueue functions.
        
        MediaPlayerPrivateQuickTimeVisualContext will now use a CAImageQueue to display movie frames if 
        certain prerequisites are met (QuartzCore.dll and CoreVideo.dll version numbers must meet a certain
        threshold defined in MediaPlayerPrivateQuickTimeVisualContext.cpp).
        
        * WebCore.vcproj/WebCore.vcproj:
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h:
        * platform/graphics/win/QTPixelBuffer.cpp:
        * platform/graphics/win/QTPixelBuffer.h:
        * platform/graphics/win/WKCACFLayer.cpp:
        * platform/graphics/win/WKCACFLayer.h:
        * platform/graphics/win/WKCAImageQueue.cpp: Added.
        * platform/graphics/win/WKCAImageQueue.h: Added.

2010-05-24  Mark Rowe  <mrowe@apple.com>

        Merge r60045.

    2010-05-23  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Simon Fraser.

        Limit the number of tiles created for large tiled layers
        https://bugs.webkit.org/show_bug.cgi?id=39522
        
        I added an algorithm to limit the number of tiles created to 512.
        It tried to limit them in only one dimension and if that's not
        possible it limits them in both dimensions according to the
        ratio of width to height. This has the effect of rendering
        tiles starting from the upper-left, which is often the part
        that is visible. So it both prevents crashing and tried to do
        the best job it can of displaying what the author intended.

        The test LayoutTests/compositing/geometry/huge-layers.html was
        crashing before this fix. Now it works correctly.

        * platform/graphics/win/WebTiledLayer.cpp:
        (WebCore::WebTiledLayer::WebTiledLayer):
        (WebCore::WebTiledLayer::setBounds):
        (WebCore::WebTiledLayer::constrainedSize):
        (WebCore::WebTiledLayer::updateTiles):
        * platform/graphics/win/WebTiledLayer.h:

2010-05-24  Mark Rowe  <mrowe@apple.com>

        Merge r59982.

    2010-05-21  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Simon Fraser.

        Implement tiled compositing layers on Windows
        https://bugs.webkit.org/show_bug.cgi?id=39461
        
        This adds a tiling implementation similar (from a GraphicsLayer standpoint)
        to the one for Mac. But where Mac uses the existing CATiledLayer, I've had
        to implement one. If a layer is greater then 2k x 2k, I split it into an
        array of 512 x 512 tiles. These tiles are positioned in the correct place 
        for the TiledLayer's content. When setNeedsDisplay is called on the TiledLayer
        the tiles' setNeedDisplay methods are called. Each tile clips and positions the
        CGContext appropriately and then renders the layer.
        
        I also got rid of all frame()/setFrame() API to reduce the number of calls to
        override for tiling.
        
        Much optimization is possible. Most significantly right now all tiles are
        rendered whether visible or not. We need to only render tiles that are 
        currently visible.

        Tests: compositing/huge-layer-add-remove-child.html
               compositing/huge-layer-resize.html
               compositing/huge-layer-with-layer-children-resize.html
               compositing/huge-layer-with-layer-children.html
               compositing/huge-layer.html

        * WebCore.vcproj/WebCore.vcproj:
        * platform/graphics/win/GraphicsLayerCACF.cpp: Added tiling code similar to GraphicsLayerCA
        (WebCore::GraphicsLayerCACF::requiresTiledLayer):
        (WebCore::GraphicsLayerCACF::swapFromOrToTiledLayer):
        (WebCore::GraphicsLayerCACF::updateLayerSize):
        (WebCore::GraphicsLayerCACF::updateLayerDrawsContent):
        * platform/graphics/win/GraphicsLayerCACF.h:
        * platform/graphics/win/WKCACFLayer.cpp: Made some methods virtual so WebTiledLayer can override.
                                                 Also added sublayer setting and manipulation methods needed for tiling
        (WebCore::WKCACFLayer::addSublayer):
        (WebCore::WKCACFLayer::internalInsertSublayer):
        (WebCore::WKCACFLayer::insertSublayerAboveLayer):
        (WebCore::WKCACFLayer::insertSublayerBelowLayer):
        (WebCore::WKCACFLayer::replaceSublayer):
        (WebCore::WKCACFLayer::internalSublayerCount):
        (WebCore::WKCACFLayer::adoptSublayers):
        (WebCore::WKCACFLayer::internalSublayerAtIndex):
        (WebCore::WKCACFLayer::internalIndexOfSublayer):
        (WebCore::WKCACFLayer::internalRemoveAllSublayers):
        (WebCore::WKCACFLayer::internalSetSublayers):
        (WebCore::WKCACFLayer::internalSetNeedsDisplay):
        (WebCore::WKCACFLayer::printLayer):
        * platform/graphics/win/WKCACFLayer.h:
        (WebCore::WKCACFLayer::setNeedsDisplay):
        (WebCore::WKCACFLayer::removeAllSublayers):
        (WebCore::WKCACFLayer::setSublayers):
        (WebCore::WKCACFLayer::insertSublayer):
        (WebCore::WKCACFLayer::sublayerCount):
        * platform/graphics/win/WKCACFLayerRenderer.cpp: Fix a crash exposed when tiling code is active
        (WebCore::WKCACFLayerRenderer::createRenderer):
        (WebCore::WKCACFLayerRenderer::destroyRenderer):
        (WebCore::WKCACFLayerRenderer::resize):
        * platform/graphics/win/WebLayer.cpp: Added. Split this out from GraphicsLayerCACF so it could be subclassed by WebTiledLayer
        (WebCore::WebLayer::internalSetNeedsDisplay):
        (WebCore::WebLayer::drawInContext):
        * platform/graphics/win/WebLayer.h: Added.
        (WebCore::WebLayer::create):
        (WebCore::WebLayer::WebLayer):
        * platform/graphics/win/WebTiledLayer.cpp: Added. Where all the tile construction and rendering is done
        (WebCore::WebTiledLayer::tileDisplayCallback):
        (WebCore::WebTiledLayer::create):
        (WebCore::WebTiledLayer::WebTiledLayer):
        (WebCore::WebTiledLayer::~WebTiledLayer):
        (WebCore::WebTiledLayer::setBounds):
        (WebCore::WebTiledLayer::internalSetNeedsDisplay):
        (WebCore::WebTiledLayer::internalSublayerCount):
        (WebCore::WebTiledLayer::internalRemoveAllSublayers):
        (WebCore::WebTiledLayer::internalSetSublayers):
        (WebCore::WebTiledLayer::internalInsertSublayer):
        (WebCore::WebTiledLayer::internalSublayerAtIndex):
        (WebCore::WebTiledLayer::internalIndexOfSublayer):
        (WebCore::WebTiledLayer::addTile):
        (WebCore::WebTiledLayer::removeTile):
        (WebCore::WebTiledLayer::tileAtIndex):
        (WebCore::WebTiledLayer::tileCount):
        (WebCore::WebTiledLayer::updateTiles):
        (WebCore::WebTiledLayer::drawTile):
        * platform/graphics/win/WebTiledLayer.h: Added.

2010-05-24  Mark Rowe  <mrowe@apple.com>

        Merge r60014.

    2010-05-22  Daniel Bates  <dbates@rim.com>

        Reviewed by Adam Barth.

        REGRESSION (r56295): Can't create a new wave on Google Wave
        https://bugs.webkit.org/show_bug.cgi?id=39249

        Instead of just using the source code portion of a JavaScript URL to
        detect an XSS attack, we now include the JavaScript URL schema. This
        reduces the chance of a false positive by providing additional context.

        Test: http/tests/security/xssAuditor/javascript-link-safe.html

        * WebCore.base.exp: Updated exported symbols as necessary.
        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeScript): Added parameter shouldAllowXSS.
        (WebCore::ScriptController::executeIfJavaScriptURL): Ditto.
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld): Ditto.
        (WebCore::ScriptController::evaluate): Ditto.
        (WebCore::ScriptController::executeScriptInWorld): Ditto.
        * bindings/js/ScriptController.h: Added enum ShouldAllowXSS.
        (WebCore::):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::evaluate): Added parameter shouldAllowXSS.
        * bindings/v8/ScriptController.h: Added enum ShouldAllowXSS.
        (WebCore::):

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59956.

    2010-05-21  David Hyatt  <hyatt@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=39420, :visited not working with background-color.

        Make the RenderStyle color accessors private.  This forces callers to use visitedDependentColor
        instead (or to make the decision to become friends of the RenderStyle class in order to get access
        to the real style information).

        Modified history/self-is-visited.html to also test background colors.

        * WebCore.base.exp:
        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::isTableExposableThroughAccessibility):
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (AXAttributeStringSetStyle):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::currentColorOrValidColor):
        * css/CSSComputedStyleDeclaration.h:
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::colorFromSVGColorCSSValue):
        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::editingStyleAtPosition):
        (WebCore::prepareEditingStyleToApplyAt):
        (WebCore::removeStylesAddedByNode):
        (WebCore::fontColorChangesComputedStyle):
        (WebCore::ApplyStyleCommand::addInlineStyleIfNeeded):
        * editing/ApplyStyleCommand.h:
        (WebCore::):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::moveParagraphs):
        (WebCore::CompositeEditCommand::breakOutOfEmptyListItem):
        * editing/DeleteButtonController.cpp:
        (WebCore::isDeletableElement):
        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::saveTypingStyleState):
        * editing/InsertParagraphSeparatorCommand.cpp:
        (WebCore::InsertParagraphSeparatorCommand::calculateStyleBeforeInsertion):
        * editing/RemoveFormatCommand.cpp:
        (WebCore::RemoveFormatCommand::doApply):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::handleStyleSpansBeforeInsertion):
        (WebCore::ReplaceSelectionCommand::handleStyleSpans):
        (WebCore::ReplaceSelectionCommand::doApply):
        * editing/SelectionController.cpp:
        (WebCore::SelectionController::paintCaret):
        * editing/markup.cpp:
        (WebCore::createMarkup):
        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::ensurePropertyMap):
        * page/animation/AnimationBase.h:
        * page/mac/FrameMac.mm:
        (WebCore::Frame::fontAttributesForSelectionStart):
        * rendering/EllipsisBox.cpp:
        (WebCore::EllipsisBox::paint):
        (WebCore::EllipsisBox::paintSelection):
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        (WebCore::RenderBox::paintRootBoxDecorations):
        (WebCore::RenderBox::paintBoxDecorationsWithSize):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintBoxShadow):
        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::paintBoxDecorations):
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::paintObject):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::paintColumnBorder):
        (WebCore::RenderFrameSet::paintRowBorder):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintReplaced):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::rendererBackgroundColor):
        * rendering/RenderLayerBacking.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::paintItemForeground):
        (WebCore::RenderListBox::paintItemBackground):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint):
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::itemStyle):
        (WebCore::RenderMenuList::itemBackgroundColor):
        (WebCore::RenderMenuList::menuStyle):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::selectionBackgroundColor):
        (WebCore::RenderObject::selectionForegroundColor):
        * rendering/RenderSVGResource.cpp:
        (WebCore::RenderSVGResource::adjustColorForPseudoRules):
        (WebCore::RenderSVGResource::fillPaintingResource):
        (WebCore::RenderSVGResource::strokePaintingResource):
        * rendering/RenderSVGResource.h:
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::paintBoxDecorations):
        * rendering/RenderTable.h:
        (WebCore::RenderTable::bgColor):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintBackgroundsBehindCell):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::adjustInnerTextStyle):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::menuStyle):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::isControlStyled):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButton):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        (WebCore::write):
        * rendering/RenderTreeAsText.h:
        * rendering/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paintSelection):
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeRenderSVGTextBox):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::colorIncludingFallback):
        (WebCore::RenderStyle::visitedDependentColor):
        * rendering/style/RenderStyle.h:
        (WebCore::):
        (WebCore::InheritedFlags::hasBackground):
        (WebCore::InheritedFlags::borderLeftStyle):
        (WebCore::InheritedFlags::borderRightStyle):
        (WebCore::InheritedFlags::borderTopStyle):
        (WebCore::InheritedFlags::borderBottomStyle):
        (WebCore::InheritedFlags::textShadow):
        (WebCore::InheritedFlags::textStrokeWidth):
        (WebCore::InheritedFlags::hasNormalColumnGap):
        (WebCore::InheritedFlags::borderLeftColor):
        (WebCore::InheritedFlags::borderRightColor):
        (WebCore::InheritedFlags::borderTopColor):
        (WebCore::InheritedFlags::borderBottomColor):
        (WebCore::InheritedFlags::backgroundColor):
        (WebCore::InheritedFlags::color):
        (WebCore::InheritedFlags::columnRuleColor):
        (WebCore::InheritedFlags::outlineColor):
        (WebCore::InheritedFlags::textFillColor):
        (WebCore::InheritedFlags::textStrokeColor):
        * svg/SVGAnimationElement.cpp:
        (WebCore::adjustForCurrentColor):

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59904.

    2010-05-20  Jon Honeycutt  <jhoneycutt@apple.com>

        REGRESSION(r53637): DivX plug-in fails to start until window is resized
        https://bugs.webkit.org/show_bug.cgi?id=39457
        <rdar://problem/8006102>

        Before r53637, we called Widget::move() (which caused us to call
        NPP_SetWindow) before painting a plug-in. r53637 removed the call to
        Widget::move(), and we end up never calling NPP_SetWindow for plug-ins
        with the "DeferFirstSetWindowCall" quirk, including the DivX plug-in.

        Reviewed by Simon Fraser.

        * manual-tests/divx-plugin-fails-to-draw.html: Added.

        * plugins/PluginView.cpp:
        (WebCore::PluginView::PluginView):
        Initialize new member to false.

        * plugins/PluginView.h:
        Added new member.

        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginView::paint):
        Call setNPWindowRect() before painting to ensure that NPP_SetWindow gets
        called.
        (WebCore::PluginView::setNPWindowRect):
        Set m_haveCalledSetWindow.

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59966.

    2010-05-21  Jer Noble  <jer.noble@apple.com>

        Reviewed by Anders Carlsson.

        Disable full-screen video on Windows
        https://bugs.webkit.org/show_bug.cgi?id=39506
        rdar://problem/8012516
        
        Disable full-screen video through MediaPlayerPrivateVisualContext since
        we no longer use GWorlds and QuickTime's built in full-screen support.
        
        Media layout tests updated with new expected results.        
        
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::supportsFullscreen):

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59950.

    2010-05-21  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Fix for <rdar://problem/8009118> Crash in WebCore::toAlphabetic() 
        while running MangleMe
        -and corresponding-
        https://bugs.webkit.org/show_bug.cgi?id=39508

        The math was slightly off here, and we wound up trying to access an 
        array at index -1 in some cases. We need to decrement numberShadow 
        rather than subtracting one from the result of the modulo 
        operation.

        * rendering/RenderListMarker.cpp:
        (WebCore::toAlphabeticOrNumeric):

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59897.

    2010-05-20  Adam Roben  <aroben@apple.com>

        Stop leaking all CACFContexts

        Fixes <http://webkit.org/b/39466> <rdar://problem/8007141>.

        Reviewed by Simon Fraser.

        * platform/graphics/win/WKCACFContextFlusher.cpp:
        (WebCore::WKCACFContextFlusher::addContext): Only retain the context
        when we first add it to the m_contexts set. Otherwise we'll retain the
        same context multiple times, causing it to leak.

2010-05-21  Mark Rowe  <mrowe@apple.com>

        Merge r59962.

    2010-05-21  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Avoid creating huge tiled layers with accelerated compositing
        https://bugs.webkit.org/show_bug.cgi?id=39515
        
        Constrain the size of huge composited layers, to avoid bad behavior. We only
        need to do this if we detect that we need a tiled layer, since we'll make tiled
        layers for elements over a certain size that need to draw already.
        
        Constrain the size by attempting to shrink the longer dimension first.

        Test: compositing/geometry/huge-layer.html

        * platform/graphics/mac/GraphicsLayerCA.h:
        * platform/graphics/mac/GraphicsLayerCA.mm:
        (WebCore::GraphicsLayerCA::updateLayerPosition):
        (WebCore::GraphicsLayerCA::updateLayerSize):
        (WebCore::GraphicsLayerCA::constrainedSize):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59876.

    2010-05-20  Dan Bernstein  <mitz@apple.com>

        Reviewed by Dave Hyatt.

        <rdar://problem/8007953> Textarea using custom font appears blank

        Test: fast/css/font-face-in-shadow-DOM.html

        When a remote font is loaded, CSSFontSelector forces a style recalc, which replaces all
        RenderSyles that have FontFallbackLists referencing the placeholder font with fresh
        RenderStyles. However, it does not descend into shadow DOM trees, so those may end up with
        styles that still reference the placeholder font.

        The fix is to add RenderObject::requiresForcedStyleRecalcPropagation() and have it return
        true from renderers that maintain shadow DOM trees or otherwise keep their own RenderStyles.

        * dom/Element.cpp:
        (WebCore::Element::recalcStyle): Check if forced style recalc needs to propagated.
        * rendering/RenderButton.h:
        (WebCore::RenderButton::requiresForcedStyleRecalcPropagation):
        * rendering/RenderDataGrid.h:
        (WebCore::RenderDataGrid::requiresForcedStyleRecalcPropagation):
        * rendering/RenderFileUploadControl.h:
        (WebCore::RenderFileUploadControl::requiresForcedStyleRecalcPropagation):
        * rendering/RenderListItem.h:
        (WebCore::RenderListItem::requiresForcedStyleRecalcPropagation):
        * rendering/RenderMedia.h:
        (WebCore::RenderMedia::requiresForcedStyleRecalcPropagation):
        * rendering/RenderMenuList.h:
        (WebCore::RenderMenuList::RenderMenuList::requiresForcedStyleRecalcPropagation):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::requiresForcedStyleRecalcPropagation):
        * rendering/RenderProgress.h:
        (WebCore::RenderProgress::requiresForcedStyleRecalcPropagation):
        * rendering/RenderSlider.h:
        (WebCore::RenderSlider::requiresForcedStyleRecalcPropagation):
        * rendering/RenderTextControl.h:
        (WebCore::RenderTextControl::requiresForcedStyleRecalcPropagation):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59853.

    2010-05-20  Adam Roben  <aroben@apple.com>

        Fix a CFData leak in MediaPlayerPrivateQuickTimeVisualContext

        Fixes <http://webkit.org/b/39432> <rdar://problem/8008992>

        Reviewed by Ada Chan

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::QTCFDictionaryCreateWithDataCallback): Use a RetainPtr to
        hold the CFData we allocate so it will get released when this function
        is exited. Also pass kCFAllocatorNull as the bytes deallocator to
        CFDataCreateWithBytesNoCopy so that CF doesn't try to deallocate the
        bytes we pass to it.

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59873.

    2010-05-20  Jer Noble  <jer.noble@apple.com>

        No review; build fix only.

        When WTF_USE_ACCELERATED_COMPOSITING is turned off, MediaPlayerPrivateQuickTimeVisualContext.cpp
        must include CoreGraphics/CGContext.h.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59871.

    2010-05-20  Jer Noble  <jer.noble@apple.com>

        Reviewed by Sam Weinig.

        Video elements show no video on Windows machines that do not support accelerated compositing
        https://bugs.webkit.org/show_bug.cgi?id=39446
        rdar://problem/7999794

        Implement the paint() method in MediaPlayerPrivateQuickTimeVisualContext.  The visual context should
        be set up in load() and torn down in the destructor (as opposed to setUpVideoRendering and 
        tearDownVideoRendering, which won't get called in a non-accelerated compositing case).
        
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::~MediaPlayerPrivateQuickTimeVisualContext):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::load):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::paint):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::visualContextTimerFired):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveCurrentImage):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::setUpVideoRendering):
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::tearDownVideoRendering):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59854.

    2010-05-20  Adam Roben  <aroben@apple.com>

        Remove code that fetched, but did nothing useful with, a CFDictionary
        in MediaPlayerPrivateQuickTimeVisualContext

        I also removed the code in QTPixelBuffer that vended the dictionary.

        Fixes <http://webkit.org/b/39435> <rdar://problem/8009278>
        QTPixelBuffer passes CFDictionaries across the DLL boundary, which can
        lead to crashes

        Reviewed by Darin Adler.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::retrieveCurrentImage):
        Deleted code that fetched the attachments dictionary, which was never
        used other than to pass it to CFRetain/CFRelease, which could be
        enough to cause a crash due to incompatible copies of
        CoreFoundation.dll.

        * platform/graphics/win/QTMovieVisualContext.h: Added a now-needed
        forward declaration.

        * platform/graphics/win/QTPixelBuffer.cpp:
        * platform/graphics/win/QTPixelBuffer.h:
        Removed the now-unused attachments function.

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59864.

    2010-05-20  Adam Roben  <aroben@apple.com>

        Fix an HRGN leak in WKCACFLayerRenderer

        Fixes <http://webkit.org/b/39312> <rdar://problem/7998728> REGRESSION
        (r53686-r55990): Graphics corruption when watching video (affects
        youtube.com)

        Reviewed by Darin Adler.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::getDirtyRects): Use an OwnPtr to hold the HRGN we allocate.
        That way we don't have to remember to destroy it (as we were
        forgetting to do) when we bail out of this function early.

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59795.

    2010-05-19  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Hyatt.

        Check that the node is a text node before doing a static cast
        to a Text class pointer.
        https://bugs.webkit.org/show_bug.cgi?id=38626    

        Test: fast/text/text-transform-nontext-node-crash.xhtml

        * rendering/RenderText.cpp:
        (WebCore::RenderText::originalText):
        * rendering/RenderTextFragment.cpp:
        (WebCore::RenderTextFragment::originalText):
        (WebCore::RenderTextFragment::previousCharacter):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59859.

    2010-05-20  Marcus Bulach  <bulach@chromium.org>

        Reviewed by Steve Block.

        Ensure timers are stopped on Geolocation::disconnectFrame()
        https://bugs.webkit.org/show_bug.cgi?id=39388

        fast/dom/Geolocation/notimer-after-unload.html, plus it should be possible to re-enable Gtk LayoutTests.

        * page/Geolocation.cpp:
        (WebCore::Geolocation::disconnectFrame):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59732.

    2010-05-18  Sam Weinig  <sam@webkit.org>

        Fix release build.

        * dom/Attribute.cpp:
        (WebCore::Attribute::unbindAttr):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59731.

    2010-05-18  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Move Attr pointer from Attribute to a global HashMap.
        https://bugs.webkit.org/show_bug.cgi?id=39337
        <rdar://problem/8001168>

        Shaves another word off of Attribute.

        * dom/Attr.cpp:
        (WebCore::Attr::Attr):
        (WebCore::Attr::~Attr):
        * dom/Attribute.cpp:
        (WebCore::attributeAttrMap):
        (WebCore::Attribute::attr):
        (WebCore::Attribute::createAttrIfNeeded):
        (WebCore::Attribute::bindAttr):
        (WebCore::Attribute::unbindAttr):
        * dom/Attribute.h:
        (WebCore::Attribute::Attribute):

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59776.

    2010-05-19  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Move member variables from NamedMappedAttrMap to its base class NamedNodeMap
        https://bugs.webkit.org/show_bug.cgi?id=39367
        <rdar://problem/8003304>

        This lets us get rid of the vtable pointer in NamedNodeMap which saves 8 bytes, and also allows us to
        fit the m_mappedAttributeCount unsigned int in the RefCounted padding (in 64-bit).
        
        The net result is that we shrink the NamedMappedAttrMap size by 16 bytes, while keeping the size of NamedNodeMap the same.

        * dom/Element.cpp:
        (WebCore::Element::createAttributeMap):
        * dom/Element.h:
        * dom/NamedMappedAttrMap.cpp:
        * dom/NamedMappedAttrMap.h:
        (WebCore::NamedMappedAttrMap::NamedMappedAttrMap):
        * dom/NamedNodeMap.cpp:
        (WebCore::NamedNodeMap::clearAttributes):
        * dom/NamedNodeMap.h:
        (WebCore::NamedNodeMap::NamedNodeMap):
        * dom/Node.cpp:
        (WebCore::Node::dumpStatistics):
        * dom/StyledElement.cpp:
        * dom/StyledElement.h:

2010-05-20  Mark Rowe  <mrowe@apple.com>

        Merge r59677.

    2010-05-17  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=39258
        Remove NamedAttrMap residual gunk

        Replace NamedAttrMap.h/cpp with NamedNodeMap.h/cpp which was the class
        it contained.

        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/v8/custom/V8NamedNodesCollection.cpp:
        * dom/NamedAttrMap.cpp: Removed.
        * dom/NamedAttrMap.h: Removed.
        * dom/NamedNodeMap.cpp: Copied from dom/NamedAttrMap.cpp.
        * dom/NamedNodeMap.h: Replaced with dom/NamedAttrMap.h.
        * editing/ReplaceNodeWithSpanCommand.cpp:
        * platform/chromium/ClipboardChromium.cpp:

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59719.

    2010-05-18  Brady Eidson  <beidson@apple.com>

        Reviewed by Maciej Stachowiak.

        Repro crash with many Google image search results
        <rdar://problem/7685669> and https://bugs.webkit.org/show_bug.cgi?id=39323

        When an iframe has a plugin resource as its src, that case bypassed the plugin sandboxing checks and continued to load
        the data for the plugin resource. It handed that data off to a nonexistent Widget, causing a null deref and the crash.

        By replacing PluginDocuments in sandboxes iframes with a new "SinkDocument" that just acts as a data sink, we prevent the
        crash and also prevent actually loading the plugin binaries.

        I filed https://bugs.webkit.org/show_bug.cgi?id=39330 to follow up and let us cancel the load as soon as we know we should.

        Test: fast/loader/sandboxed-plugin-crash.html

        * CMakeLists.txt:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:

        * loader/DocumentWriter.cpp:
        (WebCore::DocumentWriter::begin): If the created document is a PluginDocument and the plugin sandbox flag is set,
          replace it with a SinkDocument.

        * loader/PluginDocument.h:
        (WebCore::PluginDocument::isPluginDocument): Make public (it was already public at the Document.h level).

        Add a simple document/tokenizer pair that simply presents a blank HTML document and acts as a data sink for whatever
        data is handed to it:
        * loader/SinkDocument.cpp: Added.
        (WebCore::SinkTokenizer::SinkTokenizer):
        (WebCore::SinkTokenizer::write):
        (WebCore::SinkTokenizer::isWaitingForScripts):
        (WebCore::SinkTokenizer::wantsRawData):
        (WebCore::SinkTokenizer::writeRawData):
        (WebCore::SinkTokenizer::stopParsing):
        (WebCore::SinkTokenizer::finish):
        (WebCore::SinkDocument::SinkDocument):
        (WebCore::SinkDocument::createTokenizer):
        * loader/SinkDocument.h: Added.
        (WebCore::SinkDocument::create):

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59674.

    2010-05-18  Brady Eidson  <beidson@apple.com>

        Reviewed by Eric Carlson.

        <rdar://problem/7993468> REGRESSION (r58586): Audio doesn't play on first click of play button at NPR.org

        NPR swallows the first mouse click on the play button, calls load() on the element, then waits for the
        canplay event to come in before calling play itself.

        After the site specific hack added in r58586, we disallowed play() from within the canplay event handler.
        By tracking whether a load() was triggered by a user gesture, we can differentiate between the original
        canplay event that we meant to ignore and the one resulting from the first mouse click which we want to honor.
        
        No new tests. (Currently no way to test such site specific hack behavior)

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::load): Set the m_loadInitiatedByUserGesture flag
        (WebCore::HTMLMediaElement::play): Only apply the site specific hack if the load wasn't initiated by a user gesture.
        * html/HTMLMediaElement.h:

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59684.

    2010-05-18  Adam Roben  <aroben@apple.com>

        Make accelerated compositing work on machines that don't support
        hardware vertex processing

        Fixes <http://webkit.org/b/39299> <rdar://problem/7997692> Accelerated
        compositing on Windows doesn't work on machines that don't support
        hardware vertex processing, but should

        Reviewed by Eric Carlson.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::createRenderer): Query the device
        capabilities to decide whether to request hardware or software vertex
        processing.

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59683.

    2010-05-18  Adam Roben  <aroben@apple.com>

        Make WKCACFLayerRenderer robust against temporary failure of
        Direct3DCreate9 and IDirect3D9::CreateDevice

        For a short time after waking from sleep, Direct3DCreate9() will
        return an IDirect3D9 for which IDirect3D9::CreateDevice will always
        fail. Also during this time period, IDirect3D9::CreateDevice
        will fail even for non-bad IDirect3D9s. (It will later start
        succeeding.) WKCACFLayerRenderer now works around this behavior by
        detecting when it might be in this situation and calling these
        functions again later.

        Fixes <http://webkit.org/b/39297> <rdar://problem/7997431> WebView
        doesn't repaint until page reloads when page using hardware
        acceleration loads just after waking from sleep

        Reviewed by John Sullivan.

        * manual-tests/crash-and-no-repaint-after-wake-from-sleep.html:
        Renamed from WebCore/manual-tests/crash-after-wake-from-sleep.html.
        Modified to also include instructions for reproducing this bug.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::WKCACFLayerRenderer): Replaced
        m_triedToCreateD3DRenderer with m_mightBeAbleToCreateDeviceLater. The
        new member is initialized to true, since we haven't even tried to
        create a device once yet.
        (WebCore::WKCACFLayerRenderer::createRenderer): If we already have a
        D3D device, or we don't have one and are sure that we won't be able to
        create one later, just return the previously-created device, if any.
        We assume that we won't be able to create a device later if this
        function fails, unless the function fails due to CreateDevice failing.
        As noted above, CreateDevice will sometimes temporarily fail and then
        later start working again. When CreateDevice fails, we also assume
        that we might have a bad IDirect3D9, so we get rid of the one we have
        so a new (and hopefully non-bad) one will be allocated later.
        (WebCore::WKCACFLayerRenderer::destroyRenderer): Reset
        m_mightBeAbleToCreateDeviceLater to true, since we no longer have a
        device.
        (WebCore::WKCACFLayerRenderer::paint): Before trying to paint, try to
        create our D3D device and renderer. If this fails, we bail out, but if
        we think we might be able to create a device later we schedule another
        paint (via renderSoon()) so that we'll try again soon.

        * platform/graphics/win/WKCACFLayerRenderer.h: Replaced
        m_triedToCreateD3DRenderer with m_mightBeAbleToCreateDeviceLater.

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59682.

    2010-05-18  Adam Roben  <aroben@apple.com>

        Fix a crash when a page that uses accelerated compositing loads soon
        after the computer wakes from sleep

        The set-up:

        For a short time after waking from sleep, IDirect3D9::CreateDevice
        will fail. This caused WKCACFLayerRenderer::createRenderer to fail,
        and meant that WKCACFLayerRenderer never allocated a root layer.
        WebView wouldn't notice that createRenderer failed, and would go ahead
        and try to use the root layer anyway, resulting in a crash.

        The fix:

        We now allocate the root layer (and all the other members of
        WKCACFLayerRenderer that aren't dependent on having an
        IDirect3DDevice9) in WKCACFLayerRenderer's constructor. This way the
        layers will always be present, even when creating the D3D device
        fails.

        There are two remaining problems:
          1) This results in slightly more memory usage in the case where
             CreateDevice fails.
          2) Once we get into this bad state, the WebView doesn't repaint
             until we navigate somewhere else.

        (2) is covered by
        <http://webkit.org/b/39297>/<rdar://problem/7997431>. We'll fix it by
        retrying CreateDevice later in hopes that it will succeed after more
        time has passed. This will in turn fix (1). (We should never end up in
        a case where CreateDevice fails forever because we already did some
        preliminary checks in acceleratedCompositingAvailable().)

        Fixes <http://webkit.org/b/39295> <rdar://problem/7971319> Crash
        (preceded by assertion) in WKCACFLayerRenderer::setNeedsDisplay when
        computer wakes from sleep on particular page

        Reviewed by John Sullivan.

        * manual-tests/crash-after-wake-from-sleep.html: Added. This
        is the Poster Circle demo from webkit.org/blog, but modified to
        automatically reload every 5 seconds and with instructions to put the
        computer to sleep and wake it up again.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::WKCACFLayerRenderer): Moved code to
        initialize m_context, m_renderContext, and m_*Layer here...
        (WebCore::WKCACFLayerRenderer::createRenderer): ...from here.

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59724.

    2010-05-18  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Move all member variables from MappedAttribute to Attribute.
        https://bugs.webkit.org/show_bug.cgi?id=39336
        <rdar://problem/8000853>

        This saves one word because we no longer have any virtual member functions in Attribute, and
        thus no vtable pointer.
        
        I plan to remove MappedAttribute altogether in a subsequent commit.

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::styleForElement):
        * dom/Attribute.cpp:
        (WebCore::Attribute::clone):
        * dom/Attribute.h:
        (WebCore::Attribute::create):
        (WebCore::Attribute::style):
        (WebCore::Attribute::decl):
        (WebCore::Attribute::setDecl):
        (WebCore::Attribute::isMappedAttribute):
        (WebCore::Attribute::Attribute):
        * dom/MappedAttribute.cpp: Removed.
        * dom/MappedAttribute.h:
        (WebCore::MappedAttribute::create):
        (WebCore::MappedAttribute::MappedAttribute):
        (WebCore::toMappedAttribute):
        * dom/NamedMappedAttrMap.cpp:
        (WebCore::NamedMappedAttrMap::declCount):
        (WebCore::NamedMappedAttrMap::mapsEquivalent):
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::attributeChanged):
        * svg/SVGSVGElement.cpp:
        (WebCore::updateCSSForAttribute):
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::getPresentationAttribute):

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59716.

    2010-05-18  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=39321
        Reduce the size of ListHashSets used by Document
        <rdar://problem/7999388>

        Reduce Membuster peak memory usage by ~450K by reducing the pool sizes
        of the ListHashSets used by Document.

        * dom/Document.cpp:
        (WebCore::Document::addStyleSheetCandidateNode):
        (WebCore::Document::recalcStyleSelector):
        * dom/Document.h:

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59680.

    2010-05-18  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Allocate the m_preloads list hash set dynamically and free it when done.
        https://bugs.webkit.org/show_bug.cgi?id=39309
        <rdar://problem/7998495>

        This saves about 6000 bytes on a fully loaded document.

        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestPreload):
        (WebCore::DocLoader::clearPreloads):
        * loader/DocLoader.h:

2010-05-19  Mark Rowe  <mrowe@apple.com>

        Merge r59678.

    2010-05-18  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Add an inlineCapacity template parameter to ListHashSet and use it to shrink the positioned object list hash set.
        https://bugs.webkit.org/show_bug.cgi?id=39304
        <rdar://problem/7998366>

        Set the inlineCapacity for the positionedObjects ListHashSet to 4 instead of 256. Since a RenderBlock usually has 
        few positioned objects, this saves memory.

        * WebCore.base.exp:
        * rendering/RenderBlock.cpp:
        (WebCore::clipOutPositionedObjects):
        (WebCore::RenderBlock::insertPositionedObject):
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::positionedObjects):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59556.

    2010-05-14  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=39048
        <rdar://problem/7978384> REGRESSION (r55802): XML errors on Google maps ("Entity 'nbsp' not
        defined") with JavaScript disabled

        Google Maps goes into mobile mode if JavaScript is disabled for some reason, and sends XHTML
        content with XHTML Mobile DOCTYPE. We want to handle it whether XHTMLMP is enabled or not.

        Test: fast/doctypes/xhtml-with-xhtmlmp-doctype.xhtml

        * dom/XMLTokenizerLibxml2.cpp: (WebCore::externalSubsetHandler): Restore pre-55802 behavior
        for builds that don't have XHTMLMP enabled. Given that r55802 negated the condition without
        breaking XHTMLMP, this line is actually always needed.

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59495.

    2010-05-14  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Hyatt.

        Move the m_width(Length) and m_columns(RenderTable::ColumnStruct)
        vector out-of-bounds check out of the ASSERT into the main code.
        https://bugs.webkit.org/show_bug.cgi?id=38261

        Test: fast/table/fixed-table-layout-large-colspan-crash.html

        * rendering/FixedTableLayout.cpp:
        (WebCore::FixedTableLayout::calcWidthArray):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59576.

    2010-05-15  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Maciej Stachowiak.

        Reduce the size of CachedResource
        https://bugs.webkit.org/show_bug.cgi?id=39171

        Make protected data members of CachedResource private, to allow for
        easier rearrangement, and hide the fact that enums are in bitfields.
        
        Rearrange the data members of CachedResource to save 32 bytes per instance
        in 64-bit. Also modernized the constructor code.

        * loader/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::didAddClient):
        (WebCore::CachedCSSStyleSheet::data):
        (WebCore::CachedCSSStyleSheet::checkNotify):
        (WebCore::CachedCSSStyleSheet::error):
        * loader/CachedFont.cpp:
        (WebCore::CachedFont::load):
        (WebCore::CachedFont::didAddClient):
        (WebCore::CachedFont::data):
        (WebCore::CachedFont::ensureCustomFontData):
        (WebCore::CachedFont::ensureSVGFontData):
        (WebCore::CachedFont::checkNotify):
        (WebCore::CachedFont::error):
        * loader/CachedImage.cpp:
        (WebCore::CachedImage::CachedImage):
        (WebCore::CachedImage::load):
        (WebCore::CachedImage::didAddClient):
        (WebCore::CachedImage::allClientsRemoved):
        (WebCore::CachedImage::image):
        (WebCore::CachedImage::data):
        (WebCore::CachedImage::error):
        (WebCore::CachedImage::checkNotify):
        (WebCore::CachedImage::destroyDecodedData):
        * loader/CachedImage.h:
        (WebCore::CachedImage::stillNeedsLoad):
        * loader/CachedResource.cpp:
        (WebCore::CachedResource::CachedResource):
        * loader/CachedResource.h:
        (WebCore::CachedResource::type):
        (WebCore::CachedResource::preloadResult):
        (WebCore::CachedResource::status):
        (WebCore::CachedResource::setStatus):
        (WebCore::CachedResource::isLoaded):
        (WebCore::CachedResource::isLoading):
        (WebCore::CachedResource::setErrorOccurred):
        * loader/CachedScript.cpp:
        (WebCore::CachedScript::didAddClient):
        (WebCore::CachedScript::data):
        (WebCore::CachedScript::checkNotify):
        (WebCore::CachedScript::error):
        * loader/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::didAddClient):
        (WebCore::CachedXSLStyleSheet::data):
        (WebCore::CachedXSLStyleSheet::checkNotify):
        (WebCore::CachedXSLStyleSheet::error):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59486.

    2010-05-14  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Brady Eidson.

        https://bugs.webkit.org/show_bug.cgi?id=39008
        <rdar://problem/7976142> REGRESSION (r58950): Webkit crashes on clicking back button when in Hotmail

        Test: fast/parser/tokenizer-close-during-document-write.html

        * dom/Document.cpp: (WebCore::Document::write): Check that the tokenizer is still around
        after calling write(). It can become null (as it happens in regression test), and I don't
        see any guarantee that it would never be replaced with a different one (but I can't make a
        test for that).

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59577.

    2010-05-16  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson.

        Shrink SimpleFontData
        https://bugs.webkit.org/show_bug.cgi?id=39179

        Change SimpleFontData to have a pointer to the m_glyphToBoundsMap, 
        and to allocate this lazily. This reduces the size of the class from
        5632 to 1536 bytes.

        * platform/graphics/SimpleFontData.h:
        (WebCore::SimpleFontData::boundsForGlyph):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59610.

    2010-05-15  Adam Roben  <aroben@apple.com>

        Periodically try to reset a lost IDirect3DDevice9 until we succeed

        This is how MSDN says we must respond to a lost device (see
        <http://msdn.microsoft.com/en-us/library/bb174714(v=VS.85).aspx>).

        Only testable by a manual test, unfortunately.

        Fixes <rdar://problem/7986906> <http://webkit.org/b/39139> Pages that
        use hardware acceleration don't repaint after waking computer from
        sleep

        Reviewed by John Sullivan.

        * manual-tests/no-repaint-after-wake-from-sleep.html: Added. This is
        the Poster Circle demo from webkit.org/blog, but with instructions for
        putting the computer to sleep and waking it up again.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::WKCACFLayerRenderer): Initialize new
        member that tells us whether we need to try to reset the device before
        rendering.
        (WebCore::WKCACFLayerRenderer::resize): Changed to tell resetDevice
        the reason why the device needs to be reset (which is because the
        window's size has changed).
        (WebCore::WKCACFLayerRenderer::render): Before we do anything else,
        check if we need to reset the device before rendering. If we do, try
        to reset it. If that fails, bail out and set a timer to try again
        later. If we discover that the device is lost when calling
        IDirect3DDevice9::Present and resetting the device fails, bail out and
        set a timer to try again later.
        (WebCore::WKCACFLayerRenderer::resetDevice): Changed to return a
        boolean indicating whether resetting succeeded or not. Added a
        ResetReason parameter so callers can specify whey the device needs to
        be reset. Before trying to do anything, we call
        IDirect3DDevice9::TestCooperativeLevel to find out whether the device
        can be reset currently. If it can't, we set a flag to tell ourselves
        that the device must be reset before we next render, and indicate to
        the caller that the reset failed. If we thought the device was lost
        but it turns out not to be, we don't have to do anything and can tell
        the caller that the reset succeeded. Otherwise we go ahead and reset
        the device as before, and indicate to the caller that the reset
        succeeded.

        * platform/graphics/win/WKCACFLayerRenderer.h: Changed resetDevice to
        return a boolean and take a ResetReason parameter. Added a comment
        about when and why this function should be called. And added
        m_mustResetLostDeviceBeforeRendering.

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59609.

    2010-05-15  Adam Roben  <aroben@apple.com>

        Call CARenderOGLPurge whenever we call IDirect3DDevice9::Reset

        MSDN says that all resoures allocated with D3DPOOL_DEFAULT must be
        destroyed before calling IDirect3DDevice9::Reset. The only way to
        guarantee this with Core Animation is to call CARenderOGLPurge.

        Unfortunately this isn't testable at the moment, as we don't use any
        features of Core Animation (e.g., mask layers) that actually make this
        required. But it seems like a good idea to fix the code now so that
        if/when we do start using those features we won't run into problems.

        Fixes <http://webkit.org/b/39159> WKCACFLayerRenderer::resetDevice
        might fail due to failing to destroy all D3DPOOL_DEFAULT resources

        Reviewed by John Sullivan.

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::render): Moved the call to
        CARenderOGLPurge from here...
        (WebCore::WKCACFLayerRenderer::resetDevice): ...to here, so that it
        will be called whenever we reset the device (e.g., when resizing the
        window).

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59516.

    2010-05-14  Adele Peterson  <adele@apple.com>

        Reviewed by Dave Hyatt.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=39095 
        <rdar://problem/7984158> REGRESSION (r53085): Infinite recursion in Position::getInlineBoxAndOffset when changing writing direction to right-to-left

        Test: editing/selection/applystyle-to-inline-inside-block.html

        * dom/Position.cpp: (WebCore::Position::getInlineBoxAndOffset): Now that this function correctly goes in and out of editable areas by calling
        downstreamIgnoringEditingBoundaries and upstreamIgnoringEditingBoundaries for blocks (added in r58665), we no longer need a special case to 
        jump out to the parent when we hit an inline (which was added in r53085 when this issue was introduced).

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59443.

    2010-05-13  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        iframes in compositing layers don't redraw correctly on scrolling
        https://bugs.webkit.org/show_bug.cgi?id=39096

        When an iframe ends up in a compositing layer (that is painting to its backing store), we need
        to turn off blitting on scrolling. RenderView::paintBoxDecorations() already has code to do this
        for transformed frames, so do the same thing when the frame is enclosed in a compositing layer.

        Test: compositing/iframes/iframe-copy-on-scroll.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::paintBoxDecorations):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59390.

    2010-05-13  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        Can't submit a form with <input type=checkbox required>
        https://bugs.webkit.org/show_bug.cgi?id=39065

        Test: fast/forms/interactive-validation-required-checkbox.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setChecked):
          Update the validity cache when a checkbox state is changed.

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59591.

    2010-05-13  Tony Chang  <tony@chromium.org>

        Reviewed by Darin Adler.

        REGRESSION: Crash by pasting to a textarea with white-space:nowrap
        https://bugs.webkit.org/show_bug.cgi?id=38992

        Test: editing/pasteboard/paste-plaintext-nowrap.html

        * editing/InsertParagraphSeparatorCommand.cpp:
        (WebCore::highestVisuallyEquivalentDivBelowRoot):
        (WebCore::InsertParagraphSeparatorCommand::doApply):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59629.

    2010-05-17  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=39247
        <rdar://problem/7994707>
        Move rarely used data members to the rare structures, thus saving memory.

        Move rarely used member variables from StyleInheritedData and StyleVisualData to
        StyleRareInheritedData and StyleRareNonInheritedData, namely:

        indent, cursorData, m_effectiveZoom, widows and orphans move from StyleInheritedData to StyleRareInheritedData.
        m_counterIncrement and m_counterReset move from StyleVisualData to StyleRareNonInheritedData.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff):
        (WebCore::RenderStyle::addCursor):
        (WebCore::RenderStyle::setCursorList):
        (WebCore::RenderStyle::clearCursorList):
        * rendering/style/RenderStyle.h:
        (WebCore::InheritedFlags::textIndent):
        (WebCore::InheritedFlags::effectiveZoom):
        (WebCore::InheritedFlags::counterIncrement):
        (WebCore::InheritedFlags::counterReset):
        (WebCore::InheritedFlags::cursors):
        (WebCore::InheritedFlags::widows):
        (WebCore::InheritedFlags::orphans):
        (WebCore::InheritedFlags::setTextIndent):
        (WebCore::InheritedFlags::setEffectiveZoom):
        (WebCore::InheritedFlags::setCounterIncrement):
        (WebCore::InheritedFlags::setCounterReset):
        (WebCore::InheritedFlags::setWidows):
        (WebCore::InheritedFlags::setOrphans):
        * rendering/style/StyleInheritedData.cpp:
        (WebCore::StyleInheritedData::StyleInheritedData):
        (WebCore::StyleInheritedData::operator==):
        * rendering/style/StyleInheritedData.h:
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::cursorDataEquivalent):
        (WebCore::StyleRareInheritedData::operator==):
        * rendering/style/StyleRareInheritedData.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        * rendering/style/StyleVisualData.cpp:
        (WebCore::StyleVisualData::StyleVisualData):
        * rendering/style/StyleVisualData.h:
        (WebCore::StyleVisualData::operator==):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59583.

    2010-05-16  Sam Weinig  <sam@webkit.org>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=39190
        Shave a word off of GlyphPageTreeNode
        <rdar://problem/7990428>

        * platform/graphics/GlyphPageTreeNode.h:
        (WebCore::GlyphPageTreeNode::GlyphPageTreeNode):

2010-05-18  Mark Rowe  <mrowe@apple.com>

        Merge r59514.

    2010-05-14  Stephanie Lewis  <slewis@apple.com>

        Rubber-stamped by Mark Rowe.

        Update order files.

        * WebCore.order:

2010-05-17  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/7987585> Disable SVG filters.

        * Configurations/FeatureDefines.xcconfig:

2010-05-17  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/7987743> Disable Blob.slice.

        * Configurations/FeatureDefines.xcconfig:

2010-05-17  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/7987750> Disable progress element.

        * Configurations/FeatureDefines.xcconfig:

2010-05-14  Steve Falkenburg  <sfalken@apple.com>

        Merge r59515

    2010-05-14  Brian Weinstein  <bweinstein@apple.com>

        Reviewed by Mark Rowe.

        Hopefully a last fix for the build. Call -mkdir instead of mkdir, so we don't bail if the mkdir call fails. Additionally,
        use the %Env% syntax instead of $(Env), which is what we need if we are referring to Windows environment variables instead
        of nmake variables.
        
        * WebCore.vcproj/WebCore.make:

2010-05-14  Mark Rowe  <mrowe@apple.com>

        Merge r59505.

    2010-05-14  Brian Weinstein  <bweinstein@apple.com>

        Reviewed by Mark Rowe.

        Build fix. Had the environment variables wrong for source and destination of the copy operation
        that was added.

        * WebCore.vcproj/WebCore.make:

2010-05-14  Mark Rowe  <mrowe@apple.com>

        Merge r59481.

    2010-05-14  Brian Weinstein  <bweinstein@apple.com>

        Reviewed by Adam Roben.

        Build fix, we need to copy over the files in $(WebKitOutputDir)/include/JavaScriptCore/private before
        WebCore builds. This is because we are building a couple WTF files in WebCore and JavaScriptCore.

        * WebCore.vcproj/WebCore.make: 

2010-05-14  Mark Rowe  <mrowe@apple.com>

        <rdar://problem/7677994> Disable WebGL

        * Configurations/FeatureDefines.xcconfig:

2010-05-13  Timothy Hatcher  <timothy@apple.com>

        Disable the Audits panel and Workers sidebar in the Web Inspector.

        <rdar://problem/7947035>

        Reviewed by Ada Chan.

        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel): Don't make a workers sidebar pane.
        (WebInspector.ScriptsPanel.prototype.reset): Null check workers sidebar pane.
        * inspector/front-end/Settings.js: Set auditsPanelEnabled to false.
        * inspector/front-end/WorkersSidebarPane.js:
        (WebInspector.didCreateWorker): Null check workers sidebar pane.
        (WebInspector.didDestroyWorker): Ditto.

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59418.

    2010-05-13  Timothy Hatcher  <timothy@apple.com>

        Expose WebCore::reportException and WebCore::toJSDOMWindow symbols.

        Reviewed by Sam Weinig.

        * WebCore.base.exp: Expose reportException and toJSDOMWindow.

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59330.

    2010-05-12  Anders Carlsson  <andersca@apple.com>

        Reviewed by Simon Fraser.

        Shrink the size of FillLayer by moving a member variable.
        https://bugs.webkit.org/show_bug.cgi?id=39035

        * rendering/style/FillLayer.cpp:
        (WebCore::FillLayer::FillLayer):
        * rendering/style/FillLayer.h:

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59387.

    2010-05-13  David Hyatt  <hyatt@apple.com>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=39084

        Improve :visited style resolution to reduce its memory footprint and to make some speed adjustments and
        simplifications.

        (1) Tie the caching of link state on CSSStyleSelector to the element.  Just clear out the element when
        style resolution finishes for the unvisited case to avoid caching across external calls.  The internal
        calls share the cache just fine by doing this.

        (2) Delete the RenderStyle if the link is unvisited.  This shouldn't take long enough to make us vulnerable
        to timing attacks, and it makes sure the overall footprint stays the way it used to be for unvisited links.

        (3) Limit the set of properties that can be applied to :visited links to only the colors it supports.  This
        stops images from being loadable from :visited rules.

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::init):
        (WebCore::CSSStyleSelector::SelectorChecker::determineLinkState):
        (WebCore::CSSStyleSelector::initElement):
        (WebCore::CSSStyleSelector::canShareStyleWithElement):
        (WebCore::CSSStyleSelector::styleForElement):
        (WebCore::CSSStyleSelector::pseudoStyleForElement):
        (WebCore::isValidVisitedLinkProperty):
        (WebCore::CSSStyleSelector::applyProperty):
        * css/CSSStyleSelector.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::colorIncludingFallback):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59417.

    2010-05-13  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Clearing Breakpoints Too Often
        https://bugs.webkit.org/show_bug.cgi?id=39094

        Minor resets should preserve both workers and breakpoints.

        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.reset):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59281.

    2010-05-12  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders Carlsson.

        A bunch of nice micro-optimizations for ~1% speedup on PLT.
        - Add fastGetAttribute. The same as getAttribute except can only be
          called when it is known not to be style attribute or one of the SVG
          animatable attributes.
        - Inline some functions from Font.
        - Return the same string from deprecatedParseURL if there is nothing
          to strip.
        - Use a member variable instead of a virtual function to determine 
          whether a ScheduledNavigation is a location change.

        * WebCore.base.exp:
        * css/CSSHelper.cpp:
        (WebCore::deprecatedParseURL):
        * css/CSSStyleSelector.cpp:
        (WebCore::linkAttribute):
        (WebCore::CSSStyleSelector::canShareStyleWithElement):
        (WebCore::CSSStyleSelector::SelectorChecker::checkOneSelector):
        * dom/Element.cpp:
        (WebCore::Element::getAttribute):
        * dom/Element.h:
        (WebCore::Element::fastHasAttribute):
        (WebCore::Element::fastGetAttribute):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::formControlName):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::value):
        * loader/RedirectScheduler.cpp:
        (WebCore::ScheduledNavigation::ScheduledNavigation):
        (WebCore::ScheduledNavigation::isLocationChange):
        (WebCore::ScheduledURLNavigation::ScheduledURLNavigation):
        (WebCore::ScheduledRedirect::ScheduledRedirect):
        (WebCore::ScheduledLocationChange::ScheduledLocationChange):
        (WebCore::ScheduledRefresh::ScheduledRefresh):
        (WebCore::ScheduledHistoryNavigation::ScheduledHistoryNavigation):
        (WebCore::ScheduledFormSubmission::ScheduledFormSubmission):
        (WebCore::RedirectScheduler::locationChangePending):
        * platform/graphics/Font.cpp:
        * platform/graphics/Font.h:
        (WebCore::Font::~Font):
        (WebCore::Font::primaryFont):
        (WebCore::Font::fontDataAt):
        (WebCore::Font::fontDataForCharacters):
        (WebCore::Font::isFixedPitch):
        (WebCore::Font::fontSelector):
        * platform/graphics/FontFallbackList.h:
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::imageMap):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59381.

    2010-05-13  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: A disabled style property cannot be deleted.

        https://bugs.webkit.org/show_bug.cgi?id=39057

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::applyStyleText):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59372.

    2010-05-13  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Event Markers should be hidden in Resource's "Size" Graph
        https://bugs.webkit.org/show_bug.cgi?id=39074

        Added Show / Hide event dividers functionality to the timeline grid,
        and included delegation functions in AbstractTimelinePanel.

        * inspector/front-end/AbstractTimelinePanel.js: delegate to the inner grid
        (WebInspector.AbstractTimelinePanel.prototype.hideEventDividers):
        (WebInspector.AbstractTimelinePanel.prototype.showEventDividers):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.populateSidebar): save a reference to the size graph item to know when its selected
        (WebInspector.ResourcesPanel.prototype._graphSelected): if the size graph is selected hide the dividers, otherwise show them
        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.hideEventDividers): set the container to display: none
        (WebInspector.TimelineGrid.prototype.showEventDividers): set the container to display: block

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59374.

    2010-05-13  Brady Eidson  <beidson@apple.com>

        Reviewed by John Sullivan.

        Part of <rdar://problem/7965182> and https://bugs.webkit.org/show_bug.cgi?id=38928

        No new tests. (No change in behavior)

        m_unloadEventBeingDispatched was already overloaded to include both unload and pagehide events.
        In general, these are "page dismissal" events, and might also include beforeunload, so let's rename
        the flag!

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::stopLoading):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadWithDocumentLoader):
        (WebCore::FrameLoader::stopAllLoaders):
        (WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
        (WebCore::FrameLoader::pageHidden):
        * loader/FrameLoader.h:

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59384.

    2010-05-13  Brady Eidson  <beidson@apple.com>

        Reviewed by Darin Adler.

        Repro crash at www.sears.com (infinite recursion in beforeunload handler)
        <rdar://problem/7965182> and https://bugs.webkit.org/show_bug.cgi?id=38928

        Test: fast/loader/recursive-before-unload-crash.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldClose): Copied from Frame, with the pageDismissal flag set.
        * loader/FrameLoader.h:

        * page/Frame.cpp:
        (WebCore::Frame::shouldClose): Forward to the new FrameLoader::shouldClose().
        * page/Frame.h:
        (WebCore::Frame::existingDOMWindow):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59351.

    2010-05-12  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Darin Adler.

        Fix Bug 35014 - Modifying UA rules from page JS crashes
        Added a NULL check.
        https://bugs.webkit.org/show_bug.cgi?id=35014

        Test: fast/css/modify-ua-rules-from-javascript.html

        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::setNeedsStyleRecalc):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59025.

    2010-05-08  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Timothy Hatcher.

        WebInspector: Autocompletion in console is not usable because it is not add to the entered text the common prefix of suggestions.
        As example if you entered $0.getE then getElementByClassName will be suggested as gray text.
        If you press tab then getElementByClassName be suggested again and lementByClassName becomes selected as black text with selection background.
        Really after pressing the TAB the next suggestion should be selected (getElementByTagName) and only flexible part of suggestions should be selected.
        In this case it should be TagName because getElementBy is the common part for all getE prefix suggestions.
        https://bugs.webkit.org/show_bug.cgi?id=38753

        * inspector/front-end/TextPrompt.js:
        (WebInspector.TextPrompt.prototype._completionsReady):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r58954.

    2010-05-07  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Joseph Pecoraro.

        Web Inspector: On Linux/Windows panel history is
        traversed while iterating over words in text prompt.

        https://bugs.webkit.org/show_bug.cgi?id=38740

        * inspector/front-end/TextPrompt.js:
        (WebInspector.TextPrompt):
        * inspector/front-end/inspector.js:
        (WebInspector.documentKeyDown):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59243.

    2010-05-12  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: disabling style property on container breaks styles inspection for given node.

        https://bugs.webkit.org/show_bug.cgi?id=39005

        Tests: inspector/styles-disable-inherited.html
               inspector/styles-disable-then-enable.html

        * inspector/front-end/StylesSidebarPane.js:
        (WebInspector.StylesSidebarPane.prototype._containsInherited):
        (WebInspector.StylesSidebarPane.prototype._arrayContainsInheritedProperty):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59210.

    2010-05-11  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Shorthand Properties Getting Deleted When Editing
        https://bugs.webkit.org/show_bug.cgi?id=38958

        * inspector/front-end/DOMAgent.js:
        (WebInspector.CSSStyleDeclaration.prototype.styleTextWithShorthands): was getting regular values instead of shorthand values

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59232.

    2010-05-12  Jer Noble  <jer.noble@apple.com>

        Reviewed by Darin Adler.
        
        Bug 38689: #34005 will break fullscreen video playback
        https://bugs.webkit.org/show_bug.cgi?id=38689
        
        The PlatformMedia struct now contains a type field indicating which type
        it contains.  The struct now contains a union of all possible return types,
        allowing the type of media returned by MediaPlayerPrivate instances to be
        determined at runtime.

        * platform/graphics/MediaPlayer.h:
        (WebCore::PlatformMedia::):
        (WebCore::):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivate::platformMedia):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp:
        (WebCore::MediaPlayerPrivateQuickTimeVisualContext::platformMedia):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp:
        (WebCore::MediaPlayerPrivate::platformMedia):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59239.

    2010-05-12  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38871 REGRESSION: 
        Crash clicking background NPR tab after few minutes of sitting idle
        -and corresponding-
        <rdar://problem/7941504>

        Move m_mediaCanStartListeners HashSet to Document away from Page.
        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::addMediaCanStartListener):
        (WebCore::Document::removeMediaCanStartListener):
        (WebCore::Document::takeAnyMediaCanStartListener):
        * dom/Document.h:
        * page/Page.cpp:
        (WebCore::Page::takeAnyMediaCanStartListener):
        * page/Page.h:
        (WebCore::Page::canStartMedia):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59189.

    2010-05-11  Darin Adler  <darin@apple.com>

        Reviewed by Beth Dakin.

        Another refactoring patch in preparation for a fix to
        https://bugs.webkit.org/show_bug.cgi?id=38871
        REGRESSION: Crash clicking background NPR tab after few minutes of sitting idle

        * dom/Document.cpp:
        (WebCore::Document::addMediaCanStartListener): Added.
        (WebCore::Document::removeMediaCanStartListener): Added.

        * dom/Document.h: Added add/removeMediaCanStartListener.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::~HTMLMediaElement): Call removeMediaCanStartListener
        on the document instead of the page.
        (WebCore::HTMLMediaElement::willMoveToNewOwnerDocument): Call
        removeMediaCanStartListener on the current document.
        (WebCore::HTMLMediaElement::didMoveToNewOwnerDocument): Call
        addMediaCanStartListener on the new document.
        (WebCore::HTMLMediaElement::loadInternal): Call addMediaCanStartListener
        on the document instead of the page.

        * plugins/PluginView.cpp:
        (WebCore::PluginView::startOrAddToUnstartedList): Call addMediaCanStartListener
        on the document instead of the page.
        (WebCore::PluginView::~PluginView): Call removeMediaCanStartListener
        on the document instead of the page, and do it in line instead of calling
        a function.

        * plugins/PluginView.h: Removed unused removeFromUnstartedListIfNecessary.

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59186.

    2010-05-11  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Small re-factoring patch in preparation for fixing https://
        bugs.webkit.org/show_bug.cgi?id=38871 REGRESSION: Crash clicking 
        background NPR tab after few minutes of sitting idle

        * page/Page.cpp:
        (WebCore::Page::takeAnyMediaCanStartListener):
        (WebCore::Page::setCanStartMedia):
        * page/Page.h:

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59199.

    2010-05-11  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Maciej Stachowiak.

        Body not redrawn, and filled with garbage on some composited pages
        https://bugs.webkit.org/show_bug.cgi?id=38951
        <rdar://problem/7891548>
        
        When the root layer becomes composited (for example, because a negative z-index
        descendant in its stacking context becomes composited), then it has to be made
        large enough to fill the viewport, because the page background draws into it.

        Test: compositing/geometry/composited-html-size.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::calculateCompositedBounds):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59263.

    2010-05-12  James Robinson  <jamesr@chromium.org>

        Patch by Dan Bernstein.

        Reviewed by David Hyatt.

        Fix marking the layout root's parent as needing layout
        https://bugs.webkit.org/show_bug.cgi?id=37760

        If an element gets marked as needing layout due to the recalcStyle()
        call in FrameView::layout(), the m_layoutSchedulingEnabled flag will
        be set to false.  It's possible at this point that a parent of the
        existing FrameView::m_layoutRoot will be marked as needing layout.

        This patch updates FrameView::scheduleRelayoutOfSubtree to account
        for this case.

        Manual test only due to subtle timing issues.

        * manual-tests/layoutroot_detach.xml: Added.
        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59241.

    2010-05-12  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Darin Adler.

        HTML Entity Escape the contents of a textarea node when accessed
        via the innerHTML and outerHTML node properties.
        https://bugs.webkit.org/show_bug.cgi?id=38922

        Test: fast/innerHTML/innerHTML-special-elements.html

        * editing/markup.cpp:
        (WebCore::appendStartMarkup):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59247.

    2010-05-12  David Hyatt  <hyatt@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=38891

        First-letter had a number of bugs that were exposed by my attempt to optimize the setting of styles when updating first-letter.
        The code that drills down to find the first-letter child stopped if it hit an element that didn't need layout.  This means it could
        return random incorrect results (and cause the first-letter object to not be found).

        In addition when the first-letter was floated/positioned, the text child was not correctly returned, but the container itself was
        returned instead.

        Finally, the updating code was leaving the box that wrapped the first letter text with a stale style.  The old code happened to work because
        it made new styles for the text elements instead of using the enclosing box style.  The regression was caused by my change to make the
        text children simply share style with their parent (thus making the bug that the parent had the wrong style become more prominent).

        No new tests, since there's a timing component to reproducing the issue.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateFirstLetter):

2010-05-13  Mark Rowe  <mrowe@apple.com>

        Merge r59187.

    2010-05-11  Brian Weinstein  <bweinstein@apple.com>

        Reviewed by Steve Falkenburg and Jon Honeycutt.
        Patch by Gavin Barraclough.

        REGRESSION (r57900-57919): 3% PLT Regression from moving strings into WTF.
        https://bugs.webkit.org/show_bug.cgi?id=38930
        <rdar://problem/7937188>
        
        Add the WTF strings into the WebCore vcproj, from their copied location in $(WebKitOutputDir).

        No new tests because no change in behavior.

        * WebCore.vcproj/WebCore.vcproj:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59192.

    2010-05-11  Jer Noble  <jer.noble@apple.com>

        No Review.
        
        Fix the Windows Debug Build: the correct VCProj variable to use when linking against
        JavaScriptCore is $(WebKitDLLConfigSuffix), not $(WebKitConfigSuffix), which expands
        to an empty string rather than "_debug".
        
        * WebCore.vcproj/QTMovieWin.vcproj:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59190.

    2010-05-11  Jer Noble  <jer.noble@apple.com>

        Darin Adler.

        19 media tests are crashing on Windows Release
        https://bugs.webkit.org/show_bug.cgi?id=38950
        rdar://problem/7971658

        Link against JavaScriptCore.lib instead of WTF.lib, so the free and malloc used by 
        QTMovieWin is always the free and malloc in JavaScriptCore.dll.
        
        * WebCore.vcproj/QTMovieWin.vcproj:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59173.

    2010-05-11  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Darin Adler.

        REGRESSION(r58520): Implicit submission on forms with button type="submit" no longer works
        https://bugs.webkit.org/show_bug.cgi?id=38913

        * Widened the check for a successful submit button to include all HTMLFormControlElements.
        * Clarified implicit submission code by:
            - introducing HTMLFormControlElement::canTriggerImplicitSubmission flag,
            - getting rid of static casting and checking for tag names.

        * html/HTMLFormControlElement.h:
        (WebCore::HTMLFormControlElement::canTriggerImplicitSubmission): Added.
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::submitImplicitly): Renamed parameters for clarity, refactored code
            to use canTriggerImplicitSubmission.
        * html/HTMLFormElement.h: Renamed parameter for clarity.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::defaultEventHandler):  Used canTriggerImplicitSubmission()
            instead of isTextField() for clarity.
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::canTriggerImplicitSubmission): Added.
        * html/HTMLIsIndexElement.h:
        (WebCore::HTMLIsIndexElement::canTriggerImplicitSubmission): Added.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59155.

    2010-05-11  Jer Noble  <jer.noble@apple.com>

        Reviewed by Adele Peterson.

        REGRESSION (r59001): 11 media tests are failing on Windows (38847)
        rdar://problem/7962997
        https://bugs.webkit.org/show_bug.cgi?id=38847
        
        QTMovieWin was too much refactored; the cacheMovieScale() function should have
        been left in QTMovie (instead of being moved into QTMovieGWorld).  This fixes the
        video-size-intrinsic-scale test.
        
        QTMovieTask::updateTaskTimer() was ignoring the maxInterval parameter unless 
        QTGetTimeUntilNextTask() returned an error, which caused the next timer to be
        scheduled for extremely far in the future, breaking some of the layout tests.
        
        QTMovieTask::fireTaskClients() now makes a local copy of the task list before 
        calling clients, in case one of them removes themselves from the task list and
        invalidates our iterating pointer.
        
        * platform/graphics/win/QTMovie.cpp:
        (QTMoviePrivate::task):
        (QTMoviePrivate::createMovieController):
        (QTMoviePrivate::cacheMovieScale):
        * platform/graphics/win/QTMovieGWorld.cpp:
        (QTMovieGWorldPrivate::movieLoadStateChanged):
        * platform/graphics/win/QTMovieTask.cpp:
        (QTMovieTask::updateTaskTimer):
        (QTMovieTask::fireTaskClients):

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59109.

    2010-05-10  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38583
        <rdar://problem/7948784> Crash in Element::normalizeAttributes.

        Test: fast/dom/Element/normalize-crash.html

        * dom/Element.cpp:
        (WebCore::Element::normalizeAttributes): Copy attributes to a vector
        before iterating.
        * dom/NamedAttrMap.cpp:
        (WebCore::NamedNodeMap::copyAttributesToVector): Added.
        * dom/NamedAttrMap.h:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59100.

    2010-05-07  Jon Honeycutt  <jhoneycutt@apple.com>

        Crash closing window containing Flash plug-in
        https://bugs.webkit.org/show_bug.cgi?id=38797
        <rdar://problem/7935266>

        Reviewed by Eric Seidel.

        Test: plugins/geturlnotify-during-document-teardown.html

        * plugins/PluginView.cpp:
        (WebCore::PluginView::load):
        Null check the DocumentLoader; it's possible for this to be null while
        the Document is being torn down and before the plug-in is destroyed.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59098.

    2010-05-10  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        Based on a patch by Eric Seidel.

        https://bugs.webkit.org/show_bug.cgi?id=28697
        <rdar://problem/7946578> WebKit crash on WebCore::Node::nodeIndex()

        It's not OK to call ContainerNode::willRemoveChild() in a loop, because Range code assumes
        that it can adjust start and end position to any node except for the one being removed -
        so these notifications cannot be batched.

        Test: fast/dom/Range/remove-all-children-crash.html

        * dom/ContainerNode.cpp:
        (WebCore::willRemoveChild): Removed unused ExceptionCode.
        (WebCore::willRemoveChildren): New function, used in removeChildren() case.
        (WebCore::ContainerNode::removeChild): ExceptionCode return was always 0, don't bother with it.
        (WebCore::ContainerNode::removeChildren): Call willRemoveChildrenFromNode.
        (WebCore::dispatchChildRemovalEvents): Moved some logic out into willRemoveChildrenFromNode
        and willRemoveChild.

        * dom/Document.cpp:
        (WebCore::Document::nodeChildrenWillBeRemoved): New function, used in removeChildren() case.

        * dom/Document.h: 
        (WebCore::Document::nodeChildrenWillBeRemoved): New function, used in removeChildren() case.

        * dom/Range.h:
        * dom/Range.cpp:
        (WebCore::boundaryNodeChildrenWillBeRemoved): New function, used in removeChildren() case.
        (WebCore::Range::nodeChildrenWillBeRemoved): Ditto.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59058.

    2010-05-07  Sam Weinig  <sam@webkit.org>

        Reviewed by Darin Adler.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38557
        r58526 introduced a ~30% regression on Dromaeo JS lib

        This fix does two things.
        - Don't use QualifiedName as the key to a HashMap, use a
          RefPtr<QualifiedNameImpl> instead.  We should remove the HashTraits for
          QualifiedName and that will happen in a follow up patch.
        - Only mark cached NodeLists on Documents instead of all Nodes. This is
          okay since the marking of NodeLists is an optimization to keep NodeList
          wrappers alive and is not mandated by any spec.

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::markChildren):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::markChildren):
        * dom/Node.cpp:
        (WebCore::Node::removeCachedTagNodeList):
        (WebCore::Node::getElementsByTagNameNS):
        * dom/NodeRareData.h:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59009.

    2010-05-08  Jer Noble  <jer.noble@apple.com>

        Unreviewed, just fixing windows build.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h: Add #if USE(ACCELERATED_COMPOSITING) guards around GraphicsLayer areas of the code.  Include GraphicsLayer.h directly.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: As above.
        * platform/graphics/win/QTMovieVisualContext.cpp: Remove the #include of d3d9types.h.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59001.

    2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Carlson

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>

        The original functionality of QTMovieWin has been split between QTMovieGWorld, 
        and a new class: QTMovie.  QTMovie contains all the "controller" parts (changing
        the rate, seeking, etc) while QTMovieGWorld retains all the drawing code.  QTMovieGWorld
        now takes a QTMovie, and as such QTMovie is now retainable.  QTMovieGWorld registers
        itself as a client of QTMovie, so that it can receive load-state notifications,
        and thus QTMovie must now support multiple clients.  Movie tasking timer support
        has been moved into its own class (QTMovieTask) and will be addressed in a future 
        patch.  Most of the functions listed below only changed so much as their class name changed.
        
        * platform/graphics/win/QTMovie.cpp: Copied from WebCore/platform/graphics/win/QTMovieWin.cpp.
        (QTMoviePrivate::QTMoviePrivate):
        (QTMoviePrivate::~QTMoviePrivate):
        (QTMoviePrivate::startTask):
        (QTMoviePrivate::endTask):
        (QTMoviePrivate::task):
        (QTMoviePrivate::createMovieController):
        (QTMovie::QTMovie):
        (QTMovie::~QTMovie):
        (QTMovie::addClient):
        (QTMovie::removeClient):
        (QTMovie::play):
        (QTMovie::pause):
        (QTMovie::rate):
        (QTMovie::setRate):
        (QTMovie::duration):
        (QTMovie::currentTime):
        (QTMovie::setCurrentTime):
        (QTMovie::setVolume):
        (QTMovie::setPreservesPitch):
        (QTMovie::dataSize):
        (QTMovie::maxTimeLoaded):
        (QTMovie::loadState):
        (QTMovie::getNaturalSize):
        (QTMovie::load):
        (QTMovie::disableUnsupportedTracks):
        (QTMovie::isDisabled):
        (QTMovie::setDisabled):
        (QTMovie::hasVideo):
        (QTMovie::hasAudio):
        (QTMovie::hasClosedCaptions):
        (QTMovie::setClosedCaptionsVisible):
        (QTMovie::countSupportedTypes):
        (QTMovie::getSupportedType):
        (QTMovie::initializeQuickTime):
        (QTMovie::getMovieHandle):
        * platform/graphics/win/QTMovie.h: Copied from WebCore/platform/graphics/win/QTMovieWin.h.
        * platform/graphics/win/QTMovieGWorld.cpp: Copied from WebCore/platform/graphics/win/QTMovieWin.cpp.
        (QTMovieGWorldPrivate::QTMovieGWorldPrivate):
        (QTMovieGWorldPrivate::~QTMovieGWorldPrivate):
        (QTMovieGWorldPrivate::cacheMovieScale):
        (movieDrawingCompleteProc):
        (QTMovieGWorldPrivate::registerDrawingCallback):
        (QTMovieGWorldPrivate::unregisterDrawingCallback):
        (QTMovieGWorldPrivate::drawingComplete):
        (QTMovieGWorldPrivate::updateGWorld):
        (QTMovieGWorldPrivate::createGWorld):
        (QTMovieGWorldPrivate::clearGWorld):
        (QTMovieGWorldPrivate::setSize):
        (QTMovieGWorldPrivate::updateMovieSize):
        (QTMovieGWorldPrivate::deleteGWorld):
        (QTMovieGWorldPrivate::movieEnded):
        (QTMovieGWorldPrivate::movieLoadStateChanged):
        (QTMovieGWorldPrivate::movieTimeChanged):
        (QTMovieGWorld::QTMovieGWorld):
        (QTMovieGWorld::~QTMovieGWorld):
        (QTMovieGWorld::setSize):
        (QTMovieGWorld::setVisible):
        (QTMovieGWorld::getCurrentFrameInfo):
        (QTMovieGWorld::paint):
        (QTMovieGWorld::setDisabled):
        (QTMovieGWorld::isDisabled):
        (QTMovieGWorld::fullscreenWndProc):
        (QTMovieGWorld::enterFullscreen):
        (QTMovieGWorld::exitFullscreen):
        (QTMovieGWorld::setMovie):
        (QTMovieGWorld::movie):
        * platform/graphics/win/QTMovieGWorld.h: Copied from WebCore/platform/graphics/win/QTMovieWin.h.
        * platform/graphics/win/QTMovieTask.cpp: Added.
        (QTMovieTask::QTMovieTask):
        (QTMovieTask::~QTMovieTask):
        (QTMovieTask::sharedTask):
        (QTMovieTask::updateTaskTimer):
        (QTMovieTask::fireTaskClients):
        (QTMovieTask::addTaskClient):
        (QTMovieTask::removeTaskClient):
        (QTMovieTask::setTaskTimerFuncs):
        * platform/graphics/win/QTMovieTask.h: Added.

2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Carlson

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>

        MediaPlayerPrivateQuickTimeVisualContext has been added as a 
        supported MediaPlayer implementation.  MediaPlayerPrivateQuickTimeWin
        has been left as a fallback MediaPlayer implementation for those media
        types which do not support visual contexts (currently, none).

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::installedMediaEngines):

2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Maciej Stachowiak

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>

        MediaPlayerPrivateTaskTimer has been broken out from MediaPlayerPrivateQuickTimeWin::TaskTimer
        so that multiple clients can share its implementation.  It works with the new 
        QTMovieTaskTimer to provide timer support to QTMovieTaskTimer clients.
        
        * platform/graphics/win/MediaPlayerPrivateTaskTimer.cpp: Added.
        (WebCore::MediaPlayerPrivateTaskTimer::initialize):
        (WebCore::MediaPlayerPrivateTaskTimer::setDelay):
        (WebCore::MediaPlayerPrivateTaskTimer::stopTaskTimer):
        (WebCore::MediaPlayerPrivateTaskTimer::fired):
        * platform/graphics/win/MediaPlayerPrivateTaskTimer.h: Added.

2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Eric Carlson

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>

        MediaPlayerPrivateQuickTimeVisualContext is a new MediaPlayerPrivate implementation
        which uses QTMovieVisualContext instead of QTMovieWin to render video frames. Much
        like MediaPlayerPrivateQuickTimeWin, MPPQTVisualContext breaks out QTMovie and 
        QTMovieVisualContext, and uses the newly shared MediaPlayerPrivateTaskTimer.  It also
        uses aggregation (in the form of friend classes) instead of multiple inheritence 
        to implement its various client callbacks, so as not to expose its own clients to
        the QTMovie classes.

        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.cpp: Copied from WebCore/platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp.
        * platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h: Copied from WebCore/platform/graphics/win/MediaPlayerPrivateQuickTimeWin.h.

2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Maciej Stachowiak

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>
        
        MediaPlayerPrivateQuickTimeWin has been modified to support the new bifurcated 
        QTMovie/QTMovieWin classes.  It's private TaskTimer class has been broken out
        into a new top-level class (MediaPlayerPrivateTaskTimer) which will be addressed
        in a future patch. 

        * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.cpp:
        (WebCore::MediaPlayerPrivate::~MediaPlayerPrivate):
        (WebCore::MediaPlayerPrivate::load):
        (WebCore::MediaPlayerPrivate::paused):
        (WebCore::MediaPlayerPrivate::setSize):
        (WebCore::MediaPlayerPrivate::setVisible):
        (WebCore::MediaPlayerPrivate::paint):
        (WebCore::mimeTypeCache):
        (WebCore::MediaPlayerPrivate::isAvailable):
        (WebCore::MediaPlayerPrivate::movieEnded):
        (WebCore::MediaPlayerPrivate::movieLoadStateChanged):
        (WebCore::MediaPlayerPrivate::movieTimeChanged):
        (WebCore::MediaPlayerPrivate::movieNewImageAvailable):
        (WebCore::MediaPlayerPrivate::paintContents):
        * platform/graphics/win/MediaPlayerPrivateQuickTimeWin.h:

2010-05-04  Jer Noble  <jer.noble@apple.com>

        Reviewed by Anders Carlsson

        Safari pegs CPU and drops tons of frames using HTML5 Vimeo player
        <https://bugs.webkit.org/show_bug.cgi?id=34005>
        <rdar://problem/7569713>

        QTCFDictionary defines functions which help serialize and unserialize
        CFDictionaries.  This is necessary because QuickTime links against a 
        non-debug CoreFoundation in our debug build, and passing non-debug 
        CFDictionaries to a debug CF will cause a crash.
        
        QTMovieTask is a new class containing the tasking functionality broken
        out from QTMovieWin.  This is necessary now that the tasking
        functionality is needed in multiple files/classes.
        
        QTPixelBuffer is a C++ wrapper for CVPixelBuffers, necessary because
        like the CF case above, QuickTime has its own implementation of CoreVideo
        and its CV types cannot be used with the AAS version of CoreVideo.
        
        QTMovieVisualContext is the new drawing implementation, parallel to 
        QTMovieWin.  It currently uses a software rendering path, but can be
        extended in the future to support hardware rendering.
        
        * platform/graphics/win/QTCFDictionary.cpp: Added.
        * platform/graphics/win/QTCFDictionary.h: Added.
        * platform/graphics/win/QTMovieTask.cpp: Added.
        * platform/graphics/win/QTMovieTask.h: Added.
        * platform/graphics/win/QTMovieVisualContext.cpp: Added.
        * platform/graphics/win/QTMovieVisualContext.h: Added.
        * platform/graphics/win/QTPixelBuffer.cpp: Added.
        * platform/graphics/win/QTPixelBuffer.h: Added.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58983.

    2010-05-07  Beth Dakin  <bdakin@apple.com>

        Reviewed by Simon Fraser.

        Fix for <rdar://problem/7956972> REGRESSION: Can't focus and type 
        in GMail due to bad repainting
        -and corresponding-
        https://bugs.webkit.org/show_bug.cgi?id=38782

        This patch reverts back to pre-r58797 behavior when 
        shouldPropagateCompositingToIFrameParent() is false.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::paintingGoesToWindow):

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58950.

    2010-05-07  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Adam Barth.

        document.write is not synchronous after page load
        https://bugs.webkit.org/show_bug.cgi?id=38146

        If there are no pending scripts, a document.write call should be
        synchronous. This matches other browsers and the HTML5 spec. Forcing
        the tokenizer to be synchronous in Document::write does not affect
        external scripts written by the write call. This should only change
        behavior of document.write after the page is done loading.

        Difficult to test reliably due to HTMLTokenizing relying on processing time.
        I made a manual test because the test requires processing very large strings
        synchronously and therefore can take some time.

        Test: WebCore/manual-tests/dom/document-write-synchronous-after-page-load.html

        * dom/Document.cpp:
        (WebCore::SynchronousHTMLTokenizerGuard::SynchronousHTMLTokenizerGuard): if the provided tokenizer is an HTMLTokenizer make it synchronous
        (WebCore::SynchronousHTMLTokenizerGuard::~SynchronousHTMLTokenizerGuard): if the provided tokenizer was an HTMLTokenizer return its synchronous state
        (WebCore::Document::write): temporarily set the tokenizer to synchronous during document.write
        * dom/Tokenizer.h:
        (WebCore::Tokenizer::asHTMLTokenizer): default implementation returns 0, to be overridden by HTMLTokenizer
        * html/HTMLTokenizer.h: allow access to to the force synchronous state
        (WebCore::HTMLTokenizer::forceSynchronous): accessor
        (WebCore::HTMLTokenizer::asHTMLTokenizer): override the default to return itself
        * manual-tests/dom/document-write-synchronous-after-page-load.html: Added.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58936.

    2010-05-06  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Compositing layers that are clipped out by an overflow:scroll parent fail to get created on reveal
        https://bugs.webkit.org/show_bug.cgi?id=38712
        
        When compositing layer creation is testing layer overlap, we need to re-run the
        algorithm when an overflow:scroll element scrolls, to create new layers for revealed
        elements.
        
        Test: compositing/layer-creation/overflow-scroll-overlap.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollToOffset): First, move the compositing updates
        until after the call to updateWidgetPositions(), so that this order is similar
        to what we done when a FrameView scrolls. This change has no known side effects.
        Second, if compositingConsultsOverlap() is true, we need to actually do a 
        compositing layer update to compute whether revealed/hidden layers should
        be created/destroyed.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59147.

    2010-05-11  Zoltan Herczeg  <zherczeg@webkit.org>

        Reviewed by Dirk Schulze.

        RenderSVGImage::imageChanged should invalidate the SVG filter cache
        https://bugs.webkit.org/show_bug.cgi?id=38838

        Test: svg/filters/filteredImage.svg

        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::imageChanged):

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59116.

    2010-05-10  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        WebSocket needs to suspend/resume as Active DOM object.
        https://bugs.webkit.org/show_bug.cgi?id=38171

        Implement suspend()/resume() in WebSocket and WebSocketChannel.
        While WebSocketChannel is suspended, it only adds received data in m_buffer
        or record the handle was closed, and report no event to WebSocket.
        When resumed, it will process buffer or handle closing.
        Since suspend/resume would be called while processing JavaScript event handler (e.g. before/after alert()), WebSocketChannel method that would fire an event need to be reentrant.
        So, WebSocketChannel::processBuffer() call WebSocket to fire an event at most once and skips buffer before the calling,
        so that next call of processBuffer() would process the next frame.

        * websockets/ThreadableWebSocketChannel.h:
        * websockets/ThreadableWebSocketChannelClientWrapper.h:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
          Mark channel is opened, and process pending events if not suspended.
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
          Push message back in pending queue, and process pending events if not suspended.
        (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
          Mark channel is closed, and process pending events if not suspended.
        (WebCore::ThreadableWebSocketChannelClientWrapper::suspend):
          Mark suspended.
        (WebCore::ThreadableWebSocketChannelClientWrapper::resume):
          Unmark suspended, and process pending events.
        (WebCore::ThreadableWebSocketChannelClientWrapper::ThreadableWebSocketChannelClientWrapper):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingEvents):
        * websockets/WebSocket.cpp:
        (WebCore::WebSocket::canSuspend):
        (WebCore::WebSocket::suspend):
        (WebCore::WebSocket::resume):
        (WebCore::WebSocket::didClose):
        * websockets/WebSocket.h:
        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::WebSocketChannel):
        (WebCore::WebSocketChannel::connect):
        (WebCore::WebSocketChannel::send):
        (WebCore::WebSocketChannel::bufferedAmount):
        (WebCore::WebSocketChannel::close):
        (WebCore::WebSocketChannel::suspend):
        (WebCore::WebSocketChannel::resume):
         When resumed, it will process buffer and
         handle closing if handle was already closed while suspended.
        (WebCore::WebSocketChannel::didClose):
         If suspended, record unhandled bufferedAmount and set m_closed true, so that closing will be processed when resumed.
        (WebCore::WebSocketChannel::didReceiveData):
         Add received data in buffer and process buffer while it is not suspended.
        (WebCore::WebSocketChannel::processBuffer):
         Process handshake header or one frame message.
         Return true if there are more data to be processed.
         Return false otherwise (e.g. incomplete handshake header or incomplete frame).
        * websockets/WebSocketChannel.h:
        * websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::suspend):
        (WebCore::WorkerThreadableWebSocketChannel::resume):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::suspend):
        (WebCore::WorkerThreadableWebSocketChannel::Peer::resume):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadSuspend):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::suspend):
        (WebCore::WorkerThreadableWebSocketChannel::mainThreadResume):
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::resume):
        * websockets/WorkerThreadableWebSocketChannel.h:

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r59111.

    2010-05-10  Dean Jackson  <dino@apple.com>

        Reviewed by Simon Fraser.

        https://bugs.webkit.org/show_bug.cgi?id=36566
        The animation-fill-mode property was missing from
        a few places where the animation shorthand is set up.

        Test: animations/animation-shorthand-removed.html

        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::getPropertyValue): Make sure
        animation-fill-mode is included in the animation shorthand
        * css/CSSPropertyLonghand.cpp:
        (WebCore::initShorthandMap):

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58965.

    2010-05-07  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        RenderSVGResourceClipper assigns a temporary mutated RenderStyle but does not correctly preserve the old style
        https://bugs.webkit.org/show_bug.cgi?id=38767

        Fix small logic error leading to a problem in RenderSVGResourceClipper. It assigns a new temporary RenderStyle
        to the target object, but fails to reset it correctly to the old style. Fixes all svg/clip-path errors on the windows bots.

        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::createClipData):

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58961.

    2010-05-07  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adele Peterson.

        https://bugs.webkit.org/show_bug.cgi?id=38546
        Node.focus() fails to move focus from subframe properly

        Test: fast/frames/take-focus-from-iframe.html

        * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::setFocus): Don't clear
        focus if this frame doesn't have it. This can happen if page's and HTMLFrameElement's ideas
        of focused frame get out of sync temporarily.

2010-05-12  Mark Rowe  <mrowe@apple.com>

        Merge r58960.

    2010-05-07  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        svg/custom/use-instanceRoot-as-event-target.xhtml crashes randomly
        https://bugs.webkit.org/show_bug.cgi?id=37798

        When creating JSEventListeners through attributes (onclick, etc..) or add/removeEventListener
        calls on a SVGElementInstance, do NOT pass the element instance itself as JS wrapper object
        but the correspondingElement(). SVGElementInstance redirects all event listener registrations
        to the correspondingElement(), as they share an event listener list, per SVG spec. The old
        code was very dangerous, leading to random assertions, when garbage collection teared down
        the JSSVGElementInstance and event listeners fired, whose listeners were registered with
        it, but residing in the correspondingElement() event listener list.

        Removes the need for CustomToJS code for JSSVGElementInstance, which was wrong anyways. We hoped
        to keep the event listeers alive by just creating a js wrapper of the correspondingElement(), that
        could only work as long as garbage collection didn't tear it down, just luck. Also remove the
        CustomPushEventHandlerScope marker, as it is only used for JSLazyEventListeners and only works
        for JSNode derived objects, it was a no-op for SVGElementInstance, thus removed it.

        Should fix all random crashes/assertions seen with svg/custom/use-instanceRoot-as-event-target.xhtml
        See bug report for a detailed crash analysis.

        * bindings/js/JSSVGElementInstanceCustom.cpp: Remove custom toJS()/pushEventHandlerScope() handling, not necessary anymore.
        (WebCore::JSSVGElementInstance::markChildren):
        * bindings/scripts/CodeGeneratorJS.pm: For JSSVGElementInstance pass the correspondingElement() as JS wrapper object, not itself.
        * svg/SVGElementInstance.cpp:
        (WebCore::SVGElementInstance::invalidateAllInstancesOfElement): Be sure to trigger a style update here, so dirty shadow trees for <use> get rebuild. Otherwhise DOM may be out-of-sync.
        (WebCore::SVGElementInstance::eventTargetData): Add ASSERT_NOT_REACHED(), all event listener calls are forwarded to the correspondingElement().
        (WebCore::SVGElementInstance::ensureEventTargetData): Ditto.
        * svg/SVGElementInstance.idl: Remove CustomToJS, CustomPushEventHandlerScope markers.

2010-05-06  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.

        Try again - with quotes this time. *facepalm*

        * dom/Notation.cpp:

2010-05-06  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.

        Speculative fix for Qt and Gtk.

        * dom/Notation.cpp:

2010-05-06  Maciej Stachowiak  <mjs@apple.com>

        Not reviewed, build fix.

        Fix an assert that I failed to update in my earlier change.

        * dom/CharacterData.h:
        (WebCore::CharacterData::CharacterData):

2010-05-06  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Geoff Garen.

        https://bugs.webkit.org/show_bug.cgi?id=38697
        REGRESSION (r58299): Replying on reddit.com no longer works

        * css/CSSSelector.cpp: (WebCore::CSSSelector::extractPseudoType): Don't recognize :first,
        :left and :right. The aren't allowed in all contexts, and properly implementing them is out
        of scope for this regression fix.

2010-05-06  Jian Li  <jianli@chromium.org>

        Reviewed by Adam Barth.

        Improve code generator scripts to support converting ScriptString.
        https://bugs.webkit.org/show_bug.cgi?id=38699

        Change both JSC and V8 generators to introduce "ConvertScriptString"
        attribute to allow converting from ScriptString. Also updated the
        bindings test result.

        These changes are necessary in order to avoid adding custom binding codes
        when we add the FileReader interface.

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_get_script_string_attr):
        (webkit_dom_test_obj_get_property):
        (webkit_dom_test_obj_class_init):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::):
        (WebCore::jsTestObjScriptStringAttr):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj scriptStringAttr]):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::scriptStringAttrAttrGetter):
        (WebCore::):

2010-05-06  Jian Li  <jianli@chromium.org>

        Reviewed by Adam Barth.

        Improve code generator scripts to pass additional ScriptExecutionContext
        argument to the constructor.
        https://bugs.webkit.org/show_bug.cgi?id=38687

        Change both JSC and V8 generators to introduce "CallWith=ScriptExecutionContext"
        attribute to allow passing the additional ScriptExecutionContext argument to
        the constructor. Also add another test IDL file to test interface-level
        features.

        These changes are necessary in order to avoid adding custom binding codes
        when we add the FileReader interface.

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestInterfacePrivate.h: Added.
        * bindings/scripts/test/JS/JSTestInterface.cpp: Added.
        * bindings/scripts/test/JS/JSTestInterface.h: Added.
        * bindings/scripts/test/ObjC/DOMTestInterface.h: Added.
        * bindings/scripts/test/ObjC/DOMTestInterface.mm: Added.
        * bindings/scripts/test/ObjC/DOMTestInterfaceInternal.h: Added.
        * bindings/scripts/test/TestInterface.idl: Added.
        * bindings/scripts/test/V8/V8TestInterface.cpp: Added.
        * bindings/scripts/test/V8/V8TestInterface.h: Added.
        * bindings/v8/V8Proxy.h:
        (WebCore::V8Proxy::constructDOMObjectWithScriptExecutionContext):

2010-05-06  Maciej Stachowiak  <mjs@apple.com>

        Build fix, not reviewed.
        
        Speculative Windows and Debug build fixes for the last change.

        * dom/Node.h:
        (WebCore::Node::inDocument):
        (WebCore::Node::setFlag):

2010-05-06  James Robinson  <jamesr@chromium.org>

        Reviewed by Eric Seidel.

        Fix warnings emitted by gcc 4.4.1 on linux in chromium-specific platform graphics files.
        https://bugs.webkit.org/show_bug.cgi?id=38158

        Fixes:
        - replace NULL with 0
        - remove unusued locals
        - add parens around ambiguous looking compound predicates like (a || b && c)

        This also adds a check for x >= 0 to FontLinux.cpp's in this statement:
          if (x < walker.width())
        This is more documentation than anything else since walker.width() returns
        an unsigned the current behavior is that x is promoted to unsigned and as
        long as x + walker.width() is less than 2^31 all negative values of x
        end up wrapping around and not being < walker.width().  This behavior is
        tested by fast/text/international/khmer-selection.html

        * platform/graphics/chromium/FontLinux.cpp:
        (WebCore::adjustTextRenderMode):
        (WebCore::TextRunWalker::TextRunWalker):
        (WebCore::TextRunWalker::length):
        (WebCore::TextRunWalker::width):
        (WebCore::TextRunWalker::getTextRun):
        (WebCore::TextRunWalker::getNormalizedTextRun):
        (WebCore::Font::offsetForPositionForComplexText):
        * platform/graphics/chromium/FontPlatformDataLinux.cpp:
        (WebCore::FontPlatformData::setupPaint):
        * platform/graphics/chromium/HarfbuzzSkia.cpp:
        (WebCore::getOutlinePoint):
        * platform/graphics/skia/GraphicsContext3DSkia.cpp:
        (WebCore::GraphicsContext3D::getImageData):
        * platform/graphics/skia/GraphicsContextSkia.cpp:
        (WebCore::isCoordinateSkiaSafe):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::strokeRect):

2010-05-06  Ada Chan  <adachan@apple.com>

        Reviewed by David Kilzer.

        https://bugs.webkit.org/show_bug.cgi?id=38695
        
        Check the result from widget() for NULL before accessing it.

        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::calcHeight):
        (WebCore::RenderIFrame::calcWidth):

2010-05-06  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.

        further fixes towards REGRESSION (r57292): 1% PLT regression from visited link information leak fix
        https://bugs.webkit.org/show_bug.cgi?id=38682
        <rdar://problem/7859794>

        Looks like a 1-2% speedup on PLT.

        - Reorder CSS properties.
        - Remove short circuit tag check in matchRulesForList which costs more than it saves.
        - Inline initForStyleResolve.
        - Optimize applyDeclarations to avoid switch and take fewer branches in the inner loop.
        
        - Change the way Node handles flags - replace bitfield with a uint32_t and explicit masking, 
        to make it cheaper to initialize the bits and give faster access.
        - Added new Node flags to check for isStyledElement, isHTMLElement, isSVGElement, isComment, 
        and devirtualize those methods.
        - Inline constructors for Node, Element, Text, CharacterData, StyledElement, etc since
        they are very simple and lots of nodes get constructed.
        
        * css/CSSPropertyNames.in: Move a few of the properties up front so we can check for them
        with < instead of switch statements
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::matchRulesForList): Remove unnecessary preflight check
        for tag match before checking selector. This check very rarely short circuits anything,
        since most rules with a tag end up in the appropriate tag bucket. So doing the check
        cost more time than the time saved.
        (WebCore::CSSStyleSelector::initForStyleResolve): Inline. Create RenderStyle in a better way.
        (WebCore::CSSStyleSelector::applyDeclarations): Get rid of switch statement and use <= to
        check for the high priority properties. Convert to template to avoid checking "applyFirst"
        each time through the loop.
        (WebCore::CSSStyleSelector::styleForElement): Adjust for new applyDeclarations() signature.
        (WebCore::CSSStyleSelector::keyframeStylesForAnimation): ditto
        (WebCore::CSSStyleSelector::pseudoStyleForElement): ditto
        * css/CSSStyleSelector.h: Adjust for new applyDeclarations() signature.
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::RenderStyle): Inline constructor.
        * rendering/style/RenderStyle.h: Make constructor private so it can be inline.
        * dom/Node.h:
        (WebCore::): See high-level description of changes above. Redid the
        way boolean flags work.
        (WebCore::Node::isElementNode):
        (WebCore::Node::isContainerNode):
        (WebCore::Node::isTextNode):
        (WebCore::Node::isHTMLElement):
        (WebCore::Node::isSVGElement):
        (WebCore::Node::isStyledElement):
        (WebCore::Node::isCommentNode):
        (WebCore::Node::hasID):
        (WebCore::Node::hasClass):
        (WebCore::Node::active):
        (WebCore::Node::inActiveChain):
        (WebCore::Node::inDetach):
        (WebCore::Node::hovered):
        (WebCore::Node::attached):
        (WebCore::Node::setAttached):
        (WebCore::Node::needsStyleRecalc):
        (WebCore::Node::styleChangeType):
        (WebCore::Node::childNeedsStyleRecalc):
        (WebCore::Node::isLink):
        (WebCore::Node::setHasID):
        (WebCore::Node::setHasClass):
        (WebCore::Node::setChildNeedsStyleRecalc):
        (WebCore::Node::clearChildNeedsStyleRecalc):
        (WebCore::Node::setInDocument):
        (WebCore::Node::clearInDocument):
        (WebCore::Node::setInActiveChain):
        (WebCore::Node::clearInActiveChain):
        (WebCore::Node::setIsLink):
        (WebCore::Node::clearIsLink):
        (WebCore::Node::setActive):
        (WebCore::Node::setHovered):
        (WebCore::Node::inDocument):
        (WebCore::Node::):
        (WebCore::Node::getFlag):
        (WebCore::Node::setFlag):
        (WebCore::Node::clearFlag):
        (WebCore::Node::hasRareData):
        (WebCore::Node::isParsingChildrenFinished):
        (WebCore::Node::setIsParsingChildrenFinished):
        (WebCore::Node::clearIsParsingChildrenFinished):
        (WebCore::Node::isStyleAttributeValid):
        (WebCore::Node::setIsStyleAttributeValid):
        (WebCore::Node::clearIsStyleAttributeValid):
        (WebCore::Node::isSynchronizingStyleAttribute):
        (WebCore::Node::setIsSynchronizingStyleAttribute):
        (WebCore::Node::clearIsSynchronizingStyleAttribute):
        (WebCore::Node::areSVGAttributesValid):
        (WebCore::Node::setAreSVGAttributesValid):
        (WebCore::Node::clearAreSVGAttributesValid):
        (WebCore::Node::isSynchronizingSVGAttributes):
        (WebCore::Node::setIsSynchronizingSVGAttributes):
        (WebCore::Node::clearIsSynchronizingSVGAttributes):
        (WebCore::Node::hasRareSVGData):
        (WebCore::Node::setHasRareSVGData):
        (WebCore::Node::clearHasRareSVGData):
        (WebCore::Node::initialRefCount):
        * dom/Node.cpp:
        (WebCore::Node::trackForDebugging): Adjusted for changes in
        flag handling.
        (WebCore::Node::ensureRareData): ditto
        (WebCore::Node::setStyleChange): ditto
        (WebCore::Node::setNeedsStyleRecalc): ditto
        (WebCore::Node::lazyAttach): ditto
        (WebCore::Node::attach): ditto
        (WebCore::Node::detach): ditto
        (WebCore::Node::insertedIntoDocument): ditto
        (WebCore::Node::removedFromDocument): ditto
        * dom/CharacterData.cpp:
        * dom/CharacterData.h:
        (WebCore::CharacterData::CharacterData): Inline the constructor (moved from .cpp)
        * dom/Comment.cpp:
        (WebCore::Comment::Comment): Tell the base class that we're a comment.
        * dom/Comment.h: Remove isCommentNode override.
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::detach): Adjusted for changes in flag
        handling.
        (WebCore::ContainerNode::removedFromDocument): ditto
        * dom/Document.cpp:
        (WebCore::Document::Document): Adjusted for changes in flag handling.
        (WebCore::Document::recalcStyle): ditto
        (WebCore::Document::setFocusedNode): ditto
        * dom/Document.h:
        (WebCore::Node::Node): Inline the Node constructor - goes here
        because it uses Document.
        * dom/DocumentFragment.cpp: include Document.h due to above change
        * dom/EditingText.cpp: ditto
        * dom/EntityReference.cpp: ditto
        * dom/Element.cpp:
        (WebCore::Element::getAttribute): Adjusted for changes in flag
        handling.
        (WebCore::Element::setAttribute): ditto
        (WebCore::Element::hasAttributes): ditto
        (WebCore::Element::recalcStyle): ditto
        (WebCore::Element::finishParsingChildren): ditto
        * dom/Element.h:
        (WebCore::Element::Element): Inline (moved from .cpp)
        (WebCore::Element::isFinishedParsingChildren):
        (WebCore::Element::beginParsingChildren):
        (WebCore::Element::attributes): Adjusted for changes in flag
        handling.
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::updateStyleAttribute): Adjust for
        changes to flag handling.
        (WebCore::StyledElement::mapToEntry): ditto
        (WebCore::StyledElement::parseMappedAttribute): ditto
        (WebCore::StyledElement::copyNonAttributeProperties): ditto
        * dom/StyledElement.h:
        (WebCore::StyledElement::StyledElement): Inline (moved from.cpp)
        (WebCore::StyledElement::invalidateStyleAttribute): Adjust for
        changes in flag handling.
        * dom/Text.h:
        (WebCore::Text::Text): Inline (moved from .cpp)
        * dom/Text.cpp:
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::HTMLAnchorElement): Adjust for changes in
        flag handling.
        (WebCore::HTMLAnchorElement::parseMappedAttribute): ditto
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::create): Tell base class we're an HTML element.
        * html/HTMLElement.h: ditto above; remove isHTMLElement override.
        * html/HTMLFormControlElement.h: Tell base class we're an HTML element.
        * html/HTMLFrameOwnerElement.cpp:
        (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement): ditto
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::HTMLProgressElement): ditto
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::MathMLElement): Tell base class we're a styled
        element.
        * rendering/MediaControlElements.cpp:
        (WebCore::MediaControlShadowRootElement::MediaControlShadowRootElement):
        Adjust for changes in flag handling.
        (WebCore::MediaControlElement::MediaControlElement): ditto
        (WebCore::MediaControlInputElement::MediaControlInputElement): ditto
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::updateFromElement): ditto
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateHoverActiveState): ditto
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::updateValuePartState): ditto
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::updateFromElement): ditto
        * rendering/SVGShadowTreeElements.cpp:
        (WebCore::SVGShadowTreeRootElement::SVGShadowTreeRootElement): ditto
        * rendering/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerElement::attachInnerElement): ditto
        * svg/SVGAnimatedProperty.h:
        (WebCore::SVGAnimatedPropertyTearOff::setBaseVal): ditto
        (WebCore::SVGAnimatedPropertyTearOff::setAnimVal): ditto
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::SVGElement): Tell base class we're
        an svg element.
        (WebCore::SVGElement::ensureRareSVGData): Adjust for flag handling
        changes.
        (WebCore::SVGElement::updateAnimatedSVGAttribute): ditto
        * svg/SVGElement.h:
        (WebCore::SVGElement::invalidateSVGAttributes): ditto
        * svg/SVGPolyElement.cpp:
        (WebCore::SVGPolyElement::svgAttributeChanged): ditto
        * wml/WMLAnchorElement.cpp:
        (WebCore::WMLAnchorElement::WMLAnchorElement): ditto
        * wml/WMLElement.cpp:
        (WebCore::WMLElement::WMLElement): Tell base class we're a styled
        element.

2010-05-06  Adam Barth  <abarth@webkit.org>

        Unreviewed.  Fix indent.  Sorry, my OCD was acting up.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseReleaseEvent):

2010-05-06  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Joseph Pecoraro.

        Web Inspector: store selected Headers / Content tab on explicit switch and/or explicit navigate only.

        https://bugs.webkit.org/show_bug.cgi?id=38660

        * inspector/front-end/ResourceView.js:
        (WebInspector.ResourceView):
        (WebInspector.ResourceView.prototype._selectHeadersTab):
        (WebInspector.ResourceView.prototype.selectContentTab):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.showResource):

2010-05-06  Luiz Agostini  <luiz.agostini@openbossa.org>

        Rubber-stamped by Simon Hausmann.

        [Qt] use QT_MOBILE_THEME in Symbian
        https://bugs.webkit.org/show_bug.cgi?id=38440

        Putting QT_MOBILE_THEME into use for Symbian.

        * WebCore.pro:

2010-05-06  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Unreviewed, build fix WinCE for QtWebKit.

        [Qt] Compilation with Plugins disabled is broken
        https://bugs.webkit.org/show_bug.cgi?id=31407

        Rename platform/qt/TemporaryLinkStubs.cpp to avoid name collition on
        Windows.

        Thanks for Ismail "cartman" Donmez for help.

        No new tests, as there is no new functionality.

        * WebCore.gypi:
        * WebCore.pro:
        * platform/qt/TemporaryLinkStubs.cpp: Removed.
        * platform/qt/TemporaryLinkStubsQt.cpp: Copied from WebCore/platform/qt/TemporaryLinkStubs.cpp.

2010-05-06  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] REGRESSION: Loading of external CSS and JS files over network fails in some cases
        https://bugs.webkit.org/show_bug.cgi?id=36755

        Enable the direct connection between QtNetwork and QtWebKit only for Qt versions
        greater than 4.6.2, due to a bug in Qt that's been fixed after 4.6.2.

        * platform/network/qt/QNetworkReplyHandler.cpp:

2010-05-06  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>

        Reviewed by Xan Lopez.

        Rework where we get page step and line step from, so we do not
        depend on scrollbars existing. Caught by API test I forgot to run.

        * platform/gtk/ScrollViewGtk.cpp:
        (WebCore::ScrollView::setGtkAdjustments):

2010-05-06  Gustavo Noronha Silva  <gustavo.noronha@collabora.co.uk>

        Reviewed by Xan Lopez.

        [GTK] Adjustment resetting uses wrong values, and misses page_size and steps
        https://bugs.webkit.org/show_bug.cgi?id=38657

        Fix resetting adjustment values. In the page cache case, we were
        confusing page_size and upper, leading to stray scrollbars
        sometimes.

        * platform/gtk/ScrollViewGtk.cpp:
        (WebCore::ScrollView::setGtkAdjustments):

2010-05-06  Darin Adler  <darin@apple.com>

        Reviewed by Beth Dakin.

        Page::setCanStartMedia does not properly handle the case where a media listener is removed
        https://bugs.webkit.org/show_bug.cgi?id=38602

        We can't find any real case where this causes a crash at this time, but
        we want to harden the code anyway. Thus there are no new regression tests.

        * page/Page.cpp:
        (WebCore::Page::removeMediaCanStartListener): Removed incorrect assertion.
        (WebCore::Page::setCanStartMedia): Change algorithm so we notify listeners
        one at a time and don't notify any listener that has already been removed
        from the set.

2010-05-05  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Darin Adler.

        shift+click on an existing selection doesn't work right
        https://bugs.webkit.org/show_bug.cgi?id=36542

        NSTextView behavior is to move the end of the selection
        closest to the shift-click. Win/Linux behavior is to always
        move the focus end of the selection.

        Test: editing/selection/shift-click.html

        * page/EventHandler.cpp:
        (WebCore::textDistance):
        (WebCore::EventHandler::handleMousePressEventSingleClick):

2010-05-06  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: implement panels history traversal on Cmd+Left/Right.

        https://bugs.webkit.org/show_bug.cgi?id=38649

        * inspector/front-end/inspector.js:
        (WebInspector.set currentPanel):
        (WebInspector.loaded):
        (WebInspector.documentKeyDown):
        (WebInspector.PanelHistory):
        (WebInspector.PanelHistory.prototype.canGoBack):
        (WebInspector.PanelHistory.prototype.goBack):
        (WebInspector.PanelHistory.prototype.canGoForward):
        (WebInspector.PanelHistory.prototype.goForward):
        (WebInspector.PanelHistory.prototype.setPanel):

2010-05-03  Evan Martin  <evan@chromium.org>

        Reviewed by Eric Seidel.

        [chromium] use glyphDataForCharacter so we hit the glyphdata cache
        https://bugs.webkit.org/show_bug.cgi?id=38500

        Calling fontDataForCharacters() while rendering text is expensive.
        Examining the relevant Mac code in WebKit revealed that calling the
        similarly-named glyphDataForCharacters() results in caching the font
        data on a per-glyph basis.

        Since we now choose a font based on the first character in a run, we
        need to be careful that all the glyphs within the run use the same font.
        This is also similar to the WebKit Mac code.  We need to remove all of
        the script run bits eventually and this is a step in that direction.

        Tests: fast/text/international/danda-space.html spacing changes slightly
        (now matches Firefox better) and fast/text/international/thai-baht-space.html
        now picks the correct (serif) font for the digits.

        * platform/graphics/chromium/FontLinux.cpp:
        (WebCore::TextRunWalker::nextScriptRun):
        (WebCore::TextRunWalker::setupFontForScriptRun):

2010-05-06  Martin Robinson  <mrobinson@webkit.org>

        Reviewed by Gustavo Noronha Silva.

        [GTK] Enable DOM clipboard and drag-and-drop access
        https://bugs.webkit.org/show_bug.cgi?id=30623

        Convert dragging portion of drag-and-drop to use DataObjectGtk.

        No new tests, because functionality has not changed.

        * page/gtk/EventHandlerGtk.cpp:
        (WebCore::EventHandler::createDraggingClipboard): Pass the DataObjectGtk as a parameter here.
        * platform/gtk/ClipboardGtk.h:
        (WebCore::ClipboardGtk::create): Take the DataObject as a parameter instead of creating it here.
        (WebCore::ClipboardGtk::helper): Added.
        (WebCore::ClipboardGtk::dataObject): Added.
        * platform/gtk/PasteboardHelper.h: Make targetListForDataObject a public method.

2010-05-06  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Do not show content tab for resources
        not supporting content preview.

        https://bugs.webkit.org/show_bug.cgi?id=38635

        * English.lproj/localizedStrings.js:
        * inspector/front-end/FontView.js:
        (WebInspector.FontView.prototype.hasContentTab):
        * inspector/front-end/ImageView.js:
        (WebInspector.ImageView.prototype.hasContentTab):
        * inspector/front-end/ResourceView.js:
        (WebInspector.ResourceView):
        (WebInspector.ResourceView.prototype._selectTab):
        (WebInspector.ResourceView.prototype.hasContentTab):
        * inspector/front-end/SourceView.js:
        (WebInspector.SourceView.prototype.hasContentTab):

2010-05-06  Antonio Gomes  <tonikitoo@webkit.org>

        Reviewed by Kenneth Christiansen.

        Spatial Navigation: adapt the logic of {deep}findFocusableNodeInDirection to do traversal starting from Node* not Document*
        https://bugs.webkit.org/show_bug.cgi?id=37803

        Instead of receiving a Document pointer as incoming parameter, patch modifies
        findFocusableNodeInDirection and deepFindFocusableNodeInDirection methods to
        receive a Node pointer as start for content traversal.
        This way we can make good use of deepFindFocusableNodeInDirection to traverse
        other scrollable container like scrollable div's, and not only frames or iframes.

        Patch also makes use of 'while' instead of 'for' to loop control, that gives move
        flexibility to the incremental step: e.g. if a scrollable div was processed, the incremental
        step in the loop does not have to do node->traverseNextNode() but node->traverseNextSibling().

        No behavior change. It is a preparation for supporting scrollable containers in Spatial
        Navigation.

        * page/FocusController.cpp:
        (WebCore::FocusController::advanceFocusDirectionally):
        (WebCore::FocusController::findFocusableNodeInDirection):
        (WebCore::FocusController::deepFindFocusableNodeInDirection):
        * page/FocusController.h:

2010-05-06  Csaba Osztrogonác  <ossy@webkit.org>

        Unreviewed WinCE buildfix after r58842.
        Preprocessor doesn't understand "true", changed to "1"

        * platform/graphics/MediaPlayer.cpp:

2010-05-06  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Temporarily disable 'console.profiles' until we can distinguish
        functions from different frames

        https://bugs.webkit.org/show_bug.cgi?id=38638

        * bindings/v8/custom/V8ConsoleCustom.cpp:
        (WebCore::V8Console::profilesAccessorGetter):

2010-05-06  Steve Block  <steveblock@google.com>

        Reviewed by Eric Seidel.

        MAC_JAVA_BRIDGE should be renamed JAVA_BRIDGE
        https://bugs.webkit.org/show_bug.cgi?id=38544

        No new tests, build fix only.

        * DerivedSources.make:
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::ScriptController):
        * bindings/js/ScriptController.h:
        * bindings/js/ScriptControllerMac.mm:
        (WebCore::ScriptController::createScriptInstanceForWidget):
        * bridge/jni/JNIBridge.cpp:
        * bridge/jni/JNIBridge.h:
        * bridge/jni/JNIUtility.cpp:
        * bridge/jni/JNIUtility.h:
        * bridge/jni/jni_jsobject.h:
        * bridge/jni/jni_jsobject.mm:
        * bridge/jni/jni_objc.mm:
        * bridge/jni/jsc/JNIBridgeJSC.cpp:
        * bridge/jni/jsc/JNIBridgeJSC.h:
        * bridge/jni/jsc/JNIUtilityPrivate.cpp:
        * bridge/jni/jsc/JNIUtilityPrivate.h:
        * bridge/jni/jsc/JavaClassJSC.cpp:
        * bridge/jni/jsc/JavaClassJSC.h:
        * bridge/jni/jsc/JavaInstanceJSC.cpp:
        * bridge/jni/jsc/JavaInstanceJSC.h:
        * loader/FrameLoaderClient.h:

2010-05-05  Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Xan Lopez.

        Fixed the gobject introspection compilation with the new DOM
        bindings, we needed to add DOM objects.

        * GNUmakefile.am:

2010-05-06  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        drop support for sessionStorage in sandbox iframes
        https://bugs.webkit.org/show_bug.cgi?id=38151

        This patch causes us to throw a security exception when a sandboxed
        iframe attempts to access sessionStorage, matching our behavior for
        localStorage.  The letter of the spec asks us to create a separate
        storage area for each unique origin.  We might want to do that in a
        future patch, but throwing a security error seems like a safe move now.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::sessionStorage):
        (WebCore::DOMWindow::localStorage):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:
        * page/SecurityOrigin.h:
        (WebCore::SecurityOrigin::canAccessSessionStorage):
        * storage/StorageEventDispatcher.cpp:
        (WebCore::StorageEventDispatcher::dispatch):

2010-05-06  Andy Estes  <aestes@apple.com>

        Reviewed by Maciej Stachowiak.

        Allow forms submitting to target="_blank" to open popups if the submission
        originated from a user gesture.

        https://bugs.webkit.org/show_bug.cgi?id=37335
        <rdar://problem/7884980>

        Test: fast/events/popup-allowed-from-gesture-initiated-form-submit.html

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::processingUserGesture): If no DOM event is
        being processed, consult UserGestureIndicator to determine return value.
        * bindings/js/ScriptController.h: Moved the logic of processingUserGestureEvent()
        into processingUserGesture().

2010-05-06  Xan Lopez  <xlopez@igalia.com>

        Rubber-stamped by Eric Seidel.

        [GTK] Refactor GenerateProperties in CodeGenerationGObject.pm
        https://bugs.webkit.org/show_bug.cgi?id=38577

        Thinko caught while refactoring, $custom variable was not
        initialized.

        * bindings/scripts/CodeGeneratorGObject.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):
        (webkit_dom_test_obj_class_init):

2010-05-06  Xan Lopez  <xlopez@igalia.com>

        Rubber-stamped by Eric Seidel.

        [GTK] Refactor GenerateProperties in CodeGenerationGObject.pm
        https://bugs.webkit.org/show_bug.cgi?id=38577

        Refactor GenerateProperty out of GenerateProperties. This is in
        preparation for EventListeren attributes, which won't generate
        normal GObject properties.

        * bindings/scripts/CodeGeneratorGObject.pm:

2010-05-06  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Joseph Pecoraro.

        Web Inspector: follow up to linkify event listeners.

        https://bugs.webkit.org/show_bug.cgi?id=38257

        * bindings/js/ScriptEventListener.cpp:
        (WebCore::eventListenerHandlerLocation):
        * bindings/v8/ScriptEventListener.cpp:
        (WebCore::eventListenerHandlerLocation):
        * inspector/front-end/ElementsPanel.js:
        (WebInspector.ElementsPanel.prototype.linkifyNodeReference):
        * inspector/front-end/EventListenersSidebarPane.js:

2010-05-05  Charles Wei  <charles.wei@torchmobile.com.cn>

        Reviewed by George Staikos

        https://bugs.webkit.org/show_bug.cgi?id=37848
        This patch adds WCSS -wap-input-format and -wap-input-required support to WebKit

        Tests: fast/wcss/wap-input-format.xhtml
               fast/wcss/wap-input-required.xhtml

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseWCSSInputProperty):
        * css/CSSParser.h:
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applyProperty):
        * css/WCSSPropertyNames.in:
        * dom/InputElement.cpp:
        (WebCore::InputElement::sanitizeValue):
        (WebCore::InputElement::handleBeforeTextInsertedEvent):
        (WebCore::InputElementData::InputElementData):
        (WebCore::formatCodes):
        (WebCore::cursorPositionToMaskIndex):
        (WebCore::InputElement::isConformToInputMask):
        (WebCore::InputElement::validateInputMask):
        * dom/InputElement.h:
        (WebCore::InputElementData::inputFormatMask):
        (WebCore::InputElementData::setInputFormatMask):
        (WebCore::InputElementData::maxInputCharsAllowed):
        (WebCore::InputElementData::setMaxInputCharsAllowed):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setWapInputFormat):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::data):
        * wml/WMLInputElement.h:
        (WebCore::WMLInputElement::data):

2010-05-05  MORITA Hajime  <morrita@google.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=38150
        Refactoring: webkitEditableContentChangedEvent should be handled by the owner of appropriate the renderer.

        Moved a part of code chunk in HTMLFormControlElementWithState::defaultEventHandler()
        which accesses the renderer from foreign node, 
        to TextControlInnerTextElement::defaultEventHandler() which owns the renderer.
        
        No new tests. No behavioral change.

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElementWithState::defaultEventHandler):
        * html/HTMLFormControlElement.h:
        * html/HTMLInputElement.h:
        * html/HTMLTextAreaElement.h:
        * rendering/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerTextElement::defaultEventHandler):

2010-05-05  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Line Numbers should be Aligned with the Source Code Line
        https://bugs.webkit.org/show_bug.cgi?id=38593

        If there is a message bubble, such as an error message, in a source view
        the line number should be in line with the source code line, not centered
        between the source and bubble.

        * inspector/front-end/textViewer.css:
        (.webkit-line-number): added vertical-align: top

2010-05-05  Dan Bernstein  <mitz@apple.com>

        Fix the decelerated compositing build.

        * page/FrameView.cpp:
        (WebCore::FrameView::isEnclosedInCompositingLayer):
        * page/FrameView.h:

2010-05-05  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Darin Adler.

        Bug 38604 - workers-gc2 crashing on Qt

        This appears to be due to a couple of issues.
        (1) When the atomic string table is deleted it does not clear the 'inTable' bit
        on AtomicStrings - it implicitly assumes that all AtomicStrings have already
        been deleted at this point (otherwise they will crash in their destructor when
        they try to remove themselves from the atomic string table).
        (2) We don't fix the ordering in which WTF::WTFThreadData and
        WebCore::ThreadGlobalData are destructed.

        We should make sure that ThreadGlobalData is cleaned up before worker threads
        terminate and WTF::WTFThreadData is destroyed, and we should clear the inTable
        bit of members on atomic string table destruction.

        WTF changes (fix issue 2, above) - clean up the thread data on worker termination.

        * platform/ThreadGlobalData.cpp:
        (WebCore::ThreadGlobalData::~ThreadGlobalData):
        (WebCore::ThreadGlobalData::destroy):
        * platform/ThreadGlobalData.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::workerThread):

2010-05-05  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/7932072> Iframes in composited layers don’t repaint correctly (affects Yahoo! Mail with Flash Player 10.1)
        https://bugs.webkit.org/show_bug.cgi?id=38427

        Test: compositing/iframes/iframe-in-composited-layer.html

        * WebCore.base.exp: Export FrameView::isEnclosedInCompositingLayer().
        * page/FrameView.cpp:
        (WebCore::FrameView::isEnclosedInCompositingLayer): Added this predicate.
        * page/FrameView.h:

2010-05-05  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Simon Fraser.

        Got composited iframes showing up on Mac again
        https://bugs.webkit.org/show_bug.cgi?id=38565

        This was broken by http://trac.webkit.org/changeset/58798. That
        change connected iframes through the parent document to the root
        of the layer tree. That is correct for Windows, but not for Mac.
        So the places where the linkage is made were wrapped in 
        shouldPropagateCompositingToIFrameParent() calls, which is 
        always false for Mac.

        Test: compositing/iframes/composited-iframe-alignment.html

        * rendering/RenderLayerCompositor.cpp:Avoid doing composited iframe linkage on Mac
        (WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
        (WebCore::RenderLayerCompositor::didMoveOnscreen):
        (WebCore::RenderLayerCompositor::willMoveOffscreen):
        (WebCore::RenderLayerCompositor::ensureRootPlatformLayer):

2010-05-05  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=38260
        <rdar://problem/7917548> Fix whitespace removing in deprecatedParseURL().

        Broken all the way since r4 (yes, that's a revision number).

        Test: http/tests/security/xss-DENIED-javascript-with-spaces.html

        * css/CSSHelper.cpp: (WebCore::deprecatedParseURL): Fixed loop conditions for remaining length.

2010-05-05  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        Many AXUnknown showing up in the hierarchy
        https://bugs.webkit.org/show_bug.cgi?id=38607

        The RenderTableSection should not be an accessible element.

        Test: platform/mac/accessibility/parent-of-table-row-is-table.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):

2010-05-05  Csaba Osztrogonác  <ossy@webkit.org>

        Reviewed by Simon Hausmann.

        [Qt]Disable Qt Multimedia backend for HTML 5 Audio and Video elements
        Fall back to the Phonon backend until the release situation has been cleared up.

        https://bugs.webkit.org/show_bug.cgi?id=38612

        Buildfix for QT_VERSION >= 0x040700 after r58810.

        * platform/graphics/MediaPlayer.cpp:

2010-05-05  Jian Li  <jianli@chromium.org>

        Reviewed by David Levin.

        XMLHttpRequestUpload events do not fire when sending a raw file or FormData object.
        https://bugs.webkit.org/show_bug.cgi?id=37771

        Test: http/tests/local/formdata/upload-events.html

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2010-05-05  Csaba Osztrogonác  <ossy@webkit.org>

        Reviewed by Simon Hausmann.

        [Qt] Qt port should use its own QUuid class to create UUID string.
        https://bugs.webkit.org/show_bug.cgi?id=38581

        * platform/UUID.cpp:
        (WebCore::createCanonicalUUIDString): Added PLATFORM(QT) case.

2010-05-05  Alexey Proskuryakov  <ap@apple.com>

        Roll out r58830 for breaking tests.

        Was: https://bugs.webkit.org/show_bug.cgi?id=38546
        Node.focus() fails to move focus from subframe properly

        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::setFocus):

2010-05-05  Jian Li  <jianli@chromium.org>

        Reviewed by Adam Barth.

        Implement FileReader class.
        https://bugs.webkit.org/show_bug.cgi?id=38157

        This patch only contains the implementation of FileReader class as defined
        in the File API spec: http://www.w3.org/TR/file-upload/#dfn-filereader.

        New test will be added when a IDL is exposed and the FILE_READER is turned
        on.

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventNames.h:
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::toFileReader):
        * dom/EventTarget.h:
        * html/FileError.h:
        (WebCore::FileError::FileError):
        * html/FileReader.cpp: Added.
        * html/FileReader.h: Added.
        * html/FileStream.cpp:
        (WebCore::FileStream::FileStream):
        (WebCore::FileStream::openForRead):
        (WebCore::FileStream::close):
        (WebCore::FileStream::read):
        * html/FileStream.h:

2010-05-05  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Maciej Stachowiak.

        REGRESSION(r57969) Image decoder is repeatedly destroyed/created in CoreGraphics-based Windows WebKit
        https://bugs.webkit.org/show_bug.cgi?id=38595

        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):

2010-05-05  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adele Peterson.

        https://bugs.webkit.org/show_bug.cgi?id=38546
        Node.focus() fails to move focus from subframe properly

        Test: fast/frames/take-focus-from-iframe.html

        * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::setFocus): Don't clear
        focus if this frame doesn't have it. This can happen if page's and HTMLFrameElement's ideas
        of focused frame get out of sync temporarily.

2010-05-05  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adele Peterson.

        https://bugs.webkit.org/show_bug.cgi?id=26824
        <rdar://problem/7018610> EventHandler can operate on a wrong frame if focus changes during
        keyboard event dispatch.

        EventHandler object is tied to a frame, so it's wrong for it to continue processing a keyboard
        event if focused frame changes between keydown and keypress.

        * manual-tests/focus-change-between-key-events.html: Added.

        * page/EventHandler.cpp: (WebCore::EventHandler::keyEvent): Bail out early if focused frame
        changes while dispatching keydown. Also made similar changes for Windows to maintain matching
        behavior, even though EventHandler was re-entered anyway due to WM_KEYDOWN and WM_CHAR being
        separate events.

2010-05-05  Steve Block  <steveblock@google.com>

        Reviewed by Adam Barth.

        MediaError.h is missing PassRefPtr.h include
        https://bugs.webkit.org/show_bug.cgi?id=38575

        No new tests, build fix only.

        * html/MediaError.h:

2010-05-05  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Audits panel: Resource counters get reset when switching panels while reloading page
        https://bugs.webkit.org/show_bug.cgi?id=38579

        * inspector/front-end/AuditLauncherView.js:
        (WebInspector.AuditLauncherView.prototype.updateResourceTrackingState):
        (WebInspector.AuditLauncherView.prototype._updateResourceProgress):

2010-05-05  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Joseph Pecoraro.

        Web Inspector: Doubleclick on line number should not trigger source editing.

        https://bugs.webkit.org/show_bug.cgi?id=38588

        * inspector/front-end/TextViewer.js:
        (WebInspector.TextViewer.prototype._handleDoubleClick):

2010-05-05  Martin Robinson  <mrobinson@webkit.org>

        Reviewed by Gustavo Noronha.

        [GTK] Enable DOM clipboard and drag-and-drop access
        https://bugs.webkit.org/show_bug.cgi?id=30623

        Add support in the PasteboardHelper for images, in preparation for drag-and-drop data.

        No new tests as functionality has not changed.

        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::PasteboardHelper::fillSelectionData): Add support for images here.
        (WebCore::PasteboardHelper::targetListForDataObject): Add support for images here.

2010-05-05  Stuart Morgan  <stuartmorgan@chromium.org>

        Reviewed by Darin Fisher.

        Add a "focused" parameter to Widget::setFocus, and updates Document
        so that Widget is informed of focus loss as well as focus gain.
        Changes all existing setFocus implementations so that they ignore
        the 'false' case, so no behavior is changed until individual
        platforms are updated to handle the new case (if they want to).

        https://bugs.webkit.org/show_bug.cgi?id=37961

        * dom/Document.cpp:
        (WebCore::Document::setFocusedNode):
        * platform/Widget.h:
        * platform/android/WidgetAndroid.cpp:
        (WebCore::Widget::setFocus):
        * platform/chromium/WidgetChromium.cpp:
        (WebCore::Widget::setFocus):
        * platform/efl/WidgetEfl.cpp:
        (WebCore::Widget::setFocus):
        * platform/gtk/WidgetGtk.cpp:
        (WebCore::Widget::setFocus):
        * platform/haiku/WidgetHaiku.cpp:
        (WebCore::Widget::setFocus):
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::setFocus):
        * platform/qt/WidgetQt.cpp:
        (WebCore::Widget::setFocus):
        * platform/win/WidgetWin.cpp:
        (WebCore::Widget::setFocus):
        * platform/wx/WidgetWx.cpp:
        (WebCore::Widget::setFocus):
        * plugins/PluginView.h:
        * plugins/PluginViewNone.cpp:
        (WebCore::PluginView::setFocus):
        * plugins/gtk/PluginViewGtk.cpp:
        (WebCore::PluginView::setFocus):
        * plugins/mac/PluginViewMac.cpp:
        (WebCore::PluginView::setFocus):
        * plugins/qt/PluginViewQt.cpp:
        (WebCore::PluginView::setFocus):
        * plugins/symbian/PluginViewSymbian.cpp:
        (WebCore::PluginView::setFocus):
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginView::setFocus):

2010-05-05  Steve Block  <steveblock@google.com>

        Reviewed by Pavel Feldman.

        Move V8 ScriptDebugServer::topStackFrame() to ScriptCallStack
        https://bugs.webkit.org/show_bug.cgi?id=38531

        ScriptCallStack::create() uses ScriptDebugServer::topStackFrame(), but ScriptDebugServer
        is guarded with ENABLE(JAVASCRIPT_DEBUGGER). This prevents ScriptCallStack from being
        built on platforms that do not define ENABLE(JAVASCRIPT_DEBUGGER).

        No new tests, build fix only.

        * bindings/v8/ScriptCallStack.cpp:
        (WebCore::ScriptCallStack::callLocation):
        (WebCore::ScriptCallStack::createUtilityContext): Helper for topStackFrame, moved from ScriptDebugServer
        (WebCore::ScriptCallStack::topStackFrame): Moved from ScriptDebugServer
        * bindings/v8/ScriptCallStack.h:
        (WebCore::ScriptCallStack::utilityContext): Helper for topStackFrame, moved from ScriptDebugServer
        * bindings/v8/ScriptDebugServer.cpp:
        * bindings/v8/ScriptDebugServer.h:

2010-05-05  Csaba Osztrogonác  <ossy@webkit.org>

        Rubber-stamped by Simon Hausmann.

        [Qt] REGRESSION(r56869): WinCE build is broken
        https://bugs.webkit.org/show_bug.cgi?id=36929

        * WebCore.pro: LIBS += -lOle32 added.

2010-05-05  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Tor Arne Vestbø.

        [Qt] Disable Qt Multimedia backend for HTML 5 Audio and Video elements

        Fall back to the Phonon backend until the release situation has been cleared up.

        * WebCore.pro:

2010-05-05  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Pavel Feldman.

        WebInspector: Clickable links to resources should be used as 'details' part for the all suitable kinds of records.
        https://bugs.webkit.org/show_bug.cgi?id=38542

        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline):
        (WebInspector.TimelineRecordListRow):
        (WebInspector.TimelineRecordListRow.prototype.update):
        (WebInspector.TimelinePanel.FormattedRecord):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._generatePopupContent):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._getRecordDetails):
        (WebInspector.TimelinePanel.PopupContentHelper):
        (WebInspector.TimelinePanel.PopupContentHelper.prototype._createCell):
        (WebInspector.TimelinePanel.PopupContentHelper.prototype._appendTextRow):
        (WebInspector.TimelinePanel.PopupContentHelper.prototype._appendElementRow):
        (WebInspector.TimelinePanel.PopupContentHelper.prototype._appendLinkRow):

2010-05-05  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed. Add missing files generated by "run-bindings-test", after the DOMTestCallback.idl addition.

        * bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp: Added.
        (WebKit::kit):
        (webkit_dom_test_callback_callback_with_class1param):
        (webkit_dom_test_callback_callback_with_class2param):
        (webkit_dom_test_callback_callback_with_non_bool_return_type):
        (WebKit::wrapTestCallback):
        (WebKit::core):
        (webkit_dom_test_callback_finalize):
        (webkit_dom_test_callback_set_property):
        (webkit_dom_test_callback_get_property):
        (webkit_dom_test_callback_class_init):
        (webkit_dom_test_callback_init):
        * bindings/scripts/test/GObject/WebKitDOMTestCallback.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestCallbackPrivate.h: Added.
        * bindings/scripts/test/ObjC/DOMTestCallback.h: Added.
        * bindings/scripts/test/ObjC/DOMTestCallback.mm: Added.
        (-[DOMTestCallback dealloc]):
        (-[DOMTestCallback finalize]):
        (-[DOMTestCallback callbackWithClass1Param:]):
        (-[DOMTestCallback callbackWithClass2Param:strArg:]):
        (-[DOMTestCallback callbackWithNonBoolReturnType:]):
        (-[DOMTestCallback customCallback:class6Param:]):
        (core):
        (kit):
        * bindings/scripts/test/ObjC/DOMTestCallbackInternal.h: Added.

2010-05-05  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Pavel Feldman.

        Web Inspector: FontView needs Cleanup
        https://bugs.webkit.org/show_bug.cgi?id=38567

        FontView was missing some of the newer practices for initialization
        that other Resource Views had. Also its width calculations could
        result in a single character wrapping. This is general cleanup.

        * inspector/front-end/FontView.js:
        (WebInspector.FontView): move initialization into contentTabSelected
        (WebInspector.FontView.prototype.contentTabSelected): handle initialization like other Resource Views
        (WebInspector.FontView.prototype.updateFontPreviewSize): use a narrower width to prevent text from widowing

2010-05-05  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        SVG hit testing is *way* too slow
        https://bugs.webkit.org/show_bug.cgi?id=19312

        Use the cached stroke and fill boundaries in RenderPath as a heuristik to
        speed up SVG's hit testing.

        No new tests added.

        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::fillContains):
        (WebCore::RenderPath::strokeContains):

2010-05-04  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Adam Barth.

        Auto-generate all Database callbacks.
        https://bugs.webkit.org/show_bug.cgi?id=38503

        * DerivedSources.cpp:
        * DerivedSources.make:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pri:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSCustomSQLStatementCallback.cpp: Removed.
        * bindings/js/JSCustomSQLStatementCallback.h: Removed.
        * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
        (WebCore::JSSQLStatementErrorCallback::handleEvent):
        * bindings/js/JSCustomSQLStatementErrorCallback.h: Removed.
        * bindings/js/JSCustomSQLTransactionCallback.cpp: Removed.
        * bindings/js/JSCustomSQLTransactionCallback.h: Removed.
        * bindings/js/JSCustomSQLTransactionErrorCallback.cpp: Removed.
        * bindings/js/JSCustomSQLTransactionErrorCallback.h: Removed.
        * bindings/js/JSDatabaseCallback.cpp: Removed.
        * bindings/js/JSDatabaseCallback.h: Removed.
        * bindings/js/JSDatabaseCustom.cpp:
        (WebCore::JSDatabase::changeVersion):
        (WebCore::createTransaction):
        * bindings/js/JSSQLTransactionCustom.cpp:
        (WebCore::JSSQLTransaction::executeSql):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/test/JS/JSTestCallback.cpp:
        * bindings/v8/custom/V8CustomSQLStatementCallback.cpp: Removed.
        * bindings/v8/custom/V8CustomSQLStatementCallback.h: Removed.
        * bindings/v8/custom/V8CustomSQLStatementErrorCallback.cpp:
        (WebCore::V8SQLStatementErrorCallback::handleEvent):
        * bindings/v8/custom/V8CustomSQLStatementErrorCallback.h: Removed.
        * bindings/v8/custom/V8CustomSQLTransactionCallback.cpp: Removed.
        * bindings/v8/custom/V8CustomSQLTransactionCallback.h: Removed.
        * bindings/v8/custom/V8CustomSQLTransactionErrorCallback.cpp: Removed.
        * bindings/v8/custom/V8CustomSQLTransactionErrorCallback.h: Removed.
        * bindings/v8/custom/V8DatabaseCallback.cpp: Removed.
        * bindings/v8/custom/V8DatabaseCallback.h: Removed.
        * bindings/v8/custom/V8DatabaseCustom.cpp:
        (WebCore::V8Database::changeVersionCallback):
        (WebCore::createTransaction):
        * bindings/v8/custom/V8SQLTransactionCustom.cpp:
        (WebCore::V8SQLTransaction::executeSqlCallback):
        * storage/DatabaseCallback.h:
        * storage/DatabaseCallback.idl: Added.
        * storage/SQLStatement.cpp:
        (WebCore::SQLStatement::performCallback):
        * storage/SQLStatementCallback.h:
        * storage/SQLStatementCallback.idl: Added.
        * storage/SQLStatementErrorCallback.idl: Added.
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::deliverTransactionCallback):
        * storage/SQLTransactionCallback.h:
        * storage/SQLTransactionCallback.idl: Added.
        * storage/SQLTransactionErrorCallback.h:
        * storage/SQLTransactionErrorCallback.idl: Added.

2010-05-04  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Simon Fraser.

        Made composited iframes work on Windows
        https://bugs.webkit.org/show_bug.cgi?id=32446
        
        This completes the work in http://trac.webkit.org/changeset/57919
        to create compositing layers in the parent document when an iframe has 
        a compositing layer. The parent document has a layer for the iframe 
        element and builds a layer tree to the page root. The layer tree for the
        iframe document is then parented to the iframe element's GraphicsLayer.
        
        The RenderLayerCompositor for the iframe document (which owns the
        root of the layer tree) now has a clippingLayer which is the 
        parent of the layer tree root so it can be clipped to the parent
        iframe's bounds, taking into account borders, padding, etc. in
        the parent iframe element.
        
        I also got rid of a no longer used function: RenderLayerCompositor::parentInRootLayer

        Test: compositing/iframes/composited-parent-iframe.html

        * rendering/RenderLayerBacking.cpp:Make calls to RenderLayerCompositor to set the clipping bounds for iframe content
        * rendering/RenderLayerCompositor.cpp:Hook the iframe content to the parent iframe element
        * rendering/RenderLayerCompositor.h:

2010-05-03  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=38497
        <rdar://problem/7759438> Make sure that http URLs always have a host in SecurityOrigin

        This is a hardening fix, and behavior really depends on what an underlying networking layer
        does. So, no test.

        * page/SecurityOrigin.cpp:
        (WebCore::schemeRequiresAuthority): List schemes that need an authority for successful loading.
        (WebCore::SecurityOrigin::SecurityOrigin): Never let e.g. http origins with empty authorities
        have the same security origin.

2010-05-04  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        getFramebufferAttachmentParameter should return the original WebGLTexture/WebGLRenderbuffer instead of creating new ones sharing names.
        https://bugs.webkit.org/show_bug.cgi?id=38236

        * html/canvas/CanvasObject.h: Add type check functions.
        (WebCore::CanvasObject::isBuffer):
        (WebCore::CanvasObject::isFramebuffer):
        (WebCore::CanvasObject::isProgram):
        (WebCore::CanvasObject::isRenderbuffer):
        (WebCore::CanvasObject::isShader):
        (WebCore::CanvasObject::isTexture):
        * html/canvas/WebGLBuffer.h: Add type check functions.
        (WebCore::WebGLBuffer::isBuffer):
        * html/canvas/WebGLFramebuffer.h: Add type check functions.
        (WebCore::WebGLFramebuffer::isFramebuffer):
        * html/canvas/WebGLProgram.h: Add type check functions.
        (WebCore::WebGLProgram::isProgram):
        * html/canvas/WebGLRenderbuffer.cpp: remove constructor using existing name.
        * html/canvas/WebGLRenderbuffer.h: Add type check functions; remove constructor using existing name.
        (WebCore::WebGLRenderbuffer::isRenderbuffer):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getFramebufferAttachmentParameter): Return original Texture/Renderbuffer instead of creating new ones.
        (WebCore::WebGLRenderingContext::findTexture): Find a WebGLTexture using a name.
        (WebCore::WebGLRenderingContext::findRenderbuffer): Find a WebGLRenderbuffer using a name.
        * html/canvas/WebGLRenderingContext.h: Add find* functions.
        * html/canvas/WebGLShader.h: Add type check functions.
        (WebCore::WebGLShader::isShader):
        * html/canvas/WebGLTexture.cpp: remove constructor using existing name.
        * html/canvas/WebGLTexture.h: Add type check functions; remove constructor using existing name.
        (WebCore::WebGLTexture::isTexture):

2010-05-04  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Simon Hausmann.

        [Qt] QT_MOBILE_THEME compile time flag
        https://bugs.webkit.org/show_bug.cgi?id=38439

        Replacing preprocessor conditional used in RenderThemeQt from Q_WS_MAEMO_5 to
        USE(QT_MOBILE_THEME).

        * WebCore.pro:
        * platform/qt/RenderThemeQt.cpp:
        (WebCore::RenderThemeQt::RenderThemeQt):
        (WebCore::RenderThemeQt::qStyle):
        (WebCore::RenderThemeQt::extraDefaultStyleSheet):
        (WebCore::RenderThemeQt::adjustMenuListButtonStyle):
        (WebCore::RenderThemeQt::setPaletteFromPageClientIfExists):
        * platform/qt/RenderThemeQt.h:

2010-05-04  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Dan Bernstein.

        SVG fonts trigger GlyphPage::fill with null font
        https://bugs.webkit.org/show_bug.cgi?id=38530

        SVG fonts do not use the glyph page cache. This change detects when
        attempting to fill a GlyphPage with an SVG font and indicates that
        the glyphs were not available.

        * platform/graphics/GlyphPageTreeNode.cpp:
        (WebCore::fill): helper method which handles attempts to fill a GlyphPage with SVG or non-SVG fonts
        (WebCore::GlyphPageTreeNode::initializePage): use the helper where appropriate

2010-05-04  Kent Tamura  <tkent@chromium.org>

        Reviewed by David Levin (and unofficially by Enrica Casucci).

        REGRESSION(r54368): Text drag-and-drop from input/textarea doesn't work
        if the text is like a URL
        https://bugs.webkit.org/show_bug.cgi?id=38374

        Since r54368, documentFragmentFromDragData() creates an <a> element
        with no anchor text for URL-like text dragged from input/textarea
        element. If such text is dropped to input/textarea element, the text
        is not inserted.
        To fix this problem, use the original text or the URL as an anchor
        text.

        Test: editing/pasteboard/drag-drop-url-text.html

        * page/DragController.cpp:
        (WebCore::documentFragmentFromDragData):

2010-05-04  Steve Block  <steveblock@google.com>

        Reviewed by Darin Adler.

        JavaInstanceJSC.cpp and JNIUtilityPrivate.cpp need to include jni_jsobject.h for jlong_to_pt() and ptr_to_jlong()
        https://bugs.webkit.org/show_bug.cgi?id=38525

        No new tests, build fix only.

        * bridge/jni/jni_jsobject.h: Guard Mac-specific code with PLATFORM(MAC)
        * bridge/jni/jsc/JNIUtilityPrivate.cpp: Include jni_jsobject.h
        * bridge/jni/jsc/JavaInstanceJSC.cpp: Include jni_jsobject.h

2010-05-04  Steve Block  <steveblock@google.com>

        Reviewed by Darin Adler.

        New FileSystemPOSIX functions cause linker errors on Android
        https://bugs.webkit.org/show_bug.cgi?id=38521

        No new tests, build fix only.

        * platform/android/FileSystemAndroid.cpp: Remove closeFile, which is provided in FileSystemPOSIX.cpp
        * platform/posix/FileSystemPOSIX.cpp: Guard writeToFile with !PLATFORM(ANDROID)

2010-05-04  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: restore main and sidebar scroller positions
        when switching between panels.

        https://bugs.webkit.org/show_bug.cgi?id=38522

        * inspector/front-end/ElementsPanel.js:
        (WebInspector.ElementsPanel.prototype.elementsToRestoreScrollPositionsFor):
        * inspector/front-end/Panel.js:
        (WebInspector.Panel.prototype.show):
        (WebInspector.Panel.prototype.hide):
        (WebInspector.Panel.prototype.elementsToRestoreScrollPositionsFor):
        (WebInspector.Panel.prototype._storeScrollPositions):
        (WebInspector.Panel.prototype._restoreScrollPositions):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.elementsToRestoreScrollPositionsFor):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.elementsToRestoreScrollPositionsFor):

2010-05-04  Steven Lai  <steven_lai@asia.apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=37900
        <rdar://problem/7806164> cloneNode() does not preserve z-index with more than six digits 

        Tests: fast/dom/HTMLInputElement/clone-input-checked.html
               fast/dom/clone-node-z-index.html

        * dom/Element.cpp: undid the order change of calling copyNonAttributeProperties() before setAttributes()
        (WebCore::Element::cloneElementWithoutChildren): uncheck the previous radio button in the same radio button group only when the checked radio box is appended to the dom tree
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateCheckedRadioButtons):
        (WebCore::HTMLInputElement::attach):
        (WebCore::HTMLInputElement::setChecked):
        * html/HTMLInputElement.h:

2010-04-29  John Gregg  <johnnyg@google.com>

        Reviewed by Dmitry Titov.

        notifications should have dir and replaceId attributes.
        Note that tests are only enabled in Chromium, skipped elsewhere
        since notifications aren't implemented.
        https://bugs.webkit.org/show_bug.cgi?id=38336

        Tests: fast/notifications/notifications-replace.html
               fast/notifications/notifications-rtl.html

        * notifications/Notification.h:
        (WebCore::Notification::dir):
        (WebCore::Notification::setDir):
        (WebCore::Notification::replaceId):
        (WebCore::Notification::setReplaceId):
        * notifications/Notification.idl:

2010-05-04  Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Xan Lopez.

        Fixed error defining the float/double minimum in the object
        properties, the smallest value of a float/double is
        -G_MAXDOUBLE/-G_MAXFLOAT.

        * bindings/scripts/CodeGeneratorGObject.pm:

2010-05-03  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Dan Bernstein.

        REGRESSION: Text clipped in absolutely positioned search inputs
        https://bugs.webkit.org/show_bug.cgi?id=38468

        Previously I incorrectly added x() and y() to the tx and ty positioning.
        This clips a search input like a text input, respecting the vertically
        centered text.

        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::layout): only the Y changes, so change setLocation to setY
        (WebCore::RenderTextControlSingleLine::controlClipRect):

2010-05-04  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: REGRESSION: Up/Down, PgUp/PgDown keys do not change numeric style properties
        https://bugs.webkit.org/show_bug.cgi?id=38516

        * inspector/front-end/StylesSidebarPane.js:
        (WebInspector.StylePropertyTreeElement.prototype):

2010-05-04  Ben Murdoch  <benm@google.com>

        Reviewed by Simon Hausmann.

        Crash in handleTouchEvent: using dangling node ptrs in hashmap
        https://bugs.webkit.org/show_bug.cgi?id=38514

        When navigating away from a page, if you have your finger still
        pressed and then lift it on the new page we see a crash if the
        node got deleted as we still have a dangling pointer in the
        m_originatingTouchPointTargets hashmap and try to use it as the
        receiver to dispatch a touchend event.

        Test: fast/events/touch/touch-stale-node-crash.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::clear): Clear the hashmap of touch targets.

2010-05-04  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Drawer Misbehaving when Docking / Undocking in Console Panel
        https://bugs.webkit.org/show_bug.cgi?id=38510

        * inspector/front-end/inspector.js:
        (WebInspector.set attached): resize the drawer after docking/undocking

2010-05-04  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Unreviewed, build fix for Symbian.

        [Symbian] Build fix after r58598. 

        Use C99 integer types for the Symbian plugin
        implementation.

        No new tests, as there is no new functionality.

        * plugins/symbian/PluginPackageSymbian.cpp:
        (WebCore::PluginPackage::NPVersion):
        * plugins/symbian/PluginViewSymbian.cpp:
        (WebCore::PluginView::handlePostReadFile):

2010-05-04  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        Split SVGCharacterLayoutInfo in smaller pieces
        https://bugs.webkit.org/show_bug.cgi?id=38513

        Split SVGCharacterLayoutInfo into SVGCharacterLayoutInfo/SVGCharacterData and SVGTextChunkLayoutInfo.
        This is a preparation for more work in the text area.

        * Android.mk: Add SVGCharacterData.(cpp|h) and SVGTextChunkLayoutInfo.h to build.
        * GNUmakefile.am: Ditto.
        * WebCore.gypi: Ditto.
        * WebCore.pro: Ditto
        * WebCore.vcproj/WebCore.vcproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * rendering/SVGCharacterData.cpp: Copied from rendering/SVGCharacterLayoutInfo.cpp.
        * rendering/SVGCharacterData.h: Copied from rendering/SVGCharacterLayoutInfo.h.
        (WebCore::SVGChar::SVGChar):
        * rendering/SVGCharacterLayoutInfo.cpp:
        (WebCore::SVGCharacterLayoutInfo::isInitialLayout): Introduced new helper function to share code between addLayoutInformation/addStackContent.
        (WebCore::SVGCharacterLayoutInfo::addLayoutInformation): Use new helper function.
        (WebCore::SVGCharacterLayoutInfo::addStackContent): Ditto
        * rendering/SVGCharacterLayoutInfo.h:
        * rendering/SVGRootInlineBox.h: Include new files.
        * rendering/SVGTextChunkLayoutInfo.h: Copied from rendering/SVGCharacterLayoutInfo.h.

2010-05-04  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Holger Freyther.

        [GTK] GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=33590

        Use helper functions from CodeGenerator.pm to figure out whether a
        type is "fundamental" or not (basically whether it's anything
        other than a string or a non-pointer type).

        * bindings/scripts/CodeGeneratorGObject.pm:

2010-04-30  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: REGRESSION: Disabled style properties are absent in Styles sidebar after WebInspector is re-opened
        https://bugs.webkit.org/show_bug.cgi?id=38255

        Moved stylesheet-related mappings into a separate object stored
        in InspectorController rather than InspectorDOMAgent (which gets reset
        on every frontend [dis]connect).

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/InspectorCSSStore.cpp: Added.
        (WebCore::InspectorCSSStore::InspectorCSSStore):
        (WebCore::InspectorCSSStore::~InspectorCSSStore):
        (WebCore::InspectorCSSStore::reset):
        * inspector/InspectorCSSStore.h: Added.
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        (WebCore::InspectorController::setFrontend):
        (WebCore::InspectorController::didCommitLoad):
        * inspector/InspectorController.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::InspectorDOMAgent):
        (WebCore::InspectorDOMAgent::discardBindings):
        (WebCore::InspectorDOMAgent::applyStyleText):
        (WebCore::InspectorDOMAgent::setStyleText):
        (WebCore::InspectorDOMAgent::setStyleProperty):
        (WebCore::InspectorDOMAgent::toggleStyleEnabled):
        (WebCore::InspectorDOMAgent::setRuleSelector):
        (WebCore::InspectorDOMAgent::addRule):
        (WebCore::InspectorDOMAgent::bindStyle):
        (WebCore::InspectorDOMAgent::bindRule):
        (WebCore::InspectorDOMAgent::buildObjectForStyle):
        (WebCore::InspectorDOMAgent::buildObjectForRule):
        * inspector/InspectorDOMAgent.h:
        (WebCore::InspectorDOMAgent::create):
        (WebCore::InspectorDOMAgent::cssStore):

2010-05-04  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Display "Recording..." item when recording an user-initiated CPU profile.

        https://bugs.webkit.org/show_bug.cgi?id=38043

        * English.lproj/localizedStrings.js:
        * inspector/front-end/ProfilesPanel.js:
        (WebInspector.ProfilesPanel.prototype.addProfileHeader):
        (WebInspector.ProfilesPanel.prototype.removeProfileHeader):
        (WebInspector.ProfilesPanel.prototype.showProfile):
        * inspector/front-end/inspector.js:
        (WebInspector.setRecordingProfile):

2010-05-04  Tucker Jay  <jay.tucker@nokia.com>

        Reviewed by Holger Freyther.

        Animated GIF images does not animate 10x as expected by default.
        https://bugs.webkit.org/show_bug.cgi?id=36818

        Added test case to existing manual test to test the
        fixed functionality.

        * manual-tests/qt/qt-10loop-anim.gif: Added.
        * manual-tests/qt/qt-gif-test.html:
        * platform/graphics/qt/ImageDecoderQt.cpp:
        (WebCore::ImageDecoderQt::repetitionCount):

2010-05-04  Dirk Schulze  <krit@webkit.org>

        Unreviewed sort of XCodes project file.

        * WebCore.xcodeproj/project.pbxproj:

2010-05-03  Steven Lai  <steven_lai@asia.apple.com>

        Reviewed by Brady Eidson.

        Reverted hashchange() event back to async.
        (This change does not update HashChangeEvent to its new proposed interface)
        https://bugs.webkit.org/show_bug.cgi?id=36201
        rdar://problem/7780794
        rdar://problem/7761278 (partial fix)

        Tests: fast/loader/hashchange-event-async.html

        * dom/Document.cpp: reverted hashchange() event back to async
        (WebCore::Document::enqueueHashchangeEvent):

2010-05-03  Holger Hans Peter Freyther  <zecke@selfish.org>

        Rubber-stamped by Xan Lopez.

        [Cairo,WX] Stop leaking a FontPlatformData.
        https://bugs.webkit.org/show_bug.cgi?id=37500

        Stephan Aßmus pointed out that the pango font backend
        is leaking memory and fixed it. The WX font backend
        and the Cairo/Fontconfig backend have the same snippet
        of code and are leaking memory as well. This commit is
        fixing that.

        * platform/graphics/cairo/SimpleFontDataCairo.cpp:
        (WebCore::SimpleFontData::smallCapsFontData):
        * platform/graphics/wx/SimpleFontDataWx.cpp:
        (WebCore::SimpleFontData::smallCapsFontData):

2010-05-03  James Robinson  <jamesr@chromium.org>

        Reviewed by Eric Seidel.

        Clean up a few compiler warnings
        https://bugs.webkit.org/show_bug.cgi?id=38073

        * html/TextMetrics.h:
        (WebCore::TextMetrics::width):
        * rendering/style/StyleRareInheritedData.h:
        * rendering/style/StyleRareNonInheritedData.h:

2010-05-02  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Adam Barth.

        Add the ability to auto-generate callbacks to all code generators.
        https://bugs.webkit.org/show_bug.cgi?id=38414

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/JS/JSTestCallback.cpp: Added.
        (WebCore::JSTestCallback::JSTestCallback):
        (WebCore::JSTestCallback::~JSTestCallback):
        (WebCore::JSTestCallback::callbackWithClass1Param):
        (WebCore::JSTestCallback::callbackWithClass2Param):
        * bindings/scripts/test/JS/JSTestCallback.h: Added.
        (WebCore::JSTestCallback::create):
        * bindings/scripts/test/V8/JSTestCallback.cpp: Added.
        (WebCore::V8TestCallback::V8TestCallback):
        (WebCore::V8TestCallback::~V8TestCallback):
        (WebCore::V8TestCallback::callbackWithClass1Param):
        (WebCore::V8TestCallback::callbackWithClass2Param):
        * bindings/scripts/test/V8/V8TestCallback.h: Added.
        (WebCore::V8TestCallback::create):
        * bindings/scripts/test/TestCallback.idl: Added.

2010-05-03  Kevin Watters  <kevinwatters@gmail.com>

        Reviewed by Kevin Ollivier.

        [wx] Build and use Mac's ComplexTextController to support complex text in wx.
        https://bugs.webkit.org/show_bug.cgi?id=38482

        * platform/graphics/FloatSize.h:
        * platform/graphics/GlyphBuffer.h:
        (WebCore::GlyphBuffer::advanceAt):
        (WebCore::GlyphBuffer::add):
        * platform/graphics/SimpleFontData.h:
        (WebCore::SimpleFontData::getNSFont):
        * platform/graphics/mac/ComplexTextController.cpp:
        * platform/graphics/mac/ComplexTextController.h:
        * platform/graphics/wx/FontCacheWx.cpp:
        (WebCore::FontCache::getFontDataForCharacters):
        (WebCore::FontCache::getLastResortFallbackFont):
        * platform/graphics/wx/FontPlatformData.h:
        (toCTFontRef):
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::allowsLigatures):
        * platform/graphics/wx/FontPlatformDataWx.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::cgFont):
        * platform/graphics/wx/FontPlatformDataWxMac.mm: Added.
        (WebCore::FontPlatformData::nsFont):
        (WebCore::FontPlatformData::cacheNSFont):
        * platform/graphics/wx/FontWx.cpp:
        (WebCore::Font::canReturnFallbackFontsForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        (WebCore::Font::drawComplexText):
        (WebCore::Font::floatWidthForComplexText):
        (WebCore::Font::offsetForPositionForComplexText):
        * platform/graphics/wx/SimpleFontDataWx.cpp:
        (WebCore::SimpleFontData::platformInit):
        (WebCore::SimpleFontData::containsCharacters):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/wx/wxcode/fontprops.h:
        * platform/wx/wxcode/mac/carbon/fontprops.mm:
        (wxFontContainsCharacters):
        (GetTextExtent):
        * platform/wx/wxcode/mac/carbon/non-kerned-drawing.cpp:
        (WebCore::drawTextWithSpacing):
        * platform/wx/wxcode/win/fontprops.cpp:
        (wxFontContainsCharacters):
        * wscript:

2010-05-03  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        Add support for controlling clipboard access from javascript.
        Clipboard access from javascript is disabled by default.
        https://bugs.webkit.org/show_bug.cgi?id=27751

        Test: editing/execCommand/clipboard-access.html

        * WebCore.base.exp:
        * editing/EditorCommand.cpp:
        (WebCore::supportedCopyCut):
        (WebCore::supportedPaste):
        (WebCore::createCommandMap):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setJavaScriptCanAccessClipboard):
        * page/Settings.h:
        (WebCore::Settings::javaScriptCanAccessClipboard):

2010-05-03  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=38285
        <rdar://problem/7903453> REGRESSION: Javascript command window.open does not work in empty tab

        Cannot be tested, because new windows created in DRT always have an opener, and thus inherit
        its security origin. Only new windows and tabs created by browser chrome had this problem.

        * loader/FrameLoader.cpp: (WebCore::FrameLoader::init): Moved updateSandboxFlags() call to
        the beginning, so that an initial document would get correct flags.

2010-05-03  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Darin Adler.

        WebGL compile issue.
        Added ExceptionCode.h to JSWebGLArrayBufferConstructor.cpp, for some reason it was missing.
        https://bugs.webkit.org/show_bug.cgi?id=38453

        No new tests: compile fix.

        * bindings/js/JSWebGLArrayBufferConstructor.cpp:

2010-05-03  Eric Seidel  <eric@webkit.org>

        Unreviewed, rolling out r58685.
        http://trac.webkit.org/changeset/58685
        https://bugs.webkit.org/show_bug.cgi?id=38461

        Broke a test on Gtk

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::updateStates):

2010-05-03  Yael Aharon  <yael.aharon@nokia.com>

        Reviewed by Darin Adler.

        Use HTML5 number parsing in HTMLProgressElement
        https://bugs.webkit.org/show_bug.cgi?id=38434

        Use parseToDoubleForNumberType instead of toDouble.
        Throw an exception when the number is NaN or Infinity.

        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::value):
        (WebCore::HTMLProgressElement::setValue):
        (WebCore::HTMLProgressElement::max):
        (WebCore::HTMLProgressElement::setMax):
        * html/HTMLProgressElement.h:
        * html/HTMLProgressElement.idl:

2010-05-03  Jens Alfke  <snej@chromium.org>

        Reviewed by Darin Fisher.

        [chromium] Add "willSendSubmitEvent" hook to WebFrameClient and FrameLoaderClient
        https://bugs.webkit.org/show_bug.cgi?id=38397

        No tests (functionality is exposed only through native WebKit API.)

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::prepareSubmit):  Call frame loader's dispatchWillSendSubmitEvent
        * loader/EmptyClients.h:
        * loader/FrameLoaderClient.h:
        (WebCore::FrameLoaderClient::dispatchWillSendSubmitEvent):  New empty method

2010-05-03  Philippe Normand  <pnormand@igalia.com>

        Reviewed by Eric Carlson.

        [GStreamer] forgotten call to durationChanged in updateStates()
        https://bugs.webkit.org/show_bug.cgi?id=38461

        Notify MediaPlayer if duration is known after playback started.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::updateStates):

2010-05-03  Ryuan Choi  <ryuan.choi@gmail.com>

        Reviewed by Darin Adler.

        fixing build break due to clearWatch() when Geolocation feature is
        disabled.

        https://bugs.webkit.org/show_bug.cgi?id=38091

        no test because this is a build fix only

        * page/Geolocation.cpp:
        (WebCore::Geolocation::clearWatch):

2010-05-03  Stephan Aßmus  <superstippi@gmx.de>

        Reviewed by Holger Freyther.

        [Gtk] Fix leaking the FontPlatformData instance used to create the the
        small caps font data.
        https://bugs.webkit.org/show_bug.cgi?id=37500

        No new tests needed.

        * platform/graphics/gtk/SimpleFontDataPango.cpp:
        (WebCore::SimpleFontData::smallCapsFontData):
            - Use a stack allocated FontPlatformData instead of a heap allocated
              one that is never freed.

2010-05-03  Jarkko Sakkinen  <jarkko.j.sakkinen@gmail.com>

        Reviewed by Simon Hausmann.

        [Qt] GraphicsLayer: support webGL
        https://bugs.webkit.org/show_bug.cgi?id=35388

        Added support GraphicsContext3D to GraphicsLayer.
        Added paint method to GraphicsContext3D for Qt platform that
        uses drawTexture() when QGLWidget is used as viewport of
        QGraphicsWebView.
        Fine-tuned texture and handling and image to texture conversion to
        work also when drawTexture() blitting is used.

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/qt/GraphicsContext3DQt.cpp:
        (WebCore::GraphicsContext3DInternal::GraphicsContext3DInternal):
        (WebCore::GraphicsContext3D::beginPaint):
        (WebCore::GraphicsContext3D::paint):
        (WebCore::GraphicsContext3D::texImage2D):
        (WebCore::GraphicsContext3D::texSubImage2D):
        (WebCore::GraphicsContext3D::getImageData):
        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::GraphicsLayerQtImpl::):
        (WebCore::GraphicsLayerQtImpl::GraphicsLayerQtImpl):
        (WebCore::GraphicsLayerQtImpl::paint):
        (WebCore::GraphicsLayerQtImpl::flushChanges):
        (WebCore::GraphicsLayerQt::setContentsToGraphicsContext3D):
        (WebCore::GraphicsLayerQt::setGraphicsContext3DNeedsDisplay):
        * platform/graphics/qt/GraphicsLayerQt.h:

2010-05-03  Janne Koskinen  <janne.p.koskinen@digia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix qtlibraryinfix not to contain space

        List catenation with += adds whitespace cutting the infix
        from the final target.

        * WebCore.pro:

2010-05-03  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix rendering of <button> elements on Mac OS X

        The <button> element has ButtonPart appearance, not PushButton part,
        so we have to include ButtonPart when we decide if we should draw the
        button as raised on Mac OS X.

        https://bugs.webkit.org/show_bug.cgi?id=38458

        * platform/qt/RenderThemeQt.cpp:
        (WebCore::RenderThemeQt::initializeCommonQStyleOptions):

2010-04-30  Philippe Normand  <pnormand@igalia.com>

        Reviewed by Eric Seidel.

        [GStreamer] endless loop after playback ended
        https://bugs.webkit.org/show_bug.cgi?id=38384

        At playback end ensure duration() will return a valid duration if
        we managed to calculate it based on current position.

        Test: media/video-duration-known-after-eos.html

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::didEnd):

2010-05-03  Tor Arne Vestbø  <tor.arne.vestbo@nokia.com>

        [Qt] Fix build break on Mac OS X

        * plugins/mac/PluginPackageMac.cpp: Use correct type
        * WebCore.pro: Remove duplicate symbol, we now have a Qt implementation

2010-05-03  Thomas Zander <t.zander@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix library infix usage when compiling inside of Qt

        Don't apply the infix when building inside Qt, as that's done through the
        inclusion of qbase.pri.

        * WebCore.pro:

2010-05-02  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        Another case of <rdar://problem/7552959> REGRESSION: Infinite recursion in Position::getInlineBoxAndOffset()
        https://bugs.webkit.org/show_bug.cgi?id=38445

        Test: editing/selection/mixed-editability-11.html

        * dom/Position.cpp:
        (WebCore::downstreamIgnoringEditingBoundaries): Added. Returns the furthest visually equivalent
        position downstream, crossing any editability boundaries.
        (WebCore::upstreamIgnoringEditingBoundaries): Similarly for upstream.
        (WebCore::Position::getInlineBoxAndOffset): Changed the logic for finding an inline box for positions
        whose node is a block flow. Instead of traversing the DOM, advance downstream or upstream as far as
        possible, crossing any editability boudaries. Infinite recursion is avoided by advancing all the way
        and checking that the new position is different from the starting position. Also replaced the specific
        test for buttons with the generic and more comprehensive canHaveChildrenForEditing().

2010-05-02  Tasuku Suzuki  <tasuku.suzuki@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix compilation with QT_NO_BEARERMANAGEMENT
        https://bugs.webkit.org/show_bug.cgi?id=38324

        * platform/network/NetworkStateNotifier.h:
        * platform/network/qt/NetworkStateNotifierQt.cpp:

2010-04-29  Janne Koskinen  <janne.p.koskinen@digia.com>

        Reviewed by Simon Hausmann.

        [Qt] QtWebKit versioning added
        https://bugs.webkit.org/show_bug.cgi?id=37207

        QtWebkit releases separated from Qt release cycle.

        * WebCore.pro:

2010-05-02  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Old Style trimWhitespace() should be trim()
        https://bugs.webkit.org/show_bug.cgi?id=38441

        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame.prototype._evalSelectionInCallFrame):

2010-05-02  Tasuku Suzuki  <tasuku.suzuki@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix compilation with QT_NO_LINEEDIT
        https://bugs.webkit.org/show_bug.cgi?id=38324

        * platform/qt/RenderThemeQt.cpp:
        (WebCore::RenderThemeQt::~RenderThemeQt):
        (WebCore::RenderThemeQt::findFrameLineWidth):

2010-05-02  Pavel Feldman  <pfeldman@chromium.org>

        Not reviewed: Touch inspector controller to kick windows tests.

        * inspector/InspectorController.cpp:

2010-05-02  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: IMG nodes are being added to the DOM tree late, sometimes hiding the revealed element.

        https://bugs.webkit.org/show_bug.cgi?id=38432

        * inspector/front-end/ElementsTreeOutline.js:
        (WebInspector.ElementsTreeOutline.prototype._onmousemove):
        (WebInspector.ElementsTreeElement.prototype._createTooltipForNode.setTooltip):
        (WebInspector.ElementsTreeElement.prototype._createTooltipForNode):
        (WebInspector.ElementsTreeElement.prototype.updateTitle):
        (WebInspector.ElementsTreeElement.prototype._attributeHTML):
        ():

2010-05-02  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        SVG hkern implementation incomplete
        https://bugs.webkit.org/show_bug.cgi?id=38407

        Test: svg/text/text-hkern.svg

        The current SVG hkern implementation is incomplete and partly wrong. We pass the ACID3 test
        by accident.
        The new implementation supports all glyph and unicode combinations that are allowed by the Spec
        and fixes various of bugs. The parser moved from SVGFontElement to the general parsing code in
        SVGParserUtilities.
        Some clean-up makes the code more readable and reuseable for the upcoming vkern implementation.
        hkern support for text on path is missing and will be added by a following patch.
        Unicode strings of hkern elements are just parsed once and not on every glyph again anymore.

        * rendering/SVGRootInlineBox.cpp:
        (WebCore::calculateCSSKerning):
        (WebCore::applySVGKerning):
        (WebCore::SVGRootInlineBox::buildLayoutInformationForTextBox):
        * svg/SVGFontElement.cpp:
        (WebCore::stringMatchesUnicodeRange):
        (WebCore::stringMatchesGlyphName):
        (WebCore::matches):
        (WebCore::SVGFontElement::getHorizontalKerningPairForStringsAndGlyphs):
        * svg/SVGFontElement.h:
        * svg/SVGHKernElement.cpp:
        (WebCore::SVGHKernElement::buildHorizontalKerningPair):
        * svg/SVGHKernElement.h:
        * svg/SVGParserUtilities.cpp:
        (WebCore::parseGlyphName):
        (WebCore::parseUnicodeRange):
        (WebCore::parseKerningUnicodeString):
        * svg/SVGParserUtilities.h:

2010-05-02  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: debugger shortcuts are processed twice if source frame has focus.

        https://bugs.webkit.org/show_bug.cgi?id=38431

        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame):
        (WebInspector.SourceFrame.prototype._createViewerIfNeeded):

2010-05-02  Jarkko Sakkinen  <jarkko.j.sakkinen@gmail.com>

        Reviewed by Eric Seidel.

        [Qt] Build error in GraphicsContext3DQt.cpp
        https://bugs.webkit.org/show_bug.cgi?id=38382

        Removed duplicate implementation of isGLES2Compliant from
        GraphicsContext3DQt.cpp. Removed deprecated API stuff for
        texImage2D/texSubImage2D.
        * platform/graphics/qt/GraphicsContext3DQt.cpp:

2010-05-02  Garret Kelly  <gdk@chromium.org>

        Reviewed by David Levin.

        Make the Touch RuntimeEnabledFeature disabled by default.
        https://bugs.webkit.org/show_bug.cgi?id=38392

        * bindings/generic/RuntimeEnabledFeatures.cpp: Disable the Touch feature by default.

2010-05-02  Michael Nordman  <michaeln@google.com>

        Reviewed by Dmitry Titov.

        Define two new ResourceRequestBase TargetTypes for worker and shared worker
        main resources. Use the new target types where appropiate. Add logic to marshal
        the target type specified by requests initiated on a background worker thread.

        https://bugs.webkit.org/show_bug.cgi?id=38295

        No new tests. This doesn't have script visible artifacts.

        * platform/network/ResourceRequestBase.cpp: marshal the values
        (WebCore::ResourceRequestBase::adopt):
        (WebCore::ResourceRequestBase::copyData):
        * platform/network/ResourceRequestBase.h:  define the types
        (WebCore::ResourceRequestBase::):
        * workers/DefaultSharedWorkerRepository.cpp: use TargetIsSharedWorker
        (WebCore::SharedWorkerScriptLoader::load):
        * workers/Worker.cpp: use TargetIsWorker
        (WebCore::Worker::Worker):
        * workers/WorkerContext.cpp: use TargetIsScript for importScripts
        (WebCore::WorkerContext::importScripts):
        * workers/WorkerScriptLoader.cpp: add a data member for the target type
        (WebCore::WorkerScriptLoader::WorkerScriptLoader):
        (WebCore::WorkerScriptLoader::createResourceRequest):
        * workers/WorkerScriptLoader.h:

2010-05-02  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Adele Peterson.

        Webkit doesn't compile with 3D-canvas enabled and video disabled
        https://bugs.webkit.org/show_bug.cgi?id=38297

        Added a #ifdef ENABLE(VIDEO) to WebGL code

        No new tests: compile fix.

        * bindings/js/JSWebGLRenderingContextCustom.cpp:
        (WebCore::JSWebGLRenderingContext::texImage2D):
        (WebCore::JSWebGLRenderingContext::texSubImage2D):

2010-05-01  Evan Stade  <estade@chromium.org>

        Reviewed by David Levin.

        [chromium] Skia needs to fade DragImages
        https://bugs.webkit.org/show_bug.cgi?id=38008

        tested by DragImageTest

        * platform/chromium/DragImageChromiumSkia.cpp:
        (WebCore::dissolveDragImageToFraction):implement
        (WebCore::createDragImageFromImage):deep copy instead of shallow

2010-05-01  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Sam Weinig.

        REGRESSION (r58273): Visited links do not change color immediately when Cmd-clicked
        https://bugs.webkit.org/show_bug.cgi?id=38422
        <rdar://problem/7921778>

        Tests:
            manual-tests/visited-link-new-window.html

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::initElement): Only cache the visited link state
        when invoked as part of a helper call to styleForElement or pseudoStyleForElement,
        to avoid caching the visited link state beyond the scope of a single style lookup.
        (WebCore::CSSStyleSelector::styleForElement): Adjust for above change.
        (WebCore::CSSStyleSelector::pseudoStyleForElement): Adjust for above change.
        * css/CSSStyleSelector.h:
        (WebCore::CSSStyleSelector::styleForElement): Change so "visited link helper mode"
        can't accidentally be called from outside CSSStyleSelector itself.
        (WebCore::CSSStyleSelector::pseudoStyleForElement): ditto
        * manual-tests/visited-link-new-window.html: Added. I could not figure out any way
        to make an automated test that supports visited link coloring.

2010-05-01  Yael Aharon  <yael.aharon@nokia.com>

        Reviewed by Darin Adler.

        Move number parsing code out of HTMLInputElement.
        https://bugs.webkit.org/show_bug.cgi?id=38203

        The numebr parsing code follows HTML5 parsing rules and should be available outside of HTMLInputElement.
        No new tests as no new functionality was introduced.

        * html/HTMLInputElement.cpp:
        * html/HTMLInputElement.h:
        * html/HTMLParser.cpp:
        (WebCore::serializeForNumberType):
        (WebCore::parseToDoubleForNumberType):
        * html/HTMLParser.h:
        * html/StepRange.cpp:
        (WebCore::StepRange::clampValue):
        (WebCore::StepRange::valueFromElement):
        * html/ValidityState.cpp:
        (WebCore::ValidityState::typeMismatch):
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::setValueForPosition):

2010-05-01  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Oliver Hunt.

        [GTK] GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=33590

        Unify more logic to skip functions into SkipFunction, and
        whitelist the two [Custom] methods in HTMLCollection.idl.

        * bindings/scripts/CodeGeneratorGObject.pm:

2010-05-01  Robert Hogan  <robert@webkit.org>

        Reviewed by Simon Hausmann.

        [Qt] Add smart paste support

        https://bugs.webkit.org/show_bug.cgi?id=38136

        * WebCore.pro:
        * editing/qt/SmartReplaceQt.cpp: Added.
        (WebCore::isCharacterSmartReplaceExempt):
        * platform/qt/PasteboardQt.cpp:
        (WebCore::Pasteboard::writeSelection):
        (WebCore::Pasteboard::canSmartReplace):

2010-04-30  Yoshiki Hayashi  <yhayashi@google.com>

        Reviewed by Shinichiro Hamaji.

        https://bugs.webkit.org/show_bug.cgi?id=38249
        
        Fixes an issue where border height and padding height are ignored when computing vertically shrinking flexbox's height.

        Test: fast/flexbox/child-flexing.html

        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::allowedChildFlex):

2010-04-30  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler.

        Add layoutTestController.setPrinting()
        https://bugs.webkit.org/show_bug.cgi?id=37203

        Use the renderer's width insteead of screen's width as the width of
        a screen depends on machines.

        * rendering/RenderTreeAsText.cpp:
        (WebCore::externalRepresentation):

2010-04-30  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Missing INSPECTOR Guard in Console::lastWMLErrorMessage
        https://bugs.webkit.org/show_bug.cgi?id=38366

        Console::lastWMLErrorMessage is only available if WML is enabled, however
        its implementation only makes sense as long as INSPECTOR is enabled
        as well. So this adds the ENABLE(INSPECTOR) guard in the function. A
        browser without ENABLE(INSPECTOR) will always get an empty result.

        * page/Console.cpp:

2010-04-28  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Oliver Hunt.

        REGRESSION(r58313): Regression evident in pixel tests: the search icon is always clipped at the bottom.
        https://bugs.webkit.org/show_bug.cgi?id=38253

        Test: fast/css/input-search-padding.html

        An <input type="search"> contains an inner block, which is explicitly
        centered in RenderTextControlSingleLine based on the height of the element.
        However, the clipping rect was not using the set location, and instead
        calculated off of the top border and padding alone. This also vertically
        centers the Caps Lock indicator.

        * rendering/RenderTextControl.cpp: moved controlClipRect implementation to RenderTextControlSingleLine
        * rendering/RenderTextControl.h: allow a subclass implementation of controlClipRect, removed redundant hasControlClip implementation, and moved controlClipRect
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::paint): vertically center the Caps Lock indicator
        (WebCore::RenderTextControlSingleLine::controlClipRect): use the set location of the anonymous inner block instead
        * rendering/RenderTextControlSingleLine.h: allow for an implementation of controlClipRect for <input type="search">

2010-04-30  Jon Honeycutt  <jhoneycutt@apple.com>

        Caret may fail to blink if a focus handler brings up a modal dialog 
        https://bugs.webkit.org/show_bug.cgi?id=38372

        Reviewed by Darin Adler.

        * manual-tests/onfocus-alert-blinking-caret.html: Added.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMousePressEvent):
        Moved the call to setCaretBlinkingSuspended() from here...
        (WebCore::EventHandler::handleMousePressEvent):
        ... to here. This makes us suspend caret blinking before dispatching the
        mouse down event. If dispatching the mouse down event allows the message
        loop to run, we want mouse up events received in that message loop to be
        able to resume caret blinking.
        (WebCore::EventHandler::lostMouseCapture):
        We've lost mouse capture and won't be notified of mouse up events;
        resume caret blinking.

        * page/EventHandler.h:
        Declare lostMouseCapture().

2010-04-30  Dimitri Glazkov  <dglazkov@chromium.org>

        Unreviewed, build fix.

        [Chromium] Added a simple IdentifierRep struct and removed dependency on
        IdentifierRep.h.

        * bindings/v8/V8NPObject.cpp: Added simple IdentifierRep struct.

2010-04-30  Dimitri Glazkov  <dglazkov@chromium.org>

        Unreviewed, build fix.

        [Chromium] Remove bridge/ from include paths.

        * WebCore.gyp/WebCore.gyp: Removed bridge/ from include path.

2010-04-30  Abhishek Arya  <inferno@chromium.org>

        Reviewed by David Kilzer.

        Convert m_documentUnderMouse, m_dragInitiator to RefPtr.
        Eliminated unused m_dragInitiator accessor to prevent dereferencing.
        https://bugs.webkit.org/show_bug.cgi?id=37618

        Test: editing/pasteboard/drag-drop-iframe-refresh-crash.html

        * page/DragController.cpp:
        (WebCore::DragController::tryDocumentDrag):
        (WebCore::DragController::concludeEditDrag):
        * page/DragController.h:
        (WebCore::DragController::draggingImageURL):
        (WebCore::DragController::documentUnderMouse):

2010-04-29  James Robinson  <jamesr@chromium.org>

        Reviewed by Simon Fraser.

        Calls FrameView::scrollPositionChanged whenever a ScrollView is scrolled
        https://bugs.webkit.org/show_bug.cgi?id=38286

        When a ScrollView's  scroll position is changed, we have to call
        FrameView::scrollPositionChanged to generate repaint invalidation for
        fixed position elements.  This ends up getting called indirectly when
        the ScrollView has a platformWidget through the port layer
        (see WebHTMLView.mm's _frameOrBoundsChanged method for how the mac
        port does it) but not when there is no platformWidget.

        This is tested by the fast/repaint/fixed-* tests when run in pixel
        mode.

        Test: fast/repaint/fixed-move-after-keyboard-scroll.html

        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::valueChanged):
        * platform/ScrollView.h:
        (WebCore::ScrollView::scrollPositionChanged):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Darin Adler.

        Use C99 integer types in more places.

        * manual-tests/NPN_Invoke/main.c:
        (NPP_New):
        (NPP_NewStream):
        (NPP_WriteReady):
        (NPP_Write):
        (NPP_HandleEvent):
        (functionPointerForTVector):
        * plugins/mac/PluginViewMac.cpp:
        (WebCore::PluginView::platformGetValueStatic):
        (WebCore::PluginView::handlePostReadFile):

2010-04-30  Darin Adler  <darin@apple.com>

        Reviewed by Oliver Hunt.

        Remove unused scrollRectIntoViewRecursively function
        https://bugs.webkit.org/show_bug.cgi?id=38403

        * page/Chrome.cpp:
        (WebCore::Chrome::scrollRectIntoView): Moved comment here that was previously
        in the scrollRectIntoViewRecursively function.

        * platform/ScrollView.cpp: Get rid scrollRectIntoViewRecursively.
        * platform/ScrollView.h: Ditto. Fix comment that refers to the two functions.
        Also correct all uses of the term "method" to use the C++ term "function" and
        got rid of double spaces after periods.

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Another Qt build fix.

        * plugins/qt/PluginViewQt.cpp:
        (WebCore::PluginView::platformGetValueStatic):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Add back TRUE, FALSE and NULL macros. They were not meant to be removed!

        * bridge/npapi.h:

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Try to fix the Qt build this time.

        * plugins/qt/PluginPackageQt.cpp:
        (WebCore::staticPluginQuirkRequiresGtkToolKit_NPN_GetValue):
        (WebCore::PluginPackage::NPVersion):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Yet another build fix.

        * plugins/gtk/PluginPackageGtk.cpp:
        (WebCore::PluginPackage::NPVersion):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * bridge/npapi.h:

2010-04-30  Jian Li  <jianli@chromium.org>

        Reviewed by Darin Fisher.

        [chromium] Add WebFileSystem interface and hook up with all FileSystem methods.
        https://bugs.webkit.org/show_bug.cgi?id=38228

        * platform/chromium/ChromiumBridge.h:
        * platform/chromium/FileSystemChromium.cpp:
        (WebCore::openFile):
        (WebCore::closeFile):
        (WebCore::seekFile):
        (WebCore::truncateFile):
        (WebCore::readFromFile):
        (WebCore::writeToFile):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Dan Bernstein.

        Final part of 
        
        https://bugs.webkit.org/show_bug.cgi?id=20784
        move npapi.h to C99 integer types

        * bridge/npapi.h:
        Remove the old types.

2010-04-30  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r58569.
        http://trac.webkit.org/changeset/58569
        https://bugs.webkit.org/show_bug.cgi?id=38399

        This broke the GTK bots due to bad GC behavior (Requested by
        ericu on #webkit).

        * bindings/js/JSWorkerContextCustom.cpp:
        * bindings/v8/custom/V8WorkerContextCustom.cpp:
        * storage/Database.idl:
        * storage/SQLError.idl:
        * storage/SQLResultSet.idl:
        * storage/SQLResultSetRowList.idl:
        * storage/SQLTransaction.idl:
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::openDatabase):
        * workers/WorkerContext.h:
        (WebCore::WorkerContext::databaseExceededQuota):
        * workers/WorkerContext.idl:

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Fix GTK+ build.

        * plugins/gtk/PluginViewGtk.cpp:
        (WebCore::PluginView::handlePostReadFile):
        (WebCore::PluginView::platformGetValueStatic):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Fix Qt build.

        * plugins/qt/PluginViewQt.cpp:
        (WebCore::PluginView::handlePostReadFile):
        (WebCore::PluginView::platformGetValue):

2010-04-30  Anders Carlsson  <andersca@apple.com>

        Reviewed by Timothy Hatcher.

        Next step towards fixing
        
        https://bugs.webkit.org/show_bug.cgi?id=20784
        move npapi.h to C99 integer types

        Use the C99 types everywhere. The "old" types are still around but will be removed
        in a subsequent commit.

        * bridge/npapi.h:
        (_NPCocoaEvent::):
        * plugins/PluginPackage.h:
        * plugins/PluginStream.cpp:
        (WebCore::PluginStream::deliverData):
        * plugins/PluginStream.h:
        * plugins/PluginView.cpp:
        (WebCore::PluginView::postURLNotify):
        (WebCore::PluginView::postURL):
        (WebCore::PluginView::write):
        (WebCore::PluginView::handlePost):
        * plugins/PluginView.h:
        * plugins/PluginViewNone.cpp:
        (WebCore::PluginView::handlePostReadFile):
        * plugins/npapi.cpp:
        (NPN_MemAlloc):
        (NPN_MemFlush):
        (NPN_PostURLNotify):
        (NPN_PostURL):
        (NPN_Write):
        * plugins/npfunctions.h:
        * plugins/win/PluginPackageWin.cpp:
        (WebCore::PluginPackage::NPVersion):
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginView::handlePostReadFile):

2010-04-30  Peter Kasting  <pkasting@google.com>

        Reviewed by David Levin.

        Make all image decoders set the "failed" bit if an image could not be
        completely decoded, but no more data is coming.  The ICO and BMP
        decoders already did this.
        https://bugs.webkit.org/show_bug.cgi?id=35411

        "Failed" does not cause the image to not be displayed, it simply causes
        us to not bother to try to decode again if future requests are made, and
        for some decoders, lets the decoder clean up some of its temporary
        objects.

        No layout tests because this does not change the visible output of decoding in any way.

        * platform/image-decoders/gif/GIFImageDecoder.cpp:
        (WebCore::GIFImageDecoder::frameComplete): Return whether the frame could be marked as complete.
        (WebCore::GIFImageDecoder::decode): Fail if read() needs more data (and thus returns false) and no more is coming.
        * platform/image-decoders/gif/GIFImageDecoder.h:
        * platform/image-decoders/gif/GIFImageReader.cpp:
        (GIFImageReader::do_lzw): Instead of returning true for buffer underrun and false for failure, return false for both and set the failure flag on failure.
        (GIFImageReader::read): Ditto.
        * platform/image-decoders/gif/GIFImageReader.h:
        * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
        (WebCore::):
        (WebCore::JPEGImageReader::decode): See do_lzw() comment above.
        (WebCore::JPEGImageDecoder::decode): Fail if decode() needs more data (and thus returns false) and no more is coming.
        * platform/image-decoders/jpeg/JPEGImageDecoder.h:
        * platform/image-decoders/png/PNGImageDecoder.cpp:
        (WebCore::PNGImageReader::decode): Return true for decode success, false for buffer underrun or decode failure, and set the failure flag on decode failure.
        (WebCore::PNGImageDecoder::decode): See JPEGImageDecoder::decode() comment above.
        * platform/image-decoders/png/PNGImageDecoder.h:

2010-04-30  Brady Eidson  <beidson@apple.com>

        Reviewed by Eric Carlson.

        <rdar://problem/7902467> - Audio plays upon loading of npr.org but shouldn't

        No new tests. (Currently no way to test such site specific hack behavior)

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::asyncEventTimerFired): If the event to be dispatched is the canplay
          event, wrap the dispatch with m_dispatchingCanPlayEvent set.
        (WebCore::HTMLMediaElement::play): If m_dispatchingCanPlayEvent is true and the site is npr.org, 
          don't perform the play().
        * html/HTMLMediaElement.h: Add m_dispatchingCanPlayEvent member.

2010-04-30  Dan Bernstein  <mitz@apple.com>

        Reviewed by Adele Peterson.

        Part of <rdar://problem/6649734> Text repainting does not account for glyphs which draw outside the typographic bounds of the font
        https://bugs.webkit.org/show_bug.cgi?id=6274

        Account for glyph overflow of characters in the range U+1E00..U+2000, but without sending them
        through the complex text code path. Instead, introduce a variant of the fast path that tracks
        glyph overflow.

        * platform/graphics/Font.cpp:
        (WebCore::Font::drawText): Use codePath().
        (WebCore::Font::floatWidth): Use codePath(). Pass the GlyphOverflow pointer through to
        floatWidthForSimpleText() if the code path is SimpleWithGlyphOverflow.
        (WebCore::Font::selectionRectForText): Use codePath().
        (WebCore::Font::offsetForPosition): Ditto.
        * platform/graphics/Font.h: Replaced canUseGlyphCache() with codePath(). Added a GlyphOverflow
        parameter to floatWidthForSimpleText().
        * platform/graphics/FontFastPath.cpp:
        Removed ROMAN_AND_GREEK_DIACRITICS_CAN_USE_GLYPH_CACHE.
        (WebCore::Font::codePath): Renamed canUseGlyphCache() to this. Where it used to return false,
        it now returns Complex. Where it used to return true, it now returns Simple, except for
        the range U+1E00..U+2000, where it now returns SimpleWithGlyphOverflow.
        (WebCore::Font::floatWidthForSimpleText): Added a GlyphOverflow parameter. If not 0, have the
        width iterator account for glyph bounds, then update the GlyphOverflow accordingly.
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::WidthIterator): Added boolean parameter telling the width iterator
        whether to account for glyph bounds. Initialize m_accountForGlyphBounds accordingly. Initialize
        m_maxGlyphBoundingBoxY, m_minGlyphBoundingBoxY, m_firstGlyphOverflow and m_lastGlyphOverflow.
        (WebCore::WidthIterator::advance): If accounting for glyph bounds, update the above member variables.
        * platform/graphics/WidthIterator.h:
        (WebCore::WidthIterator::maxGlyphBoundingBoxY): Added this accessor.
        (WebCore::WidthIterator::minGlyphBoundingBoxY): Ditto.
        (WebCore::WidthIterator::firstGlyphOverflow): Ditto.
        (WebCore::WidthIterator::lastGlyphOverflow): Ditto.

2010-04-30  Chris Marrin  <cmarrin@apple.com>

        Reviewed by Simon Fraser.

        Reversed the order of the CSSMatrix.multiply method
        https://bugs.webkit.org/show_bug.cgi?id=38337

        Test: transforms/svg-vs-css.xhtml

        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::multiply):
        * platform/graphics/transforms/TransformationMatrix.cpp:

2010-04-30  Kevin Ollivier  <kevino@theolliviers.com>

        Unreviewed. Attempt to fix the Chromium Mac build after the last commit.

        * WebCore.gypi:

2010-04-30  Kevin Ollivier  <kevino@theolliviers.com>

        Reviewed by Dan Bernstein.

        Allow other ports to compile ATSUI and CoreText functions in SimpleFontData for Mac.
        https://bugs.webkit.org/show_bug.cgi?id=38334

        * WebCore.xcodeproj/project.pbxproj:
        * platform/graphics/mac/SimpleFontDataATSUI.mm: Copied from WebCore/platform/graphics/mac/SimpleFontDataMac.mm.
        * platform/graphics/mac/SimpleFontDataCoreText.cpp: Copied from WebCore/platform/graphics/mac/SimpleFontDataMac.mm.
        * platform/graphics/mac/SimpleFontDataMac.mm:

2010-04-30  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Simon Fraser.

        SHOULD NEVER BE REACHED assertion loading forbes.com
        https://bugs.webkit.org/show_bug.cgi?id=38272

        Ignore page media related pseudo classes.

        Test: printing/pseudo-class-outside-page.html

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::SelectorChecker::checkOneSelector):

2010-04-30  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Unreviewed, build fix.

        Fix compiler warning "suggest parentheses around"

        No new tests as there is no new functionality.

        * svg/SVGAnimateElement.cpp:
        (WebCore::SVGAnimateElement::calculateFromAndToValues):

2010-04-30  Kent Tamura  <tkent@chromium.org>

        Unreviewed. Regression fix.

        Revert a part of r58564 to be compatible with prior behavior
        https://bugs.webkit.org/show_bug.cgi?id=38383

        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::forwardEvent):
         r58564 made a region check for the cancel button stricter, but it
         made some tests failing on Chromium. So, relax the check again.

2010-04-29  Jeremy Orlow  <jorlow@chromium.org>

        Reviewed by Darin Fisher.

        Change StorageEvent.uri to StorageEvent.url to match the spec
        https://bugs.webkit.org/show_bug.cgi?id=38331

        As I mentioned in http://www.mail-archive.com/public-webapps@w3.org/msg08495.html
        WebKit is the only one who places the document's URL in a 'uri' property
        rather than a 'url' property.  Even though we've shipped several versions of
        browsers with the old name, we probably should change this to comply with the
        spec.

        This stuff is covered by existing tests.

        * storage/StorageEvent.cpp:
        (WebCore::StorageEvent::create):
        (WebCore::StorageEvent::StorageEvent):
        (WebCore::StorageEvent::initStorageEvent):
        * storage/StorageEvent.h:
        (WebCore::StorageEvent::url):
        * storage/StorageEvent.idl:

2010-04-30  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        REGRESSION: RenderPath does not handle repaints correctly anymore if bounds changed
        https://bugs.webkit.org/show_bug.cgi?id=38385

        The last SVG performance patch broke repainting if bounds of a RenderPath get smaller.
        It would only repaint the smaller part, not the original larger bounds.

        Remove all lazy calculation of the repaint rects, instead calculate object/strokeBoundingBox and repaintRectInLocalCoordinates
        once in layout - after LayoutRepainter grabbed the initial bounds, before calling repaintAfterLayout(). We can now inline
        all these functions, and save a lot of m_path.isEmpty() checks, which are expensive. No need to store a seperated markerBoundingBox(),
        combine with strokeBoundingBox() -> save one FloatRect per RenderPath. Move strokeBoundingBox() from SVGRenderBase to RenderObject,
        right next to objectBoundingBox() - to save unnecessary toSVGRenderBase() calls. Completly remove this method.

        Overall this is a regression fix, a performance improvement and saves memory. Something for everyone.

        Tests: svg/custom/repaint-stroke-width-changes.svg

        * rendering/RenderObject.cpp: Added strokeBoundingBox() here, to avoid the toSVGRenderBase() dance.
        (WebCore::RenderObject::strokeBoundingBox):
        * rendering/RenderObject.h: Ditto.
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::RenderPath):
        (WebCore::RenderPath::layout): Fix regression, do repainting correctly, by recalculating the boundaries, if needed, instead of nulling them.
        (WebCore::RenderPath::paint): Cache SVGRenderStyle in local variable, remove no longer valid FIXME.
        (WebCore::RenderPath::calculateMarkerBoundsIfNeeded): Return a FloatRect, to avoid having to store the marker bounding box seperated.
        (WebCore::RenderPath::styleWillChange): Mark boundaries as dirty.
        (WebCore::RenderPath::updateCachedBoundaries): New function to (re-)calculate all cached boundaries, only called from layout().
        * rendering/RenderPath.h: Rename cached rect variables to have more sensible names.
        (WebCore::RenderPath::objectBoundingBox): Inlined, just returns the cached value - no more lazy creation. Huge speedup as this is hot code.
        (WebCore::RenderPath::strokeBoundingBox): Ditto.
        (WebCore::RenderPath::repaintRectInLocalCoordinates): Ditto.
        * rendering/RenderSVGBlock.h: Remove toSVGRenderBase() method.
        * rendering/RenderSVGImage.h: Ditto.
        * rendering/RenderSVGInline.cpp: No need to call toSVGRenderBase() just to get the strokeBoundingBox(). Unifies code to retrieve bounding boxes.
        (WebCore::RenderSVGInline::strokeBoundingBox):
        * rendering/RenderSVGInline.h: Remove toSVGRenderBase() method.
        * rendering/RenderSVGModelObject.h: Ditto.
        * rendering/RenderSVGResourceFilter.cpp: No need to call toSVGRenderBase() anymore, just grab the strokeBoundingBox() from the RenderObject.
        (WebCore::RenderSVGResourceFilter::applyResource):
        * rendering/RenderSVGText.h: Remove toSVGRenderBase() method.
        * rendering/SVGRenderSupport.h: Ditto. Remove markerBoundingBox() method, now combined with strokeBoundingBox().
        (WebCore::SVGRenderBase::strokeBoundingBox):
        * rendering/SVGRootInlineBox.h: Remove toSVGRenderBase() method.
        * rendering/style/SVGRenderStyle.h: Add hasMarkers() helper method, to avoid doing unnecessary work in RenderPath.
        (WebCore::SVGRenderStyle::hasMarkers):

2010-04-30  Eric Uhrhane  <ericu@chromium.org>

        Reviewed by Dmitry Titov.

        Add bindings for async DB API in Workers.
        https://bugs.webkit.org/show_bug.cgi?id=34992

        Tests: storage/change-version-handle-reuse-worker.html
               storage/execute-sql-args-worker.html

        * bindings/js/JSWorkerContextCustom.cpp: Add openDatabase binding.
        (WebCore::JSWorkerContext::openDatabase):

        * bindings/v8/custom/V8WorkerContextCustom.cpp: Add openDatabase stub; Chromium will need work both in V8 and in the browser process before we can turn this on there.
        (WebCore::V8WorkerContext::openDatabaseCallback):

        Add NoStaticTables flags to all objects now shared with workers.
        * storage/Database.idl:
        * storage/SQLError.idl:
        * storage/SQLResultSet.idl:
        * storage/SQLResultSetRowList.idl:
        * storage/SQLTransaction.idl:
        
        * workers/WorkerContext.h: Add databaseExceededQuota.
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::databaseExceededQuota): Add stub implementation for testing; you just get 5MB for now.
        (WebCore::WorkerContext::openDatabase): Remove invalid assertion.

        Add the IDL for the call to openDatabase.
        * workers/WorkerContext.idl:

2010-04-30  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler.

        Unnecessary PrintContext::end() calls
        https://bugs.webkit.org/show_bug.cgi?id=38247

        Refactoring only, so no new tests.

        * page/PrintContext.cpp:
        (WebCore::PrintContext::pageNumberForElement):
        (WebCore::PrintContext::numberOfPages):

2010-04-30  Kent Tamura  <tkent@chromium.org>

        Reviewed by Adele Peterson.

        Implement interactive behavior of spin buttons.
        https://bugs.webkit.org/show_bug.cgi?id=35686

        Introduce SpinButtonElement. It is a shadow element class for
        spin buttons. If the upper side of the element is clicked, calls
        HTMLInputElement::stepUpFromRenderer(1). If the lower button is
        clicked, calls HTMLInputElement::stepUpFromRenderer(-1).

        SpinButtonElement tracks the mouse pointer position, and
        RenderTheme sets ControlStates::SpinUpState if the pointer is on
        the upper side.

        Test: platform/mac/fast/forms/input-number-click.html

        * dom/Element.h:
        (WebCore::Element::isSpinButtonElement):
        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::adjustSelectionToAvoidCrossingEditingBoundaries):
         Remove an assertion. lastEditablePositionBeforePositionInRoot() can
         return null in a case that m_end is at a shadow element (a spin button)
         and baseRoot is another shadow element (inner text block) in the same
         node (an INPUT element).
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::stepUpFromRenderer):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::hasSpinButton):
         Add types supporting step attribute except RANGE.
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::nodeAtPoint):
        (WebCore::RenderTextControlSingleLine::forwardEvent):
        (WebCore::RenderTextControlSingleLine::preferredContentWidth):
        (WebCore::RenderTextControlSingleLine::createSubtreeIfNeeded):
        * rendering/RenderTextControlSingleLine.h:
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::controlStatesForRenderer):
        (WebCore::RenderTheme::isSpinUpButtonPartPressed):
        (WebCore::RenderTheme::isSpinUpButtonPartHovered):
        * rendering/RenderTheme.h:
        * rendering/TextControlInnerElements.cpp:
        (WebCore::SpinButtonElement::SpinButtonElement):
        (WebCore::SpinButtonElement::defaultEventHandler):
        * rendering/TextControlInnerElements.h:
        (WebCore::SpinButtonElement::isSpinButtonElement):
        (WebCore::SpinButtonElement::isEnabledFormControl):
        (WebCore::SpinButtonElement::onUpButton):

2010-04-30  Yael Aharon  <yael.aharon@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Enable DOMWindow constructor for HTMLProgressElement
        https://bugs.webkit.org/show_bug.cgi?id=38333

        Add ENABLE_PROGRESS_TAG to FEATURES_DEFINES_JAVASCRIPT.

        * WebCore.pri:

2010-04-30  Kent Tamura  <tkent@chromium.org>

        Reviewed by Adele Peterson.

        Mac implementation of outer-spin-button appearance, and anonymous
        element generation for <input type=number>.
        https://bugs.webkit.org/show_bug.cgi?id=32813

        The implementation uses NSStepperCell. Like the other Mac
        controls, it has only three candidates for sizes.

        The editable block of an input element is shrunk, and the
        anonymous block for a spin button is put on the right of the
        editable block.

        Tests: platform/mac/fast/forms/input-appearance-spinbutton-size.html
               platform/mac/fast/forms/input-appearance-spinbutton.html

        * dom/Element.cpp:
        (WebCore::Element::pseudoStyleCacheIsInvalid):
        * dom/InputElement.h:
        (WebCore::InputElement::hasSpinButton):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::hasSpinButton): Return true for NUMBER type.
        * platform/mac/ThemeMac.mm:
        (WebCore::sizeFromNSControlSize): Split the main part of sizeFromFont()
          to this in order to use stepperControlSizeForFont() instead of
          controlSizeForFont().
        (WebCore::sizeFromFont): Just calls sizeFromNSControlSize() with
          sizeFromFont(). No behavior changes.
        (WebCore::stepperSizes): Returns sizes for mini, small, and regular.
        (WebCore::stepperControlSizeForFont):
          Dedicated version of controlSizeForFont().
        (WebCore::stepper): Returns NSStepperCell object with specified settings.
        (WebCore::paintStepper):
        (WebCore::ThemeMac::controlSize): Support for OuterSpinButton.
        (WebCore::ThemeMac::minimumControlSize): ditto.
        (WebCore::ThemeMac::inflateControlPaintRect): ditto.
        (WebCore::ThemeMac::paint): ditto.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::paintBoxDecorations):
          Move the content to paintBoxDecorationsWithSize().
        (WebCore::RenderBox::paintBoxDecorationsWithSize):
        * rendering/RenderBox.h: Declare paintBoxDecorationsWithSize().
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::~RenderTextControlSingleLine):
        (WebCore::RenderTextControlSingleLine::paintBoxDecorations):
          Call paintBoxDecorationsWithSize() with smaller width by decorationWidthRight().
        (WebCore::RenderTextControlSingleLine::addFocusRingRects):
          Add a rectangle of which width is smaller by decorationWidthRight().
        (WebCore::RenderTextControlSingleLine::layout):
          Adjust m_outerSpinButton position.
        (WebCore::RenderTextControlSingleLine::styleDidChange):
        (WebCore::RenderTextControlSingleLine::textBlockWidth):
        (WebCore::RenderTextControlSingleLine::decorationWidthRight):
        (WebCore::RenderTextControlSingleLine::preferredDecorationWidthRight):
        (WebCore::RenderTextControlSingleLine::createSubtreeIfNeeded):
          Creates an element for m_outerSpinButton if it is needed.
        (WebCore::RenderTextControlSingleLine::createInnerTextStyle):
        (WebCore::RenderTextControlSingleLine::createOuterSpinButtonStyle):
        * rendering/RenderTextControlSingleLine.h: Declare new methods and m_outerSpinButton.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::adjustRepaintRect): Support for OuterSpinButton.

2010-04-29  Adam Barth  <abarth@webkit.org>

        Unreviewed.  Update JSC CodeGenerator baseline.  Not sure how I missed
        this one earlier.

        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionSerializedValue):

2010-04-29  Justin Garcia  <justin.garcia@apple.com>

        Reviewed by Adele Peterson.

        Need to updateLayout after typing commands too
        https://bugs.webkit.org/show_bug.cgi?id=38352

        Replaced !m_parent checks in EditCommand.cpp by the more descriptive isTopLevelCommand().
        Move the post editing operation updateLayout() call to {un,re}appliedEditing so that text insertions,
        which don't go through EditCommand::{un,re}apply() can benefit from it too.  No test case possible
        since most platforms have a layout performed as a side effect of post operation selection code.

        * editing/EditCommand.cpp:
        (WebCore::EditCommand::apply):
        (WebCore::EditCommand::unapply):
        (WebCore::EditCommand::reapply):
        * editing/EditCommand.h:
        (WebCore::EditCommand::isTopLevelCommand):
        * editing/Editor.cpp:
        (WebCore::Editor::appliedEditing):
        (WebCore::Editor::unappliedEditing):
        (WebCore::Editor::reappliedEditing):

2010-04-29  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/7918086> REGRESSION (r57820): Controller is not displayed in window when opening a MP3 file in browser window
        https://bugs.webkit.org/show_bug.cgi?id=38350

        Tests: media/audio-only-video-intrinsic-size.html
               media/media-document-audio-size.html

        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::RenderVideo): Until metadata is available, ignore the natural size
        reported by the player.
        (WebCore::RenderVideo::videoSizeChanged): Respect a natural size of zero if reported by the
        player, except in standalone media documents.

2010-04-29  Anders Carlsson  <andersca@apple.com>

        Reviewed by Dan Bernstein.

        First part of
        https://bugs.webkit.org/show_bug.cgi?id=20784
        move npapi.h to C99 integer types.

        Add nptypes.h to the build.

        * WebCore.xcodeproj/project.pbxproj:
        * bridge/npapi.h:
        * bridge/npruntime.h:
        * bridge/nptypes.h: Added.

2010-04-29  Xan Lopez  <xlopez@igalia.com>

        Rubber-stamped by Adam Barth.

        Update GObject bindings test results. We are actually moving
        backwards here, but we'll update them again when we figure out
        what broke.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):

2010-04-29  Sam Weinig  <sam@webkit.org>

        Reviewed by Anders Carlsson.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38277
        MiniBrowser: -[WebCoreFlippedView currentEditor]: unrecognized selector

        * platform/mac/ThemeMac.mm:
        (-[WebCoreFlippedView currentEditor]): Added currentEditor nil implementation.

2010-04-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        CodeGeneratorJS.pm should be consistent about castedThis versus castedThisObj
        https://bugs.webkit.org/show_bug.cgi?id=38338

        Currently CodeGeneratorJS.pm uses castThis for methods and
        castedThisObj for attributes.  This inconsistency makes it difficult to
        factor common code genereration code into methods shared by both kinds
        of bindings.  This match aligns the names so that a future patch (e.g.,
        in https://bugs.webkit.org/show_bug.cgi?id=38313) can reduce copy/paste
        code.

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::setJSTestObjIntAttr):
        (WebCore::setJSTestObjLongLongAttr):
        (WebCore::setJSTestObjUnsignedLongLongAttr):
        (WebCore::setJSTestObjStringAttr):
        (WebCore::setJSTestObjTestObjAttr):
        (WebCore::setJSTestObjAttrWithException):
        (WebCore::setJSTestObjAttrWithSetterException):
        (WebCore::setJSTestObjAttrWithGetterException):
        (WebCore::jsTestObjPrototypeFunctionVoidMethod):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionIntMethod):
        (WebCore::jsTestObjPrototypeFunctionIntMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithException):
        (WebCore::jsTestObjPrototypeFunctionCustomMethod):
        (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionCustomArgsAndException):
        (WebCore::jsTestObjPrototypeFunctionAddEventListener):
        (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrame):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndArg):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndUserGesture):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndUserGestureASAD):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoid):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObj):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):

2010-04-29  Gustavo Noronha Silva  <gustavo.noronhaollabora.co.uk>

        Reviewed by Xan Lopez.

        [GTK] pointerCursor should use the default cursor set for the window, not GDK_LEFT_PTR
        https://bugs.webkit.org/show_bug.cgi?id=36963

        Use the default cursor instead of hard-coding left pointer.

        * platform/gtk/CursorGtk.cpp:
        (WebCore::Cursor::Cursor):
        (WebCore::pointerCursor):

2010-04-29  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: If Timeline panel is in recording mode and is not visible and has received
        new events then these events do not appear in the panel when the panel becomes visible.
        Timeline popup may appear in the upper left window corner when you switch to another panel.
        https://bugs.webkit.org/show_bug.cgi?id=38322

        * inspector/front-end/Popover.js:
        (WebInspector.PopoverHelper.prototype._mouseMove.doHide):
        (WebInspector.PopoverHelper.prototype._mouseMove):
        (WebInspector.PopoverHelper.prototype.hidePopup):
        (WebInspector.PopoverHelper.prototype._hidePopup):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype.show):
        (WebInspector.TimelinePanel.prototype._scheduleRefresh):
        (WebInspector.TimelinePanel.prototype._refresh):

2010-04-29  Anton Muhin  <antonm@chromium.org>

        Reviewed by Darin Adler.

        Let's cache nodelists instead of DynamicNodeList::Caches
        https://bugs.webkit.org/show_bug.cgi?id=33696

        Test: fast/dom/Element/node-list-identity.html

        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::markChildren): Mark all cached node lists as well
        * dom/ClassNodeList.cpp:
        (WebCore::ClassNodeList::ClassNodeList): Don't need DynamicNodeList::Caches argument any more
        (WebCore::ClassNodeList::~ClassNodeList): Remove from the cache
        * dom/ClassNodeList.h: Added a field with original class names to be used as a key for removal from the cache
        (WebCore::ClassNodeList::create): Don't need DynamicNodeList::Caches argument any more
        * dom/NameNodeList.cpp:
        (WebCore::NameNodeList::NameNodeList): Don't need DynamicNodeList::Caches argument any more
        (WebCore::NameNodeList::~NameNodeList): Remove from the cache
        * dom/NameNodeList.h:
        (WebCore::NameNodeList::create): Don't need DynamicNodeList::Caches argument any more
        * dom/Node.cpp:
        (WebCore::Node::removeCachedClassNodeList): Remove ClassNodeList from the cache
        (WebCore::Node::removeCachedNameNodeList): Remove NameNodeList from the cache
        (WebCore::Node::removeCachedTagNodeList): Remove TagNodeList from the cache
        (WebCore::Node::getElementsByTagNameNS): Switch to caching node lists themselves, not the data
        (WebCore::Node::getElementsByName): Switch to caching node lists themselves, not the data
        (WebCore::Node::getElementsByClassName): Switch to caching node lists themselves, not the data
        (WebCore::NodeListsNodeData::invalidateCaches): Switch to caching node lists themselves, not the data
        (WebCore::NodeListsNodeData::invalidateCachesThatDependOnAttributes): Switch to caching node lists themselves, not the data
        (WebCore::NodeListsNodeData::isEmpty): Switch to caching node lists themselves, not the data
        (WebCore::markNodeLists): Helper to mark all the node lists in the cache
        (WebCore::Node::markCachedNodeListsSlow): Mark all the cached node lists if any could be present
        * dom/Node.h:
        (WebCore::Node::markCachedNodeLists): Fast-path marking of cached node lists---bails out if there is no rare data
        * dom/NodeRareData.h: Changed type of caches to hold raw pointers to node lists, not RefPtr's to data
        * dom/TagNodeList.cpp:
        (WebCore::TagNodeList::TagNodeList): Don't need DynamicNodeList::Caches argument any more
        (WebCore::TagNodeList::~TagNodeList): Remove from the cache
        * dom/TagNodeList.h:
        (WebCore::TagNodeList::create): Don't need DynamicNodeList::Caches argument any more

2010-04-29  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Yury Semikhatsky.

        [Chromium] Update ScriptProfileNode to retrieve execution time in milliseconds.

        https://bugs.webkit.org/show_bug.cgi?id=38330

        * bindings/v8/ScriptProfileNode.cpp:
        (WebCore::ScriptProfileNode::totalTime):
        (WebCore::ScriptProfileNode::selfTime):

2010-04-28  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Darin Adler.

        A form without a submit button unexpectedly performs its action when Return is pressed
        https://bugs.webkit.org/show_bug.cgi?id=9756

        Implemented implicit form submission algorithm as defined in HTML5 spec:
        http://www.whatwg.org/specs/web-apps/current-work/multipage/association-of-controls-and-forms.html#implicit-submission,
        falling back to match IE's behavior in the edge cases.

        The underlying rules are:

        * If the form has no enabled submit buttons, submit if Enter/Return is pressed on the only single-line text field.

        * Otherwise, submit form using first enabled submit button if Enter/Return is pressed on a field
          that's not a textarea or a select.

        Test: fast/forms/implicit-submission.html

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::menuListDefaultEventHandler): Ripped out implicit submission for select elements.
        (WebCore::SelectElement::listBoxDefaultEventHandler): Ditto.
        (WebCore::SelectElement::defaultEventHandler): Ditto.
        * dom/SelectElement.h: Ditto.
        (WebCore::HTMLFormElement::submitImplicitly): Renamed submitClick to submitImplicitly to better match HTML5 spec
            language, changed the logic to match the rules above.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::defaultEventHandler): Reamed clickDefaultButton to implicitSubmission to better match
            HTML5 spec language, made radio element to trigger implicit submission.
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::defaultEventHandler): Removed passing of form() as parameter, because it's no longer
            necessary.

2010-04-29  Paweł Hajdan, Jr.  <phajdan.jr@chromium.org>

        Reviewed by Jeremy Orlow.

        Fix building with libpng-1.4.
        https://bugs.webkit.org/show_bug.cgi?id=33287

        No new tests (no behavior change).

        Original patch by John Bowler <jbowler@acm.org>

        * platform/image-encoders/skia/PNGImageEncoder.cpp:
        (WebCore::PNGImageEncoder::encode):

2010-04-29  Adam Langley  <agl@chromium.org>

        Reviewed by David Levin.

        This patch adds support for WOFF in Chromium. Since Chromium
        already transcodes all OpenType files for security reasons we
        are adding WOFF support into the transcoder.

        https://bugs.webkit.org/show_bug.cgi?id=38217

        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::isSupportedFormat):
          Recognise "woff" as a font-face format value (guarded by
          ENABLE(OPENTYPE_SANITIZER) at this point)
        * platform/graphics/opentype/OpenTypeSanitizer.cpp:
        (WebCore::OpenTypeSanitizer::sanitize):
          Change so that the transcoded font can be larger than the original.
          (WOFF files are compressed, so the transcoded TTF is typically
          larger.)

2010-04-29  Alex Milowski  <alex@milowski.com>

        Reviewed by Kenneth Rohde Christiansen.

        Updates to the Qt build to enable building MathML support.

        * WebCore.pri:
        * WebCore.pro:

2010-04-29  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Gustavo Noronha.

        [GTK] GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=33590

        Do not generate unneeded boilerplate in {get,set}_property methods
        when there are no properties to generate code for. This gets rid
        of lots of compiler warnings.

        * bindings/scripts/CodeGeneratorGObject.pm:

2010-04-29  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Speed up text layouting
        https://bugs.webkit.org/show_bug.cgi?id=31719

        Use QFontMetrics::width() for the text width calculation instead
        of QTextLayout. This avoids expensive bearing calculations and the
        line breaking code.

        * platform/graphics/qt/FontQt.cpp:
        (WebCore::Font::floatWidthForComplexText):

2010-04-29  Kwang Yul Seo  <skyul@company100.net>

        Reviewed by Simon Hausmann.

        [WINCE] Export g_stackBase with JS_EXPORTDATA
        https://bugs.webkit.org/show_bug.cgi?id=37437

        Declare g_stackBase with JS_EXPORTDATA as it is imported from JavaScriptCore.

        * platform/wince/SharedTimerWince.cpp:

2010-04-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Maciej Stachowiak.

        Remove custom bindings for PopStateEvent.initPopStateEvent
        https://bugs.webkit.org/show_bug.cgi?id=38311

        Our code generation of SerializedScriptValue was slightly buggy, but
        it's easy to fix.  Notice that the conversion to an atomic string is
        handled by the C++ type system and doesn't require logic in the code
        generator.

        * bindings/js/JSPopStateEventCustom.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_serialized_value):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::):
        (WebCore::jsTestObjPrototypeFunctionSerializedValue):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj serializedValue:]):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::serializedValueCallback):
        (WebCore::ConfigureV8TestObjTemplate):
        * bindings/v8/custom/V8PopStateEventCustom.cpp:
        * dom/PopStateEvent.idl:

2010-04-29  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        Fix a bug that selection drag-and-drop doesn't work for input/textarea.
        https://bugs.webkit.org/show_bug.cgi?id=38175

        The code supposed the selected region was in the destination text
        field. It is not true in a case of drag-and-drop.

        Test: editing/pasteboard/drag-drop-input-textarea.html

        * dom/InputElement.cpp:
        (WebCore::InputElement::handleBeforeTextInsertedEvent):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::handleBeforeTextInsertedEvent):

2010-04-29  Adam Barth  <abarth@webkit.org>

        Reviewed by Maciej Stachowiak.

        Remove custom bindings for NodeFilter.acceptNode
        https://bugs.webkit.org/show_bug.cgi?id=38309

        This "custom" code was just an instance of the CallWith=ScriptState
        pattern.  Also, it looks like V8 just had a garbage implemenation that
        did nothing.

        * WebCore.gypi:
        * bindings/js/JSNodeFilterCustom.cpp:
        * bindings/v8/custom/V8NodeFilterCustom.cpp: Removed.
        * dom/NodeFilter.idl:

2010-04-29  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt] QtWebkit doesn't link with 3D canvas
        https://bugs.webkit.org/show_bug.cgi?id=38299

        Added implementation for GraphicsContext3D::isGLES2Compliant, which returns the correct value based on a Qt #define.

        No new tests: build fix

        * platform/graphics/qt/GraphicsContext3DQt.cpp:
        (WebCore::GraphicsContext3D::isGLES2Compliant):

2010-04-29  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Tor Arne Vestbø.

        [Qt] REGRESSION(r57638): tst_qwebframe::objectDeleted() fails
        https://bugs.webkit.org/show_bug.cgi?id=38316

        Accessing properties of a deleted objects doesn't throw an exception
        anymore.

        Continue to expose the QObject class wrapper for objects that
        previously existed but don't exist anymore. QtClass is safe to
        use with a deleted QObject.

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::getClass): Return null only if m_class
        doesn't exist yet and there's no m_object.

2010-04-29  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Simon Hausmann.

        Reverse animations don't work in some use cases        
        https://bugs.webkit.org/show_bug.cgi?id=38075

        This was due to a code path special-casing reverse animations, that became obselete when we aligned our animation code
        with the CA implementation. That special case code path is now a bug - and this patch removes it.

        http://staff.washington.edu/fmf/2009/03/25/iphone-3d-css-transformations/ now runs the reverse
        animation correctly.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::TransformAnimationQt::applyFrame):

2010-04-29  Jan Hanssen  <jhanssen@codeaurora.org>

        Reviewed by Adam Barth.

        HTMLOptionElement::ownerSelectElement() needs to consider keygen elements
        https://bugs.webkit.org/show_bug.cgi?id=26016

        Patch written by Grace Kloba <klobag@gmail.com>, test fixed by me.

        Test: fast/dom/HTMLKeygenElement/keygen-option-select.html

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::ownerSelectElement):
        Make HTMLOptionElement::ownerSelectElement() consider the keygen element in addition to the current select element.

2010-04-29  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Eric Seidel.

        Add EFL-specific code to Widget.h and move the empty
        frameRectsChanged() definition to Widget.cpp, since the EFL port
        needs to override that.
        http://webkit.org/b/36317

        No new tests required.

        * WebCore.base.exp:
        * platform/Widget.cpp:
        (WebCore::Widget::frameRectsChanged):
        * platform/Widget.h:

2010-04-29  Jarkko Sakkinen  <jarkko.j.sakkinen@gmail.com>

        Reviewed by Simon Hausmann.

        [Qt] GraphicsContext3DQt.cpp does not implement isGLES2Compliant() 
        https://bugs.webkit.org/show_bug.cgi?id=38216

        * platform/graphics/qt/GraphicsContext3DQt.cpp:
        (WebCore::GraphicsContext3D::isGLES2Compliant):

2010-04-29  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        Remove the unnecessary texImage2D function with Image as input in GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=38235

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::texImage2D): Add extractImageData; add a common entry point for texImage2D with image input.
        (WebCore::WebGLRenderingContext::texImage2DBase): Add this function as the common entry point for texImage2D.
        (WebCore::WebGLRenderingContext::texSubImage2D): Add extractImageData; add a common entry point for texSubImage2D with image input.
        (WebCore::WebGLRenderingContext::texSubImage2DBase): Add this function as the common entry point for texSubImage2D.
        * html/canvas/WebGLRenderingContext.h: Add tex*Image{Base/Image} function declaration.
        * platform/graphics/GraphicsContext3D.h: Remove tex*Image declaration with Image input.
        * platform/graphics/mac/GraphicsContext3DMac.cpp: Remove tex*Image implementation with Image input.
        (WebCore::GraphicsContext3D::texImage2D):
        (WebCore::GraphicsContext3D::texSubImage2D):

2010-04-29  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] GraphicsLayer: flicker when starting an animation before the previous one ended.
        https://bugs.webkit.org/show_bug.cgi?id=38076

        This was due to the cude in the removeAnimations functions, which called deleteLater() without stopping the
        animation synchronously. The delay between the call to that function and the actual call to the animation's destructor
        is when the flicker occured. We fix this by calling stop() synchronously, and making sure that the value is reverted
        upon stop (updateState) and not upon the object's destruction.

        http://staff.washington.edu/fmf/2009/03/25/iphone-3d-css-transformations/ now doesn't flicker when
        the animation is toggled frequently.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::TransformAnimationQt::~TransformAnimationQt):
        (WebCore::TransformAnimationQt::applyFrame):
        (WebCore::TransformAnimationQt::updateState):
        (WebCore::OpacityAnimationQt::~OpacityAnimationQt):
        (WebCore::OpacityAnimationQt::updateState):
        (WebCore::GraphicsLayerQt::removeAnimationsForProperty):
        (WebCore::GraphicsLayerQt::removeAnimationsForKeyframes):

2010-04-28  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Simon Fraser.

        Media queries empty values
        https://bugs.webkit.org/show_bug.cgi?id=38116

        Adding isValid() method to MediaQueryExp to make it possible to differentiate
        between queries with empty values and queries with invalid values.

        Test: fast/media/media-query-invalid-value.html

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::eval):
        * css/MediaQueryExp.cpp:
        (WebCore::MediaQueryExp::MediaQueryExp):
        * css/MediaQueryExp.h:
        (WebCore::MediaQueryExp::isValid):

2010-04-28  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: Allow editing script resources when resource tracking is enabled.

        https://bugs.webkit.org/show_bug.cgi?id=38269

        * inspector/front-end/ScriptView.js:
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.canEditScripts):
        (WebInspector.ScriptsPanel.prototype.editScriptSource):
        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame.prototype.get textModel):
        * inspector/front-end/SourceView.js:
        (WebInspector.SourceView):
        (WebInspector.SourceView.prototype._addBreakpoint):
        (WebInspector.SourceView.prototype._editLine):
        (WebInspector.SourceView.prototype._editLineComplete):
        (WebInspector.SourceView.prototype._sourceIDForLine):

2010-04-25  Antonio Gomes  <tonikitoo@webkit.org>

        Reviewed by Darin Adler.

        Clicking a scrollbar blurs the currently focused element
        https://bugs.webkit.org/show_bug.cgi?id=16809

        WebKit ports that do not use native (platform) widgets for rendering the scrollbars
        are currently mismatching a common behaviour of other browser vendors (including
        Firefox and Opera): clicking on a frame scrollbar *should not* steal focus from content.
        WebKit browsers based ports that do use WebCore for handling scrollbars, like QtWebKit for
        instance, can observe the opposite behaviour.

        Patch fixes this behaviour by checking if current MouseDown event targets a frame scrollbar.
        If that is the case, it bails out and do not change focus behavior at all.

        It is important to note that the given way this is implemented by this patch, non-frame
        scrollbars (e.g. a vertical scrollbar of an overflowed textareas or divs) will keep working
        in the same way as it works currently.

        Tests: scrollbars/scrollbar-click-does-not-blur-content.html
               scrollbars/scrollbar-iframe-click-does-not-blur-content.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchMouseEvent):

2010-04-28  Dan Bernstein  <mitz@apple.com>

        Rubber-stamped by Maciej Stachowiak.

        Try to fix test failures seen on the Leopard build bot after r58467

        * platform/graphics/SimpleFontData.cpp:
        (WebCore::SimpleFontData::platformGlyphInit): Initialize m_zeroWidthSpaceGlyph before
        calling widthForGlyph(), as the latter uses the former.

2010-04-28  Martin Robinson  <mrobinson@webkit.org>

        Reviewed by Gustavo Noronha.

        [GTK] Enable DOM clipboard and drag-and-drop access
        https://bugs.webkit.org/show_bug.cgi?id=30623

        Make ClipboardGtk a "live" DataTransfer object, able to modify
        the clipboard when setData(...) is called.

        * platform/gtk/ClipboardGtk.cpp:
        (WebCore::Editor::newGeneralClipboard): Pass the GtkClipboard into the factory method.
        (WebCore::ClipboardGtk::ClipboardGtk): Create two separate constructors, one for DnD data and one for clipboard data.
        (WebCore::dataObjectTypeFromHTMLClipboardType): Added.
        (WebCore::ClipboardGtk::clearData): Clear the member DataObject, optionally write the clipboard.
        (WebCore::ClipboardGtk::clearAllData): Ditto.
        (WebCore::joinURIList): Added.
        (WebCore::ClipboardGtk::getData): Get the data from the clipboard, if possible.
        (WebCore::ClipboardGtk::setData): Write data to the DataObject and maybe the clipboard.
        (WebCore::ClipboardGtk::types): Read the clipboard/DataObject to find applicable types.
        (WebCore::ClipboardGtk::files): Read the clipboard/DataObject to find the files.
        (WebCore::ClipboardGtk::writeURL): Write to the DataObject and maybe the clipboard.
        (WebCore::ClipboardGtk::writeRange): Ditto.
        (WebCore::ClipboardGtk::writePlainText): Ditto.
        (WebCore::ClipboardGtk::hasData): Query the clipboard/DataObject.
        * platform/gtk/ClipboardGtk.h: 
        (WebCore::ClipboardGtk::create): Added one factory for pasteboard-backed DataObjects and one for DnD-backed objects.
        * platform/gtk/DataObjectGtk.cpp:
        (WebCore::replaceNonBreakingSpaceWithSpace): Added this helper function to clean &nbsp; from plain text.
        (WebCore::DataObjectGtk::markup): Actually return the range if it's set.
        (WebCore::DataObjectGtk::setText): Clean &nbsp; from plain text.
        (WebCore::DataObjectGtk::clearText): Added.
        (WebCore::DataObjectGtk::clearMarkup): Added.
        * platform/gtk/DataObjectGtk.h:
        (WebCore::DataObjectGtk::clearURIList): Added.
        (WebCore::DataObjectGtk::clearImage): Added.
        * platform/gtk/PasteboardHelper.cpp:
        (WebCore::PasteboardHelper::initializeTargetList): Added target ID's for URI list and Netscape URL targets.
        (WebCore::urisToKURLVector): Added.
        (WebCore::PasteboardHelper::getClipboardContents): Added.
        (WebCore::PasteboardHelper::fillSelectionData): Added logic for URI lists and Netscape URLs.
        (WebCore::PasteboardHelper::targetListForDataObject): Ditto.
        * platform/gtk/PasteboardHelper.h: Added default argument to writeClipboardContents and new method.

2010-04-28  Martin Robinson  <mrobinson@webkit.org>

        Reviewed by Gustavo Noronha.

        [GTK] Enable DOM clipboard and drag-and-drop access
        https://bugs.webkit.org/show_bug.cgi?id=30623

        Use the length of the UTF-8 markup data in bytes when filling GtkSelectionData.

        No new tests, because pasteboard DataTransfer tests will be enabled
        with the completion of the GTK+ DataTransfer object.

        * platform/gtk/PasteboardGtk.cpp:
        (WebCore::clipboard_get_contents_cb): Use strlen here instead of g_utf8_strlen.

2010-04-28  Dan Bernstein  <mitz@apple.com>

        Reviewed by Adele Peterson.

        More of <rdar://problem/7855777> REGRESSION: Memory usage increase caused by storing glyph bounds in GlyphMetricsMap
        https://bugs.webkit.org/show_bug.cgi?id=37936

        Assigning zero width and empty bounds to the ZERO WIDTH SPACE glyph often allocates a width map
        page and a bounds map page for the glyph, each of which pages contains 255 unused entries. Save
        this space by not storing the zero width and empty bounds in the metrics maps.

        * platform/graphics/SimpleFontData.cpp:
        (WebCore::SimpleFontData::SimpleFontData): Initialize m_zeroWidthSpaceGlyph.
        (WebCore::SimpleFontData::platformGlyphInit): Set m_zeroWidthSpaceGlyph. Don’t create entries
        for the ZERO WIDTH SPACE glyph in the width map and in the bounds map.
        * platform/graphics/SimpleFontData.h:
        (WebCore::SimpleFontData::boundsForGlyph): Return empty bounds for the ZERO WIDTH SPACE glyph
        without consulting the bounds map.
        (WebCore::SimpleFontData::widthForGlyph): Return zero for the ZERO WIDTH SPACE glyph without
        consulting the width map.

2010-04-28  Mark Rowe  <mrowe@apple.com>

        Reviewed by Adele Peterson.

        <rdar://problem/7847573> Safari welcome page logs JavaScript exception during page load

        The Safari welcome page runs afoul of the same-origin restriction on access to stylesheet rules
        that was added to address <https://bugs.webkit.org/show_bug.cgi?id=20527>. To work around this we're
        adding a temporary site-specific quirk that relaxes this restriction for the particular cross-origin
        access that occurs on the Safari welcome page.

        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::cssRules):

2010-04-28  Mike Thole  <mthole@apple.com>

        Reviewed by Mark Rowe.

        Add separate exports file for symbols dependent on WTF_USE_PROTECTION_SPACE_AUTH_CALLBACK.

        * DerivedSources.make: Updated for WebCore.ProtectionSpaceAuthCallback.exp.
        * WebCore.ProtectionSpaceAuthCallback.exp: Added.
        * WebCore.xcodeproj/project.pbxproj:

2010-04-28  Evan Martin  <evan@chromium.org>

        Reviewed by David Levin.

        [chromium] revert getFontDataForCharacters change in r58341
        https://bugs.webkit.org/show_bug.cgi?id=38288

        It caused a performance regression.

        * platform/chromium/ChromiumBridge.h:
        * platform/graphics/chromium/FontCacheLinux.cpp:
        (WebCore::FontCache::getFontDataForCharacters):

2010-04-28  Eric Seidel  <eric@webkit.org>

        Unreviewed, rolling out r58441.
        http://trac.webkit.org/changeset/58441
        https://bugs.webkit.org/show_bug.cgi?id=37618

        Broke 3 test on Qt.

        * page/DragController.cpp:
        (WebCore::DragController::tryDocumentDrag):
        (WebCore::DragController::concludeEditDrag):
        * page/DragController.h:
        (WebCore::DragController::setDragInitiator):
        (WebCore::DragController::dragInitiator):
        (WebCore::DragController::documentUnderMouse):

2010-04-28  Darin Adler  <darin@apple.com>

        Reviewed by Dan Bernstein.

        Remove some obsolete scrolling code
        https://bugs.webkit.org/show_bug.cgi?id=38293

        * page/Chrome.cpp:
        (WebCore::Chrome::scrollRectIntoView): Removed ScrollView* argument.
        * page/Chrome.h: Made scrollRectIntoView non-virtual, and removed ScrollView* argument.

        * page/FrameView.cpp: Removed scrollRectIntoViewRecursively.
        * page/FrameView.h: Removed scrollRectIntoViewRecursively and made
        setScrollPosition non-virtual, since there is no class derived from
        this class, and ScrollView's setScrollPosition is non-virtual.

        * platform/HostWindow.h: Removed scrollRectIntoView.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollRectIntoViewRecursively): Updated comment
        since I was able to do most of the tasks listed here.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible): Removed 0 passed for
        ScrollView* argument to Chrome::scrollRectIntoView.

2010-04-28  Mike Thole  <mthole@apple.com>

        Reviewed by David Kilzer.

        Add canAuthenticateAgainstProtectionSpace() to frame loader so that a protection space 
        can be inspected before attempting to authenticate against it
        https://bugs.webkit.org/show_bug.cgi?id=38271

        * loader/EmptyClients.h:
        (WebCore::EmptyFrameLoaderClient::canAuthenticateAgainstProtectionSpace): Added.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::canAuthenticateAgainstProtectionSpace): Added.
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::canAuthenticateAgainstProtectionSpace): Added.
        * loader/ResourceLoader.h:
        (WebCore::ResourceLoader::canAuthenticateAgainstProtectionSpace): Added.
        * platform/network/ProtectionSpace.h:
        (WebCore::):
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::canAuthenticateAgainstProtectionSpace): Added.
        * platform/network/mac/AuthenticationMac.mm:
        (WebCore::mac):
        Add cases for case ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested and
        ProtectionSpaceAuthenticationSchemeClientCertificateRequested.  Guarded with the
        #if USE(PROTECTION_SPACE_AUTH_CALLBACK) as the new NSURLProtectionSpace constants don't
        exist prior to Mac OS X 10.6.
        (WebCore::core): Ditto.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::canAuthenticateAgainstProtectionSpace): Added.
        (-[WebCoreResourceHandleAsDelegate connection:canAuthenticateAgainstProtectionSpace:]): Added.

2010-04-28  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Eric Seidel.

        Convert m_documentUnderMouse, m_dragInitiator to RefPtr.
        Eliminated unused m_dragInitiator accessor to prevent dereferencing.
        https://bugs.webkit.org/show_bug.cgi?id=37618

        Test: editing/pasteboard/drag-drop-iframe-refresh-crash.html

        * page/DragController.cpp:
        (WebCore::DragController::tryDocumentDrag):
        (WebCore::DragController::concludeEditDrag):
        * page/DragController.h:
        (WebCore::DragController::draggingImageURL):
        (WebCore::DragController::documentUnderMouse):

2010-04-28  Dumitru Daniliuc  <dumi@chromium.org>

        Unreviewed, fixing a build problem introduced by the previous patch.

        * storage/DatabaseSync.cpp:
        (WebCore::DatabaseSync::openDatabaseSync):

2010-04-23  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Jeremy Orlow.

        Adding some required classes for the sync WebSQLDatabases API.
        https://bugs.webkit.org/show_bug.cgi?id=34994

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * storage/DatabaseSync.cpp: Added.
        (WebCore::DatabaseSync::databaseInfoTableName):
        (WebCore::DatabaseSync::setIsAvailable):
        (WebCore::DatabaseSync::isAvailable):
        (WebCore::DatabaseSync::openDatabaseSync):
        (WebCore::DatabaseSync::DatabaseSync):
        (WebCore::DatabaseSync::~DatabaseSync):
        (WebCore::DatabaseSync::version):
        (WebCore::DatabaseSync::changeVersion):
        (WebCore::DatabaseSync::transaction):
        * storage/DatabaseSync.h: Added.
        (WebCore::DatabaseSync::databaseDebugName):
        * storage/SQLTransactionSync.cpp: Added.
        (WebCore::SQLTransactionSync::create):
        (WebCore::SQLTransactionSync::SQLTransactionSync):
        (WebCore::SQLTransactionSync::~SQLTransactionSync):
        (WebCore::SQLTransactionSync::executeSQL):
        * storage/SQLTransactionSync.h: Added.
        (WebCore::SQLTransactionSync::database):
        (WebCore::SQLTransactionSync::isReadOnly):
        * storage/SQLTransactionSyncCallback.h: Added.
        (WebCore::SQLTransactionSyncCallback::~SQLTransactionSyncCallback):

2010-04-28  İsmail Dönmez  <ismail@namtrac.org>

        Reviewed by Simon Hausmann.

        Fix compilation with QT_NO_CURSOR defined.

        * platform/qt/QWebPageClient.h:
        (QWebPageClient::resetCursor):
        (QWebPageClient::setCursor):

2010-04-28  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Added a check to make sure that resources from a different https origin are not cached.
        https://bugs.webkit.org/show_bug.cgi?id=33456

        Test: http/tests/appcache/different-https-origin-resource-main.html

        * loader/appcache/ManifestParser.cpp:
        (WebCore::parseManifest):

2010-04-28  Sam Weinig  <sam@webkit.org>

        Reviewed by Mark Rowe.

        Only set -allowable_client WebKit2 for engineering builds on SnowLeopard
        and later.

        * Configurations/WebCore.xcconfig:

2010-04-28  Darin Adler  <darin@apple.com>

        Reviewed by Adele Peterson.

        REGRESSION: Autoscroll does not work in Mail messages
        https://bugs.webkit.org/show_bug.cgi?id=38267
        rdar://problem/7559799

        Still haven't figured out a good way to test this with DumpRenderTree
        or with Safari. Testing has to be done with Mail for now.

        The machinery to make autoscrolling work on Mac OS X when a WebView is embedded in another
        view had gotten broken in multiple ways. For some reason, a combination of bugs made it
        partly work until around r48064. This brings it back.

        There were three problems:

            1) Code in EventHandler decided there was nothing to scroll, so didn't start
               the autoscroll timer.
            2) The wrong rectangle was passed to Chrome::scrollRectIntoView.
            3) The Mac WebKit implementation of ChromeClient::scrollRectIntoView did incorrect
               coordinate conversion.

        I verified that none of these have any effect on regression tests, or behavior in
        web browsers, or behavior on platforms other than Mac.

        * page/EventHandler.cpp:
        (WebCore::canAutoscroll): Added. Returns true for boxes that can scroll directly
        and for the top level box of the top frame.
        (WebCore::EventHandler::handleMouseDraggedEvent): Use canAutoscroll.
        (WebCore::EventHandler::updateAutoscrollRenderer): Ditto.

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor): Fixed comment.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollRectIntoViewRecursively): Put ASSERT_NOT_REACHED into this
        now-unused function along with some comments about removing some obsolete code.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible): Removed call to scrollRectIntoViewRecursively
        since from the WebKit point of view this is the topmost scroll view anyway. Instead call
        setScrollPosition. Moved the code to call Chrome::scrollRectIntoView here since it needs
        to use a different rectangle anyway.

2010-04-21  Ojan Vafai  <ojan@chromium.org>

        Reviewed by Adele Peterson.

        http://trac.webkit.org/changeset/57215 caused perf/memory regressions
        https://bugs.webkit.org/show_bug.cgi?id=37292

        #if out the canUseGlyphCache Changes from r57215 as they caused a 
        8% perf regression on Chromium's international page load tests so that
        the perf regression can be fixed properly without being left in the tree.

        * platform/graphics/FontFastPath.cpp:
        (WebCore::Font::canUseGlyphCache):

2010-04-28  Beth Dakin  <bdakin@apple.com>

        Reviewed by Darin Adler.

        Fix for <rdar://problem/7474349>

        Add a synchronous display mechanism for WKCACFLayerRenderer. 

        * platform/graphics/win/WKCACFLayerRenderer.cpp:
        (WebCore::WKCACFLayerRenderer::setRootContentsAndDisplay): This is 
        just like setRootContents(), but it calls paint() instead of 
        renderSoon().
        * platform/graphics/win/WKCACFLayerRenderer.h:

2010-04-28  Dmitry Titov  <dimich@chromium.org>

        Reviewed by Geoffrey Garen.

        REGRESSION: fast/workers/wrapper-map-gc.html crashes on Snow Leopard Release Bot
        https://bugs.webkit.org/show_bug.cgi?id=37554

        The flaky fast/workers/wrapper-map-gc.html will stop being flaky.

        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        check if JS execution was terminated, as in cases of Worker.terminate() or WorkerGlobalScope.close().
        * bindings/js/JSWorkerContextBase.cpp:
        (WebCore::toJS): ASSERT the value of workerContextWrapper, it should never be 0.
        * bindings/js/WorkerScriptController.h:
        (WebCore::WorkerScriptController::workerContextWrapper): remove returning 0 if JS execution was forbidden.
        (WebCore::WorkerScriptController::isExecutionForbidden):
        * bindings/v8/WorkerScriptController.h:
        (WebCore::WorkerScriptController::isExecutionForbidden):

        Add ScriptExecutionContext::isJSExecutionTerminated(), it is always 'false' for Document
        and 'true' for WorkerContext when script is terminated.
        * dom/ScriptExecutionContext.h:
        * dom/Document.h:
        (WebCore::Document::isJSExecutionTerminated):
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::isJSExecutionTerminated):
        * workers/WorkerContext.h:

2010-04-28  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: Multiple Main Resource Content Loaded marks appear in Resource panel.
        https://bugs.webkit.org/show_bug.cgi?id=38270

        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.updateGraphDividersIfNeeded):

2010-04-28  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: Timeline: We can have precise urls in the EvaluateScript records.
        https://bugs.webkit.org/show_bug.cgi?id=38264

        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.FormattedRecord.prototype._generatePopupContent):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._getRecordDetails):

2010-04-28  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Linkify node and function in the event listeners panel.

        https://bugs.webkit.org/show_bug.cgi?id=38251

        * bindings/js/ScriptEventListener.cpp:
        (WebCore::eventListenerHandlerBody):
        (WebCore::eventListenerHandlerLocation):
        * bindings/js/ScriptEventListener.h:
        * bindings/v8/ScriptEventListener.cpp:
        (WebCore::eventListenerHandlerBody):
        (WebCore::eventListenerHandlerLocation):
        * bindings/v8/ScriptEventListener.h:
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):
        * inspector/front-end/ElementsPanel.js:
        (WebInspector.ElementsPanel.prototype.linkifyNodeReference):
        (WebInspector.ElementsPanel.prototype.linkifyNodeReference.preventDefault):
        * inspector/front-end/EventListenersSidebarPane.js:
        (WebInspector.EventListenersSidebarPane.prototype.update.callback):
        (WebInspector.EventListenersSidebarPane.prototype.update):
        ():
        * inspector/front-end/StylesSidebarPane.js:
        (WebInspector.StylesSidebarPane.prototype._rebuildSectionsForStyleRules):
        * inspector/front-end/inspector.css:
        (.node-link):

2010-04-28  Julien Chaffraix  <jchaffraix@webkit.org>

        Reviewed by Alexey Proskuryakov.

        [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR
        https://bugs.webkit.org/show_bug.cgi?id=37781
        <rdar://problem/7905150>

        Tests: http/tests/xmlhttprequest/access-control-preflight-credential-async.html
               http/tests/xmlhttprequest/access-control-preflight-credential-sync.html

        Rolling the patch in as I could not reproduce Qt results locally.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Now we remove the
        credential from the request here to avoid forgetting to do so in the different code path.
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Just add the
        "Origin" header.
        (WebCore::DocumentThreadableLoader::loadRequest): Check here the the credential have
        been removed so that we don't leak them. Also tweaked a comment to make it clear that
        the URL check has issue when credential is involved.

2010-04-28  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] GraphicsLayer: preserves-3d and backface visibility
        https://bugs.webkit.org/show_bug.cgi?id=35312

        Implement preserves-3d by maintaining the 3D transformation heirarchy inside GraphicsLayerQt, and extrapolating
        the relative QTransform. When the extrapolation fails (un-invertible matrix) we ignore the transformation change.

        WebKitSite/blog-files/3d-transforms test now work with Qt.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::GraphicsLayerQtImpl::updateTransform):
        (WebCore::GraphicsLayerQtImpl::opaqueArea):
        (WebCore::GraphicsLayerQtImpl::boundingRect):
        (WebCore::GraphicsLayerQtImpl::paint):
        (WebCore::GraphicsLayerQtImpl::flushChanges):

2010-04-28  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: View frame selector for Timeline overview panel is redesigned a bit.
        Now it is possible to adjust view frame by resizer bars and by click-n-drag in overview pane.
        https://bugs.webkit.org/show_bug.cgi?id=38251

        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane):
        (WebInspector.TimelineOverviewPane.prototype.reset):
        (WebInspector.TimelineOverviewPane.prototype._dragWindow):
        (WebInspector.TimelineOverviewPane.prototype._windowSelectorDragging):
        (WebInspector.TimelineOverviewPane.prototype._endWindowSelectorDragging):
        (WebInspector.TimelineOverviewPane.prototype._resizeWindowLeft):
        (WebInspector.TimelineOverviewPane.prototype._resizeWindowRight):
        (WebInspector.TimelineOverviewPane.prototype._setWindowPosition):
        (WebInspector.TimelinePanel.WindowSelector):
        (WebInspector.TimelinePanel.WindowSelector.prototype._createSelectorElement):
        (WebInspector.TimelinePanel.WindowSelector.prototype._close):
        (WebInspector.TimelinePanel.WindowSelector.prototype._updatePosition):
        * inspector/front-end/inspector.css:
        (#timeline-overview-grid):
        (.timeline-window-selector):
        (#timeline-overview-window):
        (.timeline-overview-dividers-background):
        (.timeline-overview-window-rulers):
        (.timeline-window-resizer):

2010-04-28  Marcus Bulach  <bulach@chromium.org>

        Reviewed by Jeremy Orlow.

        Reverts 58340 (https://bugs.webkit.org/show_bug.cgi?id=38158) due to regression on fast/text/international/khmer-selection.html
        https://bugs.webkit.org/show_bug.cgi?id=38254

        * platform/graphics/chromium/FontLinux.cpp:
        (WebCore::adjustTextRenderMode):
        (WebCore::TextRunWalker::getTextRun):
        (WebCore::TextRunWalker::getNormalizedTextRun):
        (WebCore::TextRunWalker::setGlyphXPositions):
        (WebCore::glyphIndexForXPositionInScriptRun):
        (WebCore::Font::offsetForPositionForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * platform/graphics/chromium/FontPlatformDataLinux.cpp:
        (WebCore::FontPlatformData::setupPaint):
        * platform/graphics/chromium/HarfbuzzSkia.cpp:
        (WebCore::getOutlinePoint):
        * platform/graphics/skia/GraphicsContext3DSkia.cpp:
        (WebCore::GraphicsContext3D::getImageData):
        * platform/graphics/skia/GraphicsContextSkia.cpp:
        (WebCore::isCoordinateSkiaSafe):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::strokeRect):

2010-04-28  Andrey Kosyakov  <caseq@chromium.org>

        Reviewed by Yury Semikhatsky.

        Log error message to inspector console if a resource fails to load.
        Disable checking of mime-type consistency for failed resources.
        https://bugs.webkit.org/show_bug.cgi?id=37215

        Test: http/tests/inspector/console-resource-errors.html

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didReceiveResponse):
        (WebCore::InspectorController::didFailLoading):
        * inspector/front-end/Resource.js:
        (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):

2010-04-28  Yury Semikhatsky  <yurys@chromium.org>

        Reviewed by Pavel Feldman.

        Support pause on exceptions in v8 implementation of ScriptDebugServer.

        https://bugs.webkit.org/show_bug.cgi?id=38205        

        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::addListener):
        (WebCore::ScriptDebugServer::pauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setPauseOnExceptionsState):
        (WebCore::ScriptDebugServer::currentCallFrame):
        (WebCore::ScriptDebugServer::handleV8DebugMessage):
        (WebCore::ScriptDebugServer::dispatchDidParseSource):
        * bindings/v8/ScriptDebugServer.h:

2010-04-28  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r58313.
        http://trac.webkit.org/changeset/58313
        https://bugs.webkit.org/show_bug.cgi?id=38253

        Regression evident in pixel tests: the search icon is always
        clipped at the bottom. (Requested by jorlow on #webkit).

        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::controlClipRect):
        * rendering/RenderTextControl.h:
        (WebCore::RenderTextControl::hasControlClip):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::paint):
        * rendering/RenderTextControlSingleLine.h:

2010-04-28  Justin McPherson <justin.mcpherson@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix detection of Qt 4.7's multimedia libraries

        QtMultimedia has been split into an additional media services library, which
        we're using. mediaservices depends on multimedia.

        * WebCore.pro:

2010-04-28  Shinichiro Hamaji  <hamaji@chromium.org>

        Unreviewed attempt to fix the chromium build.

        Add layoutTestController.setPrinting()
        https://bugs.webkit.org/show_bug.cgi?id=37203

        * rendering/RenderTreeAsText.cpp:

2010-04-27  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler and Eric Seidel.

        Add layoutTestController.setPrinting()
        https://bugs.webkit.org/show_bug.cgi?id=37203

        Added RenderAsTextPrintingMode as a behavior of externalRepresentation.

        Now ~PrintContext() calls end() automatically.

        * page/PrintContext.cpp:
        (WebCore::PrintContext::~PrintContext):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::externalRepresentation):
        * rendering/RenderTreeAsText.h:
        (WebCore::):

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Eric Seidel.

        Enhance CSS parser for Paged Media (Iteration 4)
        Implement page property parsing as specified at http://dev.w3.org/csswg/css3-page/#using-named-pages.
        https://bugs.webkit.org/show_bug.cgi?id=35853

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parsePage):
        * css/CSSParser.h:

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Dimitri Glazkov.

        Enhance CSS parser for Paged Media (Iteration 3)
        Implement size parameter parsing for Paged Media.
        https://bugs.webkit.org/show_bug.cgi?id=35851

        I believe size property hasn't been used so far because (1) it hasn't been properly parsed and
        (2) a comment in CSSComputedStyleDeclaration::getPropertyCSSValue says so.
        Changing the way of parsing it should not cause any regressions -- no existing tests fail because of this change.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseSize):
        (WebCore::CSSParser::parseSizeParameter):
        * css/CSSParser.h:
        (WebCore::CSSParser::):
        * css/CSSValueKeywords.in:

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Eric Seidel.

        Enhance CSS parser for Paged Media (Iteration 2)
        Parse and hold paged media rules in CSSStyleSelector.

        https://bugs.webkit.org/show_bug.cgi?id=35782

        Test: printing/page-rule-css-text.html

        * css/CSSGrammar.y:
        * css/CSSPageRule.cpp:
        (WebCore::CSSPageRule::CSSPageRule):
        (WebCore::CSSPageRule::selectorText):
        * css/CSSPageRule.h:
        (WebCore::CSSPageRule::create):
        (WebCore::CSSPageRule::isPageRule):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::createPageRule):
        * css/CSSStyleRule.h:
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSRuleSet::getPageRules):
        (WebCore::CSSRuleSet::CSSRuleSet):
        (WebCore::CSSRuleSet::~CSSRuleSet):
        (WebCore::CSSRuleSet::addPageRule):
        (WebCore::CSSRuleSet::addRulesFromSheet):
        * css/CSSStyleSelector.h:
        * css/StyleBase.h:
        (WebCore::StyleBase::isPageRule):

2010-04-27  Daniel Bates  <dbates@rim.com>

        Reviewed by Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=37686

        Fixes an issue where the canvas method strokeRect will stroke a
        rectangle whose dimensions are 0 when lineWidth > 1.

        As per the definition of strokeRect in the HTML Canvas 2D Context
        spec. <http://www.w3.org/TR/2dcontext/#dom-context-2d-strokerect>,
        this method should have no effect when both the height and width
        are zero.

        Tests: fast/canvas/canvas-clearRect.html
               fast/canvas/canvas-fillRect.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::validateRectForCanvas): Return false if height, width == 0.

2010-04-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Remove obsolete custom bindings file
        https://bugs.webkit.org/show_bug.cgi?id=38223

        We don't need these files anymore because they are empty.

        * Android.jscbindings.mk:
        * GNUmakefile.am:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSAbstractWorkerCustom.cpp: Removed.
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSDocumentFragmentCustom.cpp: Removed.
        * bindings/js/JSEventSourceCustom.cpp: Removed.

2010-04-27  Daniel Cheng  <dcheng@chromium.org>

        Reviewed by Jian Li.

        [Chromium] Filter out URLs with a file scheme from text/uri-list when dragging.
        https://bugs.webkit.org/show_bug.cgi?id=38227

        Unfortunately, the simple fix of not populating the drag data with file URLs doesn't work
        since the default drop handling uses the drag data URL to navigate to dropped files/URLs.
        For now, we hack around the problem in the Chromium platform, but the proper long term
        solution is to change DragController::performDrag to check dragData::asFilenames().

        No new tests.

        * platform/chromium/ClipboardChromium.cpp:
        (WebCore::ClipboardChromium::getData):
        (WebCore::ClipboardChromium::types):

2010-04-27  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by the inimitable Dan Bernstein.

        SVG as background image renders incorrectly after zooming
        https://bugs.webkit.org/show_bug.cgi?id=38215
        
        When doing a partial redraw of an SVGImage used as a CSS background
        image, we're limited to drawing the entire Frame, clipped to the dirty rect.
        Because of this, we need to fix up the CTM so that the origin is at the
        top left of the unclipped image, rather than the top left of the
        portion being redrawn.

        Test: fast/images/svg-background-partial-redraw.html

        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::draw):

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by David Hyatt.

        Retry of: Enhance CSS parser for Paged Media (Iteration 1)

        In this change, the grammar is extended and skeletal methods for creating page rules and margin at-rules are defined.
        The contents of the methods should be implemented by other changes.

        https://bugs.webkit.org/show_bug.cgi?id=35329

        Test: fast/css/parsing-page-rule.html

        * css/CSSGrammar.y:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::CSSParser):
        (WebCore::CSSParser::clearProperties):
        (WebCore::CSSParser::createPageRule):
        (WebCore::CSSParser::createMarginAtRule):
        (WebCore::CSSParser::startDeclarationsForMarginBox):
        (WebCore::CSSParser::endDeclarationsForMarginBox):
        * css/CSSParser.h:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::):
        * css/tokenizer.flex:

2010-04-27  Julien Chaffraix  <jchaffraix@webkit.org>

        Unreviewed, rolling out my changes as it rendered the Qt bot unreliable.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::loadRequest):

2010-04-27  Julien Chaffraix  <jchaffraix@webkit.org>

        Reviewed by Alexey Proskuryakov.

        [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR
        https://bugs.webkit.org/show_bug.cgi?id=37781
        <rdar://problem/7905150>

        Tests: http/tests/xmlhttprequest/access-control-preflight-credential-async.html
               http/tests/xmlhttprequest/access-control-preflight-credential-sync.html

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Now we remove the
        credential from the request here to avoid forgetting to do so in the different code path.
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Just add the
        "Origin" header.
        (WebCore::DocumentThreadableLoader::loadRequest): Check here the the credential have
        been removed so that we don't leak them. Also tweaked a comment to make it clear that
        the URL check has issue when credential is involved.

2010-04-27  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38238
        Allow both WebKit and WebKit2 to link to the same WebCore.framework

        * Configurations/WebCore.xcconfig: Use -allowable_client WebKit2 to add
        WebKit2 to the list of frameworks that can link directly to WebCore. It
        is not necessary for it to be an umbrella since we don't need to reexport
        any symbols.

2010-04-27  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by David Levin.

        Turn on AUTO_VACUUM = INCREMENTAL for all HTML5 databases.
        https://bugs.webkit.org/show_bug.cgi?id=38191

        Vacuum all databases when the number of free pages is at least 10%
        of the number of total pages. Also, add a guard against a bug that
        was fixed in SQLite only starting with version 3.6.16.

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::maximumSize):
        (WebCore::SQLiteDatabase::freeSpaceSize):
        (WebCore::SQLiteDatabase::totalSize):
        (WebCore::SQLiteDatabase::runIncrementalVacuumCommand):
        (WebCore::SQLiteDatabase::turnOnIncrementalAutoVacuum):
        * platform/sql/SQLiteDatabase.h:
        (WebCore::SQLiteDatabase::):
        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare):
        (WebCore::SQLiteStatement::step):
        * storage/Database.cpp:
        (WebCore::Database::performOpenAndVerify):
        (WebCore::Database::incrementalVacuumIfNeeded):
        * storage/Database.h:
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::postflightAndCommit):

2010-04-27  Garret Kelly  <gdk@chromium.org>

        Reviewed by Darin Fisher.

        Turn all of the touch event handlers into RuntimeEnabledFeatures, and
        modify the createEvent methond on Document so that it won't create a
        TouchEvent if the feature is disabled.
        https://bugs.webkit.org/show_bug.cgi?id=37485

        * bindings/generic/RuntimeEnabledFeatures.cpp:
        * bindings/generic/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::touchEnabled):
        (WebCore::RuntimeEnabledFeatures::setTouchEnabled):
        (WebCore::RuntimeEnabledFeatures::ontouchstartEnabled):
        (WebCore::RuntimeEnabledFeatures::ontouchmoveEnabled):
        (WebCore::RuntimeEnabledFeatures::ontouchendEnabled):
        (WebCore::RuntimeEnabledFeatures::ontouchcancelEnabled):
        * dom/Document.cpp:
        (WebCore::Document::createEvent):
        * dom/Document.idl:
        * dom/Element.idl:
        * page/DOMWindow.idl:

2010-04-27  Jens Alfke  <snej@chromium.org>

        Reviewed by Darin Fisher.

        [Chromium] Add some notifications and an accessor to WebKit API
        https://bugs.webkit.org/show_bug.cgi?id=37625

        * dom/Node.cpp:
        (WebCore::Node::hasNonEmptyBoundingBox): New method.
        * dom/Node.h:
        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::isKeyboardFocusable): Moved part of method into new Node method

2010-04-27  Jochen Eisinger  <jochen@chromium.org>

        Reviewed by Shinichiro Hamaji.

        Fix gyp build on Mac OS X with enable_svg=0.
        https://bugs.webkit.org/show_bug.cgi?id=38192

        * WebCore.gyp/WebCore.gyp: Only generate SVG symbols if enable_svg!=0.
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): Add missing unimplemented CSS properties to switch statement.

2010-04-27  Kinuko Yasuda  <kinuko@chromium.org>

        Reviewed by Jian Li.

        [V8] Handle OR ('|') conditional in action_derivedsourcesallinone.py
        https://bugs.webkit.org/show_bug.cgi?id=38207

        No new tests.

        * WebCore.gyp/scripts/action_derivedsourcesallinone.py:

2010-04-27  François Sausset  <sausset@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        Implementation of the MathML mroot & msqrt elements.
        https://bugs.webkit.org/show_bug.cgi?id=37044

        Test: mathml/presentation/roots.xhtml

        * WebCore.xcodeproj/project.pbxproj:
        * css/mathml.css:
        (mroot):
        (mroot > * + *):
        (mroot > * + mrow, mroot > * + mfenced):
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createRenderer):
        * mathml/RenderMathMLRoot.cpp: Added.
        (WebCore::RenderMathMLRoot::RenderMathMLRoot):
        (WebCore::RenderMathMLRoot::addChild):
        (WebCore::RenderMathMLRoot::paint):
        (WebCore::RenderMathMLRoot::layout):
        * mathml/RenderMathMLRoot.h: Added.
        * mathml/RenderMathMLSquareRoot.cpp: Added.
        (WebCore::RenderMathMLSquareRoot::RenderMathMLSquareRoot):
        (WebCore::RenderMathMLSquareRoot::paint):
        (WebCore::RenderMathMLSquareRoot::layout):
        * mathml/RenderMathMLSquareRoot.h: Added.

2010-04-27  Darin Adler  <darin@apple.com>

        Reviewed by Maciej Stachowiak.

        I noticed an unused forwarding header.

        * ForwardingHeaders/runtime/PropertyMap.h: Removed.

2010-04-27  James Robinson  <jamesr@chromium.org>

        Reviewed by Adam Barth.

        Fix gcc 4.4.1 warnings on Linux in the chromium V8 bindings code.
        https://bugs.webkit.org/show_bug.cgi?id=38153

        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::callFunction):

2010-04-27  Eric Seidel  <eric@webkit.org>

        Unreviewed, rolling out r58318.
        http://trac.webkit.org/changeset/58318
        https://bugs.webkit.org/show_bug.cgi?id=37215

        Broke test on Tiger.  Might just need updated results,
        unclear.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didReceiveResponse):
        (WebCore::InspectorController::didFailLoading):
        * inspector/front-end/Resource.js:
        (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):

2010-04-27  Evan Martin  <evan@chromium.org>

        Reviewed by David Levin.

        [chromium] bold bengali text not rendered properly on Linux
        https://bugs.webkit.org/show_bug.cgi?id=37904

        We must let Skia do font fallback, rather than picking a font name
        then handing that to Skia.  For example, if we have Bengali text and
        choose FreeSans + fake bold, and then later reuse the name, Skia will
        helpfully use FreeSansBold (which doesn't cover Bengali).

        Test: fast/text/international/bold-bengali.html

        * platform/graphics/chromium/FontCacheLinux.cpp:
        (WebCore::FontCache::getFontDataForCharacters):

2010-04-27  James Robinson  <jamesr@chromium.org>

        Reviewed by Darin Adler.

        Fix warnings emitted by gcc 4.4.1 on linux in chromium-specific platform graphics files.
        https://bugs.webkit.org/show_bug.cgi?id=38158

        Most of the issues are signed/unsigned mismatches, but there are a few unusued variables
        and functions mixed in.

        * platform/graphics/chromium/FontLinux.cpp:
        (WebCore::adjustTextRenderMode):
        (WebCore::TextRunWalker::getTextRun):
        (WebCore::TextRunWalker::getNormalizedTextRun):
        (WebCore::TextRunWalker::setGlyphXPositions):
        (WebCore::glyphIndexForXPositionInScriptRun):
        (WebCore::Font::offsetForPositionForComplexText):
        (WebCore::Font::selectionRectForComplexText):
        * platform/graphics/chromium/FontPlatformDataLinux.cpp:
        (WebCore::FontPlatformData::setupPaint):
        * platform/graphics/chromium/HarfbuzzSkia.cpp:
        (WebCore::getOutlinePoint):
        * platform/graphics/skia/GraphicsContext3DSkia.cpp:
        (WebCore::GraphicsContext3D::getImageData):
        * platform/graphics/skia/GraphicsContextSkia.cpp:
        (WebCore::isCoordinateSkiaSafe):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::strokeRect):

2010-04-27  Jian Li  <jianli@chromium.org>

        Reviewed by Darin Adler.

        Sending a package file using FormData crashes WebKit on Mac.
        https://bugs.webkit.org/show_bug.cgi?id=37882

        Can't add a layout test because DRT does not support generating the file name.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::submitForm):
        (WebCore::FrameLoader::navigateToDifferentDocument):
        * platform/network/FormData.cpp:
        (WebCore::FormData::appendDOMFormData):
        * platform/network/FormData.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::send):

2010-04-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Remove custom NodeIterator bindings
        https://bugs.webkit.org/show_bug.cgi?id=38188

        Another example of CallWith=ScriptState.  This case shows us the right
        way to handle the interaction with exception codes.

        In my previous patch, I put the exception code handling after the
        ScriptState exception handling.  It turns out this was a mistake
        (although a harmless one at the time because no IDL caused us to
        generate that code).  Now that we're generating both kinds of exception
        handling, we need to generate them in the right order.

        * WebCore.gypi:
        * bindings/js/JSNodeIteratorCustom.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_with_script_state_void_exception):
        (webkit_dom_test_obj_with_script_state_obj_exception):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateVoidException):
        (WebCore::jsTestObjPrototypeFunctionWithScriptStateObjException):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj withScriptStateVoidException]):
        (-[DOMTestObj withScriptStateObjException]):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::withScriptStateVoidCallback):
        (WebCore::TestObjInternal::withScriptStateObjCallback):
        (WebCore::TestObjInternal::withScriptStateVoidExceptionCallback):
        (WebCore::TestObjInternal::withScriptStateObjExceptionCallback):
        (WebCore::):
        * bindings/v8/custom/V8NodeIteratorCustom.cpp: Removed.
        * dom/NodeIterator.idl:

2010-04-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Darin Adler.

        Remove copy/paste addEventListener "custom" bindings via code generation
        https://bugs.webkit.org/show_bug.cgi?id=38210

        It's somewhat lame to special case addEventListener and
        removeEventListener in the code generator, but it saves a large amount
        of boilerplate "custom" bindings code.

        Idea shamelessly stolen from the V8 code generator.

        This patch points to some good refactoring opportunities in
        CodeGeneratorJS.pm, but I'm going to hold off on those for a future
        patch.  By generating test coverage for the code generator, we make
        these future refactorings easier.

        * bindings/js/JSAbstractWorkerCustom.cpp:
        * bindings/js/JSDOMApplicationCacheCustom.cpp:
        * bindings/js/JSDesktopNotificationsCustom.cpp:
        * bindings/js/JSEventSourceCustom.cpp:
        * bindings/js/JSMessagePortCustom.cpp:
        * bindings/js/JSNodeCustom.cpp:
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        * bindings/js/JSWebSocketCustom.cpp:
        * bindings/js/JSWorkerContextCustom.cpp:
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::):
        (WebCore::jsTestObjPrototypeFunctionAddEventListener):
        (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj addEventListener:listener:useCapture:]):
        (-[DOMTestObj removeEventListener:listener:useCapture:]):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::addEventListenerCallback):
        (WebCore::TestObjInternal::removeEventListenerCallback):
        (WebCore::):
        * dom/MessagePort.idl:
        * dom/Node.idl:
        * loader/appcache/DOMApplicationCache.idl:
        * notifications/Notification.idl:
        * page/EventSource.idl:
        * svg/SVGElementInstance.idl:
        * websockets/WebSocket.idl:
        * workers/AbstractWorker.idl:
        * workers/WorkerContext.idl:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestUpload.idl:

2010-04-27  Sam Weinig  <sam@webkit.org>

        Rubber-stamped by Beth Dakin.

        Remove now unnecessary EXPERIMENTAL_SINGLE_VIEW_MODE #define.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::EventHandler):
        (WebCore::EventHandler::clearDragState):
        * page/EventHandler.h:
        * page/mac/DragControllerMac.mm:
        * page/mac/EventHandlerMac.mm:
        * platform/mac/PopupMenuMac.mm:

2010-04-27  Ben Murdoch  <benm@google.com>

        Reviewed by Simon Hausmann.

        The TouchStationary state of WebCore::PlatformTouchPoint is not handled inside the touch event handler.
        https://bugs.webkit.org/show_bug.cgi?id=37609

        No new tests required, only updating documentation.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleTouchEvent): Improve the documentation for handling
            the TouchStationary state as a result of discussions in bug 37609.

2010-04-27  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Darin Adler, Maciej Stachowiak.

        REGRESSION (r57919): Some pages opened in background tabs don't render the first time you activate their tab
        https://bugs.webkit.org/show_bug.cgi?id=38183

        Rather than sprinkle PLATFORM #ifdefs around, add a new method,
        RenderLayerCompositor::shouldPropagateCompositingToIFrameParent(), that indicates whether
        an iframe with composited content should trigger compositing mode in the enclosing document
        (a behavior that differs between platforms).
        
        Use this new method to determine whether to trigger a style recalc in the parent document
        when an iframe becomes composited.
        
        Move the code formerly in RenderView::compositingStateChanged() into RenderLayerCompositor().

        * manual-tests/compositing/accel-comp-iframe-tab-repaint.html: Added.
        * manual-tests/compositing/resources/flash-frame.html: Added.
        * manual-tests/compositing/resources/tab-repaint-part-2.html: Added.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::enableCompositingMode):
        (WebCore::RenderLayerCompositor::shouldPropagateCompositingToIFrameParent):
        (WebCore::RenderLayerCompositor::requiresCompositingForIFrame):
        * rendering/RenderLayerCompositor.h:
        * rendering/RenderView.cpp:
        * rendering/RenderView.h:

2010-04-27  Andrey Kosyakov  <caseq@chromium.org>

        Reviewed by Yury Semikhatsky.

        Log error message to inspector console if a resource fails to load.
        Disable checking of mime-type consistency for failed resources.
        https://bugs.webkit.org/show_bug.cgi?id=37215

        Test: http/tests/inspector/console-resource-errors.html

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didReceiveResponse):
        (WebCore::InspectorController::didFailLoading):
        * inspector/front-end/Resource.js:
        (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):

2010-04-27  Vitaly Repeshko  <vitalyr@chromium.org>

        Reviewed by Nate Chapin.

        [V8] Fix XHR memory leak in GC controller.
        https://bugs.webkit.org/show_bug.cgi?id=38202

        http://trac.webkit.org/changeset/55798 simplified processing of
        active DOM objects but introduced a subtle bug in garbage
        collection of XHRs. ActiveDOMObject is not a direct base class of
        XHR and so upcasting changes pointer identity and breaks DOM
        maps. This leads to forever live persistent handles to XHR that
        had pending activity while V8 GC happened.

        * bindings/v8/V8GCController.cpp:
        (WebCore::GCEpilogueVisitor::visitDOMWrapper):

2010-04-27  Adam Barth  <abarth@webkit.org>

        Unreviewed.  Regenerate reference bindings code generator output.

        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::withScriptStateVoidCallback):
        (WebCore::TestObjInternal::withScriptStateObjCallback):

2010-04-27  Joseph Pecoraro  <joepeck@webkit.org>

        Reviewed by Dan Bernstein.

        <input type="search"> with uneven padding causes text clipping
        https://bugs.webkit.org/show_bug.cgi?id=38160

        Test: fast/css/input-search-padding.html

        An <input type="search"> contains an inner block, which is explicitly
        centered in RenderTextControlSingleLine based on the height of the element.
        However, the clipping rect was not using the set location, and instead
        calculated off of the top border and padding alone. This also vertically
        centers the Caps Lock indicator.

        * rendering/RenderTextControl.cpp: moved controlClipRect implementation to RenderTextControlSingleLine
        * rendering/RenderTextControl.h: allow a subclass implementation of controlClipRect, removed redundant hasControlClip implementation, and moved controlClipRect
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::paint): vertically center the Caps Lock indicator
        (WebCore::RenderTextControlSingleLine::controlClipRect): use the set location of the anonymous inner block instead
        * rendering/RenderTextControlSingleLine.h: allow for an implementation of controlClipRect for <input type="search">

2010-04-27  Thomas Zander <t.zander@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix linking on Symbian on Linux using the Makefile based mkspec.

        Disable thumb mode due to library size limitations, just like it's done
        for the sbs/sbsv2 based build system.

        * WebCore.pro:

2010-04-21  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Make sure WebKit is not compiled using C++0x.
        https://bugs.webkit.org/show_bug.cgi?id=37867

        As the rest of Qt compiles in the C++0x mode, people might start
        compiling it in this mode. WebKit don't support this yet.

        Patch by Thiago Macieira <thiago.macieira@nokia.com>

        * WebCore.pro:

2010-04-27  Jeremy Orlow  <jorlow@chromium.org>

        Unreviewed build fix.

        Revert 58274 and 58269 (WebSQLDatabase changes)
        https://bugs.webkit.org/show_bug.cgi?id=38191

        Chromium bots are hitting ASSERTS when running layout tests.

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::maximumSize):
        (WebCore::SQLiteDatabase::freeSpaceSize):
        * platform/sql/SQLiteDatabase.h:
        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare):
        * storage/Database.cpp:
        (WebCore::Database::performOpenAndVerify):
        * storage/Database.h:
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::postflightAndCommit):

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Unreviewed, fix build breakage by reverting r58299.

        * css/CSSGrammar.y:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::CSSParser):
        (WebCore::CSSParser::clearProperties):
        * css/CSSParser.h:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::):
        * css/tokenizer.flex:

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by Shinichiro Hamaji.

        WebCore::CSSSelector::RareData::parseNth doesn't check whether the search for '-' in the argument was successful.
        This results in incorrect parsing.
        For example, '3n' is parsed as if it were '3n-3'. The code has been working OK just accidentally.

        https://bugs.webkit.org/show_bug.cgi?id=37787

        No new tests are added because the original behavior is accidentally OK.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::RareData::parseNth):

2010-04-27  Yuzo Fujishima  <yuzo@google.com>

        Reviewed by David Hyatt.

        Enhance CSS parser for Paged Media (Iteration 1)

        In this change, the grammar is extended and skeletal methods for creating page rules and margin at-rules are defined.
        The contents of the methods should be implemented by other changes.

        https://bugs.webkit.org/show_bug.cgi?id=35329

        Test: fast/css/parsing-page-rule.html

        * css/CSSGrammar.y:
        * css/CSSParser.cpp:
        (WebCore::CSSParser::CSSParser):
        (WebCore::CSSParser::clearProperties):
        (WebCore::CSSParser::lex):
        (WebCore::CSSParser::text):
        (WebCore::CSSParser::createPageRule):
        (WebCore::CSSParser::createMarginAtRule):
        (WebCore::CSSParser::startDeclarationsForMarginBox):
        (WebCore::CSSParser::endDeclarationsForMarginBox):
        * css/CSSParser.h:
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        (WebCore::CSSSelector::):
        * css/tokenizer.flex:

2010-04-27  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Remove custom bindings for TreeWalker
        https://bugs.webkit.org/show_bug.cgi?id=38182

        This custom code is just CallWith=ScriptState.

        * WebCore.gypi:
        * bindings/js/JSTreeWalkerCustom.cpp:
        (WebCore::JSTreeWalker::markChildren):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/TestObj.idl:
        * bindings/v8/custom/V8TreeWalkerCustom.cpp: Removed.
        * dom/TreeWalker.idl:

2010-04-27  Eric Seidel  <eric@webkit.org>

        Reviewed by Adam Barth.

        Move code out of GenerateImplementation to make it more smaller
        https://bugs.webkit.org/show_bug.cgi?id=38176

        * bindings/scripts/CodeGeneratorJS.pm:
         - Move some code into a new GenerateAttributesHashTable method.

2010-04-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add CallWith=DynamicFrame to CodeGenerator
        https://bugs.webkit.org/show_bug.cgi?id=38174

        I've only used this in one instance, but this is infrastructure that I
        think will help remove a bunch of custom bindings code.  Also, added a
        few tests of tricky argument cases.

        * bindings/js/JSHTMLFormElementCustom.cpp:
        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_with_dynamic_frame):
        (webkit_dom_test_obj_with_dynamic_frame_and_arg):
        (webkit_dom_test_obj_with_dynamic_frame_and_optional_arg):
        (webkit_dom_test_obj_with_dynamic_frame_and_user_gesture):
        (webkit_dom_test_obj_with_dynamic_frame_and_user_gesture_asad):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrame):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndArg):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndUserGesture):
        (WebCore::jsTestObjPrototypeFunctionWithDynamicFrameAndUserGestureASAD):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj withDynamicFrame]):
        (-[DOMTestObj withDynamicFrameAndArg:]):
        (-[DOMTestObj withDynamicFrameAndOptionalArg:optionalArg:]):
        (-[DOMTestObj withDynamicFrameAndUserGesture:]):
        (-[DOMTestObj withDynamicFrameAndUserGestureASAD:optionalArg:]):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::TestObjInternal::withDynamicFrameCallback):
        (WebCore::TestObjInternal::withDynamicFrameAndArgCallback):
        (WebCore::TestObjInternal::withDynamicFrameAndOptionalArgCallback):
        (WebCore::TestObjInternal::withDynamicFrameAndUserGestureCallback):
        (WebCore::TestObjInternal::withDynamicFrameAndUserGestureASADCallback):
        (WebCore::):
        * bindings/v8/custom/V8HTMLFormElementCustom.cpp:
        * html/HTMLFormElement.idl:

2010-04-26  Adam Barth  <abarth@webkit.org>

        Unreviewed.  Update comment to better reflect reality.

        * bindings/scripts/test/TestObj.idl:

2010-04-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add ObjC and GObject to run-bindings-test
        https://bugs.webkit.org/show_bug.cgi?id=38168

        Added expected results.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp: Added.
        (WebKit::kit):
        (webkit_dom_test_obj_void_method):
        (webkit_dom_test_obj_void_method_with_args):
        (webkit_dom_test_obj_int_method):
        (webkit_dom_test_obj_int_method_with_args):
        (webkit_dom_test_obj_obj_method):
        (webkit_dom_test_obj_obj_method_with_args):
        (webkit_dom_test_obj_method_with_exception):
        (webkit_dom_test_obj_method_with_optional_arg):
        (webkit_dom_test_obj_method_with_non_optional_arg_and_optional_arg):
        (webkit_dom_test_obj_method_with_non_optional_arg_and_two_optional_args):
        (webkit_dom_test_obj_get_read_only_int_attr):
        (webkit_dom_test_obj_get_read_only_string_attr):
        (webkit_dom_test_obj_get_read_only_test_obj_attr):
        (webkit_dom_test_obj_get_int_attr):
        (webkit_dom_test_obj_set_int_attr):
        (webkit_dom_test_obj_get_string_attr):
        (webkit_dom_test_obj_set_string_attr):
        (webkit_dom_test_obj_get_test_obj_attr):
        (webkit_dom_test_obj_set_test_obj_attr):
        (webkit_dom_test_obj_get_attr_with_exception):
        (webkit_dom_test_obj_set_attr_with_exception):
        (webkit_dom_test_obj_get_attr_with_setter_exception):
        (webkit_dom_test_obj_set_attr_with_setter_exception):
        (webkit_dom_test_obj_get_attr_with_getter_exception):
        (webkit_dom_test_obj_set_attr_with_getter_exception):
        (WebKit::wrapTestObj):
        (WebKit::core):
        (webkit_dom_test_obj_finalize):
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):
        (webkit_dom_test_obj_class_init):
        (webkit_dom_test_obj_init):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestObjPrivate.h: Added.
        * bindings/scripts/test/ObjC/DOMTestObj.h: Added.
        * bindings/scripts/test/ObjC/DOMTestObj.mm: Added.
        (-[DOMTestObj dealloc]):
        (-[DOMTestObj finalize]):
        (-[DOMTestObj readOnlyIntAttr]):
        (-[DOMTestObj readOnlyStringAttr]):
        (-[DOMTestObj readOnlyTestObjAttr]):
        (-[DOMTestObj intAttr]):
        (-[DOMTestObj setIntAttr:]):
        (-[DOMTestObj stringAttr]):
        (-[DOMTestObj setStringAttr:]):
        (-[DOMTestObj testObjAttr]):
        (-[DOMTestObj setTestObjAttr:]):
        (-[DOMTestObj attrWithException]):
        (-[DOMTestObj setAttrWithException:]):
        (-[DOMTestObj attrWithSetterException]):
        (-[DOMTestObj setAttrWithSetterException:]):
        (-[DOMTestObj attrWithGetterException]):
        (-[DOMTestObj setAttrWithGetterException:]):
        (-[DOMTestObj customAttr]):
        (-[DOMTestObj setCustomAttr:]):
        (-[DOMTestObj voidMethod]):
        (-[DOMTestObj voidMethodWithArgs:strArg:objArg:]):
        (-[DOMTestObj intMethod]):
        (-[DOMTestObj intMethodWithArgs:strArg:objArg:]):
        (-[DOMTestObj objMethod]):
        (-[DOMTestObj objMethodWithArgs:strArg:objArg:]):
        (-[DOMTestObj methodWithException]):
        (-[DOMTestObj customMethod]):
        (-[DOMTestObj customMethodWithArgs:strArg:objArg:]):
        (-[DOMTestObj methodWithOptionalArg:]):
        (-[DOMTestObj methodWithNonOptionalArgAndOptionalArg:opt:]):
        (-[DOMTestObj methodWithNonOptionalArgAndTwoOptionalArgs:opt1:opt2:]):
        (core):
        (kit):
        * bindings/scripts/test/ObjC/DOMTestObjInternal.h: Added.

2010-04-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Add testing infrastructure for JSC bindings generator
        https://bugs.webkit.org/show_bug.cgi?id=38167

        This required moving the test files around a bit more.

        * bindings/scripts/test/JS/JSTestObj.cpp: Added.
        (WebCore::):
        (WebCore::JSTestObjConstructor::JSTestObjConstructor):
        (WebCore::JSTestObjConstructor::classInfo):
        (WebCore::JSTestObjConstructor::createStructure):
        (WebCore::JSTestObjConstructor::getOwnPropertySlot):
        (WebCore::JSTestObjConstructor::getOwnPropertyDescriptor):
        (WebCore::JSTestObjPrototype::self):
        (WebCore::JSTestObjPrototype::getOwnPropertySlot):
        (WebCore::JSTestObjPrototype::getOwnPropertyDescriptor):
        (WebCore::JSTestObj::JSTestObj):
        (WebCore::JSTestObj::~JSTestObj):
        (WebCore::JSTestObj::createPrototype):
        (WebCore::JSTestObj::getOwnPropertySlot):
        (WebCore::JSTestObj::getOwnPropertyDescriptor):
        (WebCore::jsTestObjReadOnlyIntAttr):
        (WebCore::jsTestObjReadOnlyStringAttr):
        (WebCore::jsTestObjReadOnlyTestObjAttr):
        (WebCore::jsTestObjIntAttr):
        (WebCore::jsTestObjStringAttr):
        (WebCore::jsTestObjTestObjAttr):
        (WebCore::jsTestObjAttrWithException):
        (WebCore::jsTestObjAttrWithSetterException):
        (WebCore::jsTestObjAttrWithGetterException):
        (WebCore::jsTestObjCustomAttr):
        (WebCore::jsTestObjConstructor):
        (WebCore::JSTestObj::put):
        (WebCore::setJSTestObjIntAttr):
        (WebCore::setJSTestObjStringAttr):
        (WebCore::setJSTestObjTestObjAttr):
        (WebCore::setJSTestObjAttrWithException):
        (WebCore::setJSTestObjAttrWithSetterException):
        (WebCore::setJSTestObjAttrWithGetterException):
        (WebCore::setJSTestObjCustomAttr):
        (WebCore::JSTestObj::getConstructor):
        (WebCore::jsTestObjPrototypeFunctionVoidMethod):
        (WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionIntMethod):
        (WebCore::jsTestObjPrototypeFunctionIntMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionObjMethod):
        (WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithException):
        (WebCore::jsTestObjPrototypeFunctionCustomMethod):
        (WebCore::jsTestObjPrototypeFunctionCustomMethodWithArgs):
        (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
        (WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
        (WebCore::toJS):
        (WebCore::toTestObj):
        * bindings/scripts/test/JS/JSTestObj.h: Added.
        (WebCore::JSTestObj::classInfo):
        (WebCore::JSTestObj::createStructure):
        (WebCore::JSTestObj::impl):
        (WebCore::JSTestObjPrototype::classInfo):
        (WebCore::JSTestObjPrototype::createStructure):
        (WebCore::JSTestObjPrototype::JSTestObjPrototype):
        * bindings/scripts/test/TestObj.idl:
        * bindings/scripts/test/V8/V8TestObj.cpp: Renamed from WebCore/bindings/scripts/test/V8TestObj.cpp.
        (WebCore::):
        (WebCore::TestObjInternal::V8_USE):
        (WebCore::TestObjInternal::readOnlyIntAttrAttrGetter):
        (WebCore::TestObjInternal::readOnlyStringAttrAttrGetter):
        (WebCore::TestObjInternal::readOnlyTestObjAttrAttrGetter):
        (WebCore::TestObjInternal::intAttrAttrGetter):
        (WebCore::TestObjInternal::intAttrAttrSetter):
        (WebCore::TestObjInternal::stringAttrAttrGetter):
        (WebCore::TestObjInternal::stringAttrAttrSetter):
        (WebCore::TestObjInternal::testObjAttrAttrGetter):
        (WebCore::TestObjInternal::testObjAttrAttrSetter):
        (WebCore::TestObjInternal::attrWithExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithExceptionAttrSetter):
        (WebCore::TestObjInternal::attrWithSetterExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithSetterExceptionAttrSetter):
        (WebCore::TestObjInternal::attrWithGetterExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithGetterExceptionAttrSetter):
        (WebCore::TestObjInternal::voidMethodCallback):
        (WebCore::TestObjInternal::voidMethodWithArgsCallback):
        (WebCore::TestObjInternal::intMethodCallback):
        (WebCore::TestObjInternal::intMethodWithArgsCallback):
        (WebCore::TestObjInternal::objMethodCallback):
        (WebCore::TestObjInternal::objMethodWithArgsCallback):
        (WebCore::TestObjInternal::methodWithExceptionCallback):
        (WebCore::TestObjInternal::methodWithOptionalArgCallback):
        (WebCore::TestObjInternal::methodWithNonOptionalArgAndOptionalArgCallback):
        (WebCore::TestObjInternal::methodWithNonOptionalArgAndTwoOptionalArgsCallback):
        (WebCore::TestObjInternal::overloadedMethod1Callback):
        (WebCore::TestObjInternal::overloadedMethod2Callback):
        (WebCore::TestObjInternal::overloadedMethod3Callback):
        (WebCore::TestObjInternal::overloadedMethod4Callback):
        (WebCore::TestObjInternal::overloadedMethodCallback):
        (WebCore::ConfigureV8TestObjTemplate):
        (WebCore::V8TestObj::GetRawTemplate):
        (WebCore::V8TestObj::GetTemplate):
        (WebCore::V8TestObj::toNative):
        (WebCore::V8TestObj::HasInstance):
        (WebCore::V8TestObj::wrap):
        (WebCore::toV8):
        (WebCore::V8TestObj::derefObject):
        * bindings/scripts/test/V8/V8TestObj.h: Renamed from WebCore/bindings/scripts/test/V8TestObj.h.

2010-04-26  Oliver Hunt  <oliver@apple.com>

        Reviewed by Gavin Barraclough.

        Need to support more efficient dispatch of lightweight builtins
        https://bugs.webkit.org/show_bug.cgi?id=38155

        Update bindings generation to include new thunk generator field
        in the property map hash tables.

        * bindings/scripts/CodeGeneratorJS.pm:

2010-04-26  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Move bindings test directory into the scripts directory
        https://bugs.webkit.org/show_bug.cgi?id=38161

        This test is really of the bindings scripts not of the bindings
        themselves.  By moving the files into the scripts directory, we'll be
        able to test JSC as well.

        * bindings/scripts/test/TestObj.idl: Renamed from WebCore/bindings/v8/test/TestObj.idl.
        * bindings/scripts/test/V8TestObj.cpp: Renamed from WebCore/bindings/v8/test/V8TestObj.cpp.
        (WebCore::):
        (WebCore::TestObjInternal::V8_USE):
        (WebCore::TestObjInternal::readOnlyIntAttrAttrGetter):
        (WebCore::TestObjInternal::readOnlyStringAttrAttrGetter):
        (WebCore::TestObjInternal::readOnlyTestObjAttrAttrGetter):
        (WebCore::TestObjInternal::intAttrAttrGetter):
        (WebCore::TestObjInternal::intAttrAttrSetter):
        (WebCore::TestObjInternal::stringAttrAttrGetter):
        (WebCore::TestObjInternal::stringAttrAttrSetter):
        (WebCore::TestObjInternal::testObjAttrAttrGetter):
        (WebCore::TestObjInternal::testObjAttrAttrSetter):
        (WebCore::TestObjInternal::attrWithExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithExceptionAttrSetter):
        (WebCore::TestObjInternal::attrWithSetterExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithSetterExceptionAttrSetter):
        (WebCore::TestObjInternal::attrWithGetterExceptionAttrGetter):
        (WebCore::TestObjInternal::attrWithGetterExceptionAttrSetter):
        (WebCore::TestObjInternal::voidMethodCallback):
        (WebCore::TestObjInternal::voidMethodWithArgsCallback):
        (WebCore::TestObjInternal::intMethodCallback):
        (WebCore::TestObjInternal::intMethodWithArgsCallback):
        (WebCore::TestObjInternal::objMethodCallback):
        (WebCore::TestObjInternal::objMethodWithArgsCallback):
        (WebCore::TestObjInternal::methodWithExceptionCallback):
        (WebCore::TestObjInternal::methodWithOptionalArgCallback):
        (WebCore::TestObjInternal::methodWithNonOptionalArgAndOptionalArgCallback):
        (WebCore::TestObjInternal::methodWithNonOptionalArgAndTwoOptionalArgsCallback):
        (WebCore::TestObjInternal::overloadedMethod1Callback):
        (WebCore::TestObjInternal::overloadedMethod2Callback):
        (WebCore::TestObjInternal::overloadedMethod3Callback):
        (WebCore::TestObjInternal::overloadedMethod4Callback):
        (WebCore::TestObjInternal::overloadedMethodCallback):
        (WebCore::ConfigureV8TestObjTemplate):
        (WebCore::V8TestObj::GetRawTemplate):
        (WebCore::V8TestObj::GetTemplate):
        (WebCore::V8TestObj::toNative):
        (WebCore::V8TestObj::HasInstance):
        (WebCore::V8TestObj::wrap):
        (WebCore::toV8):
        (WebCore::V8TestObj::derefObject):
        * bindings/scripts/test/V8TestObj.h: Renamed from WebCore/bindings/v8/test/V8TestObj.h.

2010-04-26  Daniel Cheng  <dcheng@chromium.org>

        Reviewed by Jian Li.

        [chromium] Fix ChromiumDataObject::setURL to not populate its internal URL list with empty URLs.
        https://bugs.webkit.org/show_bug.cgi?id=38159

        No new tests.

        * platform/chromium/ChromiumDataObject.h:
        (WebCore::ChromiumDataObject::setURL):

2010-04-26  Daniel Cheng  <dcheng@chromium.org>

        Reviewed by Jian Li.

        [Chromium] Don't make file paths available in text/uri-list when dragging files.
        https://bugs.webkit.org/show_bug.cgi?id=25882

        Test will be checked in with WebCore/platform/mac fix.

        * platform/chromium/ClipboardChromium.cpp:
        (WebCore::ClipboardChromium::getData):
        (WebCore::ClipboardChromium::types):

2010-04-26  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler.

        REGRESSION (r57292): 1.5% page load speed regression from visited link information leak fix
        https://bugs.webkit.org/show_bug.cgi?id=38131

        I did a number of separate optimizations which speed up style
        resolution enough to more than make up for the regression. This
        measures as a total PLT speedup of somewhere between 1.5% and
        3.7%.
       
        Optimizations done:
        - Cache determineLinkState results, to avoid the need to repeatedly compute
        the visited link hash for the same element. This directly addresses much
        of the slowdown, since all elements get their style computed twice now.
        - Added a fast way to get the length of a CSSMutableStyleDeclaration, and use
        in CSSStyleSelector::matchRulesForList, since it was hot there.
        - Hoist some loop invariant code that's not detected by the compiler out of the
        main loop in matchRulesForList
        - inline CSSStyleSelector::initElement and locateSharedStyle,
        since there is only one call site in each case
        - Inline the common non-line fast case of determineLinkState, and split the rest into
        out-of-line determineLinkStateSlowCase.
        - Added inline versions of the functions called by
        visitedLinkHash (the version called by determineLinkState).

        * css/CSSMutableStyleDeclaration.cpp:
        (WebCore::CSSMutableStyleDeclaration::length): Implemented in terms of new
        inline nonvirtual mutableLength().
        * css/CSSMutableStyleDeclaration.h:
        (WebCore::CSSMutableStyleDeclaration::mutableLength): Added new nonvirtual
        inline way to get the length if you know you have a mutable style decl.
        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::init): Clear cached link state.
        (WebCore::CSSStyleSelector::matchRulesForList): hoist some code out of the main
        loop and get style decl length more efficiently.
        (WebCore::CSSStyleSelector::initElement): inline (only one call site)
        (WebCore::CSSStyleSelector::SelectorChecker::determineLinkState): Inline fast
        case, call slow case.
        (WebCore::CSSStyleSelector::SelectorChecker::determineLinkStateSlowCase): Split
        most of the above function into this slow case helper.
        (WebCore::CSSStyleSelector::canShareStyleWithElement): Use the cache-enabled
        way to get the current link state.
        (WebCore::CSSStyleSelector::locateSharedStyle): inline
        (WebCore::CSSStyleSelector::styleForElement): Use the cache-enabled way
        to get the current link state.
        * css/CSSStyleSelector.h:
        (WebCore::CSSStyleSelector::currentElementLinkState): inline way to
        get link state for the current element; manages the cache
        * platform/LinkHash.cpp:
        (WebCore::visitedLinkHashInline): inline version of below function
        (WebCore::visitedLinkHash): call the inline version
        (WebCore::visitedURLInline): inline version of below function
        (WebCore::visitedURL): call the inline version
        (WebCore::visitedURL): call inline versions of above two functions

2010-04-26  Sam Weinig  <sam@webkit.org>

        Reviewed by Alexey Proskuryakov.

        Remove last use of WEB_THREAD.

        * platform/mac/WebCoreObjCExtras.mm:
        (WebCoreObjCScheduleDeallocateOnMainThread): This can always use
        isMainThread().

2010-04-26  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Dimitri Glazkov.

        Turn on AUTO_VACUUM = INCREMENTAL for all HTML5 databases, and
        vacuum all databases when the number of free pages is at least 10%
        of the number of total pages. Also, adding a guard against a bug
        that was fixed in SQLite only starting with version 3.6.16.

        https://bugs.webkit.org/show_bug.cgi?id=36251

        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::totalSize):
        (WebCore::SQLiteDatabase::runIncrementalVacuumCommand):
        (WebCore::SQLiteDatabase::turnOnIncrementalAutoVacuum):
        * platform/sql/SQLiteDatabase.h:
        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::prepare):
        * storage/Database.cpp:
        (WebCore::Database::performOpenAndVerify):
        (WebCore::Database::incrementalVacuumIfNeeded):
        * storage/Database.h:
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::postflightAndCommit):

2010-04-26  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Sam Weinig.

        <rdar://problem/7766413>
        
        Fixed a crash seen when using the JavaScriptCore API with WebKit.
        
        No layout test because DumpRenderTree doesn't use the JavaScriptCore API
        in this way.

        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::JSEventListener): Don't assign 0 to a WeakGCPtr.
        JavaScriptCore no longer allows this.

        * bindings/js/ScriptWrappable.h:
        (WebCore::ScriptWrappable::setWrapper): No need to initialize a WeakGCPtr
        to 0, or ASSERT a non-0 value before assigning to a WeakGCPtr -- both are
        default behaviors.

2010-04-25  Sam Weinig  <sam@webkit.org>

        Reviewed by Maciej Stachowiak.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38097
        Disentangle initializing the main thread from initializing threading

        * WebCore.xcodeproj/project.pbxproj: Sort files.

        * accessibility/mac/AccessibilityObjectWrapper.mm: Remove unnessary
        +initialize method. The AccessibilityObjectWrapper has no data members
        that need to be derefed, so it does not need to be finalized on the main
        thread.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::initializeThreading): Add call to initializeMainThread.
        * bindings/objc/WebScriptObject.mm:
        (+[WebScriptObject initialize]): Add call to initializeMainThreadToProcessMainThread.
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::initializeThreading): Add call to initializeMainThread.
        * platform/mac/SharedBufferMac.mm:
        (+[WebCoreSharedBufferData initialize]): Add call to initializeMainThreadToProcessMainThread.

2010-04-26  Yongjun Zhang  <yongjun_zhang@apple.com>

        Reviewed by Alexey Proskuryakov.
        
        https://bugs.webkit.org/show_bug.cgi?id=38128
        Don't add empty credential to CredentialStorage.
        
        An empty credential is currently regarded as a invalid login because it means a missing value in 
        protectionSpaceToCredentialMap.  This change makes it consistent with current WebCore's behavior
        by ignoring empty credentials.
        
        No new tests added since this only affects credential entered by user from credential dialog,
        which is not testable in DRT.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::receivedCredential):

2010-04-26  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Clean-up WebCore.pro after now that JavaScriptCore is built separately
        https://bugs.webkit.org/show_bug.cgi?id=38123

        HAVE_STDINT_H, and HAVE_PTHREAD_NP_H no longer needs to be defined
        for QtWebKit  as JavaScriptCore is built separately. These defines are only 
        used  by JavaScriptCore and for JavaScriptCore these are already
        properly defined in JavaScriptCore/config.h.

        No new tests, no new functionality.

        * WebCore.pro:

2010-04-26  Roman Gershman  <romange@google.com>

        Reviewed by Adam Barth.

        [Chromium] Font size in suggestions popup menu should be correlated with the font size of its text field.
        The following manual test checks for desired behavior.

        https://bugs.webkit.org/show_bug.cgi?id=37977

        * manual-tests/chromium/suggestions-popup-font-change.html: Added.

2010-04-26  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Kenneth Rohde Christiansen.

        View modes names in CSSValueKeywords.in
        https://bugs.webkit.org/show_bug.cgi?id=38125

        View mode names has changed in previous patch but CSSValueKeywords.in file was
        not updated.

        * css/CSSValueKeywords.in:

2010-04-26  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Fix compilation with RVCT 4
        https://bugs.webkit.org/show_bug.cgi?id=37727

        Swap extern and declspec to fix visibility of symbol imported from QtGui.

        * page/qt/EventHandlerQt.cpp:

2010-04-26  Ruben Van Boxem  <vanboxem.ruben@gmail.com>

        Reviewed by Adam Roben.

        Fixes for Win64 compilation under gcc (mingw-w64)

        *  WebCore/bridge/npapi.h: for win64 compatibility, mirroring mozilla-central, see Mozilla bug 560298
        *  WebCore/platform/Arena.h: uword is used to cast from pointers here. unsigned long is 32-bit on Windows (but 64-bit on mac), and too small to hold a pointer. uintptr_t is 32-bit on 32-bit systems (mac, linux and windows) and 64-bit on all 64-bit systems
        *  WebCore/platform/graphics/transforms/TransformationMatrix.h: let mingw-w64/w32 use MSVC codepath
        *  WebCore/platform/text/TextStream.cpp: let mingw-w64 use MSVC codepath
        *  WebCore/platform/text/TextStream.h: let mingw-w64 use MSVC codepath
        *  WebCore/plugins/PluginView.cpp: fix pointer casts on WIN64 and let mingw-w64 use MSVC codepath
        *  WebCore/plugins/win/PluginViewWin.cpp: fix pointer casts on WIN64

2010-04-26  Markus Goetz  <Markus.Goetz@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] HTTP pipelining efficiency increase
        https://bugs.webkit.org/show_bug.cgi?id=38062

        Increase number of network requests that are fed into
        QNetworkAccessManager.

        * platform/network/qt/ResourceRequestQt.cpp:
        (WebCore::initializeMaximumHTTPConnectionCountPerHost):

2010-04-26  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: undefined shows up on inspector.
        https://bugs.webkit.org/show_bug.cgi?id=38120

        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.hide):
        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame.prototype.set visible):

2010-04-26  Bruno Schmidt  <bruno.schmidt@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Exposing an QVariantMap containing QObjectStar to Javascript
        causes Segmentation Fault
        https://bugs.webkit.org/show_bug.cgi?id=34729

        If an QVariantMap containing QObjectStar is added to the to QtWebkit
        Javascript, it's use causes Segmentation Fault.
        It happens because, in the case QMetaType::QVariantMap, the "root"
        object that is inside of a PassRefPtr is passed recursively inside a
        loop to recover the content of the map, but the PassRefPtr semantics
        prohibit its use inside a loop, so the "root" object mus be passed
        using the method "PassRefPtr::get" in order to keep the current
        reference.

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::convertValueToQVariant):
        (JSC::Bindings::convertQVariantToValue): change to root.get()

2010-04-26  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: Render clip in summary bar using "arc", not "quadraticCurveTo".

        https://bugs.webkit.org/show_bug.cgi?id=38107

        * inspector/front-end/SummaryBar.js:
        (WebInspector.SummaryBar.prototype._drawSummaryGraph.drawPill):
        (WebInspector.SummaryBar.prototype._drawSummaryGraph):

2010-04-26  Andreas Kling  <andreas.kling@nokia.com>

        Reviewed by Tor Arne Vestbø.

        [Qt] Fix compilation against Qt 4.7

        Some QtMultimedia things have been moved into QtMediaServices
        https://bugs.webkit.org/show_bug.cgi?id=38111

        * WebCore.pro:
        * platform/graphics/qt/MediaPlayerPrivateQt.cpp:
        (WebCore::MediaPlayerPrivate::supportsType):
        (WebCore::MediaPlayerPrivate::totalBytes):

2010-04-26  Zoltan Herczeg  <zherczeg@webkit.org>

        Reviewed by Dirk Schulze.

        Call setStrokeStyle in applyStrokeStyleToContext
        https://bugs.webkit.org/show_bug.cgi?id=37849

        Not all platforms set the stroke style to solid if they
        get an empty line dash array. Some just ignore the operation.

        * rendering/SVGRenderSupport.cpp:
        (WebCore::applyStrokeStyleToContext):

2010-04-23  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Pavel Feldman.

        WebInspector: Aggregated stats of time spent in children records should be visible
        in the popup panel of parent record. Crash in pushGCEventRecord also was fixed.
        https://bugs.webkit.org/show_bug.cgi?id=37820

        * English.lproj/localizedStrings.js:
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::pushGCEventRecords):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._innerAddRecordToTimeline):
        (WebInspector.TimelinePanel.prototype._createRootRecord):
        (WebInspector.TimelinePanel.prototype._showPopover):
        (WebInspector.TimelineCalculator.prototype.computeBarGraphPercentages):
        (WebInspector.TimelineCalculator.prototype.computeBarGraphWindowPosition):
        (WebInspector.TimelineRecordGraphRow):
        (WebInspector.TimelineRecordGraphRow.prototype.update):
        (WebInspector.TimelinePanel.FormattedRecord):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._generateAggregatedInfo):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._generatePopupContent):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._getRecordDetails):
        (WebInspector.TimelinePanel.FormattedRecord.prototype._calculateAggregatedStats):
        * inspector/front-end/inspector.css:
        (.timeline-graph-bar.with-children):
        (.timeline-graph-bar.cpu):
        (.timeline-aggregated-category):
        (.timeline-loading):
        (.timeline-scripting):
        (.timeline-rendering):
        (.popover .timeline-aggregated-category.timeline-loading):
        (.timeline-details-title):

2010-04-25  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        WebKit crashes with deeply nested divs
        https://bugs.webkit.org/show_bug.cgi?id=18282

        The HTML parser caps a tree depth by MAX_DOM_TREE_DEPTH defined in
        TreeDepthLimit.h. This is performance-efficient, but does not work for
        DOM operations such as Node.appendChild().

        Test: fast/parser/element-nesting-cap.html

        * dom/Node.h:
        * dom/XMLTokenizer.cpp:
        (WebCore::XMLTokenizer::pushCurrentNode):
        * html/HTMLParser.cpp:

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/TreeDepthLimit.h:
          Added. Define MAX_DOM_TREE_DEPTH. The default value is 5000.
        * dom/XMLTokenizer.cpp: Use maxDOMTreeDepth.
        (WebCore::XMLTokenizer::pushCurrentNode):
        * html/HTMLParser.cpp:
          Introduce m_treeDepth, which counts the depth of the tree.
          Unlike m_blocksInStack, it contains the number of non-block nodes.
        (WebCore::HTMLParser::HTMLParser):
        (WebCore::HTMLParser::reset):
        (WebCore::HTMLParser::limitDepth):
          Renamed from limitBlockDepth. Add check for m_nodeDepth.
        (WebCore::HTMLParser::insertNodeAfterLimitDepth):
          Renamed from insertNodeAfterLimitBlockDepth.
        (WebCore::HTMLParser::parseToken):
        (WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks):
        (WebCore::HTMLParser::pushBlock):
        (WebCore::HTMLParser::popOneBlockCommon):
        (WebCore::HTMLParser::freeBlock):
        * html/HTMLParser.h:

2010-04-25  Andrey Kosyakov  <caseq@chromium.org>

        Reviewed by Adam Barth.

        Get context properly when event handler was created on
        the main world.
        https://bugs.webkit.org/show_bug.cgi?id=37947

        Test: http/tests/security/isolatedWorld/dispatchEvent.html

        * bindings/v8/WorldContextHandle.cpp:
        (WebCore::WorldContextHandle::adjustedContext):

2010-04-25  yael aharon  <yael.aharon@nokia.com>

        Reviewed by Adele Peterson.

        Allow styling of HTMLProgressElement.
        https://bugs.webkit.org/show_bug.cgi?id=37901

        Added a new pseudo element to represent the value portion of the progress element.
        Web developers can style this pseudo element separate from the rest of the progress element.

        Test: fast/dom/HTMLProgressElement/progress-bar-value-pseudo-element.html

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        (WebCore::nameToPseudoTypeMap):
        (WebCore::CSSSelector::extractPseudoType):
        * css/CSSSelector.h:
        * css/CSSValueKeywords.in:
        * platform/ThemeTypes.h:
        * rendering/RenderProgress.cpp:
        (WebCore::ProgressValueElement::isShadowNode):
        (WebCore::ProgressValueElement::shadowParentNode):
        (WebCore::ProgressValueElement::ProgressValueElement):
        (WebCore::RenderProgress::RenderProgress):
        (WebCore::RenderProgress::~RenderProgress):
        (WebCore::RenderProgress::layout):
        (WebCore::RenderProgress::styleDidChange):
        (WebCore::RenderProgress::updateFromElement):
        (WebCore::RenderProgress::updateValuePartState):
        (WebCore::RenderProgress::createStyleForValuePart):
        (WebCore::RenderProgress::updateAnimationState):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::isControlStyled):
        * rendering/RenderProgress.h:
        * rendering/style/RenderStyleConstants.h:

2010-04-24  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Don't propagate compositing out of iframes on Mac
        https://bugs.webkit.org/show_bug.cgi?id=38072

        Propagating compositing out of iframes caused too many regressions on Mac,
        so only do it for other platforms that may need to hook compositing layers
        together across iframe boundaries.

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForIFrame):

2010-04-24  Anton Muhin  <antonm@chromium.org>

        Reviewed by Darin Adler.

        Allow to construct HashTraits<WebCore::QualifiedName>::constructDeletedValue

        Former implementation attempted to use AtomicString(HashTableDeletedValue)
        however those values cannot be used that way: one cannot construct
        QualifiedNameImpl out of such AtomicString as we'll try to lookup this string
        in the table, for example.
        https://bugs.webkit.org/show_bug.cgi?id=37722

        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::deref): check that hash table deleted values never derefed
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::QualifiedName): add a constructor to create hash table deleted values
        (WebCore::QualifiedName::isHashTableDeletedValue): add a check if given instance is hash table deleted value
        (WTF::):

2010-04-24  Julien Chaffraix  <jchaffraix@webkit.org>

        Reviewed by Alexey Proskuryakov.

        protocolHostAndPortEquals host check makes a wrong assumption
        https://bugs.webkit.org/show_bug.cgi?id=37777

        The host check assumed that both host started at the same position. This is true
        if both URL are the same but sometimes one has credential and the other does not.
        In this case, the method would compare invalid positions.

        Test: http/tests/appcache/credential-url.html

        * platform/KURL.cpp:
        (WebCore::protocolHostAndPortAreEqual):
        * platform/KURLGoogle.cpp:
        (WebCore::protocolHostAndPortAreEqual):
        Fix the host check to take both URL's credential into account.

2010-04-24  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed. Fix linkage on several bots (no idea, why it worked in a from-scratch rebuild on Leopard on my machine!) -> include NodeRenderStyle.h
        Having to include NodeRenderStyle.h just to pull in the renderStyle() is a crazy concept, but I see what it tries to avoid (including RenderObject.h in Node.h)

        * rendering/SVGRenderSupport.cpp:

2010-04-24  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed. Fix release builds, wrap resourceMode assertion in NDEBUG blocks, use UNUSED_PARAM() otherwhise.

        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::applyResource):
        * rendering/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::applyResource):
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::applyResource):

2010-04-24  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        SVGPaintServer needs to be converted to the new RenderSVGResource* system
        https://bugs.webkit.org/show_bug.cgi?id=37986

        Huge speedup for SVG painting using paint servers (gradient/patterns). Cache underlying
        WebCore::Gradient/Pattern datastructures, do not rebuild them on every painting. This marks
        the finish of the SVGResource -> RenderSVGResource transition.

        Outline of same key changes:
        - RenderSVGResource is an abstract base class now, and the previous class is now named RenderSVGResourceContainer
          All resources except RenderSVGResourceSolidColor now inherit from RenderSVGResourceContainer, as they are all
          associated with a SVG*Element class. RenderSVGResourceSolidColor inherits from RenderSVGResource, and is not
          associated with any SVG*Element class. RenderSVGResourceSolidColor is not a render tree object, despite its name.
          The reason for that is consistency with all other painting resources.
        - RenderSVGResourceSolidColor does not live in the render tree, and exists only as static object, which is shared
          and always used when filling/stroking with solid colors - just like the old SVGPaintServerSolid.
        - RenderSVGResourceGradient/RenderSVGResourcePattern now store the underlying WebCore::Gradient/Pattern object
          instead of rebuilding it everytime we're asked to paint -> this is the main difference with the old concept, leading
          to much faster speed.
        - SVGResource has vanished. All resources (clipper/filter/marker/masker/gradient/pattern) now share the same codepaths
          to handle updates and client invalidation - which is a huge benefit, and makes the code easier to understand.

        * Android.mk: Remove svg/graphics/SVGResource*, svg/graphics/SVGPaintServer.h from build.
        * GNUmakefile.am: Ditto.
        * WebCore.gypi: Ditto.
        * WebCore.pro: Ditto.
        * WebCore.vcproj/WebCore.vcproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * platform/graphics/Gradient.cpp: Add addColorStop() method taking a ColorStop const-reference.
        (WebCore::Gradient::addColorStop):
        * platform/graphics/Gradient.h: Ditto.
        * platform/graphics/TextRun.h: Rename SVGPaintServer to RenderSVGResource
        (WebCore::TextRun::TextRun):
        (WebCore::TextRun::activePaintingResource): Renamed from activePaintServer.
        (WebCore::TextRun::setActivePaintingResource): Renamed from setActivePaintServer.
        * platform/graphics/win/GraphicsContextWin.cpp: Remove references to SVGResourceImage, which was removed a long time ago.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::toRenderSVGResourceContainer): Renamed from toRenderSVGResource().
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isSVGGradientStop): Added.
        (WebCore::RenderObject::isSVGResourceContainer): Renamed from isSVGResource().
        * rendering/RenderPath.cpp: Utilize RenderSVGResource::fill/strokePaintingResource to request paint servers, instead of SVGPaintServer.
        (WebCore::RenderPath::fillContains): Adapt to new concept.
        (WebCore::RenderPath::strokeContains): Ditto.
        (WebCore::fillAndStrokePath): Ditto.
        (WebCore::RenderPath::paint): Ditto.
        * rendering/RenderSVGGradientStop.cpp:
        (WebCore::RenderSVGGradientStop::styleDidChange): Ditto.
        * rendering/RenderSVGGradientStop.h: Fixed indention.
        * rendering/RenderSVGResource.cpp: Refactored old SVGPaintServer code to request fill/stroke painting resources, splitted up in several methods to aid readability. 
        (WebCore::registerPendingResource):
        (WebCore::adjustColorForPseudoRules):
        (WebCore::RenderSVGResource::fillPaintingResource):
        (WebCore::RenderSVGResource::strokePaintingResource):
        (WebCore::RenderSVGResource::sharedSolidPaintingResource):
        (WebCore::RenderSVGResource::markForLayoutAndResourceInvalidation):
        * rendering/RenderSVGResource.h: Make RenderSVGResource an abstract base class, see above for the reasoning.
        (WebCore::RenderSVGResource::RenderSVGResource):
        (WebCore::RenderSVGResource::~RenderSVGResource):
        (WebCore::RenderSVGResource::postApplyResource):
        * rendering/RenderSVGResourceClipper.cpp: Inherit from RenderSVGResourceContainer instead of RenderSVGResource.
        (WebCore::RenderSVGResourceClipper::RenderSVGResourceClipper):
        (WebCore::RenderSVGResourceClipper::invalidateClient):
        (WebCore::RenderSVGResourceClipper::applyResource): Adapt to signature changes (add RenderStyle* and resource mode parameters)
        (WebCore::RenderSVGResourceClipper::applyClippingToContext):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceContainer.h: Added. Renamed from RenderSVGResource. Now inherits from RenderSVGHiddenContainer and RenderSVGResource.
        (WebCore::RenderSVGResourceContainer::RenderSVGResourceContainer):
        (WebCore::RenderSVGResourceContainer::~RenderSVGResourceContainer):
        (WebCore::RenderSVGResourceContainer::idChanged):
        (WebCore::RenderSVGResourceContainer::isSVGResourceContainer):
        (WebCore::RenderSVGResourceContainer::drawsContents):
        (WebCore::RenderSVGResourceContainer::toRenderSVGResourceContainer):
        (WebCore::getRenderSVGResourceContainerById):
        (WebCore::getRenderSVGResourceById):
        * rendering/RenderSVGResourceFilter.cpp: Inherit from RenderSVGResourceContainer instead of RenderSVGResource.
        (WebCore::RenderSVGResourceFilter::RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::invalidateClient):
        (WebCore::RenderSVGResourceFilter::applyResource): Adapt to signature changes (add RenderStyle* and resource mode parameters)
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        * rendering/RenderSVGResourceFilter.h:
        * rendering/RenderSVGResourceGradient.cpp: Moved from SVGPaintServerGradient, cleaned up and refactored.
        (WebCore::RenderSVGResourceGradient::RenderSVGResourceGradient):
        (WebCore::RenderSVGResourceGradient::~RenderSVGResourceGradient):
        (WebCore::RenderSVGResourceGradient::invalidateClients):
        (WebCore::RenderSVGResourceGradient::invalidateClient):
        (WebCore::createMaskAndSwapContextForTextGradient):
        (WebCore::clipToTextMask):
        (WebCore::RenderSVGResourceGradient::applyResource):
        * rendering/RenderSVGResourceGradient.h:
        (WebCore::RenderSVGResourceGradient::resourceBoundingBox):
        * rendering/RenderSVGResourceLinearGradient.cpp: Moved from SVGPaintServerLinearGradient, cleaned up and refactored.
        (WebCore::RenderSVGResourceLinearGradient::RenderSVGResourceLinearGradient):
        (WebCore::RenderSVGResourceLinearGradient::~RenderSVGResourceLinearGradient):
        (WebCore::RenderSVGResourceLinearGradient::buildGradient):
        * rendering/RenderSVGResourceLinearGradient.h:
        (WebCore::RenderSVGResourceLinearGradient::renderName):
        (WebCore::RenderSVGResourceLinearGradient::resourceType):
        * rendering/RenderSVGResourceMarker.cpp: Inherit from RenderSVGResourceContainer instead of RenderSVGResource.
        (WebCore::RenderSVGResourceMarker::RenderSVGResourceMarker):
        (WebCore::RenderSVGResourceMarker::invalidateClient):
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::applyResource):
        * rendering/RenderSVGResourceMasker.cpp: Inherit from RenderSVGResourceContainer instead of RenderSVGResource.
        (WebCore::RenderSVGResourceMasker::RenderSVGResourceMasker):
        (WebCore::RenderSVGResourceMasker::invalidateClient):
        (WebCore::RenderSVGResourceMasker::applyResource):
        * rendering/RenderSVGResourceMasker.h:
        (WebCore::MaskerData::MaskerData):
        * rendering/RenderSVGResourcePattern.cpp: Moved from SVGPaintServerPattern, cleaned up and refactored.
        (WebCore::RenderSVGResourcePattern::RenderSVGResourcePattern):
        (WebCore::RenderSVGResourcePattern::~RenderSVGResourcePattern):
        (WebCore::RenderSVGResourcePattern::invalidateClients):
        (WebCore::RenderSVGResourcePattern::invalidateClient):
        (WebCore::RenderSVGResourcePattern::applyResource):
        (WebCore::RenderSVGResourcePattern::postApplyResource):
        (WebCore::calculatePatternBoundaries):
        (WebCore::RenderSVGResourcePattern::calculatePatternBoundariesIncludingOverflow):
        (WebCore::RenderSVGResourcePattern::createTileImage):
        (WebCore::RenderSVGResourcePattern::buildPattern):
        * rendering/RenderSVGResourcePattern.h:
        (WebCore::RenderSVGResourcePattern::renderName):
        (WebCore::RenderSVGResourcePattern::resourceBoundingBox):
        (WebCore::RenderSVGResourcePattern::resourceType):
        * rendering/RenderSVGResourceRadialGradient.cpp: Moved from SVGPaintServerRadialGradient, cleaned up and refactored.
        (WebCore::RenderSVGResourceRadialGradient::RenderSVGResourceRadialGradient):
        (WebCore::RenderSVGResourceRadialGradient::~RenderSVGResourceRadialGradient):
        (WebCore::RenderSVGResourceRadialGradient::buildGradient):
        * rendering/RenderSVGResourceRadialGradient.h:
        (WebCore::RenderSVGResourceRadialGradient::renderName):
        (WebCore::RenderSVGResourceRadialGradient::resourceType):
        * rendering/RenderSVGResourceSolidColor.cpp: Moved from SVGPaintServerSolid, cleaned up and refactored.
        (WebCore::RenderSVGResourceSolidColor::RenderSVGResourceSolidColor):
        (WebCore::RenderSVGResourceSolidColor::~RenderSVGResourceSolidColor):
        (WebCore::RenderSVGResourceSolidColor::applyResource):
        (WebCore::RenderSVGResourceSolidColor::postApplyResource):
        * rendering/RenderSVGResourceSolidColor.h:
        (WebCore::RenderSVGResourceSolidColor::invalidateClients):
        (WebCore::RenderSVGResourceSolidColor::invalidateClient):
        (WebCore::RenderSVGResourceSolidColor::resourceBoundingBox):
        (WebCore::RenderSVGResourceSolidColor::resourceType):
        (WebCore::RenderSVGResourceSolidColor::color):
        (WebCore::RenderSVGResourceSolidColor::setColor):
        * rendering/RenderSVGText.cpp:
        (WebCore::RenderSVGText::paint): Early exit if painting is disabled.
        * rendering/RenderTreeAsText.cpp:
        (WebCore::write): Add RenderSVGGradientStop dumping.
        (WebCore::externalRepresentation): Remove SVGResource dumping.
        * rendering/SVGInlineTextBox.cpp: Adapt to SVGPaintServer changes (paint server request).
        (WebCore::SVGInlineTextBox::paintCharacters):
        (WebCore::SVGInlineTextBox::paintDecoration):
        * rendering/SVGInlineTextBox.h: Ditto.
        (WebCore::SVGTextPaintInfo::SVGTextPaintInfo):
        * rendering/SVGRenderSupport.cpp: Ditto.
        (WebCore::SVGRenderBase::prepareToRenderSVGContent):
        (WebCore::SVGRenderBase::finishRenderSVGContent):
        (WebCore::invalidatePaintingResource):
        (WebCore::deregisterFromResources):
        (WebCore::dashArrayFromRenderingStyle): Moved here from SVGPaintServer.
        (WebCore::applyStrokeStyleToContext): Ditto.
        * rendering/SVGRenderSupport.h:
        * rendering/SVGRenderTreeAsText.cpp: Add new gradient/pattern dumping code. Stops are now properly dumped as well!
        (WebCore::operator<<):
        (WebCore::writeSVGPaintingResource):
        (WebCore::writeStyle):
        (WebCore::boundingBoxModeString):
        (WebCore::writeCommonGradientProperties):
        (WebCore::writeSVGResourceContainer):
        (WebCore::writeSVGGradientStop):
        * rendering/SVGRenderTreeAsText.h:
        * rendering/SVGRootInlineBox.cpp: Adapt to SVGPaintServer changes (paint server request).
        (WebCore::SVGRootInlineBoxPaintWalker::SVGRootInlineBoxPaintWalker):
        (WebCore::SVGRootInlineBoxPaintWalker::~SVGRootInlineBoxPaintWalker):
        (WebCore::SVGRootInlineBoxPaintWalker::teardownFillPaintServer):
        (WebCore::SVGRootInlineBoxPaintWalker::teardownStrokePaintServer):
        (WebCore::SVGRootInlineBoxPaintWalker::setupBackground):
        (WebCore::SVGRootInlineBoxPaintWalker::setupFill):
        (WebCore::SVGRootInlineBoxPaintWalker::setupFillSelection):
        (WebCore::SVGRootInlineBoxPaintWalker::setupStroke):
        (WebCore::SVGRootInlineBoxPaintWalker::setupStrokeSelection):
        (WebCore::SVGRootInlineBoxPaintWalker::setupForeground):
        (WebCore::SVGRootInlineBoxPaintWalker::activePaintingResource):
        (WebCore::SVGRootInlineBoxPaintWalker::paintChunk):
        * svg/GradientAttributes.h: Remove SVGGradientStop, use Gradient::ColorStop vector. Cleanup.
        (WebCore::GradientAttributes::stops):
        (WebCore::GradientAttributes::setStops):
        * svg/LinearGradientAttributes.h: Move ENABLE(SVG) guard to correct location.
        * svg/PatternAttributes.h: Add missing includes and class forwards.
        * svg/RadialGradientAttributes.h: Move ENABLE(SVG) guard to correct location.
        * svg/SVGClipPathElement.cpp: Rename invalidateCanvasResources() to invalidateResourceClients().
        (WebCore::SVGClipPathElement::svgAttributeChanged):
        (WebCore::SVGClipPathElement::childrenChanged): Only call invalidateResourceClients() when !changedByParser is set.
        * svg/SVGClipPathElement.h:
        * svg/SVGDocumentExtensions.cpp: Change HashMaps to hash AtomicStrings instead of Strings. Rename RenderSVGResource to RenderSVGResourceContainer.
        (WebCore::SVGDocumentExtensions::addResource):
        (WebCore::SVGDocumentExtensions::removeResource):
        (WebCore::SVGDocumentExtensions::resourceById):
        (WebCore::SVGDocumentExtensions::addPendingResource):
        * svg/SVGDocumentExtensions.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::insertedIntoDocument): Remove reference to SVGResource::invalidateClients(), handled differently now.
        (WebCore::SVGElement::updateAnimatedSVGAttribute): Change assertion, that is incorrect now.
        * svg/SVGElement.h: Make updateAnimatedSVGAttribute() public.
        * svg/SVGFont.cpp: Adapt to SVGPaintServer changes (paint server request).
        (WebCore::Font::drawTextUsingSVGFont):
        * svg/SVGGElement.cpp: If style()->display() is NONE, create a RenderSVGHiddenContainer, removing hacks in SVGStopElement for pservers-grad-19-b.svg (yes, SVG is crazy.)
        (WebCore::SVGGElement::createRenderer):
        * svg/SVGGElement.h: Remove childrenChanged() method which _always_ called renderer->setNeedsLayout(true), which is completly wrong and unnecessary.
        (WebCore::SVGGElement::rendererIsNeeded): Always return true.
        * svg/SVGGradientElement.cpp: Adapt to new RenderSVGResourceGradient code.
        (WebCore::SVGGradientElement::svgAttributeChanged):
        (WebCore::SVGGradientElement::childrenChanged): Only call invalidateResourceClients() when !changedByParser is set.
        (WebCore::SVGGradientElement::buildStops):
        * svg/SVGGradientElement.h:
        * svg/SVGLinearGradientElement.cpp: Adapt to new RenderSVGResourceLinearGradient code.
        (WebCore::SVGLinearGradientElement::svgAttributeChanged):
        (WebCore::SVGLinearGradientElement::createRenderer):
        (WebCore::SVGLinearGradientElement::collectGradientProperties):
        (WebCore::SVGLinearGradientElement::calculateStartEndPoints):
        * svg/SVGLinearGradientElement.h:
        * svg/SVGMarkerElement.cpp: Rename invalidateCanvasResources() to invalidateResourceClients().
        (WebCore::SVGMarkerElement::svgAttributeChanged):
        (WebCore::SVGMarkerElement::childrenChanged): Only call invalidateResourceClients() when !changedByParser is set.
        (WebCore::SVGMarkerElement::setOrientToAuto):
        (WebCore::SVGMarkerElement::setOrientToAngle):
        * svg/SVGMaskElement.cpp: Rename invalidateCanvasResources() to invalidateResourceClients().
        (WebCore::SVGMaskElement::svgAttributeChanged):
        (WebCore::SVGMaskElement::childrenChanged): Only call invalidateResourceClients() when !changedByParser is set.
        * svg/SVGPatternElement.cpp: Rename invalidateCanvasResources() to invalidateResourceClients().
        (WebCore::SVGPatternElement::svgAttributeChanged):
        (WebCore::SVGPatternElement::childrenChanged): Only call invalidateResourceClients() when !changedByParser is set.
        (WebCore::SVGPatternElement::createRenderer):
        * svg/SVGPatternElement.h:
        * svg/SVGPolyElement.h: Remove unneded rendererIsNeeded() override.
        * svg/SVGRadialGradientElement.cpp: Adapt to new RenderSVGResourceRadialGradient code.
        (WebCore::SVGRadialGradientElement::svgAttributeChanged):
        (WebCore::SVGRadialGradientElement::createRenderer):
        (WebCore::SVGRadialGradientElement::collectGradientProperties):
        (WebCore::SVGRadialGradientElement::calculateFocalCenterPointsAndRadius):
        * svg/SVGRadialGradientElement.h:
        * svg/SVGStopElement.cpp: Clean up code, moved stop color calculation from SVGGradientElement to here, where it belongs.
        (WebCore::SVGStopElement::parseMappedAttribute):
        (WebCore::SVGStopElement::stopColorIncludingOpacity):
        * svg/SVGStopElement.h:
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::~SVGStyledElement):
        (WebCore::SVGStyledElement::svgAttributeChanged): Only invalidateResourcesInAncestorChain()/deregisterFromResources() when we're not parsing.
        (WebCore::SVGStyledElement::invalidateResourcesInAncestorChain): Early exit if we find a parent resources, there is no resource nesting.
        (WebCore::SVGStyledElement::invalidateResourceClients): Renamed from invalidateCanvasResources()
        (WebCore::SVGStyledElement::childrenChanged): Only invalidate SVGElementInstances when !changedByParser is set.
        * svg/SVGStyledElement.h: Remove canvasResource() logic, remove detach() method.
        * svg/SVGTextPathElement.h:
        * svg/graphics/SVGPaintServer.h: Removed.
        * svg/graphics/SVGResource.cpp: Removed.
        * svg/graphics/SVGResource.h: Removed.

2010-04-23  Zhenyao Mo  <zmo@google.com>

        Reviewed by Darin Fisher.

        Add isGLES2Compliant to GraphicsContext3D: make the method const.
        https://bugs.webkit.org/show_bug.cgi?id=37872

        * platform/graphics/GraphicsContext3D.h: Make isGLES2Compliant() const.
        * platform/graphics/mac/GraphicsContext3DMac.cpp: Ditto.
        (WebCore::GraphicsContext3D::isGLES2Compliant):

2010-04-23  Qi Zhang  <qi.2.zhang@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt] LayoutTests/fast/canvas/pointInPath.html passed, actually it failed
        https://bugs.webkit.org/show_bug.cgi?id=37276

        QPainterPath::contains doesn't count the point on the bound.

        * platform/graphics/qt/PathQt.cpp:
        (WebCore::isPointOnPathBorder):
        (WebCore::Path::contains):

2010-04-23  Sam Weinig  <sam@webkit.org>

        Reviewed by David Levin.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=38060
        Split up Threading.h

        Add necessary forwarding headers.

        * ForwardingHeaders/wtf/Atomics.h: Added.
        * ForwardingHeaders/wtf/ThreadSafeShared.h: Added.
        * ForwardingHeaders/wtf/ThreadingPrimitives.h: Added.

2010-04-23  Rafael Weinstein  <rafaelw@grafaelw.sfo.corp.google.com>

        Reviewed by Darin Fisher.

        This patch adds a vector of additionalFeatures to WindowFeatures
        and populates it with any feature strings that evaluate to "yes"
        and aren't directly observed in WindowFeatures. This allows
        clients to capture experimental window features.

        https://bugs.webkit.org/show_bug.cgi?id=38013

        * page/WindowFeatures.cpp:
        (WebCore::WindowFeatures::setWindowFeature):
        * page/WindowFeatures.h:

2010-04-23  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/7898436> :after content is duplicated

        Test: fast/css-generated-content/after-duplicated-after-split.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::splitInlines): Pass the correct owner of the child list.

2010-04-23  Adele Peterson  <adele@apple.com>

        Fixing the Tiger build for real.

        * platform/graphics/mac/SimpleFontDataMac.mm:

2010-04-23  Adele Peterson  <adele@apple.com>

        Fixing the Tiger build.

        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformBoundsForGlyph):

2010-04-23  Jian Li  <jianli@chromium.org>

        Reviewed by Dmitry Titov.

        Add FileError for File API.
        https://bugs.webkit.org/show_bug.cgi?id=37840

        The test will be added when implementing FileReader and FilerWriter.

        * Android.derived.jscbindings.mk:
        * Android.derived.v8bindings.mk:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pri:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/ExceptionCode.h:
        (WebCore::):
        * html/FileError.h: Added.
        * html/FileError.idl: Added.
        * page/DOMWindow.idl:

2010-04-23  Jian Li  <jianli@chromium.org>

        Reviewed by Adam Barth.

        Improve code generator scripts to handle OR ('|') condition in the
        extended attributes.
        https://bugs.webkit.org/show_bug.cgi?id=37998

        * bindings/scripts/CodeGeneratorJS.pm:
        * bindings/scripts/CodeGeneratorObjC.pm:
        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/scripts/IDLStructure.pm:

2010-04-23  Adele Peterson  <adele@apple.com>

        Reviewed by Dan Bernstein.

        Fix for <rdar://problem/7855777> REGRESSION: Memory usage increase caused by storing glyph bounds in GlyphMetricsMap
        https://bugs.webkit.org/show_bug.cgi?id=37936

        This change breaks the GlyphMetricsMap into two maps - one for width and one for bounds, so that we don't store
        a FloatRect for the glyph bounds unless we need to.

        Covered by existing tests.  This should not cause any change in functionality.

        Updated for removal of GlyphMetricsMap.cpp
        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:

        Made GlyphMetricsMap a template, so it can be used for separate width and bounds maps.
        * platform/graphics/GlyphMetricsMap.cpp: Removed.
        * platform/graphics/GlyphMetricsMap.h:
        (WebCore::GlyphMetricsMap::metricsForGlyph):
        (WebCore::GlyphMetricsMap::setMetricsForGlyph):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::metricsForGlyph):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForGlyph):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForIndex):
        (WebCore::::unknownMetrics):
        (WebCore::::locatePageSlowCase):

        * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
        Call boundsForGlyph instead of metricsForGlyph.
        * platform/graphics/win/UniscribeController.cpp: (WebCore::UniscribeController::shapeAndPlaceItem):
        ditto.
        * platform/graphics/SimpleFontData.cpp: (WebCore::SimpleFontData::platformGlyphInit):
        Call setMetricsForGlyph for both glyph maps.

        Break getters and setters for metricsForGlyph into widthForGlyph and boundsForGlyph, maintaining present behavior.
        * platform/graphics/SimpleFontData.h:
        (WebCore::):
        (WebCore::SimpleFontData::boundsForGlyph):
        (WebCore::SimpleFontData::widthForGlyph):
        * platform/graphics/cairo/SimpleFontDataCairo.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/chromium/SimpleFontDataChromiumWin.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/chromium/SimpleFontDataLinux.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/gtk/SimpleFontDataPango.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/mac/SimpleFontDataMac.mm:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/win/SimpleFontDataCGWin.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):
        * platform/graphics/win/SimpleFontDataCairoWin.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        * platform/graphics/win/SimpleFontDataWin.cpp:
        (WebCore::SimpleFontData::boundsForGDIGlyph):
        (WebCore::SimpleFontData::widthForGDIGlyph):
        * platform/graphics/wince/SimpleFontDataWince.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        * platform/graphics/wx/SimpleFontDataWx.cpp:
        (WebCore::SimpleFontData::platformBoundsForGlyph):
        (WebCore::SimpleFontData::platformWidthForGlyph):

2010-04-23  Xiaomei Ji  <xji@chromium.org>

        Reviewed by Dan Bernstein and Darin Adler

        Fix issue "caret does not paint after type in characters in right
        aligned div or after delete all characters in RTL div or 
        0px right padding RTL textarea"
        https://bugs.webkit.org/show_bug.cgi?id=25319

        Test: editing/inserting/caret-position.html

        * rendering/RenderText.cpp:
        (WebCore::RenderText::localCaretRect):

2010-04-23  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] [Performance] GraphicsLayer: constructing the layers takes too long
        https://bugs.webkit.org/show_bug.cgi?id=36365

        The issue came from using QGraphicsView's cache as is. The problem is that
        several code-paths require re-rendering of the item, but not re-rendering
        of the web content into the cache.

        The way to solve it is by having GraphicsLayerQt manage the cache directly
        via QPixmapCache, instead of using QGraphicsItem cache modes.

        FPS measurement shows significant improvement (20FPS before, 40FPS after)
        on several use-cases, including blog-files/leaves on a desktop environment.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::GraphicsLayerQtImpl::GraphicsLayerQtImpl):
        (WebCore::GraphicsLayerQtImpl::recache):
        (WebCore::GraphicsLayerQtImpl::paint):
        (WebCore::GraphicsLayerQtImpl::flushChanges):

2010-04-23  James Robinson  <jamesr@chromium.org>

        Reviewed by Dimitri Glazkov.

        Avoid marking symbols as dllexport in chromium win builds
        https://bugs.webkit.org/show_bug.cgi?id=38058

        No new tests.

        * config.h:

2010-04-23  MORITA Hajime  <morrita@google.com>

        Reviewed by Nikolas Zimmermann.

        https://bugs.webkit.org/show_bug.cgi?id=37187
        SVG <use href="foo"> is interpreted as <use href="#foo">

        getTarget() did return url parameter as is if doesn't have
        fragment identifier. So fixed to return empty string in such case
        because we need to distinguish "yyy.html" from "xxx.svg#yyy.html".
        
        Test: svg/custom/broken-internal-references.svg

        * svg/SVGElement.cpp:
        (WebCore::SVGElement::insertedIntoDocument):
        * svg/SVGURIReference.cpp:
        (WebCore::SVGURIReference::getTarget):

2010-04-23  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        ASSERT(willBeComposited == needsToBeComposited(layer)); on gmail.com
        https://bugs.webkit.org/show_bug.cgi?id=38066
        
        When a layer goes into compositing mode because it has a negative z-index child that is going
        into compositing mode, then set willBeComposited to true. Also add another assertion to catch
        any other cases where the state of willBeComposited is mismanaged.

        Test: compositing/composited-negative-zindex-child.html

        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::computeCompositingRequirements):

2010-04-23  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        When webkitAnimationEnd event fires, on-screen rendering should show the last frame of animation
        https://bugs.webkit.org/show_bug.cgi?id=37955

        After r37484, animation and transition end events were fired on a timer, after the animation/transition
        ended. This opened up one event loop cycle in which the non-animating state of the element was visible
        before the event fired, resulting in flashes in content that reset style from the event handler.
        
        Fix by firing these events in the same event cycle as the animation end, once all animations
        have been updated. This also required moving the place that start animations are fixed until
        a later state in the state machine, so that animations have their start time set at the point
        the event is fired (to avoid an assertion when using the freeze API in DRT).
        
        Not testable, since the flash is very transitory and cannot be captured in a pixel test.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::updateStateMachine): Move the firing of 'start' events into the state
        where the start time is known.
        * page/animation/AnimationControllerPrivate.h:
        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::updateStyleIfNeededDispatcherFired): Call the new fireEventsAndUpdateStyle()
        method.
        (WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle): New method to share code that used to be in
        updateStyleIfNeededDispatcherFired().
        (WebCore::AnimationControllerPrivate::animationTimerFired): Call fireEventsAndUpdateStyle() once we've
        processed all animations.

2010-04-23  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        CompositeAnimation::updateKeyframeAnimations() can make a KeyframeAnimation for animation "none"
        https://bugs.webkit.org/show_bug.cgi?id=38017

        Check to see if the animation name is "none", and don't fire off a keyframe animation in
        that case.

        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::updateKeyframeAnimations):

2010-04-23  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Disable Netscape plugin support for minimal configuration
        https://bugs.webkit.org/show_bug.cgi?id=38026

        No new tests, as there is no new functionality.

        * WebCore.pri:

2010-04-23  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler.

        Need borderAndPadding(Width|Height)
        https://bugs.webkit.org/show_bug.cgi?id=38046

        Refactoring only, so no new tests.

        * rendering/InlineBox.cpp:
        (WebCore::InlineBox::height):
        * rendering/RenderApplet.cpp:
        (WebCore::RenderApplet::createWidgetIfNecessary):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::isSelfCollapsingBlock):
        (WebCore::RenderBlock::calcPrefWidths):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::calcBorderBoxWidth):
        (WebCore::RenderBox::calcBorderBoxHeight):
        (WebCore::RenderBox::calcContentBoxWidth):
        (WebCore::RenderBox::calcContentBoxHeight):
        (WebCore::RenderBox::calcWidth):
        (WebCore::RenderBox::calcHeight):
        (WebCore::RenderBox::calcPercentageHeight):
        (WebCore::RenderBox::calcReplacedHeightUsing):
        (WebCore::RenderBox::availableHeightUsing):
        (WebCore::RenderBox::calcAbsoluteHorizontal):
        (WebCore::RenderBox::calcAbsoluteVertical):
        (WebCore::RenderBox::calcAbsoluteHorizontalReplaced):
        (WebCore::RenderBox::calcAbsoluteVerticalReplaced):
        (WebCore::RenderBox::positionForPoint):
        * rendering/RenderBoxModelObject.h:
        (WebCore::RenderBoxModelObject::borderAndPaddingHeight):
        (WebCore::RenderBoxModelObject::borderAndPaddingWidth):
        * rendering/RenderDataGrid.cpp:
        (WebCore::RenderDataGrid::calcPrefWidths):
        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::calcPrefWidths):
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::calcPrefWidths):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::calcPrefWidths):
        (WebCore::RenderFlexibleBox::allowedChildFlex):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::calcPrefWidths):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::resize):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::calcPrefWidths):
        (WebCore::RenderListBox::calcHeight):
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::calcPrefWidths):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::calcPrefWidths):
        * rendering/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::calcPrefWidths):
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::calcPrefWidths):
        (WebCore::RenderSlider::layout):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::styleOrColWidth):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::textBlockHeight):
        (WebCore::RenderTextControl::textBlockWidth):
        (WebCore::RenderTextControl::calcHeight):
        (WebCore::RenderTextControl::calcPrefWidths):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::layout):
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::updateWidgetPosition):

2010-04-23  David Kilzer  <ddkilzer@apple.com>

        Size mismatch between format string and argument in dumpTextEncodingNameMap()

        Reviewed by Darin Adler.

        See Bug 38030 and r58157.

        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::dumpTextEncodingNameMap): Assigned
        textEncodingNameMap->size() to an unsigned variable before using
        it in the fprintf() statement.

2010-04-23  David Kilzer  <ddkilzer@apple.com>

        BUILD FIX: Attempt to fix Windows build after Bug 36187 landed in r58168

        * DerivedSources.cpp: Changed include of JSMedia.cpp to
        JSStyleMedia.cpp.

2010-04-23  David Kilzer  <ddkilzer@apple.com>

        BUILD FIX: Fix Mac build after Bug 36187 landed in r58168

        * WebCore.xcodeproj/project.pbxproj: Renamed DOMMedia.h,
        DOMMedia.mm, DOMMediaInternal.h to DOMStyleMedia.h,
        DOMStyleMedia.mm, DOMStyleMediaInternal.h.  

2010-04-23  Kenneth Rohde Christiansen  <kenneth@webkit.org>

        Unreviewed build fix.

        Change Media to StyleMedia

        * DerivedSources.make:

2010-04-23  Xan Lopez  <xlopez@igalia.com>

        Try to fix the GTK+ bots.

        * GNUmakefile.am:

2010-04-22  Kenneth Rohde Christiansen  <kenneth@webkit.org>

        Reviewed by Laszlo Gombos.

        Rename window.media to window.styleMedia
        https://bugs.webkit.org/show_bug.cgi?id=36187

        Rename the interface Media to StyleMedia as required by the
        new CSSOM View spec.

        * Android.derived.jscbindings.mk:
        * Android.derived.v8bindings.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pri:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/Media.cpp: Removed.
        * css/Media.h: Removed.
        * css/Media.idl: Removed.
        * css/StyleMedia.cpp: Added.
        (WebCore::StyleMedia::StyleMedia):
        (WebCore::StyleMedia::type):
        (WebCore::StyleMedia::matchMedium):
        * css/StyleMedia.h: Added.
        (WebCore::StyleMedia::create):
        (WebCore::StyleMedia::disconnectFrame):
        * css/StyleMedia.idl: Added.
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::styleMedia):
        * page/DOMWindow.h:
        (WebCore::DOMWindow::optionalMedia):
        * page/DOMWindow.idl:

2010-04-23  Yury Semikhatsky  <yurys@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: provide JSC implementation for scopeType method on
        call frame and use same jsvascript code for JSC and v8 when collecting
        scope chain data.

        https://bugs.webkit.org/show_bug.cgi?id=37663

        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::JSInjectedScriptHost::currentCallFrame):
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::V8InjectedScriptHost::currentCallFrameCallback):
        * inspector/InjectedScriptHost.idl:
        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor.):

2010-04-23  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: Audits (Image Dimensions): full image URLs are prefixed with the hosting page name
        https://bugs.webkit.org/show_bug.cgi?id=37988

        * inspector/front-end/AuditRules.js:
        (WebInspector.AuditRules.ImageDimensionsRule.prototype.doRun):

2010-04-23  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        WebInspector: Flaky Inspector tests.
        https://bugs.webkit.org/show_bug.cgi?id=36217

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didCommitLoad):

2010-04-23  Yaar Schnitman  <yaar@chromium.org>

        Reviewed by Adam Barth.

        Auto-generate WebGLRenderingContext overloads in V8
        https://bugs.webkit.org/show_bug.cgi?id=37818

        * bindings/v8/custom/V8WebGLRenderingContextCustom.cpp:
        * html/canvas/WebGLRenderingContext.cpp: Added missing overloads for the following:.
        (WebCore::WebGLRenderingContext::texImage2D)
        (WebCore::WebGLRenderingContext::texSubImage2D)
        * html/canvas/WebGLRenderingContext.h: Added missing overloads.
        * html/canvas/WebGLRenderingContext.idl: IDL definition of overloads.

2010-04-23  Jeff Schiller  <codedread@gmail.com>

        Reviewed by Nikolas Zimmermann.

        Display tooltips when hovering over SVG elements, Bug 16854
        https://bugs.webkit.org/show_bug.cgi?id=16854

        Manual test added for verifying tooltips.

        * manual-tests/svg-tooltip.svg: Added.
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::title): xlink:title takes precedence, otherwise SVGStyledElement::title() is used
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::title): checks for a shadow parent and uses that title, otherwise uses the content's title
        * svg/SVGStyledElement.h: add title() method declaration

2010-04-23  David Kilzer  <ddkilzer@apple.com>

        <http://webkit.org/b/38032> No need to content sniff 304 responses
        <rdar://problem/7891726>

        Reviewed by Brady Eidson.

        * platform/network/mac/ResourceHandleMac.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        No need to adjust the MIME type on 304 responses since they're
        only used to determine if the resource needs to be refetched.

2010-04-23  David Kilzer  <ddkilzer@apple.com>

        <http://webkit.org/b/38030> Add WebCore::dumpTextEncodingNameMap() to dump text encoding map on debug builds

        Reviewed by Alexey Proskuryakov.

        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::dumpTextEncodingNameMap): Added.
        * platform/text/TextEncodingRegistry.h:
        (WebCore::dumpTextEncodingNameMap): Added declaration.

2010-04-22  Tony Chang  <tony@chromium.org>

        Reviewed by Dan Bernstein.

        Crash in WebCore::TextIterator::handleTextNode() encountered in Google rich-text products
        https://bugs.webkit.org/show_bug.cgi?id=37950

        Test: editing/text-iterator/rtl-selection-crash.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::handleTextNode):

2010-04-22  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Dan Bernstein and Beth Dakin.

        Links around blocks (e.g. divs) results in too many VoiceOver call outs
        https://bugs.webkit.org/show_bug.cgi?id=37079
        <rdar://problem/7234118>

        The basic change is to modify the AccessibilityRenderObject tree
        traversal methods to account for inline continuations in the
        render tree and make the accessibility tree look as if
        continuations didn't exist - the same as if CSS blocks could just
        sit in CSS inlines. This is slightly tricky code but creates a
        much saner accessibility tree.
        
        Tests: accessibility/image-link-inline-cont.html
               accessibility/image-link.html
               accessibility/inline-continuations.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::isInlineWithContinuation): Helper function for traversal functions to use in accounting for continuations.
        (WebCore::firstChildInContinuation): ditto
        (WebCore::firstChildConsideringContinuation): ditto
        (WebCore::lastChildConsideringContinuation): ditto
        (WebCore::startOfContinuations): ditto
        (WebCore::endOfContinuations): ditto
        (WebCore::childBeforeConsideringContinuations): ditto
        (WebCore::firstChildIsInlineContinuation): ditto
        (WebCore::lastChildHasContinuation): ditto
        (WebCore::AccessibilityRenderObject::firstChild): Account for inline continuations.
        (WebCore::AccessibilityRenderObject::lastChild): ditto
        (WebCore::AccessibilityRenderObject::previousSibling): Account for inline continuations
        and their anonymous block parents.
        (WebCore::AccessibilityRenderObject::nextSibling): ditto
        (WebCore::AccessibilityRenderObject::parentObjectIfExists): Account for inline continuations.
        (WebCore::AccessibilityRenderObject::parentObject): Account for inline continuations.
        * rendering/RenderInline.h: Make RenderInline::inlineContinuation public.

2010-04-22  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler.

        REGRESSION: TextIterator may use freed memory
        https://bugs.webkit.org/show_bug.cgi?id=37973

        Added TextIterator::m_text to hold the returned String.

        No new tests because there are no behavior change, but
        copy-backslash-with-euc.html on chromium-win should test this.

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::emitText):
        * editing/TextIterator.h:

2010-04-22  Michael Forney  <mforney@mforney.org>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=37761

        Only include JSDatabase.h and JSDatabaseCallback.h when database is
        enabled. This partially fixes building with --disable-database.

        * bindings/js/JSDOMWindowCustom.cpp: Add a check for database around
        database-related headers.

2010-04-22  Ray Rischpater  <Raymond.Rischpater@Nokia.com>

        Reviewed by Darin Adler.

        In HTMLInputElement.cpp, shouldUseInputMethod does not return true for
        some text input types (TELEPHONE, NUMBER, URL, and EMAIL). Addressed
        this by changing shouldUseInputMethod to use internal methods to 
        check that the field is a text field that isn't a password field. 

        No new tests.

        Fixes <https://bugs.webkit.org/show_bug.cgi?id=37719>

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::shouldUseInputMethod):

2010-04-22  Yaar Schnitman  <yaar@chromium.org>

        Reviewed by Adam Barth.

        Integrate v8 testing utility with webkit tests
        https://bugs.webkit.org/show_bug.cgi?id=37731

        * bindings/v8/test/run_tests.py: Removed.

2010-04-22  Zhenyao Mo  <zmo@google.com>

        Reviewed by Darin Fisher.

        Add isGLES2Compliant to GraphicsContext3D
        https://bugs.webkit.org/show_bug.cgi?id=37872

        * html/canvas/WebGLRenderingContext.cpp: Add isGLES2Compliant().
        (WebCore::WebGLRenderingContext::isGLES2Compliant):
        * html/canvas/WebGLRenderingContext.h: Ditto.
        * platform/graphics/GraphicsContext3D.h: Ditto.
        * platform/graphics/mac/GraphicsContext3DMac.cpp: Ditto.
        (WebCore::GraphicsContext3D::isGLES2Compliant):

2010-04-22  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Adam Barth.

        MD5 is required for WebSocket new protocol implementation
        https://bugs.webkit.org/show_bug.cgi?id=37913

        * ForwardingHeaders/wtf/MD5.h: Added.

2010-04-22  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=38012
        REGRESSION: Ctrl- and Option- shortcuts get wrong keyCode on non-QWERTY keyboard

        * platform/mac/KeyEventMac.mm: (WebCore::windowsKeyCodeForKeyEvent): Also look at unmodified
        characters, to avoid falling through to virtual key code lookup for Roman characters.

2010-04-22  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

        Reviewed by Darin Adler.

        Fix the MSVC 64bit build.
        https://bugs.webkit.org/show_bug.cgi?id=37980

        * platform/text/TextStream.cpp:
        * platform/text/TextStream.h:
        * plugins/win/PluginViewWin.cpp:
        (WebCore::PluginView::platformStart):

2010-04-22  Dave Moore  <davemoore@chromium.org>

        Reviewed by Dimitri Glazkov.

        Added notification when the favicons for a page are changed
        from a script.
        The Document object will notify the frame loader, which will
        notify the client. Implementations of FrameLoaderClient will
        have to add one method; dispatchDidChangeIcons().

        https://bugs.webkit.org/show_bug.cgi?id=33812

        Test: fast/dom/icon-url-property.html

        * dom/Document.cpp:
        (WebCore::Document::setIconURL):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::setIconURL):
        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::iconURL):
        * loader/EmptyClients.h:
        (WebCore::EmptyFrameLoaderClient::dispatchDidChangeIcons):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setIconURL):
        (WebCore::FrameLoader::didChangeIcons):
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:

2010-04-22  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Gustavo Noronha.

        [GTK] GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=33590

        Extend the bindings to cover most of Document.idl

        * GNUmakefile.am:
        * bindings/gobject/WebKitDOMBinding.cpp:
        (WebKit::createWrapper):
        (WebKit::kit):
        * bindings/gobject/WebKitDOMBinding.h:
        * bindings/gobject/WebKitHTMLElementWrapperFactory.cpp: Added.
        (WebKit::createAnchorWrapper):
        (WebKit::createAppletWrapper):
        (WebKit::createAreaWrapper):
        (WebKit::createBaseWrapper):
        (WebKit::createBaseFontWrapper):
        (WebKit::createBlockquoteWrapper):
        (WebKit::createBodyWrapper):
        (WebKit::createBRWrapper):
        (WebKit::createButtonWrapper):
        (WebKit::createCanvasWrapper):
        (WebKit::createTableCaptionWrapper):
        (WebKit::createTableColWrapper):
        (WebKit::createModWrapper):
        (WebKit::createDirectoryWrapper):
        (WebKit::createDivWrapper):
        (WebKit::createDListWrapper):
        (WebKit::createEmbedWrapper):
        (WebKit::createFieldSetWrapper):
        (WebKit::createFontWrapper):
        (WebKit::createFormWrapper):
        (WebKit::createFrameWrapper):
        (WebKit::createFrameSetWrapper):
        (WebKit::createHeadingWrapper):
        (WebKit::createHeadWrapper):
        (WebKit::createHRWrapper):
        (WebKit::createHtmlWrapper):
        (WebKit::createIFrameWrapper):
        (WebKit::createImageWrapper):
        (WebKit::createInputWrapper):
        (WebKit::createIsIndexWrapper):
        (WebKit::createLabelWrapper):
        (WebKit::createLegendWrapper):
        (WebKit::createLIWrapper):
        (WebKit::createLinkWrapper):
        (WebKit::createMapWrapper):
        (WebKit::createMarqueeWrapper):
        (WebKit::createMenuWrapper):
        (WebKit::createMetaWrapper):
        (WebKit::createObjectWrapper):
        (WebKit::createOListWrapper):
        (WebKit::createOptGroupWrapper):
        (WebKit::createOptionWrapper):
        (WebKit::createParagraphWrapper):
        (WebKit::createParamWrapper):
        (WebKit::createPreWrapper):
        (WebKit::createQuoteWrapper):
        (WebKit::createScriptWrapper):
        (WebKit::createSelectWrapper):
        (WebKit::createStyleWrapper):
        (WebKit::createTableWrapper):
        (WebKit::createTableSectionWrapper):
        (WebKit::createTableCellWrapper):
        (WebKit::createTextAreaWrapper):
        (WebKit::createTitleWrapper):
        (WebKit::createTableRowWrapper):
        (WebKit::createUListWrapper):
        (WebKit::createHTMLElementWrapper):
        * bindings/gobject/WebKitHTMLElementWrapperFactory.h: Added.
        * bindings/scripts/CodeGeneratorGObject.pm:
        * dom/Node.idl:

2010-04-22  Eric Carlson  <eric.carlson@apple.com>

        Reviewed by Simon Fraser.

        Do not pause movie when readyState drops below HAVE_FUTURE_DATA
        https://bugs.webkit.org/show_bug.cgi?id=37991
        <rdar://problem/7893937>

        No new tests, we don't have infrastructure in DRT to test with streamed
        movies.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement): Initialize m_readyStateMaximum.
        (WebCore::HTMLMediaElement::prepareForLoad): Reset m_readyStateMaximum.
        (WebCore::HTMLMediaElement::setReadyState): Maintain m_readyStateMaximum.
        (WebCore::HTMLMediaElement::potentiallyPlaying): Also return true if the readyState was
        previously >= HAVE_FUTURE_DATA. 
        * html/HTMLMediaElement.h:

2010-04-22  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        Regression: framebufferRenderbuffer crashes with null renderBuffer
        https://bugs.webkit.org/show_bug.cgi?id=37963

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::framebufferRenderbuffer): Dealing with null renderbuffer input.

2010-04-22  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        Emulate GL_IMPLEMENTATION_COLOR_READ_FORMAT/TYPE for glGet
        https://bugs.webkit.org/show_bug.cgi?id=37281

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::WebGLRenderingContext): Remove error check because two enums are supported now. 
        (WebCore::WebGLRenderingContext::getParameter): Add two enums.
        (WebCore::WebGLRenderingContext::readPixels): Fix a tiny bug.
        * platform/graphics/mac/GraphicsContext3DMac.cpp:
        (WebCore::GraphicsContext3D::getIntegerv): Emulate two enums.

2010-04-22  Diego Escalante Urrelo  <descalante@igalia.com>

        Reviewed by Xan Lopez.

        [GTK] Mute/unmute button on <video> elements are backwards
        https://bugs.webkit.org/show_bug.cgi?id=33967

        Fix mute/unmute buttons icons-action relation and explain why their
        variable names and corresponding icons seem to be misleading but are
        actually right. Original patch by Mike Hommey.

        * platform/gtk/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::initMediaStyling):

2010-04-22  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Eric Seidel.

        Fix build if NPAPI support is disabled
        https://bugs.webkit.org/show_bug.cgi?id=36621

        No new tests, this is a build fix.
        Re-submit r58043 with fix for EFL.

        * plugins/PluginViewNone.cpp:

2010-04-22  Diego Escalante Urrelo  <descalante@igalia.com>

        Reviewed by Xan Lopez.

        [Gtk] Evaluate and create tests for all the AtkRole's implemented by
        WebKitGtk
        https://bugs.webkit.org/show_bug.cgi?id=34449

        Implement ATK_ROLE_COMBO_BOX.

        * accessibility/gtk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (atkRole):

2010-04-22  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        SVGPaintServer needs to be converted to the new RenderSVGResource* system
        https://bugs.webkit.org/show_bug.cgi?id=37986

        No functional changes, just move the SVGPaintServer* classes from svg/graphics/ to rendering/, the new location for the RenderSVGResource* classes.
        This is a preparation for the real patch which follows soon.

        * Android.mk: Rename files and move to the right location.
        * GNUmakefile.am: Ditto.
        * WebCore.gypi: Ditto.
        * WebCore.pro: Ditto.
        * WebCore.vcproj/WebCore.vcproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * rendering/RenderSVGResource.cpp: Copied from svg/graphics/SVGPaintServer.cpp.
        * rendering/RenderSVGResourceGradient.cpp: Copied from svg/graphics/SVGPaintServerGradient.cpp.
        * rendering/RenderSVGResourceGradient.h: Copied from svg/graphics/SVGPaintServerGradient.h.
        * rendering/RenderSVGResourceLinearGradient.cpp: Copied from svg/graphics/SVGPaintServerLinearGradient.cpp.
        * rendering/RenderSVGResourceLinearGradient.h: Copied from svg/graphics/SVGPaintServerLinearGradient.h.
        * rendering/RenderSVGResourcePattern.cpp: Copied from svg/graphics/SVGPaintServerPattern.cpp.
        * rendering/RenderSVGResourcePattern.h: Copied from svg/graphics/SVGPaintServerPattern.h.
        * rendering/RenderSVGResourceRadialGradient.cpp: Copied from svg/graphics/SVGPaintServerRadialGradient.cpp.
        * rendering/RenderSVGResourceRadialGradient.h: Copied from svg/graphics/SVGPaintServerRadialGradient.h.
        * rendering/RenderSVGResourceSolidColor.cpp: Copied from svg/graphics/SVGPaintServerSolid.cpp.
        * rendering/RenderSVGResourceSolidColor.h: Copied from svg/graphics/SVGPaintServerSolid.h.
        * rendering/SVGRenderTreeAsText.cpp: Change include file names.
        * svg/SVGFont.cpp: Ditto.
        * svg/SVGGradientElement.cpp: Ditto.
        * svg/SVGGradientElement.h: Ditto.
        * svg/SVGLinearGradientElement.cpp: Ditto.
        * svg/SVGPatternElement.cpp: Ditto.
        * svg/SVGPatternElement.h: Ditto.
        * svg/SVGRadialGradientElement.cpp: Ditto.
        * svg/graphics/SVGPaintServer.cpp: Removed.
        * svg/graphics/SVGPaintServerGradient.cpp: Removed.
        * svg/graphics/SVGPaintServerGradient.h: Removed.
        * svg/graphics/SVGPaintServerLinearGradient.cpp: Removed.
        * svg/graphics/SVGPaintServerLinearGradient.h: Removed.
        * svg/graphics/SVGPaintServerPattern.cpp: Removed.
        * svg/graphics/SVGPaintServerPattern.h: Removed.
        * svg/graphics/SVGPaintServerRadialGradient.cpp: Removed.
        * svg/graphics/SVGPaintServerRadialGradient.h: Removed.
        * svg/graphics/SVGPaintServerSolid.cpp: Removed.
        * svg/graphics/SVGPaintServerSolid.h: Removed.
        * svg/graphics/SVGResourceListener.h: Removed.

2010-04-22  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Hide the OpenGL and QtMultimedia dependencies from syncqt.

        This prevents the dependent headers from being included by
        qt/include/QtWebKit/QtWebKit

        * WebCore.pro:

2010-04-22  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Adam Roben.

        EFL does not support PluginDatabase yet.
        http://webkit.org/b/37854

        No behavior changes, so no new tests were added.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::defaultObjectContentType):

2010-04-22  Ilya Tikhonovsky  <loislo@chromium.org>

        Reviewed by Yury Semikhatsky.

        Web Inspector: Timeline scrolling speed is slow if it has more than 1k timeline marks.
        https://bugs.webkit.org/show_bug.cgi?id=37924

        * inspector/front-end/TimelineGrid.js:
        (WebInspector.TimelineGrid.prototype.updateDividers):
        (WebInspector.TimelineGrid.prototype.addEventDividers):
        * inspector/front-end/TimelineOverviewPane.js:
        (WebInspector.TimelineOverviewPane.prototype.updateEventDividers):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype._updateEventDividers):
        (WebInspector.TimelinePanel.prototype._refresh):

2010-04-22  Kenneth Rohde Christiansen  <kenneth@webkit.org>

        Reviewed by Simon Fraser.

        Rename window.media to window.styleMedia
        https://bugs.webkit.org/show_bug.cgi?id=36187

        It has been defined that the AbstractView media extension
        defined in the CSSOM View spec should be renamed to styleMedia.
        This patch does that and updates the current layout tests
        making use of it.

        * page/AbstractView.idl:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::styleMedia):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2010-04-22  Anton Muhin  <antonm@chromium.org>

        Reviewed by Adam Barth.

        [v8] Do not pass empty handle into SetHiddenValue which would crash.
        https://bugs.webkit.org/show_bug.cgi?id=37801

        * bindings/v8/V8AbstractEventListener.cpp:
        (WebCore::V8AbstractEventListener::handleEvent): add couple of asserts to check for unexpected paths
        (WebCore::V8AbstractEventListener::invokeEventHandler): bail out of jsEvent is empty handle

2010-04-22  Stephan Aßmus  <superstippi@gmx.de>

        Reviewed by David Levin.

        [Haiku] Implement ImageBuffer support
        https://bugs.webkit.org/show_bug.cgi?id=35288

        Covered by existing tests.

        Complete implementation of ImageBuffer for Haiku. Uses StillImage
        class to export a WebCore::Image and associated GraphicsContext
        to perform arbitrary drawing in the offscreen BBitmap buffer.

        * platform/graphics/haiku/ImageBufferData.h:
        * platform/graphics/haiku/ImageBufferHaiku.cpp,
        (WebCore::ImageBufferData::ImageBufferData),
        (WebCore::ImageBufferData::~ImageBufferData),
        (WebCore::ImageBuffer::ImageBuffer),
        (WebCore::ImageBuffer::~ImageBuffer),
        (WebCore::ImageBuffer::context),
        (WebCore::ImageBuffer::image):
            Implementation uses offscreen BBitmap and BView, wraps StillImage
            around those to provide WebCore::Image interface.
        (WebCore::ImageBuffer::platformTransformColorSpace):
        (WebCore::convertFromData):
            Method just performs BGRA <-> RGBA conversion.
        (WebCore::convertFromInternalData):
            Method just performs BGRA <-> RGBA conversion and handles
            pre-multiplying the color values if requested.
        (WebCore::convertToInternalData):
            Method just performs BGRA <-> RGBA conversion and handles
            de.multiplying the color values if requested.
        (WebCore::getImageData):
            Common code for the next two methods.
        (WebCore::ImageBuffer::getUnmultipliedImageData),
        (WebCore::ImageBuffer::getPremultipliedImageData):
            Implemented.
        (WebCore::putImageData):
            Common code for the next two methods.
        (WebCore::ImageBuffer::putUnmultipliedImageData),
        (WebCore::ImageBuffer::putPremultipliedImageData):
            Implemented.
        (WebCore::ImageBuffer::toDataURL):
            Uses Haiku "Translation Kit" to convert image data to data
            of the requested mime type.

2010-04-22  Adam Barth  <abarth@webkit.org>

        Unreviewed, rolling out r58069.
        http://trac.webkit.org/changeset/58069
        https://bugs.webkit.org/show_bug.cgi?id=27751

        Broke compile on Windows.

        * WebCore.base.exp:
        * editing/EditorCommand.cpp:
        (WebCore::supportedPaste):
        (WebCore::createCommandMap):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:

2010-04-22  Abhishek Arya  <inferno@chromium.org>

        Reviewed by Adam Barth.

        Add support for controlling clipboard access from javascript.
        Clipboard access from javascript is disabled by default.
        https://bugs.webkit.org/show_bug.cgi?id=27751

        Test: editing/execCommand/clipboard-access.html

        * WebCore.base.exp:
        * editing/EditorCommand.cpp:
        (WebCore::supportedCopyCut):
        (WebCore::supportedPaste):
        (WebCore::createCommandMap):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setJavaScriptCanAccessClipboard):
        * page/Settings.h:
        (WebCore::Settings::javaScriptCanAccessClipboard):

2010-04-22  Stephan Aßmus  <superstippi@gmx.de>

        Reviewed by David Levin.

        [Haiku] Improve SimpleFontDataHaiku
        https://bugs.webkit.org/show_bug.cgi?id=37411

        Covered by existing tests.

        * platform/graphics/haiku/SimpleFontDataHaiku.cpp:
            - Cleaned up includes
            - Removed prototype "charUnicodeToUTF8HACK"
        (WebCore::SimpleFontData::platformInit):
            - Use const BFont pointer
        (WebCore::SimpleFontData::smallCapsFontData):
            - "fontPlatformData" was leaked. It is only
              used as the key for the font cache lookup.
        (WebCore::SimpleFontData::platformMetricsForGlyph):
            - Use existing WebCore encoding infrastructure
              instead of adding a hack for Haiku. 

2010-04-21  Steve Block  <steveblock@google.com>

        Reviewed by Kenneth Rohde Christiansen.

        Replace Geolocation::suspend()/resume() which are required by Android.
        https://bugs.webkit.org/show_bug.cgi?id=37942

        These methods were removed in Bug 36255.

        Build fix only, no new tests.

        * page/Geolocation.cpp:
        (WebCore::Geolocation::suspend):
        (WebCore::Geolocation::resume):
        * page/Geolocation.h:

2010-04-21  Ray Rischpater  <Raymond.Rischpater@Nokia.com>

        In HTMLInputElement.cpp there are numerous style
        violations.

        This patch includes style changes to fix existing style
        deviations in this file.

        Rubber stamped by Darin Adler.

        Fixes <https://bugs.webkit.org/show_bug.cgi?id=37881>

        * html/HTMLInputElement.cpp:

2010-04-21  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Adam Roben.

        Add missing EFL WebCore file.
        http://webkit.org/b/37854

        No behavior changes, so no new tests were added.

        * bindings/js/ScriptControllerEfl.cpp: Added.
        (WebCore::ScriptController::createScriptInstanceForWidget):

2010-04-21  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Printing Core Animation-based plug-ins is broken
        https://bugs.webkit.org/show_bug.cgi?id=37967

        When we do a "flattening" paint because of printing, we need to stash
        the flattening flag in the FrameView's m_paintBehavior, because
        WebBaseNetscapePluginView needs to find it there to decide whether
        to grab a bitmap for printing, for CA plug-ins.

        * page/FrameView.cpp:
        (WebCore::FrameView::paintContents):

2010-04-21  François Sausset  <sausset@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        Fix to take into account a change made in "StringImpl".
        https://bugs.webkit.org/show_bug.cgi?id=37763

        * mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::updateFromElement):

2010-04-21  Andy Estes  <aestes@apple.com>

        Reviewed by Darin Adler.

        Create a template for creating reference-counted Windows GDI handles.
        Refactor RefCountedHFONT to use this template.

        https://bugs.webkit.org/show_bug.cgi?id=37952

        No change in behavior.

        * WebCore.vcproj/WebCore.vcproj: Add RefCountedHFONT.h
        * platform/graphics/cairo/FontPlatformData.h:
        (WebCore::FontPlatformData::hfont): Refactor to return m_hfont->handle() instead of m_hfont->hfont().
        * platform/graphics/cg/FontPlatformData.h:
        (WebCore::FontPlatformData::hfont): Same.
        * platform/graphics/win/FontPlatformDataCGWin.cpp:
        (WebCore::FontPlatformData::FontPlatformData): Instantiate m_hfont with a RefCountedGDIHandle<HFONT>.
        * platform/graphics/win/FontPlatformDataWin.cpp:
        (WebCore::FontPlatformData::FontPlatformData): Same.
        * platform/graphics/win/RefCountedGDIHandle.h: Added. Interface is identical to RefCountedHFONT with exception of renaming hfont() to handle().
        (WebCore::RefCountedGDIHandle::create):
        (WebCore::RefCountedGDIHandle::createDeleted):
        (WebCore::RefCountedGDIHandle::~RefCountedGDIHandle):
        (WebCore::RefCountedGDIHandle::handle): Return the GDI handle.
        (WebCore::RefCountedGDIHandle::hash):
        (WebCore::RefCountedGDIHandle::RefCountedGDIHandle):
        * platform/graphics/win/RefCountedHFONT.h: Removed.

2010-04-21  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

        Reviewed by Darin Adler.

        Fix build if NPAPI support is disabled
        https://bugs.webkit.org/show_bug.cgi?id=36621

        No new tests, this is a build fix.
        Re-submit r56585 with fix for Chromium.

        * plugins/PluginView.cpp: Guard getValueStatic() with
        NETSCAPE_PLUGIN_API
        (WebCore::PluginView::getValue):
        * plugins/PluginView.h: Guard getValue() with NETSCAPE_PLUGIN_API
        * plugins/PluginViewNone.cpp: Guard platformGetValue() and
        platformGetValueStatic with NETSCAPE_PLUGIN_API;
        Guard privateBrowsingStateChanged() and setJavaScriptPaused() with
        PLATFORM(MAC) or PLATFORM(CHROMIUM)

2010-04-21  David Yonge-Mallo  <davinci@chromium.org>

        Reviewed by Dan Bernstein.

        ZWNJ - Display non-printing, invisible character
        https://bugs.webkit.org/show_bug.cgi?id=16131

        Fix the (non)display of glyphs for ZWJ and ZWNJ in simple font code path.

        Tests: fast/text/format-control.html
               fast/text/zero-width-characters.html

        * platform/graphics/Font.h:
        (WebCore::Font::operator!=):
        (WebCore::Font::treatAsZeroWidthSpace): treat ZWNJ and ZWJ as ZWSP.
        * platform/graphics/GlyphPageTreeNode.cpp:
        (WebCore::GlyphPageTreeNode::initializePage): added ZWNJ and ZWJ.
        * platform/text/CharacterNames.h: added ZWNJ and ZWJ.

2010-04-21  Charles Wei  <charles.wei@torchmobile.com.cn>

        Reviewed by George Staikos.

        Fix webkit build problem when xhtmlmp enabled, which is introduced by revision 57927, for 
        bug fix of 37175 , which seperates DocumentWriter from FrameLoader
        https://bugs.webkit.org/show_bug.cgi?id=37915

        No new tests since this only fixes the build problem.

        * dom/Document.cpp:
        (WebCore::Document::isXHTMLMPDocument):

2010-04-21  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler.

        Call sites of TextIterator constructor are difficult to read
        https://bugs.webkit.org/show_bug.cgi?id=37909

        Now we use enum parameters instead of boolean parameters and
        boolean version of constructors are eliminated.

        This change also changes the names of boolean members so they are
        now third person singular.

        No new tests because this is just a refactoring.

        * WebCore.base.exp:
        * editing/TextIterator.cpp:
        (WebCore::TextIterator::TextIterator):
        (WebCore::TextIterator::advance):
        (WebCore::TextIterator::handleReplacedElement):
        (WebCore::TextIterator::shouldRepresentNodeOffsetZero):
        (WebCore::TextIterator::shouldEmitSpaceBeforeAndAfterNode):
        (WebCore::TextIterator::handleNonTextNode):
        (WebCore::TextIterator::exitNode):
        (WebCore::TextIterator::emitCharacter):
        (WebCore::TextIterator::emitText):
        (WebCore::CharacterIterator::CharacterIterator):
        (WebCore::TextIterator::rangeLength):
        (WebCore::TextIterator::rangeFromLocationAndLength):
        (WebCore::findPlainText):
        * editing/TextIterator.h:
        (WebCore::):
        * editing/VisibleSelection.cpp:
        (WebCore::VisibleSelection::appendTrailingWhitespace):
        * editing/visible_units.cpp:
        (WebCore::nextBoundary):

2010-04-21  Jesus Sanchez-Palencia  <jesus@webkit.org>

        Reviewed by Kenneth Rohde Christiansen.

        Add PageClientQt files.

        [Qt] PageClientQt specific implementation for QWidget
        https://bugs.webkit.org/show_bug.cgi?id=37858

        * WebCore.pro:

2010-04-21  Diego Escalante Urrelo  <descalante@igalia.com>

        Reviewed by Xan Lopez.

        [Gtk] Evaluate and create tests for all the AtkRole's implemented by
        WebKitGtk
        https://bugs.webkit.org/show_bug.cgi?id=34449

        Implement ATK_ROLE_SEPARATOR.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/gtk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

2010-04-21  David Leong  <david.leong@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Symbian apps crash on exit due to a bad qObject_cast.

        https://bugs.webkit.org/show_bug.cgi?id=37303

        Added check for NULL to avoid the crash. Reworked to fix memory leak
           
        * plugins/symbian/PluginViewSymbian.cpp:
        (WebCore::PluginView::platformDestroy):

2009-04-21  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Alexey Proskuryakov.

        aria-liveregion-notifications.html fails on leopard release bot
        https://bugs.webkit.org/show_bug.cgi?id=37112

        Change the method that DRT uses to monitor AX notifications so that its robust
        by just sending out NSNotification that can be listened to by anyone, instead
        of keeping a static function pointer around.
   
        This change is aimed to avoid flakiness seen in DRT when the notification handlers
        are not being called at the appropriate time.

        Tests: platform/mac/accessibility/aria-liveregions-addedelement.html
               platform/mac/accessibility/aria-liveregions-changedalt.html
               platform/mac/accessibility/aria-liveregions-changedtext.html
               platform/mac/accessibility/aria-liveregions-removedelement.html

        * accessibility/mac/AccessibilityObjectWrapper.h:
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper accessibilitySetShouldRepostNotifications:]):
        (-[AccessibilityObjectWrapper accessibilityPostedNotification:]):

2010-04-21  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by NOBODY (Leopard build fix).
        Remove old exports.

        * WebCore.base.exp:

2010-04-21  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Darin Adler.

        Bug 37949 - Do no copy strings into a shared buffer when converting UStrings to Strings
        UString and String now have the same internal representation; Just re-wrap the internal impl.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::jsStringSlowCase):
        * bindings/js/JSDOMBinding.h:
        (WebCore::ustringToString):
        (WebCore::stringToUString):
        (WebCore::identifierToString):
        (WebCore::ustringToAtomicString):
        (WebCore::identifierToAtomicString):

2010-04-21  Mark Rowe  <mrowe@apple.com>

        Reviewed by Eric Carlson.

        <rdar://problem/7313430> Many crashes in Safari inside Flip4Mac below -[NSAlert didEndAlert:returnCode:contextInfo:]

        A manual test case is required here as the Flip4Mac plug-in displays an alert, and some manual tweaking of the plug-in's
        preference file on disk is often required to reproduce the bug.

        * manual-tests/plugins/flip4mac-update-alert-over-navigation.html: Added.

2010-04-21  Mark Rowe  <mrowe@apple.com>

        Reviewed by Maciej Stachowiak.

        <rdar://problem/7856151> REGRESSION: NPP_Destroy is not called when page navigates when plug-in is displaying modal dialog

        This is a manual test case as I was not able to construct an automated test that reproduced the same issue without displaying
        a modal dialog on-screen.

        * manual-tests/plugins/timeout-dialog-displayed-over-navigation.html: Added.
        * manual-tests/plugins/timeout-dialog-displayed-over-navigation.swf: Added.

2010-04-21  Sam Weinig  <sam@webkit.org>

        Reviewed by Geoffrey Garen.

        Fix for https://bugs.webkit.org/show_bug.cgi?id=37937
        Wean JavaScriptCore off calls to isMainThread()

        No change in behavior.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::commonJSGlobalData):
        Explicitly set a large stack type for the common JSGlobalData and
        set the currently running thread as the exclusive thread for its 
        execution.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::WorkerScriptController):
        Explicitly set a small stack type for the workers JSGlobalData. 

2010-04-21  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by NOBODY (Qt build fix).

        * WebCore.gypi:
        * WebCore.pro:
        * platform/text/qt/StringQt.cpp: Removed.

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt, Darin Adler.

        Bug 37906 - Remove JSC::UStringImpl; unify with StringImpl.
        Add include for StringHash.h.

        * WebCore.xcodeproj/project.pbxproj:
        * bridge/c/c_class.cpp:

2010-04-21  Alexey Proskuryakov  <ap@apple.com>

        Tiger build fix.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::createNSURLConnection): Fixed a typo, named an argument.
        (WebCore::ResourceHandle::start): Moved shouldUseCredentialStorage out of #if, since it's
        now passed to createNSURLConneciton() on all platforms (and then ignored on Tiger).

2010-04-21  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adam Roben.

        Windows build fix.

        * platform/network/cf/ResourceHandleCFNet.cpp: Declare CFURLConnectionCreateWithProperties
        for now, as it's mistakenly missing from WebKitSupportLibrary headers.

2010-04-21  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Darin Adler.

        REGRESSION(r57292): Safari/Win and Chromium/Win no longer pass the acid3 test.
        https://bugs.webkit.org/show_bug.cgi?id=37902

        The issue is due to MSVC creating enums as signed. The fix is to store the value
        as unsigned.

        Test: http://acid3.acidtests.org/

        * rendering/style/RenderStyle.h:
        (WebCore::InheritedFlags): Changed type of _insideLink to unsigned.

2010-04-21  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Brady Eidson.

        https://bugs.webkit.org/show_bug.cgi?id=37933
        <rdar://problem/7719540> XMLHttpRequest.withCredentials should be better enforced.

        Test: http/tests/xmlhttprequest/cross-origin-authorization-with-embedder.html

        This improves integration between ResourceHandle and Apple networking libraries.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::createConnectionProperties): A new helper for creating connection properties dictionary.
        (WebCore::ResourceHandle::start): Pass connection properties.
        (WebCore::WebCoreSynchronousLoader::load): Ditto.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::createNSURLConnection): Factor out OS version dependent code for creating
        NSURLConnection. Tell NSURLConnection about credential policy upfront.
        (WebCore::ResourceHandle::start): Use the new function.
        (+[WebCoreSynchronousLoader loadRequest:allowStoredCredentials:returningResponse:error:]): Ditto.

2010-04-21  Xiaomei Ji  <xji@chromium.org>

        Reviewed by Dimitri Glazkov

        This patch fixes [chromium] RTL <select> dropdown box expands to right
        instead of left.
        https://bugs.webkit.org/show_bug.cgi?id=37232

        No automatic test is possible.

        * manual-tests/select_dropdown_box_alignment.html: Added.
        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::layout): Adjust the x-axis of dropdown box 
        for RTL.

2010-04-21  anton muhin  <antonm@google.com>

        Reviewed by Adam Barth.

        [v8] Bail out if fetching of Object.prototype fails.
        https://bugs.webkit.org/show_bug.cgi?id=37661

        If for any reason we failed to fetch Object.prototype, context cannot
        be properly initialized and we bail out.

        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::initContextIfNeeded): bail out if installHiddenObjectPrototype failed
        (WebCore::V8DOMWindowShell::installHiddenObjectPrototype): bail out if failed to fetch Object.prototype
        * bindings/v8/V8DOMWindowShell.h: return false if installHiddenObjectPrototype failed

2010-04-21  Timothy Hatcher  <timothy@apple.com>

        Make UserContentURLPattern correctly check for subdomains and the URL
        has the same suffix as the pattern. Also improve the parsing of the host.

        https://bugs.webkit.org/show_bug.cgi?id=37357

        Reviewed by Darin Adler.

        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::parse): Simplify the subdomain pattern parsing to
        simply check for "*" only or a "*." prefix and then do a substring.
        (WebCore::UserContentURLPattern::matchesHost): Check that the host has a "." in the
        position before the suffix to ensure it a subdomain and not just a suffix match.

2010-04-21  Xan Lopez  <xlopez@igalia.com>

        Try to fix compilation on GTK+ debug bots.

        * bindings/gobject/WebKitDOMBinding.cpp:
        (WebKit::createWrapper):

2010-04-21  Jakub Wieczorek  <jwieczorek@webkit.org>

        Reviewed by Darin Adler.

        List item markers are not always updated after changes in the DOM.
        https://bugs.webkit.org/show_bug.cgi?id=37060

        In particular, they would not be updated when adding/removing an item
        that is not a direct child of the list element.

        Tests: fast/lists/ol-nested-items-dynamic-insert.html
               fast/lists/ol-nested-items-dynamic-remove.html
               fast/lists/ol-nested-items.html
               fast/lists/ol-nested-list-dynamic-insert.html
               fast/lists/ol-nested-list-dynamic-remove.html
               fast/lists/ol-nested-list.html

        * rendering/RenderListItem.cpp:
        (WebCore::updateListMarkerNumbers): Change it to traverse the whole subtree of a list, not only siblings of an item.
        * rendering/RenderListItem.h:
        * rendering/RenderObject.cpp: Move the updateListMarkerNumbers function to RenderListItem.cpp.
        (WebCore::RenderObject::addChild): Move the code updating list markers to RenderObjectChildList for consistency.
        * rendering/RenderObjectChildList.cpp: Move the updateListMarkerNumbers function to RenderListItem.cpp.
        (WebCore::RenderObjectChildList::removeChildNode): Pass the actual node being removed, not the next sibling.
        (WebCore::RenderObjectChildList::appendChildNode): Pass the actual node being added, not the next sibling.
        (WebCore::RenderObjectChildList::insertChildNode): Pass the actual node being added, not the next sibling.
        * rendering/RenderTreeAsText.cpp:
        (WebCore::markerTextForListItem):

2010-04-21  Xan Lopez  <xlopez@igalia.com>

        Reviewed by Adam Barth.

        [GTK] GObject DOM bindings
        https://bugs.webkit.org/show_bug.cgi?id=33590

        Initial version of the GObject DOM bindings.

        Only bindings for Node.idl and a few of its dependencies are
        provided, without public API to access them at the
        moment. References to the Document interfaces and to
        EventListeners in Node.idl are ignored for GObject to make the
        initial patch as small as possible, but will be enabled in a
        follow-up patch.

        * GNUmakefile.am:
        * bindings/gobject/ConvertToUTF8String.cpp: Added.
        (convertToUTF8String):
        * bindings/gobject/ConvertToUTF8String.h: Added.
        * bindings/gobject/WebKitDOMBinding.cpp: Added.
        (WebKit::domObjects):
        (WebKit::DOMObjectCache::get):
        (WebKit::DOMObjectCache::put):
        (WebKit::DOMObjectCache::forget):
        (WebKit::createWrapper):
        (WebKit::kit):
        * bindings/gobject/WebKitDOMBinding.h: Added.
        * bindings/gobject/WebKitDOMObject.cpp: Added.
        (webkit_dom_object_init):
        (webkit_dom_object_class_init):
        * bindings/gobject/WebKitDOMObject.h: Added.
        * bindings/scripts/CodeGeneratorGObject.pm: Added.
        * bindings/scripts/gobject-generate-headers.pl: Added.
        * dom/Node.idl:

2010-04-21  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Xan Lopez.

        Wrong header being included in FontPlatformDataCairo.cpp
        https://bugs.webkit.org/show_bug.cgi?id=37829

        No behavior changes, so no new tests were added.

        * platform/graphics/cairo/FontPlatformDataCairo.cpp:

2010-04-21  Adam Roben  <aroben@apple.com>

        Fix leaks of FilterData/SVGFilterBuilder in RenderSVGResourceFilter

        Fixes <http://webkit.org/b/37922>.

        Reviewed by Dave Hyatt.

        * rendering/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::applyResource): Use an OwnPtr to
        hold the heap-allocated FilterData object, so that we won't leak it
        when we bail out of this function on error.

2010-04-21  Zoltan Herczeg  <zherczeg@webkit.org>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] startAnimation() is not needed to preceede nativeImageForCurrentFrame()
        https://bugs.webkit.org/show_bug.cgi?id=37844

        nativeImageForCurrentFrame() resets the m_decoder parameter under Qt,
        which is required by startAnimation() to detect frame and repetition counts.
        Hence, Image::drawTiled cannot start animations under Qt:
        <html><body background="animated.gif"></body></html> does not work

        * platform/graphics/qt/ImageDecoderQt.cpp:
        (WebCore::ImageDecoderQt::internalHandleCurrentImage):

2010-04-21  Benjamin Poulain  <ikipou@gmail.com>

        Reviewed by Simon Fraser.

        Update of fixed elements is not made correctly when the page has been scrolled
        https://bugs.webkit.org/show_bug.cgi?id=36783

        When a fixed element was updated, the old geometry was not repainted correctly
        because the repaint rect was cached during the layout and not updated when 
        scrolling.

        The rect is now updated while scrolling so the region updated correspond to the
        region of the element on the screen.

        The method RenderLayer::updateRepaintRectsAfterScroll() updates
        the repaint rect of all fixed tree after scroll.

        Tests: fast/repaint/fixed-child-move-after-scroll.html
               fast/repaint/fixed-child-of-fixed-move-after-scroll.html
               fast/repaint/fixed-child-of-transformed-move-after-scroll.html
               fast/repaint/fixed-move-after-scroll.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollPositionChanged):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateRepaintRectsAfterScroll):
        * rendering/RenderLayer.h:

2010-04-21  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Adam Roben.

        Update EFL port to match recent API changes.
        http://webkit.org/b/37853

        No behavior changes, so no new tests were added.

        * platform/efl/FileSystemEfl.cpp:
        * platform/efl/LocalizedStringsEfl.cpp:
        (WebCore::missingPluginText):
        (WebCore::crashedPluginText):
        * platform/efl/MIMETypeRegistryEfl.cpp:
        (WebCore::MIMETypeRegistry::isApplicationPluginMIMEType):
        * platform/graphics/efl/ImageEfl.cpp:

2010-04-21  Avi Drissman  <avi@chromium.org>

        Reviewed by Simon Fraser.

        JPG images fail to print in Chromium
        https://bugs.webkit.org/show_bug.cgi?id=37796

        Image sources of JPG data with final=false fail to draw into PDF contexts even if later updated (<rdar://problem/7874035>). Therefore, destroy and re-create the image source when the final data arrives.

        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::setData):

2010-04-21  Marcus Bulach  <bulach@chromium.org>

        Reviewed by Nate Chapin.

        EventSource needs to be marked as an ActiveDomType.
        https://bugs.webkit.org/show_bug.cgi?id=37857
        Existing layout tests (fast/eventsource and http/tests/eventsource/) should pass when compiling with eventsource enabled.

        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/v8/V8DOMWrapper.cpp:
        * bindings/v8/custom/V8EventSourceConstructor.cpp:
        (WebCore::V8EventSource::constructorCallback):

2010-04-21  Gustavo Sverzut Barbieri  <barbieri@profusion.mobi>

        Reviewed by Nikolas Zimmermann.

        Add missing includes to platform/posix/FileSystemPOSIX.cpp
        https://bugs.webkit.org/show_bug.cgi?id=37861

        No behavior changes, so no new tests were added.

        * platform/posix/FileSystemPOSIX.cpp:

2010-04-21  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Simon Fraser.

        [Qt] Fix or remove the runtime flag for accelerated compositing.

        This adds a way for a chrome client to disallow layers from becoming composited,
        even if the settings enable accelerated compositing. This is necessary for platforms
        where different views can be applied with the same settings to the same page.

        We enable an API through ChromeClient to ask the chrome-client whether or not
        it can render composited layers, which is taken into account when the compositor
        decides whether or not to start compositing.

        https://bugs.webkit.org/show_bug.cgi?id=37313

        Pages under LayoutTests/compositing now work under QWebView, even when
        QWebSettings::AcceleratedCompositingEnabled is on.

        * page/ChromeClient.h:
        (WebCore::ChromeClient::allowsAcceleratedCompositing):
        * platform/qt/QWebPageClient.h:
        (QWebPageClient::allowsAcceleratedCompositing):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::canBeComposited):

2010-04-21  Ryosuke Niwa  <rniwa@webkit.org>

        No review. Spurious whitespace was removed from project file.

        * WebCore.xcodeproj/project.pbxproj:

2010-04-20  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Eric Seidel.

        [Qt] Build fix: warning on L933 of CompositeEditCommand.cpp
        https://bugs.webkit.org/show_bug.cgi?id=37912

        Replaced the ternary operator by an if statement because GCC was confused by the use of
        ternary operator and producing warnings on Qt builds.

        * WebCore.xcodeproj/project.pbxproj:
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::moveParagraphs):

2010-04-20  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Justin Garcia.

        Nested <ul>s are mishandled when converted to <ol> using execCommand('insertorderedlist')
        https://bugs.webkit.org/show_bug.cgi?id=19539

        Fixes a bug where two consecutive lists are not merged if they have been converted
        from ordered/unordered lists inside another list.

        The bug was caused by InsertListCommand::doApply where it did not merge a newly inserted
        list element and its neighbors. This patch adds code to doApply so that after inserting
        the list element, it updates previousList and nextList to the outermost list elements around
        insertionPos under the same enclosing list. Because the next and the previous list elements
        are not necessarily visually next to the newly inserted element before moveParagraph moves
        the paragraph into the new list element, doApply merges lists after moveParagraph is called.

        Test: editing/execCommand/insert-lists-inside-another-list.html

        * editing/InsertListCommand.cpp:
        (WebCore::InsertListCommand::doApply): Modified as described above
        * editing/htmlediting.cpp:
        (WebCore::outermostEnclosingList): Added rootNode. Returns the outermost list element,
          which is a descendent of rootNode.
        * editing/htmlediting.h:

2010-04-20  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Darin Adler.

        https://bugs.webkit.org/show_bug.cgi?id=37776
        <rdar://problem/7877716> REGRESSION: When using dvorak, keydown/keyup reports qwerty keyCodes

        * platform/cocoa/KeyEventCocoa.mm: (WebCore::windowsKeyCodeForCharCode): Re-added mapping
        for Roman letters and punctuation.

        * platform/mac/KeyEventMac.mm: (WebCore::windowsKeyCodeForKeyEvent): Improved approximation
        of IE behavior. Keyboard layouts that change location of Roman letters (like AZERTY or Dvorak)
        also switch their keycodes. Also, restored Safari 4 behavior for punctuation. It's difficult
        to match Windows for punctuation exactly, because keyboard layouts make arbitrary changes
        to their keycodes.

2010-04-20  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by Darin Adler and Alexey Proskuryakov.

        A backslash in EUC-JP becomes to a yen sign when it is copied
        https://bugs.webkit.org/show_bug.cgi?id=36419

        Tests: editing/execCommand/transpose-backslash-with-euc.html
               editing/pasteboard/copy-backslash-with-euc.html

        * editing/Editor.cpp: Remove an unnecessary displayStringModifiedByEncoding calls.
        (WebCore::Editor::addToKillRing):
        * editing/TextIterator.cpp: TextIterator can use RenderText::textWithoutTranscoding and now plainText() uses this version
        (WebCore::TextIterator::TextIterator):
        (WebCore::TextIterator::init):
        (WebCore::TextIterator::emitText):
        (WebCore::plainTextToMallocAllocatedBuffer):
        * editing/TextIterator.h:
        (WebCore::):
        * platform/mac/PasteboardMac.mm: Remove an unnecessary displayStringModifiedByEncoding call.
        (WebCore::Pasteboard::writeSelection):
        * platform/text/TextEncoding.h: Make backslashAsCurrencySymbol public.
        * rendering/RenderText.cpp: Add RenderText::textWithoutTranscoding
        (WebCore::RenderText::RenderText):
        (WebCore::RenderText::updateNeedsTranscoding):
        (WebCore::RenderText::styleDidChange):
        (WebCore::isInlineFlowOrEmptyText):
        (WebCore::RenderText::previousCharacter):
        (WebCore::RenderText::setTextInternal):
        (WebCore::RenderText::textWithoutTranscoding):
        (WebCore::RenderText::transformText):
        * rendering/RenderText.h:
        * rendering/RenderTextControl.cpp: Remove an unnecessary displayStringModifiedByEncoding call.
        (WebCore::RenderTextControl::setInnerTextValue):
        (WebCore::RenderTextControl::finishText):
        * rendering/RenderTextFragment.cpp:
        (WebCore::RenderTextFragment::previousCharacter):
        * rendering/RenderTextFragment.h:

2010-04-20  Nate Chapin  <japhet@chromium.org>

        Reviewed by Dimitri Glazkov.

        https://bugs.webkit.org/show_bug.cgi?id=37367

        Fix style violations in code generated by CodeGeneratorV8.pm.

        * bindings/scripts/CodeGeneratorV8.pm:
        * bindings/v8/test/V8TestObj.cpp:
        * bindings/v8/test/V8TestObj.h:

2010-04-20  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57924.
        http://trac.webkit.org/changeset/57924
        https://bugs.webkit.org/show_bug.cgi?id=37898

        It broke 3-4 test on all bot (Requested by Ossy on #webkit).

        * page/AbstractView.idl:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::media):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Bug 37895 - Share common code from UStringImplBase with StringImpl
        Add forwarding header.

        * ForwardingHeaders/wtf/text/StringImplBase.h: Added.

2010-04-20  Adam Barth  <abarth@webkit.org>

        Unreviewed build fix fro Chromium.

        * loader/DocumentWriter.cpp:

2010-04-20  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Support live edit while on a breakpoint, preserve breakpoints when adding new lines.

        https://bugs.webkit.org/show_bug.cgi?id=37820

        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.editScriptLine.mycallback):
        (WebInspector.ScriptsPanel.prototype.editScriptLine):
        * inspector/front-end/TextViewer.js:
        (WebInspector.TextViewer.prototype._handleDoubleClick):
        (WebInspector.TextViewer.prototype._cancelEditingLine):

2010-04-20  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        Factor DocumentWriter out of FrameLoader
        https://bugs.webkit.org/show_bug.cgi?id=37175

        This patch separates the begin/write/end cycle of decoding network
        bytes and putting them into a document from the rest of the loading
        machinery.  The code and state required to write bytes into a document
        doesn't interact very much with the rest of the loading machinery.

        No tests because there is no behavior change (hopefully!).

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.base.exp:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):
        * dom/Document.cpp:
        (WebCore::Document::close):
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::checkStyleSheet):
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElementData::scriptCharset):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::process):
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::requestPreload):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::finishedLoading):
        (WebCore::DocumentLoader::setupForReplaceByMIMEType):
        * loader/DocumentWriter.cpp: Added.
        * loader/DocumentWriter.h: Added.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::init):
        (WebCore::FrameLoader::clear):
        (WebCore::FrameLoader::receivedFirstData):
        (WebCore::FrameLoader::setURL):
        (WebCore::FrameLoader::didBeginDocument):
        (WebCore::FrameLoader::didEndDocument):
        (WebCore::FrameLoader::willSetEncoding):
        (WebCore::FrameLoader::addData):
        (WebCore::FrameLoader::transitionToCommitted):
        (WebCore::FrameLoader::open):
        (WebCore::FrameLoader::finishedLoadingDocument):
        (WebCore::FrameLoader::addExtraFieldsToRequest):
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::writer):
        (WebCore::FrameLoader::isDisplayingInitialEmptyDocument):
        * loader/MediaDocument.cpp:
        (WebCore::MediaDocument::replaceMediaElementTimerFired):
        * loader/PluginDocument.cpp:
        (WebCore::PluginTokenizer::createDocumentStructure):
        * platform/network/FormDataBuilder.cpp:
        (WebCore::FormDataBuilder::dataEncoding):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::dataChanged):

2010-04-20  Kenneth Rohde Christiansen  <kenneth@webkit.org>

        Reviewed by Simon Fraser.

        Rename window.media to window.styleMedia
        https://bugs.webkit.org/show_bug.cgi?id=36187

        It has been defined that the AbstractView media extension
        defined in the CSSOM View spec should be renamed to styleMedia.
        This patch does that and updates the current layout tests
        making use of it.

        * page/AbstractView.idl:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::styleMedia):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2010-04-20  Timothy Hatcher  <timothy@apple.com>

        Fix matching of "file:///*" patterns by not trying to compare the host. The host is
        irrelevant for file URLs.

        Also fix comparisons to be case insensitive.

        https://bugs.webkit.org/show_bug.cgi?id=37889

        Reviewed by Dave Hyatt.

        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::parse): Use equalIgnoringCase when comparing for "file" schemes.
        (WebCore::UserContentURLPattern::matches): Use equalIgnoringCase when comparing schemes. Only call
        matchesHost if the scheme isn't "file".
        (WebCore::UserContentURLPattern::matchesHost): Call equalIgnoringCase when comparing hosts. The endsWith
        was already doing a case-insensitive compare, so existing tests worked though this path.

2010-04-20  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Adam Barth.

        Invalid cast due to <video> inside <foreignObject> inside <svg> inside <img>
        https://bugs.webkit.org/show_bug.cgi?id=37331

        Added a setting to enable/disable media per-page and have the SVGImage 
        disable media for its dummy page. Also found and fixed a related bad
        cast in the V8 bindings (JSC had a custom wrapper for this already).

        Tests: media/svg-as-image-with-media-blocked.html

        * dom/make_names.pl: Added media enabled check and V8 cast wrapper
        * page/Settings.cpp: Added m_isMediaEnabled (defaults to true)
        (WebCore::Settings::Settings):
        (WebCore::Settings::setMediaEnabled):
        * page/Settings.h:
        (WebCore::Settings::isMediaEnabled):
        * svg/graphics/SVGImage.cpp: Disables media in dummy page
        (WebCore::SVGImage::dataChanged):

2010-04-19  Antonio Gomes  <tonikitoo@webkit.org>

        Reviewed by Simon Fraser.

        Spatial Navigation: at @updateFocusCandidateIfCloser make an assignment shortcut when FocusCandidate is null
        https://bugs.webkit.org/show_bug.cgi?id=37802

        In updateFocusCandidateIfCloser method, we do all bail out checks in the begining of
        the method body. If after those bail out checks, no "best FocusCandidate" has been taken
        yet (i.e. focusCandidate.isNull() == true), we can safely take the current candidate,
        and exit earlier.

        No behavior change, it is just a safe assignment shortcut.

        * page/FocusController.cpp:
        (WebCore::updateFocusCandidateIfCloser):

2010-04-20  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Hook compositing layers together across iframes
        https://bugs.webkit.org/show_bug.cgi?id=37878
        
        First step: if an iframe's document goes into compositing mode, also throw the parent
        document into compositing mode (all the way up to the root). This is required both
        to preserve layering (since parent document content can obscure iframe content),
        and so that we can eventually hook the layer trees together.

        Test: compositing/iframes/composited-iframe.html

        * rendering/RenderIFrame.h:
        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::requiresLayer): In order to make an iframe composited, it also has to have
        a RenderLayer, so must return |true| from requiresLayer().
        (WebCore::RenderIFrame::requiresAcceleratedCompositing): Returns true if the content document
        is in compositing mode.
        (WebCore::RenderIFrame::isRenderIFrame): Required so that RenderLayerCompositor can check
        if a renderer is an iframe.
        (WebCore::toRenderIFrame): Required so that RenderLayerCompositor can cast to a RenderIFrame.

        * rendering/RenderLayerCompositor.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::enableCompositingMode): Call out to the RenderView when
        the compositing mode changes, so that the parent document can update its compositing status.
        (WebCore::RenderLayerCompositor::requiresCompositingLayer): Call requiresCompositingForIFrame().
        (WebCore::RenderLayerCompositor::requiresCompositingForIFrame): Check to see if the iframe
        wants to be composited.

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderIFrame): Base class returns false.

        * rendering/RenderView.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::compositingStateChanged): New method that allows an iframe to notify
        its parent document that a recalcStyle is required, to update compositing state.

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by NOBODY (build fix).
        Speculative tiger build fix.

        * WebCore.NPAPI.exp:
        * WebCore.PluginHostProcess.exp:
        * WebCore.base.exp:

2010-04-20  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: add basic script editing capabilities to the front-end.

        https://bugs.webkit.org/show_bug.cgi?id=37875

        * bindings/js/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::setBreakpoint):
        (WebCore::ScriptDebugServer::removeBreakpoint):
        * inspector/front-end/ScriptView.js:
        (WebInspector.ScriptView):
        (WebInspector.ScriptView.prototype._editLine):
        (WebInspector.ScriptView.prototype._editLineComplete):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype._resourceLoadingFinished):
        (WebInspector.ScriptsPanel.prototype.canEditScripts):
        (WebInspector.ScriptsPanel.prototype.editScriptLine):
        * inspector/front-end/SourceFrame.js:
        (WebInspector.SourceFrame):
        (WebInspector.SourceFrame.prototype.updateContent):
        (WebInspector.SourceFrame.prototype._createViewerIfNeeded):
        * inspector/front-end/TextEditorHighlighter.js:
        (WebInspector.TextEditorHighlighter):
        (WebInspector.TextEditorHighlighter.prototype.reset):
        * inspector/front-end/TextEditorModel.js:
        (WebInspector.TextEditorModel.prototype.copyRange):
        * inspector/front-end/TextViewer.js:
        (WebInspector.TextViewer):
        (WebInspector.TextViewer.prototype.set editCallback):
        (WebInspector.TextViewer.prototype._buildChunks):
        (WebInspector.TextViewer.prototype._handleKeyDown):
        (WebInspector.TextViewer.prototype._handleDoubleClick):
        (WebInspector.TextViewer.prototype._commitEditingLine):
        (WebInspector.TextViewer.prototype._cancelEditingLine):
        * inspector/front-end/inspector.js:
        (WebInspector.documentKeyDown):
        (WebInspector.log.logMessage):
        (WebInspector.log):
        (WebInspector.isEditingAnyField):
        (WebInspector.startEditing.cleanUpAfterEditing):

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Add forwarding header.

        * ForwardingHeaders/runtime/RopeImpl.h: Added.

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Geoff Garen.

        Bug 37828 - Move WebCore's String classes to WTF

        Move these classes up to WTF so they are available to all clients of WTF (in
        particular JSC).

        As a first patch, making the most minimal change possible, since this patch
        could easily grow rather large since we'll have to change every class forward
        declaration ( e.g. every "namespace WebCore { class String; }" much change to
        "namespace WTF { class String; }").

        Moving the files, but leaving the classes logically in the WebCore namespace -
        which is technically a layering violation - I'll come back and fix this up in a
        subsequent patch.

        * Android.mk:
        * ForwardingHeaders/wtf/StaticConstructors.h: Added.
        * ForwardingHeaders/wtf/text/AtomicString.h: Added.
        * ForwardingHeaders/wtf/text/AtomicStringImpl.h: Added.
        * ForwardingHeaders/wtf/text/StringBuffer.h: Added.
        * ForwardingHeaders/wtf/text/StringHash.h: Added.
        * ForwardingHeaders/wtf/text/StringImpl.h: Added.
        * ForwardingHeaders/wtf/text/WTFString.h: Added.
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/MediaFeatureNames.cpp:
        * dom/QualifiedName.cpp:
        * dom/make_names.pl:
        * platform/StaticConstructors.h: Removed.
        * platform/text/AtomicString.cpp: Removed.
        * platform/text/AtomicString.h:
        * platform/text/AtomicStringImpl.h:
        * platform/text/PlatformString.h:
        * platform/text/String.cpp:
        * platform/text/StringHash.h:
        * platform/text/StringImpl.cpp: Removed.
        * platform/text/StringImpl.h:

2010-04-20  Kent Tamura  <tkent@chromium.org>

        Reviewed by Darin Adler.

        Change a parameter type of chooseIconForFiles()
        https://bugs.webkit.org/show_bug.cgi?id=37504

        Change PassRefPtr<FileChooser> parameter of chooseIconForFiles()
        to FileChooser*. Though an implementation of chooseIconForFiles()
        might have ownership of the FileChooser instance, we don't need to
        use PassRefPtr<> in this case.

        * loader/EmptyClients.h:
        (WebCore::EmptyChromeClient::chooseIconForFiles):
        * page/Chrome.cpp:
        (WebCore::Chrome::chooseIconForFiles):
        * page/Chrome.h:
        * page/ChromeClient.h:

2010-04-20  Diego Escalante Urrelo  <descalante@igalia.com>

        Reviewed by Xan Lopez.

        [Gtk] Evaluate and create tests for all the AtkRole's implemented by
        WebKitGtk
        https://bugs.webkit.org/show_bug.cgi?id=34449

        Implement ATK_ROLE_FORM.

        * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
        (webkit_accessible_get_role):

2010-04-20  Martin Robinson  <mrobinson@webkit.org>

        Reviewed by Gustavo Noronha Silva.

        [GTK] Enable DOM clipboard and drag-and-drop access
        https://bugs.webkit.org/show_bug.cgi?id=30623

        Move most of the PasteboardHelper logic into WebCore. This helps
        prepare for WebKit2 and leads to a clearer separation of concerns
        between the WebKit and WebCore layers.

        No new tests as functionality has not changed.

        * GNUmakefile.am: Add PastboardHelper.cpp to list of sources.
        * platform/Pasteboard.h: Added a getter for the PasteboardHelper and made the member private.
        * platform/gtk/PasteboardGtk.cpp: Update PasteboardHelper method calls to use new naming.
        (WebCore::clipboard_get_contents_cb): Ditto.
        (WebCore::Pasteboard::helper): Added, member is now private.
        (WebCore::Pasteboard::writeURL): Ditto.
        (WebCore::Pasteboard::documentFragment): Update to reflect method renaming.
        (WebCore::Pasteboard::plainText): Ditto.
        * platform/gtk/PasteboardHelper.cpp: Added.
        (WebCore::PasteboardHelper::PasteboardHelper): Added.
        (WebCore::PasteboardHelper::~PasteboardHelper): Added.
        (WebCore::PasteboardHelper::initializeTargetList): Added, originally from WebKit.
        (WebCore::widgetFromFrame): Added helper function.
        (WebCore::PasteboardHelper::getCurrentClipboard): Added, originally from WebKit.
        (WebCore::PasteboardHelper::getClipboard): Ditto.
        (WebCore::PasteboardHelper::getPrimarySelectionClipboard): Ditto.
        (WebCore::PasteboardHelper::targetList): Ditto.
        (WebCore::PasteboardHelper::fillSelectionData): Ditto.
        (WebCore::PasteboardHelper::targetListForDataObject): Ditto.
        (WebCore::getClipboardContentsCallback): Ditto.
        (WebCore::clearClipboardContentsCallback): Ditto.
        (WebCore::PasteboardHelper::writeClipboardContents): Ditto.
        * platform/gtk/PasteboardHelper.h: Moved methods from WebKit to WebCore.

2010-04-20  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Anders Carlsson.

        backgroundColor is oddly indented in layer tree dump
        https://bugs.webkit.org/show_bug.cgi?id=37885

        The writeIndent() was mistakenly outside the LayerTreeAsTextDebug clause, causing indents
        to be written twice.
        
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::dumpProperties):

2010-04-20  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dimitri Glazkov.

        Clean up RenderPart/RenderPartObject/RenderFrame/RenderEmbeddedObject
        https://bugs.webkit.org/show_bug.cgi?id=37741

        RenderPartObject is a useless intermediate class between RenderPart and
        RenderEmbeddedObject, and we can now remove it. Its only method, viewCleared(),
        applies to objects and embeds when the content is a FrameView, so can move
        to RenderEmbeddedObject.

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
        (WebCore::RenderEmbeddedObject::requiresLayer):
        (WebCore::RenderEmbeddedObject::paint):
        (WebCore::RenderEmbeddedObject::viewCleared):
        * rendering/RenderEmbeddedObject.h:
        * rendering/RenderFrameBase.h:
        * rendering/RenderPart.cpp:
        (WebCore::RenderPart::RenderPart):
        * rendering/RenderPart.h:
        * rendering/RenderPartObject.cpp: Removed.
        * rendering/RenderPartObject.h: Removed.

2010-04-20  Robin Cao  <robin.webkit@gmail.com>

        Reviewed by Dirk Schulze.

        SVG no AnimateColor for stroke or fill if they are set to none on target.
        https://bugs.webkit.org/show_bug.cgi?id=36718

        SVGAnimateElement::resetToBaseValue reset 'm_propertyType' in the process of animation.
        This will cause problems when attributes 'fill' and 'stroke' have the value 'none', because in this case 
        the property type determined by base value may be different from the one determined by 'fromTo' values.

        No new tests. The test suite in svg/animation is not working for target element with attribute 'fill' set to 'none'.
        Now animateColor on target element with attributes 'fill' and 'stroke' set to 'none' is possible.

        * svg/SVGAnimateElement.cpp:
        (WebCore::SVGAnimateElement::calculateFromAndToValues):
        (WebCore::SVGAnimateElement::resetToBaseValue):

2010-04-20  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57892.
        http://trac.webkit.org/changeset/57892
        https://bugs.webkit.org/show_bug.cgi?id=37864

        Caused an assertion in Mac builds (Requested by smfr on
        #webkit).

        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::insideVisibleArea):
        * page/Frame.cpp:
        (WebCore::Frame::ownerRenderer):
        * page/Frame.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::~FrameView):
        (WebCore::FrameView::clear):
        (WebCore::FrameView::invalidateRect):
        (WebCore::FrameView::createScrollbar):
        * rendering/RenderFrameBase.h:
        * rendering/RenderObject.h:

2010-04-20  Jakub Wieczorek  <jwieczorek@webkit.org>

        Reviewed by Darin Adler.

        RenderListItem: change enclosingList() to only traverse the render tree.
        https://bugs.webkit.org/show_bug.cgi?id=37319

        This makes the function safe to use for items with nodes that are detached from
        the DOM tree and simplifies the code quite a bit.

        Covered by existing tests.

        * rendering/RenderListItem.cpp:
        (WebCore::enclosingList):
        (WebCore::previousListItem):
        (WebCore::RenderListItem::explicitValueChanged):

2010-04-20  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Clean up RenderPart/RenderPartObject/RenderFrame/RenderEmbeddedObject
        https://bugs.webkit.org/show_bug.cgi?id=37741

        Make Frame::ownerRenderer() return a RenderFrameBase* rather than a
        RenderPart*, and add the necessary toRenderFrameBase() and isRenderFrameBase().

        * WebCore.xcodeproj/project.pbxproj:
        * editing/Editor.cpp:
        (WebCore::Editor::insideVisibleArea):
        * page/Frame.cpp:
        (WebCore::Frame::ownerRenderer):
        * page/Frame.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::~FrameView):
        (WebCore::FrameView::clear):
        (WebCore::FrameView::invalidateRect):
        (WebCore::FrameView::createScrollbar):
        * rendering/RenderFrameBase.h:
        (WebCore::RenderFrameBase::isRenderFrameBase):
        (WebCore::toRenderFrameBase):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isRenderFrameBase):

2010-04-20  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Dimitri Glazkov.

        [chromium] Pressing tab now closes the select popup as it should.
        https://bugs.webkit.org/show_bug.cgi?id=37721

        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupListBox::handleKeyEvent):

2010-04-20  Yaar Schnitman  <yaar@chromium.org>

        Reviewed by Nate Chapin.

        Null value should be legit value for wrapped types. This requires some cleanup in canvas which was missing built-in null argument checks;
        https://bugs.webkit.org/show_bug.cgi?id=37810

        * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
        (WebCore::JSCanvasRenderingContext2D::drawImage): Passes ec to drawImage(3) too
        * bindings/scripts/CodeGeneratorV8.pm: A null value is now legit value for wrapped types.
        * bindings/v8/test/V8TestObj.cpp:
        (WebCore::TestObjInternal::overloadedMethodCallback):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage): Added null checks.
        (WebCore::CanvasRenderingContext2D::createPattern): Added null checks.
        * html/canvas/CanvasRenderingContext2D.h: Added needed raises "DOMException".
        * html/canvas/CanvasRenderingContext2D.idl: Added needed raises "DOMException".

2010-04-20  Evan Stade  <estade@chromium.org>

        Reviewed by David Levin.

        [chromium] crash when dragging images
        https://bugs.webkit.org/show_bug.cgi?id=37715

        NULL check the return value of nativeImageForCurrentFrame(),
        and NULL check Image just for good measure.

        Tested by new DragImageTest unit test.

        * platform/chromium/DragImageChromiumSkia.cpp:
        (WebCore::createDragImageFromImage):

2010-04-20  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        SVGResourceFilter needs to be moved to under Renderers
        https://bugs.webkit.org/show_bug.cgi?id=35320

        This patch adds a renderer for SVGFilterElement. SVGFilterElement is now independent
        from the SVGResources.
        A clean-up solves the dependencies between SVGFilterElement, the filter primitives
        and SVGResources. This shall make the filter code more readable and better maintable.
        The Filter primitives get dumped now, as long as they have externalRepresentation
        implemented.

        No behavior changes, so no new tests were added.

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::paint):
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::selfWillPaint):
        (WebCore::RenderSVGContainer::paint):
        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::paint):
        * rendering/RenderSVGResource.h:
        (WebCore::):
        (WebCore::RenderSVGResource::postApplyResource):
        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::applyResource):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceFilter.cpp: Added.
        (WebCore::RenderSVGResourceFilter::RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::~RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::invalidateClients):
        (WebCore::RenderSVGResourceFilter::invalidateClient):
        (WebCore::RenderSVGResourceFilter::buildPrimitives):
        (WebCore::RenderSVGResourceFilter::fitsInMaximumImageSize):
        (WebCore::RenderSVGResourceFilter::applyResource):
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        (WebCore::RenderSVGResourceFilter::resourceBoundingBox):
        * rendering/RenderSVGResourceFilter.h: Added.
        (WebCore::FilterData::FilterData):
        (WebCore::RenderSVGResourceFilter::renderName):
        (WebCore::RenderSVGResourceFilter::filterUnits):
        (WebCore::RenderSVGResourceFilter::primitiveUnits):
        (WebCore::RenderSVGResourceFilter::resourceType):
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::applyResource):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::applyResource):
        * rendering/RenderSVGResourceMasker.h:
        * rendering/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::selfWillPaint):
        (WebCore::RenderSVGRoot::paint):
        * rendering/RenderSVGText.cpp:
        * rendering/SVGRenderSupport.cpp:
        (WebCore::SVGRenderBase::prepareToRenderSVGContent):
        (WebCore::SVGRenderBase::finishRenderSVGContent):
        (WebCore::SVGRenderBase::filterBoundingBoxForRenderer):
        (WebCore::deregisterFromResources):
        * rendering/SVGRenderSupport.h:
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeStyle):
        (WebCore::writeSVGResource):
        (WebCore::writeResources):
        (WebCore::writeRenderResources):
        * rendering/SVGRootInlineBox.cpp:
        (WebCore::SVGRootInlineBoxPaintWalker::SVGRootInlineBoxPaintWalker):
        (WebCore::SVGRootInlineBox::paint):
        * svg/SVGFEBlendElement.cpp:
        (WebCore::SVGFEBlendElement::build):
        * svg/SVGFEBlendElement.h:
        * svg/SVGFEColorMatrixElement.cpp:
        (WebCore::SVGFEColorMatrixElement::build):
        * svg/SVGFEColorMatrixElement.h:
        * svg/SVGFEComponentTransferElement.cpp:
        (WebCore::SVGFEComponentTransferElement::build):
        * svg/SVGFEComponentTransferElement.h:
        * svg/SVGFECompositeElement.cpp:
        (WebCore::SVGFECompositeElement::build):
        * svg/SVGFECompositeElement.h:
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFEDiffuseLightingElement.h:
        * svg/SVGFEDisplacementMapElement.cpp:
        (WebCore::SVGFEDisplacementMapElement::build):
        * svg/SVGFEDisplacementMapElement.h:
        * svg/SVGFEFloodElement.cpp:
        (WebCore::SVGFEFloodElement::build):
        * svg/SVGFEFloodElement.h:
        * svg/SVGFEGaussianBlurElement.cpp:
        (WebCore::SVGFEGaussianBlurElement::build):
        * svg/SVGFEGaussianBlurElement.h:
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::build):
        * svg/SVGFEImageElement.h:
        * svg/SVGFEMergeElement.cpp:
        (WebCore::SVGFEMergeElement::build):
        * svg/SVGFEMergeElement.h:
        * svg/SVGFEMorphologyElement.cpp:
        (WebCore::SVGFEMorphologyElement::build):
        * svg/SVGFEMorphologyElement.h:
        * svg/SVGFEOffsetElement.cpp:
        (WebCore::SVGFEOffsetElement::build):
        * svg/SVGFEOffsetElement.h:
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/SVGFESpecularLightingElement.h:
        * svg/SVGFETileElement.cpp:
        (WebCore::SVGFETileElement::build):
        * svg/SVGFETileElement.h:
        * svg/SVGFETurbulenceElement.cpp:
        (WebCore::SVGFETurbulenceElement::build):
        * svg/SVGFETurbulenceElement.h:
        (WebCore::):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::createRenderer):
        * svg/SVGFilterElement.h:
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::setStandardAttributes):
        * svg/SVGFilterPrimitiveStandardAttributes.h:
        (WebCore::SVGFilterPrimitiveStandardAttributes::isFilterEffect):
        (WebCore::SVGFilterPrimitiveStandardAttributes::rendererIsNeeded):
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::invalidateResources):
        * svg/graphics/SVGResource.cpp:
        * svg/graphics/SVGResource.h:
        (WebCore::):
        (WebCore::SVGResource::isPaintServer):
        * svg/graphics/SVGResourceFilter.cpp: Removed.
        * svg/graphics/SVGResourceFilter.h: Removed.
        * svg/graphics/filters/SVGFEDisplacementMap.cpp:
        (WebCore::FEDisplacementMap::externalRepresentation):
        * svg/graphics/filters/SVGFilterBuilder.h:
        (WebCore::SVGFilterBuilder::namedEffects):

2010-04-20  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57880.
        http://trac.webkit.org/changeset/57880
        https://bugs.webkit.org/show_bug.cgi?id=37846

        Broke several bots, FEDisplacmentMap dumps includes pointers,
        no one noticed. Dirk will upload a new patch later. (Requested
        by WildFox on #webkit).

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::paint):
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::selfWillPaint):
        (WebCore::RenderSVGContainer::paint):
        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::paint):
        * rendering/RenderSVGResource.h:
        (WebCore::):
        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::applyResource):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceFilter.cpp: Removed.
        * rendering/RenderSVGResourceFilter.h: Removed.
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::applyResource):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::applyResource):
        * rendering/RenderSVGResourceMasker.h:
        * rendering/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::selfWillPaint):
        (WebCore::RenderSVGRoot::paint):
        * rendering/RenderSVGText.cpp:
        * rendering/SVGRenderSupport.cpp:
        (WebCore::SVGRenderBase::prepareToRenderSVGContent):
        (WebCore::SVGRenderBase::finishRenderSVGContent):
        (WebCore::SVGRenderBase::filterBoundingBoxForRenderer):
        (WebCore::deregisterFromResources):
        * rendering/SVGRenderSupport.h:
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeStyle):
        (WebCore::writeSVGResource):
        (WebCore::writeResources):
        (WebCore::writeRenderResources):
        * rendering/SVGRootInlineBox.cpp:
        (WebCore::SVGRootInlineBoxPaintWalker::SVGRootInlineBoxPaintWalker):
        (WebCore::SVGRootInlineBox::paint):
        * svg/SVGFEBlendElement.cpp:
        (WebCore::SVGFEBlendElement::build):
        * svg/SVGFEBlendElement.h:
        * svg/SVGFEColorMatrixElement.cpp:
        (WebCore::SVGFEColorMatrixElement::build):
        * svg/SVGFEColorMatrixElement.h:
        * svg/SVGFEComponentTransferElement.cpp:
        (WebCore::SVGFEComponentTransferElement::build):
        * svg/SVGFEComponentTransferElement.h:
        * svg/SVGFECompositeElement.cpp:
        (WebCore::SVGFECompositeElement::build):
        * svg/SVGFECompositeElement.h:
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFEDiffuseLightingElement.h:
        * svg/SVGFEDisplacementMapElement.cpp:
        (WebCore::SVGFEDisplacementMapElement::build):
        * svg/SVGFEDisplacementMapElement.h:
        * svg/SVGFEFloodElement.cpp:
        (WebCore::SVGFEFloodElement::build):
        * svg/SVGFEFloodElement.h:
        * svg/SVGFEGaussianBlurElement.cpp:
        (WebCore::SVGFEGaussianBlurElement::build):
        * svg/SVGFEGaussianBlurElement.h:
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::build):
        * svg/SVGFEImageElement.h:
        * svg/SVGFEMergeElement.cpp:
        (WebCore::SVGFEMergeElement::build):
        * svg/SVGFEMergeElement.h:
        * svg/SVGFEMorphologyElement.cpp:
        (WebCore::SVGFEMorphologyElement::build):
        * svg/SVGFEMorphologyElement.h:
        * svg/SVGFEOffsetElement.cpp:
        (WebCore::SVGFEOffsetElement::build):
        * svg/SVGFEOffsetElement.h:
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/SVGFESpecularLightingElement.h:
        * svg/SVGFETileElement.cpp:
        (WebCore::SVGFETileElement::build):
        * svg/SVGFETileElement.h:
        * svg/SVGFETurbulenceElement.cpp:
        (WebCore::SVGFETurbulenceElement::build):
        * svg/SVGFETurbulenceElement.h:
        (WebCore::):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::buildFilter):
        (WebCore::SVGFilterElement::canvasResource):
        * svg/SVGFilterElement.h:
        (WebCore::SVGFilterElement::rendererIsNeeded):
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::setStandardAttributes):
        * svg/SVGFilterPrimitiveStandardAttributes.h:
        (WebCore::SVGFilterPrimitiveStandardAttributes::isFilterEffect):
        (WebCore::SVGFilterPrimitiveStandardAttributes::rendererIsNeeded):
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::invalidateResources):
        * svg/graphics/SVGResource.cpp:
        * svg/graphics/SVGResource.h:
        (WebCore::):
        (WebCore::SVGResource::isFilter):
        * svg/graphics/SVGResourceFilter.cpp: Added.
        (WebCore::SVGResourceFilter::SVGResourceFilter):
        (WebCore::SVGResourceFilter::~SVGResourceFilter):
        (WebCore::SVGResourceFilter::filterBoundingBox):
        (WebCore::shouldProcessFilter):
        (WebCore::SVGResourceFilter::addFilterEffect):
        (WebCore::SVGResourceFilter::fitsInMaximumImageSize):
        (WebCore::SVGResourceFilter::prepareFilter):
        (WebCore::SVGResourceFilter::applyFilter):
        (WebCore::SVGResourceFilter::externalRepresentation):
        (WebCore::getFilterById):
        * svg/graphics/SVGResourceFilter.h: Added.
        (WebCore::SVGResourceFilter::create):
        (WebCore::SVGResourceFilter::resourceType):
        (WebCore::SVGResourceFilter::setFilterResolution):
        (WebCore::SVGResourceFilter::setHasFilterResolution):
        (WebCore::SVGResourceFilter::filterBoundingBoxMode):
        (WebCore::SVGResourceFilter::setFilterBoundingBoxMode):
        (WebCore::SVGResourceFilter::effectBoundingBoxMode):
        (WebCore::SVGResourceFilter::setEffectBoundingBoxMode):
        (WebCore::SVGResourceFilter::filterRect):
        (WebCore::SVGResourceFilter::setFilterRect):
        (WebCore::SVGResourceFilter::scaleX):
        (WebCore::SVGResourceFilter::scaleY):
        (WebCore::SVGResourceFilter::setFilterBoundingBox):
        (WebCore::SVGResourceFilter::builder):
        * svg/graphics/filters/SVGFilterBuilder.h:

2010-04-20  Dirk Schulze  <krit@webkit.org>

        Reviewed by Nikolas Zimmermann.

        SVGResourceFilter needs to be moved to under Renderers
        https://bugs.webkit.org/show_bug.cgi?id=35320

        This patch adds a renderer for SVGFilterElement. SVGFilterElement is now independent
        from the SVGResources.
        A clean-up solves the dependencies between SVGFilterElement, the filter primitives
        and SVGResources. This shall make the filter code more readable and better maintable.
        The Filter primitives get dumped now, as long as they have externalRepresentation
        implemented.

        No behavior changes, so no new tests were added.

        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::paint):
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::selfWillPaint):
        (WebCore::RenderSVGContainer::paint):
        * rendering/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::paint):
        * rendering/RenderSVGResource.h:
        (WebCore::):
        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::applyResource):
        * rendering/RenderSVGResourceClipper.h:
        * rendering/RenderSVGResourceFilter.cpp: Added.
        (WebCore::RenderSVGResourceFilter::RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::~RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::invalidateClients):
        (WebCore::RenderSVGResourceFilter::invalidateClient):
        (WebCore::RenderSVGResourceFilter::buildPrimitives):
        (WebCore::RenderSVGResourceFilter::fitsInMaximumImageSize):
        (WebCore::RenderSVGResourceFilter::applyResource):
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        (WebCore::RenderSVGResourceFilter::resourceBoundingBox):
        * rendering/RenderSVGResourceFilter.h: Added.
        (WebCore::FilterData::FilterData):
        (WebCore::RenderSVGResourceFilter::renderName):
        (WebCore::RenderSVGResourceFilter::filterUnits):
        (WebCore::RenderSVGResourceFilter::primitiveUnits):
        (WebCore::RenderSVGResourceFilter::resourceType):
        * rendering/RenderSVGResourceMarker.h:
        (WebCore::RenderSVGResourceMarker::applyResource):
        * rendering/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::applyResource):
        * rendering/RenderSVGResourceMasker.h:
        * rendering/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::selfWillPaint):
        (WebCore::RenderSVGRoot::paint):
        * rendering/RenderSVGText.cpp:
        * rendering/SVGRenderSupport.cpp:
        (WebCore::SVGRenderBase::prepareToRenderSVGContent):
        (WebCore::SVGRenderBase::finishRenderSVGContent):
        (WebCore::SVGRenderBase::filterBoundingBoxForRenderer):
        (WebCore::deregisterFromResources):
        * rendering/SVGRenderSupport.h:
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeStyle):
        (WebCore::writeSVGResource):
        (WebCore::writeResources):
        (WebCore::writeRenderResources):
        * rendering/SVGRootInlineBox.cpp:
        (WebCore::SVGRootInlineBoxPaintWalker::SVGRootInlineBoxPaintWalker):
        (WebCore::SVGRootInlineBox::paint):
        * svg/SVGFEBlendElement.cpp:
        (WebCore::SVGFEBlendElement::build):
        * svg/SVGFEBlendElement.h:
        * svg/SVGFEColorMatrixElement.cpp:
        (WebCore::SVGFEColorMatrixElement::build):
        * svg/SVGFEColorMatrixElement.h:
        * svg/SVGFEComponentTransferElement.cpp:
        (WebCore::SVGFEComponentTransferElement::build):
        * svg/SVGFEComponentTransferElement.h:
        * svg/SVGFECompositeElement.cpp:
        (WebCore::SVGFECompositeElement::build):
        * svg/SVGFECompositeElement.h:
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFEDiffuseLightingElement.h:
        * svg/SVGFEDisplacementMapElement.cpp:
        (WebCore::SVGFEDisplacementMapElement::build):
        * svg/SVGFEDisplacementMapElement.h:
        * svg/SVGFEFloodElement.cpp:
        (WebCore::SVGFEFloodElement::build):
        * svg/SVGFEFloodElement.h:
        * svg/SVGFEGaussianBlurElement.cpp:
        (WebCore::SVGFEGaussianBlurElement::build):
        * svg/SVGFEGaussianBlurElement.h:
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::build):
        * svg/SVGFEImageElement.h:
        * svg/SVGFEMergeElement.cpp:
        (WebCore::SVGFEMergeElement::build):
        * svg/SVGFEMergeElement.h:
        * svg/SVGFEMorphologyElement.cpp:
        (WebCore::SVGFEMorphologyElement::build):
        * svg/SVGFEMorphologyElement.h:
        * svg/SVGFEOffsetElement.cpp:
        (WebCore::SVGFEOffsetElement::build):
        * svg/SVGFEOffsetElement.h:
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/SVGFESpecularLightingElement.h:
        * svg/SVGFETileElement.cpp:
        (WebCore::SVGFETileElement::build):
        * svg/SVGFETileElement.h:
        * svg/SVGFETurbulenceElement.cpp:
        (WebCore::SVGFETurbulenceElement::build):
        * svg/SVGFETurbulenceElement.h:
        (WebCore::):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::createRenderer):
        * svg/SVGFilterElement.h:
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::setStandardAttributes):
        * svg/SVGFilterPrimitiveStandardAttributes.h:
        (WebCore::SVGFilterPrimitiveStandardAttributes::isFilterEffect):
        (WebCore::SVGFilterPrimitiveStandardAttributes::rendererIsNeeded):
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::invalidateResources):
        * svg/graphics/SVGResource.cpp:
        * svg/graphics/SVGResource.h:
        (WebCore::):
        (WebCore::SVGResource::isPaintServer):
        * svg/graphics/SVGResourceFilter.cpp: Removed.
        * svg/graphics/SVGResourceFilter.h: Removed.
        * svg/graphics/filters/SVGFilterBuilder.h:
        (WebCore::SVGFilterBuilder::namedEffects):

2010-04-20  Gavin Barraclough  <barraclough@apple.com>

        Rubber stamped by Maciej Stachowiak (relanding r57829).
        Added missing JS_EXPORTDATA

        * ForwardingHeaders/wtf/WTFThreadData.h: Copied from WebCore/ForwardingHeaders/wtf/WTFThreadData.h.
        * platform/ThreadGlobalData.cpp:
        (WebCore::ThreadGlobalData::ThreadGlobalData):
        (WebCore::ThreadGlobalData::~ThreadGlobalData):
        * platform/ThreadGlobalData.h:
        (WebCore::ThreadGlobalData::eventNames):
        * platform/text/AtomicString.cpp:
        (WebCore::AtomicStringTable::create):
        (WebCore::AtomicStringTable::table):
        (WebCore::AtomicStringTable::destroy):
        (WebCore::stringTable):

2010-04-20  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Antti Koivisto.

        [Qt] GraphicsLayer: support fill-modes
        https://bugs.webkit.org/show_bug.cgi?id=36216
        Implement the CSS-animation "fill mode" concept in GraphicsLayerQt. The concept
        enables a key-frame animation to go to the animation's starting point before the delay,
        and/or to stay at the animation's ending point after its ended, without reverting to the default
        value.
        We do that by manually setting the value to keyframe-0 before the delay if fill-mode is backwards/both,
        and manually modifying the default value to the animated value as we animate, with fill-mode forwards/both.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::AnimationQtBase::AnimationQtBase):
        (WebCore::TransformAnimationQt::~TransformAnimationQt):
        (WebCore::TransformAnimationQt::applyFrame):
        (WebCore::GraphicsLayerQt::addAnimation):

2010-04-19  Leandro Pereira  <leandro@profusion.mobi>

        Reviewed by David Hyatt.

        Add missing dummy implementations in PluginPackageNone and PluginViewNone.
        http://webkit.org/b/37478

        * plugins/PluginPackageNone.cpp:
        (WebCore::PluginPackage::NPVersion): Add dummy implementation.
        * plugins/PluginViewNone.cpp:
        (WebCore::PluginView::handleFocusInEvent): Add dummy implementation.
        (WebCore::PluginView::handleFocusOutEvent): Add dummy implementation.

2010-04-19  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Geoff Garen.

        Clean up RenderPart/RenderPartObject/RenderFrame/RenderEmbeddedObject
        https://bugs.webkit.org/show_bug.cgi?id=37741

        Move m_hasFallbackContent from RenderPart to RenderEmbeddedObject,
        since it's only used for <object> fallback.

        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
        * rendering/RenderEmbeddedObject.h:
        (WebCore::RenderEmbeddedObject::hasFallbackContent):
        * rendering/RenderPart.cpp:
        (WebCore::RenderPart::RenderPart):
        * rendering/RenderPart.h:

2010-04-19  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Darin Adler.

        Clean up RenderPart/RenderPartObject/RenderFrame/RenderEmbeddedObject
        https://bugs.webkit.org/show_bug.cgi?id=37741

        Add a new renderer for iframes, named RenderIFrame. Add a new shared base class
        between this and RenderFrame, called RenderFrameBase (following the existing HTMLFrameElementBase),
        and move code from RenderPart and RenderPartObject into these new classes.
        
        There should be no functionality difference with this change, so no new tests.
        
        Fixing up renderer names in the layout tests will be done in a later pass.
        
        Fix build systems to include the new files.
        
        * Android.mk:
        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLIFrameElement.cpp:
        (WebCore::HTMLIFrameElement::createRenderer):
        * rendering/RenderEmbeddedObject.h:
        * rendering/RenderFrame.cpp:
        (WebCore::RenderFrame::RenderFrame):
        * rendering/RenderFrame.h:
        * rendering/RenderFrameBase.cpp: Added.
        (WebCore::RenderFrameBase::RenderFrameBase):
        (WebCore::RenderFrameBase::layoutWithFlattening):
        * rendering/RenderFrameBase.h: Added.
        * rendering/RenderIFrame.cpp: Added.
        (WebCore::RenderIFrame::RenderIFrame):
        (WebCore::RenderIFrame::calcHeight):
        (WebCore::RenderIFrame::calcWidth):
        (WebCore::RenderIFrame::flattenFrame):
        (WebCore::RenderIFrame::layout):
        * rendering/RenderIFrame.h: Added.
        (WebCore::RenderIFrame::renderName):
        * rendering/RenderPart.cpp:
        * rendering/RenderPart.h:
        * rendering/RenderPartObject.cpp:
        * rendering/RenderPartObject.h:

2010-04-19  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Geoffrey Garen.

        Bindings clean-up.
        https://bugs.webkit.org/show_bug.cgi?id=37833

        Move some WebSQLDatabases logic out of the bindings into
        DOMWindow.cpp where it should be.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::openDatabase):
        * bindings/v8/custom/V8DOMWindowCustom.cpp:
        (WebCore::V8DOMWindow::openDatabaseCallback):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::openDatabase):

2010-04-19  Kevin Ollivier  <kevino@theolliviers.com>

        Fix the Mac builders for now by restoring the keepAlive function.

        * plugins/PluginViewNone.cpp:
        (WebCore::PluginView::keepAlive):

2010-04-19  Kevin Ollivier  <kevino@theolliviers.com>

        [wx] Build fix, remove a method that has been moved to PluginView.cpp.

        * plugins/PluginViewNone.cpp:

2010-04-19  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by NOBODY (rolling out r57829).
        This broke windows.

        * ForwardingHeaders/wtf/WTFThreadData.h: Removed.
        * platform/ThreadGlobalData.cpp:
        (WebCore::ThreadGlobalData::ThreadGlobalData):
        (WebCore::ThreadGlobalData::~ThreadGlobalData):
        * platform/ThreadGlobalData.h:
        (WebCore::ThreadGlobalData::atomicStringTable):
        * platform/text/AtomicString.cpp:
        (WebCore::stringTable):

2010-04-19  Mark Rowe  <mrowe@apple.com>

        Build fix.

        * platform/graphics/mac/GraphicsContext3DMac.cpp:

2010-04-19  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        AX: aria-haspopup needs to be exposed
        https://bugs.webkit.org/show_bug.cgi?id=37808

        Test: platform/mac/accessibility/element-haspopup.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::ariaHasPopup):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::ariaHasPopup):
        (WebCore::AccessibilityRenderObject::determineAriaRoleAttribute):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/mac/AccessibilityObjectWrapper.mm:
        (-[AccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
        (-[AccessibilityObjectWrapper accessibilityAttributeValue:]):

2010-04-19  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Fix a crash when rendering <select> elements with WebKit2.

        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuList):
        Set the current NSGraphicsContext before calling out to AppKit, otherwise the current graphics context
        could point to a CGContext whose memory has been freed.

2010-04-08  Dimitri Glazkov  <dglazkov@chromium.org>

        Reviewed by Darin Adler.

        Manipulating document fragment members while adding it to tree may result in loss of tree integrity.
        https://bugs.webkit.org/show_bug.cgi?id=36031

        Changes the logic of appending/inserting document fragment to first stashing all of its children
        to a vector, then processing the vector. This avoids ghastliness that would be caused by mutation
        events mucking with the document fragment while it's being appended/inserted.

        Test: fast/dom/Node/fragment-mutation.html

        * dom/ContainerNode.cpp:
        (WebCore::targetNodes): Added method to populate a vector of nodes (targets) to be used in
            inserting/appending operation.
        (WebCore::ContainerNode::insertBefore): Changed to use vector-based iteration.
        (WebCore::ContainerNode::appendChild): Ditto.
        * dom/Node.cpp:
        (WebCore::Node::checkReplaceChild): Cleaned up comments.
        (WebCore::Node::checkAddChild): Ditto.

2010-04-19  Eric Carlson  <eric.carlson@apple.com>

        Reviewed by Simon Fraser.

        Fix regression introduced in r57820.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::loadNextSourceChild): Create a new MediaPlayer instead of
        just setting a URL on the one used for the previous <source> element. This restores
        the behavior prior to the changes for https://bugs.webkit.org/show_bug.cgi?id=37728.

2010-04-19  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=37745
        Move string uniquing tables to (new) WTFThreadData class.

        Remove AtomicString's dependency on ThreadGlobalData so that we can move
        WebCore's string classes up to WTF.

        * ForwardingHeaders/wtf/WTFThreadData.h: Added.
        * platform/ThreadGlobalData.cpp: Remove m_atomicStringTable, all wtfThreadData() to ensure threadsafely initialized.
        (WebCore::ThreadGlobalData::ThreadGlobalData):
        (WebCore::ThreadGlobalData::~ThreadGlobalData):
        * platform/ThreadGlobalData.h: Remove m_atomicStringTable.
        (WebCore::ThreadGlobalData::eventNames):
        * platform/text/AtomicString.cpp:
        (WebCore::AtomicStringTable::create):
        (WebCore::AtomicStringTable::table):
        (WebCore::AtomicStringTable::destroy):
        (WebCore::stringTable): Access the AtomicStringTable on wtfThreadData() rather then threadGlobalData().

2010-04-19  Ada Chan  <adachan@apple.com>

        Build fix: wrap Settings::setLocalStorageQuota() and Settings::setSessionStorageQuota()
        in #if ENABLE(DOM_STORAGE).

        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        * page/Settings.h:

2010-04-19  Dave Moore  <davemoore@chromium.org>

        Reviewed by Dimitri Glazkov.

        Added notification when the favicons for a page are changed
        from a script.
        The Document object will notify the frame loader, which will
        notify the client. Implementations of FrameLoaderClient will
        have to add one method; dispatchDidChangeIcons().

        https://bugs.webkit.org/show_bug.cgi?id=33812

        Test: fast/dom/icon-url-property.html

        * dom/Document.cpp:
        (WebCore::Document::setIconURL):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::setIconURL):
        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::iconURL):
        * loader/EmptyClients.h:
        (WebCore::EmptyFrameLoaderClient::dispatchDidChangeIcons):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::setIconURL):
        (WebCore::FrameLoader::didChangeIcons):
        * loader/FrameLoader.h:
        * loader/FrameLoaderClient.h:

2010-04-19  Ada Chan  <adachan@apple.com>

        Reviewed by Jeremy Orlow.

        https://bugs.webkit.org/show_bug.cgi?id=37717
        Allow clients concerned with memory consumption to set a quota on session storage
        since the memory used won't be released until the Page is destroyed.
        The default is noQuota, which matches the current behavior.

        * WebCore.base.exp: Export Settings::setSessionStorageQuota().
        * page/Page.cpp:
        (WebCore::Page::sessionStorage):
        * page/Settings.cpp:
        (WebCore::Settings::Settings):
        (WebCore::Settings::setSessionStorageQuota):
        * page/Settings.h:
        (WebCore::Settings::sessionStorageQuota):
        * storage/StorageNamespace.cpp:
        (WebCore::StorageNamespace::sessionStorageNamespace):
        * storage/StorageNamespace.h:
        * storage/StorageNamespaceImpl.cpp:
        (WebCore::StorageNamespaceImpl::sessionStorageNamespace):
        * storage/StorageNamespaceImpl.h:

2010-04-19  Eric Carlson  <eric.carlson@apple.com>

        Reviewed by Simon Fraser.

        Setting media element 'src' attribute should trigger immediate load
        https://bugs.webkit.org/show_bug.cgi?id=37728

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::attributeChanged): Schedule load every time 'src' attribute
        changes unless it is missing.
        (WebCore::HTMLMediaElement::prepareForLoad): Include steps 3 to 6 from loadInternal.
        (WebCore::HTMLMediaElement::loadInternal): Steps 3 to 6 are now in prepareForLoad.
        (WebCore::HTMLMediaElement::loadResource): MediaPlayer is now allocated in prepareForLoad
        so the previously loading file, if any, is cancelled there.

2010-04-19  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>

        Reviewed by Simon Hausmann.

        [Qt] Fix compilation against namespaced Qt.

        * platform/graphics/GraphicsLayer.h:
        * platform/graphics/Tile.h:
        * platform/graphics/qt/MediaPlayerPrivateQt.h:
        * platform/network/qt/NetworkStateNotifierPrivate.h:

2010-04-19  Balazs Kelemen  <kb@inf.u-szeged.hu>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Destroy SharedTimerQt before destruction of QCoreApplication.

        To avoid unsafe situations caused by running WebCore code (through firing timers) when destruction of QCoreApplication
        has been started, we should explicitly destroy the SharedTimerQt instance on application exit.
        We can achieve that through installing a self-destroying slot for the QCoreApplication::aboutToQuit() signal
        into the SharedTimerQt instance.

        https://bugs.webkit.org/show_bug.cgi?id=36832

        No functional change so no new tests.

        * platform/qt/SharedTimerQt.cpp:
        (WebCore::SharedTimerQt::SharedTimerQt):
        (WebCore::SharedTimerQt::destroy):
        (WebCore::SharedTimerQt::inst):

2010-04-19  Dan Bernstein  <mitz@apple.com>

        Reviewed by Darin Adler.

        Make the fix for <rdar://problem/7873647> from r57759 more robust.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateHoverActiveState): Use RefPtrs for the Nodes.

2010-04-19  Yury Semikhatsky  <yurys@chromium.org>

        Unreviewed. Chromium build fix.

        * bindings/v8/JavaScriptCallFrame.h:

2010-04-19  Yury Semikhatsky  <yurys@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: implement JavaScriptCallFrame that works for v8.
        Implementing this binding for v8 allows to make evaluations on
        call frames and protects access to the debugger context from
        inspected context.

        https://bugs.webkit.org/show_bug.cgi?id=37755

        * WebCore.gyp/WebCore.gyp:
        * WebCore.gypi:
        * bindings/js/JSJavaScriptCallFrameCustom.cpp:
        (WebCore::JSJavaScriptCallFrame::scopeType):
        * bindings/v8/JavaScriptCallFrame.cpp: Added.
        (WebCore::JavaScriptCallFrame::JavaScriptCallFrame):
        (WebCore::JavaScriptCallFrame::~JavaScriptCallFrame):
        (WebCore::JavaScriptCallFrame::caller):
        (WebCore::JavaScriptCallFrame::sourceID):
        (WebCore::JavaScriptCallFrame::line):
        (WebCore::JavaScriptCallFrame::functionName):
        (WebCore::JavaScriptCallFrame::scopeChain):
        (WebCore::JavaScriptCallFrame::scopeType):
        (WebCore::JavaScriptCallFrame::thisObject):
        (WebCore::JavaScriptCallFrame::evaluate):
        * bindings/v8/JavaScriptCallFrame.h: Added.
        (WebCore::JavaScriptCallFrame::create):
        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::currentCallFrame):
        * bindings/v8/ScriptDebugServer.h:
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::V8InjectedScriptHost::currentCallFrameCallback):
        * bindings/v8/custom/V8JavaScriptCallFrameCustom.cpp: Added.
        (WebCore::V8JavaScriptCallFrame::evaluateCallback):
        (WebCore::V8JavaScriptCallFrame::scopeChainAccessorGetter):
        (WebCore::V8JavaScriptCallFrame::scopeTypeCallback):
        (WebCore::V8JavaScriptCallFrame::thisObjectAccessorGetter):
        (WebCore::V8JavaScriptCallFrame::typeAccessorGetter):
        * inspector/JavaScriptCallFrame.idl:
        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor.):

2010-04-19  Jessie Berlin  <jberlin@webkit.org>

        Rubber Stamped by Adam Roben

        Chromium Release Build Fix.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        In the case where the DATALIST is not enabled, fall through to NOPSEUDO instead of omitting PseudoInputListButton entirely from the switch.

2010-04-19  Jessie Berlin  <jberlin@webkit.org>

        Reviewed by Dave Hyatt.

        First steps towards fixing bug 24021 - pseudo-element styles not accessible / retrievable via DOM methods.
        https://bugs.webkit.org/show_bug.cgi?id=24021

        Allows access to the computed styles for the pseudo-elements through the second argument to getComputedStyle.
        This approach does not provide the correct values for 'length' properties and does not work for the ':selection' pseudo-element and will instead return results similiar to those returned by Firefox. This approach also requires waiting until at least one iteration of a hardware accelerated composited animation to return the correct values for the "opacity" and "transform" properties of a pseudo-element associated with the element being animated.
        Those values need to be retrieved from the renderer for the pseudo-element as opposed to the cached RenderStyle for the element on which the pseudo-element is defined, which is further complicated by the fact that not all elements have renderers.

        Test: fast/css/getComputedStyle/getComputedStyle-with-pseudo-element.html

        * WebCore.base.exp:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
        Parse the and store the pseudo-element specifier from the string provided by the user.
        (WebCore::CSSComputedStyleDeclaration::getFontSizeCSSValuePreferringKeyword):
        Get the computed style for the pseudo-element if it has been specified.
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        Get the computed style for the pseudo-element if it has been specified, with a FIXME noting that the values returned for the "opacity" and "transform" properties of a pseudo-element associated with an element being animated and using hardware accelerated compositing will not be correct until after the first iteration of the animation.
        (WebCore::CSSComputedStyleDeclaration::length):
        Get the computed style for the pseudo-element if it has been specified.
        (WebCore::CSSComputedStyleDeclaration::cssPropertyMatches):
        Ditto.
        * css/CSSComputedStyleDeclaration.h:
        (WebCore::computedStyle):
        Take into consideration the pseudo-element.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::pseudoId):
        Return the PseudoId that corresponds to the given PseudoType. If there is no corresponding PseudoId, returns NOPSEUDO.
        (WebCore::nameToPseudoTypeMap):
        Create and return the mapping between string names and PseudoTypes.
        (WebCore::CSSSelector::parsePseudoType):
        Parse and the given string into a PseudoType.
        (WebCore::CSSSelector::extractPseudoType):
        Refactored to use parsePseudoType.
        * css/CSSSelector.h:

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::SelectorChecker::checkOneSelector):
        Refactored to use pseudoId.

        * dom/Element.cpp:
        (WebCore::Element::computedStyle):
        If the pseudo-element is specified, then return the cached RenderStyle for that PseudoId. Added a FIXME to find the actual renders of the pseudo-elements instead of just the cached RenderStyle of the RenderStyle for the associated element.
        * dom/Element.h:
        (WebCore::Element::virtualComputedStyle):
        Because Element::computedStyle is used so often, don't make it virtual. Instead, provide a virtualComputedStyle method in the Node.h class andmake computedStyle non-virtual. That way the Element version and the Node version of computedStyle will have the same name and look the same at the call site, but the Element version will be more efficient.

        * dom/Node.h:
        (WebCore::Node::computedStyle):
        Ditto.
        * dom/Node.cpp:
        (WebCore::Node::virtualComputedStyle):
        Get the computed style for the pseudo-element if it has been specified.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::getComputedStyle):
        Ditto.

2010-04-18  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Laszlo Gombos.

        [Qt] Fix JavaScriptCore's include path for WinCE builds

        https://bugs.webkit.org/show_bug.cgi?id=36751

        * WebCore.pro:

2010-04-17  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Adam Barth.

        https://bugs.webkit.org/show_bug.cgi?id=37720
        <rdar://problem/7873752> HTMLFrameSetElement-window-eventListener-attributes.html sometimes
        crashes on SnowLeopard Release

        Tests: 
        * fast/dom/Window/HTMLBodyElement-window-eventListener-attributes.html:
        * fast/dom/Window/HTMLFrameSetElement-window-eventListener-attributes.html:

        * bindings/scripts/CodeGeneratorJS.pm: Use global object as a wrapper for window event
        listeners set via document.body. The body wrapper can go away if nothing else references it.

        * html/HTMLBodyElement.idl: Override listeners that exist on Element with custom implementations,
        because we need to use window object as a wrapper, not the element. Marked all window event
        listeners as such for code generator.

        * html/HTMLFrameSetElement.idl: Ditto.

2010-04-17  Juan C. Montemayor  <jmonte03@cs.tufts.edu>

        Reviewed by Joseph Pecoraro.

        Databases pane doesn't recognize table creation/deletion
        https://bugs.webkit.org/show_bug.cgi?id=20219

        * inspector/front-end/DatabaseQueryView.js:
        (WebInspector.DatabaseQueryView.prototype._queryFinished):

2010-04-17  Yaar Schnitman  <yaar@chromium.org>

        Reviewed by Adam Barth.

        Auto-generate V8 bindings for canvas.* overloads
        https://bugs.webkit.org/show_bug.cgi?id=37453

        * bindings/v8/custom/V8CanvasRenderingContext2DCustom.cpp: Deleted custom code that is now auto-generated.
        * bindings/scripts/CodeGeneratorV8.pm: Not generating custom signatures for overloaded methods and accepting Object as a string input.
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage): Added missing 9-arguments overloads for drawImage.
        * html/canvas/CanvasRenderingContext2D.h: 
        * html/canvas/CanvasRenderingContext2D.idl: Overloaded methods defined (V8 only).

2010-04-17  Yury Semikhatsky  <yurys@chromium.org>

        Reviewed by Pavel Feldman.

        Web Inspector: move JavaScriptCallFrame.{h,cpp} to WebCore/bindings/js

        https://bugs.webkit.org/show_bug.cgi?id=37740

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JavaScriptCallFrame.cpp: Renamed from WebCore/inspector/JavaScriptCallFrame.cpp.
        (WebCore::JavaScriptCallFrame::JavaScriptCallFrame):
        (WebCore::JavaScriptCallFrame::caller):
        (WebCore::JavaScriptCallFrame::scopeChain):
        (WebCore::JavaScriptCallFrame::dynamicGlobalObject):
        (WebCore::JavaScriptCallFrame::functionName):
        (WebCore::JavaScriptCallFrame::type):
        (WebCore::JavaScriptCallFrame::thisObject):
        (WebCore::JavaScriptCallFrame::evaluate):
        * bindings/js/JavaScriptCallFrame.h: Renamed from WebCore/inspector/JavaScriptCallFrame.h.
        (WebCore::JavaScriptCallFrame::create):
        (WebCore::JavaScriptCallFrame::invalidate):
        (WebCore::JavaScriptCallFrame::isValid):
        (WebCore::JavaScriptCallFrame::sourceID):
        (WebCore::JavaScriptCallFrame::line):
        (WebCore::JavaScriptCallFrame::update):
        * inspector/InjectedScriptHost.h:
        * inspector/InspectorController.h:

2010-04-17  Vangelis Kokkevis  <vangelis@chromium.org>

        Reviewed by Dimitri Glazkov.

        Adding definition of GLES2Context class.
        https://bugs.webkit.org/show_bug.cgi?id=37541

        No new functionality implemented yet, no tests.

        * WebCore.gypi: Added GLES2Context.h
        * platform/chromium/GLES2Context.h: Added.

2010-04-17  Julien Chaffraix  <jchaffraix@webkit.org>

        Reviewed by Darin Adler.

        Crash while handling SVG font in the wrong namespace imported with @font-face
        https://bugs.webkit.org/show_bug.cgi?id=18862

        Test: fast/invalid/invalidSVGFont.html

        * loader/CachedFont.cpp:
        (WebCore::CachedFont::getSVGFontById): Make sure we really get an SVGFontElement by using
        getElementsByNameNS: the element factory chooses which element to create based on both
        localName and namespace.

2010-04-16  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57770.
        http://trac.webkit.org/changeset/57770
        https://bugs.webkit.org/show_bug.cgi?id=37746

        8 test cases crashed (Requested by Ossy on #webkit).

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::AnimationQtBase::AnimationQtBase):
        (WebCore::TransformAnimationQt::~TransformAnimationQt):
        (WebCore::TransformAnimationQt::applyFrame):
        (WebCore::OpacityAnimationQt::applyFrame):
        (WebCore::GraphicsLayerQt::addAnimation):

2010-04-16  Daniel Bates  <dbates@rim.com>

        Reviewed by Adam Treat.

        https://bugs.webkit.org/show_bug.cgi?id=36312

        Adds support for the viewport meta tag. The code is largely derived in whole
        or in part from the WebCore-528.15 source published as part of the iPhone 3.1.3
        source code <http://www.opensource.apple.com/source/WebCore/WebCore-528.15/>.

        * Android.mk: Added file ViewportArguments.cpp.
        * GNUmakefile.am: Added files ViewportArguments.cpp and ViewportArguments.h.
        * WebCore.gypi: Ditto.
        * WebCore.pro: Ditto.
        * WebCore.vcproj/WebCore.vcproj: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * dom/Document.cpp:
        (WebCore::isSeparator): Added.
        (WebCore::Document::processArguments): Added.
        (WebCore::Document::processViewport): Added.
        * dom/Document.h:
        * dom/ViewportArguments.cpp: Added.
        (WebCore::setViewportFeature):
        (WebCore::viewportErrorMessageTemplate):
        (WebCore::viewportErrorMessageLevel):
        (WebCore::reportViewportWarning):
        * dom/ViewportArguments.h: Added.
        (WebCore::):
        (WebCore::ViewportArguments::):
        (WebCore::ViewportArguments::ViewportArguments):
        (WebCore::ViewportArguments::hasCustomArgument):
        * html/HTMLMetaElement.cpp:
        (WebCore::HTMLMetaElement::process): Modified to call Document::processViewport.
        * page/ChromeClient.h:
        (WebCore::ChromeClient::didReceiveViewportArguments): Added.

2010-04-16  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Antti Koivisto.

        [Qt] GraphicsLayer: support fill-modes
        https://bugs.webkit.org/show_bug.cgi?id=36216
        Implement the CSS-animation "fill mode" concept in GraphicsLayerQt. The concept
        enables a key-frame animation to go to the animation's starting point before the delay,
        and/or to stay at the animation's ending point after its ended, without reverting to the default
        value.
        We do that by manually setting the value to keyframe-0 before the delay if fill-mode is backwards/both,
        and manually modifying the default value to the animated value as we animate, with fill-mode forwards/both.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::AnimationQtBase::AnimationQtBase):
        (WebCore::TransformAnimationQt::~TransformAnimationQt):
        (WebCore::TransformAnimationQt::applyFrame):
        (WebCore::GraphicsLayerQt::addAnimation):

2010-04-16  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by NOBODY (arm build fix).

        * bindings/js/JSDesktopNotificationsCustom.cpp:
        (WebCore::JSNotification::addEventListener):
        (WebCore::JSNotification::removeEventListener):

2010-04-16  Dmitry Titov  <dimich@chromium.org>

        Reviewed by Yury Semikhatsky.

        [v8] In Workers, script errors right after close() are not delivered to the Worker.onerror.
        https://bugs.webkit.org/show_bug.cgi?id=37691

        Existing worker-close.html will now work in Chromium.

        * bindings/v8/V8Utilities.cpp:
        (WebCore::getScriptExecutionContext): Stop using proxy() to just retrieve WorkerContext which should be always available.
        * bindings/v8/WorkerContextExecutionProxy.h: removed workerContext() accessor which moved to WorkerScriptController.
        * bindings/v8/WorkerScriptController.h:
        (WebCore::WorkerScriptController::workerContext): Added, to be able to pull WorkerContext out from the controller.

2010-04-16  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig.

        https://bugs.webkit.org/show_bug.cgi?id=37735
        Remove JSC specific code from WebCore::AtomicString

        Add generic constructor/add/find methods that take a UChar* & length, along
        with a known existing hash for the string.
        This removes the remaining JSC specific code from platform/text.

        * bindings/js/JSAbstractWorkerCustom.cpp:
        (WebCore::JSAbstractWorker::addEventListener):
        (WebCore::JSAbstractWorker::removeEventListener):
        * bindings/js/JSDOMApplicationCacheCustom.cpp:
        (WebCore::JSDOMApplicationCache::addEventListener):
        (WebCore::JSDOMApplicationCache::removeEventListener):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::ustringToAtomicString):
        (WebCore::identifierToAtomicString):
        (WebCore::findAtomicString):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::childFrameGetter):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
        (WebCore::JSDOMWindow::open):
        (WebCore::JSDOMWindow::addEventListener):
        (WebCore::JSDOMWindow::removeEventListener):
        * bindings/js/JSElementCustom.cpp:
        (WebCore::JSElement::setAttribute):
        (WebCore::JSElement::setAttributeNS):
        * bindings/js/JSEventSourceCustom.cpp:
        (WebCore::JSEventSource::addEventListener):
        (WebCore::JSEventSource::removeEventListener):
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::getNamedItems):
        (WebCore::JSHTMLAllCollection::canGetItemsForName):
        * bindings/js/JSHTMLCollectionCustom.cpp:
        (WebCore::getNamedItems):
        (WebCore::JSHTMLCollection::canGetItemsForName):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::canGetItemsForName):
        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::canGetItemsForName):
        (WebCore::JSHTMLFormElement::nameGetter):
        * bindings/js/JSHTMLFrameSetElementCustom.cpp:
        (WebCore::JSHTMLFrameSetElement::canGetItemsForName):
        (WebCore::JSHTMLFrameSetElement::nameGetter):
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::JSMessageEvent::initMessageEvent):
        * bindings/js/JSMessagePortCustom.cpp:
        (WebCore::JSMessagePort::addEventListener):
        (WebCore::JSMessagePort::removeEventListener):
        * bindings/js/JSMimeTypeArrayCustom.cpp:
        (WebCore::JSMimeTypeArray::canGetItemsForName):
        (WebCore::JSMimeTypeArray::nameGetter):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::JSNode::addEventListener):
        (WebCore::JSNode::removeEventListener):
        * bindings/js/JSNodeListCustom.cpp:
        (WebCore::JSNodeList::canGetItemsForName):
        (WebCore::JSNodeList::nameGetter):
        * bindings/js/JSPluginArrayCustom.cpp:
        (WebCore::JSPluginArray::canGetItemsForName):
        (WebCore::JSPluginArray::nameGetter):
        * bindings/js/JSPluginCustom.cpp:
        (WebCore::JSPlugin::canGetItemsForName):
        (WebCore::JSPlugin::nameGetter):
        * bindings/js/JSPopStateEventCustom.cpp:
        (WebCore::JSPopStateEvent::initPopStateEvent):
        * bindings/js/JSSVGElementInstanceCustom.cpp:
        (WebCore::JSSVGElementInstance::addEventListener):
        (WebCore::JSSVGElementInstance::removeEventListener):
        * bindings/js/JSWebSocketCustom.cpp:
        (WebCore::JSWebSocket::addEventListener):
        (WebCore::JSWebSocket::removeEventListener):
        * bindings/js/JSWorkerContextCustom.cpp:
        (WebCore::JSWorkerContext::addEventListener):
        (WebCore::JSWorkerContext::removeEventListener):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::setRequestHeader):
        (WebCore::JSXMLHttpRequest::getResponseHeader):
        (WebCore::JSXMLHttpRequest::addEventListener):
        (WebCore::JSXMLHttpRequest::removeEventListener):
        * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
        (WebCore::JSXMLHttpRequestUpload::addEventListener):
        (WebCore::JSXMLHttpRequestUpload::removeEventListener):
        * platform/text/AtomicString.cpp:
        (WebCore::AtomicString::add):
        (WebCore::AtomicString::find):
        * platform/text/AtomicString.h:
        (WebCore::AtomicString::AtomicString):

2010-04-16  Fumitoshi Ukai  <ukai@chromium.org>

        Reviewed by Alexey Proskuryakov.

        WebSocket crash when it receives bad header.
        https://bugs.webkit.org/show_bug.cgi?id=37682

        If name or value is not valid UTF-8, nameStr or valueStr would be
        null string, so crashed in headers->add(nameStr, valueStr).
        Check both nameStr and valueStr are not null string.
        Otherwise handshake will fail.

        Test: websocket/tests/bad-handshake-crash.html

        * websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::readHTTPHeaders): check nameStr and valueStr are not null string.

2010-04-16  Dan Bernstein  <mitz@apple.com>

        Reviewed by Simon Fraser.

        <rdar://problem/7873647> Crash when updating hover state

        Test: fast/dynamic/hover-style-recalc-crash.html

        Updating the hover state of an element caused the document to need style
        recalc, and then updating the hover state of a link caused style recalc,
        which changed the render tree while updateHoverActiveState() was iterating
        over it, leading to a crash.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::updateHoverActiveState): Collect the nodes to be
        updated into vectors, then update their active and hover states.

2010-04-16  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Alexey Proskuryakov.

        Make Safari correctly allocate 5MB of DB storage to all new
        origins.
        https://bugs.webkit.org/show_bug.cgi?id=36671

        Eric fixed the same problem in
        DatabaseTracker::fullPathForDatabaseNoLock() in r57128, but forgot
        to fix it in DatabaseTracker::detailsForNameAndOrigin() too.

        * storage/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::detailsForNameAndOrigin):

2010-04-16  Kinuko Yasuda  <kinuko@chromium.org>

        Reviewed by Jian Li.

        Implement FileStreamProxy that calls FileStream methods on FileThread for FileAPI
        https://bugs.webkit.org/show_bug.cgi?id=37218

        No new tests; tests will be added when we add upper layer implementations.

        * GNUmakefile.am:
        * WebCore.gypi:
        * WebCore.pro:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * html/FileStream.cpp:
        (WebCore::FileStream::stop):
        * html/FileStream.h:
        * html/FileStreamClient.h:
        (WebCore::FileStreamClient::didStop):
        * html/FileStreamProxy.cpp: Added
        * html/FileStreamProxy.h: Added
        * html/FileThreadTask.h: Added

2010-04-16  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Oliver Hunt.

        Bug 37730 - Remove JSC::UString dependencies from WebCore::StringImpl
        (Following on from bug #37675).

        Remove ustring() method, and constructor passed a UString.

        * WebCore.base.exp:
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::stringimplToUString):
        (WebCore::jsStringSlowCase):
        (WebCore::ustringToString):
        (WebCore::stringToUString):
        (WebCore::identifierToString):
        * bindings/js/JSDOMBinding.h:
        (WebCore::jsString):
        * platform/text/AtomicString.cpp:
        (WebCore::AtomicString::operator UString):
        * platform/text/StringImpl.cpp:
        (WebCore::StringImpl::create):
        * platform/text/StringImpl.h:

2010-04-16  Jarkko Sakkinen  <jarkko.j.sakkinen@gmail.com>
 
        Reviewed by Simon Hausmann.
 
        [Qt] WebGL is not visible when QGLWidget viewport is used
        https://bugs.webkit.org/show_bug.cgi?id=37070
 
        Added HostWindow parameter to the constructor of GraphicsContext3D.
        Shared OpenGL context is initialized with parent QGLWidget.
 
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::create):
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/mac/GraphicsContext3DMac.cpp:
        (WebCore::GraphicsContext3D::create):
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        * platform/graphics/qt/GraphicsContext3DQt.cpp:
        (WebCore::GraphicsContext3DInternal::GraphicsContext3DInternal):
        (WebCore::GraphicsContext3DInternal::~GraphicsContext3DInternal):
        (WebCore::GraphicsContext3DInternal::getOwnerGLWidget):
        (WebCore::GraphicsContext3D::create):
        (WebCore::GraphicsContext3D::GraphicsContext3D):

2010-04-16  Jarkko Sakkinen  <jarkko.j.sakkinen@gmail.com>

        Reviewed by Simon Hausmann.

        [Qt] WebKit compilation fails with --3d-canvas
        https://bugs.webkit.org/show_bug.cgi?id=37699 
        
        API for readPixels() has been changed. 

        * platform/graphics/qt/GraphicsContext3DQt.cpp:
        (WebCore::GraphicsContext3D::readPixels):

2010-04-16  No'am Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Antti Koivisto.

        [Qt]QtLauncher crash on page with CSS 3D transform
        https://bugs.webkit.org/show_bug.cgi?id=36859

        Added a neccessary null-pointer check, lack of which created the crash circumstances.

        Tested by http://css-vfx.googlecode.com/svn/trunk/snowstack/snowstack.html

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::GraphicsLayerQtImpl::flushChanges):

2010-04-16  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Make sure to update the current graphics context when calling out to AppKit.

        * platform/mac/ThemeMac.mm:
        (WebCore::paintCheckbox):
        (WebCore::paintRadio):

2010-04-15  Gavin Barraclough  <barraclough@apple.com>

        Reviewed by Sam Weinig & Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=37675
        Remove casts/constructors to/from JSC::UString type from WebCore::String
        
        WebCore's strings should not know about JSC::UString, this should be abstracted
        away in the bindings.  Add explicit conversion methods rather than relying on
        overloaded cast operators / constructors being implicitly called.

        This patch only changes the class String, once this has landed StringImpl, and
        hopefully AtomicString too, should follow suit.

        This patch adds:
            WebCore::identifierToString
            WebCore::ustringToString
            WebCore::stringToUString

        - to JSDOMBindings.h, and updates code to call these methods.

        * WebCore.base.exp:
        * WebCore.order:
        * bindings/js/CachedScriptSourceProvider.h:
        (WebCore::CachedScriptSourceProvider::CachedScriptSourceProvider):
        * bindings/js/JSAudioConstructor.cpp:
        (WebCore::constructAudio):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::JSCSSStyleDeclaration::nameGetter):
        * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
        (WebCore::toHTMLCanvasStyle):
        (WebCore::JSCanvasRenderingContext2D::setFillColor):
        (WebCore::JSCanvasRenderingContext2D::setStrokeColor):
        (WebCore::JSCanvasRenderingContext2D::drawImageFromRect):
        (WebCore::JSCanvasRenderingContext2D::setShadow):
        (WebCore::JSCanvasRenderingContext2D::fillText):
        (WebCore::JSCanvasRenderingContext2D::strokeText):
        * bindings/js/JSClipboardCustom.cpp:
        (WebCore::JSClipboard::types):
        (WebCore::JSClipboard::clearData):
        (WebCore::JSClipboard::getData):
        (WebCore::JSClipboard::setData):
        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::identifierToString):
        (WebCore::ustringToString):
        (WebCore::stringToUString):
        (WebCore::valueToStringWithNullCheck):
        (WebCore::valueToStringWithUndefinedOrNullCheck):
        (WebCore::reportException):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMFormDataCustom.cpp:
        (WebCore::JSDOMFormData::append):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::namedItemGetter):
        (WebCore::JSDOMWindow::setLocation):
        (WebCore::JSDOMWindow::openDatabase):
        * bindings/js/JSDatabaseCustom.cpp:
        (WebCore::JSDatabase::changeVersion):
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::setLocation):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSEventSourceConstructor.cpp:
        (WebCore::constructEventSource):
        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        * bindings/js/JSHTMLCanvasElementCustom.cpp:
        (WebCore::JSHTMLCanvasElement::getContext):
        * bindings/js/JSHTMLCollectionCustom.cpp:
        (WebCore::callHTMLCollection):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::nameGetter):
        (WebCore::documentWrite):
        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        * bindings/js/JSInspectorFrontendHostCustom.cpp:
        (WebCore::JSInspectorFrontendHost::showContextMenu):
        * bindings/js/JSLazyEventListener.cpp:
        (WebCore::JSLazyEventListener::initializeJSFunction):
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::setHref):
        (WebCore::JSLocation::setProtocol):
        (WebCore::JSLocation::setHost):
        (WebCore::JSLocation::setHostname):
        (WebCore::JSLocation::setPathname):
        (WebCore::JSLocation::setSearch):
        (WebCore::JSLocation::setHash):
        (WebCore::JSLocation::replace):
        (WebCore::JSLocation::assign):
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::JSMessageEvent::initMessageEvent):
        * bindings/js/JSNamedNodeMapCustom.cpp:
        (WebCore::JSNamedNodeMap::canGetItemsForName):
        (WebCore::JSNamedNodeMap::nameGetter):
        * bindings/js/JSOptionConstructor.cpp:
        (WebCore::constructHTMLOptionElement):
        * bindings/js/JSSQLResultSetRowListCustom.cpp:
        (WebCore::JSSQLResultSetRowList::item):
        * bindings/js/JSSQLTransactionCustom.cpp:
        (WebCore::JSSQLTransaction::executeSql):
        * bindings/js/JSSharedWorkerConstructor.cpp:
        (WebCore::constructSharedWorker):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::canGetItemsForName):
        (WebCore::JSStorage::nameGetter):
        (WebCore::JSStorage::deleteProperty):
        (WebCore::JSStorage::getOwnPropertyNames):
        (WebCore::JSStorage::putDelegate):
        * bindings/js/JSStyleSheetListCustom.cpp:
        (WebCore::JSStyleSheetList::canGetItemsForName):
        (WebCore::JSStyleSheetList::nameGetter):
        * bindings/js/JSWebKitCSSMatrixConstructor.cpp:
        (WebCore::constructWebKitCSSMatrix):
        * bindings/js/JSWebSocketConstructor.cpp:
        (WebCore::constructWebSocket):
        * bindings/js/JSWebSocketCustom.cpp:
        (WebCore::JSWebSocket::send):
        * bindings/js/JSWorkerConstructor.cpp:
        (WebCore::constructWorker):
        * bindings/js/JSWorkerContextCustom.cpp:
        (WebCore::JSWorkerContext::importScripts):
        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::open):
        (WebCore::JSXMLHttpRequest::setRequestHeader):
        (WebCore::JSXMLHttpRequest::send):
        (WebCore::JSXMLHttpRequest::overrideMimeType):
        * bindings/js/JSXSLTProcessorCustom.cpp:
        (WebCore::JSXSLTProcessor::setParameter):
        (WebCore::JSXSLTProcessor::getParameter):
        (WebCore::JSXSLTProcessor::removeParameter):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::create):
        * bindings/js/ScriptCallFrame.cpp:
        (WebCore::ScriptCallFrame::ScriptCallFrame):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld):
        * bindings/js/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::hasBreakpoint):
        (WebCore::ScriptDebugServer::dispatchDidParseSource):
        (WebCore::ScriptDebugServer::dispatchFailedToParseSource):
        (WebCore::ScriptDebugServer::sourceParsed):
        * bindings/js/ScriptEventListener.cpp:
        (WebCore::getEventListenerHandlerBody):
        * bindings/js/ScriptFunctionCall.cpp:
        (WebCore::ScriptFunctionCall::appendArgument):
        (WebCore::ScriptFunctionCall::call):
        (WebCore::ScriptFunctionCall::construct):
        * bindings/js/ScriptObject.cpp:
        (WebCore::ScriptObject::set):
        * bindings/js/ScriptProfiler.cpp:
        (WebCore::ScriptProfiler::start):
        (WebCore::ScriptProfiler::stop):
        * bindings/js/ScriptString.h:
        (WebCore::ScriptString::operator String):
        (WebCore::ScriptString::ustring):
        (WebCore::ScriptString::operator+=):
        * bindings/js/ScriptValue.cpp:
        (WebCore::ScriptValue::getString):
        * bindings/js/ScriptValue.h:
        (WebCore::ScriptValue::toString):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedObject::set):
        (WebCore::SerializingTreeWalker::convertIfTerminal):
        (WebCore::DeserializingTreeWalker::putProperty):
        * bindings/js/StringSourceProvider.h:
        (WebCore::StringSourceProvider::StringSourceProvider):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject callWebScriptMethod:withArguments:]):
        (-[WebScriptObject setValue:forKey:]):
        (-[WebScriptObject valueForKey:]):
        (-[WebScriptObject removeWebScriptKey:]):
        * bindings/scripts/CodeGeneratorJS.pm:
        * bridge/IdentifierRep.cpp:
        (WebCore::IdentifierRep::get):
        * bridge/c/c_utility.cpp:
        (JSC::Bindings::identifierFromNPIdentifier):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::scriptImported):
        (WebCore::InspectorController::addProfileFinishedMessageToConsole):
        (WebCore::InspectorController::createProfileHeader):
        * inspector/InspectorResource.cpp:
        (WebCore::InspectorResource::sourceString):
        * inspector/JavaScriptCallFrame.cpp:
        (WebCore::JavaScriptCallFrame::functionName):
        * platform/KURL.h:
        (WebCore::KURL::operator const String&):
        * platform/text/AtomicString.cpp:
        (WebCore::AtomicString::operator UString):
        * platform/text/AtomicString.h:
        * platform/text/PlatformString.h:
        * platform/text/String.cpp:

2010-04-16  Anders Carlsson  <andersca@apple.com>

        Reviewed by David Hyatt.

        Always pass a view to the AppKit drawing functions.
        https://bugs.webkit.org/show_bug.cgi?id=37724

        * platform/mac/ThemeMac.mm:
        (WebCore::paintCheckbox):
        (WebCore::paintRadio):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuList):
        (WebCore::RenderThemeMac::paintSliderThumb):
        (WebCore::RenderThemeMac::paintSearchField):
        (WebCore::RenderThemeMac::paintSearchFieldCancelButton):
        (WebCore::RenderThemeMac::paintSearchFieldResultsDecoration):
        (WebCore::RenderThemeMac::paintSearchFieldResultsButton):

2010-04-16  Alexey Proskuryakov  <ap@apple.com>

        Reviewed by Dan Bernstein.

        https://bugs.webkit.org/show_bug.cgi?id=37718
        Safari crashes with certain JavaScript charCode events in EventHandler::needsKeyboardEventDisambiguationQuirks

        Test: fast/events/recorded-keydown-event.html

        * dom/KeyboardEvent.cpp: (WebCore::KeyboardEvent::charCode): Check if the view (window) is
        frameless.

2010-04-16  Jian Li  <jianli@chromium.org>

        Reviewed by Dmitry Titov.

        Update FormDataList to fix style violations in old code.
        https://bugs.webkit.org/show_bug.cgi?id=37689

        * html/FormDataList.h:
        (WebCore::FormDataList::appendData):
        (WebCore::FormDataList::appendBlob):

2010-04-16  Anders Carlsson  <andersca@apple.com>

        Fix WebKit2 build.

        * WebCore.base.exp:

2010-04-16  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Dimitri Glazkov.

        [chromium] Fix Mac build.
        https://bugs.webkit.org/show_bug.cgi?id=37436

        * platform/chromium/PopupMenuChromium.h:

2010-04-16  Jay Civelli  <jcivelli@chromium.org>

        Reviewed by Dimitri Glazkov.

        [chromium] Select popups would assert when destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=37436


        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::PopupContainer):
        (WebCore::PopupContainer::showPopup):
        (WebCore::PopupContainer::notifyPopupHidden):
        * platform/chromium/PopupMenuChromium.h:

2010-04-16  Antonio Gomes  <tonikitoo@webkit.org>

        Unreviewed QtWebKit (with Qt 4.7) build fix.

        Bug 37683 moved code from FontQt.cpp to FontPlatformDataQt.cpp but did not
        renamed the variable used.

        * platform/graphics/qt/FontPlatformDataQt.cpp:
        (WebCore::FontPlatformData::FontPlatformData):

2010-04-16  Noam Rosenthal  <noam.rosenthal@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        Make GraphicsLayerQt always use ItemCoordinateCache, and remove ItemUsesExtendedStyleOption.
        This aligns our implementation with the Safari implementation - layers are always uploaded
        to textures in item units, and WebCore is responsible for the heuristics.

        [Qt] GraphicsLayer: performance optimizations
        https://bugs.webkit.org/show_bug.cgi?id=35393

        No new tests. Still no FPS benchmarks available (on any platform)
        but animations are noticably better.

        * platform/graphics/qt/GraphicsLayerQt.cpp:
        (WebCore::GraphicsLayerQtImpl::GraphicsLayerQtImpl):
        (WebCore::GraphicsLayerQtImpl::paint):
        (WebCore::GraphicsLayerQtImpl::flushChanges):
        (WebCore::TransformAnimationQt::updateState):

2010-04-16  Simon Hausmann  <simon.hausmann@nokia.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] WebCore::Font::font() causes a QFont detach
        https://bugs.webkit.org/show_bug.cgi?id=37683

        Moved the setStyleStrategy call to FontPlatformData
        to avoid the detach.

        Thanks to Holger for spotting this.

        * platform/graphics/qt/FontPlatformDataQt.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        * platform/graphics/qt/FontQt.cpp:
        (WebCore::Font::font):

2010-04-15  Matt Perry  <mpcomplete@chromium.org>

        Reviewed by Adam Barth.

        Remove the check for the main frame's scheme when deciding which
        v8 extensions to add to a script context. Instead, Chromium will
        handle that check elsewhere to allow finer-grained control over
        what APIs we expose to web pages.
        https://bugs.webkit.org/show_bug.cgi?id=37681

        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::createNewContext):

2010-04-15  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Antti Koivisto.

        No default selection for <select multiple> menu lists.
        https://bugs.webkit.org/show_bug.cgi?id=37530

        Manual test: manual-tests/no-listbox-rendering.html

        For menu lists, if the selection is not indicated by the html file, the first <option> will be
        selected after loading the page or reseting the form. On the other hand listboxes may have no
        element selected after loading the page or reseting the form.

        When NO_LISTBOX_RENDERING is enabled listboxes becomes menu lists. Those <select multiple>
        that did not have selected elements, now being menu lists, will have the first <option>
        selected. That is the behavior difference that this patch corrects.

        When NO_LISTBOX_RENDERING is enabled usesMenuList() always returns true then usesMenuList() cannot
        be used to decide about initial selection of the elements. This patch replaces (usesMenuLists())
        by (!multiple && size <= 1) where initial selection is considered.

        * dom/SelectElement.cpp:
        (WebCore::SelectElement::recalcListItems):
        (WebCore::SelectElement::reset):
        * manual-tests/no-listbox-rendering.html: Added.

2010-04-15  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        Index validation code validates too many vertex attributes
        https://bugs.webkit.org/show_bug.cgi?id=31892

        * html/canvas/WebGLProgram.cpp:
        (WebCore::WebGLProgram::cacheActiveAttribLocations): Cache active attribute locations for a program at linkProgram time.
        (WebCore::WebGLProgram::getActiveAttribLocation): Get the cached attribute location.
        (WebCore::WebGLProgram::numActiveAttribLocations): Get the number of cached attribute locations.
        * html/canvas/WebGLProgram.h: Add attribute locations member.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateRenderingState): Add logic not to validate those attributes that do not belong to the current program.
        (WebCore::WebGLRenderingContext::linkProgram): Call cacheActiveAttribLocations().

2010-04-16  Adam Roben  <aroben@apple.com>

        Don't assert when soft-linked libraries can't be found

        In some situations (e.g., when using SOFT_LINK_OPTIONAL), we expect soft-link libraries not
        to be able to be found in all cases. So we shouldn't assert that they're always found.

        Reviewed by Sam Weinig.

        * platform/win/SoftLinking.h:
        (SOFT_LINK): Don't assert when LoadLibrary fails.

2010-04-15  Dmitry Titov  <dimich@chromium.org>

        Unreviewed, rolling out r57688.
        http://trac.webkit.org/changeset/57688
        https://bugs.webkit.org/show_bug.cgi?id=34992

        Makes fast/workers/dedicated-worker-lifecycle.html crashing on all GTK bots

        * bindings/js/JSWorkerContextCustom.cpp:
        * bindings/v8/custom/V8WorkerContextCustom.cpp:
        * storage/Database.idl:
        * storage/SQLError.idl:
        * storage/SQLResultSet.idl:
        * storage/SQLResultSetRowList.idl:
        * storage/SQLTransaction.idl:
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::openDatabase):
        * workers/WorkerContext.h:
        (WebCore::WorkerContext::databaseExceededQuota):
        * workers/WorkerContext.idl:

2010-04-15  Yury Semikhatsky  <yurys@google.com>

        Reviewed by Pavel Feldman.
    
        Support basic debugging capabilities including step in/over/out in v8
        implementation of ScriptDebugServer.

        https://bugs.webkit.org/show_bug.cgi?id=37604

        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::ScriptDebugServer):
        (WebCore::ScriptDebugServer::setDebuggerScriptSource):
        (WebCore::ScriptDebugServer::addListener):
        (WebCore::ScriptDebugServer::removeListener):
        (WebCore::ScriptDebugServer::setBreakpoint):
        (WebCore::ScriptDebugServer::removeBreakpoint):
        (WebCore::ScriptDebugServer::clearBreakpoints):
        (WebCore::ScriptDebugServer::setBreakpointsActivated):
        (WebCore::ScriptDebugServer::continueProgram):
        (WebCore::ScriptDebugServer::stepIntoStatement):
        (WebCore::ScriptDebugServer::stepOverStatement):
        (WebCore::ScriptDebugServer::stepOutOfFunction):
        (WebCore::ScriptDebugServer::currentCallFrameState):
        (WebCore::ScriptDebugServer::currentCallFrameV8):
        (WebCore::ScriptDebugServer::onV8DebugMessage):
        (WebCore::ScriptDebugServer::onV8DebugHostDispatch):
        (WebCore::ScriptDebugServer::handleV8DebugHostDispatch):
        (WebCore::ScriptDebugServer::handleV8DebugMessage):
        (WebCore::ScriptDebugServer::dispatchDidParseSource):
        (WebCore::ScriptDebugServer::ensureDebuggerScriptCompiled):
        (WebCore::ScriptDebugServer::didResume):
        * bindings/v8/ScriptDebugServer.h:
        (WebCore::ScriptDebugServer::pauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setPauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setMessageLoopDispatchHandler):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        (WebCore::V8InjectedScriptHost::currentCallFrameCallback):
        (WebCore::V8InjectedScriptHost::isActivationCallback):
        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor):
        (injectedScriptConstructor.):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel):

2010-04-15  Jian Li  <jianli@chromium.org>

        Reviewed by Dmitry Titov.

        Support using FormData to send a sliced file via XHR.
        https://bugs.webkit.org/show_bug.cgi?id=36678

        Tests: http/tests/local/formdata/send-form-data-with-sliced-file.html

        * html/Blob.h:
        (WebCore::Blob::isFile):
        * html/DOMFormData.cpp:
        (WebCore::DOMFormData::append):
        * html/File.h:
        (WebCore::File::isFile):
        * html/FormDataList.h:
        (WebCore::FormDataList::appendBlob):
        (WebCore::FormDataList::Item::Item):
        (WebCore::FormDataList::Item::blob):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::appendFormData):
        * platform/network/FormData.cpp:
        (WebCore::FormData::appendDOMFormData):
        * platform/network/mac/FormDataStreamMac.mm:
        (WebCore::closeCurrentStream):

2010-04-15  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        Must enable GL_VERTEX_PROGRAM_POINT_SIZE during initialization
        https://bugs.webkit.org/show_bug.cgi?id=37178

        Test: fast/canvas/webgl/point-size.html

        * platform/graphics/mac/GraphicsContext3DMac.cpp: Enable GL_VERTEX_PROGRAM_POINT_SIZE during initialization.
        (WebCore::GraphicsContext3D::GraphicsContext3D):

2010-04-15  Eric Uhrhane  <ericu@chromium.org>

        Reviewed by Dmitry Titov.

        Add bindings for async DB API in Workers.
        https://bugs.webkit.org/show_bug.cgi?id=34992

        Tests: storage/change-version-handle-reuse-worker.html
               storage/execute-sql-args-worker.html

        * bindings/js/JSWorkerContextCustom.cpp: Add openDatabase binding.
        (WebCore::JSWorkerContext::openDatabase):

        * bindings/v8/custom/V8WorkerContextCustom.cpp: Add openDatabase stub; Chromium will need work both in V8 and in the browser process before we can turn this on there.
        (WebCore::V8WorkerContext::openDatabaseCallback):

        Add NoStaticTables flags to all objects now shared with workers.
        * storage/Database.idl:
        * storage/SQLError.idl:
        * storage/SQLResultSet.idl:
        * storage/SQLResultSetRowList.idl:
        * storage/SQLTransaction.idl:
        
        * workers/WorkerContext.h: Add databaseExceededQuota.
        * workers/WorkerContext.cpp:
        (WebCore::WorkerContext::databaseExceededQuota): Add stub implementation for testing; you just get 5MB for now.
        (WebCore::WorkerContext::openDatabase): Remove invalid assertion.

        Add the IDL for the call to openDatabase.
        * workers/WorkerContext.idl:

2010-04-15  Nicolas Weber  <thakis@chromium.org>

        Reviewed by Dimitri Glazkov.

        Fix drag image thumbnails for indexed images.
        https://bugs.webkit.org/show_bug.cgi?id=37621

        * platform/chromium/DragImageChromiumMac.cpp:
        (WebCore::scaleDragImage): Always use RGB color space.
        (WebCore::dissolveDragImageToFraction): Always use RGB color space.

2010-04-15  Adam Roben  <aroben@apple.com>

        Expose UserContentURLPattern as WebKit SPI

        Fixes <http://webkit.org/b/37354>.

        Reviewed by Tim Hatcher.

        * WebCore.base.exp: Export UserContentURLPattern::parse, and sorted
        the file.

        * WebCore.xcodeproj/project.pbxproj: Marked UserContentURLPattern.h as
        "Private".

        * page/UserContentURLPattern.h:
        (WebCore::UserContentURLPattern::UserContentURLPattern): Added a
        default constructor.
        (WebCore::UserContentURLPattern::isValid): Added this getter.

2010-04-15  Chris Fleizach  <cfleizach@apple.com>

        Reviewed by Beth Dakin.

        AXHelp is being appended from ancestors incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=37659

        Test: platform/mac/accessibility/unexpected-help-text.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::helpText):

2010-04-15  David Hyatt  <hyatt@apple.com>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=37669, REGRESSION: visited styles don't work right when only the visited path specifies
        a pseudoelement.
        
        Rework the pseudo cache on RenderStyles to support nesting, i.e., a pseudo hanging off a pseudo.  The existing model gets
        confused by this concept, since it relies on a singly linked list of chained pseudo styles (instead of a Vector owned by a primary
        style).  I changed the style cache to be a Vector instead.
        
        Reworked both styleForElement and pseudoStyleForElement to resolve visited styles first, since in the pseudoStyleForElement case
        you need to do this in order to know to allocate an unvisited pseudo style even if one shouldn't normally exist.

        * css/CSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::styleForElement):
        (WebCore::CSSStyleSelector::pseudoStyleForElement):
        * dom/Element.cpp:
        (WebCore::Element::pseudoStyleCacheIsInvalid):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getCachedPseudoStyle):
        (WebCore::RenderStyle::addCachedPseudoStyle):
        * rendering/style/RenderStyle.h:
        (WebCore::):
        (WebCore::InheritedFlags::cachedPseudoStyles):

2010-04-15  Albert J. Wong  <ajwong@chromium.org>

        Unreviewed, rolling out r57660.
        http://trac.webkit.org/changeset/57660
        https://bugs.webkit.org/show_bug.cgi?id=37604

        Broke a large number of inspector layout tests in chromium.

        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        * bindings/v8/ScriptDebugServer.cpp:
        * bindings/v8/ScriptDebugServer.h:
        (WebCore::ScriptDebugServer::addListener):
        (WebCore::ScriptDebugServer::removeListener):
        (WebCore::ScriptDebugServer::setBreakpoint):
        (WebCore::ScriptDebugServer::removeBreakpoint):
        (WebCore::ScriptDebugServer::clearBreakpoints):
        (WebCore::ScriptDebugServer::setBreakpointsActivated):
        (WebCore::ScriptDebugServer::pauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setPauseOnExceptionsState):
        (WebCore::ScriptDebugServer::continueProgram):
        (WebCore::ScriptDebugServer::stepIntoStatement):
        (WebCore::ScriptDebugServer::stepOverStatement):
        (WebCore::ScriptDebugServer::stepOutOfFunction):
        (WebCore::ScriptDebugServer::currentCallFrameState):
        (WebCore::ScriptDebugServer::ScriptDebugServer):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        (WebCore::V8InjectedScriptHost::currentCallFrameCallback):
        (WebCore::V8InjectedScriptHost::isActivationCallback):
        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel):

2010-04-14  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Dimitri Glazkov.

        DatabaseTracker refactoring: remove the dependency on
        OriginQuotaManager from DatabaseTracker.h
        https://bugs.webkit.org/show_bug.cgi?id=31482

        * storage/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::DatabaseTracker):
        (WebCore::DatabaseTracker::~DatabaseTracker):
        (WebCore::DatabaseTracker::canEstablishDatabase):
        (WebCore::DatabaseTracker::hasEntryForOrigin):
        (WebCore::DatabaseTracker::getMaxSizeForDatabase):
        (WebCore::DatabaseTracker::databaseChanged):
        (WebCore::DatabaseTracker::fullPathForDatabaseNoLock):
        (WebCore::DatabaseTracker::fullPathForDatabase):
        (WebCore::DatabaseTracker::populateOrigins):
        (WebCore::DatabaseTracker::origins):
        (WebCore::DatabaseTracker::databaseNamesForOrigin):
        (WebCore::DatabaseTracker::addOpenDatabase):
        (WebCore::DatabaseTracker::removeOpenDatabase):
        (WebCore::DatabaseTracker::usageForOriginNoLock):
        (WebCore::DatabaseTracker::usageForOrigin):
        (WebCore::DatabaseTracker::quotaForOrigin):
        (WebCore::DatabaseTracker::setQuota):
        (WebCore::DatabaseTracker::deleteOrigin):
        (WebCore::DatabaseTracker::deleteDatabase):
        (WebCore::DatabaseTracker::deleteDatabaseFile):
        * storage/DatabaseTracker.h:
        * storage/SQLTransactionClient.cpp:
        (WebCore::SQLTransactionClient::didExecuteStatement):

2010-04-15  Zhenyao Mo  <zmo@google.com>

        Reviewed by Adam Barth.

        Several tests in fast/canvas/webgl/ failed randomly on Leopard Commit Bot
        This fixes an uninitialized variable bug and restores a glFinish call that used to be present.
        https://bugs.webkit.org/show_bug.cgi?id=36908

        * platform/graphics/mac/GraphicsContext3DMac.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D): Initialize width/height to 0/0.
        (WebCore::GraphicsContext3D::prepareTexture): Restore glFinish() in every path.

2010-04-14  Antonio Gomes  <tonikitoo@webkit.org>

        Reviewed by Simon Fraser.

        Spatial Navigation: make hasOffscreenRect() to earlier return 'true' if absoluteClippedOverflowRect() gives an empty rect
        https://bugs.webkit.org/show_bug.cgi?id=37635

        absoluteClippedOverflowRect method of RenderObject does return an empty IntRect for offscreen nodes.
        So hasOffscreenRect method (SpatialNavigation.cpp) can safily bail out earlier in such cases.

        * page/SpatialNavigation.cpp:
        (WebCore::hasOffscreenRect):

2010-04-14  Antonio Gomes  <tonikitoo@webkit.org>

        Reviewed by Simon Fraser.

        Spatial Navigation: remove unnecessery assignment in updateFocusCandidateIfCloser method
        https://bugs.webkit.org/show_bug.cgi?id=37634

        This assignment line is not longer needed after r57061, bug that refactored all
        assignment logic to happen lines below in the method.

        * page/FocusController.cpp:
        (WebCore::updateFocusCandidateIfCloser):

2010-04-15  Yury Semikhatsky  <yurys@google.com>

        Reviewed by Pavel Feldman.
    
        Support basic debugging capabilities including step in/over/out in v8
        implementation of ScriptDebugServer.

        https://bugs.webkit.org/show_bug.cgi?id=37604

        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        * bindings/v8/ScriptDebugServer.cpp:
        (WebCore::ScriptDebugServer::ScriptDebugServer):
        (WebCore::ScriptDebugServer::setDebuggerScriptSource):
        (WebCore::ScriptDebugServer::addListener):
        (WebCore::ScriptDebugServer::removeListener):
        (WebCore::ScriptDebugServer::setBreakpoint):
        (WebCore::ScriptDebugServer::removeBreakpoint):
        (WebCore::ScriptDebugServer::clearBreakpoints):
        (WebCore::ScriptDebugServer::setBreakpointsActivated):
        (WebCore::ScriptDebugServer::continueProgram):
        (WebCore::ScriptDebugServer::stepIntoStatement):
        (WebCore::ScriptDebugServer::stepOverStatement):
        (WebCore::ScriptDebugServer::stepOutOfFunction):
        (WebCore::ScriptDebugServer::currentCallFrameState):
        (WebCore::ScriptDebugServer::currentCallFrameV8):
        (WebCore::ScriptDebugServer::onV8DebugMessage):
        (WebCore::ScriptDebugServer::onV8DebugHostDispatch):
        (WebCore::ScriptDebugServer::handleV8DebugHostDispatch):
        (WebCore::ScriptDebugServer::handleV8DebugMessage):
        (WebCore::ScriptDebugServer::dispatchDidParseSource):
        (WebCore::ScriptDebugServer::ensureDebuggerScriptCompiled):
        (WebCore::ScriptDebugServer::didResume):
        * bindings/v8/ScriptDebugServer.h:
        (WebCore::ScriptDebugServer::pauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setPauseOnExceptionsState):
        (WebCore::ScriptDebugServer::setMessageLoopDispatchHandler):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::InjectedScriptHost::createInjectedScript):
        (WebCore::V8InjectedScriptHost::currentCallFrameCallback):
        (WebCore::V8InjectedScriptHost::isActivationCallback):
        * inspector/front-end/InjectedScript.js:
        (injectedScriptConstructor):
        (injectedScriptConstructor.):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel):

2010-04-15  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Beth Dakin.

        RenderSVGResource <-> id mapping should be cached
        https://bugs.webkit.org/show_bug.cgi?id=37575

        Test: svg/custom/clip-path-id-changes.svg

        * rendering/RenderSVGResource.h:
        (WebCore::RenderSVGResource::RenderSVGResource):
        (WebCore::RenderSVGResource::~RenderSVGResource):
        (WebCore::RenderSVGResource::idChanged):
        (WebCore::getRenderSVGResourceById):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::addResource):
        (WebCore::SVGDocumentExtensions::removeResource):
        (WebCore::SVGDocumentExtensions::resourceById):
        * svg/SVGDocumentExtensions.h:
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::svgAttributeChanged):

2010-04-15  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Dimitri Glazkov.

        LayoutTest breakage in V8 bindings after r57627
        https://bugs.webkit.org/show_bug.cgi?id=37660

        Fixes breakage of the following tests due to an error in V8 bindings for
        NamedNodeMap:
        hc_namednodemapinuseattributeerr.html
        hc_namednodemapsetnameditemreturnvalue.html
        hc_namednodemapwrongdocumenterr.html
        hc_namednodemapinvalidtype1.html
        NamedNodeMap-setNamedItem-crash.html

        * bindings/v8/custom/V8NamedNodeMapCustom.cpp:
        (WebCore::V8NamedNodeMap::setNamedItemNSCallback):
        (WebCore::V8NamedNodeMap::setNamedItemCallback):

2010-04-15  David Hyatt  <hyatt@apple.com>

        Reviewed by Anders Carlsson.

        https://bugs.webkit.org/show_bug.cgi?id=37567, :first-letter inside a :visited link is wrong color.  Make sure
        that the pseudo style caching allows visited link styles to hang off other pseudo styles.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::updateFirstLetter):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getCachedPseudoStyle):

2010-04-15  Ben Murdoch  <benm@google.com>

        Unreviewed, rolling out r57652.
        http://trac.webkit.org/changeset/57652
        https://bugs.webkit.org/show_bug.cgi?id=37609

        Caused a build break on Chromium Mac and Layout Test fail on
        Qt

        * platform/PlatformTouchPoint.h:
        (WebCore::PlatformTouchPoint::):
        * platform/qt/PlatformTouchPointQt.cpp:
        (WebCore::PlatformTouchPoint::PlatformTouchPoint):

2010-04-15  Yaar Schnitman  <yaar@chromium.org>

        Reviewed by Nate Chapin.

        Overloads auto-generation in V8
        https://bugs.webkit.org/show_bug.cgi?id=37373

        This will be used by XHR.send/open, Canvas.*, WebGL.* methods that are currently custom. When more than a single overload exists for a method, the correct overload is chosen based on the total number of arguments passed as well as the values passed to non-primitive arguments.

        Overload dispatch order depends on the order the functions are defined in the IDL. Overloads must be specified from the most precise (overloads with wrapper type arguments) to the least precise (overloads with only primitive type arguments).

        * bindings/scripts/CodeGeneratorV8.pm: Identify and output overloads callbacks and dispatch code.
        * bindings/v8/test/TestObj.idl: Overloads sample.
        * bindings/v8/test/V8TestObj.cpp: Output change.

2010-04-15  Ben Murdoch  <benm@google.com>

        Reviewed by Kenneth Rohde Christiansen.

        The TouchStationary state of WebCore::PlatformTouchPoint
        is not handled inside the touch event handler.
        https://bugs.webkit.org/show_bug.cgi?id=37609

        After discussions at the WebKit contributors meeting, we decided
        that this is a currently unused state without a good future use
        case in the Touch API and thus decided to remove it. This patch
        actions that decision.

        As the TouchStationary state is not handled in the EventHandler,
        there is no change in functionality so no new tests are required.

        * platform/PlatformTouchPoint.h:
        (WebCore::PlatformTouchPoint::): Remove TouchStationary.
        * platform/qt/PlatformTouchPointQt.cpp:
        (WebCore::PlatformTouchPoint::PlatformTouchPoint): Remove TouchStationary.

2010-04-15  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Adam Roben.

        Use a lower-overhead mechanism for plug-in message throttling
        https://bugs.webkit.org/show_bug.cgi?id=37642        
        <rdar://problem/7418285> Very high CPU usage idling in gmail under Windows 7 (plug-in related)
        
        GMail has an instance of Flash that loads on the main mail page.
        This Flash content sends us a constant stream of WM_USER+1 messsages.
        
        There was already code in PluginMessageThrottlerWin to queue and process these
        excess WM_USER+1 messages from Flash. Unfortunately, there were a couple of
        problems with this code:
        
        - The timer used to process the excess messages had a very low timeout (1ms).
          Chrome uses a value of 5ms for this delay, and doesn't use excess CPU here,
          while still maintaining good Flash frame rate.
        
        - The overhead involved in generating a constant stream of 5ms timers still swamped
          the CPU, resulting in continued high CPU utilization.
          
        To fix this, I changed the throttling code to:
        
        - Process a queued WM_USER+1 message directly if none has been processed in 5ms.
          This allows us to avoid the overhead of a timer.
          
        - Process remaining delayed WM_USER+1 messages on a 16ms timer.
        
        This reduces our CPU utilization idling in GMail from ~20% to ~2-3% on my system.
        I also verified the frame rate for Flash content wasn't reduced with this change.

        * plugins/win/PluginMessageThrottlerWin.cpp:
        (WebCore::PluginMessageThrottlerWin::PluginMessageThrottlerWin): Initialize m_lastMessageTime.
        (WebCore::PluginMessageThrottlerWin::appendMessage): Process a queued message directly if >5ms have passed.
        (WebCore::PluginMessageThrottlerWin::processQueuedMessage): Split out from messageThrottleTimerFired.
        (WebCore::PluginMessageThrottlerWin::messageThrottleTimerFired): Call through to processQueuedMessage.
        * plugins/win/PluginMessageThrottlerWin.h: Add processQueuedMessage, m_lastMessageTime.

2010-04-15  Shinichiro Hamaji  <hamaji@chromium.org>

        Reviewed by David Levin.

        LEAK: in ThreadableWebSocketChannel::create()
        https://bugs.webkit.org/show_bug.cgi?id=37584

        No new tests because this change just fixes a leak.

        * websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
        * websockets/WorkerThreadableWebSocketChannel.h:
        (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):

2010-04-15  Gyuyoung Kim  <gyuyoung.kim@samsung.com>

        Reviewed by Eric Seidel.

        Duplicated patches related to wml were pushed to trunk. So, one of
        the patches should be reverted.
        https://bugs.webkit.org/show_bug.cgi?id=37542

        * wml/WMLOptionElement.h:
        * wml/WMLSelectElement.h:

2010-04-15  Bruno Schmidt  <bruno.schmidt@gmail.com>

        Reviewed by Kenneth Rohde Christiansen.

        [Qt] Null QObjects properties cause Segmentation Fault
        https://bugs.webkit.org/show_bug.cgi?id=34730

        QObjects exported to the QWebkit javascript with properties that are
        a null "QObject*" cause Segmentation Fault.

        If an QObject is added to the javascript context and it contains
        properties of the type QObject* with NULL value, calling the property
        causes Segmentation Fault.
        So now the code below properly checks for null pointers:

        * bridge/qt/qt_instance.cpp:
        (JSC::Bindings::QtInstance::getClass): may return NULL
        (JSC::Bindings::QtInstance::getMethod): may return jsNull()
        (JSC::Bindings::QtInstance::stringValue): may return jsNull()
        (JSC::Bindings::QtInstance::booleanValue): may return false
        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::convertValueToQVariant): 
        (JSC::Bindings::convertQVariantToValue): May return jsNull on QObjectStar

2010-04-14  Simon Fraser  <simon.fraser@apple.com>

        Reviewed by Dan Bernstein.

        Repaint of fixed, transformed element is broken
        https://bugs.webkit.org/show_bug.cgi?id=37637

        RenderBox::computeRectForRepaint() failed to set the 'fixed' flag correctly
        for elements that had both fixed position and a transform. If the element has
        a transform, 'fixed' should only remain true if the element itself is fixed
        position.
        
        Also cache style()->position() in a local variable for performance.
        
        Test: fast/repaint/fixed-tranformed.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):

2010-04-14  Luiz Agostini  <luiz.agostini@openbossa.org>

        Reviewed by Kenneth Rohde Christiansen.

        Changing view mode names due to specification changes
        https://bugs.webkit.org/show_bug.cgi?id=37615

        test: fast/media/media-feature-wgt-view-mode.html

        specification: http://dev.w3.org/2006/waf/widgets-vmmf/

        * css/MediaQueryEvaluator.cpp:
        (WebCore::view_modeMediaFeatureEval):
        * page/ChromeClient.h:
        (WebCore::ChromeClient::isWindowed):
        (WebCore::ChromeClient::isMaximized):
        (WebCore::ChromeClient::isMinimized):

2010-04-14  Adam Barth  <abarth@webkit.org>

        Unreviewed attempt to fix Qt build.

        * bindings/js/JSNodeCustom.cpp:

2010-04-14  Justin Schuh  <jschuh@chromium.org>

        Reviewed by Adam Barth.

        Javascript URL can be set as iframe.src via multiple DOM aliases
        https://bugs.webkit.org/show_bug.cgi?id=37031

        Moved frame/iframe checks from Attr to Node on inherited members.
        Node child manipulation methods now return NOT_SUPPORTED_ERR if used
        on a frame/iframe src attribute.
        NamedNodeMap set methods now perform frame/iframe src checks.
        Moved allowSettingSrcToJavascriptURL static helper function from 
        JSElementCustom.cpp to exported function in JSDOMBinding.h.

        * bindings/js/JSAttrCustom.cpp:
        (WebCore::JSAttr::setValue):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::allowSettingSrcToJavascriptURL):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSElementCustom.cpp:
        * bindings/js/JSNamedNodeMapCustom.cpp:
        (WebCore::JSNamedNodeMap::setNamedItem):
        (WebCore::JSNamedNodeMap::setNamedItemNS):
        * bindings/js/JSNodeCustom.cpp:
        (WebCore::isAttrFrameSrc):
        (WebCore::JSNode::setNodeValue):
        (WebCore::JSNode::setTextContent):
        (WebCore::JSNode::insertBefore):
        (WebCore::JSNode::replaceChild):
        (WebCore::JSNode::removeChild):
        (WebCore::JSNode::appendChild):
        * bindings/v8/custom/V8AttrCustom.cpp:
        * bindings/v8/custom/V8NamedNodeMapCustom.cpp:
        (WebCore::V8NamedNodeMap::setNamedItemNSCallback):
        (WebCore::V8NamedNodeMap::setNamedItemCallback):
        (WebCore::toV8):
        * bindings/v8/custom/V8NodeCustom.cpp:
        (WebCore::isFrameSrc):
        (WebCore::V8Node::textContentAccessorSetter):
        (WebCore::V8Node::nodeValueAccessorSetter):
        (WebCore::V8Node::insertBeforeCallback):
        (WebCore::V8Node::replaceChildCallback):
        (WebCore::V8Node::removeChildCallback):
        (WebCore::V8Node::appendChildCallback):
        * dom/Attr.idl:
        * dom/NamedNodeMap.idl:
        * dom/Node.idl:

2010-04-14  Alejandro G. Castro  <alex@igalia.com>

        Reviewed by Xan Lopez.

        We have to check if the resource handler is cancelled before
        checking the client, other case it could crash.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::parseDataUrl):

2010-04-14  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57609.
        http://trac.webkit.org/changeset/57609
        https://bugs.webkit.org/show_bug.cgi?id=37614

        "Broke multiple builders.  Probably needs new test results,
        but may be an Inspector bug." (Requested by eseidel on
        #webkit).

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didReceiveResponse):
        (WebCore::InspectorController::didFailLoading):
        * inspector/front-end/Resource.js:
        (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):

2010-04-14  Steve Falkenburg  <sfalken@apple.com>

        Reviewed by Dan Bernstein.

        Don't cache SimpleFontData* in getLastResortFallbackFont. The cached entry may be invalidated.
        https://bugs.webkit.org/show_bug.cgi?id=37599

        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::fontDataFromDescriptionAndLogFont):
        (WebCore::FontCache::getLastResortFallbackFont):

2010-04-14  Andrey Kosyakov  <caseq@chromium.ru>

        Reviewed by Timothy Hatcher.

        Log error message to inspector console if a resource fails to load.
        Disable checking of mime-type consistency for failed resources.
        https://bugs.webkit.org/show_bug.cgi?id=37215

        Test: inspector/console-resource-errors.html

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::didReceiveResponse):
        (WebCore::InspectorController::didFailLoading):
        * inspector/front-end/Resource.js:
        (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
        * inspector/front-end/ResourcesPanel.js:
        (WebInspector.ResourcesPanel.prototype.recreateViewForResourceIfNeeded):

2010-04-14  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r57599.
        http://trac.webkit.org/changeset/57599
        https://bugs.webkit.org/show_bug.cgi?id=37605

        "Broke Chromium build" (Requested by dglazkov on #webkit).

        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::PopupContainer):
        (WebCore::PopupContainer::showPopup):
        (WebCore::PopupContainer::notifyPopupHidden):
        * platform/chromium/PopupMenuChromium.h:

2010-04-14  Aaron Boodman  <aa@chromium.org>

        Reviewed by David Levin.

        Support relative URLs for notifications on Chromium. They weren't working previously because WebCore was inserting
        the relative URL into a KURL instance, but when KURL is backed by GURL as it is on Chromium, relative URLs are
        unsupported. Fixed by resolving the relative URL first.

        https://bugs.webkit.org/show_bug.cgi?id=36623

        Adding tests for this is difficult because we don't currently have DRT support for notifications on Mac, only Windows.

        * notifications/Notification.cpp:
        (WebCore::Notification::Notification): Accept resolved KURL instead of relative string.
        * notifications/Notification.h:
        (WebCore::Notification::create): Ditto.
        (WebCore::Notification::iconURL): Return resolved KURL instead of relative string.
        * notifications/NotificationCenter.h:
        (WebCore::NotificationCenter::createHTMLNotification): Immediately resolve URL instead of passing off relative string.
        (WebCore::NotificationCenter::createNotification): Ditto.
        * notifications/NotificationContents.h:
        (WebCore::NotificationContents::NotificationContents): Accept resolved KURL instead of relative string.
        (WebCore::NotificationContents::icon): Return resolved URL.

2010-04-14  Anders Carlsson  <andersca@apple.com>

        Reviewed by Sam Weinig.

        Add ThemeMac::ensuredView and get rid of a workaround in ThemeMac::paintButton.
        https://bugs.webkit.org/show_bug.cgi?id=37601

        * platform/mac/ThemeMac.h:
        * platform/mac/ThemeMac.mm:
        (-[WebCoreFlippedView isFlipped]):
        (WebCore::paintButton):
        (WebCore::ThemeMac::ensuredView):

2010-04-14  Jay Civelli  <jcivelli@chromium.org>
 
        Reviewed by Dimitri Glazkov.

        [chromium] Select popups would assert when destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=37436
 
        * platform/chromium/PopupMenuChromium.cpp:
        (WebCore::PopupContainer::PopupContainer):
        (WebCore::PopupContainer::showPopup):
        (WebCore::PopupContainer::notifyPopupHidden):
        * platform/chromium/PopupMenuChromium.h:
 

2010-04-14  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Jian Li.

        Remove an incorrect ASSERT in UniscribeHelper::draw().
        https://bugs.webkit.org/show_bug.cgi?id=37533

        * platform/graphics/chromium/UniscribeHelper.cpp:
        (WebCore::UniscribeHelper::draw):

2010-04-14  Pavel Feldman  <pfeldman@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: readline shortcuts don't work in Chromium.

        * inspector/front-end/TextPrompt.js:
        (WebInspector.TextPrompt.prototype._onKeyDown):
        (WebInspector.TextPrompt.prototype._moveCaretToStartOfPrompt):

2010-04-14  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Timothy Hatcher.

        Web Inspector: Console: Shift-Tab does not cycle autocompletions in the reverse order
        https://bugs.webkit.org/show_bug.cgi?id=37582

        * inspector/front-end/TextPrompt.js:
        (WebInspector.TextPrompt.prototype.complete):
        (WebInspector.TextPrompt.prototype._completionsReady):
        (WebInspector.TextPrompt.prototype._tabKeyPressed):

2010-04-14  Jeff Schiller  <codedread@gmail.com>

        Reviewed by Dirk Schulze.

        Render SVG Paths up to first error, bug 37413: https://bugs.webkit.org/show_bug.cgi?id=37413

        * svg/SVGParserUtilities.cpp:
        (WebCore::SVGPathSegListBuilder::build):

2010-04-14  Alexander Pavlov  <apavlov@chromium.org>

        Reviewed by Joseph Pecoraro.

        Web Inspector: Ctrl-L (Clear History) does nothing on Windows
        https://bugs.webkit.org/show_bug.cgi?id=37579

        * inspector/front-end/ConsoleView.js:
        (WebInspector.ConsoleView):

2010-04-14  Anton Muhin  <antonm@chromium.org>

        Not review, build fix.

        Add <limits.h> include to bring UINT_MAX.

        * html/canvas/WebGLArray.h:

2010-04-14  Nikolas Zimmermann  <nzimmermann@rim.com>

        Not reviewed. Attempt to unbreak build - NodeRenderStyle.h is an _interessting_ concept...

        * rendering/style/SVGRenderStyle.cpp: Include 'NodeRenderStyle.h'

2010-04-14  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        SVGRenderStyle/SVGRenderStyleDefs needs a cleanup
        https://bugs.webkit.org/show_bug.cgi?id=37568

        Cleanup SVGRenderStyle / SVGRenderStyleDefs:
        - use copy constructors in initialization list to initialize members, instead of assignment operators in the body
        - fix style issues (misplaced references, abbrevations)
        - merge StyleClipData/StyleMaskData to save memory, rename it StyleResourceData
        - move filter property in StyleResourceData
        - rename StyleMarkerData to StyleInheritedResourceData to highlight the difference to StyleResourceData
        - unify naming schemes for all resources (filter/clipper/masker/markers)
          - clipPath() -> clipperResource()
          - maskElement() -> maskerResource()
          - startMarker() -> markerStartResource()
          - midMarker() -> markerMidResource()
          - endMarker() -> markerEndResource()
          - filter() -> filterResource()

        Adapt all callsites to the renames above.
        No new tests, as this doesn't affect anything except memory overhead.

        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getSVGPropertyCSSValue):
        * css/SVGCSSStyleSelector.cpp:
        (WebCore::CSSStyleSelector::applySVGProperty):
        * rendering/RenderPath.cpp:
        (WebCore::RenderPath::calculateMarkerBoundsIfNeeded):
        * rendering/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::selfWillPaint):
        * rendering/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::selfWillPaint):
        * rendering/SVGRenderSupport.cpp:
        (WebCore::SVGRenderBase::prepareToRenderSVGContent):
        (WebCore::SVGRenderBase::filterBoundingBoxForRenderer):
        (WebCore::SVGRenderBase::clipperBoundingBoxForRenderer):
        (WebCore::SVGRenderBase::maskerBoundingBoxForRenderer):
        (WebCore::deregisterFromResources):
        * rendering/SVGRenderTreeAsText.cpp:
        (WebCore::writeStyle):
        (WebCore::writeResources):
        * rendering/style/SVGRenderStyle.cpp:
        (WebCore::SVGRenderStyle::SVGRenderStyle):
        (WebCore::SVGRenderStyle::operator==):
        (WebCore::SVGRenderStyle::inheritedNotEqual):
        (WebCore::SVGRenderStyle::inheritFrom):
        * rendering/style/SVGRenderStyle.h:
        * rendering/style/SVGRenderStyleDefs.cpp:
        (WebCore::StyleFillData::StyleFillData):
        (WebCore::StyleFillData::operator==):
        (WebCore::StyleStrokeData::StyleStrokeData):
        (WebCore::StyleStrokeData::operator==):
        (WebCore::StyleStopData::StyleStopData):
        (WebCore::StyleStopData::operator==):
        (WebCore::StyleTextData::StyleTextData):
        (WebCore::StyleMiscData::StyleMiscData):
        (WebCore::StyleMiscData::operator==):
        (WebCore::StyleShadowSVGData::StyleShadowSVGData):
        (WebCore::StyleShadowSVGData::operator==):
        (WebCore::StyleResourceData::StyleResourceData):
        (WebCore::StyleResourceData::operator==):
        (WebCore::StyleInheritedResourceData::StyleInheritedResourceData):
        (WebCore::StyleInheritedResourceData::operator==):
        * rendering/style/SVGRenderStyleDefs.h:
        (WebCore::StyleFillData::operator!=):
        (WebCore::StyleStopData::operator!=):
        (WebCore::StyleMiscData::create):
        (WebCore::StyleMiscData::copy):
        (WebCore::StyleMiscData::operator!=):
        (WebCore::StyleShadowSVGData::create):
        (WebCore::StyleShadowSVGData::copy):
        (WebCore::StyleShadowSVGData::operator!=):
        (WebCore::StyleResourceData::create):
        (WebCore::StyleResourceData::copy):
        (WebCore::StyleResourceData::operator!=):
        (WebCore::StyleInheritedResourceData::create):
        (WebCore::StyleInheritedResourceData::copy):
        (WebCore::StyleInheritedResourceData::operator!=):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::addResource):
        (WebCore::SVGDocumentExtensions::removeResource):
        * svg/SVGDocumentExtensions.h:
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::invalidateResources):

2010-04-14  Zhenyao Mo  <zmo@google.com>

        Reviewed by Dimitri Glazkov.

        readPixels must take PACK_ALIGNMENT into account
        https://bugs.webkit.org/show_bug.cgi?id=34718

        Test: fast/canvas/webgl/read-pixels.html

        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::WebGLRenderingContext): Init members to support pack_alignment.
        (WebCore::WebGLRenderingContext::pixelStorei): Save pack/unpack_alignment.
        (WebCore::WebGLRenderingContext::readPixels): Validate enum and deal with pack_alignment.
        * html/canvas/WebGLRenderingContext.h: Add members to support pack_alignment.
        * platform/graphics/GraphicsContext3D.h: Refactor readPixels.
        * platform/graphics/mac/GraphicsContext3DMac.cpp:
        (WebCore::GraphicsContext3D::readPixels): Move array allocation and alpha fix to WebGLRenderingContext; flush before read pixels.

2010-04-13  Dirk Schulze  <krit@webkit.org>

        Reviewed by Eric Seidel.

        REGRESSION(r57511): many new graphics / svg related leaks
        https://bugs.webkit.org/show_bug.cgi?id=37527

        The content of a HashMap was not correctly deleted. Fixed this
        in the DTor and in invalidateClient of RenderSVGResourceClipper.

        * rendering/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::~RenderSVGResourceClipper):
        (WebCore::RenderSVGResourceClipper::invalidateClient):

2010-04-13  Zhenyao Mo  <zmo@google.com>

        Reviewed by Oliver Hunt.

        Fix a potential integer overflow in WebGL*Array::slice()
        https://bugs.webkit.org/show_bug.cgi?id=37466

        * html/canvas/WebGLArray.h:
        (WebCore::WebGLArray::clampOffsetAndNumElements): Input parameter "offset"'s semantic changed from in bytes from buffer to in elements from array view; calculate offset in bytes from buffer inside the function, avoiding overflow. 
        * html/canvas/WebGLByteArray.cpp:
        (WebCore::WebGLByteArray::slice): Changed according to new semantic of WebCore::WebGLArray::clampOffsetAndNumElements.
        * html/canvas/WebGLFloatArray.cpp:
        (WebCore::WebGLFloatArray::slice): Ditto.
        * html/canvas/WebGLIntArray.cpp:
        (WebCore::WebGLIntArray::slice): Ditto.
        * html/canvas/WebGLShortArray.cpp:
        (WebCore::WebGLShortArray::slice): Ditto.
        * html/canvas/WebGLUnsignedByteArray.cpp:
        (WebCore::WebGLUnsignedByteArray::slice): Ditto.
        * html/canvas/WebGLUnsignedIntArray.cpp:
        (WebCore::WebGLUnsignedIntArray::slice): Ditto.
        * html/canvas/WebGLUnsignedShortArray.cpp:
        (WebCore::WebGLUnsignedShortArray::slice): Ditto.

2010-04-13  Darin Fisher  <darin@chromium.org>

        Reviewed by Brady Eidson.

        If the browsing context's session history contains only one Document,
        and that was the about:blank Document created when the browsing context
        was created, then the navigation must be done with replacement enabled.

        https://bugs.webkit.org/show_bug.cgi?id=37126

        Tests: fast/loader/frame-location-change-not-added-to-history.html
               fast/loader/frame-src-change-not-added-to-history.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clientRedirected):
        (WebCore::FrameLoader::findFrameForNavigation):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::currentItemShouldBeReplaced):
        * loader/HistoryController.h:

2010-04-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Oliver Hunt.

        Separated a DOMWrapperWorld's behavior of keeping wrappers alive from
        its own lifetime, so a DOMWrapperWorld's controller can throw away
        its wrappers even before its refcount reaches 0.

        * WebCore.base.exp:
        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::DOMWrapperWorld):
        (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
        (WebCore::DOMWrapperWorld::registerWorld):
        (WebCore::DOMWrapperWorld::unregisterWorld):
        * bindings/js/DOMWrapperWorld.h: Factored out DOMWrapperWorld registration
        and unregistration into helper functions, so unregistering could be done manually.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::destroyWindowShell): Added an ASSERT to match
        similar code.

2010-04-13  Chang Shu  <chang.shu@nokia.com>

        Reviewed by Darin Fisher.

        https://bugs.webkit.org/show_bug.cgi?id=34653

        Based on W3C spec and Firefox behavior, while invoking XHR Send with parameter
        as String, the charset in Content-Type should be forced to set to UTF-8.

        Test: http/tests/xmlhttprequest/request-encoding2.html

        * platform/network/HTTPParsers.cpp:
        (WebCore::extractCharsetFromMediaType):
        (WebCore::findCharsetInMediaType):
        * platform/network/HTTPParsers.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::setCharsetInMediaType):
        (WebCore::XMLHttpRequest::send):

2010-04-12  Timothy Hatcher  <timothy@apple.com>

        SecurityOrigin needs a way to remove individual OriginAccessEntries
        https://bugs.webkit.org/show_bug.cgi?id=37449

        Test: http/tests/xmlhttprequest/origin-whitelisting-removal.html

        Reviewed by Dave Hyatt.

        * WebCore.base.exp: Added SecurityOrigin::removeOriginAccessWhitelistEntry.
        * page/OriginAccessEntry.h:
        (WebCore::OriginAccessEntry::protocol): Added. Returns m_protocol.
        (WebCore::OriginAccessEntry::host): Added. Returns m_host.
        (WebCore::OriginAccessEntry::subdomainSettings): Added. Returns m_subdomainSettings.
        (WebCore::operator==): Added. Compares OriginAccessEntry.
        (WebCore::operator!=): Ditto.
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::addOriginAccessWhitelistEntry): Use the add method to prevent a
        second hash lookup.
        (WebCore::SecurityOrigin::removeOriginAccessWhitelistEntry): Added. Find a matching
        OriginAccessEntry and remove it.
        * page/SecurityOrigin.h: Added removeOriginAccessWhitelistEntry.

2010-04-13  Timothy Hatcher  <timothy@apple.com>

        Rename SecurityOrigin::whiteListAccessFromOrigin to addOriginAccessWhitelistEntry.
        And SecurityOrigin::resetOriginAccessWhiteLists to resetOriginAccessWhitelists.

        SecurityOrigin needs a way to remove individual OriginAccessEntries
        https://bugs.webkit.org/show_bug.cgi?id=37449

        Reviewed by Dave Hyatt.

        * WebCore.base.exp:
        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::addOriginAccessWhitelistEntry):
        (WebCore::SecurityOrigin::resetOriginAccessWhitelists):
        * page/SecurityOrigin.h:

2010-04-13  Geoffrey Garen  <ggaren@apple.com>

        Reviewed by Mark Rowe.

        Tidied up some more DOMWrapperWorld lifetime issues.
        
        Made DOMWrapperWorld aware of its JSDOMWindowShells, so it can clear them.

        * bindings/js/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::didCreateWindowShell):
        (WebCore::DOMWrapperWorld::didDestroyWindowShell): Functionality for
        tracking window shells that reference a given DOMWrapperWorld.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::~ScriptController):
        (WebCore::ScriptController::destroyWindowShell):
        (WebCore::ScriptController::createWindowShell):
        (WebCore::ScriptController::clearWindowShell):
        (WebCore::ScriptController::initScript):
        * bindings/js/ScriptController.h: Refactored to update a DOMWrapperWorld
        when adding or removing a JSDOMWindowShell.

        * dom/Document.cpp:
        (WebCore::Document::destroyAllWrapperCaches): Changed to use isEmpty(),
        which is slightly faster and simpler than iterator comparison.

2010-04-13  Dumitru Daniliuc  <dumi@chromium.org>

        Reviewed by Adam Barth.

        Make all HTML5 DB callbacks run in the correct context.
        https://bugs.webkit.org/show_bug.cgi?id=27698

        Tests: storage/statement-error-callback-isolated-world.html
               storage/statement-success-callback-isolated-world.html
               storage/transaction-callback-isolated-world.html
               storage/transaction-error-callback-isolated-world.html

        * bindings/js/JSCustomSQLStatementCallback.cpp:
        (WebCore::JSCustomSQLStatementCallback::JSCustomSQLStatementCallback):
        (WebCore::JSCustomSQLStatementCallback::handleEvent):
        * bindings/js/JSCustomSQLStatementCallback.h:
        * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
        (WebCore::JSCustomSQLStatementErrorCallback::JSCustomSQLStatementErrorCallback):
        (WebCore::JSCustomSQLStatementErrorCallback::handleEvent):
        * bindings/js/JSCustomSQLStatementErrorCallback.h:
        * bindings/js/JSCustomSQLTransactionCallback.cpp:
        (WebCore::JSCustomSQLTransactionCallback::JSCustomSQLTransactionCallback):
        (WebCore::JSCustomSQLTransactionCallback::handleEvent):
        * bindings/js/JSCustomSQLTransactionCallback.h:
        * bindings/js/JSCustomSQLTransactionErrorCallback.cpp:
        (WebCore::JSCustomSQLTransactionErrorCallback::JSCustomSQLTransactionErrorCallback):
        (WebCore::JSCustomSQLTransactionErrorCallback::handleEvent):
        * bindings/js/JSCustomSQLTransactionErrorCallback.h:
        * bindings/v8/custom/V8CustomSQLStatementCallback.cpp:
        (WebCore::V8CustomSQLStatementCallback::V8CustomSQLStatementCallback):
        (WebCore::V8CustomSQLStatementCallback::handleEvent):
        * bindings/v8/custom/V8CustomSQLStatementCallback.h:
        * bindings/v8/custom/V8CustomSQLStatementErrorCallback.cpp:
        (WebCore::V8CustomSQLStatementErrorCallback::V8CustomSQLStatementErrorCallback):
        (WebCore::V8CustomSQLStatementErrorCallback::handleEvent):
        * bindings/v8/custom/V8CustomSQLStatementErrorCallback.h:
        * bindings/v8/custom/V8CustomSQLTransactionCallback.cpp:
        (WebCore::V8CustomSQLTransactionCallback::V8CustomSQLTransactionCallback):
        (WebCore::V8CustomSQLTransactionCallback::handleEvent):
        * bindings/v8/custom/V8CustomSQLTransactionCallback.h:
        * bindings/v8/custom/V8CustomSQLTransactionErrorCallback.cpp:
        (WebCore::V8CustomSQLTransactionErrorCallback::V8CustomSQLTransactionErrorCallback):
        (WebCore::V8CustomSQLTransactionErrorCallback::handleEvent):
        * bindings/v8/custom/V8CustomSQLTransactionErrorCallback.h:
        * storage/SQLStatement.cpp:
        (WebCore::SQLStatement::performCallback):
        * storage/SQLStatementCallback.h:
        * storage/SQLStatementErrorCallback.h:
        * storage/SQLTransaction.cpp:
        (WebCore::SQLTransaction::deliverTransactionCallback):
        (WebCore::SQLTransaction::deliverTransactionErrorCallback):
        * storage/SQLTransactionCallback.h:
        * storage/SQLTransactionErrorCallback.h:
        (WebCore::SQLTransactionErrorCallback::~SQLTransactionErrorCallback):

2010-04-13  Mikhail Naganov  <mnaganov@chromium.org>

        Reviewed by Pavel Feldman.

        Fix search behavior in Profiles tab.

        https://bugs.webkit.org/show_bug.cgi?id=37498

        * inspector/front-end/ProfileView.js:
        (WebInspector.CPUProfileView.profileCallback):
        (WebInspector.CPUProfileView):

2010-04-13  David Hyatt  <hyatt@apple.com>

        Reviewed by Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=37513, clean up StyleBoxData and the RenderStyle variable that uses it.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::RenderStyle):
        (WebCore::RenderStyle::operator==):
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        (WebCore::):
        (WebCore::InheritedFlags::width):
        (WebCore::InheritedFlags::height):
        (WebCore::InheritedFlags::minWidth):
        (WebCore::InheritedFlags::maxWidth):
        (WebCore::InheritedFlags::minHeight):
        (WebCore::InheritedFlags::maxHeight):
        (WebCore::InheritedFlags::verticalAlignLength):
        (WebCore::InheritedFlags::boxSizing):
        (WebCore::InheritedFlags::setWidth):
        (WebCore::InheritedFlags::setHeight):
        (WebCore::InheritedFlags::setMinWidth):
        (WebCore::InheritedFlags::setMaxWidth):
        (WebCore::InheritedFlags::setMinHeight):
        (WebCore::InheritedFlags::setMaxHeight):
        (WebCore::InheritedFlags::setVerticalAlignLength):
        (WebCore::InheritedFlags::hasAutoZIndex):
        (WebCore::InheritedFlags::setHasAutoZIndex):
        (WebCore::InheritedFlags::zIndex):
        (WebCore::InheritedFlags::setZIndex):
        (WebCore::InheritedFlags::setBoxSizing):
        * rendering/style/StyleBoxData.cpp:
        (WebCore::StyleBoxData::StyleBoxData):
        (WebCore::StyleBoxData::operator==):
        * rendering/style/StyleBoxData.h:
        (WebCore::StyleBoxData::width):
        (WebCore::StyleBoxData::height):
        (WebCore::StyleBoxData::minWidth):
        (WebCore::StyleBoxData::minHeight):
        (WebCore::StyleBoxData::maxWidth):
        (WebCore::StyleBoxData::maxHeight):
        (WebCore::StyleBoxData::verticalAlign):
        (WebCore::StyleBoxData::zIndex):
        (WebCore::StyleBoxData::hasAutoZIndex):
        (WebCore::StyleBoxData::boxSizing):

2010-04-12  yael aharon  <yael.aharon@nokia.com>

        Reviewed by Tor Arne Vestbo.

        Minor fix to pass RenderProgress instead of RenderObject
        https://bugs.webkit.org/show_bug.cgi?id=37481

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::getOrCreate):
        * accessibility/AccessibilityProgressIndicator.cpp:
        (WebCore::AccessibilityProgressIndicator::AccessibilityProgressIndicator):
        (WebCore::AccessibilityProgressIndicator::create):
        * accessibility/AccessibilityProgressIndicator.h:

2010-04-13  David Hyatt  <hyatt@apple.com>

        Reviewed by Oliver Hunt.

        https://bugs.webkit.org/show_bug.cgi?id=37510, clean up StyleBackgroundData

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::RenderStyle):
        (WebCore::RenderStyle::operator==):
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        (WebCore::):
        (WebCore::InheritedFlags::hasBackground):
        (WebCore::InheritedFlags::hasBackgroundImage):
        (WebCore::InheritedFlags::hasFixedBackgroundImage):
        (WebCore::InheritedFlags::outlineWidth):
        (WebCore::InheritedFlags::outlineStyle):
        (WebCore::InheritedFlags::outlineStyleIsAuto):
        (WebCore::InheritedFlags::outlineColor):
        (WebCore::InheritedFlags::backgroundColor):
        (WebCore::InheritedFlags::backgroundImage):
        (WebCore::InheritedFlags::backgroundRepeatX):
        (WebCore::InheritedFlags::backgroundRepeatY):
        (WebCore::InheritedFlags::backgroundComposite):
        (WebCore::InheritedFlags::backgroundAttachment):
        (WebCore::InheritedFlags::backgroundClip):
        (WebCore::InheritedFlags::backgroundOrigin):
        (WebCore::InheritedFlags::backgroundXPosition):
        (WebCore::InheritedFlags::backgroundYPosition):
        (WebCore::InheritedFlags::backgroundSizeType):
        (WebCore::InheritedFlags::backgroundSizeLength):
        (WebCore::InheritedFlags::accessBackgroundLayers):
        (WebCore::InheritedFlags::backgroundLayers):
        (WebCore::InheritedFlags::outlineOffset):
        (WebCore::InheritedFlags::resetOutline):
        (WebCore::InheritedFlags::setBackgroundColor):
        (WebCore::InheritedFlags::setBackgroundXPosition):
        (WebCore::InheritedFlags::setBackgroundYPosition):
        (WebCore::InheritedFlags::setBackgroundSize):
        (WebCore::InheritedFlags::setBackgroundSizeLength):
        (WebCore::InheritedFlags::setOutlineWidth):
        (WebCore::InheritedFlags::setOutlineStyle):
        (WebCore::InheritedFlags::setOutlineColor):
        (WebCore::InheritedFlags::clearBackgroundLayers):
        (WebCore::InheritedFlags::inheritBackgroundLayers):
        (WebCore::InheritedFlags::setOutlineOffset):
        * rendering/style/StyleBackgroundData.h:
        (WebCore::StyleBackgroundData::background):
        (WebCore::StyleBackgroundData::color):
        (WebCore::StyleBackgroundData::outline):

2010-04-13  Stephan Aßmus  <superstippi@gmx.de>

        Reviewed by David Levin.

        [Haiku] Use the system clipboard instead of a private clipboard.
                Fix various problems in the previous implementation.

        https://bugs.webkit.org/show_bug.cgi?id=37421

        No new tests needed.

        * platform/haiku/PasteboardHaiku.cpp:
        (WebCore::Pasteboard::~Pasteboard):
        (WebCore::Pasteboard::generalPasteboard):
            - Don't leak the pasteboard at program exit.
        (WebCore::AutoClipboardLocker::AutoClipboardLocker):
        (WebCore::AutoClipboardLocker::~AutoClipboardLocker):
        (WebCore::AutoClipboardLocker::isLocked):
            - helper class for locking a BClipboard.
        (WebCore::Pasteboard::writeSelection):
            - Use AddData(B_MIME_TYPE) as required by clipboard protocol.
            - Make sure we don't end up with unwanted UTF-8 characters for
              regular line breaks.
        (WebCore::Pasteboard::writePlainText):
            - Use AddData(B_MIME_TYPE) as required by clipboard protocol.
        (WebCore::Pasteboard::plainText):
            - Use FindData(B_MIME_TYPE) as required by clipboard protocol.
        (WebCore::Pasteboard::documentFragment):
            - Implemented.
        (WebCore::Pasteboard::writeURL):
            - Needs to use AddData(B_MIME_TYPE) instead of AddString().
        (WebCore::Pasteboard::clear):

2010-04-13  Stephan Aßmus  <superstippi@gmx.de>

        Reviewed by David Levin.

        [Haiku] Fix bridging Widget to native top-level BView.
        https://bugs.webkit.org/show_bug.cgi?id=37419

        In the Haiku port, there is no mapping between native widgets
        and WebCore Widget instances. There is only a top-level BView
        which renders a web pag