2012-07-06 Lucas Forschler Merge 116381 2012-06-28 Lucas Forschler Merge 117502 2012-05-17 Beth Dakin https://bugs.webkit.org/show_bug.cgi?id=86266 r112643/r116697 break Webview form input fields -and corresponding- Reviewed by Dan Bernstein. There is a recent history of changes in this are that seem worth documenting. First was the change to switch to using NSTextFieldCell to draw text fields: http://trac.webkit.org/changeset/104240 That led to problems because of the clear background that I thought at the time were specific to MountainLion. To fix that, I made this change: http://trac.webkit.org/changeset/110480 But that change resulted in styled text fields getting an un-themed border, which led to this change on the branch: http://trac.webkit.org/changeset/112643 and a change on TOT that was identical for Lion and SnowLeopard but introduced new behavior for MountainLion: http://trac.webkit.org/changeset/116697 And that brings us to this bug, where it turns out the clear background is a problem on Lion and SnowLeopard too. This patch fixes the bug by using the original WebCoreSystemInterface function to paint all text fields on Lion and SnowLeopard that are styled. This is what we used to paint all text fields before r104240, which is the first change listed above. Un-styled text fields will still use NSTextFieldCell on these platforms, but with a hardcoded white background. * rendering/RenderThemeMac.h: (RenderThemeMac): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintTextField): (WebCore::RenderThemeMac::textField): 2012-05-30 Lucas Forschler Merge 108550 2012-02-22 Anders Carlsson Crash when marking cached pages for full style recalc https://bugs.webkit.org/show_bug.cgi?id=79276 Reviewed by Beth Dakin. Guard against a null history item. * history/BackForwardController.cpp: (WebCore::BackForwardController::markPagesForFullStyleRecalc): 2012-04-17 Lucas Forschler Merge 109480 2012-03-01 Kent Tamura REGRESSION(r106388): Form state is restored to a wrong document. https://bugs.webkit.org/show_bug.cgi?id=79206 Reviewed by Brady Eidson. In some cases, the URL of the current HistoryItem and the document URL are mismatched. A form state should be restored only if the document was loaded with a HistoryItem and the document is not loaded as a redirection. Test: fast/loader/form-state-restore-with-locked-back-forward-list.html * loader/FrameLoader.cpp: (WebCore::FrameLoader::checkCompleted): Clear m_requestedHistoryItem. (WebCore::FrameLoader::loadItem): Save the requested HistoryItem for didLoadWithLodItem(). * loader/FrameLoader.h: (WebCore::FrameLoader::requestedHistoryItem): Added. Accessor for m_requestedHistoryItem. * loader/HistoryController.cpp: (WebCore::HistoryController::restoreDocumentState): Restore a form state only if the current document was loaded with FrameLoader::loadItem() and not redirection. 2012-04-12 Lucas Forschler Merge 113415 2012-04-05 Adele Peterson and https://bugs.webkit.org/show_bug.cgi?id=74129 REGRESSION (SnowLeopard, 5.1.4): All WK2 horizontal scrollbars look broken Patch by Dan Bernstein, Reviewed by Beth Dakin. This code assumed that the current CTM wouldn't have extraneous operations built into it, but this bug is evidence that that assumption was wrong. We should just get the base CTM instead and apply the device scale factor to it. No tests added since the SnowLeopard-style scrollbars aren't testable in our regression tests right now. * platform/graphics/GraphicsContext.cpp: (WebCore::GraphicsContext::platformApplyDeviceScaleFactor): (WebCore::GraphicsContext::applyDeviceScaleFactor): * platform/graphics/GraphicsContext.h: (GraphicsContext): * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::platformApplyDeviceScaleFactor): 2012-04-17 Lucas Forschler Merge 111977 2012-03-23 Stephanie Lewis https://bugs.webkit.org/show_bug.cgi?id=81963 WebProcess can get stuck in GC during many low memory signals. WebProcess appears to get stuck in its GC handler (81963). Remove the call to garbage collect in low memory signal handler. Did some testing with hitting the low memory handler during Membuster and we would get back at most 100k - 200k. That isn't enough to help the system, and in that state the GC collection can take a substantial amount of time. Reviewed by Geoff Garen. Performance Change, no change in behavior. * platform/mac/MemoryPressureHandlerMac.mm: (WebCore::MemoryPressureHandler::releaseMemory): 2012-04-17 Lucas Forschler Merge 113528 2012-04-06 Oliver Hunt Accessing the returnValue of a modal dialog should be performed directly on the global object. https://bugs.webkit.org/show_bug.cgi?id=83414 Reviewed by Gavin Barraclough. Presumably during the mass-devirtualising of JSObject, this deliberate use of the GlobalObject's property lookup logic directly was replaced with a dynamic call. That results in the DOMWindow filtering out the lookup. This regression was masked by r93567. * bindings/js/JSDOMWindowCustom.cpp: (WebCore::DialogHandler::returnValue): 2012-04-16 Lucas Forschler Merge 111108 2012-03-16 Dmitry Titov HTMLFrameElementBase::m_remainsAliveOnRemovalFromTree can be cleared without unloading the frame. https://bugs.webkit.org/show_bug.cgi?id=80766 Reviewed by Adam Barth. * html/HTMLFrameElementBase.cpp: (WebCore::HTMLFrameElementBase::insertedIntoDocument): (WebCore::HTMLFrameElementBase::setRemainsAliveOnRemovalFromTree): if adoptNode() is called on a detached iframe or with a detached document, unload the iframe to avoid live iframe to hang around w/o being attached to a document. 2012-04-17 Lucas Forschler Merge 112023 2012-03-24 Jeffrey Pfau XML error document creation should not fire mutation events https://bugs.webkit.org/show_bug.cgi?id=80765 Reviewed by Adam Barth. Broke two tests that expected the old behavior, which have now been updated. * xml/XMLErrors.cpp: (WebCore::createXHTMLParserErrorHeader): (WebCore::XMLErrors::insertErrorMessageBlock): 2012-04-16 Lucas Forschler Merge 110150 2012-03-07 Adam Barth ContainerNode::insertedIntoDocument and removedFromDocument use weak iteration patterns https://bugs.webkit.org/show_bug.cgi?id=80569 Reviewed by Ryosuke Niwa. This patch moves ContainerNode::insertedIntoDocument and removedFromDocument to using a better iteration pattern in which we collect all the nodes we're planning to iterate into a vector and then iterate over them. * dom/ContainerNode.cpp: (WebCore::ContainerNode::insertedIntoDocument): (WebCore::ContainerNode::removedFromDocument): 2012-04-16 Lucas Forschler Merge 110139 2012-03-07 Adam Barth ContainerNode::willRemove uses a weak iteration pattern https://bugs.webkit.org/show_bug.cgi?id=80530 Reviewed by Ryosuke Niwa. This patch moves ContainerNode::willRemove to using a better iteration pattern in which we collect all the nodes we're planning to iterate into a vector and then iterate over them. * dom/ContainerNode.cpp: (WebCore::ContainerNode::willRemove): 2012-04-17 Lucas Forschler Merging to the correct branch. 2012-04-13 David Harrison Reviewed by Darin Adler. Meringue: 11A390: CrashTracer: 56,187 crashes in WebProcess at com.apple.WebCore: WebCore::DocumentWriter::deprecatedFrameEncoding const + 12 (71828) No new tests because this change is going only on the Safari Nectarine branch, not TOT. * loader/FrameLoader.cpp: (WebCore::FrameLoader::addExtraFieldsToRequest): Nil check the activeDocumentLoader(). 2012-03-29 Beth Dakin Reviewed by Dan Bernstein. Branch: Shadow inside text field is blurry/blocky in HiDPI This patch merges the following changes to the branch: http://trac.webkit.org/changeset/97032 http://trac.webkit.org/changeset/98520 This patch also adds branch-specific code that makes it so the regression tracked by only affects the branch in HiDPI mode. Essentially, this is a workaround for . With this workaround, when the deviceScaleFactor is 1, we have an old-school gradient bezel in text fields whether they are styled or not. This is good and matches shipping Safari. When the deviceScaleFactor is greater than 1, text fields will have newer, AppKit-matching gradients that look much more appropriate at the higher resolutions. However, if the text field is styled in any way, we'll revert to the old-school bezel, which doesn't look great in HiDPI, but it looks better than the CSS border, which is the only alternative until 11150452 is resolved. This is the merging of the changes listed above. * platform/mac/ThemeMac.mm: (WebCore::ThemeMac::ensuredView): * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintSliderThumb): isControlStyled() should treat text fields like it used to in order to avoid the regression tracked by 11115221. * rendering/RenderThemeMac.h: * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::isControlStyled): Use the old gradient always unless we are an unstyled text field in HiDPI. (WebCore::RenderThemeMac::paintTextField): (WebCore::RenderThemeMac::textField): 2012-03-16 Lucas Forschler Merge 107102 2012-02-08 Anders Carlsson Fix assertion in svg/dom/SVGStyledElement-pendingResource-crash.html https://bugs.webkit.org/show_bug.cgi?id=78126 Reviewed by Dan Bernstein. This broke in r106977 when I tried to change an early return into an ASSERT, so let's bring back the early return. * page/FrameView.cpp: (WebCore::FrameView::notifyPageThatContentAreaWillPaint): 2012-03-16 Lucas Forschler Merge 106977 2012-02-06 Anders Carlsson ScrollableAreaSet should be moved from Page to FrameView https://bugs.webkit.org/show_bug.cgi?id=62762 Reviewed by Beth Dakin. It makes more sense for the set of scrollable areas to be per frame view instead of per page; scrollable areas are associated with a containing frame view and their lifecycle follows the lifecycle of the frame view much more closely. This could even fix a bunch of crashes where a scrollable area outlived its containing page. * WebCore.exp.in: Replace the Page member functions with FrameView member functions instead. * page/EventHandler.cpp: (WebCore::EventHandler::mouseMoved): Check if the frame view contains the given layer. (WebCore::EventHandler::updateMouseEventTargetNode): Ditto. * page/FocusController.cpp: (WebCore::contentAreaDidShowOrHide): Add helper function. (WebCore::FocusController::setContainingWindowIsVisible): Call contentAreaDidShowOrHide for the main frame view, and for all scrollable areas inside all subframe views. * page/FrameView.cpp: (WebCore::FrameView::FrameView): Use early returns to make the code more clear. Also, don't add the scrollable area to the set here. (WebCore::FrameView::~FrameView): Don't remove the scrollable area here. (WebCore::FrameView::zoomAnimatorTransformChanged): m_page is gone so use m_frame->page() instead. (WebCore::FrameView::setAnimatorsAreActive): Call ScrollAnimator::setIsActive for all the scrollable areas in this frame view. Previously we used to do this for all scrollable areas on the page, but since setAnimatorsAreActive will be called for each document, this will be done implicitly. (WebCore::FrameView::notifyPageThatContentAreaWillPaint): Call ScrollableArea::contentDidPaint for this frame view and all its immediate scrollable areas. Previously, we used to do this for all scrollable areas on the page, but we only need to do it for this frame view. (WebCore::FrameView::scrollAnimatorEnabled): Get the page from m_frame since m_page is gone. (WebCore::FrameView::addScrollableArea): (WebCore::FrameView::removeScrollableArea): (WebCore::FrameView::containsScrollableArea): Move these member functions here from Page. (WebCore::FrameView::addChild): If we are adding a frame view, add it to the scrollable area set. (WebCore::FrameView::removeChild): If we are removing a frame view, remove it from the scrollable area set. * page/FrameView.h: Move the member function declarations and the scrollable area set member variable here from Page. * page/Page.cpp: (WebCore::Page::~Page): Don't call disconnectPage on the scrollable areas anymore. * platform/ScrollView.h: (ScrollView): Make addChild and removeChild virtual. * platform/ScrollableArea.h: Remove disconnectFromPage. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::RenderLayer): (WebCore::RenderLayer::~RenderLayer): (WebCore::RenderLayer::styleChanged): The frame view now keeps track of the scrollable areas. * rendering/RenderLayer.h: Remove the page member variable and disconnectFromPage. * rendering/RenderListBox.cpp: (WebCore::RenderListBox::RenderListBox): (WebCore::RenderListBox::~RenderListBox): The frame view now keeps track of the scrollable areas. * rendering/RenderListBox.h: Remove the page member variable and disconnectFromPage. 2012-03-14 Lucas Forschler Merge 110196 2012-03-08 Dan Bernstein Dashboard regions should not be in device space Reviewed by John Sullivan. Test: TestWebKitAPI/Tests/mac/DeviceScaleFactorInDashboardRegions.mm * rendering/RenderInline.cpp: (WebCore::RenderInline::addDashboardRegions): Stop applying the device scale factor to Dashboard regions. * rendering/RenderObject.cpp: (WebCore::RenderObject::addDashboardRegions): Ditto. 2012-03-14 Lucas Forschler Merge 110480 2012-03-12 Beth Dakin https://bugs.webkit.org/show_bug.cgi?id=80888 Clear background for NSTextFieldCell is unreliable and not necessary -and corresponding- Reviewed by Dan Bernstein. With http://trac.webkit.org/changeset/104240 I thought it was necessary to make NSTextFieldCells draw with a clear background in order to allow styled text fields. That is not actually necessary; we just had a different bug where isControlStyled() was only checking for styled borders on text fields. Text fields can also be styled with backgrounds, so they need the full check. * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::isControlStyled): (WebCore::RenderThemeMac::textField): 2012-03-14 Lucas Forschler Merge 104240 2012-01-05 Beth Dakin https://bugs.webkit.org/show_bug.cgi?id=75654 Text fields should draw using NSTextFieldCell instead of WebKitSystemInterface Reviewed by John Sullivan. This change should not have any affect on tests or real web sites. It just changed the implementation under the hood to the more modern NSCell approach. * rendering/RenderThemeMac.h: * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintTextField): (WebCore::RenderThemeMac::textField): 2012-03-07 Lucas Forschler Merge 109594 2012-03-02 Maciej Stachowiak REGRESSION(r97353): Crash when accessing location or history properties inside a navigated window https://bugs.webkit.org/show_bug.cgi?id=80133 Reviewed by Antti Koivisto. Test: fast/dom/Window/navigated-window-properties.html * bindings/js/JSDOMWindowCustom.cpp: (WebCore): Remove custom getters for window.location and window.history; they were unnecessary and did the wrong thing when DOMWindow returned null values for these. * page/DOMWindow.idl: ditto * bindings/js/JSDOMBinding.cpp: (WebCore::reportException): Remove assert about null values and update comment, since this is now an expected state for navigated inner windows. 2011-02-17 Lucas Forschler Merge 107966 2012-02-15 Mark Rowe NPN_GetValueForURL / NPNURLVProxy returns DIRECT when proxy configured via PAC / Reviewed by Anders Carlsson. * platform/network/cf/ProxyServerCFNet.cpp: (WebCore::proxyAutoConfigurationResultCallback): Stop the runloop, and then process the results that we received. (WebCore::processProxyServers): Processing of array of proxy configuration information moved from addProxyServersForURL. Handling of proxy auto-configuration URLs is now handled by calling CFNetworkExecuteProxyAutoConfigurationURL and waiting synchronously on the result callback. Doing this synchronously is not great, but it's the best we can do without a lot of restructuring of the code that calls this. We arbitrarily time out the execution after five seconds to avoid permanently hanging. (WebCore::addProxyServersForURL): Call in to our helper function. 2011-02-13 Lucas Forschler Merge 106388 2012-01-31 Jon Lee Hidden form elements do not save their state prior to form submission https://bugs.webkit.org/show_bug.cgi?id=77391 Reviewed by Brady Eidson. Test: fast/forms/state-restore-hidden.html * html/HiddenInputType.cpp: Teach hidden inputs to save and restore their state. (WebCore::HiddenInputType::saveFormControlState): (WebCore::HiddenInputType::restoreFormControlState): * html/HiddenInputType.h: (HiddenInputType): 2011-02-07 Lucas Forschler Merge 106982 2012-02-07 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=78003 WebKit associates credentials with the wrong site if the authentication challenge takes place after a redirect chain Reviewed by Alexey Proskuryakov. Test: http/tests/loading/authentication-after-redirect-stores-wrong-credentials/authentication-after-redirect-stores-wrong-credentials.html Associate the credential with the URL of the challenge itself, not the original request: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::receivedCredential): * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::receivedCredential): 2011-02-06 Lucas Forschler Merge 106729 2012-02-03 Tim Horton Canvas-into-canvas drawing should respect backing store scale ratio https://bugs.webkit.org/show_bug.cgi?id=77784 Reviewed by Dan Bernstein. Respect the backing store scale ratio when drawing a canvas into another canvas via ctx.drawImage(canvas, x, y). Previous behavior caused canvas drawing to differ based on the size of the backing store, which is ideally an implementation detail to authors. Also, rename the source canvas arguments to CanvasRenderingContext2D::drawImage to be more clear. No new tests. * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawImage): 2011-02-06 Lucas Forschler Merge 104356 2012-01-06 Tim Horton [cg] userSpaceOnUse SVG Patterns have the wrong origin https://bugs.webkit.org/show_bug.cgi?id=75741 Reviewed by Simon Fraser. The transformation from pattern space to user space should use the userToBase CTM, not the current CTM. Test: svg/custom/pattern-userSpaceOnUse-userToBaseTransform.xhtml * platform/graphics/cg/GraphicsContextCG.cpp: (WebCore::GraphicsContext::applyStrokePattern): (WebCore::GraphicsContext::applyFillPattern): (WebCore::GraphicsContext::getCTM): * platform/graphics/cg/TransformationMatrixCG.cpp: (WebCore::AffineTransform::AffineTransform): Add a AffineTransform(CGAffineTransform) constructor * platform/graphics/transforms/AffineTransform.h: 2011-02-06 Lucas Forschler Merge 106678 2012-02-03 Beth Dakin https://bugs.webkit.org/show_bug.cgi?id=77691 Fix PlatformScreen layering violation and PlatformScreenMac's incorrect use of device scale Reviewed by Andy Estes. Make screenAvailableRect() and screenRect() take a Widget again instead of a FrameView since taking a FrameView is a layering violation. * WebCore.exp.in: * platform/PlatformScreen.h: (WebCore): * platform/blackberry/PlatformScreenBlackBerry.cpp: (WebCore::screenAvailableRect): (WebCore::screenRect): * platform/chromium/PlatformScreenChromium.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/chromium/PlatformSupport.h: (WebCore): (PlatformSupport): * platform/efl/PlatformScreenEfl.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/gtk/PlatformScreenGtk.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/qt/PlatformScreenQt.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/win/PlatformScreenWin.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/wx/ScreenWx.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): It's wrong for the deviceScaleFactor to be taken into consideration here at all. * platform/mac/PlatformScreenMac.mm: (WebCore::screenRect): (WebCore::screenAvailableRect): (WebCore::toUserSpace): (WebCore::toDeviceSpace): 2011-02-01 Lucas Forschler Merge 106286 2012-01-30 Beth Dakin Speculative 32-bit build-fix. * WebCore.exp.in: 2011-02-01 Lucas Forschler Merge 106271 2012-01-30 Beth Dakin https://bugs.webkit.org/show_bug.cgi?id=77263 PlatformScreenMac should not rely on NSWindow for important bits of data Reviewed by Geoff Garen. The main problem is that we cannot rely on the NSWindow for information about the deviceScaleFactor because we cannot access an NSWindow from within WebCore for WebKit2 windows. Instead, we can fetch it from WebCore::deviceScaleFactor(), but we need a Frame to call that. So screenAvailableRect and screenRect both now take a FrameView* instead of a Widget*. All existing call sites actually sent a FrameView in anyway, so this is not a big change, but it does require touching a lot of platforms. * WebCore.exp.in: * platform/PlatformScreen.h: (WebCore): * platform/blackberry/PlatformScreenBlackBerry.cpp: (WebCore::screenAvailableRect): (WebCore::screenRect): * platform/chromium/PlatformScreenChromium.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/chromium/PlatformSupport.h: (WebCore): (PlatformSupport): (): * platform/efl/PlatformScreenEfl.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/gtk/PlatformScreenGtk.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/qt/PlatformScreenQt.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/win/PlatformScreenWin.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): * platform/wx/ScreenWx.cpp: (WebCore::screenRect): (WebCore::screenAvailableRect): The Mac-only functions toUserSpace() and toDeviceSpace() were also updated to take a parameter for the deviceScaleFactor. * platform/mac/PlatformScreenMac.mm: (WebCore::screenRect): (WebCore::screenAvailableRect): (WebCore::toUserSpace): (WebCore::toDeviceSpace): 2011-01-27 Lucas Forschler Merge 106130 2012-01-27 Abhishek Arya Crash in DocumentLoader::detachFromFrame. https://bugs.webkit.org/show_bug.cgi?id=62764 Reviewed by Brady Eidson. r105556 didn't fix the crash because canceling the main resource loader blows away both the current document loader and frame underneath. Both protectors are also used in stopLoading() when m_mainResourceLoader->cancel() is called. Also, tested the fix under ASAN. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): 2012-01-25 Mark Rowe Merge r105942. 2012-01-25 Mark Rowe Build in to an alternate location when USE_STAGING_INSTALL_PATH is set. Adopt USE_STAGING_INSTALL_PATH Reviewed by David Kilzer. * Configurations/WebCore.xcconfig: Define NORMAL_WEBCORE_FRAMEWORKS_DIR, which contains the path where WebCore is normally installed. Update WEBCORE_FRAMEWORKS_DIR to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. Define NORMAL_PRODUCTION_FRAMEWORKS_DIR, which contains the path where our public frameworks are normally installed. Update PRODUCTION_FRAMEWORKS_DIR to point to the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. Always set the framework's install name based on the normal framework location. This prevents an incorrect install name from being used when installing in to the staged frameworks directory. Look for our other frameworks in the staged frameworks directory when USE_STAGING_INSTALL_PATH is set. 2011-01-24 Lucas Forschler Merge 105556 2012-01-20 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=62764 Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache Reviewed by Sam Weinig. No way to reproduce without special malloc debugging and that doesn't even reproduce on all platforms. So still no test. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::detachFromFrame): Protect m_frame for the duration of this method. 2011-01-18 Lucas Forschler Merge 95580 2011-09-20 Jochen Eisinger Invoke CachedResourceLoader::canRequest for all URLs in a redirect chain https://bugs.webkit.org/show_bug.cgi?id=68279 Reviewed by Adam Barth. * loader/cache/CachedResourceLoader.h: * loader/cache/CachedResourceRequest.cpp: (WebCore::CachedResourceRequest::willSendRequest): 2011-01-18 Lucas Forschler Merge 89155 paste 2011-01-18 Lucas Forschler Merge 98935 2011-10-31 Jeremy Apthorp Fix a crash relating to anonymous block merging in RenderFullScreen::unwrapRenderer. https://bugs.webkit.org/show_bug.cgi?id=70705 Reviewed by Simon Fraser. Test: fullscreen/anonymous-block-merge-crash.html * rendering/RenderFullScreen.cpp: (RenderFullScreen::unwrapRenderer): 2011-01-18 Lucas Forschler Merge 104275 2012-01-05 Kent Tamura Fix a crash by importing an element of which local name ends with ":input". https://bugs.webkit.org/show_bug.cgi?id=75103 Reviewed by Ryosuke Niwa. Test: fast/dom/importNode-confusing-localName.html * dom/Document.cpp: (WebCore::Document::importNode): Pass QualifiedName of the source elemnt to createElement() in order to avoid unnecessary serialization and parsing of the qualified name 2011-01-18 Lucas Forschler Merge 97088 2011-10-10 Jeremy Apthorp Exiting fullscreen shouldn't crash if the element that was fullscreened had associated anonymous blocks. https://bugs.webkit.org/show_bug.cgi?id=68503 Reviewed by Simon Fraser. Test: fullscreen/full-screen-render-inline.html Test: fullscreen/parent-flow-inline-with-block-child.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::moveChildTo): (WebCore::RenderBlock::moveChildrenTo): * rendering/RenderBlock.h: (WebCore::RenderBlock::moveChildTo): (WebCore::RenderBlock::moveAllChildrenTo): (WebCore::RenderBlock::moveChildrenTo): * rendering/RenderFullScreen.cpp: (RenderFullScreen::unwrapRenderer): Move all children back to the parent, not just the firstChild. 2011-01-18 Lucas Forschler Merge 95371 2011-09-16 Jeremy Apthorp and James Kozianski Don't detach elements from the render tree when entering fullscreen mode https://bugs.webkit.org/show_bug.cgi?id=66531 This prevents plugin instances from being destroyed and reinstantiated when entering fullscreen mode. Reviewed by James Robinson. Test: plugins/fullscreen-plugins-dont-reload.html * dom/Document.cpp: (WebCore::Document::webkitWillEnterFullScreenForElement): (WebCore::Document::webkitDidExitFullScreenForElement): * dom/NodeRenderingContext.cpp: (WebCore::NodeRendererFactory::createRendererIfNeeded): * rendering/RenderFullScreen.cpp: (createFullScreenStyle): (RenderFullScreen::wrapRenderer): (RenderFullScreen::unwrapRenderer): * rendering/RenderFullScreen.h: 2011-01-17 Lucas Forschler Merge 103913 & 103915 2012-01-02 Sam Weinig Fix the build. * bindings/scripts/CodeGeneratorJS.pm: 2012-01-02 Sam Weinig REGRESSION(r100517): We're leaking many, many DOM objects! https://bugs.webkit.org/show_bug.cgi?id=75451 Reviewed by Mark Rowe. * bindings/scripts/CodeGeneratorJS.pm: Add a temporary workaround to the problem of handle finalizers not getting called by adding back the destructors (or rather their replacement, destroy() functions). 2011-1-17 Lucas Forschler Merge 104593 2012-01-10 Brady Eidson and https://bugs.webkit.org/show_bug.cgi?id=62764 Frequent crashes due to null frame below ApplicationCacheHost::scheduleLoadFallbackResourceFromApplicationCache Reviewed by Maciej Stachowiak. This is a non-reproducible high volume crash, so no test :(. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::stopLoading): Don't re-run actual "stop loading" logic if the document loader is already stopping loading. Also add an ASSERT that might catch cases where new loads may have been started while old loads were being stopped. (WebCore::DocumentLoader::detachFromFrame): Be conservative and stop loading when we detach a document loader from a frame. 2011-1-17 Lucas Forschler Merge 97303 2011-10-12 Chris Fleizach AX: CrashTracer: [USER] 296 crashes in WebProcess at com.apple.WebCore: WebCore::AccessibilityScrollbar::document const + 29 https://bugs.webkit.org/show_bug.cgi?id=69936 AX Scrollbars have a weak pointer to their parent. They need to become AccessibilityMockObjects, so that they can participate in the detachFromParent() methods that happens when those parents go away. Could not reproduce the crash, but the backtrace is unequivocal. Reviewed by Darin Adler. * accessibility/AccessibilityScrollView.cpp: (WebCore::AccessibilityScrollView::removeChildScrollbar): * accessibility/AccessibilityScrollbar.cpp: (WebCore::AccessibilityScrollbar::AccessibilityScrollbar): * accessibility/AccessibilityScrollbar.h: (WebCore::AccessibilityScrollbar::scrollbar): (WebCore::AccessibilityScrollbar::isAccessibilityScrollbar): 2011-1-17 Lucas Forschler Merge 96973 2011-10-07 Chris Fleizach Bug 69562 - AccessibilityImageMapLink holds onto it's parent even after it's been freed https://bugs.webkit.org/show_bug.cgi?id=69562 Some fake objects, like AXImageMapLink, have weak references to their parent's (since they are fake objects and need some connection to the parent). However, if the parent disappears before the child, then we're left with a out of date reference to that parent. The fix is to allow these elements to clear their parentage when the parent goes away. Reviewed by Darin Adler. Test: accessibility/image-map-update-parent-crash.html * accessibility/AccessibilityMenuListOption.cpp: (WebCore::AccessibilityMenuListOption::isVisible): * accessibility/AccessibilityMenuListPopup.cpp: (WebCore::AccessibilityMenuListPopup::isOffScreen): (WebCore::AccessibilityMenuListPopup::isEnabled): (WebCore::AccessibilityMenuListPopup::press): (WebCore::AccessibilityMenuListPopup::addChildren): (WebCore::AccessibilityMenuListPopup::childrenChanged): * accessibility/AccessibilityMockObject.h: (WebCore::AccessibilityMockObject::detachFromParent): * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::clearChildren): * accessibility/AccessibilityObject.h: (WebCore::AccessibilityObject::detachFromParent): * accessibility/AccessibilitySlider.cpp: (WebCore::AccessibilitySliderThumb::elementRect): * accessibility/AccessibilityTableColumn.cpp: (WebCore::AccessibilityTableColumn::headerObjectForSection): 2012-01-17 Mark Rowe Merge r99649. 2011-11-08 Chris Evans Crash accessing font fact rule parent https://bugs.webkit.org/show_bug.cgi?id=71860 Reviewed by Adam Barth. Test: fast/css/css-fontface-rule-crash.html * css/CSSFontFaceRule.cpp: (WebCore::CSSFontFaceRule::~CSSFontFaceRule): tell our child rule when we are going away. 2012-01-17 Mark Rowe Merge r99982. 2011-11-11 Gavin Peters Protect Document during error responses https://bugs.webkit.org/show_bug.cgi?id=72068 Add a Document protector to the error response code handler, just as exists for other ends of requests. Reviewed by Nate Chapin. Test: http/tests/misc/xslt-bad-import.html * loader/cache/CachedResourceRequest.cpp: (WebCore::CachedResourceRequest::didReceiveData): 2011-1-17 Lucas Forschler Merge 96966 2011-10-07 Chris Fleizach AX: re-organize fake elements to use new AccessibilityMockObject https://bugs.webkit.org/show_bug.cgi?id=69588 This adds an AccessibilityMockObject for "fake" elements to descend from. Its benefit is to consolidate the various ways that these fake elements are setting and returning their parent objects. No functional change, hence no new tests. Reviewed by Jon Honeycutt. * CMakeLists.txt: * GNUmakefile.list.am: * WebCore.gypi: * WebCore.pro: * WebCore.vcproj/WebCore.vcproj: * WebCore.xcodeproj/project.pbxproj: * accessibility/AccessibilityARIAGrid.cpp: (WebCore::AccessibilityARIAGrid::addChildren): * accessibility/AccessibilityImageMapLink.cpp: (WebCore::AccessibilityImageMapLink::AccessibilityImageMapLink): * accessibility/AccessibilityImageMapLink.h: (WebCore::AccessibilityImageMapLink::node): * accessibility/AccessibilityMenuList.cpp: (WebCore::AccessibilityMenuList::addChildren): * accessibility/AccessibilityMenuList.h: (WebCore::toAccessibilityMenuList): * accessibility/AccessibilityMenuListOption.cpp: (WebCore::AccessibilityMenuListOption::AccessibilityMenuListOption): (WebCore::AccessibilityMenuListOption::isVisible): * accessibility/AccessibilityMenuListOption.h: * accessibility/AccessibilityMenuListPopup.cpp: (WebCore::AccessibilityMenuListPopup::AccessibilityMenuListPopup): (WebCore::AccessibilityMenuListPopup::isOffScreen): (WebCore::AccessibilityMenuListPopup::isEnabled): (WebCore::AccessibilityMenuListPopup::menuListOptionAccessibilityObject): (WebCore::AccessibilityMenuListPopup::press): (WebCore::AccessibilityMenuListPopup::addChildren): (WebCore::AccessibilityMenuListPopup::childrenChanged): (WebCore::AccessibilityMenuListPopup::didUpdateActiveOption): * accessibility/AccessibilityMenuListPopup.h: * accessibility/AccessibilityMockObject.cpp: Added. (WebCore::AccessibilityMockObject::AccessibilityMockObject): (WebCore::AccessibilityMockObject::~AccessibilityMockObject): * accessibility/AccessibilityMockObject.h: Added. (WebCore::AccessibilityMockObject::parentObject): (WebCore::AccessibilityMockObject::setParent): (WebCore::AccessibilityMockObject::detachFromParent): * accessibility/AccessibilitySlider.cpp: (WebCore::AccessibilitySlider::addChildren): (WebCore::AccessibilitySliderThumb::AccessibilitySliderThumb): (WebCore::AccessibilitySliderThumb::elementRect): * accessibility/AccessibilitySlider.h: * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::addChildren): (WebCore::AccessibilityTable::headerContainer): * accessibility/AccessibilityTable.h: (WebCore::toAccessibilityTable): * accessibility/AccessibilityTableColumn.cpp: (WebCore::AccessibilityTableColumn::AccessibilityTableColumn): (WebCore::AccessibilityTableColumn::setParent): (WebCore::AccessibilityTableColumn::headerObject): (WebCore::AccessibilityTableColumn::headerObjectForSection): (WebCore::AccessibilityTableColumn::accessibilityIsIgnored): (WebCore::AccessibilityTableColumn::addChildren): * accessibility/AccessibilityTableColumn.h: * accessibility/AccessibilityTableHeaderContainer.cpp: (WebCore::AccessibilityTableHeaderContainer::AccessibilityTableHeaderContainer): (WebCore::AccessibilityTableHeaderContainer::accessibilityIsIgnored): (WebCore::AccessibilityTableHeaderContainer::addChildren): * accessibility/AccessibilityTableHeaderContainer.h: 2011-1-17 Lucas Forschler Merge 91148 2011-07-16 Kulanthaivel Palanichamy Reviewed by Nikolas Zimmermann. SVG animation API crashes on SVGAnimateTransform https://bugs.webkit.org/show_bug.cgi?id=64104 This patch ensures the update in AnimatedTransform list in SVGAnimateTransformElement.cpp is in sync with its wrapper list. Test: svg/animations/svgtransform-animation-discrete.html * svg/SVGAnimateTransformElement.cpp: (WebCore::animatedTransformListFor): (WebCore::SVGAnimateTransformElement::resetToBaseValue): (WebCore::SVGAnimateTransformElement::calculateAnimatedValue): (WebCore::SVGAnimateTransformElement::applyResultsToTarget): 2012-01-17 Mark Rowe Merge r94107. 2011-08-30 Abhishek Arya Removed m_owner accessed in custom scrollbars. https://bugs.webkit.org/show_bug.cgi?id=64737 Reviewed by David Hyatt. Problem does not reproduce in DRT, even with Eventhandler tricks and gc(). So, adding a manual test. * manual-tests/custom-scrollbar-renderer-removed-crash.html: Added. * page/FrameView.cpp: (WebCore::FrameView::clearOwningRendererForCustomScrollbars): * page/FrameView.h: * rendering/RenderBox.cpp: (WebCore::RenderBox::willBeDestroyed): when this renderbox is getting destroyed, clear the custom scrollbar in this frameview having this renderbox as its owning renderer. * rendering/RenderScrollbar.cpp: (WebCore::RenderScrollbar::getScrollbarPseudoStyle): fix the null check. 2012-01-17 Mark Rowe Merge r100408. 2011-11-15 Darin Adler Incorrect type checks in RenderTheme media code https://bugs.webkit.org/show_bug.cgi?id=72184 Reviewed by Eric Carlson. No tests added. Ideally this patch should be revised to add tests! * accessibility/AccessibilityMediaControls.cpp: (WebCore::AccessibilityMediaControl::create): Use mediaControlElementType. (WebCore::AccessibilityMediaControl::controlType): Ditto. (WebCore::AccessibilityMediaTimeline::valueDescription): Use early return rather than an assertion to check type of input element. * html/shadow/MediaControlElements.cpp: (WebCore::mediaControlElementType): Added. A type-safe way to get the media control element type after checking isMediaControlElement but with no other assumptions. * html/shadow/MediaControlElements.h: Added mediaControlElementType. * platform/efl/RenderThemeEfl.cpp: (WebCore::RenderThemeEfl::paintMediaPlayButton): Use mediaControlElementType. (WebCore::RenderThemeEfl::paintMediaSeekBackButton): Use mediaControlElementType. (WebCore::RenderThemeEfl::paintMediaSeekForwardButton): Use mediaControlElementType. * platform/gtk/RenderThemeGtk.cpp: (WebCore::RenderThemeGtk::paintMediaPlayButton): Check isMediaControlElement and use mediaControlElementType. * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::paintMediaMuteButton): Ditto. Also remove uneeded redundant null check. (WebCore::RenderThemeMac::paintMediaPlayButton): Ditto. (WebCore::RenderThemeMac::paintMediaToggleClosedCaptionsButton): Ditto. 2012-01-17 Mark Rowe Merge r101543. 2011-11-30 James Simonsen Fix valgrind issue in SubresourceLoader::didFinishLoading https://bugs.webkit.org/show_bug.cgi?id=72787 Hang on to CachedResource until finish() is called. Reviewed by Nate Chapin. Test: fast/loader/subresource-load-failed-crash.html (under asan) * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didFinishLoading): (WebCore::SubresourceLoader::didFail): 2012-01-17 Mark Rowe Merge r103118. 2011-12-16 Tim Horton Canvas should respect backing store scale ratio when used as drawImage() source https://bugs.webkit.org/show_bug.cgi?id=74758 Reviewed by Simon Fraser. Interpret the source rectangle passed into drawImage() when using a Canvas source in the source Canvas coordinate space, instead of in the backing store coordinate space, without changing the behavior of drawImage(canvas, x, y). No new tests. * html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::convertDeviceToLogical): * html/HTMLCanvasElement.h: * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawImage): 2012-01-17 Mark Rowe Merge r104669. 2012-01-10 Jer Noble Crash in HTMLMediaElement::shouldDisableSleep() https://bugs.webkit.org/show_bug.cgi?id=76025 Reviewed by Dan Bernstein. Check nullity of m_player before dereferencing. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::shouldDisableSleep): 2012-01-17 Mark Rowe Merge r104619. 2012-01-10 Jer Noble REGRESSION (r102024): Having the Bing homepage open prevents idle sleep https://bugs.webkit.org/show_bug.cgi?id=75972 Reviewed by Oliver Hunt. No new tests; no testing infrastructure exists to test display sleep assertions. Only disable idle and display sleep when a video element is not paused, not looping, and has both a video and audio track. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaPlayerRateChanged): Factor into updateDisableSleep() and shouldDisplaySleep(). (WebCore::HTMLMediaElement::setLoop): Ditto. (WebCore::HTMLMediaElement::attributeChanged): Ditto. (WebCore::HTMLMediaElement::updateDisableSleep): (WebCore::HTMLMediaElement::shouldDisableSleep): * html/HTMLMediaElement.h: 2012-01-16 Mark Rowe Merge r99591. 2011-11-08 Darin Adler Speculative fix for crashes seen in DocumentWriter::deprecatedFrameEncoding https://bugs.webkit.org/show_bug.cgi?id=71828 Reviewed by Nate Chapin. No new tests; not sure how to reproduce this, but crash traces indicate it is an otherwise-harmless null dereference. * loader/DocumentWriter.cpp: (WebCore::DocumentWriter::deprecatedFrameEncoding): Handle null document the same as a document without a URL. 2012-01-16 Mark Rowe Merge r103860. 2011-12-31 Dan Bernstein WebCore change for Cannot print USPS shipping labels http://webkit.org/b/72801 Reviewed by Anders Carlsson and Alexey Proskuryakov. * WebCore.exp.in: Exported Chrome::print(). 2012-01-16 Mark Rowe Merge r103858. 2011-12-31 Dan Bernstein WebCore changes for REGRESSION (WebKit2): Printing a subframe containing a PDF prints the on-screen view instead of the entire PDF document Reviewed by Alexey Proskuryakov. * WebCore.exp.in: Exported PluginDocument::pluginWidget(). * WebCore.xcodeproj/project.pbxproj: Promoted PluginDocument.h to private. * html/PluginDocument.h: Fixed a typo in a comment. 2012-01-16 Mark Rowe Fix . * platform/mac/ScrollAnimatorMac.mm: (WebCore::ScrollAnimatorMac::notityPositionChanged): 2012-01-04 Alexey Proskuryakov Reviewed by John Sullivan. Many crashes at DocumentThreadableLoader::cancel No tests, because we could not reproduce this. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::cancel): Added a null check. 2012-01-16 Mark Rowe Merge r102540. 2011-12-11 Andreas Kling WK2/NetscapePlugin: Incorrect mouse event coordinates when frameScaleFactor != 1. and Reviewed by Anders Carlsson. * WebCore.exp.in: Export AffineTransform::scale(double). 2012-01-16 Mark Rowe Merge r104378. 2012-01-06 Mark Rowe REGRESSION (r83075): Save as PDF does not generate any links for webkit.org and others Use RenderObject::hasOutline when determining whether to always create line boxes so that we take in to consideration whether we'll be creating PDF link rects. Reviewed by Dan Bernstein. * rendering/RenderInline.cpp: (WebCore::RenderInline::styleDidChange): 2011-1-16 Lucas Forschler Merge 91324 2011-07-19 Simon Fraser REGRESSION (r91136-r91146): 40 tests failing on Windows 7 Release (Tests) https://bugs.webkit.org/show_bug.cgi?id=64808 Reviewed by Adam Roben. Initializing m_uncommittedChanges to a non-zero value caused the first call to noteLayerPropertyChanged() to not call m_client->notifySyncRequired(). This resulted in animations never getting committed on Windows, which broke a lot of tests. * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::GraphicsLayerCA): 2011-1-13 Lucas Forschler Merge 104352 2012-01-05 Simon Fraser Avoid falling into tiled layers more often when the device scale factor is > 1 Reviewed by John Sullivan. Stop taking the device scale factor into account when deciding to make tiled layers. Test: compositing/tiled-layers-hidpi.html * platform/graphics/ca/GraphicsLayerCA.cpp: (WebCore::GraphicsLayerCA::requiresTiledLayer): 2011-1-13 Lucas Forschler Merge 104269 2012-01-05 Dan Bernstein Update copyright strings Reviewed by Mark Rowe. * Info.plist: 2012-01-13 Lucas Forschler Roll-out r99999 (which is 104249 on branch) * platform/KURL.cpp: (WebCore::KURL::init): 2011-1-12 Lucas Forschler Merge 103082 2011-12-15 Alexey Proskuryakov Poor XPath performance when evaluating an expression that returns a lot of nodes https://bugs.webkit.org/show_bug.cgi?id=74665 Reviewed by Darin Adler. No change in funcitonality. Well covered by existing tests (ran them with zero cutoff to execute the new code path). Our sorting function is optimized for small node sets in large documents, and this is the opposite of it. Added another one that traverses the whole document, adding nodes from the node set to sorted list. That doesn't grow with the number of nodes nearly as fast. Cutoff amount chosen for the document referenced in bug - this is roughly where the algorithms have the same performance on it. * xml/XPathNodeSet.cpp: (WebCore::XPath::NodeSet::sort): (WebCore::XPath::findRootNode): (WebCore::XPath::NodeSet::traversalSort): * xml/XPathNodeSet.h: 2011-1-12 Lucas Forschler Merge 102024 2011-12-02 Jer Noble