2015-10-29 Babak Shafiei <bshafiei@apple.com> Merge r191756. 2015-10-29 Simon Fraser <simon.fraser@apple.com> Very slow typing on pages with wheel event handlers on the body, and deep content https://bugs.webkit.org/show_bug.cgi?id=150692 rdar://problem/23242631 Reviewed by Zalan Bujtas. On a large page with a wheel event handler on the body, we would call Element::absoluteEventHandlerBounds() for every element under the body, and compute an absolute bounds for each one. This is very slow. For now, optimize computing a region for the <body> by just using the document bounds, which will always be as big or larger. It's OK for this region to be an overestimate. * dom/Document.cpp: (WebCore::Document::absoluteRegionForEventTargets): 2015-10-29 Lucas Forschler <lforschler@apple.com> Merge r191706. rdar://problem/23319292 2015-10-28 Andy Estes <aestes@apple.com> [Content Filtering] Crash when allowing a 0-byte resource to load https://bugs.webkit.org/show_bug.cgi?id=150644 <rdar://problem/23288538> Reviewed by Darin Adler. Test: contentfiltering/allow-empty-document.html * loader/ContentFilter.cpp: (WebCore::ContentFilter::deliverResourceData): resourceBuffer will be null if the resource contained no data. 2015-10-27 Matthew Hanson <matthew_hanson@apple.com> Merge r191636. rdar://problem/23078059 2015-10-27 Alex Christensen <achristensen@webkit.org> Cancel navigation policy checks like we do content policy checks. https://bugs.webkit.org/show_bug.cgi?id=150582 rdar://problem/22077579 Reviewed by Brent Fulgham. This was verified manually and I'll write a layout test for it soon. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::DocumentLoader): (WebCore::DocumentLoader::~DocumentLoader): (WebCore::DocumentLoader::willSendRequest): (WebCore::DocumentLoader::continueAfterNavigationPolicy): (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): * loader/DocumentLoader.h: Add a bool to keep track of whether we are waiting for navigation policy checks, like we do with content policy checks. Without this check, sometimes callbacks are made to DocumentLoaders that do not exist any more because they do not get cancelled by cancelPolicyCheckIfNeeded when detaching from the frame. 2015-10-27 Matthew Hanson <matthew_hanson@apple.com> Merge r191525. rdar://problem/23239748 2015-10-23 Simon Fraser <simon.fraser@apple.com> Avoid SVG-induced layouts inside Element::absoluteEventBounds() https://bugs.webkit.org/show_bug.cgi?id=150516 Reviewed by Zalan Bujtas. Speculative fix for a crash under RenderObject::localToContainerQuad() when computing the wheel event handler region, which uses Element::absoluteEventHandlerBounds(). Element::absoluteEventBounds() was calling SVGElement::getBoundingBox() in a way that could trigger a layout. * dom/Element.cpp: (WebCore::Element::absoluteEventBounds): 2015-10-23 Matthew Hanson <matthew_hanson@apple.com> Merge r191484. 2015-10-22 Gordon Sheridan <gordon_sheridan@apple.com> Fix build for clang-700.0.59.5 by replacing deprecated calls to convert points between screen and window coordinates for Mac. https://bugs.webkit.org/show_bug.cgi?id=150379 Reviewed by Andy Estes. Provide WAKWindow versions of the non-deprecated methods for converting an NSRect between window and screen coordinates, which replace the deprecated methods that operated on an NSPoint. * platform/ios/wak/WAKWindow.h: * platform/ios/wak/WAKWindow.mm: (-[WAKWindow convertRectToScreen:]): Added. (-[WAKWindow convertRectFromScreen:]): Added. 2015-10-22 Matthew Hanson <matthew_hanson@apple.com> Merge r191357. rdar://problem/23103279 2015-10-20 Chris Fleizach <cfleizach@apple.com> AX: CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::AccessibilityTable::tableElement const + 116 https://bugs.webkit.org/show_bug.cgi?id=150349 Reviewed by Brent Fulgham. The crash point for this bug says that the parentElement of the firstBody is garbage when it's accessed. Unfortunately, I could not reproduce this in-situ or with a test. So my speculative solution is to recalculate those body elements to ensure that they're valid before we access. * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::tableElement): (WebCore::AccessibilityTable::isDataTable): 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r191077. rdar://problem/22993325 2015-10-14 Alex Christensen <achristensen@webkit.org> [Content Extensions] Make blocked async XHR call onerror https://bugs.webkit.org/show_bug.cgi?id=146706 Reviewed by Brady Eidson. Test: http/tests/contentextensions/async-xhr-onerror.html * xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequest::XMLHttpRequest): (WebCore::XMLHttpRequest::createRequest): (WebCore::XMLHttpRequest::networkError): (WebCore::XMLHttpRequest::networkErrorTimerFired): (WebCore::XMLHttpRequest::abortError): * xml/XMLHttpRequest.h: Make a timer that calls networkError in 0 time if a content blocker blocks the asynchronous load. It is necessary to call setPendingActivity and dropProtection (which calls unsetPendingActivity) to keep a reference to the XMLHttpRequest alive. 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r191008. rdar://problem/23111794 2015-10-13 Dean Jackson <dino@apple.com> Device motion and orientation should only be visible from the main frame's security origin https://bugs.webkit.org/show_bug.cgi?id=150072 <rdar://problem/23082036> Reviewed by Brent Fulgham. There are reports that gyroscope and accelerometer information can be used to detect keyboard entry. One initial step to reduce the risk is to forbid device motion and orientation events from being fired in frames that are a different security origin from the main page. Manual test: deviceorientation-main-frame-only.html * page/DOMWindow.cpp: (WebCore::DOMWindow::isSameSecurityOriginAsMainFrame): New helper function. (WebCore::DOMWindow::addEventListener): Check if we are the main frame, or the same security origin as the main frame. If not, don't add the event listeners. 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r188477. rdar://problem/22801969 2015-08-14 Tim Horton <timothy_horton@apple.com> Fix the Mavericks build. * platform/spi/mac/LookupSPI.h: 2015-10-14 Matthew Hanson <matthew_hanson@apple.com> Merge r188473. rdar://problem/22801969 2015-08-14 Tim Horton <timothy_horton@apple.com> Fix the build. * platform/spi/mac/LookupSPI.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190570. rdar://problem/23075530 2015-10-05 Zalan Bujtas <zalan@apple.com> Mark the line dirty when RenderQuote's text changes. https://bugs.webkit.org/show_bug.cgi?id=149784 rdar://problem/22558169 Reviewed by Antti Koivisto. When quotation mark changes ( " -> ' or empty string), we need to mark the line dirty to ensure its content gets laid out properly. Test: fast/inline/quotation-text-changes-dynamically.html * rendering/RenderQuote.cpp: (WebCore::quoteTextRenderer): (WebCore::RenderQuote::updateText): (WebCore::fragmentChild): Deleted. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190382. rdar://problem/22934301 2015-09-30 Dean Jackson <dino@apple.com> GraphicsContext3D::mappedSymbolName should initialize count variable https://bugs.webkit.org/show_bug.cgi?id=149692 <rdar://problem/22871304> Reviewed by Simon Fraser. While debugging another WebGL issue, I noticed that some OpenGL renderers can get into a state where they drop resources (e.g. a GPU reset). If we don't detect that in time, we might try to ask for the currently attached resources and our in-parameter will not be set. In this case, initialize it to zero so that we don't do silly things. * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: (WebCore::GraphicsContext3D::mappedSymbolName): Initialize count to 0. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190339. rdar://problem/23075538 2015-09-29 Jon Honeycutt <jhoneycutt@apple.com> Avoid reparsing an XSLT stylesheet after the first failure. https://bugs.webkit.org/show_bug.cgi?id=149188 <rdar://problem/22709912> Reviewed by Dave Hyatt. Patch by Jiewen Tan, jiewen_tan@apple.com. Test: svg/custom/invalid-xslt-crash.svg * xml/XSLStyleSheet.h: Add a new member variable m_compilationFailed that tracks whether compilation has failed. Default value is false. * xml/XSLStyleSheetLibxslt.cpp: (WebCore::XSLStyleSheet::compileStyleSheet): Return early if the compilation has failed before. After compiling the style sheet, if we failed, set m_compilationFailed to true. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190097. rdar://problem/23075540 2015-09-21 Ryosuke Niwa <rniwa@webkit.org> Fix release builds with security assertion after r190007. * dom/DocumentOrderedMap.cpp: * dom/DocumentOrderedMap.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r190007. rdar://problem/23075540 2015-09-18 Ryosuke Niwa <rniwa@webkit.org> REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees https://bugs.webkit.org/show_bug.cgi?id=149364 Reviewed by Antti Koivisto. Since the tree scope is set to that of Document's inside removeBetween when a node is removed from a shadow tree, oldScope != &treeScope() was already true inside Element::removedFrom. This can introduce an inconsistency in DocumentOrderedMap which could result in a crash. Fixed the bug by checking it against document(), which is the behavior we had prior to r150187. Also added a consistency check in DocumentOrderedMap to catch bugs like this. No new tests. New assertions fail in existing tests without this fix. * dom/DocumentOrderedMap.cpp: (WebCore::DocumentOrderedMap::add): (WebCore::DocumentOrderedMap::remove): (WebCore::DocumentOrderedMap::get): * dom/DocumentOrderedMap.h: * dom/Element.cpp: (WebCore::Element::removedFrom): 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189979. rdar://problem/23075525 2015-09-18 Chris Dumez <cdumez@apple.com> WebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with GuardMalloc when preparing to suspend https://bugs.webkit.org/show_bug.cgi?id=149350 Reviewed by Antti Koivisto. in MemoryPressureHandler::releaseCriticalMemory(), iterate over a copy of Document::allDocuments() instead of iterating over allDocuments() directly. Also make sure the Documents are ref'd inside the copy. This is needed because clearing the StyleResolver of a Document may cause Documents to be unref'd and removed from the allDocument() HashSet. No new tests, already covered by existing tests. * platform/MemoryPressureHandler.cpp: (WebCore::MemoryPressureHandler::releaseCriticalMemory): 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189421. rdar://problem/22802049 2015-09-04 Myles C. Maxfield <mmaxfield@apple.com> Crash when font completes downloading after calling 2D canvas setText() multiple times https://bugs.webkit.org/show_bug.cgi?id=148789 Reviewed by Darin Adler. The CSSFontSelector has a list of clients, and when fonts complete downloading, these clients get a call back. CanvasRenderingContext2D::State is one such of these clients. However, the CSSFontSelector may be destroyed and recreated at any time. We were getting into a case where multiple CSSFontSelectors were thinking that the same CanvasRenderingContext2D::State were their client. When the CanvasRenderingContext2D::State was destroyed, it only unregistered itself from one of the CSSFontSelectors, which means the CSSFontSelector left over has a dangling pointer to it. The solution is to implement a new helper class, FontProxy, to hold the CanvasRenderingContext2D::State's font, and maintain the invariant that this object is always registered to exactly one CSSFontSelector, and this CSSFontSelector is the one which is associated with the FontProxy's FontCascade object. This patch maintains this invariant, as well as protecting all access to the State's FontCascade object so no one can reach in and change it without going through functions which maintain the invariant. Test: fast/canvas/font-selector-crash.html * css/CSSFontSelector.cpp: (WebCore::CSSFontSelector::registerForInvalidationCallbacks): (WebCore::CSSFontSelector::unregisterForInvalidationCallbacks): (WebCore::CSSFontSelector::dispatchInvalidationCallbacks): * css/CSSFontSelector.h: * dom/Document.cpp: (WebCore::Document::fontsNeedUpdate): (WebCore::Document::fontSelector): (WebCore::Document::clearStyleResolver): * dom/Document.h: * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::State::State): (WebCore::CanvasRenderingContext2D::State::operator=): (WebCore::CanvasRenderingContext2D::FontProxy::~FontProxy): (WebCore::CanvasRenderingContext2D::FontProxy::FontProxy): (WebCore::CanvasRenderingContext2D::FontProxy::update): (WebCore::CanvasRenderingContext2D::FontProxy::fontsNeedUpdate): (WebCore::CanvasRenderingContext2D::FontProxy::initialize): (WebCore::CanvasRenderingContext2D::FontProxy::fontMetrics): (WebCore::CanvasRenderingContext2D::FontProxy::fontDescription): (WebCore::CanvasRenderingContext2D::FontProxy::width): (WebCore::CanvasRenderingContext2D::FontProxy::drawBidiText): (WebCore::CanvasRenderingContext2D::font): (WebCore::CanvasRenderingContext2D::setFont): (WebCore::CanvasRenderingContext2D::measureText): (WebCore::CanvasRenderingContext2D::drawTextInternal): (WebCore::CanvasRenderingContext2D::State::~State): Deleted. (WebCore::CanvasRenderingContext2D::State::fontsNeedUpdate): Deleted. (WebCore::CanvasRenderingContext2D::accessFont): Deleted. * html/canvas/CanvasRenderingContext2D.h: * platform/graphics/FontSelector.h: 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r189834. rdar://problem/22801966 2015-09-15 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Paused Debugger prevents page reload https://bugs.webkit.org/show_bug.cgi?id=148174 Reviewed by Brian Burg. When navigating the page while paused, suppress any pausing until the page has completed navigation. If not paused and navigating, you can still pause in pagehide and unload handlers or other late page events. Could not write a reliable test for this at the moment. InspectorTest.reloadPage has multiple issues with the output, so I'll investigate making reload tests more reliable later. * inspector/InspectorController.h: * inspector/InspectorController.cpp: (WebCore::InspectorController::resume): Deleted. * loader/FrameLoader.cpp: (WebCore::FrameLoader::continueLoadAfterNavigationPolicy): We now use existing InspectorInstrumentation functions instead of a method on InspectorController during load. In dropping the method InspectorController can drop a member variable no longer used. * inspector/InspectorInstrumentation.h: (WebCore::InspectorInstrumentation::willStartProvisionalLoad): Add a new instrumentation hook. * inspector/InspectorInstrumentation.cpp: (WebCore::InspectorInstrumentation::willStartProvisionalLoadImpl): (WebCore::InspectorInstrumentation::didCommitLoadImpl): When starting or completing main frame navigations, let the PageDebuggerAgent do some work. * inspector/PageDebuggerAgent.h: * inspector/PageDebuggerAgent.cpp: (WebCore::PageDebuggerAgent::mainFrameStartedLoading): (WebCore::PageDebuggerAgent::mainFrameStoppedLoading): (WebCore::PageDebuggerAgent::mainFrameNavigated): Suppress pausing if navigating while paused. Otherwise behave as normal. 2015-10-13 Matthew Hanson <matthew_hanson@apple.com> Merge r188443. rdar://problem/22801969 2015-08-13 Tim Horton <timothy_horton@apple.com> Performing a Lookup on wrapped text puts the popover arrow in the wrong place (off to the right) https://bugs.webkit.org/show_bug.cgi?id=148012 <rdar://problem/19238094> Reviewed by Simon Fraser. * platform/spi/mac/LookupSPI.h: Add some SPI. 2015-10-09 Lucas Forschler <lforschler@apple.com> Merge r189168 2015-08-31 Alexey Proskuryakov <ap@apple.com> Build fix. * page/EventHandler.h: (WebCore::EventHandler::immediateActionStage): Don't export an inline function, to avoid "weak external symbol" errors. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r190602. rdar://problem/22995830 2015-10-05 Alex Christensen <achristensen@webkit.org> Invalid CSS Selector for Content Blockers invalidates others https://bugs.webkit.org/show_bug.cgi?id=148446 rdar://problem/22918235 Reviewed by Benjamin Poulain. Test: http/tests/contentextensions/invalid-selector.html * contentextensions/ContentExtensionParser.cpp: (WebCore::ContentExtensions::loadTrigger): (WebCore::ContentExtensions::isValidSelector): (WebCore::ContentExtensions::loadAction): (WebCore::ContentExtensions::loadRule): Add a check to see if a selector is valid before adding it. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r190375. rdar://problem/22881748 2015-09-30 Myles C. Maxfield <mmaxfield@apple.com> Crash when using an SVG font with > 390 glyphs https://bugs.webkit.org/show_bug.cgi?id=149677 <rdar://problem/21676402> Reviewed by Simon Fraser. The "Charset Index" in OTF are indices into a collection of strings. There are 390 predefined strings in this collection. We were currently assigning each glyph to one of these strings. However, if there are more glyphs than strings, we will be using invalid indices. The values of the strings themselves are not necessary for SVG fonts. Therefore, the solution is to create a single dummy string, and have all glyphs target it. Tests: svg/custom/many-glyphs.svg * css/CSSFontFaceSource.cpp: (WebCore::CSSFontFaceSource::font): * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::appendCFFTable): 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r189976. rdar://problem/22824652 2015-09-18 Chris Dumez <cdumez@apple.com> REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them https://bugs.webkit.org/show_bug.cgi?id=149317 <rdar://problem/22521514> Reviewed by Tim Horton. Disable on Mavericks a PageCache optimization from r182449 which lets into PageCache pages that only have certain types of pending loads (images and XHR). This is because it has been determined via bisection that this change is the one that introduced the bug on Mavericks. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r189976. rdar://problem/22824652 2015-09-18 Chris Dumez <cdumez@apple.com> REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them https://bugs.webkit.org/show_bug.cgi?id=149317 <rdar://problem/22521514> Reviewed by Tim Horton. Disable on Mavericks a PageCache optimization from r182449 which lets into PageCache pages that only have certain types of pending loads (images and XHR). This is because it has been determined via bisection that this change is the one that introduced the bug on Mavericks. * loader/DocumentLoader.cpp: (WebCore::areAllLoadersPageCacheAcceptable): 2015-10-08 Andy Estes <aestes@apple.com> Merge r188150, r188517, r188844, r188845, r188851, r188852, r188880, r188881, r188988, r189193, r189289, and r190133. rdar://problem/22847063 2015-08-26 Andy Estes <aestes@apple.com> [Content Filtering] Determine navigation and content policy before continuing to filter a load https://bugs.webkit.org/show_bug.cgi?id=148506 Reviewed by Brady Eidson. Prior to this change, ContentFilter would hide from DocumentLoader all CachedRawResourceClient callbacks until a decision was made, then replay the missed callbacks. This approach interacted poorly with some features of the loader, notably appcache and downloads. In the case of appcache, DocumentLoader might not have a chance to check for substitute data until the original load has finished, wasting bandwidth, and might receive duplicate or out-of-order callbacks. In the case of downloads, it would often be too late to convert the existing connection to a download, leading to restarted downloads or outright failures. Bandaids were put in place for these issues in r188150, r188486, and r188851 to fix crashes or serious regressions in behavior, but these weren't complete fixes. They did not solve any of the duplicate data loading problems, and they did not make downloads work reliably in all cases. This patch rolls out the bandaids (but keeps their tests) and replaces them with a more robust fix. Instead of hiding callbacks from DocumentLoader, ContentFilter now delivers willSendRequest(), redirectReceived(), and responseReceived() to DocumentLoader immediately, and cancels filtering if DocumentLoader decides to ignore the load, download it, or load substitute data. ContentFilter continues to buffer incoming data to prevent partial rendering of blocked content. The existing tests for r188150 and r188851 were kept, the test for r188486 was rewritten to be specific to content filtering, and new tests were added to cover the case where ContentFilter is still undecided after a load finishes. Tests: contentfiltering/allow-never.html contentfiltering/block-never.html ContentFiltering.AllowDownloadAfterAddData ContentFiltering.AllowDownloadAfterFinishedAddingData ContentFiltering.AllowDownloadAfterRedirect ContentFiltering.AllowDownloadAfterResponse ContentFiltering.AllowDownloadAfterWillSendRequest ContentFiltering.AllowDownloadNever ContentFiltering.BlockDownloadAfterAddData ContentFiltering.BlockDownloadAfterFinishedAddingData ContentFiltering.BlockDownloadAfterRedirect ContentFiltering.BlockDownloadAfterResponse ContentFiltering.BlockDownloadAfterWillSendRequest ContentFiltering.BlockDownloadNever * bindings/js/JSMockContentFilterSettingsCustom.cpp: (WebCore::JSMockContentFilterSettings::decisionPoint): Taught to handle DecisionPoint::Never, and rewrote to not need a set of const uint8_ts that mirror the DecisionPoint enum. (WebCore::JSMockContentFilterSettings::setDecisionPoint): Ditto. (WebCore::toJSValue): Rewrote to not need a set of const uint8_ts that mirror the Decision enum. (WebCore::toDecision): Ditto. * loader/ContentFilter.cpp: (WebCore::ContentFilter::createIfEnabled): Renamed from createIfNeeded, and changed to take a DocumentLoader& instead of a DecisionFunction. (WebCore::ContentFilter::ContentFilter): (WebCore::ContentFilter::responseReceived): If m_state != Blocked after filtering, call DocumentLoader::responseReceived(). (WebCore::ContentFilter::dataReceived): If m_state == Allowed after filtering, deliver buffered data to DocumentLoader. If no filtering was necessary, call DocumentLoader::dataReceived() directly. (WebCore::ContentFilter::redirectReceived): If m_state != Blocked after filtering, call DocumentLoader::redirectReceived(). (WebCore::ContentFilter::notifyFinished): If an error occured, call DocumentLoader::notifyFinished() immediately and return. If m_state != Blocked after filtering, deliver buffered data to DocumentLoader and call DocumentLoader::notifyFinished(). If no filtering was necessary and m_state != Blocked, call DocumentLoader::notifyFinished() directly. (WebCore::ContentFilter::didDecide): Called DocumentLoader::contentFilterDidDecide() instead of m_decisionFunction(). (WebCore::ContentFilter::deliverResourceData): Added a helper function to deliver buffered data to DocumentLoader. (WebCore::ContentFilter::createIfNeeded): Renamed to createIfEnabled(). * loader/ContentFilter.h: * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::DocumentLoader): (WebCore::DocumentLoader::willSendRequest): Stopped asserting that redirectResponse is null and made it part of the if condition instead, since willSendRequest() will now be called on redirects when there is an active ContentFilter. (WebCore::DocumentLoader::startLoadingMainResource): Called becomeMainResourceClient() instead of becomeMainResourceClientIfFilterAllows(). (WebCore::DocumentLoader::becomeMainResourceClient): Renamed from becomeMainResourceClientIfFilterAllows(). Only called ContentFilter::startFilteringMainResource() if the filter state is Initialized, since ContentFilter might have already made a decision in willSendRequest(). (WebCore::DocumentLoader::contentFilterDidDecide): Stopped deleting m_contentFilter, since it will continue to deliver callbacks even after making a decision. Fixed a bug where we were creating two copies of ContentFilter's replacement data. (WebCore::DocumentLoader::syntheticRedirectReceived): Deleted. (WebCore::DocumentLoader::becomeMainResourceClientIfFilterAllows): Renamed to becomeMainResourceClient(). * loader/DocumentLoader.h: * loader/EmptyClients.h: * loader/FrameLoaderClient.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSendRequestInternal): Removed part of r188851. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Removed part of r188486. * loader/SubresourceLoader.h: * loader/cache/CachedRawResource.cpp: (WebCore::CachedRawResource::didAddClient): Removed part of r188150. * loader/cache/CachedRawResourceClient.h: (WebCore::CachedRawResourceClient::syntheticRedirectReceived): Removed part of r188150. * testing/MockContentFilterSettings.h: Defined DecisionPoint::Never. * testing/MockContentFilterSettings.idl: Defined DECISION_POINT_NEVER. 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r188148. rdar://problem/22802036 2015-08-06 Dean Jackson <dino@apple.com> Shadows don't draw on fillText when using a gradient fill https://bugs.webkit.org/show_bug.cgi?id=147758 <rdar://problem/20860912> Reviewed by Myles Maxfield. Since we use a mask to render a pattern or gradient into text, any shadow was being clipped out. Change this to draw the shadow before the mask + fill operation, using a technique similar to text-shadow. Test: fast/canvas/gradient-text-with-shadow.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::drawTextInternal): Get the current shadow style, paint the text with a transformed shadow offset so that we only see the shadow and not the text, then combine with the existing pattern/gradient fill. 2015-10-08 Lucas Forschler <lforschler@apple.com> Rollout r190745 2015-10-08 Lucas Forschler <lforschler@apple.com> Merge r188443. rdar://problem/22801969 2015-08-13 Tim Horton <timothy_horton@apple.com> Performing a Lookup on wrapped text puts the popover arrow in the wrong place (off to the right) https://bugs.webkit.org/show_bug.cgi?id=148012 <rdar://problem/19238094> Reviewed by Simon Fraser. * platform/spi/mac/LookupSPI.h: Add some SPI. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r190380. rdar://problem/22888962 2015-09-30 Dean Jackson <dino@apple.com> Crash in gleLookupHashObject when context is lost https://bugs.webkit.org/show_bug.cgi?id=149690 <rdar://problem/22751585> <rdar://problem/22465495> Reviewed by Simon Fraser. When we received notification that the GPU has reset, we were nulling out and deleting our OpenGL contexts and then trying to do it all over again. The fix was to flip the order of operations. While there I added some logging, and changed the way we check GPU status to make sure we do a check after the first draw call. Unfortunately we can't test automatically because it involves resetting the GPU which can possibly cause concurrent tests to fail. * platform/graphics/mac/GraphicsContext3DMac.mm: (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): Move forceContextLost() to be the first thing we do after we've realised we need to bail. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r190252. rdar://problem/22867962 2015-09-25 Beth Dakin <bdakin@apple.com> Clicking on a data detected item inside a form control always pops up a map on force touch trackpad https://bugs.webkit.org/show_bug.cgi?id=149559 -and corresponding- rdar://problem/22826796 Reviewed by Tim Horton. The real bug here appears to be a bug in Lookup, but we can work around it. For normal text, we call directly into Data Detectors for map results, and that works fine. For text within form controls, we did not properly extract the text for DD, so we sent it to Lookup instead, and Lookup has this bug where they will pop open the map right away. If we properly extract the text for form controls, then we can work around this bug. * editing/mac/DataDetection.mm: (WebCore::detectItemAtPositionWithRange): (WebCore::DataDetection::detectItemAroundHitTestResult): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r189560. rdar://problem/22824659 2015-09-09 Benjamin Poulain <bpoulain@apple.com> CSS general sibling selectors does not work without CSS JIT https://bugs.webkit.org/show_bug.cgi?id=148987 rdar://problem/22559860 Reviewed by Andreas Kling. When traversing with the indirect adjacent combinator, SelectorChecker was not setting the style invalidation flag on the right element. Tests: fast/css/indirect-adjacent-style-invalidation-1.html fast/css/indirect-adjacent-style-invalidation-2.html fast/css/indirect-adjacent-style-invalidation-3.html * css/SelectorChecker.cpp: (WebCore::SelectorChecker::matchRecursively): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188990. rdar://problem/22802029 2015-08-26 Beth Dakin <bdakin@apple.com> REGRESSION: Safari navigates after a cancelled force click https://bugs.webkit.org/show_bug.cgi?id=148491 -and corresponding- rdar://problem/22394323 Reviewed by Tim Horton. This regression was introduced on El Capitan because AppKit sends ‘cancel’ to gesture recognizer BEFORE it sends the mouseUp. So the ImmediateActionStage needs to track whether a cancel happened after updates or without any updates since they signify different things. Don’t perform default behaviors when the stage is ActionCancelledAfterUpdate. * page/EventHandler.cpp: (WebCore::EventHandler::handleMouseReleaseEvent): New possible stages, and new getter for the current stage. * page/EventHandler.h: (WebCore::EventHandler::immediateActionStage): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188768. rdar://problem/22802019 2015-08-21 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: REGRESSION(173684): Edit as HTML not working https://bugs.webkit.org/show_bug.cgi?id=148268 Reviewed by Chris Dumez. Tests: inspector/dom/getOuterHTML.html inspector/dom/setOuterHTML.html * inspector/DOMPatchSupport.cpp: (WebCore::DOMPatchSupport::innerPatchChildren): Revert the optimization change made in r173684. The optimization changes had a few issues. It changed the logic to potentially drop out of the loop before all new items were processed and using a node reference to track an index did not account for the modifications insertBefore may have made to that node's index in the list. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188690. rdar://problem/22802006 2015-08-20 Chris Dumez <cdumez@apple.com> [Cocoa] Treat Epoch as invalid value for "Last-Modified" header https://bugs.webkit.org/show_bug.cgi?id=148162 rdar://problem/22330837 Reviewed by Antti Koivisto. Ignore "Last-Modified" header when computing heuristic freshness if it is Epoch. CFNetwork currently converts a malformed date for Last-Modified into Epoch so there is no way for us to distinguish Epoch from invalid input. Without this, we would end up with cached resources that have a giant lifetime (> 4 years) due to a malformed HTTP header. Some Websites (e.g. www.popehat.com) also wrongly return Epoch as Last-Modified value and we would end up caching it overly aggressively. Now that we consider Epoch as an invalid value for Last-Modified, it will also work around this content bug. Test: http/tests/cache/disk-cache/disk-cache-last-modified.html * platform/network/ResourceResponseBase.cpp: (WebCore::ResourceResponseBase::lastModified): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r189102. rdar://problem/22802034 2015-08-28 Timothy Horton <timothy_horton@apple.com> [Mac] Right-clicking on GIFs spins the UI process for a while https://bugs.webkit.org/show_bug.cgi?id=148566 <rdar://problem/22460854> Reviewed by Brady Eidson. * platform/ContextMenuItem.h: Properly mark this as Mac-only. It's only implemented in ContextMenuItemMac. * platform/mac/ContextMenuItemMac.mm: (WebCore::ContextMenuItem::shareMenuItem): Take a NSImage directly, so we don't have to round-trip through BitmapImage, which can be lossy and expensive. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188634. rdar://problem/22802013 2015-08-18 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] Punctuation near Hindi text is garbled when styled with the system font https://bugs.webkit.org/show_bug.cgi?id=148164 Reviewed by Brian Burg. Fonts cache whether or not they are the system font. This caching took place at the end of Font::platformInit(). However, in the middle of Font::platformInit(), we look up a glyph, which calls GlyphPage::fill() which consults with this cache. However, at this point, the cache has not been constructed yet. The solution is just to construct the cache earlier (at the beginning of the function). Consulting with the cache before it is populated causes it to erroneously say that no fonts are system fonts. Then, we use Core Graphics to ask for glyphs instead of Core Text. Core Graphics, however, is incapable of handling the system font, and returns us garbled results. In particular, when the system language is set to Japanese, the system font does not support punctuation, and Core Text tells us so. However, Core Graphics erroneously tells us that the system font does support punctuation. Then, if text is near the punctuation which causes us to take the complex text codepath (such as Hindi text), we tell Core Text to explicitly lay out the punctuation using the system font (which does not support punctuation). Core Text then replies that the provided font doesn't support the punctuation, and that we should use LastResort with some other glyphs instead. WebKit then disregards the font CoreText told us to use (because we are oh-so-sure that the font in question supports punctuation) and uses the LastResort glyph IDs with our font, which causes arbitrary glyphs to be shown. Test: fast/text/hindi-system-font-punctuation.html * platform/graphics/cocoa/FontCocoa.mm: (WebCore::Font::platformInit): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188622. rdar://problem/22802016 2015-08-18 Dean Jackson <dino@apple.com> Add null check in ImageBufferData::getData https://bugs.webkit.org/show_bug.cgi?id=148156 <rdar://problem/22337157> Reviewed by Simon Fraser. We're getting a number of crash reports that suggest the allocation of the result buffer has failed, but have been unable to reproduce. This patch adds a null check to the allocation, and logs a message to the system console. This might avoid the crashes, and hopefully we'll see the message. No new tests, since we're unable to reproduce this crash. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::ImageBufferData::getData): Add a null-check and early return. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r188298. rdar://problem/22885242 2015-08-11 Zalan Bujtas <zalan@apple.com> Invalid FrameView::m_viewportRenderer after layout is finished. https://bugs.webkit.org/show_bug.cgi?id=147848 rdar://problem/22205197 Reviewed by Simon Fraser. We cache the current viewport renderer (FrameView::m_viewportRenderer) right before layout. It gets dereferenced later when layout is finished to update the overflow status. If the viewport renderer gets destroyed during layout, we end up with a dangling pointer. This patch replaces the pointer caching with type caching (none, body, document). Unable to construct a test case. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187921. rdar://problem/22801988 2015-08-04 Chris Dumez <cdumez@apple.com> Subframes with no current HistoryItem should not prevent page-caching https://bugs.webkit.org/show_bug.cgi?id=147649 <rdar://problem/21614832> Reviewed by Andreas Kling. Subframes with no current HistoryItem should not prevent page-caching. We need one for the main frame as this is the key in the PageCache. However, there is no reason to require one for subframes. This is a common reason for page-caching failures nowadays. Frames do no have a current HistoryItem until something has been loaded in them. Test: http/tests/navigation/page-cache-iframe-no-current-historyItem.html * history/PageCache.cpp: (WebCore::logCanCacheFrameDecision): (WebCore::PageCache::canCachePageContainingThisFrame): 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187593. rdar://problem/22801973 2015-07-30 Simon Fraser <simon.fraser@apple.com> Selecting in an iframe can cause main page scrolling https://bugs.webkit.org/show_bug.cgi?id=147431 rdar://problem/19244589 Reviewed by Zalan Bujtas. The RenderLayer auatoscroll code walks up the RenderLayer hierarchy, crossing frame boundaries. However, as it crosses into an ancestor frame it failed to map the target rect into the coordinate space of the new frame, which caused us to scroll to an incorrect location in that parent frame. Test: fast/events/autoscroll-in-iframe.html * rendering/RenderLayer.cpp: (WebCore::parentLayerCrossFrame): Make the layer a reference, and pass in an optional rect. When crossing frame boundaries, map the rect from the contents of the child frame to the contents of the parent frame. (WebCore::RenderLayer::enclosingScrollableLayer): Pass optional rect. (WebCore::RenderLayer::scrollRectToVisible): (WebCore::RenderLayer::hasScrollableOrRubberbandableAncestor): * rendering/RenderLayer.h: 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187210. rdar://problem/22801995 2015-07-22 Wenson Hsieh <wenson_hsieh@apple.com> Coordinates-based snap offsets don't update correctly when container is scrolled https://bugs.webkit.org/show_bug.cgi?id=147215 Reviewed by Brent Fulgham. Fixes the way we append the snap offsets of child elements with coordinates. We now consider the scroll offset of the parent scroll snapping container, so snap offset recomputations don't fail on scroll snapping containers. Test: css3/scroll-snap/scroll-snap-coordinate-overflow-resize.html * page/scrolling/AxisScrollSnapOffsets.cpp: (WebCore::appendChildSnapOffsets): Fixed to consider the scroll offset of the parent container. 2015-10-02 Matthew Hanson <matthew_hanson@apple.com> Merge r187145. rdar://problem/22801952 2015-07-21 Joseph Pecoraro <pecoraro@apple.com> Web Inspector: Node highlights are wrong when the page is zoomed https://bugs.webkit.org/show_bug.cgi?id=147177 Reviewed by Simon Fraser. * inspector/InspectorOverlay.cpp: (WebCore::InspectorOverlay::update): Remove scaling that appears to no longer be needed, it was double scaling the overlay content and misplacing it in the process. 2015-09-25 Brent Fulgham <bfulgham@apple.com> Merge r190235. rdar://problem/22852382 2015-09-24 Brent Fulgham <bfulgham@apple.com> [Win] Support composited content in WebView render-to-context methods https://bugs.webkit.org/show_bug.cgi?id=149516 <rdar://problem/22635080> Reviewed by Simon Fraser. Extend the CACFLayerTreeHost implementation to render into a passed device context when requested. When no context is provided (the default case) paint as normal. Will be tested by existing compositing tests in a future bug. DumpRenderTree has to be extended to do this painting properly. * platform/graphics/ca/win/CACFLayerTreeHost.cpp: (WebCore::CACFLayerTreeHost::paint): Accept an optional HDC argument, and pass it to the render method. * platform/graphics/ca/win/CACFLayerTreeHost.h: * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::LegacyCACFLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::LegacyCACFLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: Add missing SOFT_LINK command for the WKCACFViewDrawIntoDC. (WebCore::WKCACFViewLayerTreeHost::paint): Accept optional HDC argument and pass it to the parent class. (WebCore::WKCACFViewLayerTreeHost::render): Accept new optional HDC argument. If provided, call WKCACFViewDrawIntoDC. Otherwise, call WKCACFVIewDraw. * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: 2015-09-22 Matthew Hanson <matthew_hanson@apple.com> Merge r189200. rdar://problem/22803080 2015-08-31 Brent Fulgham <bfulgham@apple.com> [Win] WebKit cannot load pages based on "file://" URLs https://bugs.webkit.org/show_bug.cgi?id=148596 <rdar://problem/22432585> Reviewed by Dean Jackson. * platform/URL.cpp: (WebCore::URL::URL): Work around bug that causes this assertion to fire on the Apple Windows build. * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp: (WebCore::adjustMIMETypeIfNecessary): Added. If the URL is for a local file, determine the MIME type based on extension. Otherwise use the default MIME type. (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse): If the CFURLResponse has no MIME type, call 'adjustMIMETypeIfNecessary'. 2015-09-16 Babak Shafiei <bshafiei@apple.com> Merge r189821. 2015-09-15 Brent Fulgham <bfulgham@apple.com> [Win] Tiled drawing is rendering more times than it should https://bugs.webkit.org/show_bug.cgi?id=149144 <rdar://problem/22313905> Reviewed by Simon Fraser. Provide a more faithful implemenation of the Objective C tiled drawing logic. (1) Create a new WebTiledBackingLayerWin class that represents a the container of tiles. This matches the Objective C design. (2) Move implementation of several methods (e.g., isOpaque) to the internal class implementation so that the Tile Drawing logic can perform special handling in these cases. (3) Remove the duplicated Tiled Drawing logic from PlatformCALayerWinInternal, since it was just duplicating code in TileController and TileGrid. (4) Clean up the display callback code to avoid performing incorrect flipping of the coordinate system. * PlatformAppleWin.cmake: Add new WebTiledBackingLayerWin file. * WebCore.vcxproj/WebCore.vcxproj: Add the new WebTiledBackingLayerWin files. * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto. * platform/graphics/ca/PlatformCALayer.cpp: (PlatformCALayer::flipContext): Added convenience method. (PlatformCALayer::drawRepaintIndicator): Ditto. * platform/graphics/ca/TileGrid.cpp: (TileGrid::platformCALayerPaintContents): Flip the context before drawing the repaint indicator on Windows. * platform/graphics/ca/win/PlatformCALayerWin.cpp: (PlatformCALayerWin::PlatformCALayerWin): Create a WebTiledBackingLayerWin object if using tiled drawing. (PlatformCALayerWin::~PlatformCALayerWin): (PlatformCALayerWin::isOpaque): Move implementation to internal class. (PlatformCALayerWin::setOpaque): Ditto. (PlatformCALayerWin::setBorderWidth): Ditto. (PlatformCALayerWin::setBorderColor): Ditto. (PlatformCALayerWin::contentsScale): Ditto. (PlatformCALayerWin::setContentsScale): Ditto. (PlatformCALayerWin::cornerRadius): Ditto. (PlatformCALayerWin::tiledBacking): Ditto. (PlatformCALayerWin::drawTextAtPoint): New helper method to draw repaint counter text. Needed to work around bug in CG. * platform/graphics/ca/win/PlatformCALayerWinInternal.cpp: (PlatformCALayerWinInternal::PlatformCALayerWinInternal): Remove tiling-logic related member variables. (PlatformCALayerWinInternal::~PlatformCALayerWinInternal): (shouldInvertBeforeDrawingContent): Added convenience method. (shouldInvertBeforeDrawingRepaintCounters): Ditto. (PlatformCALayerWinInternal::displayCallback): (PlatformCALayerWinInternal::drawRepaintCounters): Helper method to share code between the two layer classes. (PlatformCALayerWinInternal::internalSetNeedsDisplay): use nullptr. (PlatformCALayerWinInternal::setNeedsDisplay): Ditto. (PlatformCALayerWinInternal::setNeedsDisplayInRect): Move tiled code to WebTiledBackingLayerWin and simplify the remaing code. (PlatformCALayerWinInternal::setSublayers): Remove tile code. (PlatformCALayerWinInternal::getSublayers): Ditto. (PlatformCALayerWinInternal::removeAllSublayers): Ditto. (PlatformCALayerWinInternal::insertSublayer): Ditto. (PlatformCALayerWinInternal::sublayerCount): Ditto. (PlatformCALayerWinInternal::indexOfSublayer): Ditto. (PlatformCALayerWinInternal::sublayerAtIndex): Ditto. (PlatformCALayerWinInternal::setBounds): Ditto. (PlatformCALayerWinInternal::setFrame): Ditto. (PlatformCALayerWinInternal::isOpaque): Ditto. (PlatformCALayerWinInternal::setOpaque): Ditto. (PlatformCALayerWinInternal::contentsScale): Ditto. (PlatformCALayerWinInternal::setContentsScale): Ditto. (PlatformCALayerWinInternal::setBorderWidth): Ditto. (PlatformCALayerWinInternal::setBorderColor): Ditto. (layerTypeIsTiled): Deleted. (PlatformCALayerWinInternal::constrainedSize): Deleted. (PlatformCALayerWinInternal::tileDisplayCallback): Deleted. (PlatformCALayerWinInternal::addTile): Deleted. (PlatformCALayerWinInternal::removeTile): Deleted. (PlatformCALayerWinInternal::tileAtIndex): Deleted. (PlatformCALayerWinInternal::tileCount): Deleted. (PlatformCALayerWinInternal::updateTiles): Deleted. (PlatformCALayerWinInternal::drawTile): Deleted. (PlatformCALayerWinInternal::createTileController): Deleted. (PlatformCALayerWinInternal::tiledBacking): Deleted. * platform/graphics/ca/win/PlatformCALayerWinInternal.h: (WebCore::PlatformCALayerWinInternal::owner): * platform/graphics/ca/win/WebTiledBackingLayerWin.cpp: Added. (WebTiledBackingLayerWin::WebTiledBackingLayerWin): (WebTiledBackingLayerWin::~WebTiledBackingLayerWin): (DisplayOnMainThreadContext::DisplayOnMainThreadContext): (redispatchOnMainQueue): (WebTiledBackingLayerWin::displayCallback): (WebTiledBackingLayerWin::setNeedsDisplay): (WebTiledBackingLayerWin::setNeedsDisplayInRect): (WebTiledBackingLayerWin::setBounds): (WebTiledBackingLayerWin::isOpaque): (WebTiledBackingLayerWin::setOpaque): (WebTiledBackingLayerWin::contentsScale): (WebTiledBackingLayerWin::setContentsScale): (WebTiledBackingLayerWin::setBorderWidth): (WebTiledBackingLayerWin::setBorderColor): (WebTiledBackingLayerWin::createTileController): (WebTiledBackingLayerWin::tiledBacking): (WebTiledBackingLayerWin::invalidate): * platform/graphics/ca/win/WebTiledBackingLayerWin.h: Added. 2015-09-11 Babak Shafiei <bshafiei@apple.com> Merge r189598. 2015-09-10 Chris Fleizach <cfleizach@apple.com> AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Alexey Proskuryakov. Asychronous focus setting DOES work on Yosemite, just not Mavericks. * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-11 Babak Shafiei <bshafiei@apple.com> Merge r189483. 2015-09-07 Chris Fleizach <cfleizach@apple.com> AX: Mavericks: Text cursor does not move along with VoiceOver cursor for text fields https://bugs.webkit.org/show_bug.cgi?id=148891 Reviewed by Mario Sanchez Prada. Undo the asynchronous dispatch of accessibility setting values on pre El Capitan machines because it causes focus to not sync correctly. Test: accessibility/mac/focus-moves-cursor.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilitySetValue:forAttribute:]): (-[WebAccessibilityObjectWrapper _accessibilitySetValue:forAttribute:]): 2015-09-10 Babak Shafiei <bshafiei@apple.com> Merge r189469. 2015-09-07 Daniel Bates <dabates@apple.com> ASSERT_WITH_SECURITY_IMPLICATION in WebCore::DocumentOrderedMap::get(); update form association after subtree insertion https://bugs.webkit.org/show_bug.cgi?id=148919 <rdar://problem/21868036> Reviewed by Andy Estes. Currently we update the form association of a form control upon insertion into the document. Instead we should update the form association of a form control after its containing subtree is inserted into the document to avoid an assertion failure when the containing subtree has an element whose id is identical to both the id of some other element in the document and the name of the form referenced by the inserted form control. Tests: fast/forms/update-form-owner-in-moved-subtree-assertion-failure-2.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-3.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure-4.html fast/forms/update-form-owner-in-moved-subtree-assertion-failure.html * html/FormAssociatedElement.cpp: (WebCore::FormAssociatedElement::insertedInto): Moved resetFormOwner() from here to {HTMLFormControlElement, HTMLObjectElement}::finishedInsertingSubtree(). * html/HTMLFormControlElement.cpp: (WebCore::HTMLFormControlElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLFormControlElement::finishedInsertingSubtree() is called. (WebCore::HTMLFormControlElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLFormControlElement.h: * html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLInputElement::finishedInsertingSubtree() is called and move logic to update radio button group from here... (WebCore::HTMLInputElement::finishedInsertingSubtree): to here. * html/HTMLInputElement.h: * html/HTMLObjectElement.cpp: (WebCore::HTMLObjectElement::insertedInto): Return InsertionShouldCallFinishedInsertingSubtree so that HTMLObjectElement::finishedInsertingSubtree() is called. (WebCore::HTMLObjectElement::finishedInsertingSubtree): Added; turn around and call FormAssociatedElement::resetFormOwner(). * html/HTMLObjectElement.h: * html/HTMLSelectElement.cpp: (WebCore::HTMLSelectElement::insertedInto): Modified to return the result of HTMLFormControlElementWithState::insertedInto(), which may schedule a callback after subtree insertion. * html/HTMLTextFormControlElement.cpp: (WebCore::HTMLTextFormControlElement::insertedInto): Ditto. 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r189167. 2015-08-31 Enrica Casucci <enrica@apple.com> Incorrect cursor movement for U+26F9, U+1F3CB with variations. https://bugs.webkit.org/show_bug.cgi?id=148629 rdar://problem/22492366 Reviewed by Ryosuke Niwa. Updating text break iterator rules to correctly handle those two emoji with variations. * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r189101. 2015-08-28 Brady Eidson <beidson@apple.com> Use new CFNetwork cookie jar SPI only on El Capitan. https://bugs.webkit.org/show_bug.cgi?id=148574 and rdar://problem/22460752 Reviewed by David Kilzer. * platform/network/mac/CookieJarMac.mm: (WebCore::setCookiesFromDOM): Use OS X version to decide which API/SPI to use. * platform/spi/cf/CFNetworkSPI.h: Forward declare the SPI 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188659. 2015-08-19 Brent Fulgham <bfulgham@apple.com> Scrollable area container is not properly cleared when page is going into the PageCache https://bugs.webkit.org/show_bug.cgi?id=148182 <rdar://problem/21969170> Reviewed by Dean Jackson. Must be tested manually going back and forth in history several times. * history/CachedFrame.cpp: (WebCore::CachedFrame::CachedFrame): Clear the cached ScrollableAreas from the FrameView. * page/FrameView.cpp: (WebCore::FrameView::clearScrollableAreas): Added. * page/FrameView.h: 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188370. 2015-08-12 Brent Fulgham <bfulgham@apple.com> Move RenderBox-specific Scroll Snap code from RenderElement to RenderBox https://bugs.webkit.org/show_bug.cgi?id=147963 Reviewed by Simon Fraser. No new tests: No change in functionality. * rendering/RenderBox.cpp: (WebCore::RenderBox::styleWillChange): Remove RenderBox-specific code. (WebCore::RenderBox::willBeRemovedFromTree): Ditto. * rendering/RenderBox.h: * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): Move code from RenderElement to handle Scroll Snap Points. (WebCore::RenderElement::willBeRemovedFromTree): Added new override to handle scroll-snap point logic. 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188340. 2015-08-12 Brent Fulgham <bfulgham@apple.com> REGRESSION(r185606): ASSERT in WebCore::RenderElement::styleWillChange https://bugs.webkit.org/show_bug.cgi?id=147596 <rdar://problem/21963355> Reviewed by Jon Honeycutt. Only add (or remove) a RenderElement from the container of RenderBoxes with scroll snap coordinates if the element actually is a RenderBox. Tested by css3/scroll-snap/improper-snap-points-crash.html. * rendering/RenderElement.cpp: (WebCore::RenderElement::styleWillChange): (WebCore::RenderElement::willBeRemovedFromTree): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188271. 2015-08-11 Said Abou-Hallawa <sabouhallawa@apple.com> feMorphology is not rendered correctly on Retina display https://bugs.webkit.org/show_bug.cgi?id=147589 Reviewed by Dean Jackson. The result ImageBuffer of any FilterEffect is already scaled up for 2x display. The FEMorphology needs to fix its painting data dimension and radius by multiplying them by the filter scale factor. Test: fast/hidpi/filters-morphology.html * platform/graphics/filters/FEMorphology.cpp: (WebCore::FEMorphology::platformApplySoftware): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r188014. 2015-08-05 Chris Dumez <cdumez@apple.com> Crash when removing children of a MathMLSelectElement https://bugs.webkit.org/show_bug.cgi?id=147704 <rdar://problem/21940321> Reviewed by Ryosuke Niwa. When MathMLSelectElement::childrenChanged() is called after its children have been removed, MathMLSelectElement calls updateSelectedChild() which accesses m_selectedChild. However, in this case, m_selectedChild is the previously selected child and it may be destroyed as this point if it was removed. To avoid this problem, MathMLSelectElement now keep a strong ref to the currently selected element. Test: mathml/maction-removeChild.html * mathml/MathMLSelectElement.h: 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r187564. 2015-07-29 Zalan Bujtas <zalan@apple.com> Remove the spanner placeholder from m_spannerMap when the placeholder object gets transferred to a descendant flow. https://bugs.webkit.org/show_bug.cgi?id=147380 rdar://problem/21981078 Reviewed by David Hyatt. Before r180328, the spanner placeholder was removed from m_spannerMap through RenderMultiColumnFlowThread::removeFlowChildInfo() by calling flowThreadRelativeWillBeRemoved() when the placeholder renderer got transferred to the descendant flow. Now we just remove it from the map when the renderer is being detached. Test: fast/multicol/newmulticol/spanner-crash-with-embedded-columns.html * rendering/RenderMultiColumnFlowThread.cpp: (WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted): 2015-09-03 Babak Shafiei <bshafiei@apple.com> Merge r186984. 2015-07-17 Zalan Bujtas <zalan@apple.com> REGRESSION (r169105): Do not assign a renderer to multiple selection subtrees. https://bugs.webkit.org/show_bug.cgi?id=147038 rdar://problem/21819351 Reviewed by David Kilzer. A renderer should never be assigned to multiple selection subtrees. (Currently RenderObject maintains the last selection state.) RenderView::applySubtreeSelection() loops from the start to the end of the selection to find renderers that are inside the selection. However, in case of regions (when multiple selection roots are present) traversing the renderer tree by calling RenderObject::nextInPreOrder() could end up going across selection roots. This patch ensures that we assign renderers to a specific selection only when the current selection root and the renderer's selection root match. Test: fast/regions/crash-when-renderer-is-in-multiple-selection-subtrees2.html * rendering/RenderView.cpp: (WebCore::SelectionIterator::SelectionIterator): (WebCore::SelectionIterator::current): (WebCore::SelectionIterator::checkForSpanner): (WebCore::RenderView::applySubtreeSelection): 2015-08-28 Babak Shafiei <bshafiei@apple.com> Merge r189024. 2015-08-27 Enrica Casucci <enrica@apple.com> Add some new emoji with modifiers and new sequence. https://bugs.webkit.org/show_bug.cgi?id=148202 rdar://problem/21849857 Reviewed by Sam Weinig. Adding support for some new emoji with modifiers and one new emoji sequence. * platform/graphics/FontCascade.cpp: (WebCore::FontCascade::characterRangeCodePath): * platform/text/CharacterProperties.h: (WebCore::isEmojiGroupCandidate): (WebCore::isEmojiModifier): * platform/text/TextBreakIterator.cpp: (WebCore::cursorMovementIterator): 2015-08-21 Matthew Hanson <matthew_hanson@apple.com> Merge r188769. rdar://problem/22354983 2015-08-21 Doug Russell <d_russell@apple.com> AX: Table with CSS that makes a row anonymous can return NULL from cellForColumnAndRow https://bugs.webkit.org/show_bug.cgi?id=148293 Reviewed by Chris Fleizach. When RenderTableRows are anonymous, they may not be added to the accessible data table's internal row list. However, when calculating the row range for a cell, we were still accounting for those anonymous sections. Change how the row range is calculated to directly ask the accessible parent row for its index. This will ensure it’s more inline with what’s being represented to the accessibility API. Test: accessibility/aria-table-content.html * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentRow): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableCell.h: 2015-08-21 Matthew Hanson <matthew_hanson@apple.com> Merge r188765. rdar://problem/22356782 2015-08-21 Beth Dakin <bdakin@apple.com> HistoryItems will null CachedPages should never be left in the list of items; causes crash https://bugs.webkit.org/show_bug.cgi?id=148237 -and corresponding- rdar://problem/22356782 Reviewed by Brady Eidson. Setting the CachedPage to nullptr will destroy the CachedPage, destroy the FrameView, re-enter layout, and potentially try to modify items in the PageCache based on that layout. So, we should not modify CachedPage in this way while the item is still in the list of HistoryItems. * history/PageCache.cpp: (WebCore::PageCache::take): (WebCore::PageCache::remove): (WebCore::PageCache::prune): 2015-08-17 Matthew Hanson <matthew_hanson@apple.com> Merge r188531. rdar://problem/22308554 2015-08-17 Andy Estes <aestes@apple.com> REGRESSION (r188486): Crash in SubresourceLoader::didReceiveResponse() when TemporaryChange goes out of scope https://bugs.webkit.org/show_bug.cgi?id=148082 Reviewed by Alexey Proskuryakov. Covered by existing tests run under ASan or Guard Malloc. * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::didReceiveResponse): Ensure that callingDidReceiveResponse is destroyed while the SubresourceLoader is still alive by declaring it after protect. 2015-08-14 Babak Shafiei <bshafiei@apple.com> Merge r188486. 2015-08-13 Andy Estes <aestes@apple.com> [Cocoa] Downloads do not start if policy decision is made asynchronously https://bugs.webkit.org/show_bug.cgi?id=147985 Reviewed by Brady Eidson. It's only possible to convert a NSURLConnection to a download while the connection delegate's -connection:didReceiveResponse: is being called. However, WebKit clients can decide content policy asynchronously. If a client chooses to download a response asynchronously, we can no longer convert the connection to a download, so we should start a new download instead. New API test: _WKDownload.AsynchronousDownloadPolicy * dom/Document.cpp: Updated to include SubresourceLoader.h. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::mainResourceLoader): Updated to return a SubresourceLoader. (WebCore::DocumentLoader::continueAfterContentPolicy): Cast mainResourceLoader() to a ResourceLoader since didFail() is private in SubresourceLoader. * loader/DocumentLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::SubresourceLoader): Initialized m_callingDidReceiveResponse to false. (WebCore::SubresourceLoader::didReceiveResponse): Used TemporaryChange<> to set m_callingDidReceiveResponse to true. * loader/SubresourceLoader.h: * loader/appcache/ApplicationCacheHost.cpp: Updated to include SubresourceLoader.h. * loader/mac/DocumentLoaderMac.cpp: Ditto. 2015-08-13 Babak Shafiei <bshafiei@apple.com> Merge r188416. 2015-08-13 Jer Noble <jer.noble@apple.com> Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Eric Carlson. When two seekWithTolerance() requests come in before the first is acted upon in seekTask(), the second will result in a "no seek required" conditional, because the new "currentTime" is assumed to be the destination time of the first seek. When cancelling a pending seek, first replace the "now" value with the "now" value from the replaced seek, thus preserving the original currentTime across all replacement seeks. Drive-by fix: some added logging causes occasional crashes, due to the underlying object being accessed having been deleted. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::seekWithTolerance): * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): 2015-08-13 Matthew Hanson <matthew_hanson@apple.com> Merge r188390. rdar://problem/21367467 2015-08-13 Eric Carlson <eric.carlson@apple.com> Don't short circuit seeking https://bugs.webkit.org/show_bug.cgi?id=147892 Reviewed by Jer Noble. Test: media/video-seek-to-current-time.html * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Call clearSeeking. (WebCore::HTMLMediaElement::fastSeek): Add logging. (WebCore::HTMLMediaElement::seekWithTolerance): Add logging. Set m_pendingSeekType. (WebCore::HTMLMediaElement::seekTask): Call clearSeeking. Don't short circuit a if the current or pending seek is a fast seek. Set m_seeking to true immediately before calling media engine as it may have been cleared before the seek task queue ran. (WebCore::HTMLMediaElement::clearSeeking): New. * html/HTMLMediaElement.h: * html/HTMLMediaElementEnums.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): Clear m_pendingTasks. * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp: (WebCore::MediaPlayerPrivateAVFoundation::seekWithTolerance): Don't return early when asked to seek to the current time. (WebCore::MediaPlayerPrivateAVFoundation::invalidateCachedDuration): Remove some extremely noisy logging. * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::seekToTime): Add logging. 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188263. rdar://problem/22202935 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188203. rdar://problem/22026625 2015-08-09 Nan Wang <n_wang@apple.com> AX: CSS table display styles can cause malformed, inaccessible AXTables to be exposed to the AX tree https://bugs.webkit.org/show_bug.cgi?id=136415 <rdar://problem/22026625> Reviewed by Chris Fleizach. Applying CSS display styles to tables can end up inserting anonymous RenderTableRows, which is not handled well by the accessibility code, which treats these as the actual rows. We can address this by diving deeper into anonymous nodes and finding the real rows and cells we want. In addition, another thing also causing malformed tables is that "grid" roles are being exposed as AXGrid instead of AXTable. Test: accessibility/mac/malformed-table.html * accessibility/AccessibilityARIAGrid.cpp: (WebCore::AccessibilityARIAGrid::addRowDescendant): * accessibility/AccessibilityTable.cpp: (WebCore::AccessibilityTable::addChildren): (WebCore::AccessibilityTable::addTableCellChild): (WebCore::AccessibilityTable::addChildrenFromSection): * accessibility/AccessibilityTable.h: * accessibility/AccessibilityTableCell.cpp: (WebCore::AccessibilityTableCell::parentTable): (WebCore::AccessibilityTableCell::rowIndexRange): * accessibility/AccessibilityTableRow.cpp: (WebCore::AccessibilityTableRow::parentTable): * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (createAccessibilityRoleMap): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188243. rdar://problem/22102378 2015-08-10 Myles C. Maxfield <mmaxfield@apple.com> Post-review fixup after r188195 https://bugs.webkit.org/show_bug.cgi?id=147806 Unreviewed. Covered by fast/text/crash-obscure-text.html. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::objectForEqualityCheck): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188195. rdar://problem/22102378 2015-08-09 Myles C. Maxfield <mmaxfield@apple.com> Crash in ComplexTextController when laying out obscure text https://bugs.webkit.org/show_bug.cgi?id=147806 <rdar://problem/22102378> Reviewed by Darin Adler. CTFontDescriptorCopyAttribute(fontDescriptor.get(), kCTFontReferenceURLAttribute) can return nullptr. Test: fast/text/crash-obscure-text.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::safeCFEqual): (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r188263. rdar://problem/22202935 2015-08-11 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Arabic letter Yeh is drawn in LastResort https://bugs.webkit.org/show_bug.cgi?id=147862 <rdar://problem/22202935> Reviewed by Darin Adler. In order to perform font fallback, we must know which fonts support which characters. We perform this check by asking each font to map a sequence of codepoints to glyphs, and any glyphs which end up with a 0 value are unsupported by the font. One of the mechanisms that we use to do this is to combine the code points into a string, and tell Core Text to lay out the string. However, this is fundamentally a different operation than the one we are trying to perform. Strings combine adjacent codepoints into grapheme clusters, and CoreText operates on these. However, we are trying to gain information regarding codepoints, not grapheme clusters. Instead of taking this string-based approach, we should try harder to use Core Text functions which operate on ordered collections of characters, rather than strings. In particular, CTFontGetGlyphsForCharacters() and CTFontGetVerticalGlyphsForCharacters() have the behavior we want where any unmapped characters end up with a 0 value glyph. Previously, we were only using the result of those functions if they were successfully able to map their entire input. However, given the fact that we can degrade gracefully in the case of a partial mapping, we shouldn't need to bail completely to the string-based approach should a partial mapping occur. At some point we should delete the string-based approach entirely. However, this path is still explicitly used for composite fonts. Fixing that use case is out of scope for this patch. Test: fast/text/arabic-glyph-cache-fill-combine.html * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::GlyphPage::fill): 2015-08-11 Matthew Hanson <matthew_hanson@apple.com> Merge r187758. rdar://problem/22095006 2015-08-03 Anders Carlsson <andersca@apple.com> Safari is failing to remove SQLite Databases via Remove All Website Data https://bugs.webkit.org/show_bug.cgi?id=147584 rdar://problem/22095006 Reviewed by Brady Eidson. If we end up deleting every single database for an origin, make sure to also delete the origin. * Modules/webdatabase/DatabaseTracker.cpp: (WebCore::DatabaseTracker::deleteDatabasesModifiedSince): 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188182. rdar://problem/21254835 2015-08-07 James Craig <jcraig@apple.com> REGRESSION(r184722) AX: WebKit video playback toolbar removed from DOM; no longer accessible to VoiceOver https://bugs.webkit.org/show_bug.cgi?id=145684 Reviewed by Dean Jackson. Updated Apple Video controls to add an invisible but focusable button that allows VoiceOver users (and when unblocked, keyboard users) to re-display the video controls. Test: media/video-controls-show-on-kb-or-ax-event.html * English.lproj/mediaControlsLocalizedStrings.js: * Modules/mediacontrols/mediaControlsApple.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.createControls): (Controller.prototype.handleFullscreenChange): (Controller.prototype.handleShowControlsClick): (Controller.prototype.handleWrapperMouseMove): (Controller.prototype.updateForShowingControls): (Controller.prototype.showControls): (Controller.prototype.hideControls): (Controller.prototype.setNeedsUpdateForDisplayedWidth): * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-show-controls): (video::-webkit-media-show-controls): 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188196. rdar://problem/22192773 2015-08-09 Eric Carlson <eric.carlson@apple.com> [Mac] Always require ExternalDeviceAutoPlayCandidate flag to AirPlay automatically https://bugs.webkit.org/show_bug.cgi?id=147801 Reviewed by Dean Jackson. Test: http/tests/media/video-media-document-disposition-download.html * Modules/mediasession/WebMediaSessionManager.cpp: (WebCore::WebMediaSessionManager::configurePlaybackTargetClients): Don't tell the last element to begin playing to the target unless the ExternalDeviceAutoPlayCandidate flag is set and it is not currently playing. 2015-08-10 Dana Burkart <dburkart@apple.com> Merge r188190. rdar://problem/22191482 2015-08-08 Commit Queue <commit-queue@webkit.org> Unreviewed, rolling out r179871. https://bugs.webkit.org/show_bug.cgi?id=147810 Breaks product images on http://www.apple.com/shop/buy- mac/macbook (Requested by smfr on #webkit). Reverted changeset: "Render: properly update body's background image" https://bugs.webkit.org/show_bug.cgi?id=140183 http://trac.webkit.org/changeset/179871 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187962. rdar://problem/21827815 2015-08-05 Daniel Bates <dabates@apple.com> REGRESSION (r185111): Clicking phone numbers doesn't prompt to call sometimes https://bugs.webkit.org/show_bug.cgi?id=147678 <rdar://problem/21827815> Reviewed by Brady Eidson. Fixes an issue where a non-user-initiated navigation of the main frame to a phone link (tel URL) may be ignored. The navigation is ignored if the page was reloaded as a result of a web content process crash, its lifetime exceeded the back-forward cache expiration interval, or a person quits and opens Safari again, among other scenarios. * history/HistoryItem.cpp: (WebCore::HistoryItem::setShouldOpenExternalURLsPolicy): Added. (WebCore::HistoryItem::shouldOpenExternalURLsPolicy): Added. * history/HistoryItem.h: * loader/FrameLoader.cpp: (WebCore::FrameLoader::loadDifferentDocumentItem): Apply the "should open external URLs" policy from the history item, if applicable. Also, be more explicit when instantiating a NavigationAction so as to help make it straightforward to reduce the number of NavigationAction constructors we have in the future. * loader/HistoryController.cpp: (WebCore::HistoryController::saveDocumentState): Save the "should open external URLs" policy to the history item. (WebCore::HistoryController::restoreDocumentState): Apply the "should open external URLs" policy from the history item to the document loader. (WebCore::HistoryController::initializeItem): Update the "should open external URLs" policy of the history item to reflect the policy of the document loader associated with the current frame. 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187935. rdar://problem/22097682 2015-08-04 Doug Russell <d_russell@apple.com> AX: tree item children returned from ranged getter are different from full array of children https://bugs.webkit.org/show_bug.cgi?id=147660 Reviewed by Chris Fleizach. Add an isTreeItem() check in ranged element getter so that it matches the logic in the getter for the full children array. This prevents returning a row as a child when only the rows contents should be returned. This prevents navigation issues on websites without aria outlines. Test: accessibility/mac/aria-tree-item-children.html * accessibility/mac/WebAccessibilityObjectWrapperMac.mm: (-[WebAccessibilityObjectWrapper accessibilityArrayAttributeValues:index:maxCount:]): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187930. rdar://problem/21870332 2015-08-04 Brent Fulgham <bfulgham@apple.com> REGRESSION (r173784): [Mac] Correct latching error for non-scrollable iframe nested inside scrollable div. https://bugs.webkit.org/show_bug.cgi?id=147668 <rdar://problem/21870332> Reviewed by Simon Fraser. Test: platform/mac/fast/scrolling/scroll-div-with-nested-nonscrollable-iframe.html When we are wrapping up processing of the wheel event for a given frame, if the current latching context does NOT apply to the current frame (e.g., because it's latched to an enclosing frame) we should not pass wheel events directly to the latched elements scrollable container. Instead, we should just give the current frame an opportunity to perform any custom wheel event handling and return, so that the enclosing (latched) frame can do the rest of its event handling. If we don't do this, we incorrectly ask the enclosing frame to process the event, then return claiming that we handled the event, preventing the enclosing frame from doing its part of the processing. * page/mac/EventHandlerMac.mm: (WebCore::EventHandler::platformCompleteWheelEvent): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187892. rdar://problem/21932187 2015-08-04 Eric Carlson <eric.carlson@apple.com> [Mac] Do not require a video track for AirPlay https://bugs.webkit.org/show_bug.cgi?id=147647 Reviewed by Jer Noble. * Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.handleReadyStateChange): Call updateWirelessTargetAvailable(). (Controller.prototype.updateHasVideo): Don't call updateWirelessTargetAvailable(). (Controller.prototype.updateWirelessTargetAvailable): Don't require video. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Call updateMediaState when we reach HAVE_METADATA. (WebCore::HTMLMediaElement::mediaState): Don't require video, only that the file can play. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::showPlaybackTargetPicker): Check readyState instead of hasVideo. 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187886. rdar://problem/15779101 2015-08-04 Alexey Proskuryakov <ap@apple.com> Implement NPAPI redirect handling https://bugs.webkit.org/show_bug.cgi?id=138675 rdar://problem/15779101 Patch by Jeffrey Pfau, updated and tweaked by me. Reviewed by Anders Carlsson. Test: http/tests/plugins/get-url-redirect-notify.html * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::willSendRequest): (WebCore::NetscapePlugInStreamLoader::didReceiveResponse): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::init): (WebCore::ResourceLoader::isSubresourceLoader): (WebCore::ResourceLoader::willSendRequestInternal): (WebCore::ResourceLoader::willSendRequest): (WebCore::ResourceLoader::didSendData): * loader/ResourceLoader.h: * loader/SubresourceLoader.cpp: (WebCore::SubresourceLoader::isSubresourceLoader): (WebCore::SubresourceLoader::willSendRequestInternal): (WebCore::SubresourceLoader::willSendRequest): Deleted. * loader/SubresourceLoader.h: * plugins/npapi.h: * plugins/npfunctions.h: 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187693. rdar://problem/22047626 2015-07-31 Myles C. Maxfield <mmaxfield@apple.com> [Cocoa] Latin quotes are used with the system font on Chinese devices https://bugs.webkit.org/show_bug.cgi?id=147504 Reviewed by Dean Jackson. The system font has some fancy logic regarding character selection which requires using Core Text for glyph selection. No new tests because tests can't change the system language of the device. * platform/graphics/mac/GlyphPageMac.cpp: (WebCore::shouldUseCoreText): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187622. rdar://problem/15779101 2015-07-30 Anders Carlsson <andersca@apple.com> Remove stray printf. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-06 Dana Burkart <dburkart@apple.com> Merge r187620. rdar://problem/15779101 2015-07-30 Anders Carlsson <andersca@apple.com> Assertion failure when a plug-in loads a resource that redirects somewhere https://bugs.webkit.org/show_bug.cgi?id=147469 Reviewed by Alexey Proskuryakov. Test: http/tests/plugins/get-url-redirect.html r186597 moved the call to addPlugInStreamLoader to willSendRequest. This is wrong since willSendRequest can be invoked more than once. Fix this by making the initialization phase of NetscapePlugInStreamLoader be more like SubresourceLoader where we only call addPlugInStreamLoader once we've successfully initialized the loader, and only call removePlugInStreamLoader if we've called addPlugInStreamLoader. Also change addPlugInStreamLoader and removePlugInStreamLoader to take references. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::addPlugInStreamLoader): (WebCore::DocumentLoader::removePlugInStreamLoader): * loader/DocumentLoader.h: * loader/NetscapePlugInStreamLoader.cpp: (WebCore::NetscapePlugInStreamLoader::create): (WebCore::NetscapePlugInStreamLoader::init): (WebCore::NetscapePlugInStreamLoader::didFinishLoading): (WebCore::NetscapePlugInStreamLoader::didFail): (WebCore::NetscapePlugInStreamLoader::didCancel): (WebCore::NetscapePlugInStreamLoader::notifyDone): * loader/NetscapePlugInStreamLoader.h: * loader/ResourceLoader.cpp: (WebCore::ResourceLoader::willSendRequest): Deleted. * loader/ResourceLoader.h: (WebCore::ResourceLoader::isPlugInStreamLoader): Deleted. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestObject): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187805. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Clean up casts between NSFont*s and CTFontRefs https://bugs.webkit.org/show_bug.cgi?id=147618 Reviewed by Mitz Pettel. For toll free bridged types, it makes more sense to do a C-style cast, than jump through hoops for older compilers. No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: (WebCore::FontPlatformData::nsFont): (WebCore::FontPlatformData::hash): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187807. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Fix crashing Mavericks test Unreviewed. * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187776. rdar://problem/21925990 2015-08-03 Eric Carlson <eric.carlson@apple.com> [Mac] Always require user gesture to begin playing to AppleTV automatically https://bugs.webkit.org/show_bug.cgi?id=147591 Reviewed by Jer Noble. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaState): Don't set the ExternalDeviceAutoPlayCandidate flag until the user has explicitly triggered playback. 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187806. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> Unreviewed post-review feedback on r187797 The correct terminology is "registered" instead of "activated." No new tests because there is no behavior change. * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::registeredFont): (WebCore::FontPlatformData::activatedFont): Deleted. 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187797. rdar://problem/21838271 2015-08-03 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION(r184899): Crash when focusing an input element styled with a web font https://bugs.webkit.org/show_bug.cgi?id=147616 <rdar://problem/21838271> Reviewed by Dean Jackson. NSFontManager can't handle web fonts. We used to pass null to NSFontManager in this case, but r184899 changed that. Test: fast/text/input-webfont-focus.html * platform/graphics/FontPlatformData.h: * platform/graphics/cocoa/FontPlatformDataCocoa.mm: (WebCore::FontPlatformData::activatedFont): 2015-08-04 Matthew Hanson <matthew_hanson@apple.com> Merge r187792. rdar://problem/22116575 2015-08-03 Tim Horton <timothy_horton@apple.com> REGRESSION (r186916): TextIndicators for multiline link previews are unreadable/offset/blank https://bugs.webkit.org/show_bug.cgi?id=147615 <rdar://problem/22116575> Reviewed by Dean Jackson. * page/mac/TextIndicatorWindow.mm: (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]): No need to offset by the difference between the text bounding rect and the selection bounding rect, because the snapshot is now (after r186916) taken of exactly the text bounding rect. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187691. rdar://problem/22060183 2015-07-31 Chris Dumez <cdumez@apple.com> Coalesce authentication credential requests https://bugs.webkit.org/show_bug.cgi?id=128006 <rdar://problem/16839069> Reviewed by Alexey Proskuryakov. Export symbol for ProtectionSpace::compare() so it can be called from WebKit2. * platform/network/ProtectionSpaceBase.h: 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187685. rdar://problem/21775336 2015-07-31 Myles C. Maxfield <mmaxfield@apple.com> [SVG -> OTF Converter] Crash when converting Arabic fonts https://bugs.webkit.org/show_bug.cgi?id=147510 Reviewed by Anders Carlsson. SVGToOTFFontConverter::compareCodepointsLexicographically() wasn't transitive. Test: fast/text/arabic-duplicate-glyph-font.html * svg/SVGToOTFFontConversion.cpp: (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187545. rdar://problem/21893047 2015-07-29 Dean Jackson <dino@apple.com> Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 <rdar://problem/21893047> Fix the iOS builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::unpremultiplyBufferData): (WebCore::premultiplyBufferData): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187536. rdar://problem/21893047 2015-07-28 Simon Fraser <simon.fraser@apple.com> Fix debug builds. * platform/graphics/cg/ImageBufferDataCG.cpp: (WebCore::premultiplyBufferData): (WebCore::unpremultiplyBufferData): 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187534. rdar://problem/21893047 2015-07-28 Dean Jackson <dino@apple.com> Remove dispatch_apply_f and instead use vImage more directly https://bugs.webkit.org/show_bug.cgi?id=147391 <rdar://problem/21893047> Reviewed by Simon Fraser. Use vImage unmultiplication and premultiplication functions on the entire ImageBufferData object, rather than getting and setting data on an line by line using dispatch_apply. We were seeing some crashes in vImage with the smaller buffer sizes, and hopefully this will either fix the problem, or give us a better stack trace to diagnose. I also did a drive-by change of "dst" to "dest". It was inconsistent throughout the file. Convered by the tests in fast/canvas and imported/w3c/canvas * platform/graphics/cg/ImageBufferDataCG.cpp: Remove the ScanlineData structure. It is no longer needed. (WebCore::premultiplyBufferData): New function that calls vImagePremultiplyData_RGBA8888. (WebCore::unpremultiplyBufferData): New function that calls vImageUnpremultiplyData_RGBA8888. (WebCore::affineWarpBufferData): Extracting some common code into a function. (WebCore::ImageBufferData::getData): Use the two new functions as appropriate. Move some of the code around now that more is shared between the different #if branches. (WebCore::ImageBufferData::putData): (WebCore::convertScanline): Deleted. (WebCore::unpremultitplyScanline): Deleted. (WebCore::premultitplyScanline): Deleted. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187740. rdar://problem/22098457 2015-08-03 Brady Eidson <beidson@apple.com> Crash when signing into twitter calling WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&). <rdar://problem/22098457> and https://bugs.webkit.org/show_bug.cgi?id=147560 Reviewed by Alexey Proskuryakov. * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Only grab identifierForLoadWithoutResourceLoader() if there's no ResourceLoader. 2015-08-03 Matthew Hanson <matthew_hanson@apple.com> Merge r187466. rdar://problem/21960398 2015-07-27 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. <rdar://problem/21960398> and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187675. rdar://problem/21632211 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-08-01 Babak Shafiei <bshafiei@apple.com> Merge r187686. 2015-07-31 Tim Horton <timothy_horton@apple.com> [iOS] DOMNode preview snapshot rects are wrong for user-select: none links https://bugs.webkit.org/show_bug.cgi?id=147513 <rdar://problem/22083354> Reviewed by Simon Fraser. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): Use the same code as WebKit2 to compute the fallback rect (if TextIndicator fails), asking the RenderObject (or RenderImage) for its bounding box instead of using the (often wrong) Range bounding rect. Make sure to use the fallback rect *any* time TextIndicator fails (before we would return no rects at all if TextIndicator::createWithRange returned null, and the fallback rect if it returned with an empty image). Inverse-page-scale the margin, to match the appearance in WebKit2. 2015-08-01 Babak Shafiei <bshafiei@apple.com> Merge r187687. 2015-07-31 Andreas Kling <akling@apple.com> Crashes under HTMLMediaElement::updateActiveTextTrackCues() when destroying CachedPage. <https://webkit.org/b/147506> <rdar://problem/21939014> Reviewed by Chris Dumez. Don't mess with the media element's text tracks below its ActiveDOMObject::stop() implementation, since that may cause DOM mutations. I don't have a repro or a test for this, but plenty of crash logs to indicate that we're getting ourselves into trouble by modifying the DOM during CachedPage teardown. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::configureTextTrackDisplay): 2015-07-31 Babak Shafiei <bshafiei@apple.com> Roll out r187466. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187694. 2015-07-31 Eric Carlson <eric.carlson@apple.com> [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Tim Horton. Change an enum name added in r187688. * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): DefinitelyProcessingMediaUserGesture -> DefinitelyProcessingPotentialUserGesture (WebCore::UserGestureIndicator::processingUserGestureForMedia): Ditto. * dom/UserGestureIndicator.h: Ditto. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187688. 2015-07-31 Eric Carlson <eric.carlson@apple.com> [iOS] use a media-specific user gesture check https://bugs.webkit.org/show_bug.cgi?id=147509 Reviewed by Jer Noble. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::processingUserGestureForMedia): New. * bindings/js/ScriptController.h: * dom/UserGestureIndicator.cpp: (WebCore::isDefinite): Allow DefinitelyProcessingMediaUserGesture. (WebCore::UserGestureIndicator::processingUserGestureForMedia): New. * dom/UserGestureIndicator.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::load): Use ScriptController::processingUserGestureForMedia instead of ScriptController::processingUserGesture (WebCore::HTMLMediaElement::play): Ditto. 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187684. 2015-07-31 Jeremy Jones <jeremyj@apple.com> Rename AVPlayerLayerView to _AVPlayerLayerView. https://bugs.webkit.org/show_bug.cgi?id=147399 Reviewed by Eric Carlson. Change class name AVPlayerLayerView to match change in AVKit SPI. This prevents conflicts with 3rd party apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebAVPlayerLayerView_dealloc): (getWebAVPlayerLayerViewClass): * platform/spi/cocoa/AVKitSPI.h: 2015-07-31 Babak Shafiei <bshafiei@apple.com> Merge r187675. 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Rubber-stamped by Joseph Pecoraro. Follow-up test crash fix: call superclass's contextDestroyed() which allows the m_scriptExecutionContext variable to be cleared. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187655. rdar://problem/21632211 2015-07-31 Jer Noble <jer.noble@apple.com> CRASH at WebCore::TaskDispatcher<WebCore::ScriptExecutionContext>::postTask + 38 https://bugs.webkit.org/show_bug.cgi?id=147485 Reviewed by Eric Carlson. CrashLogs indicate a use-after-free of the ScriptExecutionContext (i.e., Document) used by the GenericTaskQueue objects owned by HTMLMediaElement. When the ScriptExecutionContext notifies its ActiveDOMObjects that it is about to be destroyed, close() the GenericTaskQueues so that they can no longer accept new tasks. Previously, enqueueing a task on a closed GenericTaskQueue ASSERTed in debug builds, but silently succeeded in release builds. Calling enqueueTask() on a closed GenericTaskQueue is now a no-op. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::contextDestroyed): * html/HTMLMediaElement.h: * platform/GenericTaskQueue.h: (WebCore::GenericTaskQueue::enqueueTask): 2015-07-31 Matthew Hanson <matthew_hanson@apple.com> Merge r187630. rdar://problem/18835799 2015-07-30 Andreas Kling <akling@apple.com> [CF] Web process continually eating memory on simple, shared Google Docs spreadsheet. <https://webkit.org/b/147403> <rdar://problem/18835799> Reviewed by Geoffrey Garen. Make sure we service the CFRunLoop on worker threads, since ports using CoreFoundation will be scheduling garbage collections and heap sweeps using CFRunLoop timers. This fix is a stopgap. Long term we need a better design for integrating GC tasks with with the web worker run loop. * workers/WorkerRunLoop.cpp: (WebCore::WorkerRunLoop::runInMode): Instead of sleeping forever, calculate a better wakeup deadline by asking the CFRunLoop when its next timer will fire. Then, when a timeout occurs, call CFRunLoopRunInMode (with seconds=0) to service pending timers. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187557 2015-07-29 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange. <rdar://problem/21412186> and https://bugs.webkit.org/show_bug.cgi?id=147418 Reviewed by Chris Dumez. No new tests (No known reproducibility) * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::responseReceived): When setting to m_waitingForContentPolicy true, make sure we have a FrameLoader. (WebCore::DocumentLoader::detachFromFrame): Always explicitly call cancelPolicyCheckIfNeeded(). (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Cancel the policy check if there is one. (WebCore::DocumentLoader::cancelMainResourceLoad): Use cancelPolicyCheckIfNeeded(). * loader/DocumentLoader.h: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187556 2015-07-29 Brady Eidson <beidson@apple.com> Crash calling webSocket.close() from onError handler for blocked web socket. <rdar://problem/21771620> and https://bugs.webkit.org/show_bug.cgi?id=147411 Reviewed by Tim Horton. Tests: http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html This was introduced with http://trac.webkit.org/changeset/185848 * Modules/websockets/WebSocket.cpp: (WebCore::WebSocket::connect): When blocked because of mixedContent, call dispatchOrQueueErrorEvent(). (WebCore::WebSocket::didReceiveMessageError): Use dispatchOrQueueErrorEvent() instead. (WebCore::WebSocket::dispatchOrQueueErrorEvent): Dispatch the error event, but don't dispatch one twice! * Modules/websockets/WebSocket.h: * Modules/websockets/WebSocketChannel.cpp: (WebCore::WebSocketChannel::fail): Null-check m_handshake before creating a console message from it. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187535 2015-07-28 Simon Fraser <simon.fraser@apple.com> Animations sometimes fail to start https://bugs.webkit.org/show_bug.cgi?id=147394 rdar://problem/21852603 Reviewed by Dean Jackson. When an accelerated animation or transition was started at the same time as a non-accelerated one, and then the node for the former was removed, we could never kick off the non-accelerated animation. AnimationControllerPrivate has logic to synchronize the two types of animation when they start in the same animation update, which involves setting the m_waitingForAsyncStartNotification flag, and waiting for a notifyAnimationStarted() to come in from the graphics system. However, it failed to handle the case where the accelerated animation was removed before the callback was received, which left the m_waitingForAsyncStartNotification flag set to true, preventing the non-accelerated animation from running. Test: animations/remove-syncing-animation.html * page/animation/AnimationBase.h: (WebCore::AnimationBase::isAccelerated): Make this public. * page/animation/AnimationController.cpp: (WebCore::AnimationControllerPrivate::clear): Add logging. (WebCore::AnimationControllerPrivate::receivedStartTimeResponse): Add logging. (WebCore::AnimationControllerPrivate::animationWillBeRemoved): Add logging. After removing animations from the maps, check to see if we expect any of the remaining animations are waiting for a notifyAnimationStarted(). If not, clear the m_waitingForAsyncStartNotification flag. (WebCore::AnimationController::notifyAnimationStarted): Log the renderer. (WebCore::AnimationControllerPrivate::AnimationControllerPrivate): Remove unneeded initializations of HashMaps. * page/animation/CompositeAnimation.cpp: (WebCore::CompositeAnimation::updateTransitions): Log renderers. (WebCore::CompositeAnimation::updateKeyframeAnimations): Ditto. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187525 2015-07-28 Myles C. Maxfield <mmaxfield@apple.com> [iOS] Crash when encountering characters whose natural font is one we can't look up https://bugs.webkit.org/show_bug.cgi?id=147377 <rdar://problem/22022011> Reviewed by Simon Fraser. These characters hit the complex text code path, where CoreText picks fonts to use for each character. We then try to map these CoreText fonts back to our own Font objects, and we assume (on iOS) that our own font search will always return something. On OS X, we do not have such an assumption, and we handle the case where it does not hold. This method works on iOS as well, so the solution is to just perform it on both OSes. Test: fast/text/crash-complex-unknown-font.html * platform/graphics/mac/ComplexTextControllerCoreText.mm: (WebCore::ComplexTextController::collectComplexTextRunsForCharacters): 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187522 2015-07-28 Said Abou-Hallawa <sabouhallawa@apple.com> [iOS] REGRESSION(r168075): Fullscreen web video doesn't pause on screen lock https://bugs.webkit.org/show_bug.cgi?id=147269 Reviewed by Andreas Kling. Media elements should pause when the application is going to EnterBackground under lock regardless whether it is in full screen or not. * platform/audio/PlatformMediaSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::doInterruption): This code was moved from beginInterruption(). (WebCore::PlatformMediaSession::shouldDoInterruption): Move the condition which allows the media session interruption to a separate function. (WebCore::PlatformMediaSession::beginInterruption): Call the functions shouldDoInterruption() and doInterruption(). (WebCore::PlatformMediaSession::forceInterruption): This function will be called from PlatformMediaSessionManager::applicationDidEnterBackground() to override the decision which is made by PlatformMediaSession::beginInterruption() if the application isSuspendedUnderLock. * platform/audio/PlatformMediaSessionManager.h: * platform/audio/PlatformMediaSessionManager.cpp: (WebCore::PlatformMediaSessionManager::applicationDidEnterBackground): [UIApp isSuspendedUnderLock] is only valid when it is called when the UIApplicationDidEnterBackgroundNotification is received. We need to force interrupting the media sessions if the application isSuspendedUnderLock and UIApplicationWillResignActiveNotification was ignored because of PiP. * platform/audio/ios/MediaSessionManagerIOS.h: * platform/audio/ios/MediaSessionManagerIOS.mm: (-[WebMediaSessionHelper initWithCallback:]): (-[WebMediaSessionHelper applicationDidEnterBackground:]): Listen to UIApplicationDidEnterBackgroundNotification and make a call on the web thread to PlatformMediaSessionManager::applicationDidEnterBackground() and pass the isSuspendedUnderLock flag which is queried on the UIProcess. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187521 2015-07-28 Tim Horton <timothy_horton@apple.com> [iOS] Creating a TextIndicator causes the view to scroll to the current selection https://bugs.webkit.org/show_bug.cgi?id=147379 <rdar://problem/22038421> Reviewed by Beth Dakin. * editing/Editor.cpp: (WebCore::Editor::setIgnoreCompositionSelectionChange): * editing/Editor.h: Add a flag so that setIgnoreCompositionSelectionChange(false) can still not force-reveal the current selection. This is useful for e.g. TextIndicator, who saves the selection, changes it, and then restores it, but doesn't want to scroll to the saved/restored selection. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithRange): Make use of the above flag. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187516 2015-07-28 Eric Carlson <eric.carlson@apple.com> [iOS] Set AirPlay discovery mode to disabled when page is hidden https://bugs.webkit.org/show_bug.cgi?id=147369 Reviewed by Jer Noble. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresPlaybackTargetRouteMonitoring): Return false when the client is not visible. * html/MediaElementSession.h: * platform/audio/PlatformMediaSession.cpp: (WebCore::PlatformMediaSession::clientDataBufferingTimerFired): Call configureWireLessTargetMonitoring. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187491 2015-07-28 Jer Noble <jer.noble@apple.com> [iOS] Notify fullscreen controller in UIProcess whether external playback is allowed https://bugs.webkit.org/show_bug.cgi?id=147343 Reviewed by Brady Eidson. Pass the value of the MediaElementSession's wirelessVideoPlaybackDisabled() property up through WebKit2 to WebVideoFullscreenControllerAVKit. * platform/ios/WebVideoFullscreenControllerAVKit.mm: (WebVideoFullscreenControllerContext::setWirelessVideoPlaybackDisabled): Pass to the interface on the main thread. * platform/ios/WebVideoFullscreenInterface.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.h: * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setWirelessVideoPlaybackDisabled): Sets .allowsExternalPlayback to !disabled. (WebVideoFullscreenInterfaceAVKit::wirelessVideoPlaybackDisabled): Returns the last value set. * platform/ios/WebVideoFullscreenModelVideoElement.mm: (WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Update the value of wirelessVideoPlaybackDisabled if the element is present. (WebVideoFullscreenModelVideoElement::setVideoElement): Ditto if the interface is present. (WebVideoFullscreenModelVideoElement::updateForEventName): Update the value either way. 2015-07-28 Brady Eidson <beidson@apple.com> Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. <rdar://problem/21995928> and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187489 2015-07-28 Chris Dumez <cdumez@apple.com> Allow lax MIME type parsing for same-origin CSS in quirks mode. https://bugs.webkit.org/show_bug.cgi?id=147327 <rdar://problem/22010303> Reviewed by Zalan Bujtas. The change made in r180020 is too strict for the web, and doesn't match Firefox Chrome, or IE's behavior. In particular, it does not respect the same-origin carveout that the HTML spec specifies: https://html.spec.whatwg.org/multipage/semantics.html#link-type-stylesheet This patch corrects that oversight and aligns our behavior with other popular browsers. This change was adapted from Blink r196678: https://src.chromium.org/viewvc/blink?revision=196678&view=revision Tests: http/tests/security/cross-origin-css-in-quirks-1.html http/tests/security/cross-origin-css-in-quirks-2.html http/tests/security/cross-origin-css-in-quirks-3.html http/tests/security/cross-origin-css-in-quirks-4.html http/tests/security/cross-origin-css-in-quirks-5.html http/tests/security/cross-origin-css-in-quirks-6.html http/tests/security/cross-origin-css-in-quirks-7.html http/tests/security/cross-origin-css-in-quirks-8.html http/tests/security/same-origin-css-1.html http/tests/security/same-origin-css-2.html http/tests/security/same-origin-css-3.html http/tests/security/same-origin-css-4.html http/tests/security/same-origin-css-5.html http/tests/security/same-origin-css-6.html http/tests/security/same-origin-css-7.html http/tests/security/same-origin-css-8.html http/tests/security/same-origin-css-in-quirks.html * css/StyleRuleImport.cpp: (WebCore::StyleRuleImport::setCSSStyleSheet): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::parseAuthorStyleSheet): * css/StyleSheetContents.h: * html/HTMLLinkElement.cpp: (WebCore::HTMLLinkElement::setCSSStyleSheet): * loader/cache/CachedCSSStyleSheet.cpp: (WebCore::CachedCSSStyleSheet::sheetText): (WebCore::CachedCSSStyleSheet::canUseSheet): (WebCore::CachedCSSStyleSheet::checkNotify): Deleted. * loader/cache/CachedCSSStyleSheet.h: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187466 2015-07-27 Brady Eidson <beidson@apple.com> Crash in WebCore::DocumentLoader::willSendRequest() with ContentFilter and AppCache. <rdar://problem/21960398> and https://bugs.webkit.org/show_bug.cgi?id=147339 Reviewed by Alexey Proskuryakov. No new tests (Not yet proven to be possible to test this). * loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): Grab the identifier from the CachedResource directly, not from the null ResourceLoader. (WebCore::DocumentLoader::continueAfterNavigationPolicy): Null check the ResourceLoader, as it can definitely be gone by this point. * loader/cache/CachedResource.cpp: (WebCore::CachedResource::clearLoader): Save off the identifier for later use. * loader/cache/CachedResource.h: (WebCore::CachedResource::identifierForLoadWithoutResourceLoader): Expose the identifier that the ResourceLoader had when it went away. 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187448 2015-07-27 Anders Carlsson <andersca@apple.com> WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147333 rdar://problem/21948230 Reviewed by Tim Horton. If there are multiple cookies for a single domain, make sure to delete all of them and not just the first one we find. Fix this by keeping a mapping from domain to a list of cookies. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187379 2015-07-24 Dan Bernstein <mitz@apple.com> Tried to fix the iOS 9 build after r187375. * platform/network/mac/CookieJarMac.mm: 2015-07-31 Lucas Forschler <lforschler@apple.com> Merge r187375 2015-07-24 Anders Carlsson <andersca@apple.com> WKWebsiteDataStore remove methods don't properly delete cookies https://bugs.webkit.org/show_bug.cgi?id=147282 rdar://problem/21948230 Reviewed by Sam Weinig. Rename deleteCookiesForHostname to deleteCookiesForHostnames and make it take a vector of hostnames instead. Also, fix the Mac implementation to not be O(n2) by putting all cookies in a dictionary keyed on the domain. Also make sure to call _saveStorage after deleting cookies. Finally, get rid of deleteCookiesForHostname from CookieJarCFNet.cpp and use the Mac implementation on iOS as well. Just stub out deleteCookiesForHostnames on Windows since nobody is calling it. * platform/network/PlatformCookieJar.h: * platform/network/cf/CookieJarCFNet.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/mac/CookieJarMac.mm: (WebCore::deleteCookiesForHostnames): (WebCore::deleteAllCookiesModifiedSince): (WebCore::deleteCookiesForHostname): Deleted. * platform/network/soup/CookieJarSoup.cpp: (WebCore::deleteCookiesForHostnames): (WebCore::deleteCookiesForHostname): Deleted. * platform/spi/cf/CFNetworkSPI.h: 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187490. rdar://problem/21995928 2015-07-28 Brady Eidson <beidson@apple.com> Handle null CFArrayRef returning from _CFHTTPParsedCookiesWithResponseHeaderFields. <rdar://problem/21995928> and https://bugs.webkit.org/show_bug.cgi?id=147365 Reviewed by Alexey Proskuryakov. * platform/network/cf/CookieJarCFNet.cpp: (WebCore::filterCookies): ASSERT the input is not null. (WebCore::createCookies): Always return a CFArrayRef, even if it's empty. 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187278. rdar://problem/19908029 2015-07-23 Nan Wang <n_wang@apple.com> AX: AccessibilityNodeObject::childrenChanged() generates too many AXLiveRegionChanged notifications https://bugs.webkit.org/show_bug.cgi?id=147211 <rdar://problem/19908029> Reviewed by Chris Fleizach. AccessibilityNodeObject::childrenChanged() can be called repeatedly, generating a live region change notification each time. Sometimes, so many happen that VoiceOver hangs. We can use a timer to make sure that we coalesce these notifications. Test: platform/mac/accessibility/aria-multiple-liveregions-notification.html * accessibility/AXObjectCache.cpp: (WebCore::AXComputedObjectAttributeCache::getIgnored): (WebCore::AXObjectCache::AXObjectCache): (WebCore::AXObjectCache::~AXObjectCache): (WebCore::AXObjectCache::frameLoadingEventNotification): (WebCore::AXObjectCache::postLiveRegionChangeNotification): (WebCore::AXObjectCache::liveRegionChangedNotificationPostTimerFired): (WebCore::AXObjectCache::handleScrollbarUpdate): * accessibility/AXObjectCache.h: * accessibility/AccessibilityNodeObject.cpp: (WebCore::AccessibilityNodeObject::childrenChanged): 2015-07-30 Matthew Hanson <matthew_hanson@apple.com> Merge r187504. rdar://problem/21915355 2015-07-28 Said Abou-Hallawa <sabouhallawa@apple.com> Crash happens when calling removeEventListener for an SVG element which has an instance inside a <defs> element of shadow tree https://bugs.webkit.org/show_bug.cgi?id=147290 Reviewed by Daniel Bates. When the shadow tree is built for a <use> element, all the SVG elements are allowed to be cloned in the shadow tree but later some of the elements are disallowed and removed. Make sure, when disallowing an element in the shadow tree, to reset the correspondingElement relationship between all the disallowed descendant SVG elements and all their original elements. Test: svg/custom/remove-event-listener-shadow-disallowed-element.svg *svg/SVGElement.cpp: (WebCore::SVGElement::setCorrespondingElement) * svg/SVGUseElement.cpp: (WebCore::removeDisallowedElementsFromSubtree): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187352. 2015-07-24 Devin Rousso <drousso@apple.com> Web Inspector: Editing non-inspector-stylesheet rule selectors fails after the first change https://bugs.webkit.org/show_bug.cgi?id=147229 Reviewed by Timothy Hatcher. Test: inspector/css/modify-rule-selector.html * inspector/InspectorStyleSheet.cpp: (WebCore::InspectorStyleSheet::setRuleSelector): Now checks to see if the stylesheet is not mutated before making the change to the rule's selector, and if so mark it as not mutated to allow future edits. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187393. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): No need to multiply by device scale here. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187392. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: * bindings/objc/DOMPrivate.h: Move this to a private header. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187391. 2015-07-25 Tim Horton <timothy_horton@apple.com> Expose TextIndicator-backed snapshot and rect gathering on DOMNode https://bugs.webkit.org/show_bug.cgi?id=147298 <rdar://problem/21905839> Reviewed by Sam Weinig. * bindings/objc/DOM.mm: (-[DOMNode getPreviewSnapshotImage:andRects:]): * bindings/objc/DOMExtensions.h: 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187386. 2015-07-25 Chris Fleizach <cfleizach@apple.com> AX: iOS: Video "start playback" playback controls not accessible https://bugs.webkit.org/show_bug.cgi?id=147285 Reviewed by Jer Noble. The start playback control also needs the right label. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.createBase): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187371. 2015-07-24 Chris Fleizach <cfleizach@apple.com> AX: scrollable elements do not allow 3-finger swipe https://bugs.webkit.org/show_bug.cgi?id=141893 Reviewed by Mario Sanchez Prada. To allow iOS Accessibility to perform by-page scrolling in overflow areas, we move that scrolling code into AccessibilityObject and then iterate all the possible ScrollableAreas, rather than just finding the parents that are ScrollViews. Test: platform/ios-simulator/accessibility/scroll-in-overflow-div.html * accessibility/AccessibilityObject.cpp: (WebCore::AccessibilityObject::scrollAreaAndAncestor): (WebCore::AccessibilityObject::scrollPosition): (WebCore::AccessibilityObject::scrollVisibleContentRect): (WebCore::AccessibilityObject::scrollContentsSize): (WebCore::AccessibilityObject::scrollByPage): * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityScroll:]): (-[WebAccessibilityObjectWrapper convertPointToScreenSpace:]): (-[WebAccessibilityObjectWrapper _accessibilityScrollPosition]): (-[WebAccessibilityObjectWrapper _accessibilityScrollSize]): (-[WebAccessibilityObjectWrapper _accessibilityScrollVisibleRect]): (-[WebAccessibilityObjectWrapper accessibilityElementDidBecomeFocused]): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187367. 2015-07-24 Alexey Proskuryakov <ap@apple.com> [Cocoa] Clean up server trust handling in ResourceHandle. https://bugs.webkit.org/show_bug.cgi?id=147277 rdar://problem/21394410 Reviewed by Brady Eidson. * platform/network/ProtectionSpaceBase.h: (WebCore::ProtectionSpaceBase::isPasswordBased): * platform/network/ProtectionSpaceBase.cpp: (WebCore::ProtectionSpaceBase::isPasswordBased): Added. This is somewhat weak, as authentication schemes could change, but I couldn't find any better way. * platform/network/ResourceHandle.h: * platform/network/cf/ResourceHandleCFNet.cpp: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::didReceiveAuthenticationChallenge): (WebCore::ResourceHandle::tryHandlePasswordBasedAuthentication): Factored out password handling, and made sure to not try that for server trust. 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187366. 2015-07-24 Zalan Bujtas <zalan@apple.com> [iOS]: Inline video controls are blurry on scaled-down pages on non-retina devices. https://bugs.webkit.org/show_bug.cgi?id=147272 rdar://problem/21429111 Reviewed by Simon Fraser. Blurry inline video controls are the result of transform scaling up the content when the page is zoomed out (page scale > 1). This patch addresses the blurriness by switching to css zoom when the content is being scaled up. While transform scale is a paint time operation, css zoom triggers layout and the content is getting painted on a non-scaled graphics context. * Modules/mediacontrols/mediaControlsiOS.css: (audio::-webkit-media-controls-timeline-container): * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.set pageScaleFactor): 2015-07-27 Babak Shafiei <bshafiei@apple.com> Merge r187358. 2015-07-24 Alexey Proskuryakov <ap@apple.com> Remove WEBCORE_EXPORT from Page::allowsMediaDocumentInlinePlayback() https://bugs.webkit.org/show_bug.cgi?id=147260 Reviewed by Daniel Bates. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): 2015-07-26 Babak Shafiei <bshafiei@apple.com> Merge r187244. 2015-07-23 Myles C. Maxfield <mmaxfield@apple.com> REGRESSION(r182236): Justified Arabic text does not expand https://bugs.webkit.org/show_bug.cgi?id=147217 Reviewed by Simon Fraser. When I was writing r182236, I got confused between the levels of the string hierarchy in ComplexTextController. I've added a comment in the header which should make it easier to get it right. Test: fast/text/international/arabic-justify.html * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * platform/graphics/mac/ComplexTextController.h: 2015-07-24 Jer Noble <jer.noble@apple.com> Merge r187251, r187252, r187262, r187263, r187272, r187289. rdar://problem/20689512 2015-07-21 Jer Noble <jer.noble@apple.com> Notify the UI delegate when a MediaDocument's natural size changes https://bugs.webkit.org/show_bug.cgi?id=147182 Reviewed by Simon Fraser. Notify the MediaDocument that it's underlying media element has changed its natural size, either when the media engine notifies us that the size changed, or when the ready state progresses to HAVE_METADATA. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::setReadyState): Notify the media document. (WebCore::HTMLMediaElement::mediaPlayerSizeChanged): Ditto. * html/MediaDocument.cpp: (WebCore::MediaDocument::mediaElementNaturalSizeChanged): Pass to the chrome client. * html/MediaDocument.h: * page/ChromeClient.h: 2015-07-23 Jer Noble <jer.noble@apple.com> Relax media playback restrictions if the allowsMediaDocumentInlinePlayback property is set. https://bugs.webkit.org/show_bug.cgi?id=147234 Reviewed by Darin Adler. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::prepareForLoad): Moved restriction check into MediaElementSession. * html/MediaElementSession.cpp: (WebCore::MediaElementSession::playbackPermitted): Check if is a top-level media document and if allowsMediaDocumentInilnePlayback is set, and return early. (WebCore::MediaElementSession::effectivePreloadForElement): Ditto. (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading): Ditto. * html/MediaElementSession.h: 2015-07-21 Jer Noble <jer.noble@apple.com> [iOS] Add an explicit API to allow media documents to (temporarily) play inline https://bugs.webkit.org/show_bug.cgi?id=147181 Reviewed by Beth Dakin. Add listeners for the new allowsMediaDocumentInlinePlayback API. When this value becomes NO, force any playing MediaDocuments to enter fullscreen mode. * dom/Document.cpp: (WebCore::Document::registerForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added registration method. (WebCore::Document::unregisterForAllowsMediaDocumentInlinePlaybackChangedCallbacks): Added deregistration method. (WebCore::Document::allowsMediaDocumentInlinePlaybackChanged): Notify all listeners. * dom/Document.h: * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::registerWithDocument): Listen for allowsMediaDocumentInlinePlayback changes. (WebCore::HTMLMediaElement::unregisterWithDocument): Stop listening to same. (WebCore::HTMLMediaElement::allowsMediaDocumentInlinePlaybackChanged): Enter fullscreen mode if the value changes to false during playback. * html/HTMLMediaElement.h: * html/MediaElementSession.cpp: (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback): Early true if the override value is set. * page/Page.cpp: (WebCore::Page::setAllowsMediaDocumentInlinePlayback): Notify all documents of the changed value. * page/Page.h: (WebCore::Page::allowsMediaDocumentInlinePlayback): Simple getter. 2015-07-24 Lucas Forschler <lforschler@apple.com> Merge r187149 2015-07-21 Benjamin Poulain <bpoulain@apple.com> [CSS Selectors Level 4] Add #ifdefs to the new '>>' descendant combinator https://bugs.webkit.org/show_bug.cgi?id=147184 Reviewed by Anders Carlsson. Now that '>>>' is dead, the combinator '>>' is at risk. This patch #ifdef all that code with the other experimental features from Level 4. * css/CSSGrammar.y.in: * css/CSSParserValues.cpp: (WebCore::CSSParserSelector::appendTagHistory): * css/CSSParserValues.h: * css/CSSSelector.cpp: (WebCore::CSSSelector::CSSSelector): (WebCore::CSSSelector::selectorText): * css/CSSSelector.h: (WebCore::CSSSelector::CSSSelector): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187036. rdar://problem/21901881 2015-07-20 Jeremy Jones <jeremyj@apple.com> Allow video to rotate when app doesnt allow rotation. https://bugs.webkit.org/show_bug.cgi?id=147121 Reviewed by Jer Noble. Set an SPI bool on the fullscreen video root view controller to allow it to override app rotation restrictions. This allows video to be played in landscape in portrait only apps. * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: (WebVideoFullscreenInterfaceAVKit::setupFullscreen): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187274. rdar://problem/21905756 2015-07-23 Timothy Horton <timothy_horton@apple.com> [iOS] Frame snapshots don't factor in page scale https://bugs.webkit.org/show_bug.cgi?id=147239 <rdar://problem/21905756> Reviewed by Simon Fraser. * page/FrameSnapshotting.cpp: (WebCore::snapshotFrameRect): Apply page scale when determining the backing store size and setting up the context. * page/TextIndicator.cpp: (WebCore::TextIndicator::createWithSelectionInFrame): Don't assume snapshotFrameRect gave us an image with scale=deviceScale, because it will factor in the pageScale too. * platform/graphics/ImageBuffer.h: (WebCore::ImageBuffer::resolutionScale): Expose resolutionScale. * rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::addToOverlapMap): This has been true for a long time. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187271. rdar://problem/21929247 2015-07-22 Simon Fraser <simon.fraser@apple.com> Layer z-ordering is incorrect when scrolling on page witih position:fixed https://bugs.webkit.org/show_bug.cgi?id=147220 rdar://problem/15849697&21929247 Reviewed by Dean Jackson. Overlap testing for compositing uses the currently laid out position of fixed elements, without taking into account the fact that async scrolling can move them around, and possibly under other non-composited elements. This manifested as position:fixed elements moving over other elements on some pages when scrolling, when they should have moved behind. Fix by expanding the overlap map entry for position:fixed elements to create an rect for the area they cover at all scroll locations, taking min and max scroll offsets into account. Also add a couple more LOG(Compositing) statements. Tests: compositing/layer-creation/fixed-overlap-extent-rtl.html compositing/layer-creation/fixed-overlap-extent.html * rendering/RenderLayerCompositor.cpp: (WebCore::fixedPositionOffset): (WebCore::RenderLayerCompositor::computeExtent): (WebCore::RenderLayerCompositor::needsFixedRootBackgroundLayer): (WebCore::RenderLayerCompositor::rootBackgroundTransparencyChanged): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187219. rdar://problem/21032083 2015-07-23 Timothy Horton <timothy_horton@apple.com> Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187216. rdar://problem/21032083 2015-07-22 Tim Horton <timothy_horton@apple.com> Try to fix the build * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187215. rdar://problem/21032083 2015-07-22 James Savage <james.savage@apple.com> Use updated CoreAnimation snapshot SPI. https://bugs.webkit.org/show_bug.cgi?id=147197 <rdar://problem/21032083> Reviewed by Tim Horton. Patch by James Savage. * platform/spi/cocoa/QuartzCoreSPI.h: 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187203. rdar://problem/21012688 2015-07-22 Dean Jackson <dino@apple.com> Video controls, though hidden, are still interactive when in PiP https://bugs.webkit.org/show_bug.cgi?id=147216 <rdar://problem/21012688> Reviewed by Simon Fraser. Explicitly add the PiP class to the controls container so that we can hang a pointer-events: none off it. * Modules/mediacontrols/mediaControlsiOS.css: (video::-webkit-media-controls-panel.picture-in-picture): Add a pointer-events: none. * Modules/mediacontrols/mediaControlsiOS.js: (ControllerIOS.prototype.handlePresentationModeChange): Add/remove a PiP class to the controls panel when necessary. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187189. rdar://problem/21567767 2015-07-22 Dean Jackson <dino@apple.com> Out of bounds in WebGLRenderingContext::simulateVertexAttrib0 https://bugs.webkit.org/show_bug.cgi?id=147176 <rdar://problem/21567767> Reviewed by Oliver Hunt. Test: fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html Add overflow checking for the drawing calls, specifically the way they may simulate vertexAttrib0. * html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateDrawArrays): Call new validation method. (WebCore::WebGLRenderingContextBase::validateDrawElements): Ditto. (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): New method that validates the parameters used to create the simulated attribute. (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): No need to do overflow checking here now that the validation method does it for us. (WebCore::WebGLRenderingContextBase::validateVertexAttributes): Deleted. * html/canvas/WebGLRenderingContextBase.h: Add new validation method. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187173. rdar://problem/21637698 2015-07-22 Beth Dakin <bdakin@apple.com> Animated images should animate in previews https://bugs.webkit.org/show_bug.cgi?id=147173 -and corresponding- rdar://problem/21637698 Reviewed by Dan Bernstein. New virtual function to indicate whether or not the image is animated. * platform/graphics/BitmapImage.h: * platform/graphics/Image.h: (WebCore::Image::isAnimated): 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187170. rdar://problem/21901076 2015-07-22 Wenson Hsieh <wenson_hsieh@apple.com> Search fields render placeholder text improperly. https://bugs.webkit.org/show_bug.cgi?id=147192 <rdar://problem/21901076> Reviewed by Alexey Proskuryakov. Due to changes in the way AppKit renders search inputs, we must now explicitly set the placeholder text of a search input rendered using the Mac theme to be an empty string when rendering the search input box (not including the actual placeholder text). * rendering/RenderThemeMac.mm: (WebCore::RenderThemeMac::setSearchCellState): Force the placeholder text of the NSSearchFieldCell for the Mac theme to be an empty string. 2015-07-24 Matthew Hanson <matthew_hanson@apple.com> Merge r187144. rdar://problem/21931728 2015-07-21 Dean Jackson <dino@apple.com> Default media controls use a serif font, which seems wrong https://bugs.webkit.org/show_bug.cgi?id=147179 <rdar://problem/21931728> Reviewed by Simon Fraser. The captions menu (and other text) should use a system style, -webkit-small-control. * Modules/mediacontrols/mediaControlsApple.css: (::-webkit-media-controls): 2015-07-24 Lucas Forschler <lforschler@apple.com> Merge r187133 2015-07-21 Benjamin Poulain <bpoulain@apple.com> StyleSheetContents::wrapperInsertRule() can create rules that overflow RuleData's selector index https://bugs.webkit.org/show_bug.cgi?id=147144 Reviewed by Alex Christensen. RuleData identifies selectors by the index in a large array. The index only has 13 bits so rules with more than 8192 selectors should be split. One of the paths was not splitting the rule: StyleSheetContents::wrapperInsertRule(). When rules with too many selectors were added, the index would overflow and some RuleData would point to selectors in the middle of selector chains. The resulting behavior is random based on the selectors and the DOM. We cannot easily fix that because the CSS OM API do not expect to create several rules in response to calls to the API. In this patch, I don't do anything fancy and just let the calls fail if we cannot use the rules safely. Content Extensions were also running into this problem. Large Selector lists are pretty common, and ContentExtensionStyleSheet::addDisplayNoneSelector() was overflowing the RuleData, creating broken page. Unlike CSSOM, there is no problem with splitting rules coming from Content Extensions. Instead of creating new APIs for that case, I rely on the parser to extend the StyleSheetContents. That code already knows how to break rules correctly. Tests: fast/css/insert-rule-overflow-rule-data.html http/tests/contentextensions/css-display-none-overflows-rule-data-1.html http/tests/contentextensions/css-display-none-overflows-rule-data-2.html * contentextensions/ContentExtensionStyleSheet.cpp: (WebCore::ContentExtensions::ContentExtensionStyleSheet::addDisplayNoneSelector): * css/StyleSheetContents.cpp: (WebCore::StyleSheetContents::wrapperInsertRule): 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r187130 2015-07-21 Jon Honeycutt <jhoneycutt@apple.com> [iOS] Keyboard bold/italic/underline keys don't highlight after being tapped to style a selection https://bugs.webkit.org/show_bug.cgi?id=147164 <rdar://problem/21630806> Reviewed by Ryosuke Niwa. * editing/cocoa/EditorCocoa.mm: (WebCore::Editor::styleForSelectionStart): Use adjustedSelectionStartForStyleComputation(), which will ensure that we're at the start of the selected node, not at the end of the node before the selection. 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r187116 2015-07-21 Said Abou-Hallawa <sabouhallawa@apple.com> REGRESSION (r172417, r184065): Multiple rendering issues with fixed attached background-image https://bugs.webkit.org/show_bug.cgi?id=147049 <rdar://problem/21110936> Reviewed by Simon Fraser. The fixed-attached background-image rendering is special. In general, to display it, the destinationSize should be set to visibleContentSize. The destinationLocation should be set such that the background-image does not move with scrolling. The topContentInset should be subtracted from the destinationLocation such that background-image can be rendered blurred in the topContentArea. However there are cases in which these rules have to be changed. -- destinationSize: In the case of fixed layout size, the fixedLayoutSize is bigger than the visibleContentSize. In this case, if the background-image belongs to the root element, the destinationSize has to be set to fixedLayoutSize. Otherwise it has to be set to the borderBoxSize unless the overflow is hidden. -- destinationLocation: If the background-image belongs to the root element, no scroll offset to added to destinationLocation. For non-root element case, FrameView::documentScrollOffsetRelativeToViewOrigin() should be used if no page scaling is applied. Otherwise FrameView::scrollOffsetForFixedPosition() should be used instead. Tests: platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-cover.html platform/mac-wk2/tiled-drawing/fixed-layout-size-fixed-attachment-local.html * rendering/RenderBoxModelObject.cpp: (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): Ensure the geometry for the fixed-attached background-image is calculated correctly. * rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::updateGeometry): Ensure the background layer gets the correct size for the fixedLayoutSize mode. 2015-07-23 Lucas Forschler <lforschler@apple.com> Merge r186981 2015-07-17 Zalan Bujtas <zalan@apple.com> (display: block)input range's thumb disappears when moved. https://bugs.webkit.org/show_bug.cgi?id=146896 <rdar://problem/21787807> Reviewed by Simon Fraser. Since the thumb is positioned after the layout for the input (shadow) subtree is finished, the repaint rects issued during the layout will not cover the re-positioned thumb. We need to issue a repaint soon after the thumb is re-positioned. Test: fast/repaint/block-inputrange-repaint.html * html/shadow/SliderThumbElement.cpp: (WebCore::RenderSliderContainer::layout): == Rolled over to ChangeLog-2015-07-23 ==