2018-09-21  Mike Gorse  <mgorse@suse.com>

        Build tools should work when the /usr/bin/python is python3
        https://bugs.webkit.org/show_bug.cgi?id=156674

        Reviewed by Michael Catanzaro.

        No new tests (no behavior change).

        * platform/network/create-http-header-name-table: remove xreadlines.

2018-09-14  Mike Gorse  <mgorse@suse.com>

        builtins directory causes name conflict on Python 3
        https://bugs.webkit.org/show_bug.cgi?id=189552

        Reviewed by Michael Catanzaro.

        No new tests (No behavior change).

        * CMakeLists.txt: builtins -> wkbuiltins.
        * DerivedSources.make: builtins -> wkbuiltins.

2019-10-04  Heiko Becker  <heirecka@exherbo.org>

        Fix build with icu 65.1
        https://bugs.webkit.org/show_bug.cgi?id=202600

        Reviewed by Konstantin Tokarev.

        * dom/Document.cpp:
        (WebCore::isValidNameNonASCII):
        (WebCore::Document::parseQualifiedName):

2019-05-28  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo] ASSERTION FAILED: !m_preparingToPlay in MediaPlayerPrivateMediaFoundation::prepareToPlay
        https://bugs.webkit.org/show_bug.cgi?id=190747

        Reviewed by Alex Christensen.

        HTMLMediaElement::prepareToPlay had a assertion ensuring that it
        was not called twice. However, it was called twice. The first from
        HTMLMediaElement::load, the second from
        MediaPlayerPrivateMediaFoundation::onTopologySet.

        prepareToPlay started loading. And, loading should be started
        after onTopologySet is called back.

        Covered by existing tests.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet): Moved code from prepareToPlay.
        (WebCore::MediaPlayerPrivateMediaFoundation::prepareToPlay): Deleted and moved the code to onTopologySet.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h: Removed prepareToPlay declaration.

2019-05-28  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo][MediaFoundation] Assertion failure in MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSample
        https://bugs.webkit.org/show_bug.cgi?id=198290

        Reviewed by Per Arne Vollan.

        Covered by existing tests.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSample):
        Call clear() of m_memSurface before assigning new value.

2018-02-27  Milan Crha  <mcrha@redhat.com>

        Potential privacy issue: DNS prefetching can be re-enabled
        https://bugs.webkit.org/show_bug.cgi?id=182924

        Reviewed by Michael Catanzaro.

        * dom/Document.cpp:
        (WebCore::Document::parseDNSPrefetchControlHeader):

2018-04-11  Ryosuke Niwa  <rniwa@webkit.org>

        Fix warning in HashTools.h for newer versions of clang
        https://bugs.webkit.org/show_bug.cgi?id=184489

        Reviewed by Alexey Proskuryakov.

        Removed "register" storage class specififer as it has been deprecated in C++11.

        * platform/HashTools.h:

2018-01-15  Konstantin Tokarev  <annulen@yandex.ru>

        image-rendering should affect scaling of border-image
        https://bugs.webkit.org/show_bug.cgi?id=169440

        Reviewed by Michael Catanzaro.

        Test: fast/borders/border-image-pixelated.html

        * rendering/style/NinePieceImage.cpp:
        (WebCore::NinePieceImage::paint):

2016-03-04  Daniel Bates  <dabates@apple.com>

        Move CryptoDigest to WebCore/platform
        https://bugs.webkit.org/show_bug.cgi?id=155008
        <rdar://problem/24969787>

        Reviewed by Brent Fulgham.

        CryptoDigest provides a platform-independent interface for interacting with platform-
        specific cryptographic hashing services. We currently make use of this code as part
        of the implementation of Web Crypto. This code will also be beneficial as part of
        implementing support for Content Security Policy inline script and inline stylesheet
        hashes. We should move CryptoDigest to WebCore/platform to convey that it a general
        purpose platform abstraction.

        * CMakeLists.txt: Add include directory WebCore/platform/crypto.
        * PlatformEfl.cmake: Add file platform/crypto/gnutls/CryptoDigestGnuTLS.cpp and
        remove file crypto/gnutls/CryptoDigestGnuTLS.cpp.
        * PlatformGTK.cmake: Ditto.
        * PlatformMac.cmake: Add file platform/crypto/mac/CryptoDigestMac.cpp and
        remove file crypto/mac/CryptoDigestMac.cpp.
        * WebCore.xcodeproj/project.pbxproj:
        * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
        (WebCore::CryptoAlgorithmSHA1::digest): Substitute "CryptoDigest::Algorithm" for "CryptoAlgorithmIdentifier".
        * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
        (WebCore::CryptoAlgorithmSHA224::digest): Ditto.
        * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
        (WebCore::CryptoAlgorithmSHA256::digest): Ditto.
        * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
        (WebCore::CryptoAlgorithmSHA384::digest): Ditto.
        * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
        (WebCore::CryptoAlgorithmSHA512::digest): Ditto.
        * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
        (WebCore::getCryptoDigestAlgorithm): Converts a CryptoAlgorithmIdentifier enumerator to a
        CryptoDigest::Algorithm enumerator, if applicable.
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign): Write in terms of WebCore::getCryptoDigestAlgorithm().
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify): Ditto.
        * platform/crypto/CryptoDigest.h: Renamed from Source/WebCore/crypto/CryptoDigest.h. Also added enum CryptoDigest::Algorithm
        and changed constructor to take this enum.
        * platform/crypto/gnutls/CryptoDigestGnuTLS.cpp: Renamed from Source/WebCore/crypto/gnutls/CryptoDigestGnuTLS.cpp.
        (WebCore::CryptoDigest::CryptoDigest): Substitute "CryptoDigest::Algorithm" for "CryptoAlgorithmIdentifier".
        (WebCore::CryptoDigest::~CryptoDigest): Ditto.
        (WebCore::CryptoDigest::create): Ditto.
        (WebCore::CryptoDigest::addBytes): Ditto.
        (WebCore::CryptoDigest::computeHash): Ditto.
        * platform/crypto/mac/CryptoDigestMac.cpp: Renamed from Source/WebCore/crypto/mac/CryptoDigestMac.cpp.
        (WebCore::toSHA1Context): Ditto.
        (WebCore::toSHA224Context): Ditto.
        (WebCore::toSHA256Context): Ditto.
        (WebCore::toSHA384Context): Ditto.
        (WebCore::toSHA512Context): Ditto.
        (WebCore::CryptoDigest::CryptoDigest): Ditto.
        (WebCore::CryptoDigest::~CryptoDigest): Ditto.
        (WebCore::CryptoDigest::create): Ditto.
        (WebCore::CryptoDigest::addBytes): Ditto.
        (WebCore::CryptoDigest::computeHash): Ditto.

2016-03-10  Daniel Bates  <dabates@apple.com>

        CSP: Implement support for script and style nonces
        https://bugs.webkit.org/show_bug.cgi?id=116508
        <rdar://problem/24963980>

        Reviewed by Brent Fulgham.

        Add support for script-src and style-src nonces as per sections Nonce usage for script elements
        and Nonce usage for style elements of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::createSheet): Check if the nonce for an HTML style element matches a known nonce.
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestScript): Check if the nonce for an HTML script element for an external JavaScript
        script matches a known nonce. If it does then skip subsequent checks of the Content Security Policy when loading
        the script.
        (WebCore::ScriptElement::executeScript): Check if the nonce for an HTML script element for an inline JavaScript
        script matches a known nonce.
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::process): Check if the nonce for an HTML link element matches a known nonce. If it does
        then skip subsequent checks of the Content Security Policy when loading the stylesheet.
        * html/HTMLScriptElement.idl: Unconditionally expose attribute nonce.
        * html/HTMLStyleElement.idl: Ditto.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::isAllowedByAllWithNonce):
        (WebCore::ContentSecurityPolicy::allowScriptWithNonce): Check if the nonce attribute value of a script element
        matches a known nonce. This function delegates the check to ContentSecurityPolicyDirectiveList::allowScriptWithNonce().
        (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Check if the nonce attribute value of a style/link element
        matches a known nonce. This function delegates the check to ContentSecurityPolicyDirectiveList::allowStyleWithNonce().
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::checkNonce): Checks if the directive allows the specified nonce.
        (WebCore::ContentSecurityPolicyDirectiveList::allowScriptWithNonce): Check if the specified nonce is in
        the source list of the script-src directive (if specified) or the source list of the default-src directive (if specified).
        (WebCore::ContentSecurityPolicyDirectiveList::allowStyleWithNonce): Check if the specified nonce is in
        the source list of the style-src directive (if specified) or the source list of the default-src directive (if specified).
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::matches): Returns whether the specified nonce is in the HashSet of
        nonces for the directive.
        (WebCore::ContentSecurityPolicySourceList::parse): Modified to call ContentSecurityPolicySourceList::parseNonceSource()
        to parse a nonce source expression.
        (WebCore::isBase64Character): Moved function to be above function ContentSecurityPolicySourceList::parseNonceSource()
        so that it can referenced from both ContentSecurityPolicySourceList::parseNonceSource() and ContentSecurityPolicySourceList::parseHashSource().
        (WebCore::isNonceCharacter): Added. Matches Blink's definition of a valid nonce character. This definition differs
        from the definition in the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (29 February 2016).
        (WebCore::ContentSecurityPolicySourceList::parseNonceSource): Parses a source expression for a nonce value.
        * page/csp/ContentSecurityPolicySourceList.h:
        (WebCore::ContentSecurityPolicySourceList::allowInline): We only allow inline scripts/stylesheets if
        'unsafe-inline' was specified in the source list and the source list does not contain any hash sources
        or nonce sources.
        * page/csp/ContentSecurityPolicySourceListDirective.cpp:
        (WebCore::ContentSecurityPolicySourceListDirective::allows): Checks if the specified nonce is in the source list.
        * page/csp/ContentSecurityPolicySourceListDirective.h:

2016-03-10  Daniel Bates  <dabates@apple.com>

        CSP: Implement support for inline script and inline style hashes
        https://bugs.webkit.org/show_bug.cgi?id=155007
        <rdar://problem/24964098>

        Reviewed by Brent Fulgham.

        Inspiration taken from the analogous implementation in Blink.

        Add support for script-src and style-src hashes as per sections Hash usage for script elements
        and Hash usage for style elements of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Test: http/tests/security/contentSecurityPolicy/1.1/scripthash-tests.html

        * WebCore.xcodeproj/project.pbxproj: Add file ContentSecurityPolicyHash.h. Also sort the list of files
        in the group WebCore/page/csp.
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::createSheet): Pass the content of the stylesheet when querying whether
        the stylesheet is allowed by the Content Security Policy.
        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::executeScript): Pass the content of the inline JavaScript script when querying
        whether the script is allowed by the Content Security Policy.
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::styleAttributeChanged): The Content Security Policy style-src hashes do not apply
        to inline styles defined in the HTML style attribute. So, pass a null string (to indicate the absence of
        content) when querying whether the inline style is allowed by the Content Security Policy.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::toCryptoDigestAlgorithm): Convenience function that maps a ContentSecurityPolicyHashAlgorithm
        enumerator to a CryptoDigest::Algorithm enumerator.
        (WebCore::isAllowedByAllWithHashFromContent): Computes the digest of the specified content for each
        hash algorithm and checks if digest matches a hash that was specified in a policy.
        (WebCore::ContentSecurityPolicy::documentEncoding): Added.
        (WebCore::ContentSecurityPolicy::allowInlineScript): Check if the hash of the script matches a known
        hash if applicable. Otherwise, fall back to checking the URL of the script.
        (WebCore::ContentSecurityPolicy::allowInlineStyle): Check if the hash of the stylesheet matches a
        known hash if applicable. Otherwise, fall back to checking the URL of the stylesheet.
        * page/csp/ContentSecurityPolicy.h:
        (WebCore::ContentSecurityPolicy::addHashAlgorithmsForInlineScripts): Adds the specified set of
        hash algorithms to the existing set of hash algorithms we know are used for inline scripts.
        (WebCore::ContentSecurityPolicy::addHashAlgorithmsForInlineStylesheets): Adds the specified set of
        hash algorithms to the existing set of hash algorithms we know are used for inline stylesheets.
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::checkEval): Make this a static, non-member function because it does not depend on any
        instance or class variables. Mark this function as inline to give a hint to the compiler that it
        should consider inlining the implementation of this function into the caller.
        (WebCore::checkInline): Ditto.
        (WebCore::checkSource): Ditto.
        (WebCore::checkHash): Checks if the directive allows content with the specified hash.
        (WebCore::checkMediaType): Make this a static, non-member function because it does not depend on
        any instance or class variables. Mark this function as inline to give a hint to the compiler that
        it should consider inlining the implementation of this function into the caller.
        (WebCore::ContentSecurityPolicyDirectiveList::create): Modified as needed now that WebCore::checkEval()
        is a static, non-member function.
        (WebCore::ContentSecurityPolicyDirectiveList::allowInlineScriptWithHash): Added.
        (WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyleWithHash): Added.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Modified to pass the hash algorithms seen
        from parsing the directives script-src, style-src, and default-src to the ContentSecurityPolicy object.
        (WebCore::ContentSecurityPolicyDirectiveList::checkEval): Deleted.
        (WebCore::ContentSecurityPolicyDirectiveList::checkInline): Deleted.
        (WebCore::ContentSecurityPolicyDirectiveList::checkSource): Deleted.
        (WebCore::ContentSecurityPolicyDirectiveList::checkMediaType): Deleted.
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        * page/csp/ContentSecurityPolicyHash.h: Added.
        (WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::hash): Compute the hash of a digest as
        we would compute the hash of a string.
        (WTF::DefaultHash<WebCore::ContentSecurityPolicyDigest>::Hash::equal): Compare digests for equality
        by making use of Vector's equality operator.
        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::matches): Checks if the hash is in the set of known hashes.
        (WebCore::ContentSecurityPolicySourceList::parse): Modified to call ContentSecurityPolicySourceList::parseHashSource()
        to try to parse the source list expression as a hash source. If this fails then we try to parse the
        source expression as a scheme/host/port expression.
        (WebCore::parseHashAlgorithmAdvancingPosition): Parses the hash algorithm from a hash source expression.
        (WebCore::isBase64Character): Returns whether the specified character is a valid Base64/Base64url character,
        excluding the padding character '='. Disregarding the omission of the padding character '=', this function
        conforms to the ABNF grammar defined in section Source Lists of the Content Security Policy Level 3 spec.,
        <https://w3c.github.io/webappsec-csp> (Editor’s Draft, 29 February 2016). We take the padding character '='
        into account in ContentSecurityPolicySourceList::parseHashSource().
        (WebCore::ContentSecurityPolicySourceList::parseHashSource): Parses a hash source expression per the ABNF
        grammar described in section Source Lists of the Content Security Policy Level 3 spec.
        * page/csp/ContentSecurityPolicySourceList.h:
        (WebCore::ContentSecurityPolicySourceList::hashAlgorithmsUsed): Returns the set of hash algorithms seen from
        parsing the source list.
        (WebCore::ContentSecurityPolicySourceList::allowInline): We only allow inline scripts/stylesheets if
        'unsafe-inline' was specified in the source list and the source list does not contain any hash sources.
        * page/csp/ContentSecurityPolicySourceListDirective.cpp:
        (WebCore::ContentSecurityPolicySourceListDirective::allows): Checks if the specified hash is in the source list.
        * page/csp/ContentSecurityPolicySourceListDirective.h:
        (WebCore::ContentSecurityPolicySourceListDirective::hashAlgorithmsUsed): Turns around and calls ContentSecurityPolicySourceList::hashAlgorithmsUsed().
        

2016-12-06  Geoffrey Garen  <ggaren@apple.com>

        performance.now() should truncate to 100us
        https://bugs.webkit.org/show_bug.cgi?id=165503
        <rdar://problem/29544531>

        Reviewed by Mark Lam.

        * page/Performance.cpp:
        (WebCore::Performance::reduceTimeResolution):

2016-03-02  Chris Dumez  <cdumez@apple.com>

        HTMLFormElement's named property getter does not return a RadioNodelist
        https://bugs.webkit.org/show_bug.cgi?id=154949

        Reviewed by Ryosuke Niwa.

        HTMLFormElement's named property getter should return a RadioNodeList
        when there are several matches:
        https://html.spec.whatwg.org/multipage/forms.html#the-form-element

        Previously, WebKit returned a generic NodeList. As a result, users
        cannot create a white-and-gold hat in the MAKE A HAT GREAT AGAIN
        section at:
        https://www.washingtonpost.com/news/the-fix/wp/2015/10/06/hey-lets-all-make-our-own-donald-trump-hats/

        Chrome and Firefox already match the specification. Edge will soon.

        Test: fast/dom/HTMLFormElement/named-property-getter-radionodelist.html

        * bindings/js/JSHTMLFormElementCustom.cpp:
        (WebCore::JSHTMLFormElement::nameGetter):

2016-04-06  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Remove duplicated parsePortFromStringPosition()
        https://bugs.webkit.org/show_bug.cgi?id=156289

        Reviewed by Simon Fraser.

        Same parsePortFromStringPosition() functions have been defined in both URLUtils.h and HTMLAnchorElement.cpp.
        Remove duplicated one in HTMLAnchorElement.cpp.

        No new tests, no behavior change.

        * html/HTMLAnchorElement.cpp:
        (WebCore::parsePortFromStringPosition): Deleted.

2017-10-24  Konstantin Tokarev  <annulen@yandex.ru>

        [MediaFoundation] Videos are always autoplaying for local files
        https://bugs.webkit.org/show_bug.cgi?id=178693

        Patch by Doug Massay.
        Reviewed by Alex Christensen.

        r199114 fixes autoplay issue only if starting session invokes
        buffering stage. However when local files are played, onBufferingStarted
        and onBufferingStopped are not called, and video is not paused.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
        (WebCore::MediaPlayerPrivateMediaFoundation::onSessionStarted):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2017-08-19  Sergio Villar Senin  <svillar@igalia.com>

        [SVG] Leak in SVGAnimatedListPropertyTearOff
        https://bugs.webkit.org/show_bug.cgi?id=172545

        Reviewed by Darin Adler.

        SVGAnimatedListPropertyTearOff maintains a vector m_wrappers with references to
        SVGPropertyTraits<PropertyType>::ListItemTearOff. Apart from that SVGPropertyTearOff has a
        reference to SVGAnimatedProperty.

        When SVGListProperty::getItemValuesAndWrappers() is called, it creates a
        SVGPropertyTraits<PropertyType>::ListItemTearOff pointing to the same SVGAnimatedProperty (a
        SVGAnimatedListPropertyTearOff) which stores the m_wrappers vector where the ListItemTearOff
        is going to be added to. This effectively creates a reference cycle between the
        SVGAnimatedListPropertyTearOff and all the ListItemTearOff it stores in m_wrappers.

        In order to effectively break the cycle without freeing too many wrappers we should take two
        measures:
        1) Break the reference cycle by storing raw pointers in the m_wrappers Vector
        2) Remove the ListItemTearOff which is being deleted (it notifies the animated property by
        calling propertyWillBeDeleted) from the m_wrappers Vector.

        This is a re-land of r219334 which caused early releases of custom data attribute objects
        added to SVG elements (wkb.ug/175023).

        Tests: svg/animations/animation-leak-list-property-instances.html
               svg/dom/SVGAnimatedListPropertyTearOff-crash-2.html
               svg/dom/SVGAnimatedListPropertyTearOff-crash.html
               svg/dom/SVGAnimatedListPropertyTearOff-leak.html

        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        * svg/properties/SVGListProperty.h:
        (WebCore::SVGListProperty::getItemValuesAndWrappers):
        * svg/properties/SVGListPropertyTearOff.h:
        (WebCore::SVGListPropertyTearOff::removeItemFromList):

2017-10-05  Frederic Wang  <fwang@igalia.com>

        Update Source/ThirdParty/woff2 to 22c256bc457777744ba14b7325a6e8e0e7dec91c
        https://bugs.webkit.org/show_bug.cgi?id=177994

        Reviewed by Michael Catanzaro.

        No new tests, already covered by existing tests.

        * CMakeLists.txt: Include the directory for public headers instead.
        * platform/graphics/WOFFFileFormat.cpp: Use the public header
        woff2/decode.h and do not use the "wOF2" constant from private headers.
        (WebCore::isWOFF):
        (WebCore::convertWOFFToSfnt):

2017-10-15  Darin Adler  <darin@apple.com>

        UTF-8 decoding produces one replacement character per byte; Encoding standard requires one replacement character per illegal sequence instead
        https://bugs.webkit.org/show_bug.cgi?id=178207

        Reviewed by Sam Weinig.

        * platform/text/TextCodecUTF8.cpp:
        (WebCore::TextCodecUTF8::create): Deleted. Use a lambda instead.
        (WebCore::TextCodecUTF8::registerCodecs): Use a lambda.
        (WebCore::nonASCIISequenceLength): Changed to return 0 instead of 2 for the range 80-C1 since
        none of those are valid sequence leading characters.
        (WebCore::decodeNonASCIISequence): Changed the length argument to be in/out so the caller
        knows how much of the sequence we decoded for failure cases. Simplified the length 2 section.
        (WebCore::TextCodecUTF8::handleError): Deleted.
        (WebCore::TextCodecUTF8::handlePartialSequence): Changed this into a pair of plain functions
        rather than two template function specializations since the two functions are rather different.
        For the one-byte version, got rid of the unused arguments. For the two-byte version, got rid
        of the ignored return value, stopped using the handleError function since each error case
        needs to be handled differently. In each error case consume the entire incorrect sequence
        instead of just one byte.
        (WebCore::TextCodecUTF8::decode): Updated for the above change, and changed the non-partial
        incorrect sequence to consume the entire incorrect sequence instead of just one byte. Also
        use WTF prefixes explicitly so we don't  have to do "using namespace".
        (WebCore::TextCodecUTF8::encode): Got rid of unneeded type punning, and added some inline
        capacity to save one memory allocation when encoding shorter strings.

        * platform/text/TextCodecUTF8.h: Use pragma once. Intialize m_partialSequenceSize where it
        is defined and let the compiler generate the constructor. Updated for the changes above.

        * platform/text/TextEncoding.h: Export a constructor now used by a unit test.
        * platform/text/TextEncodingRegistry.h: Export newTextCodec, now used by a unit test.

2016-04-22  Keith Miller  <keith_miller@apple.com>

        buildObjectForEventListener should not call into JSC with a null ExecState
        https://bugs.webkit.org/show_bug.cgi?id=156923

        Reviewed by Joseph Pecoraro.

        If a user had disabled JavaScript on their page then the inspector tried to
        add an event listener we would fail to create an ExecState. Since we didn't
        check this ExecState was valid we would then attempt to stringify the value,
        which would cause JSC to crash.

        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):

2016-09-16  Chris Dumez  <cdumez@apple.com>

        Cancelling one frame's load cancels load in other frames that have the same URL as well
        https://bugs.webkit.org/show_bug.cgi?id=162094

        Reviewed by Antti Koivisto.

        Cancelling one frame's load cancels load in other frames that have the same URL as well.

        So if you have several frames that are loading URL X and you navigate one of the frames
        to Y, then the load of X will be cancelled and this frame will navigate to Y. All other
        frames will not load URL X even though they should.

        The issue is that all the DocumentLoaders share the same CachedResource because of the
        memoryCache. When we call DocumentLoader::stopLoading(), it will cancel the
        CachedResource's load even though there are several clients for this CachedResource
        and other clients still want the load.

        The approach chosen in this patch is to not reuse CachedResources that are still
        loading when trying to load a main resource. This is not the most efficient approach.
        I still chose this approach because:
        - It is very unlikely to introduce new bugs.
        - The change is very simple.
        - This is a corner case (several iframes having the same URL and cancelling the load in
          one of them).

        Test: http/tests/navigation/frames-same-url-cancel-load.html

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):

2017-04-21  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r205374): <li> content inside <ul> should mid-word wrap when word-break: break-word is present.
        https://bugs.webkit.org/show_bug.cgi?id=171108
        <rdar://problem/30271747>

        Reviewed by Dan Bernstein.

        This patch ensures that we search for mid-word breaks when a zero sized element has been committed on the line
        unless it's an image or some other replaced element with special properties (e.g. list-style: inside).  

        Tests: fast/replaced/ul-li-word-break-break-word.html
               fast/replaced/zero-width-image-force-linebreak.html

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::handleReplaced):
        (WebCore::BreakingContext::handleText): This matches pre-r205374 behaviour, but it's explicit about whether a 
        replaced width has already been committed on the current line.
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::commit):
        * rendering/line/LineWidth.h:
        (WebCore::LineWidth::hasCommittedReplaced):
        (WebCore::LineWidth::addUncommittedReplacedWidth): These 2 last functions were removed with r205374 (and now I am adding them back). 

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        Move make-js-file-arrays.py from WebCore to JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=174024

        Reviewed by Michael Catanzaro.

        * CMakeLists.txt: Explicitly add files generated by MAKE_JS_FILE_ARRAYS to the build, since the macro no longer
        does it.
        * DerivedSources.make: Updated to use make-js-file-arrays.py from JavaScriptCore. It's no longer needed to set
        PYTHON_PATH to find jsmin.py.

2017-07-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        Move make-js-file-arrays.py from WebCore to JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=174024

        Reviewed by Michael Catanzaro.

        * CMakeLists.txt: Explicitly add files generated by MAKE_JS_FILE_ARRAYS to the build, since the macro no longer
        does it.
        * DerivedSources.make: Updated to use make-js-file-arrays.py from JavaScriptCore. It's no longer needed to set
        PYTHON_PATH to find jsmin.py.

2017-01-25  Konstantin Tokarev  <annulen@yandex.ru>

        Removed leftovers of pre-2015 VisualStudio support
        https://bugs.webkit.org/show_bug.cgi?id=167434

        Reviewed by Alex Christensen.

        No new tests needed.

        * platform/graphics/filters/FEConvolveMatrix.cpp: Replaced MSC_VER
        usage with COMPILER(MSVC)

2016-12-11  Darin Adler  <darin@apple.com>

        Use std::vsnprintf instead of vasprintf
        https://bugs.webkit.org/show_bug.cgi?id=165740

        Reviewed by Sam Weinig.

        * platform/FileHandle.cpp:
        (WebCore::FileHandle::printf): Use vsnprintf, including StringExtras.h to
        ensure compatibility with older versions of the Visual Studio library,
        and Vector for the buffer. Use inline capacity in the vector so we normally
        don't need to allocate any memory on the heap.
        * xml/XSLTUnicodeSort.cpp:
        (xsltTransformErrorTrampoline): Ditto.
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::XMLDocumentParser::error): Ditto.

2016-08-26  Csaba Osztrogonác  <ossy@webkit.org>

        Typo fix after r56209
        https://bugs.webkit.org/show_bug.cgi?id=161246

        Reviewed by Gyuyoung Kim.

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustMediaTypeForPrinting):

2016-06-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
        https://bugs.webkit.org/show_bug.cgi?id=158297

        Reviewed by Darin Adler.

        In an effort to reduce the flash of unstyled content, we force all elements
        to have display: none during an external stylesheet load. We do this by
        ignoring the CSS cascade and forcing all elements to have a placeholder style
        which hardcodes display: none. (This is necessary to make elements created by
        script during the stylesheet load not flash.)

        This style is exposed to web content via getComputedStyle(), which means it
        needs to maintain the invariant that font-families can never be null strings.
        We enforce this by forcing the font-family to be the standard font name.

        Test: fast/text/placeholder-renderstyle-null-font.html

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::ensurePlaceholderStyle):

2017-01-04  Babak Shafiei  <bshafiei@apple.com>

        Build fix for r210288.

2017-01-04  Babak Shafiei  <bshafiei@apple.com>

        Merge patch for r210288.

    2016-12-22  Brent Fulgham  <bfulgham@apple.com>

            Correct DOMWindow handling during FrameLoader::clear
            https://bugs.webkit.org/show_bug.cgi?id=166357
            <rdar://problem/29741862>

            Reviewed by Andy Estes.

            Make sure that we always clean up the DOM window when clearing Window properties, even if the document will
            remain in the page cache. Since 'clearWindowShell' is only used in FrameLoader, divide it's beahvior into
            two steps:
        
            1. Rename 'clearWindowShell' to 'clearWIndowShellsNotMatchingDOMWindow' to better describe its function.
            Switch to a modern C++ loop. Do not switch to the new DOMWindow here, but detach and clear existing
            DOMWindow connections.

            2. Add a new method 'setDOMWindowForWindowShell'. Complete switch to the new DOMWindow.

            This change allows us to disconnect the old DOMWindow, perform the 'setDocument(nullptr)' operation, and then
            connect to the new Window without leaving the loader in an inconsistent state.

            * loader/bindings/js/ScriptController.cpp:
            (WebCore::clearWindowShellsNotMatchingDOMWindow): Renamed from 'clearWindowShell'
            (WebCore::setDOMWindowForWindowShell): Added.
            * loader/bindings/js/ScriptController.h:
            * loader/FrameLoader.cpp:
            (WebCore::FrameLoader::clear): Revise to use the new two-step DOMWindow switch logic.

2016-10-28  Brent Fulgham  <bfulgham@apple.com>

        Do a better job of protecting Frame objects in the context of JavaScript calls
        https://bugs.webkit.org/show_bug.cgi?id=164163
        <rdar://problem/28955249>

        Reviewed by Darin Adler.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::respondToUnappliedSpellCorrection): Protected the Frame.
        * editing/Editor.cpp:
        (WebCore::Editor::setTextAsChildOfElement): Ditto.
        * editing/EditorCommand.cpp:
        (WebCore::executeSwapWithMark): Ditto.
        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::deleteKeyPressed): Ditto.
        (WebCore::TypingCommand::forwardDeleteKeyPressed): Ditto.
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::replaceNodeFromPasteboard): Ditto.
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::contextMenuItemSelected): Ditto.
        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::collapse): Ditto.
        (WebCore::DOMSelection::collapseToEnd): Ditto.
        (WebCore::DOMSelection::collapseToStart): Ditto.
        (WebCore::DOMSelection::setBaseAndExtent): Ditto.
        (WebCore::DOMSelection::setPosition): Ditto.
        (WebCore::DOMSelection::modify): Ditto.
        (WebCore::DOMSelection::extend): Ditto.
        (WebCore::DOMSelection::addRange): Ditto.
        (WebCore::DOMSelection::deleteFromDocument): Ditto.
        * page/DragController.cpp:
        (WebCore::setSelectionToDragCaret): Ditto.
        (WebCore::DragController::startDrag): Ditto.
        * page/Frame.cpp:
        (WebCore::Frame::checkOverflowScroll): Ditto.
        * page/TextIndicator.cpp:
        (WebCore::TextIndicator::createWithRange): Ditto.

2017-06-06 Konstantin Tokarev  <annulen@yandex.ru>

        [MediaFoundation] Volume controls of different media elements should be independent
        https://bugs.webkit.org/show_bug.cgi?id=172967

        Based on patch by Vitaly Slobodin <vitaliy.slobodin@gmail.com>
        Reviewed by Alex Christensen.

        IMFSimpleAudioVolume interface controls master volume of the
        application. We should use IMFAudioStreamVolume interface instead.

        No new tests needed.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
        (WebCore::MediaPlayerPrivateMediaFoundation::setAllChannelVolumes):
        (WebCore::MediaPlayerPrivateMediaFoundation::setVolume):
        (WebCore::MediaPlayerPrivateMediaFoundation::setMuted):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-10-27  Brent Fulgham  <bfulgham@apple.com>

        Prevent hit tests from being performed on an invalid render tree
        https://bugs.webkit.org/show_bug.cgi?id=163877
        <rdar://problem/28675761>

        Reviewed by Simon Fraser.

        Changeset r200971 added code to ensure that layout is up-to-date before hit testing, but did
        so only for the main frame. It was still possible to enter cross-frame hit testing with a
        subframe needing style recalc. In that situation, the subframe's updateLayout() would get
        called, which could trigger a compositing change that marked the parent frame as needing style
        recalc. A subsequent layout on the parent frame (for example by hit testing traversing into
        a second subframe) could then mutate the parent frame's layer tree while hit testing was
        traversing it.
        
        This patch modifies the hit test logic to ensure that a recursive layout is performed so that
        we always perform hit tests on a clean set of frames. It also adds some assertions to warn
        us if we encounter this invalid state.

        Tested by fast/layers/prevent-hit-test-during-layout.html.

        * dom/Document.cpp:
        (WebCore::Document::scheduleStyleRecalc): Assert that we are not hit testing
        during style recalculation.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::hitTestResultAtPoint): Ensure that we have a clean render tree
        when hit testing.
        * page/FrameView.cpp:
        (WebCore::FrameView::setNeedsLayout): Assert that we are not in the process of hit testing
        when we schedule a layout.
        * rendering/RenderView.cpp:
        (WebCore::RenderView::hitTest): Mark RenderView as in an active hit test.
        * rendering/RenderView.h:

2016-10-24  Zalan Bujtas  <zalan@apple.com>

        Do not update selection rect on dirty lineboxes.
        https://bugs.webkit.org/show_bug.cgi?id=163862
        <rdar://problem/28813156>

        Reviewed by Simon Fraser.

        In certain cases RenderBlock::updateFirstLetter() triggers
        unwanted render tree mutation while the caller assumes intact renderers.
        This patch ensures that no renderers gets destroyed while computing the preferred widths
        when we are outside of layout context.

        Test: fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computePreferredLogicalWidths):
        (WebCore::RenderBlock::updateFirstLetter):
        * rendering/RenderBlock.h:
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::updateFirstLetter):
        * rendering/RenderRubyRun.h:
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::updateFirstLetter):
        * rendering/RenderTable.h:
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::updateFirstLetter):
        * rendering/svg/RenderSVGText.h:

2016-12-22  Brent Fulgham  <bfulgham@apple.com>

        Nested calls to setDocument can omit firing 'unload' events
        https://bugs.webkit.org/show_bug.cgi?id=166422
        <rdar://problem/29763012>

        Reviewed by Alex Christensen.

        Test: fast/loader/nested-document-handling.html

        Only allow a single document change to be taking place during a given runloop cycle.

        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL): Block script changing the document
        when we are in the middle of changing the document.
        * page/Frame.cpp:
        (WebCore::Frame::setDocument): Keep track of document change state.
        * page/Frame.h:

2016-07-13  Brent Fulgham  <bfulgham@apple.com>

        CSSStyleSheet members should clear their owner node when destroyed
        https://bugs.webkit.org/show_bug.cgi?id=117470

        Reviewed by Chris Dumez.

        Make sure that CSSStyleSheet members are detached from their owner node when
        the owning object is destroyed.

        I audited other CSSStyleSheet uses, and found one other place where the owner node was not
        being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
        handle the node ownership properly.

        Fix based on a Blink change (patch by <haraken@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>

        Also includes a follow-up fix (patch by <haraken@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>

        No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.

        * contentextensions/ContentExtensionStyleSheet.cpp:
        (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
        * contentextensions/ContentExtensionStyleSheet.h:
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
        (WebCore::authorStyleSheetsForElement):

2017-03-07  Dave Hyatt  <hyatt@apple.com>

        Animated GIFs fail to play in multi-column layout
        https://bugs.webkit.org/show_bug.cgi?id=167901
        <rdar://problem/30382262>

        Reviewed by Zalan Bujtas.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeRectForRepaint):
        Make sure to handle the case where we pass in a null repaintContainer and need
        to cross a multicolumn flow thread -> region boundary as a result.

2016-11-30  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: layoutState->m_renderer == this in WebCore::RenderBlock::offsetFromLogicalTopOfFirstPage
        https://bugs.webkit.org/show_bug.cgi?id=155364
        <rdar://problem/27720461>

        Reviewed by David Hyatt.

        RenderNamedFlowThread is considered to be a root for the current renderer context so
        we need to bail out from the containing block traversal here (like we do for the RenderView). 

        Test: fast/replaced/replaced-element-with-percentage-width-inside-flow-asserts.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing):

2017-06-05  Konstantin Tokarev  <annulen@yandex.ru>

        Unreviewed, fix missing semicolon in r217795

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::calculateNaturalSize):

2017-06-05  Konstantin Tokarev  <annulen@yandex.ru>

        Fix MediaPlayerPrivateMediaFoundation::naturalSize
        https://bugs.webkit.org/show_bug.cgi?id=172908

        Reviewed by Alex Christensen.

        MediaPlayerPrivateMediaFoundation::naturalSize should return size of
        video frame corrected by PAR, not size of video element.

        No new tests needed.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::load):
        (WebCore::MediaPlayerPrivateMediaFoundation::naturalSize):
        (WebCore::MediaPlayerPrivateMediaFoundation::setNaturalSize):
        (WebCore::calculateNaturalSize):
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::setMediaType):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2017-06-04  Konstantin Tokarev  <annulen@yandex.ru>

        Fix build of Windows-specific code with ICU 59.1
        https://bugs.webkit.org/show_bug.cgi?id=172729

        Reviewed by Darin Adler.

        Fix conversions from WTF::String to wchar_t* and vice versa.
        No new tests needed.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::mimeTypeCache):
        (WebCore::MediaPlayerPrivateMediaFoundation::startCreateMediaSource):

2016-12-18  Brent Fulgham  <bfulgham@apple.com>

        Side effects while restting form elements
        https://bugs.webkit.org/show_bug.cgi?id=165959
        <rdar://problem/29705967>

        Reviewed by Anders Carlsson.

        JavaScript logic can run while resetting FormElement objects. This can
        lead to unintended side-effets and other unwanted behavior. We should
        protect these elements during the reset.

        Test: fast/html/form-mutate.html

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::HTMLFormElement): Switch to C++11 initialization.
        (WebCore::HTMLFormElement::reset): Protect elements until the reset
        operation is finished.
        (WebCore::HTMLFormElement::resetAssociatedFormControlElements): Added to share
        code with 'resumeFromDocument'.
        (WebCore::HTMLFormElement::resumeFromDocument): Protect elements until the
        reset operation is finished.

2016-11-16  Brent Fulgham  <bfulgham@apple.com>

        Clear track client when removing a track
        https://bugs.webkit.org/show_bug.cgi?id=164842
        <rdar://problem/29213621>

        Reviewed by Eric Carlson.

        Call 'clearClient' when removing a track from an HTMLMediaElement.

        Test: media/track/audio-track-add-remove.html
              media/track/video-track-add-remove.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::removeAudioTrack): Call 'clearClient'
        (WebCore::HTMLMediaElement::removeVideoTrack): Ditto.

2016-11-11  Brent Fulgham  <bfulgham@apple.com>

        Unreviewed build fix after r208628

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readTerminal): Cast pointer arithmetic to
        uint32_t to avoid warning.

2016-11-11  Brent Fulgham  <bfulgham@apple.com>

        Neutered ArrayBuffers are not properly serialized
        https://bugs.webkit.org/show_bug.cgi?id=164647
        <rdar://problem/29213490>

        Reviewed by David Kilzer.

        Correct binding logic to handle ImageBuffers being deserialized from neutered ArrayBuffers.

        Test: fast/canvas/neutered-imagedata.html

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readTerminal):

2016-10-25  Daniel Bates  <dabates@apple.com>

        REGRESSION (r178265): XSS Auditor fails to block document.write() of incomplete tag
        https://bugs.webkit.org/show_bug.cgi?id=163978
        <rdar://problem/25962131>

        Reviewed by Darin Adler.

        During the tokenization process of an HTML tag the start and end positions of each of its
        attributes is tracked so that the XSS Auditor can request a snippet around a suspected
        injected attribute. We need to take care to consider document.write() boundaries when
        tracking the start and end positions of each HTML tag and attribute so that the XSS Auditor
        receives the correct snippet. Following r178265 we no longer consider document.write()
        boundaries when tracking the start and end positions of attributes. So, the substring
        represented by the start and end positions of an attribute may correspond to some other
        attribute in the tag. Therefore the XSS Auditor may fail to block an injection because the
        snippet it requested may not be the snippet that it intended to request.

        Tests: http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror.html
               http/tests/security/xssAuditor/dom-write-location-open-img-onerror.html
               http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror.html

        * html/parser/HTMLSourceTracker.cpp:
        (WebCore::HTMLSourceTracker::startToken): Set the attribute base offset to be the token
        start position.
        (WebCore::HTMLSourceTracker::source): Use the specified attribute start position as-is. We no
        longer adjust it here because it was adjusted with respect to the attribute base offset, which
        takes into account document.write() boundaries.
        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::setAttributeBaseOffset): Added.
        (WebCore::HTMLToken::beginAttribute): Subtract attribute base offset from the specified offset.
        (WebCore::HTMLToken::endAttribute): Ditto.
        * html/parser/HTMLTokenizer.h:
        (WebCore::HTMLTokenizer::setTokenAttributeBaseOffset): Added.

2016-10-26  Zalan Bujtas  <zalan@apple.com>

        Ignore out-of-flow siblings when searching for a spanner candidate.
        https://bugs.webkit.org/show_bug.cgi?id=164042.
        <rdar://problem/28758456>

        Reviewed by Simon Fraser.

        While searching for the spanner candidates in a flow thread, we have to take into account
        whether renderers are in- or out-of-flow.
        What it means is that while traversing the renderer tree to find the the candidate
        renderer (next sibling/ancestor's next child in pre-order traversal), we have to check if the candidate
        is in the same layout context too.

        Test: fast/multicol/crash-when-spanner-candidate-is-out-of-flow.html

        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::spannerPlacehoderCandidate):
        (WebCore::RenderMultiColumnFlowThread::processPossibleSpannerDescendant):

2016-10-19  Zalan Bujtas  <zalan@apple.com>

        Use anonymous table row for new child at RenderTableRow::addChild() if available.
        https://bugs.webkit.org/show_bug.cgi?id=163651
        <rdar://problem/28705022>

        Reviewed by David Hyatt.

        We should try to prevent the continuation siblings from getting separated and inserted into
        wrapper renderers. It makes finding these continuation siblings difficult.
        This patch adds a checks for anonymous table rows so that we could find a closer common ancestor of
        beforeChild/new child. 

        Test: fast/table/crash-when-table-has-continuation-and-content-inserted.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::showRenderObject): Add continuation information.
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::addChild):

2016-10-20  Dean Jackson  <dino@apple.com>

        SVG should not paint selection within a mask
        https://bugs.webkit.org/show_bug.cgi?id=163772
        <rdar://problem/28705129>

        Reviewed by Simon Fraser.

        When masking content, we shouldn't paint the text
        selection as we are rendering into the masking
        offscreen buffer.

        Test: svg/masking/mask-should-not-paint-selection.html

        * rendering/PaintPhase.h: Add a new behavior - PaintBehaviorSkipSelectionHighlight.
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::paint): Don't update the selectionStyle if
        PaintBehaviorSkipSelectionHighlight is true.
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::renderSubtreeToImageBuffer): Add PaintBehaviorSkipSelectionHighlight
        to the PaintInfo.

2016-10-21  Zalan Bujtas  <zalan@apple.com>

        Do not mutate the render tree while collecting selection repaint rects.
        https://bugs.webkit.org/show_bug.cgi?id=163800
        <rdar://problem/28806886>

        Reviewed by David Hyatt.

        RenderListItem not only mutates the tree while in layout but it also uses
        the old descendant context to find the insertion point.
        This patch strictly ensures that we only do it while in layout and never
        in other cases such as collecting repaint rects.
        This gets redundant when webkit.org/b/163789 is fixed.

        Test: fast/lists/crash-when-list-marker-is-moved-during-selection.html

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):

2016-10-21  Jer Noble  <jer.noble@apple.com>

        CRASH in SourceBuffer::sourceBufferPrivateDidReceiveSample + 2169
        https://bugs.webkit.org/show_bug.cgi?id=163735

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-sample-wrong-track-id.html

        When SourceBuffer receives a sample in sourceBufferPrivateDidReceiveSample() containing
        a trackID not previously seen in an initialization segment, it creates a default TrackBuffer
        object to contain that track's samples. One of the fields in TrackBuffer, description, is
        normally filled out when an initialization segment is received, but with this default
        TrackBuffer, it's still null when it's checked later in sourceBufferPrivateDidReceiveSample().

        Rather than adding a null-check on trackBuffer.description, drop any sample that has a 
        trackID which was not present during a previous initialization segment.

        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):

2016-10-20  Zalan Bujtas  <zalan@apple.com>

        Stop searching for first-letter containers at multi-column boundary.
        https://bugs.webkit.org/show_bug.cgi?id=163739
        <rdar://problem/28810750>

        We should not cross the multi-column boundary while searching for the first-letter container.
        While moving first-letter renderers to a multi-column parent, it could result in finding the wrong
        container and end up adding a new wrapper under the original container (from where we are moving the renderers).    

        Reviewed by David Hyatt.

        Test: fast/css-generated-content/first-letter-move-to-multicolumn-crash.html

        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::moveChildrenTo):
        * rendering/RenderTextFragment.cpp:
        (WebCore::RenderTextFragment::blockForAccompanyingFirstLetter):

2016-10-18  Brent Fulgham  <bfulgham@apple.com>

        Correct Document::removeAllEventListeners
        https://bugs.webkit.org/show_bug.cgi?id=163558
        <rdar://problem/28716840>

        Reviewed by Chris Dumez.

        Tested by fast/dom/node-move-to-new-document-crash-main.html.

        * dom/Document.cpp:
        (WebCore::Document::removeAllEventListeners): Clear out the wheel and
        touch event targets when clearing all data.

2016-10-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix the build with coordinated graphics enabled after r206712.

        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::attachNode):

2016-10-01  Simon Fraser  <simon.fraser@apple.com>

        Bad cast when CSS position programmatically changed from -webkit-sticky to fixed
        https://bugs.webkit.org/show_bug.cgi?id=160826

        Reviewed by Zalan Bujtas.
        
        If a scrolling state tree node changed type (e.g. from sticky to fixed), we'd fail
        to recreate the node so keep a node with the wrong type.
        
        Fix by destroying the node and making a new one with a new ID in this case. The
        new ID is necessary to ensure that the scrolling tree is updated.

        Test: fast/scrolling/sticky-to-fixed.html

        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::nodeTypeAndParentMatch):
        (WebCore::ScrollingStateTree::attachNode):
        (WebCore::ScrollingStateTree::stateNodeForID):
        * page/scrolling/ScrollingStateTree.h:

2016-09-17  David Kilzer  <ddkilzer@apple.com>

        MainThreadBridge needs an isolatedCopy() of SecurityOrigin
        <https://webkit.org/b/162116>
        <rdar://problem/27525870>

        Reviewed by Carlos Garcia Campos.

        Covered by existing tests.

        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
        Make an isolatedCopy() of SecurityOrigin here since that's the
        correct idiom to use when the object is passed from a worker
        thread back to the main thread.  Fix suggested by Daniel Bates.

2016-09-19  Anders Carlsson  <andersca@apple.com>

        Suppress JavaScript prompts early on in certain cases
        https://bugs.webkit.org/show_bug.cgi?id=162243
        rdar://problem/27661602

        Reviewed by Geoffrey Garen.

        Export symbols needed by WebKit2.

        * loader/FrameLoader.h:
        * loader/FrameLoaderStateMachine.h:

2016-10-07  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r165103): labels list doesn't get invalidated when other lists are invalidated at document level
        https://bugs.webkit.org/show_bug.cgi?id=163145

        Reviewed by Darin Adler.

        The bug was caused by Document::invalidateNodeListAndCollectionCaches removing all node lists regardless
        of whether they have been invalidated or not.

        Fixed the bug by removing only those node lists that got invalidated via LiveNodeList::invalidateCache.

        Test: fast/dom/NodeList/form-labels-length.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::unregisterNodeListForInvalidation): Removed the conditional which allowed removal to
        happen while m_listsInvalidatedAtDocument is empty inside invalidateNodeListAndCollectionCaches.
        * dom/Document.h:
        * dom/Node.cpp:
        (WebCore::Document::invalidateNodeListAndCollectionCaches): Just remove the node lists being invalidated via
        LiveNodeList's invalidateCache, which calls unregisterNodeListForInvalidation, instead of removing them all.
        We make a copy of the list of node lists into a local vector because mutating HashMap while iterating over it
        is not a safe operation.

2016-09-22  Brady Eidson  <beidson@apple.com>

        IDBIndex.openCursor() matches indices on multiple object stores.
        <rdar://problem/28434463> and https://bugs.webkit.org/show_bug.cgi?id=158833

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/multiple-objectstore-index-cursor-collision-private.html
               storage/indexeddb/modern/multiple-objectstore-index-cursor-collision.html

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::buildIndexStatement): Need to include the object store id in the statement for
          index cursors, otherwise there will be collisions amongst multiple object stores that happen to
          share primary keys.
        (WebCore::IDBServer::SQLiteIDBCursor::bindArguments):

2016-09-12  Zalan Bujtas  <zalan@apple.com>

        Input type object and the associated render can go out of sync.
        https://bugs.webkit.org/show_bug.cgi?id=161871
        <rdar://problem/28178094>

        Reviewed by Antti Koivisto.

        Bail out when we've got a mismatched renderer.

        Test: fast/forms/assert-on-input-type-change.html

        * html/ImageInputType.cpp:
        (WebCore::ImageInputType::altAttributeChanged):

2016-09-22  Zalan Bujtas  <zalan@apple.com>

        Replace redundant prepareForDestruction() call with RELEASE_ASSERT in Document::removedLastRef.
        https://bugs.webkit.org/show_bug.cgi?id=162467

        Reviewed by Chris Dumez.

        Since r205786 fixed the root cause of webkit.org/b/159372, we no longer need the workaround.
        Replace it with a RELEASE_ASSERT to ensure clean state.

        No new tests, covered by existing test.

        * dom/Document.cpp:
        (WebCore::Document::removedLastRef):

2016-09-10  Chris Dumez  <cdumez@apple.com>

        It is possible for Document::m_frame pointer to become stale
        https://bugs.webkit.org/show_bug.cgi?id=161812
        <rdar://problem/27745023>

        Reviewed by Ryosuke Niwa.

        Document::m_frame is supposed to get cleared by Document::prepareForDestruction().
        The Frame destructor calls Frame::setView(nullptr) which is supposed to call the
        prepareForDestruction() on the Frame's associated document. However,
        Frame::setView(nullptr) was calling prepareForDestruction() only if
        Document::inPageCache() returned true. This is because, we allow Documents to
        stay alive in the PageCache even though they don't have a frame.

        The issue is that Document::m_inPageCache flag was set to true right before
        firing the pagehide event, so technically before really entering PageCache.
        Therefore, we can run into problems if a Frame gets destroyed by a pagehide
        EventHandler because ~Frame() will not call Document::prepareForDestruction()
        due to Document::m_inPageCache being true. After the frame is destroyed,
        Document::m_frame becomes stale and any action on the document will likely
        lead to crashes (such as the one in the layout test and the radar which
        happens when trying to unregister event listeners from the document).

        The solution adopted in this patch is to replace the m_inPageCache boolean
        with a m_pageCacheState enumeration that has 3 states:
        - NotInPageCache
        - AboutToEnterPageCache
        - InPageCache

        Frame::setView() / Frame::setDocument() were then updated to call
        Document::prepareForDestruction() on the associated document whenever
        the document's pageCacheState is not InPageCache. This means that we
        will now call Document::prepareForDestruction() when the document is
        being detached from its frame while firing the pagehide event.

        Note that I tried to keep this patch minimal. Therefore, I kept
        the Document::inPageCache() getter for now. I plan to switch all its
        calls sites to the new Document::pageCacheState() getter in a follow-up
        patch so that we can finally drop the confusing Document::inPageCache().

        Test: fast/history/pagehide-remove-iframe-crash.html

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::~Document):
        (WebCore::Document::createRenderTree):
        (WebCore::Document::destroyRenderTree):
        (WebCore::Document::setFocusedElement):
        (WebCore::Document::setPageCacheState):
        (WebCore::Document::topDocument):
        * dom/Document.h:
        (WebCore::Document::pageCacheState):
        (WebCore::Document::inPageCache):
        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::destroy):
        * history/PageCache.cpp:
        (WebCore::setPageCacheState):
        (WebCore::PageCache::addIfCacheable):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::stopAllLoaders):
        (WebCore::FrameLoader::open):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::invalidateCurrentItemCachedPage):
        * page/Frame.cpp:
        (WebCore::Frame::setView):

2016-08-08  John Wilander  <wilander@apple.com>

        Popups opened from a sandboxed iframe should themselves be sandboxed
        https://bugs.webkit.org/show_bug.cgi?id=134850
        <rdar://problem/27375388>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
            Now copies the opener's frame loader effective sandbox flags to the
            new frame loader.

2016-07-18  Brent Fulgham  <bfulgham@apple.com>

        Don't associate form-associated elements with forms in other trees.
        https://bugs.webkit.org/show_bug.cgi?id=119451
        <rdar://problem/27382946>

        Change is based on the Blink change (patch by <adamk@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>

        Reviewed by Chris Dumez.

        Prevent elements from being associated with forms that are not part of the same home subtree.
        This brings us in line with the WhatWG HTML specification as of September, 2013.

        Tests: fast/forms/image-disconnected-during-parse.html
               fast/forms/input-disconnected-during-parse.html

        * dom/Element.h:
        (WebCore::Node::rootElement): Added.
        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
        is not part of the same tree, remove the association.
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::insertedInto): Ditto.

2016-08-30  Brent Fulgham  <bfulgham@apple.com>

        Use of uninitialised memory in TransformationMatrx::blend4()
        https://bugs.webkit.org/show_bug.cgi?id=134621
        <rdar://problem/27337539>

        Reviewed by Dean Jackson.

        Change is based on the Blink change (patch by <alancutter@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=177453&view=revision>

        TransformationMatrix::blend() was attempting to blend between non-invertable
        matricies. This resulted in garbage stack variables being used.
        This patch ensures that blend() will fall back to a 50% step interpolation
        when one of the sides are not invertable.

        Tested by new TransformationMatrix test in TestWebKitAPI.

        * platform/graphics/transforms/TransformationMatrix.cpp:
        (WebCore::TransformationMatrix::blend2): Properly handle failure in the
        decompose method calls.
        (WebCore::TransformationMatrix::blend4): Ditto.

2016-07-28  Chris Dumez  <cdumez@apple.com>

        Add support for Element.getAttributeNames()
        https://bugs.webkit.org/show_bug.cgi?id=160327

        Reviewed by Alex Christensen.

        Add support for Element.getAttributeNames():
        - https://dom.spec.whatwg.org/#dom-element-getattributenames

        Firefox already supports this, Chrome 52 does not yet.

        Test: fast/dom/Element/getAttributeNames.html

        * bindings/js/JSDOMBinding.h:
        (WebCore::JSValueTraits<AtomicString>::arrayJSValue):
        * dom/Element.cpp:
        (WebCore::Element::getAttributeNames):
        * dom/Element.h:
        * dom/Element.idl:

2016-07-21  John Wilander  <wilander@apple.com>

        Block mixed content synchronous XHR
        https://bugs.webkit.org/show_bug.cgi?id=105462
        <rdar://problem/13666424>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadRequest):

2016-07-26  Eric Carlson  <eric.carlson@apple.com>

        Occasional crash in WebCore::RenderVTTCue::initializeLayoutParameters
        https://bugs.webkit.org/show_bug.cgi?id=160208

        Reviewed by Darin Adler.

        * rendering/RenderVTTCue.cpp:
        (WebCore::RenderVTTCue::initializeLayoutParameters): Return when firstChild is NULL so a
        release build will not crash.

2016-12-22  Zalan Bujtas  <zalan@apple.com>

        Do not destroy the RenderNamedFlowFragment as leftover anonymous block.
        https://bugs.webkit.org/show_bug.cgi?id=166436
        rdar://problem/29772233

        Reviewed by Simon Fraser.

        When as the result of certain style change, the generated anonymous block is not needed anymore, we
        move its descendants up to the parent and destroy the generated box. While RenderNamedFlowFragment is a generated
        block, the cleanup code should just ignore it the same way we ignore boxes like multicolumn, mathml etc. 

        Test: fast/regions/flow-fragment-as-anonymous-block-crash.html

        * rendering/RenderObject.h:
        (WebCore::RenderObject::isAnonymousBlock):

2016-12-22  Daniel Bates  <dabates@apple.com>

        Bypass pop-up blocker from cross-origin or sandboxed frame
        https://bugs.webkit.org/show_bug.cgi?id=166290
        <rdar://problem/29742039>

        Reviewed by Darin Adler.

        Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html
               fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html
               fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the
        target frame to navigate with respect to the active document just as we do in WebCore::createWindow().

2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>

        Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
        https://bugs.webkit.org/show_bug.cgi?id=160011

        Reviewed by Chris Dumez.

        Add a null pointer check for renderer() call.

        Unfortunately no new tests since we don't have a reproduction.

        * editing/DeleteSelectionCommand.cpp:
        (WebCore::DeleteSelectionCommand::doApply):

2016-07-20  Chris Dumez  <cdumez@apple.com>

        PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
        https://bugs.webkit.org/show_bug.cgi?id=159962
        <rdar://problem/21439264>

        Reviewed by David Kilzer.

        PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
        is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
        call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
        However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
        other. It is therefore possible for a PostResolutionCallbackDisabler object to get
        destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
        ResourceLoadSuspender object is alive.

        This leads to hard to investigate crashes where we end up re-entering WebKit and killing
        the style resolver.

        This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
        There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
        is better because it manages a resolutionNestingDepth counter internally to make sure
        it only calls LoaderStrategy::resumePendingRequests() once all
        PostResolutionCallbackDisabler instances are destroyed.

        No new tests, there is no easy way to reproduce the crashes.

        * dom/Document.cpp:
        (WebCore::Document::styleForElementIgnoringPendingStylesheets):
        * loader/LoaderStrategy.cpp:
        (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
        (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
        * loader/LoaderStrategy.h:

2016-07-19  Simon Fraser  <simon.fraser@apple.com>

        Bubbles appear split for a brief moment in Messages
        https://bugs.webkit.org/show_bug.cgi?id=159915
        rdar://problem/27182267

        Reviewed by David Hyatt.

        RenderView::repaintRootContents() had a long-standing bug in WebView when the
        view is scrolled. repaint() uses visualOverflowRect() but, for the 
        RenderView, the visualOverflowRect() is the initial containing block
        which is anchored at 0,0. When the view is scrolled it's clipped out and
        calls to repaintRootContents() have no effect.
        
        Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
        will clip it to the view if necessary.

        Test: fast/repaint/scrolled-view-full-repaint.html

        * rendering/RenderView.cpp:
        (WebCore::RenderView::repaintRootContents):

2016-03-25  Brady Eidson  <beidson@apple.com>

        Soften push/replaceState frequency restrictions.
        <rdar://problem/25228439> and https://bugs.webkit.org/show_bug.cgi?id=155901

        Rubber-stamped by Timothy Hatcher.

        Covered by existing LayoutTests and a new Manual Test.

        * page/History.cpp:
        (WebCore::History::stateObjectAdded): Allow 100 state object operations every 30 seconds.
        * page/History.h:

2016-03-18  Mark Lam  <mark.lam@apple.com>

        JSDOMGlobalObject.h needs to #include StructureInlines.h.
        https://bugs.webkit.org/show_bug.cgi?id=155657

        Reviewed by Filip Pizlo.

        No new tests needed.  This is a build fix for the Win EWS.

        * bindings/js/JSDOMGlobalObject.h:

2017-03-09  Brady Eidson  <beidson@apple.com>

        Add WKURLSchemeHandler API for handling custom protocols.
        https://bugs.webkit.org/show_bug.cgi?id=169422

        Reviewed by Tim Horton.

        * platform/URLParser.cpp:
        (WebCore::URLParser::maybeCanonicalizeScheme):
        (WebCore::URLParser::isSpecialScheme):
        * platform/URLParser.h:

2017-03-15  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Add missing class member initializations
        https://bugs.webkit.org/show_bug.cgi?id=169665

        Reviewed by Michael Catanzaro.

        Zero-initialize the members in various TextureMapper classes
        that are missing the proper initialization, as reported by
        the Coverity tool.

        * platform/graphics/texmap/BitmapTexturePool.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsState.h:
        (WebCore::CoordinatedGraphicsLayerState::CoordinatedGraphicsLayerState):
        * platform/graphics/texmap/coordinated/SurfaceUpdateInfo.h:

2016-09-15  Keith Miller  <keith_miller@apple.com>

        Pragma out undefined-var-template warnings in JSC for JSObjects that are templatized
        https://bugs.webkit.org/show_bug.cgi?id=161985

        Reviewed by Alex Christensen.

        Delete unneeded using, which broke the build on newer versions of clang.

        * bridge/objc/WebScriptObject.mm:

2016-09-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        ASSERTION FAILED: The string being removed is atomic in the string table of an other thread! iterator != atomicStringTable.end() at Source/WTF/wtf/text/AtomicStringImpl.cpp(453)
        https://bugs.webkit.org/show_bug.cgi?id=161800

        Reviewed by Žan Doberšek.

        Speculative fix. These strings are created as static objects on a secondary thread, but all
        static objects are destroyed in exit handlers on the main thread, and AtomicStrings must
        always be destroyed on the same thread they are created.

        * platform/graphics/texmap/TextureMapperShaderProgram.h:

2017-01-12  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] WebKitWebProcess at 100% CPU loading hyphenation dictionaries
        https://bugs.webkit.org/show_bug.cgi?id=165601

        Reviewed by Carlos Garcia Campos.

        In HyphenationLibHyphen, retrieve the canonicalized absolute pathname of the dictionary file
        in order to avoid storing symbolic links as the target files for specific locales. libhyphen
        distributes its dictionary files by linking a set of similar locales files to a single file.
        Not resolving those symbolic links means we'll be opening a single file via multiple
        HyphenationDictionary objects, which is far from optimal.

        To add insult to injury, these HyphenationDictionary objects were stored in a TinyLRUCache
        with a slim capacity of 4. This meant that while already loading one single file through
        multiple symlinks, because of continuous eviciton from this LRU cache the same symlinks
        continued to be processed, in some cases resulting in opening the same dictionary file
        hundreds or thousands of times. The capacity of this TinyLRUCache is increased to 32
        to keep the amount of open libhyphen dictionaries capped at some reasonable number.

        * platform/text/hyphen/HyphenationLibHyphen.cpp:
        (WebCore::scanDirectoryForDicionaries):

2017-01-08  Konstantin Tokarev  <annulen@yandex.ru>

        Introduce CPU(X86_SSE2) instead of various SSE2 checks
        https://bugs.webkit.org/show_bug.cgi?id=166808

        Reviewed by Michael Catanzaro.

        Now copyLCharsFromUCharSource can use SSE2 implementation on non-Darwin
        OSes, and all SSE2 code paths are available for MSVC on x86 if /arch:SSE2
        or higher is enabled, and for MSVC on x86_64.

        No new tests needed.

        * platform/audio/SincResampler.cpp:
        (WebCore::SincResampler::process):
        * platform/audio/VectorMath.cpp:
        (WebCore::VectorMath::vsma):
        (WebCore::VectorMath::vsmul):
        (WebCore::VectorMath::vadd):
        (WebCore::VectorMath::vmul):
        (WebCore::VectorMath::zvmul):
        (WebCore::VectorMath::vsvesq):
        (WebCore::VectorMath::vmaxmgv):

2016-09-26  Per Arne Vollan  <pvollan@apple.com>

        [Win][Debug] Compile fix.
        https://bugs.webkit.org/show_bug.cgi?id=162550

        Reviewed by Alex Christensen.

        Windows headers need the FragmentForwardIterator '==' operator in debug mode.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::FragmentForwardIterator::operator==):

2016-04-06  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Videos are always autoplaying.
        https://bugs.webkit.org/show_bug.cgi?id=156284

        Reviewed by Alex Christensen.

        Videos are autoplaying because the MediaFoundation implementation always starts playback
        after the load method has been called. When the load method has been called, we should
        only start buffering data, not automatically start the playback. This has been fixed by
        implementing the prepareToPlay method, and calling this instead of the play method.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::MediaPlayerPrivateMediaFoundation):
        (WebCore::MediaPlayerPrivateMediaFoundation::load):
        (WebCore::MediaPlayerPrivateMediaFoundation::prepareToPlay):
        (WebCore::MediaPlayerPrivateMediaFoundation::play):
        (WebCore::MediaPlayerPrivateMediaFoundation::networkState):
        (WebCore::MediaPlayerPrivateMediaFoundation::startSession):
        (WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
        (WebCore::MediaPlayerPrivateMediaFoundation::updateReadyState):
        (WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet):
        (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStarted):
        (WebCore::MediaPlayerPrivateMediaFoundation::onBufferingStopped):
        (WebCore::MediaPlayerPrivateMediaFoundation::onSessionEnded):
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::updateDestRect):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-03-30  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Video size is not always set.
        https://bugs.webkit.org/show_bug.cgi?id=156020

        Reviewed by Darin Adler.

        Getting the video display control object from the media session might fail the first time.
        In case it fails, we should try again when setting the video size.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::setSize):
        (WebCore::MediaPlayerPrivateMediaFoundation::getVideoDisplay):
        (WebCore::MediaPlayerPrivateMediaFoundation::onTopologySet):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-03-21  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Crash when media player is destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=155716

        Reviewed by Alex Christensen.

        Increase the reference count on the video presenter object in the ActivateObject method
        to avoid referencing a deleted object when the media player is destroyed.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::ActivateObject):

2016-03-14  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Implement float versions of MediaPlayer methods.
        https://bugs.webkit.org/show_bug.cgi?id=155357

        Reviewed by Brent Fulgham.

        It is better to implement the float versions of some of the MediaPlayer methods,
        since the default implementation of the double versions is to call the float version.
        Also added override keyword to overridden methods.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::seeking):
        (WebCore::MediaPlayerPrivateMediaFoundation::seek):
        (WebCore::MediaPlayerPrivateMediaFoundation::setRate):
        (WebCore::MediaPlayerPrivateMediaFoundation::duration):
        (WebCore::MediaPlayerPrivateMediaFoundation::currentTime):
        (WebCore::MediaPlayerPrivateMediaFoundation::seekDouble): Deleted.
        (WebCore::MediaPlayerPrivateMediaFoundation::setRateDouble): Deleted.
        (WebCore::MediaPlayerPrivateMediaFoundation::durationDouble): Deleted.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-02-23  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Implement methods to set volume.
        https://bugs.webkit.org/show_bug.cgi?id=154580

        Reviewed by Alex Christensen.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::paused):
        (WebCore::MediaPlayerPrivateMediaFoundation::setVolume):
        (WebCore::MediaPlayerPrivateMediaFoundation::supportsMuting):
        (WebCore::MediaPlayerPrivateMediaFoundation::setMuted):
        (WebCore::MediaPlayerPrivateMediaFoundation::networkState):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2016-11-21  Konstantin Tokarev  <annulen@yandex.ru>

        Disable #line markers in bison output on Windows
        https://bugs.webkit.org/show_bug.cgi?id=164973

        Reviewed by Darin Adler.

        New bison versions since 3.0 have bug that causes unescaped paths
        to be printed in #line directives. On Windows CMake passes absolute
        paths to bison that have backslashes in them, leading to compiler
        errors or warnings because of unrecognized escape sequences.

        No new tests needed.

        * css/makegrammar.pl:

2016-10-17  Fujii Hironori  <Hironori.Fujii@sony.com>

        preprocessor.pm: cl.exe outputs processing filenames if Windows Perl is used
        https://bugs.webkit.org/show_bug.cgi?id=163435

        Reviewed by Alex Christensen.

        cl.exe outputs processing filenames to stderr. Suppress this
        annoying messages by using open3 instead of open2.

        * bindings/scripts/preprocessor.pm:
        (applyPreprocessor): Use open3 in case of Windows Perl.

2016-09-28  Khaled Hosny  <khaledhosny@eglug.org>

        Use new woff2 API
        https://bugs.webkit.org/show_bug.cgi?id=162608

        Reviewed by Michael Catanzaro.

        Test: fast/text/woff2-totalsfntsize.html

        * platform/graphics/WOFFFileFormat.cpp:
        (WebCore::WOFF2VectorOut::WOFF2VectorOut):
        (WebCore::WOFF2VectorOut::Write):
        (WebCore::WOFF2VectorOut::Size):
        (WebCore::convertWOFFToSfnt):

2016-09-02  Zalan Bujtas  <zalan@apple.com>

        Should never be reached failure in WebCore::floatValueForLength
        https://bugs.webkit.org/show_bug.cgi?id=139397
        <rdar://problem/27704376>

        Reviewed by Simon Fraser.

        floatValueForLength can't resolve unspecified Length types. Filter them out and return 0 as if they were auto.

        Test: svg/css/assert-on-non-resolvable-dimension.html

        * svg/SVGLengthContext.cpp:
        (WebCore::SVGLengthContext::valueForLength):

2016-09-02  Zalan Bujtas  <zalan@apple.com>

        ASSERT_NOT_REACHED() is touched in WebCore::valueForLength
        https://bugs.webkit.org/show_bug.cgi?id=123337
        <rdar://problem/27684121>

        Reviewed by Simon Fraser.

        Do not try to use unspecified height value while resolving logical height for table row.

        Test: fast/table/assert-on-non-resolvable-row-dimension.html

        * rendering/RenderTableCell.h:
        (WebCore::RenderTableCell::logicalHeightForRowSizing):

2016-09-02  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !m_committedWidth in WebCore::LineWidth::fitBelowFloats
        https://bugs.webkit.org/show_bug.cgi?id=149462
        <rdar://problem/27710841>

        Reviewed by David Hyatt.

        In certain cases (multiple spans on the same line with negativ marings), the LineWidth::m_committedWidth > 0
        check is not sufficient to decide if some content has already been committed to the current line.
        This patch adds a flag to indicate if we ever committed to the current line. 

        Test: fast/text/assert-when-text-with-negative-margin-sibling-does-not-fit.html

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::handleText):
        * rendering/line/LineWidth.h:
        (WebCore::LineWidth::hasCommitted):

2016-08-31  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !flow->layer() && !flow->isInlineElementContinuation() in WebCore::RenderBlock::addContinuationWithOutline
        https://bugs.webkit.org/show_bug.cgi?id=151022
        <rdar://problem/27710993>

        Reviewed by Simon Fraser.

        Certain CSS properties like opacity, mask etc (graphical group members) require the layer to be a non-normal flow,
        self painting layer so that we can manage painting properly. However in addition to those CSS properties, some of the will-change
        values (again, graphical group members) also require the layer to be non-normal flow, self painting.
        This patch ensures that when deciding whether a layer should be a normal flow layer, we take the will-change values into account as well.

        Tests: compositing/layer-creation/assert-on-inline-element-with-will-change.html
               compositing/layer-creation/will-change-on-normal-flow-content.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/style/WillChangeData.cpp:
        (WebCore::propertyCreatesGraphicalGroup):
        (WebCore::WillChangeData::addFeature):
        * rendering/style/WillChangeData.h:
        (WebCore::WillChangeData::canCreateGraphicalGroup):
        (WebCore::WillChangeData::canTriggerCompositingOnInline): Deleted.

2016-08-26  Zalan Bujtas  <zalan@apple.com>

        ASSERT_NOT_REACHED() is touched in WebCore::minimumValueForLength
        https://bugs.webkit.org/show_bug.cgi?id=125781
        <rdar://problem/27684457>

        Reviewed by Simon Fraser.

        RenderTableSection::calcRowLogicalHeight misused minimumValueForLength to fallback to 0 for non-fixed values.
        While this patch fixes the assertion, the table section code needs works to support calc values. See webkit.org/b/161273.   

        Test: fast/table/assert-on-min-max-content-values.html

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::calcRowLogicalHeight):

2016-08-24  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: contentSize >= 0 in WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax
        https://bugs.webkit.org/show_bug.cgi?id=155700
        <rdar://problem/27720727>

        Reviewed by David Hyatt.

        RenderBox::m_minPreferredLogicalWidth/m_maxPreferredLogicalWidth don't need special initial value since
        preferredLogicalWidthsDirty flag guards them. -1 as initial value can cause problems for renderers that don't
        override RenderBox::computePreferredLogicalWidths().    

        Test: fast/ruby/assert-when-content-size-is-negative.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::RenderBox):
        (WebCore::RenderBox::dirtyLineBoxes):
        (WebCore::RenderBox::deleteLineBoxWrapper):
        * rendering/RenderBox.h:

2016-08-24  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: childrenInline() in WebCore::RenderBlockFlow::hasLines
        https://bugs.webkit.org/show_bug.cgi?id=139396
        <rdar://problem/27704339>

        Reviewed by David Hyatt.

        RenderBlockFlow::hasLines() should be able to handle the block-children case.

        Test: fast/ruby/assert-with-block-rt-child-and-emphasis.html

        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::hasLines): Deleted.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::hasLines):
        * rendering/RenderBlockFlow.h:

2016-08-23  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !view().layoutStateEnabled() || style().styleType() == FIRST_LETTER in WebCore::RenderInline::clippedOverflowRectForRepaint
        https://bugs.webkit.org/show_bug.cgi?id=155363
        <rdar://problem/27720434>

        Reviewed by David Hyatt.

        Loosen ASSERT to include calls when the inline has a self painting layer. It's valid to end up here during layout when
        the layer's composite state changes.

        Test: fast/layers/assert-on-self-painting-inline-with-scrolling.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::clippedOverflowRectForRepaint):

2016-08-23  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: hasOverflowingCell == this->hasOverflowingCell() in WebCore::RenderTableSection::computeOverflowFromCells
        https://bugs.webkit.org/show_bug.cgi?id=155702
        <rdar://problem/27720731>

        Reviewed by David Hyatt.

        The simplified layout path for table/section should also clear the slow path flag for visual overflow (since it recomputes
        the overflow for the descendant cells). 

        Test: fast/table/assert-when-visual-overflow-is-cleared.html

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::layout):

2016-08-24  Chris Dumez  <cdumez@apple.com>

        Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
        https://bugs.webkit.org/show_bug.cgi?id=161083
        <rdar://problem/27986937>

        Reviewed by Darin Adler.

        Call cancelParsing() right before re-creating the new parser in
        Document::implicitOpen(). We would previously call removeChildren()
        in between which is was an issue because it can cause JS to be
        executed and therefore the parser to be re-created after we have
        cancelled parsing.

        No new tests, unskipped html/browsers/browsing-the-web/unloading-documents/004.html
        which was consistently crashing.

        * dom/Document.cpp:
        (WebCore::Document::implicitOpen):

2016-08-25  Zalan Bujtas  <zalan@apple.com>

        Infinite recursion crash in WebCore::RenderBlockFlow::layoutBlock
        https://bugs.webkit.org/show_bug.cgi?id=139474
        <rdar://problem/27705190>

        Reviewed by David Hyatt.

        We should just give up trying to avoid widow when the page is too small to break line.

        Test: fast/multicol/assert-on-small-page-height-with-widow.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::clearShouldBreakAtLineToAvoidWidowIfNeeded):
        (WebCore::RenderBlockFlow::adjustLinePositionForPagination):
        * rendering/RenderBlockFlow.h:

2016-05-03  Pranjal Jumde  <pjumde@apple.com>

        WorkerGlobalScope's self, location and navigator attributes should not be replaceable
        https://bugs.webkit.org/show_bug.cgi?id=157296
        <rdar://problem/25962738>

        Reviewed by Chris Dumez.

        Tests: http/tests/workers/location-readonly.html
               http/tests/workers/navigator-readonly.html
               http/tests/workers/self-readonly.html

        * workers/WorkerGlobalScope.idl:
        The 'self', 'location', and 'navigator' properties of the WorkerGlobalScope must be immutable.
        See: https://html.spec.whatwg.org/multipage/workers.html#the-workerglobalscope-common-interface

2016-07-08  Daniel Bates  <dabates@apple.com>

        Move shouldInheritSecurityOriginFromOwner() from URL to Document
        https://bugs.webkit.org/show_bug.cgi?id=158987

        Reviewed by Alex Christensen.

        The URL class should not have knowledge of the concept of an origin or the semantics of origin
        inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
        a static non-member, non-friend function of Document because its implements the origin semantics
        for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
        These semantics only apply to Documents.

        No functionality changed. So, no new tests.

        * dom/Document.cpp:
        (WebCore::shouldInheritSecurityOriginFromOwner): Added.
        (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
        (WebCore::Document::initContentSecurityPolicy): Ditto.
        * platform/URL.cpp:
        (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
        * platform/URL.h:

2016-06-17  John Wilander  <wilander@apple.com>

        Ignore case in the check for security origin inheritance
        https://bugs.webkit.org/show_bug.cgi?id=158878

        Reviewed by Alex Christensen.

        Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
        "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
        case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
        those two lines instead of using ==. URL::parse normalizes letters in the scheme 
        and host by using toASCIILower, but does not normalize letters elsewhere in the 
        URL, such as in the "blank" or "srcdoc" in the above URLs."

        Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html

        * platform/URL.cpp:
        (WebCore::URL::shouldInheritSecurityOriginFromOwner):

2016-06-16  John Wilander  <wilander@apple.com>

        Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
        https://bugs.webkit.org/show_bug.cgi?id=158855
        <rdar://problem/26142632>

        Reviewed by Alex Christensen.

        Tests: http/tests/dom/window-open-about-blank-and-access-document.html
               http/tests/dom/window-open-about-webkit-org-and-access-document.html

        Document.cpp previously checked whether a document should inherit its owner's 
        security origin by checking if the URL is either empty or blank. URL.cpp in 
        turn only checks if the protocol is "about:" in the isBlankURL() function. 
        Thus all about:* URLs inherited security origin. This patch restricts 
        security origin inheritance to empty, about:blank, and about:srcdoc URLs.

        Quotes and links from the WHATWG spec regarding about:srcdoc:

        7.1 Browsing contexts
        A browsing context can have a creator browsing context, the browsing context 
        that was responsible for its creation. If a browsing context has a parent 
        browsing context, then that is its creator browsing context. Otherwise, if the 
        browsing context has an opener browsing context, then that is its creator 
        browsing context. Otherwise, the browsing context has no creator browsing 
        context.
        https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc

        7.1.1 Nested browsing contexts
        Certain elements (for example, iframe elements) can instantiate further 
        browsing contexts. These are called nested browsing contexts. If a browsing 
        context P has a Document D with an element E that nests another browsing 
        context C inside it, then C is said to be nested through D, and E is said to 
        be the browsing context container of C. If the browsing context container 
        element E is in the Document D, then P is said to be the parent browsing 
        context of C and C is said to be a child browsing context of P. Otherwise, 
        the nested browsing context C has no parent browsing context.
        https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context

        4.8.5 The iframe element
        The iframe element represents a nested browsing context.
        ...
        If the srcdoc attribute is specified
            Navigate the element's child browsing context to a new response whose 
            url list consists of about:srcdoc ...
        https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext):
            Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
        (WebCore::Document::initContentSecurityPolicy):
            Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
        (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
            Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
        * platform/URL.cpp:
        (WebCore::URL::shouldInheritSecurityOriginFromOwner):
        * platform/URL.h:
            Moved the function from Document and restricted the check to only allow
            security origin inheritance for empty, about:blank, and about:srcdoc URLs.

2016-05-24  Antti Koivisto  <antti@apple.com>

        REGRESSION (r196629): Safari can get into a state where switching Reader theme doesn't apply to the webpage
        https://bugs.webkit.org/show_bug.cgi?id=158018
        <rdar://problem/24732776>

        Reviewed by Darin Adler.

        When a tab goes to background we clear the style resolver. It is recreated lazily when the tab is again active.
        However style invalidation code tests if the style resolver exists and skips the invalidation if it doesn't.
        With sufficiently simple document (like in Reader) we may never create one for other reasons and so style
        invalidation doesn't work.

        No test, don't know how to make one.

        * dom/Element.cpp:
        (WebCore::Element::needsStyleInvalidation):

            Remove styleResolverIfExists() check and do the invalidation normally.
            Instead check for forced style recalc. If there is one pending we don't need to bother with invalidation.

2016-05-31  Dave Hyatt  <hyatt@apple.com>

        REGRESSION (r189567): Elements with aspect ratios not handled correctly inside flexbox.
        https://bugs.webkit.org/show_bug.cgi?id=158040

        Reviewed by Zalan Bujtas.

        Added new tests in fast/flexbox.

        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::clientLogicalBottomAfterRepositioning):
        (WebCore::RenderFlexibleBox::hasOrthogonalFlow):
        (WebCore::RenderFlexibleBox::mainAxisContentExtent):
        (WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
        (WebCore::RenderFlexibleBox::mainAxisBorderAndPaddingExtentForChild):
        (WebCore::RenderFlexibleBox::mainAxisLengthIsDefinite):
        (WebCore::RenderFlexibleBox::mainAxisScrollbarExtentForChild):
        (WebCore::RenderFlexibleBox::prepareOrderIteratorAndMargins):
        (WebCore::RenderFlexibleBox::crossAxisLengthIsDefinite):
        (WebCore::RenderFlexibleBox::computeMainSizeFromAspectRatioUsing):
        (WebCore::RenderFlexibleBox::adjustChildSizeForAspectRatioCrossAxisMinAndMax):
        (WebCore::RenderFlexibleBox::useChildAspectRatio):
        (WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):
        (WebCore::RenderFlexibleBox::resetAutoMarginsAndLogicalTopInCrossAxis):
        (WebCore::RenderFlexibleBox::mainAxisOverflowForChild):
        (WebCore::RenderFlexibleBox::mainAxisExtentIsDefinite): Deleted.
        (WebCore::RenderFlexibleBox::mainAxisLengthIsIndefinite): Deleted.
        * rendering/RenderFlexibleBox.h:
        (WebCore::RenderFlexibleBox::isFlexibleBoxImpl):

2016-04-04  Chris Dumez  <cdumez@apple.com>

        Regression(r196145): Crash in getOwnPropertyDescriptor on http://www.history.com/shows/vikings
        https://bugs.webkit.org/show_bug.cgi?id=156136
        <rdar://problem/25410767>

        Reviewed by Ryosuke Niwa.

        The page was crashing when doing the following:
        Object.getOwnPropertyDescriptor(window, "indexedDB")

        getOwnPropertyDescriptor() expected getDirect() to return a CustomGetterSetter for
        CustomAccessors but it was not the case for window.indexedDB. The reason was that
        window.indexedDB was a special property, which is not part of the static table but
        returned by GetOwnPropertySlot() if IndexedDB feature is enabled. This weirdness
        was due to our bindings generator not having proper support for [EnabledAtRuntime]
        properties on Window.

        This patch adds support for [EnabledAtRuntime] properties on Window by omitting
        these properties from the static property table and then setting them at runtime
        in JSDOMWindow::finishCreation() if the corresponding feature is enabled.
        window.indexedDB now looks like a regular property when IndexedDB is enabled
        and getOwnPropertyDescriptor() works as expected for this property.

        Test: storage/indexeddb/indexeddb-getownpropertyDescriptor.html

        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        (WebCore::DOMWindowIndexedDatabase::indexedDB):
        * Modules/indexeddb/DOMWindowIndexedDatabase.h:
        The generated bindings pass DOMWindow by reference instead of pointer so update
        the implementation accordingly.

        * Modules/indexeddb/DOMWindowIndexedDatabase.idl:
        Add 'indexedDB' and 'webkitIndexedDB' properties and mark them as
        [EnabledAtRuntime]. Now that the bindings generator correctly handles
        [EnabledAtRuntime] properties on the Window, there is no need to
        custom-handle them in JSDOMWindowCustom.

        * bindings/js/JSDOMWindowCustom.cpp:
        Drop custom handling for 'indexedDB' and 'webkitIndexedDB' properties
        in getOwnPropertySlot(). The generated bindings code now makes sure to
        only set those properties on the Window if IndexedDB is enabled so we
        can let the regular code path look up those properties.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GetJSCAttributesForAttribute):
        (GenerateHeader):
        (GeneratePropertiesHashTable):
        (GenerateImplementation):
        Add support for [EnabledAtRuntime] properties on DOMWindow. For such
        properties, we do the following:
        1. Omit them from the static property table
        2. In JSDOMWindow::finishCreation(), dynamically add those properties
           at runtime if the corresponding feature is enabled.

        Note that this works for constructors as well.

        * inspector/InspectorIndexedDBAgent.cpp:
        (WebCore::assertIDBFactory):
        Pass Window by reference instead of pointer.

2016-06-16  Ting-Wei Lan  <lantw44@gmail.com>

        Include cstdlib before using std::atexit
        https://bugs.webkit.org/show_bug.cgi?id=158681

        Reviewed by Brent Fulgham.

        * platform/graphics/PlatformDisplay.cpp:

2016-06-02  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Wayland] PlatformDisplayWayland destructor is super crashy
        https://bugs.webkit.org/show_bug.cgi?id=157973

        Reviewed by Michael Catanzaro.

        EGL registers two at exist callbacks one to finish the display and another one to unload drivers, the one to
        finish the display happens first. When our destructor is called the _eglFiniDisplay callback has already been
        called, so we have a valid pointer for an already finished display. Then eglTerminate tries to find the display
        in the global display list, but fails and for some reason it crashes when trying to return an error.
        If atexit is called after the global PlatformDisplay constructor, the atexit handler is called before the
        destructor. The atexit callbacks are called in reverse order, so if we register an atexit handler after the
        global instace has been created and after EGL has been initialized, we could terminate the EGL display before
        the EGL atexit handlers and the global PlatformDisplay destructor.

        * platform/graphics/PlatformDisplay.cpp:
        (WebCore::PlatformDisplay::initializeEGLDisplay):

2016-08-01  Antti Koivisto  <antti@apple.com>

        REGRESSION (r196383): Drop down CSS menus not working on cnet.com, apmex.com
        https://bugs.webkit.org/show_bug.cgi?id=160390

        Reviewed by Simon Fraser.

        The case here is that we have a rule like

            .enableHover:hover .child { ... }

        and the "enableHover" class is added dynamically. The class change invalidation optimization code would figure out
        that nothing needs to be invalidated as the class change doesn't make the rule match (since :hover doesn't match).

        However for event driven hover to actually work the hover element needs to have its childrenAffectedByHover bit set.
        This bits is set when the selector match is attempted, whether it actually matches or not. Since we optimized away
        the style invalidation we never set the bit either.

        Fix by treating :hover as always matching (==ignored) when collecting rules for invalidation optimization purposes.
        Dynamic pseudo elements are already treated this way for similar reasons.

        Test: fast/selectors/hover-invalidation-descendant-dynamic.html

        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::checkOne):

            Match always in CollectingRulesIgnoringVirtualPseudoElements mode (now slightly misnamed).

            This mode is used for optimization purposes in StyleInvalidationAnalysis (which we care about here) and
            StyleSharingResolver. The change is fine for both.

        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):

            Same change for the slow path selector checker.

2016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>

        [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
        https://bugs.webkit.org/show_bug.cgi?id=159411

        Reviewed by Carlos Garcia Campos.

        Tests:
            editing/selection/selection-in-iframe-removed-crash.html

        * editing/atk/FrameSelectionAtk.cpp:
        (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
        Added a null check for the return value of containerNode().

2016-07-14  Brent Fulgham  <bfulgham@apple.com>

        editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
        https://bugs.webkit.org/show_bug.cgi?id=142969
        <rdar://problem/27331095>

        Reviewed by Alex Christensen.

        Fix based on a Blink change (patch by <rouslan@chromium.org>):
        <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>

        Test: editing/spelling/copy-paste-crash.html
              editing/spelling/spellcheck-async.html

        * editing/SpellChecker.cpp:
        (WebCore::SpellCheckRequest::didSucceed):
        (WebCore::SpellCheckRequest::didCancel):

2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
        https://bugs.webkit.org/show_bug.cgi?id=160014

        Reviewed by Michael Catanzaro.

        In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
        ImageBuffer cairo implementation.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.

2016-07-06  Brent Fulgham  <bfulgham@apple.com>

        Return values of JSArray::createUninitialized (and related) are not consistently checked for nullptr
        https://bugs.webkit.org/show_bug.cgi?id=159495
        <rdar://problem/26075433>

        Reviewed by Dean Jackson.

        Test: fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html

        * html/ImageData.cpp:
        (WebCore::ImageData::ImageData): Assert at construction if we could not create a valid
        buffer.
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::createArrayBuffer): Check for a null buffer before using it.
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::getData): Ditto.
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::platformApplySoftware): Ditto.
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::copyImageBytes): Ditto.
        (WebCore::FilterEffect::copyUnmultipliedImage): Ditto.
        (WebCore::FilterEffect::copyPremultipliedImage): Ditto.

2016-07-26  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Infinite Canvas context save() causes WebKit to crash
        https://bugs.webkit.org/show_bug.cgi?id=159586
        <rdar://problem/26759984>

        Reviewed by Simon Fraser.

        Limit the size of the canvas context state stack to 1024 * 16 saves. All
        the saves which come after that limit will stay unrealized. The restore() 
        should not have any effect till there is no unrealized saves.
         
        Test: fast/canvas/canvas-context-save-limit.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::realizeSaves):
        (WebCore::CanvasRenderingContext2D::realizeSavesLoop):
        * html/canvas/CanvasRenderingContext2D.h: 

2016-08-19  Chris Dumez  <cdumez@apple.com>

        DumpRenderTree crashed in com.apple.WebCore: WebCore::DOMWindow::resetDOMWindowProperties + 607
        https://bugs.webkit.org/show_bug.cgi?id=160983
        <rdar://problem/26768524>

        Reviewed by Brent Fulgham.

        Update DOMWindow::frameDestroyed() to ref the window object as the crash
        traces seem to indicate it can get destroyed during the execution of this
        method. Also update the code in the ~Frame destructor to not iterate over
        the list of FrameDestructionObservers because observers remove themselves
        from the list when they get destroyed.

        No new tests, do not know how to reproduce.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::frameDestroyed):
        * page/Frame.cpp:
        (WebCore::Frame::~Frame):

2016-08-05  Simon Fraser  <simon.fraser@apple.com>

        marquee with "truespeed" animates at > 60fps, hogging CPU
        https://bugs.webkit.org/show_bug.cgi?id=160609

        Reviewed by David Hyatt.
        
        A <marquee truespeed="" scrollDelay="0"> would fire a zero-delay timer and also
        fail to animate, hogging CPU.
        
        Fix to cap the timer at 16ms intervals. We don't believe it's necessary to
        maintain web compatibility here.

        Tested by existing tests.

        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::minimumDelay):
        * html/HTMLMarqueeElement.h:

2016-07-25  Brady Eidson  <beidson@apple.com>

        Allow LocalStorage by default for file URLs.
        https://bugs.webkit.org/show_bug.cgi?id=160169

        Reviewed by Brent Fulgham.

        Test: storage/domstorage/localstorage/file-can-access.html

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccessStorage): Remove the m_universalAccess check for local URLs.

2016-07-15  Brady Eidson  <beidson@apple.com>

        WebKit should prevent push/replace state with username in URL.
        <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818

        Reviewed by Brent Fulgham.

        Test: http/tests/security/history-username-password.html

        * page/History.cpp:
        (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.

2016-07-14  John Wilander  <wilander@apple.com>

        Remove credentials in URL when accessed through location.href
        https://bugs.webkit.org/show_bug.cgi?id=139562
        <rdar://problem/27331164>

        Reviewed by Brent Fulgham.

        Test: http/tests/security/location-href-clears-username-password.html

        The reason for this change is to not allow scripts on the page to
        exfiltrate username and password from the URL.

        * page/Location.cpp:
        (WebCore::Location::href):
            Now checks if there is a username or password in the URL. If so,
            it copies the URL and removes the username and password.

2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>

        The web process hangs when computing elements-based snap points for a container with large max scroll offset
        https://bugs.webkit.org/show_bug.cgi?id=152605
        <rdar://problem/25353661>

        Reviewed by Simon Fraser.

        Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
        snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
        based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
        short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
        we make ScrollSnapPoints not repeat(100%) by default.

        Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
        * rendering/style/StyleScrollSnapPoints.cpp:
        (WebCore::ScrollSnapPoints::ScrollSnapPoints):

2016-06-30  Antoine Quint  <graouts@apple.com>

        Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
        https://bugs.webkit.org/show_bug.cgi?id=159276

        Reviewed by Dean Jackson.

        In the event where the <img> element that we are passing to CanvasRenderingContext2D.drawImage()
        points to an SVG resource, we ensure that the container for the SVG image is sized to match the
        HTML element. The necessity for setting this container size, explained in webkit.org/b/148845,
        is that we must ensure a cached image does not have an outdated container size.

        Tests: svg/as-image/img-with-svg-resource-in-dom-and-drawImage.html
               svg/as-image/img-with-svg-resource-in-dom-no-size-and-drawImage.html
               svg/as-image/img-with-svg-resource-not-in-dom-and-drawImage.html
               svg/as-image/img-with-svg-resource-not-in-dom-no-size-and-drawImage.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage):

2016-06-15  Antti Koivisto  <antti@apple.com>

        GoogleMaps transit schedule explorer comes up blank initially
        https://bugs.webkit.org/show_bug.cgi?id=158803
        rdar://problem/25818080

        Reviewed by Andreas Kling.

        In case we had something like

        .foo bar { ... }

        and later a new stylesheet was added dynamically that contained

        .foo baz { ... }

        we would fail to add the new rules to the descendant invalidation rule sets for ".foo". This could
        cause some style invalidations to be missed.

        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::collectFeatures):

        Reset the ancestorClassRules and ancestorAttributeRulesForHTML rule set caches when new style sheets
        are added (==collectFeatures is called).

2016-06-02  Darin Adler  <darin@apple.com>

        Fix a couple of mistakes in CSSParserValue memory management
        https://bugs.webkit.org/show_bug.cgi?id=158307
        <rdar://problem/26127225>

        Reviewed by Daniel Bates.

        * css/CSSGrammar.y.in: Added a destructor for calc_func_term. This presumably
        fixes some memory leaks in error cases. Removed an assertion about not needing
        a call to destroy that was far too limited. Tweaked formatting of the percentage
        ase in the key production. Indented calc_func_term to make it consistent with
        other productions nearby.

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserValueList::~CSSParserValueList): Use a modern for loop.
        (WebCore::CSSParserValueList::deleteValueAt): Deleted. Unused function, and also
        would have resulted in a memory leak unless the code already extracted the value
        from the list.
        (WebCore::CSSParserValueList::extend): Properly transfer ownership from one value
        list to the other by setting the unit to 0 in the donor.

        * css/CSSParserValues.h: Removed unused deleteValueAt function.

2016-06-13  Dean Jackson  <dino@apple.com>

        SVG elements don't blend correctly into HTML
        https://bugs.webkit.org/show_bug.cgi?id=158718
        <rdar://problem/26782004>

        Reviewed by Antoine Quint.

        We were not creating any transparency layers for the root SVG nodes.
        This is ok if the SVG is the root document, because it is the backdrop.
        However, if it is inline SVG, it needs to apply the operation in
        order to composite into the document.

        Test: svg/css/mix-blend-mode-with-inline-svg.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers):

2016-06-09  Antoine Quint  <graouts@apple.com>

        Changing canvas height immediately after page load does not relayout canvas
        https://bugs.webkit.org/show_bug.cgi?id=156097

        Reviewed by Zalan Bujtas.

        Promote the logic use to identify whether we should perform a layout after a change of
        intrinsic size from RenderImage to RenderReplaced such that RenderCanvas may use it
        in canvasSizeChanged() and correctly update its layout in the case where the width
        or height attribute is updated and there are no explicit sizing performed with CSS.
        Additionally, this will also account for the object-fix property to only perform
        a layout if necessary.

        Test: fast/canvas/canvas-css-size-after-height-change-with-display-flex.html

        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::canvasSizeChanged):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::repaintOrMarkForLayout):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::setNeedsLayoutIfNeededAfterIntrinsicSizeChange):
        * rendering/RenderReplaced.h:

2016-06-06  Jiewen Tan  <jiewen_tan@apple.com>

        URLs containing tabs or newlines are parsed incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=143381
        <rdar://problem/26567214>

        Reviewed by Brent Fulgham.

        1. Strip any tabs and newlines in the URL input.
        2. Replace the original stripping URL leading and trailing white spaces logic with WTFString's
        builtin, and move this logic to the very begining of the URL parser.
        3. Enhance the protocolIs method to ignore any leading whitespace/control characters, and
        tabs/newlines of the examining url.

        Test: fast/url/tab-and-newline-stripping.html

        * platform/URL.cpp:
        (WebCore::isTabNewline):
        (WebCore::shouldTrimFromURL):
        (WebCore::URL::init):
        (WebCore::protocolIs):

2016-05-23  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r200414.

        This change appears to have broken the 'write a reply' field
        on Nextdoor.com

        Reverted changeset:

        "Clicks inside button elements are sometimes discarded when
        the mouse moves"
        https://bugs.webkit.org/show_bug.cgi?id=39620
        http://trac.webkit.org/changeset/200414

2016-05-24  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] Crash during font download failure after garbage collection
        https://bugs.webkit.org/show_bug.cgi?id=158013
        <rdar://problem/25148032>

        Reviewed by Darin Adler.

        Usually, ownership during font loading is top-down - JavaScript owns a JSFontFace,
        which owns a FontFace, which owns a CSSFontFace. However, when we receive the
        asynchronous callback that a font finished loading, the call comes in from the
        bottom - it is delivered from the CSSFontFaceSource to the CSSFontFace, and then
        to the FontFace. If a garbage collection had previously run, we might remove
        the last reference to ourself during this asynchronous callback. A simple guard
        makes sure this doesn't happen.

        Test: fast/text/font-face-crash.html

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::fontLoaded):

2016-05-20  Dave Hyatt  <hyatt@apple.com>

        Scrolling broken in iTunes connect pages
        https://bugs.webkit.org/show_bug.cgi?id=157678

        Reviewed by Zalan Bujtas.

        Added fast/flexbox/nested-columns-min-intrinsic-disabled.html

        Turn off minimum intrinsic size adjustment for flexboxes. This violates the spec,
        but until we can produce good results that is what we need to do. Blink has also
        turned off nested columns intrinsic sizing as well, so we match them with this
        change.

        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::adjustChildSizeForMinAndMax):

2016-04-27  Simon Fraser  <simon.fraser@apple.com>

        SVG SMIL animations run at less than 60fps
        https://bugs.webkit.org/show_bug.cgi?id=157119
        rdar://problem/25971304

        Reviewed by Tim Horton.
        
        If you re-fetch current time while doing animation computations you're gonna have
        a bad time.
        
        More specifically, SMILTimeContainer::startTimer() re-fetched elapsedTime() when
        computing the delay for the next timer fire, then clamped to 16.667ms, so the timer
        would actually be scheduled at intervals greater than desired, causing a ~54fps framerate.
        
        Fix by using the elapsedTime fetched at the start of animation processing.

        Tested by iOS content-animation performance tests.

        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::SVGSVGElement): Just cleanup.
        * svg/animation/SMILTimeContainer.cpp:
        (WebCore::SMILTimeContainer::notifyIntervalsChanged):
        (WebCore::SMILTimeContainer::resume):
        (WebCore::SMILTimeContainer::startTimer):
        (WebCore::SMILTimeContainer::updateAnimations):
        * svg/animation/SMILTimeContainer.h:

2016-04-27  Simon Fraser  <simon.fraser@apple.com>

        CSS and SVG animations should run at 60fps
        https://bugs.webkit.org/show_bug.cgi?id=157113
        rdar://problem/24337280
        rdar://problem/24337328

        Reviewed by Dean Jackson.

        For both CSS and SVG animations we used a 0.025s frame interval, which translates to
        40fps. That caused these animations to look extra janky compared with accelerated
        animations.

        So use a 16.667ms frame interval for both.

        Tested by content-animation benchmark tests.

        * page/animation/AnimationController.cpp:
        * svg/animation/SMILTime.h:
        * svg/animation/SMILTimeContainer.cpp:
        (WebCore::SMILTimeContainer::updateAnimations):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::calculateNextProgressTime):

2016-07-19  Zalan Bujtas  <zalan@apple.com>

        REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
        https://bugs.webkit.org/show_bug.cgi?id=159952

        Reviewed by Simon Fraser.

        Update ASSERTs to reflect new functionality, that is, now we can end up in a state
        where the container (RenderView) of one of the dirty subtrees is dirty.
        See r203415.
 
        Covered by editing/pasteboard/drag-drop-input-in-svg.svg

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-19  Zalan Bujtas  <zalan@apple.com>

        theguardian.co.uk crossword puzzles are sometimes not displaying text
        https://bugs.webkit.org/show_bug.cgi?id=159924
        <rdar://problem/27409483>

        Reviewed by Simon Fraser.

        This patch fixes the case when
        - 2 disjoint subtrees are dirty
        - RenderView is also dirty.
        and we end up not laying out one of the 2 subtrees.

        In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
        we already have a pending full layout which means that any previous subtree layouts have already been
        converted to full layouts.
        However this assumption is incorrect. RenderView can get dirty without checking if there's
        already a pending subtree layout.
        One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
        so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
        However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
        The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
        This patch implements the second option.

        Test: fast/misc/subtree-layouts.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-07-11  Zalan Bujtas  <zalan@apple.com>

        Unable to edit fields or drag to select text in Dashboard widgets.
        https://bugs.webkit.org/show_bug.cgi?id=159647
        <rdar://problem/26941698>

        Reviewed by Brent Fulgham.

        RenderObject::computeAbsoluteRepaintRect's first paramenter is no longer in/out. Use the return
        value to set the clip on the dashboard region.

        Not testable.

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::addAnnotatedRegions):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::addAnnotatedRegions):

2016-07-10  Zalan Bujtas  <zalan@apple.com>

        Fix LogicalSelectionOffsetCaches to work with detached render tree.
        https://bugs.webkit.org/show_bug.cgi?id=159605
        <rdar://problem/27248845>

        Reviewed by Brent Fulgham.

        When the renderer that is being destroyed is on a selection boundary,
        we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
        are getting reset. In order to do that, we call clearSelection() on the RenderView.
        One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
        LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
        LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
        it can also handle renderers that are no longer part of the render tree.

        Test: fast/text/selection-on-a-detached-tree.html

        * rendering/LogicalSelectionOffsetCaches.h:
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
        (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::logicalLeftSelectionOffset):
        (WebCore::RenderBlock::logicalRightSelectionOffset):

2016-07-01  Zalan Bujtas  <zalan@apple.com>

        prepareForDestruction() always needs to be called before destroying the Document object.
        https://bugs.webkit.org/show_bug.cgi?id=159372
        rdar://problem/26788150

        Reviewed by Antti Koivisto.

        We should never start destroying the Document object without calling prepareForDestruction() first.
        It ensures that render tree gets nuked before we start tearing down the node tree.

        Test: fast/history/page-cache-destroy-document.html

        * dom/Document.cpp:
        (WebCore::Document::removedLastRef):

2016-06-20  Zalan Bujtas  <zalan@apple.com>

        Set the end position on the placeholder BidiRun properly.
        https://bugs.webkit.org/show_bug.cgi?id=158958

        Reviewed by Myles C. Maxfield.
        rdar://problem/26609266

        The second paramenter for BidiRun indicates the end position and not the length of the run.
        This was regressed at r102875 where only the start position was changed from 0 to pos.

        Test: fast/text/international/bidi-style-in-isolate-crash.html

        * rendering/InlineIterator.h:
        (WebCore::addPlaceholderRunForIsolatedInline):

2016-06-16  Zalan Bujtas  <zalan@apple.com>

        [New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
        https://bugs.webkit.org/show_bug.cgi?id=158854

        Reviewed by David Hyatt.

        Test: fast/block/inside-inlines/crash-on-first-line-change.html

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::marginCollapseLinesFromStart):

2016-06-15  Zalan Bujtas  <zalan@apple.com>

        Decouple the percent height and positioned descendants maps.
        https://bugs.webkit.org/show_bug.cgi?id=158773

        Reviewed by David Hyatt and Chris Dumez.

        We track renderers with percent height across multiple containers using
        HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
        We also use the same data structure to track positioned descendants.
        However a positioned renderer can have only one containing block so tracking it
        with a 1:many type is defective.
        It allows multiple inserts for positioned descendants, which could lead to
        inconsistent layout state as the rendering logic expects these type of renderers
        with only one containing block.
        This patch decouples percent height and positioned tracking by introducing
        the PositionedDescendantsMap class. This class is responsible for tracking
        the positioned descendants inbetween layouts.

        No change in functionality.

        Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
               fast/block/positioning/change-containing-block-for-fixed-positioned.html

        * rendering/RenderBlock.cpp:
        (WebCore::insertIntoTrackedRendererMaps):
        (WebCore::removeFromTrackedRendererMaps):
        (WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
        to the double insert branch when webkit.org/b/158772 gets fixed.
        (WebCore::PositionedDescendantsMap::removeDescendant):
        (WebCore::PositionedDescendantsMap::removeContainingBlock):
        (WebCore::PositionedDescendantsMap::positionedRenderers):
        (WebCore::positionedDescendantsMap):
        (WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
        (WebCore::RenderBlock::~RenderBlock):
        (WebCore::RenderBlock::positionedObjects):
        (WebCore::RenderBlock::insertPositionedObject):
        (WebCore::RenderBlock::removePositionedObject):
        (WebCore::RenderBlock::addPercentHeightDescendant):
        (WebCore::RenderBlock::removePercentHeightDescendant):
        (WebCore::RenderBlock::percentHeightDescendants):
        (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
        (WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.
        * rendering/RenderBlock.h:

2016-06-14  Zalan Bujtas  <zalan@apple.com>

        Make RenderBlock::insertInto/RemoveFromTrackedRendererMaps functions static.
        https://bugs.webkit.org/show_bug.cgi?id=158722

        Reviewed by Simon Fraser.

        These functions manipulate static tracker hashmaps. They don't need to be on RenderBlock.
        This is also in preparation for decoupling positioned descendant tracking from descendent percentage height handling.
        (gPositionedDescendantsMap and gPercentHeightDescendantsMap) 

        No change in functionality.

        * rendering/RenderBlock.cpp:
        (WebCore::insertIntoTrackedRendererMaps):
        (WebCore::removeFromTrackedRendererMaps):
        (WebCore::removeBlockFromDescendantAndContainerMaps):
        (WebCore::RenderBlock::insertPositionedObject):
        (WebCore::RenderBlock::addPercentHeightDescendant):
        (WebCore::RenderBlock::insertIntoTrackedRendererMaps): Deleted.
        (WebCore::RenderBlock::removeFromTrackedRendererMaps): Deleted.
        * rendering/RenderBlock.h:

2016-06-12  Zalan Bujtas  <zalan@apple.com>

        Cleanup RenderBlock::removePositionedObjects
        https://bugs.webkit.org/show_bug.cgi?id=158670

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::insertPositionedObject):
        (WebCore::RenderBlock::removePositionedObject):
        (WebCore::RenderBlock::removePositionedObjects):
        * rendering/RenderBlock.h:

2016-06-12  Zalan Bujtas  <zalan@apple.com>

        Remove positioned descendants when RenderBlock is no longer a containing block.
        https://bugs.webkit.org/show_bug.cgi?id=158655
        <rdar://problem/26510032>

        Reviewed by Simon Fraser.

        Normally the RenderView is the containing block for fixed positioned renderers.
        However when a renderer acquires some transform related properties, it becomes the containing
        block for all the fixed positioned renderers in its descendant tree.
        When the last transform related property is removed, the renderer is no longer a containing block
        and we need to remove all these positioned renderers from the descendant tracker map (gPositionedDescendantsMap).
        They will be inserted back into the tracker map during the next layout (either under the RenderView or
        under the next transformed renderer in the ancestor chain).

        Test: fast/block/fixed-position-reparent-when-transition-is-removed.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removePositionedObjectsIfNeeded):

2016-06-03  Zalan Bujtas  <zalan@apple.com>

        Incorrect rendering on boostmobile FAQ page
        https://bugs.webkit.org/show_bug.cgi?id=158303
        <rdar://problem/26603462>

        Reviewed by Chris Dumez.

        Initial value for background-color is 'transparent'. see https://drafts.csswg.org/css-backgrounds-3/#background-color

        Test: fast/selectors/non-visited-link-backround-color.html

        * css/CSSPropertyNames.in:

2016-05-25  Zalan Bujtas  <zalan@apple.com>

        Setting overflow:hidden does not always repaint clipped content.
        https://bugs.webkit.org/show_bug.cgi?id=116994
        rdar://problem/26476697

        Issue repaint for both layout and visual overflow rects when the container starts
        clipping overflow content.

        Reviewed by David Hyatt.

        Test: fast/repaint/overflow-hidden-repaint.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::updateFromStyle):

2016-05-25  Zalan Bujtas  <zalan@apple.com>

        Addressing post-review comments on r200971.

        Reviewed by Darin Adler.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::hitTestResultAtPoint):

2016-05-24  Zalan Bujtas  <zalan@apple.com>

        fast/table/neighboring-cells-when-collapsed-border-changes.html is flaky.
        https://bugs.webkit.org/show_bug.cgi?id=158009

        Reviewed by David Hyatt.

        RenderTable::invalidateCollapsedBorders() early returns on m_collapsedEmptyBorderIsPresent
        which prevents us from marking neighboring cells dirty when style changes.
        Decouple the "invalidate the collapsed borders" and the "mark the neighboring cells dirty" logic.

        Covered by existing tests. (and now we agree with FF on cached-change-cell-border-width.html)

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::invalidateCollapsedBorders):
        (WebCore::markCellDirtyWhenCollapsedBorderChanges): Deleted.
        * rendering/RenderTableCell.cpp:
        (WebCore::markCellDirtyWhenCollapsedBorderChanges):
        (WebCore::RenderTableCell::styleDidChange):

2016-05-23  Zalan Bujtas  <zalan@apple.com>

        Changing border color and size simultaneously fails to repaint.
        https://bugs.webkit.org/show_bug.cgi?id=157967
        <rdar://problem/26423918>

        Reviewed by David Hyatt.

        This patch ensures that the neighboring tables cells are dirtied when collapsed border change requires layout.

        Test: fast/table/neighboring-cells-when-collapsed-border-changes.html

        * rendering/RenderTable.cpp:
        (WebCore::markCellDirtyWhenCollapsedBorderChanges):
        (WebCore::RenderTable::invalidateCollapsedBorders):

2016-05-20  Zalan Bujtas  <zalan@apple.com>

        `width: 1%` on nested table cell causes its table to hog horizontal space
        https://bugs.webkit.org/show_bug.cgi?id=144696
        <rdar://problem/20839572>

        Reviewed by David Hyatt and Tim Horton.
        
        This patch is based on https://chromium.googlesource.com/chromium/src/+/9428cfb16993a2329e87c65da096ca295132ef0f

        Tests: fast/table/inner-percent-width-affects-outer-floated-div.html
               fast/table/inner-percent-width-doesnt-affect-ancestor-columns.html

        * rendering/AutoTableLayout.cpp:
        (WebCore::shouldScaleColumnsForParent):
        (WebCore::shouldScaleColumnsForSelf):
        (WebCore::AutoTableLayout::computeIntrinsicLogicalWidths):
        (WebCore::shouldScaleColumns): Deleted.
        * rendering/AutoTableLayout.h:
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::updateLogicalWidth):
        * rendering/TableLayout.h:
        (WebCore::TableLayout::scaledWidthFromPercentColumns):

2016-06-17  Zalan Bujtas  <zalan@apple.com>

        Potential null dereferencing on a detached positioned renderer.
        https://bugs.webkit.org/show_bug.cgi?id=158879

        Reviewed by Simon Fraser.

        This patch fixes the case when the while loop to search for the absolute positioned ancestor
        returns null (it happens when positioned renderer has been detached from the render tree).

        Speculative fix.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
        * rendering/RenderBlock.h:

2016-06-27  Philippe Normand  <philn@igalia.com>

        [GStreamer] top/bottom black bars added needlessly in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=158980

        Reviewed by Carlos Garcia Campos.

        The natural video size calculation depends on the validity of the
        current sample, so whenever the first sample reached the sink it's a
        good idea to reflect this on the player which will update its natural
        size accordingly.

        Fixes an issue where black borders were added on top and bottom of
        fullscreen video.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):

2016-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] Adaptive streaming issues
        https://bugs.webkit.org/show_bug.cgi?id=144040

        Reviewed by Philippe Normand.

        There are multiple deadlocks in the web process when HLS content is loaded by GStreamer. It happens because gst
        is using several threads to download manifest, fragments, monitor the downloads, etc. To download the fragments
        and manifest it always creates the source element in a separate thread, something that is not actually expected
        to happen in WebKit source element. Our source element is always scheduling tasks (start, stop, need-data,
        enough-data and seek) to the main thread, and those downloads that use the ResourceHandleStreamingClient
        (there's no player associated) also happen in the main thread, because libsoup calls all its async callbacks in
        the main thread. So, the result is that it can happen that we end up blocking the main thread in a lock until
        the download finishes, but the download never finishes because tasks are scheduled in the main thread that is
        blocked in a lock. This can be prevented by always using a secondary thread for downloads made by
        ResourceHandleStreamingClient, using its own run loop with a different GMainContext so that libsoup sends
        callbacks to the right thread. We also had to refactor the tasks a bit, leaving the thread safe parts to be run
        in the calling thread always, and only scheduling to the main thread in case of not using
        ResourceHandleStreamingClient and only for the non thread safe parts.
        This patch also includes r200455 that was rolled out, but it was a perfectly valid workaround for GST bug.

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::ensureGRef): Consume the floating ref if needed.
        * platform/graphics/gstreamer/GRefPtrGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init): Check if object is being created in the main thread.
        (webKitWebSrcStop): Stop the media resource loader in the main thread and the resource handle streaming in the
        current thread.
        (webKitWebSrcStart): Start the media resource loader in the main thread and the resource handle streaming in
        the current thread.
        (webKitWebSrcChangeState): Call webKitWebSrcStart and webKitWebSrcStop in the current thread.
        (webKitWebSrcNeedData): Update status in the current thread and notify the media resource loader in the main thread.
        (webKitWebSrcEnoughData): Ditto.
        (webKitWebSrcSeek): Ditto.
        (webKitWebSrcSetMediaPlayer): Add an assert to ensure that source elements used by WebKit are always created in
        the main thread.
        (ResourceHandleStreamingClient::ResourceHandleStreamingClient): Use a secondary thread to do the download.
        (ResourceHandleStreamingClient::~ResourceHandleStreamingClient): Stop the secondary thread.
        (ResourceHandleStreamingClient::setDefersLoading): Notify the secondary thread.

2016-06-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r200455.
        https://bugs.webkit.org/show_bug.cgi?id=158740

        hangs twitter/facebook (Requested by mcatanzaro on #webkit).

        Reverted changeset:

        "[GStreamer] Adaptive streaming issues"
        https://bugs.webkit.org/show_bug.cgi?id=144040
        http://trac.webkit.org/changeset/200455

2016-05-25  Joanmarie Diggs  <jdiggs@igalia.com>

        [GTK] accessibility/meter-element.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=115633

        Unreviewed.

        The meter's value description should be exposed in the same fashion
        as (we should have been exposing) aria-valuetext, namely through the
        "valuetext" AtkObject attribute. This exposure is now in place. Also
        implement AccessibilityProgressIndicator::valueDescription() so that
        the ports do not have to special-case meter in the platform wrappers.
        Map the meter element to the correct role (ATK_ROLE_LEVEL_BAR), and
        ignore a previously-included accessible object resulting from the
        use of the title attribute on a meter. Finally, do not expose the
        meter's title as the accessible name because the HTML spec suggests
        authors can supply the numeric unit as the value of title.

        No new test file as the failure was identified by meter-element.html.
        Seven new test cases were added for additional coverage. Also updated
        the ATK expectations for spinbutton-value.html to reflect that we are now
        exposing the value of aria-valuetext.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::helpText):
        (WebCore::AccessibilityNodeObject::accessibilityDescriptionForChildren):
        (WebCore::AccessibilityNodeObject::visibleText):
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityProgressIndicator.cpp:
        (WebCore::AccessibilityProgressIndicator::valueDescription):
        * accessibility/AccessibilityProgressIndicator.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):
        (atkRole):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

2016-05-25  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Use WebCore Accessibility's AccessibilityText for AtkObject name and description
        https://bugs.webkit.org/show_bug.cgi?id=157822

        Reviewed by Chris Fleizach.

        Remove the old code which was overriding WebCore Accessibility and always use
        AccessibilityText.

        If the AccessibilityText's textSource is HelpText or SummaryText, it should be exposed
        as the AtkObject description. If the textSource is TitleTagText and there is no other
        text alternative, the value should also be exposed in this fashion. Note that AtkObject's
        description property is equivalent to AXAPI's AXHelp property.

        If the AccessibilityText's textSource is anything other than the above, the first
        non-empty value should be exposed as the AtkObject name. Depending on the source of
        the name content, AtkObject's name property can be the equivalent of AXAPI's AXTitle.
        However, most of the time, AtkObject's name property is equivalent to AXAPI's
        AXDescription property.

        By making these changes, what WebKit exposes for ATK is now extremely similar to what
        WebKit exposes on the Mac (modulo the property names) and also with what is defined in
        the HTML Accessibility and Accessible Name and Description Computation API mappings specs.

        Now that the exposure is correct, the Layout Tests needed to be adjusted accordingly because
        asking for the "AXDescription" gives you the AXDescription on the Mac and the AtkObject
        description in GNU/Linux. But as indicated above, what ATK calls a "description" is what
        the Mac calls "help."

        Ultimately our Layout Tests and/or our platform TestRunner API should be modified to deal
        with these differences more gracefully. (Bug https://bugs.webkit.org/show_bug.cgi?id=157187
        has been opened for that task.) In the meantime, the existing tests have been given platform
        checks to ask for the right property on each platform. This was done in such a way as to not
        require other (non-ATK) platforms change their current expectations files.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetName):
        (webkitAccessibleGetDescription):

2016-03-05  Simon Fraser  <simon.fraser@apple.com>

        Add support for the object-position CSS property
        https://bugs.webkit.org/show_bug.cgi?id=122811
        rdar://problem/15836338

        Reviewed by Sam Weinig.

        Take object-position into account when rendering replaced elements.
        RenderReplaced::replacedContentRect() is the one place where we compute
        the content rect for replaced elements.

        Also return false from foregroundIsKnownToBeOpaqueInRect() if we have
        any non-default object-position, as the foreground may no longer fill the box.

        Tests: compositing/video/video-object-position.html
               fast/css/object-position/object-position-canvas.html
               fast/css/object-position/object-position-embed.html
               fast/css/object-position/object-position-img-svg.html
               fast/css/object-position/object-position-img.html
               fast/css/object-position/object-position-input-image.html
               fast/css/object-position/object-position-object.html
               fast/css/object-position/object-position-video-poster.html

        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::foregroundIsKnownToBeOpaqueInRect):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::replacedContentRect):

2016-03-05  Simon Fraser  <simon.fraser@apple.com>

        Add parsing support for object-position
        https://bugs.webkit.org/show_bug.cgi?id=155065

        Reviewed by Sam Weinig.
        
        Add parsing support for object-position. This is the first property with
        CSS <position> values which does not have equivalent -x and -y shorthands,
        so we can store it as a new LengthPoint type.
        
        Per the CSS Values spec, bottom- and right-relative values are translated
        into calc() expressions, which are exposed via computed style. For example,
        "right 10px bottom" becomes "calc(100% - 10px) 100%". This also allows transitions
        between, say, "left 10px bottom" and "right 10px bottom".

        Test: fast/css/object-position/parsing-object-position.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::isPair):
        * css/CSSPropertyNames.in:
        * css/CSSValue.h:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLength):
        (WebCore::StyleBuilderConverter::convertTo100PercentMinusLength):
        (WebCore::StyleBuilderConverter::convertPositionComponent):
        (WebCore::StyleBuilderConverter::convertObjectPosition):
        * platform/LengthPoint.cpp: Added.
        (WebCore::operator<<):
        * platform/LengthPoint.h: Added.
        (WebCore::LengthPoint::LengthPoint):
        (WebCore::LengthPoint::operator==):
        (WebCore::LengthPoint::setX):
        (WebCore::LengthPoint::x):
        (WebCore::LengthPoint::setY):
        (WebCore::LengthPoint::y):
        (WebCore::LengthPoint::blend):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresRepaint):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2016-03-10  Frederic Wang  <fwang@igalia.com>

        [GTK] Add support for WOFF2
        https://bugs.webkit.org/show_bug.cgi?id=152616

        Reviewed by Carlos Garcia Campos.

        No new tests (Covered by existing tests).

        * CMakeLists.txt: Add woff2 source to the include directory and link WebCore against brotli and woff2.
        * platform/graphics/WOFFFileFormat.cpp:
        (WebCore::isWOFF): Recognize the signature of WOFF2 font.
        (WebCore::convertWOFFToSfnt): If the font has the WOFF2 signature, then try and decompress it using the woff2 library.
        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat): Add woff2 to the list of supported formats.

2016-06-11  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed compilation of LocaleICU with ENABLE(DATE_AND_TIME_INPUT_TYPES)
        https://bugs.webkit.org/show_bug.cgi?id=158659

        Reviewed by Darin Adler.

        No new tests needed.

        * platform/text/LocaleICU.cpp:
        (WebCore::getFormatForSkeleton):
        (WebCore::LocaleICU::monthFormat):
        (WebCore::LocaleICU::shortMonthFormat):

2016-06-05  Konstantin Tokarev  <annulen@yandex.ru>

        Do not construct temporary copy of String from AtomicString.
        https://bugs.webkit.org/show_bug.cgi?id=158400

        Reviewed by Darin Adler.

        No new tests needed.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::ariaReadOnlyValue):

2016-03-17  Brent Fulgham  <bfulgham@apple.com>

        Some media tests are flaky.
        https://bugs.webkit.org/show_bug.cgi?id=155614

        Reviewed by Eric Carlson.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::~TextTrack):

2016-03-09  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Fixed All-in-One build.
        https://bugs.webkit.org/show_bug.cgi?id=155241

        Reviewed by Csaba Osztrogonác.

        No new tests needed.

        * bindings/js/JSBindingsAllInOne.cpp: Should not include generated
        file.

2016-05-19  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] unrelated codecs required to play videos
        https://bugs.webkit.org/show_bug.cgi?id=135972

        Reviewed by Michael Catanzaro.

        Instead of hard-coding the list of supported mime-types, check the
        decoder and demuxer GStreamer elements available and dynamically
        build the list of mime-types accordingly. This patch also removes
        support for under-used and exotic mime-types.

        Based on a patch by Mario Sanchez Prada.

        No new tests, existing media tests cover this change.

        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::gstRegistryHasElementForMediaType): New function
        checking the elements registered in the factories have a sink pad
        matching the caps specified as second argument of the function.
        * platform/graphics/gstreamer/GStreamerUtilities.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::mimeTypeSet): Hard-coded list of mime-types replaced by
        runtime-built list of mime-types that can be supported by the
        GStreamer decoders and demuxers available on the host machine.
        (WebCore::MediaPlayerPrivateGStreamer::getSupportedTypes):
        mimeTypeCache renamed to mimeTypeSet.
        (WebCore::MediaPlayerPrivateGStreamer::supportsType): Ditto.

2016-05-18  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] webaudio crash on ARM platforms
        https://bugs.webkit.org/show_bug.cgi?id=157838

        Reviewed by Michael Catanzaro.

        * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
        (webKitWebAudioSrcConstructed): Explicitely cast the integer value
        of the max-bytes property to guint64 which is the expected type of
        this property. The compiler can't guess this on its own.

2016-05-18  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] webaudio playback improvements
        https://bugs.webkit.org/show_bug.cgi?id=155228

        Reviewed by Michael Catanzaro.

        * platform/audio/gstreamer/AudioDestinationGStreamer.cpp:
        (WebCore::autoAudioSinkChildAddedCallback): Fix sink buffer-time
        to 100ms to reduce playback latency.
        (WebCore::AudioDestinationGStreamer::AudioDestinationGStreamer):
        Connect to child-added signal of autoaudiosink to be notified when
        a real sink is added into the bin.
        * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
        (webKitWebAudioSrcConstructed): Fine-tune blocksize of appsrc
        according to the buffer size already configured on the src element.

2016-05-17  Chris Dumez  <cdumez@apple.com>

        Regression(r177786): GlyphMetricsMap<T>::locatePageSlowCase() fills existing pages with unknown metrics
        https://bugs.webkit.org/show_bug.cgi?id=157749

        Reviewed by Antti Koivisto.

        After r177786, GlyphMetricsMap<T>::locatePageSlowCase() would unconditionally fill
        pages with unknown metrics. This patch updates the code to do so only if the page
        is new, thus restoring the pre-r177786 behavior.

        * platform/graphics/GlyphMetricsMap.h:
        (WebCore::GlyphMetricsMap::metricsForGlyph):
        (WebCore::GlyphMetricsMap::setMetricsForGlyph):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::fill):
        (WebCore::GlyphMetricsMap::locatePage):
        (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::metricsForGlyph): Deleted.
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForGlyph): Deleted.
        (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForIndex): Deleted.
        (WebCore::GlyphMetricsMap<float>::unknownMetrics): Deleted.
        (WebCore::GlyphMetricsMap<FloatRect>::unknownMetrics): Deleted.

2016-05-16  Brent Fulgham  <bfulgham@apple.com>

        heap use-after-free at WebCore::TimerBase::heapPopMin()
        https://bugs.webkit.org/show_bug.cgi?id=157742
        <rdar://problem/26236778>

        Reviewed by David Kilzer.

        Tested by fast/frames/resources/crash-during-iframe-load-stop.html.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::stopForUserCancel): Protect m_frame from destruction while it is still
        being used by the current stack frame.
        (WebCore::FrameLoader::frameDetached): Ditto.
        (WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy): Ditto.

2016-05-16  Zalan Bujtas  <zalan@apple.com>

        RenderLayer::hitTestList could mutate the list of candidate layers.
        https://bugs.webkit.org/show_bug.cgi?id=157718
        <rdar://problem/22556046>

        Reviewed by Simon Fraser.

        This patch ensures that we always start hittesting a clean render tree at EventHandler::hitTestResultAtPoint.

        Speculative fix.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::hitTestResultAtPoint):

2016-05-16  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] GraphicsContext3D::ImageExtractor should use the correct size for copying non-image surfaces
        https://bugs.webkit.org/show_bug.cgi?id=157580

        Reviewed by Darin Adler.

        GraphicsContext3D::ImageExtractor::extractImage() shouldn't use m_imageWidth
        and m_imageHeight members when copying the non-image-backed Cairo surface into
        the image-based replacement simply because these two are not initialized until
        later in this method.

        Instead, the size of the to-be-copied image should be queried via the
        cairoSurfaceSize() utility function which properly handles Cairo surfaces of
        different types.

        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::ImageExtractor::extractImage):

2016-05-13  Ryosuke Niwa  <rniwa@webkit.org>

        ToT WebKit doesn't show tooltip on perf dashboard's summary page
        https://bugs.webkit.org/show_bug.cgi?id=157705

        Reviewed by Darin Adler.

        The bug was caused by WebKit doesn't look for the title attribute across shadow boundaries.
        Fixed it by using a newly added Node::parentNodeInComposedTree in HitTestResult::title.

        Test: fast/shadow-dom/tooltip-on-composed-tree.html

        * dom/Node.cpp:
        (WebCore::Node::parentInComposedTree): Added.
        * dom/Node.h:
        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::title): Fixed the bug.
        (WebCore::HitTestResult::innerTextIfTruncated): Fixed a related bug when ShowsToolTipOverTruncatedText
        is enabled. Unfortunately, there is no machinery to test this feature yet.

2016-05-12  Zan Dobersek  <zdobersek@igalia.com>

        VideoSinkGStreamer: plug a GstBuffer leak in webkitVideoSinkRequestRender()
        https://bugs.webkit.org/show_bug.cgi?id=157617

        Reviewed by Darin Adler.

        Unref the newly-created GstBuffer object after creating the new GstSample
        that's based on it. gst_sample_new() doesn't take the ownership of it.

        Also, don't unref the GstBuffer object that's passed in to the
        webkitVideoSinkRequestRender() function in case the allocation of the
        replacement buffer fails. We don't have any ownership over that buffer
        and it's not unreffed anywhere else in this function.

        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (webkitVideoSinkRequestRender):

2016-05-11  Zalan Bujtas  <zalan@apple.com>

        Absolute positioned element is not placed properly when parent becomes the containing block.
        https://bugs.webkit.org/show_bug.cgi?id=157455
        <rdar://problem/26212568>

        Reviewed by Simon Fraser.

        When a container becomes a containing block, we need to check if there are any positioned boxes in its subtree
        in order to "re-parent" them. It basically means that we remove them from RenderBlock::positionedDescendants map
        and they'll get re-inserted during the next layout correctly.
        This patch fixes the case when a container becomes the containing block by setting the transform property and its positioned
        child gets misplaced.  

        Test: fast/block/containing-block-changes.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removePositionedObjectsIfNeeded):
        (WebCore::RenderBlock::styleWillChange):
        * rendering/RenderBlock.h:

2016-05-11  Joanmarie Diggs  <jdiggs@igalia.com>

        [GTK] accessibility/aria-readonly.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=98357

        Reviewed by Chris Fleizach.

        Add support for ATK_STATE_READ_ONLY and expose the value of aria-readonly
        as an AtkObject attribute. In order to eliminate duplicate checks, remove
        isReadOnly() and just use canSetAttributeValue(), moving all the logic into
        AccessibilityNodeObject. Add AccessibilityObject::supportsARIAReadOnly() so
        that we can explicitly expose the implicit value for aria-readonly on roles
        which support this property. Also add support for ATK_STATE_CHECKABLE, both
        because this state was missing and because it serves a similar function to
        ATK_STATE_EDITABLE for the purpose of verifying exposure of toggle-able
        elements that are not read-only.

        Test: accessibility/form-control-value-settable.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::canSetValueAttribute):
        (WebCore::AccessibilityNodeObject::isRequired): Deleted.
        (WebCore::AccessibilityNodeObject::supportsRequiredAttribute): Deleted.
        * accessibility/AccessibilityNodeObject.h:
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::supportsARIAReadOnly):
        (WebCore::AccessibilityObject::ariaReadOnlyValue):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::isUnvisited): Deleted.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::clickPoint):
        (WebCore::AccessibilityRenderObject::isOffScreen): Deleted.
        (WebCore::AccessibilityRenderObject::anchorElement): Deleted.
        (WebCore::AccessibilityRenderObject::internalLinkElement): Deleted.
        (WebCore::AccessibilityRenderObject::textChanged): Deleted.
        (WebCore::AccessibilityRenderObject::clearChildren): Deleted.
        (WebCore::AccessibilityRenderObject::addImageMapChildren): Deleted.
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/atk/WebKitAccessibleInterfaceText.cpp:
        (getAttributeSetForAccessibilityObject):
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes):
        (setAtkStateSetFromCoreObject):
        (getInterfaceMaskFromObject):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

2016-05-03  Joanmarie Diggs  <jdiggs@igalia.com>

        [ATK] accessibility/content-editable-as-textarea.html fails
        https://bugs.webkit.org/show_bug.cgi?id=155353

        Reviewed by Darin Adler.

        The test was timing out because it expected an AXValueChanged notification.
        In ATK, AXValueChanged notifications are made for widgets which implement
        the AtkValue interface (sliders, progress bars, etc.). We should be listening
        for AXTextChanged instead.

        In addition, for contenteditable elements, we should emit the notification on
        the element itself. Because we were handling the notification in the same way
        as native text controls (where the notification we receive from WebCore is for
        StaticTextRole children), we were attempting to emit the notification from
        the parent of the contenteditable.

        Lastly, ATK's AccessibilityUIElement support had a number of unimplemented
        methods that are being used as part of the previously-failing test. Those
        methods are now implemented so that the ATK results are much more similar
        to those on the Mac.

        No new tests needed. The previously-failing test now passes.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::childrenChanged):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isNonNativeTextControl):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textChanged):
        * accessibility/atk/AXObjectCacheAtk.cpp:
        (WebCore::AXObjectCache::nodeTextChangePlatformNotification):

2016-05-10  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r193610): Drop down menu doesn’t expand at allofbach.com
        https://bugs.webkit.org/show_bug.cgi?id=157445

        Reviewed by Simon Fraser.

        When we don't run transitions (becasuse of to/from 'auto' values) we should also not
        report the 'from' value and behave as if we finished the transition already.

        Test: fast/animation/height-auto-transition-computed-value.html

        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty): This is a revert of
        looping the 'to' value back to the first keyframe when reverse animation is at the start value (last keyframe).

        * platform/Length.cpp:
        (WebCore::blend):

2016-04-25  Per Arne Vollan  <peavo@outlook.com>

        [Win][IndexedDB] Fix build errors.
        https://bugs.webkit.org/show_bug.cgi?id=156713

        Reviewed by Alex Christensen.

        Fix compile and link errors when building with IndexedDB enabled.

        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBTransaction.cpp:
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        * PlatformWin.cmake:
        * platform/win/FileSystemWin.cpp:
        (WebCore::hardLinkOrCopyFile):

2016-05-25  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Deduplicate make-js-file-arrays usage and make it work on Windows.
        https://bugs.webkit.org/show_bug.cgi?id=157997

        Reviewed by Alex Christensen.

        No new tests needed.

        * CMakeLists.txt: Use new MAKE_JS_FILE_ARRAYS macro.

2016-03-28  Konstantin Tokarev  <annulen@yandex.ru>

        Remove USE(TEXTURE_MAPPER) guards inside TextureMapper sources.
        https://bugs.webkit.org/show_bug.cgi?id=155944

        Reviewed by Michael Catanzaro.

        After r196429 TextureMapper sources are built only in ports which actually
        use TextureMapper, so USE(TEXTURE_MAPPER) guards in them are redundant now.

        No new tests needed.

        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/TextureMapper.cpp:
        * platform/graphics/texmap/TextureMapper.h:
        * platform/graphics/texmap/TextureMapperBackingStore.cpp:
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        * platform/graphics/texmap/TextureMapperFPSCounter.cpp:
        * platform/graphics/texmap/TextureMapperFPSCounter.h:
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        * platform/graphics/texmap/TextureMapperLayer.h:
        * platform/graphics/texmap/TextureMapperTile.cpp:
        * platform/graphics/texmap/TextureMapperTile.h:
        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        * platform/graphics/texmap/TextureMapperTiledBackingStore.h:

2016-05-28  Konstantin Tokarev  <annulen@yandex.ru>

        Use COMPILER(MSVC) instead of PLATFORM(WIN) for MSVC-specific workaround
        https://bugs.webkit.org/show_bug.cgi?id=158169

        Reviewed by Darin Adler.

        No new tests needed.

        * platform/PlatformMouseEvent.h:
        * platform/win/PlatformMouseEventWin.cpp: Moved operators'
        implementations to PlatformMouseEvent.h

2016-03-09  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Fixed All-in-One build.
        https://bugs.webkit.org/show_bug.cgi?id=155241

        Reviewed by Csaba Osztrogonác.

        No new tests needed.

        * bindings/js/JSBindingsAllInOne.cpp: Should not include generated
        file.

2016-03-02  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Moved PRE/POST_BUILD_COMMAND to WEBKIT_FRAMEWORK.
        https://bugs.webkit.org/show_bug.cgi?id=154651

        Reviewed by Alex Christensen.

        No new tests needed.

        * CMakeLists.txt: Moved shared code to WEBKIT_FRAMEWORK macro.

2016-02-22  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Moved library setup code to WEBKIT_FRAMEWORK macro.
        https://bugs.webkit.org/show_bug.cgi?id=154450

        Reviewed by Alex Christensen.

        No new tests needed.

        * CMakeLists.txt:

2016-05-07  Joanmarie Diggs  <jdiggs@igalia.com>

        REGRESSION(r196222): [AX][GTK] accessibility/gtk/caret-offsets.html failing
        https://bugs.webkit.org/show_bug.cgi?id=153956

        Reviewed by Chris Fleizach.

        The reason the test began failing is that it was checking the new caret offset
        synchronously. For most of the test cases, this was not a problem. But when the
        caret was moved out of a focused link, the focus change (and associated repainting)
        delayed the caret-moved event long enough to cause the associated test case to fail.
        The test now uses shouldBecomeEqualToString() instead of shouldBeEqualToString().

        The test also had a supposedly-correct expectation which was wrong: When moving the
        caret to a valid accessible offset, the caret-moved event should be for that offset.
        This was not the case for the list item test case because emitTextSelectionChange()
        was not adjusting the offset for the RenderListMarker, the text of which is exposed
        as part of the ATK_ROLE_LIST_ITEM object. This bug was also fixed and the test case
        updated accordingly.

        No new tests are needed. The previously-failing test is now passing.

        * editing/atk/FrameSelectionAtk.cpp:
        (WebCore::emitTextSelectionChange):

2016-05-05  Zalan Bujtas  <zalan@apple.com>

        Do not attempt to compute min/max width.
        https://bugs.webkit.org/show_bug.cgi?id=157320

        Reviewed by David Hyatt.

        Replaced elements with no intrinsic size (only with ratio) should not call the containing
        block to compute the min/max width when the containing block's min/max width
        depends on the children's intrinsic size. It could lead to infinite recursion.

        Test: fast/replaced/before-content-intrinsic-crash.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeReplacedLogicalWidthRespectingMinMaxWidth): Unrelated code change.
        * rendering/RenderImage.cpp: Unrelated code change.
        (WebCore::RenderImage::RenderImage): Deleted.
        * rendering/RenderImage.h:
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::computeReplacedLogicalWidth):

2016-05-05  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] Adaptive streaming issues
        https://bugs.webkit.org/show_bug.cgi?id=144040

        Reviewed by Philippe Normand.

        In the case of adaptive streaming, the GST URI downloader object is creating the source object, in our case
        WebKitWebSrc, without taking its ownership. This is breaking the lifetime of the WebKitWebSrc element. We are
        using GRefPtr in WebKitWebSrc to ref/unref the object when sending notifications to the main thread, ensuring
        that the object is not destroyed before the main thread dispatches the message. But our smart pointers are so
        smart that in case of receiving a floating reference, it's converted to a full reference, so that the first time
        we try to take a ref of a WebKitWebSrc having a floating reference we are actually taking the ownership
        instead. When we try to release the reference, we are actuallty destroying the object, something that the actual
        owner is not expecting and causing runtime critical warnings and very often web process crashes.

            (WebKitWebProcess:6863): GStreamer-CRITICAL **:
            Trying to dispose element appsrc1, but it is in READY instead of the NULL state.
            You need to explicitly set elements to the NULL state before
            dropping the final reference, to allow them to clean up.
            This problem may also be caused by a refcounting bug in the
            application or some element.

            (WebKitWebProcess:6863): GStreamer-CRITICAL **: gst_uri_handler_get_uri: assertion 'GST_IS_URI_HANDLER(handler)' failed

            (WebKitWebProcess:6863): GStreamer-CRITICAL **: gst_uri_get_protocol: assertion 'uri != NULL' failed

        This should be fixed in GST, but we can workaround it in WebKit while it's fixed in GST or to prevent this from
        happening if other users make the same mistake. The idea is to add a ensureGRef() only available for GRefPtr
        when using WebKitWebSrc objects that consumes the floating reference if needed before taking the actual reference.

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::ensureGRef): Consume the floating ref if needed.
        * platform/graphics/gstreamer/GRefPtrGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcChangeState): Use ensureGRef().

2016-05-04  Daniel Bates  <dabates@apple.com>

        CSP: Perform case sensitive match against path portion of source expression URL that ends in '/'
        https://bugs.webkit.org/show_bug.cgi?id=157275

        Reviewed by Darin Adler.

        Merged from Blink:
        <https://chromium.googlesource.com/chromium/src/+/7bd0a75e3f71a10e71ded31ea5905d5ee3d992eb>

        Perform a case-sensitive prefix match of the path portion a source expression that ends in '/'
        against the path portion of a request URL as per step 8.5.4 of section Does url match expression
        in origin with redirect count of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp>
        (Editor's Draft, 27 April 2016).

        * page/csp/ContentSecurityPolicySource.cpp:
        (WebCore::ContentSecurityPolicySource::pathMatches):

2016-05-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Clicks inside button elements are sometimes discarded when the mouse moves
        https://bugs.webkit.org/show_bug.cgi?id=39620

        Reviewed by Darin Adler.

        Test: fast/events/click-over-descendant-elements.html

        * dom/Node.cpp:
        (WebCore::ancestor):
        (WebCore::commonAncestor): Method inspired from
        http://src.chromium.org/viewvc/blink?view=revision&revision=162081.
        (WebCore::commonAncestorCrossingShadowBoundary): Helper routine
        that handles the case of nodes into a shadow node.
        * dom/Node.h:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseReleaseEvent): Selecting click event
        target node according commonAncestorOverShadowBoundary method.
        (WebCore::EventHandler::targetNodeForClickEvent): Deleted.

2016-05-04  Jiewen Tan  <jiewen_tan@apple.com>

        CrashTracer: [USER] com.apple.WebKit.WebContent at …ple.WebCore: WebCore::EditCommandComposition::unapply + 105
        https://bugs.webkit.org/show_bug.cgi?id=157282
        <rdar://problem/25391441>

        Reviewed by Darin Adler.

        A frame could be destroyed in the middle of executing undo/redo command.
        Therefore, add an early return.

        * editing/CompositeEditCommand.cpp:
        (WebCore::EditCommandComposition::unapply):
        (WebCore::EditCommandComposition::reapply):

2016-04-29  Alex Christensen  <achristensen@webkit.org>

        Do not reuse cache entries with conditional headers
        https://bugs.webkit.org/show_bug.cgi?id=157205
        rdar://problem/25856933

        Reviewed by Chris Dumez.

        Test: http/tests/xmlhttprequest/if-modified-since-0.html

        * loader/cache/CachedRawResource.cpp:
        (WebCore::CachedRawResource::canReuse):
        CachedResourceLoader::determineRevalidationPolicy asserts that the request is not conditional,
        which means that it does not have any headers like If-Modified-Since.  They are usually different,
        because we put the timestamp in the If-Modified-Since header, so it fails the canReuse test because
        time has passed since the last If-Modified-Since header was sent.  When a user sets the If-Modified-Since
        manually to something that is constant, we reuse cache entries when we should not.
        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
        Set the source so we can use it in Internals.

2016-04-30  Zalan Bujtas  <zalan@apple.com>

        Some content causes deep recursion.
        https://bugs.webkit.org/show_bug.cgi?id=157230
        <rdar://problem/7694756>

        Reviewed by Antti Koivisto.

        This patch sets a limit(512) on content nesting for the render tree. Elements injected over the limit
        are still accessible through DOM APIs but
        1. we stop generating renderers for them -they behave like display: none. 
        2. their layout related computed style values are set to default (e.g. window.computedStyle(document.elementById("over512").width -> auto) 

        Test: fast/block/nested-renderers.html

        * page/Settings.h:
        * style/StyleTreeResolver.cpp: Skip renderer constructing and continue with the sibling node. 
        (WebCore::Style::TreeResolver::resolveComposedTree):

2016-04-29  Myles C. Maxfield  <mmaxfield@apple.com>

        REGRESSION(194502): overflow: scroll; direction: rtl; divs jump horizontally when scrolled vertically
        https://bugs.webkit.org/show_bug.cgi?id=157201

        Reviewed by Simon Fraser.

        ScrollableArea::scrollToOffsetWithoutAnimation() was mistakenly conflating scroll offsets with
        scroll positions.

        Test: fast/scrolling/rtl-drag-vertical-scroller.html

        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollToOffsetWithoutAnimation):

2016-04-29  Simon Fraser  <simon.fraser@apple.com>

        Wheel Event Not Fired For `body,html { height:100% }`
        https://bugs.webkit.org/show_bug.cgi?id=148450

        Reviewed by Brent Fulgham.
        
        EventHandler::handleWheelEvent() didn't pass the Active flag in the HitTestRequest,
        which causes code in RenderLayer::hitTest() to fail to fall back to returning the
        root layer if no other element is hit. "Active" is in the default flags,
        so just create the HitTestRequest with the default flags.

        Test: fast/events/wheel-event-outside-body.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent):

2016-04-28  Zalan Bujtas  <zalan@apple.com>

        Content disappears on mouse over.
        https://bugs.webkit.org/show_bug.cgi?id=157073
        <rdar://problem/24389168>

        Reviewed by Simon Fraser.

        When a redundant inlinebox is found after constructing the line, we remove it from the tree.
        The remove operation marks the ancestor tree dirty (and this newly constructed line is supposed to be clean).
        This patch resets this dirty flag on the boxes all the way up to the rootlinebox.
        Previously we only cleared the rootinlinebox and we ended up with dirty inlineflowboxes.

        Test: fast/text/text-node-remains-dirty-after-calling-surroundContents.html

        * rendering/BidiRun.h:
        (WebCore::BidiRun::setBox):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::constructLine):
        (WebCore::RenderBlockFlow::removeLineBoxIfNeeded):
        (WebCore::RenderBlockFlow::computeBlockDirectionPositionsForLine):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::positionLineBox): Deleted.
        * rendering/RenderText.cpp:
        (WebCore::RenderText::setText):
        (WebCore::RenderText::positionLineBox): Deleted.

2016-04-28  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] We need to be smarter about flattening and the accessible text implementation
        https://bugs.webkit.org/show_bug.cgi?id=144639

        Reviewed by Chris Fleizach.

        Defer to WebCore Accessibility more regarding when to include anonymous blocks in the
        accessibility tree. Explicitly flatten menu items, headings, list items, and paragraphs
        in order to preserve the expected platform behavior for backwards compatibility. Also
        map anonymous table parts to DivRole rather than GroupRole for GTK and EFL because ATK
        has separate roles for generic text block elements and other generic containers.

        Tests: accessibility/gtk/nested-block-element-children.html
               accessibility/gtk/spans-paragraphs-and-divs-tree.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/atk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

2016-04-28  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r199659): Web Process crash when RenderTheme::adjustMenuListStyle is called with a null element
        https://bugs.webkit.org/show_bug.cgi?id=157127

        Reviewed by Sergio Villar Senin.

        This happens for example with tests fast/css/appearance-with-pseudo-elements-in-quirks-mode.html and
        fast/css/appearance-with-pseudo-elements.html.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::adjustMenuListStyle): Do not change the style color if the given element is nullptr.

2016-04-27  Hunseop Jeong  <hs85.jeong@samsung.com>

        [EFL][GTK] Volume slider only changes volume when thumb is released, not while dragging
        https://bugs.webkit.org/show_bug.cgi?id=156970

        Reviewed by Xabier Rodriguez-Calvar.

        Volume slider have to change the volume while dragging the thumb. 

        Test: media/video-volume-slider-drag.html 

        * Modules/mediacontrols/mediaControlsBase.js:
        (Controller.prototype.createControls): Use the 'input' event instead of the 'change' to
        check the changed value correctly.
        (Controller.prototype.handleMaxButtonClicked):
        (Controller.prototype.handleVolumeSliderInput): Renamed from handleVolumeSliderChange.
        (Controller.prototype.handleVolumeSliderChange): Deleted. 

2016-04-26  Brent Fulgham  <bfulgham@apple.com>

        GuardMalloc crash in WebCore::HTMLFrameElementBase::marginHeight() 
        https://bugs.webkit.org/show_bug.cgi?id=157020
        <rdar://problem/25148315>

        Reviewed by Darin Adler.

        Calls to setIntegralAttribute triggers event handling code, which can cause
        the underlying m_frameOwnerElement member to be deleted. We could clone this
        object, but since we only want the width and height we should just read them
        while we know the object is in a good state, then execute the potentially
        mutating methods.

        Tested by imported/blink/fast/dom/HTMLBodyElement/body-inserting-iframe-crash.html.

        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::insertedInto): Read margin width and height before
        calling setIntegralAttribute.

2016-04-25  Brent Fulgham  <bfulgham@apple.com>

        Add port 4190 (managesieve) to port blacklist
        https://bugs.webkit.org/show_bug.cgi?id=156986
        <rdar://problem/9119470>

        Reviewed by Daniel Bates.

        Tested by security/block-test.html.

        * platform/URL.cpp:
        (WebCore::portAllowed): Add 4190 to the port blacklist.

2016-04-25  Simon Fraser  <simon.fraser@apple.com>

        Toggling animation-play-state can re-start a finished animation
        https://bugs.webkit.org/show_bug.cgi?id=156731

        Reviewed by Dean Jackson.

        After an animation completed, CompositeAnimation::updateKeyframeAnimations() cleared
        all state that the animation had run on the element, so changing the value of some
        animation property triggered the animation to run again. This is wrong, since animation-name
        still applied to the element.

        Fix by keeping state for keyframe animations in the Done state in the m_keyframeAnimations
        map. This allows for the removal of the index property on KeyframeAnimation.

        Tests: animations/change-completed-animation-transform.html
               animations/change-completed-animation.html

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::timeToNextService):
        * page/animation/AnimationBase.h:
        (WebCore::AnimationBase::isAnimatingProperty):
        * page/animation/CompositeAnimation.cpp: Add animations that should stick around to AnimationNameMap,
        and swap with m_keyframeAnimations at the end.
        (WebCore::CompositeAnimation::updateKeyframeAnimations):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::KeyframeAnimation):
        (WebCore::KeyframeAnimation::getAnimatedStyle):
        * page/animation/KeyframeAnimation.h:

2016-04-25  Simon Fraser  <simon.fraser@apple.com>

        play-state not parsed as part of animation shorthand
        https://bugs.webkit.org/show_bug.cgi?id=156959

        Reviewed by Darin Adler.

        We failed to parse animation-play-state as part of the animation shorthand, contrary
        to the spec and other browsers.

        Fix for both the prefixed and unprefixed properties. There is some compat risk here,
        but only changing unprefixed behavior will probably lead to more author confusion.

        Test: animations/play-state-in-shorthand.html

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseAnimationShorthand):
        * css/CSSPropertyNames.in:
        * css/StylePropertyShorthand.cpp:
        (WebCore::animationShorthandForParsing): Remove the long comment which is no longer relevant
        now that the behavior has been written into the spec.

2016-04-25  Simon Fraser  <simon.fraser@apple.com>

        Negative animation-delay is treated as 0s
        https://bugs.webkit.org/show_bug.cgi?id=141008

        Reviewed by Daniel Bates.
        
        Fix keyframe animations which start in the paused state.
        
        Explicitly move such animations from the new to the paused state, and
        set m_pauseTime to 0, rather than leaving it at -1. Fix getElapsedTime()
        to compute a correct time elapsed time for such animations, which takes
        negative delay into account correctly.
        
        Fix assertions which need to account for the new transition of New -> PlayStatePaused.

        Test: animations/play-state-start-paused.html

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::updateStateMachine):
        (WebCore::AnimationBase::getElapsedTime):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::animate):

2016-04-25  Eric Carlson  <eric.carlson@apple.com>

        Stop listening for "media can start" notifications when media player is cleared
        https://bugs.webkit.org/show_bug.cgi?id=156985
        <rdar://problem/23158505>

        Reviewed by Jer Noble.

        No new tests, I have not been able to create a test that reliably reproduces this.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::loadInternal): Add logging.
        (WebCore::HTMLMediaElement::selectMediaResource): Assert and return early if there is
          no media player.
        (WebCore::HTMLMediaElement::clearMediaPlayer): Stop listening for can start notifications.
        (WebCore::HTMLMediaElement::visibilityStateChanged): Add logging.
        (WebCore::HTMLMediaElement::mediaCanStart): Ditto.

2016-04-25  Daniel Bates  <dabates@apple.com>

        REGRESSION (r196012): Subresource may be blocked by Content Security Policy if it only matches 'self'
        https://bugs.webkit.org/show_bug.cgi?id=156935
        <rdar://problem/25351286>

        Reviewed by Darin Adler.

        Fixes an issue where subresource load may be blocked by the Content Security Policy (CSP) if its URL only
        matched 'self'. In particular, the load would be blocked if initiated from a document that inherited the
        origin of its owner document (e.g. the document contained in <iframe src="about:blank"></iframe>).

        Following r196012 we compute and cache 'self' and its protocol on instantiation of a ContentSecurityPolicy
        object for use when matching a URL against it. These cached values become out-of-date if the document
        subsequently inherits the origin of its owner document. Therefore matches against 'self' will fail and
        CSP will block a load if its not otherwise allowed by the policy. Previously we would compute 'self' when
        parsing the definition of a source list and compute the protocol for 'self' each time we tried to match a
        URL against 'self'. So, 'self' would always be up-to-date with respect to the origin of the document.

        Tests: http/tests/security/contentSecurityPolicy/iframe-blank-url-programmatically-add-external-script.html
               http/tests/security/contentSecurityPolicy/iframe-srcdoc-external-script.html

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Extract out logic for computing and caching
        'self' and its protocol into ContentSecurityPolicy::updateSourceSelf() and make use of this function.
        (WebCore::ContentSecurityPolicy::updateSourceSelf): Computes and caches 'self' and its protocol with
        respect to the specified SecurityOrigin.
        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext): Call ContentSecurityPolicy::updateSourceSelf()
        to ensure that we have an up-to-date representation for 'self' and the protocol of 'self' which can
        become out-of-date if the document inherited the origin of its owner document.
        * page/csp/ContentSecurityPolicy.h:

2016-04-22  Dave Hyatt  <hyatt@apple.com>

        REGRESSION (r189567): The top of Facebook's messenger.com looks visually broken
        https://bugs.webkit.org/show_bug.cgi?id=156869
        <rdar://problem/23204668>

        Reviewed by Zalan Bujtas.

        Added fast/block/min-content-with-box-sizing.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeIntrinsicLogicalContentHeightUsing):

2016-04-22  Antti Koivisto  <antti@apple.com>

        REGRESSION (r194898): Multi download of external SVG defs file by <use> xlinks:href (caching)
        https://bugs.webkit.org/show_bug.cgi?id=156368
        <rdar://problem/25611746>

        Reviewed by Simon Fraser.

        We would load svg resources with fragment identifier again because the encoding never matched.

        Test: http/tests/svg/svg-use-external.html

        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::setEncoding):
        (WebCore::TextResourceDecoder::hasEqualEncodingForCharset):

            Encoding can depend on mime type. Add a comparison function that takes this into account.

        (WebCore::findXMLEncoding):
        * loader/TextResourceDecoder.h:
        (WebCore::TextResourceDecoder::encoding):
        * loader/cache/CachedCSSStyleSheet.h:
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::textResourceDecoder):

            Add a way to get the TextResourceDecoder from a cached resource.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):

            Use the new comparison function.

        * loader/cache/CachedSVGDocument.h:
        * loader/cache/CachedScript.h:
        * loader/cache/CachedXSLStyleSheet.h:

2016-04-21  Zalan Bujtas  <zalan@apple.com>

        RenderVideo should always update the intrinsic size before layout.
        https://bugs.webkit.org/show_bug.cgi?id=156878

        Reviewed by Simon Fraser.

        In order to layout video element properly we need to know the correct intrinsic size.
        This patch also asserts if we end up updating the intrinsic size right after finishing video renderer layout.

        This issues was discovered as part of webkit.org/b/156245. (hence covered by existing tests)

        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::updateIntrinsicSize):
        (WebCore::RenderVideo::layout):
        (WebCore::RenderVideo::updatePlayer):
        * rendering/RenderVideo.h:

2016-04-21  Anders Carlsson  <andersca@apple.com>

        Fix crashes when loading SVG images.

        * loader/EmptyClients.cpp:
        (WebCore::fillWithEmptyClients):
        Give the SVG page its own application cache storage.

2016-04-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Overlay scrollbars with steppers enabled render incorrectly
        https://bugs.webkit.org/show_bug.cgi?id=156988

        Reviewed by Michael Catanzaro.

        Fix rendering of scrollbars when using GTK+ themes having stepper buttons.

        * platform/gtk/RenderThemeGadget.cpp:
        (WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget): Receive the box orientation as constructor parameter.
        (WebCore::RenderThemeBoxGadget::preferredSize): Fix the preferred size calculation taking into account the box orientation.
        (WebCore::RenderThemeScrollbarGadget::renderStepper): New method to render scrollbar steppers.
        * platform/gtk/RenderThemeGadget.h:
        (WebCore::RenderThemeGadget::context): Make this public instead of protected.
        * platform/gtk/ScrollAnimatorGtk.cpp:
        (WebCore::ScrollAnimatorGtk::updateOverlayScrollbarsOpacity): Invalidate the whole scrollbars instead of just
        the thumb when opacity changes, because themes can actually render the trough or even stepper buttons when in
        indicator mode too.
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::hasButtons): Properly implement this method instead of returning true unconditionally.
        (WebCore::contentsGadgetForLayout): Pass orientation to RenderThemeBoxGadget constructor.
        (WebCore::ScrollbarThemeGtk::trackRect): Fix the calculation of the track rect taking stepper buttons into account.
        (WebCore::ScrollbarThemeGtk::backButtonRect): Fix the calculation of the stepper button rectangle.
        (WebCore::ScrollbarThemeGtk::forwardButtonRect): Ditto.
        (WebCore::ScrollbarThemeGtk::paint): Use RenderThemeScrollbarGadget::renderStepper() to render the stepper
        buttons, and fix the calculation of the steppers button rectangle.
        (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Handle clicks on stepper buttons.
        (WebCore::ScrollbarThemeGtk::scrollbarThickness): Fix the calculation of the scrollbar thickness.
        (WebCore::ScrollbarThemeGtk::minimumThumbLength): Pass orientation to RenderThemeBoxGadget constructor.
        * platform/gtk/ScrollbarThemeGtk.h:
        * rendering/RenderThemeGtk.cpp:
        (WebCore::menuListColor): Ditto.
        (WebCore::RenderThemeGtk::popupInternalPaddingBox): Ditto.
        (WebCore::RenderThemeGtk::paintMenuList): Ditto.

2016-04-25  Alberto Garcia  <berto@igalia.com>

        [GTK] Crashes if DISPLAY is unset
        https://bugs.webkit.org/show_bug.cgi?id=156972

        Reviewed by Carlos Garcia Campos.

        If DISPLAY is unset then m_display will be NULL, crashing WebKit
        when XCloseDisplay is called in the PlatformDisplayX11 destructor.

        * platform/graphics/x11/PlatformDisplayX11.cpp:
        (WebCore::PlatformDisplayX11::~PlatformDisplayX11):

2016-04-20  Chris Dumez  <cdumez@apple.com>

        Crash under WebCore::TextIterator::subrange()
        https://bugs.webkit.org/show_bug.cgi?id=156809
        <rdar://problem/21102730>

        Reviewed by Ryosuke Niwa.

        TextIterator::rangeFromLocationAndLength() may return null. However, we
        failed to do a null check before calling TextIterator::subrange() with
        that range.

        No new tests, do not know how to reproduce.

        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::applyAlternativeTextToRange):

2016-04-20  Chris Dumez  <cdumez@apple.com>

        Potential overflow in RenderLayer::hitTestList()
        https://bugs.webkit.org/show_bug.cgi?id=156804

        Reviewed by Simon Fraser.

        Use size_t type instead of int to iterate over the Vector to make sure
        we don't overflow. This is a speculative fix for <rdar://problem/23249479>.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hitTestList):

2016-04-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Cairo] Crash in GraphicsContext::drawFocusRing when painting is disabled
        https://bugs.webkit.org/show_bug.cgi?id=156785

        Reviewed by Žan Doberšek.

        This happens for example when view state changes to focus and paint is called from
        FrameView::updateControlTints() with a graphics context that doesn't have a platform context. Layout test
        fast/images/image-map-outline-with-scale-transform.html sometimes crashes because of this.

        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawFocusRing): Return early if painting is disabled.

2016-04-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        [Cairo] GraphicsContext::drawFocusRing methods are not consistent to each other
        https://bugs.webkit.org/show_bug.cgi?id=156742

        Reviewed by Martin Robinson.

        We are rendering the focus ring differently depending on whether a path is used or a vector of rectangles. This
        is causing that some reftests fail because they assume we always render the focus ring the same way. For example
        fast/images/image-map-outline-in-positioned-container.html, when rendering the test
        GraphicsContext::drawFocusRing is called with a path, and when rendering the reference it's called with a vector
        of rectangles, producing different results.

        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawFocusRing): When receiving a vector of rectangles, build a Path from the given
        rectangles and call drawFocusRing() with the built path to ensure consistency.

2016-04-19  Joanmarie Diggs  <jdiggs@igalia.com>

        [GTK] accessibility/gtk/entry-and-password.html is failing since r194847
        https://bugs.webkit.org/show_bug.cgi?id=153062

        Reviewed by Carlos Garcia Campos.

        The changes in r194847 include using WebCore's rendering for the CapsLock indicator.
        As a side effect, password inputs gained a TextControlInnerTextElement child from
        the Shadow DOM. If we include that child in the accessibility tree, the child will
        emit focus and text notifications that suggest the user is no longer in the control.
        This can be especially problematic for screen reader users with key echo enabled
        when typing in a password input. To fix this, prune TextControlInnerTextElement
        children from the accessibility tree for ATK.

        No new tests as existing coverage caught this regression. Also modified the
        auto-fill-crash.html test whose expectations include the children count for
        a text input.

        * accessibility/atk/AccessibilityObjectAtk.cpp:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):

2016-04-18  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Possible off-by-one in hyphenation code
        https://bugs.webkit.org/show_bug.cgi?id=156661

        Reviewed by Michael Catanzaro.

        No new tests. This is covered by older tests.

        * platform/text/hyphen/HyphenationLibHyphen.cpp:
        (WebCore::lastHyphenLocation): Fix an off by one error in hyphen location.

2016-04-18  Brent Fulgham  <bfulgham@apple.com>

        Remove support for X-Frame-Options in `<meta>`
        https://bugs.webkit.org/show_bug.cgi?id=156625
        <rdar://problem/25748714>

        Rubberstamped by Darin Adler.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Revise messaging based on Darin's comments.

2016-04-18  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Menu list button doesn't use the text color from the theme
        https://bugs.webkit.org/show_bug.cgi?id=118234

        Reviewed by Darin Adler.

        Set the combo box color accroding to the theme when adjusting the menu list style like Mac port does.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::menuListColor):
        (WebCore::RenderThemeGtk::adjustMenuListStyle):

2016-04-15  Myles C. Maxfield  <mmaxfield@apple.com>

        ASSERT when loading github.com
        https://bugs.webkit.org/show_bug.cgi?id=156604
        <rdar://problem/19890634>

        Reviewed by Darin Adler.

        HTMLFormControlElement::m_isValid is a cache of the results of the valid() function.
        When cloning the node, we were preserving each individual item, but not the state
        of the cache. Therefore, the cache and the attributes didn't agree with each other.

        Test: fast/forms/checkValidity-cloneNode-crash.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::copyNonAttributePropertiesFromElement):

2016-04-15  Brent Fulgham  <bfulgham@apple.com>

        Remove support for X-Frame-Options in `<meta>`
        https://bugs.webkit.org/show_bug.cgi?id=156625
        <rdar://problem/25748714>

        Reviewed by Darin Adler.

        Follow RFC7034 (Section 4), which recommends that 'X-Frame-Options' be ignored when delivered as part of
        a '<meta http-equiv="...">' tag. This brings us in line with Firefox, Edge, and Blink.

        Tests: http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body.html
               http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow.html
               http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny.html
               http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag.html
               http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored.html

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Log error message instead of blocking the load.

2016-04-15  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Calling SVGAnimatedPropertyTearOff::animationEnded() will crash if the SVG property is not animating
        https://bugs.webkit.org/show_bug.cgi?id=156549

        Reviewed by Darin Adler.

        A speculative fix for a crash which may happen when calling animationEnded()
        of any SVGAnimatedProperty while it is not animating.

        * svg/SVGAnimatedTypeAnimator.h:
        (WebCore::SVGAnimatedTypeAnimator::executeAction):

2016-04-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        Selection.deleteFromDocument should not leave a selection character
        https://bugs.webkit.org/show_bug.cgi?id=151442

        Reviewed by Michael Catanzaro.

        This is a merge of Blink r172511:
        https://codereview.chromium.org/255453003

        Let Selection.deleteFromDocument not delete a character when the
        selection is a caret.

        Selection.deleteFromDocument delete a character when the selection
        is a caret.
        However, current standard says that Selection.deleteFromDocument
        does nothing when the selection is a caret:
        https://dvcs.w3.org/hg/editing/raw-file/tip/editing.html#dom-selection-deletefromdocument
        Both IE10 and FireFox seem following the spec.

        Test: imported/blink/editing/selection/deleteFromDocument-undo-crash.html

        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::deleteFromDocument): Deleted.

2016-04-14  Dean Jackson  <dino@apple.com>

        CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CachedResource::addClientToSet + 27
        https://bugs.webkit.org/show_bug.cgi?id=156602
        <rdar://problem/18921091>

        Reviewed by Simon Fraser.

        The CSS property list-style-image is inherited, so a transition on a parent
        might cause a transition on a child. On that child, the value might be between
        two generated crossfade images which haven't yet resolved, causing a crash.

        Test: transitions/crossfade-transition.html

        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::blend): Return null if there are no cached images.
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc): If we don't have an actual image to blend between, fall
        out to the default case.

2016-04-14  Antonio Gomes  <tonikitoo@webkit.org>

        Allow listbox content and scrollbar to intrude padding area.
        https://bugs.webkit.org/show_bug.cgi?id=128489

        Reviewed by Myles C. Maxfield.

        Originally when the RenderListBox::controlClipRect method was implemented (see [1]), it used
        to allow its content (<option>'s) to intrude padding to get rendered. Overlay scrollbars were also
        allowed to paint over the padding area, if necessary.

        [2] changed this behavior to restrict list-box'es content within the content box rect (excluding padding and border).

        This had two consequences:
        1) it made WebKit disallow list-box' content to intrude the padding area, diverging from other vendors.
        like Firefox and Chrome.
        2) Since overlay scrollbar might get painted over the padding area, if any, [2] could result
        in the scrollbar being clipped out if padding-right is set (or padding-left in case of RTL content).

        Patch changed WebKit back so that it allows list-box' content and overlay scrollbars to intrude the
        padding area, matching other browsers vendors

        [1] https://trac.webkit.org/changeset/18819/trunk/WebCore/rendering/RenderListBox.cpp
        [2] https://trac.webkit.org/changeset/19037/trunk/WebCore/rendering/RenderListBox.cpp

        Tests: fast/forms/listbox-selection-3.html
               fast/forms/listbox-padding-clip-selected.html
               fast/forms/listbox-padding-clip-expected-mismatch.html (renamed from listbox-padding-clip-overlay-expected.html)
               fast/forms/listbox-padding-clip-overlay-expected-mismatch.html (renamed from listbox-padding-clip-expected.html)

        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::numVisibleItems): changed to allow list-box items to get rendered on the padding-bottom area.
        This matches Firefox and Chrome.
        (WebCore::RenderListBox::listIndexAtOffset): relax the check for a given list-box item at a specific offset in the vertical axis.
        This means if an list-box item has its content painted into the padding-bottom area, it will be actionable by mouse clicking.
        This matches Firefox and Chrome.
        (WebCore::RenderListBox::controlClipRect): clips list-box content against the padding box rect rather than the content box rect,
        to allow its list-box items' content intrude the padding area.
        This matches Firefox and Chrome.

2016-04-14  Antti Koivisto  <antti@apple.com>

        Collapsed border cache invalidation can lead to O(n^2) during style resolve
        https://bugs.webkit.org/show_bug.cgi?id=156570

        Reviewed by Darin Adler.

        RenderTable::invalidateCollapsedBorders traverses all cells. It is called when table cell border changes.
        This can result in O(n^2) during style resolve.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::layout):
        (WebCore::RenderTable::invalidateCollapsedBorders):

            For cell border style change invalidate the hasEmptyCollapsedBorder bits only for the neighbouring cells.
            They are the only ones that can be affected.

        * rendering/RenderTable.h:
        (WebCore::RenderTable::collapsedBordersAreValid):
        (WebCore::RenderTable::collapsedEmptyBorderIsPresent):
        (WebCore::RenderTable::currentBorderValue):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::styleDidChange):

2016-04-13  Zalan Bujtas  <zalan@apple.com>

        Text on compositing layer with negative letter-spacing is truncated.
        https://bugs.webkit.org/show_bug.cgi?id=156550
        <rdar://problem/24212140>

        Reviewed by Antti Koivisto.

        Negative letter-spacing affects the right edge of content's visual overflow (for both RTL and LTR).
        This is similar to how normal line layout adjusts it at InlineFlowBox::addTextBoxVisualOverflow().

        Test: fast/text/negative-letter-spacing-visual-overflow.html

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::computeOverflow):
        (WebCore::SimpleLineLayout::paintFlow):
        (WebCore::SimpleLineLayout::collectFlowOverflow):

2016-04-13  Antonio Gomes  <tonikitoo@webkit.org>

        Non-resizable text field looks resizable
        https://bugs.webkit.org/show_bug.cgi?id=152271

        Reviewed by Darin Adler.

        The 'resizability' of an HTML element is controlled by its 'resize' CSS property value.
        By default it is 'none', but certain HTML elements, including <textarea>, have it
        set to 'both' by default (defined in html.css). These values mean no resize at all, and
        resizable in both vertical and horizontal axis, respectively.
        Additionally, 'vertical' and 'horizontal' values are also valid.

        Problem here is that the way WebKit handles the 'resize' property on single line
        input elements (e.g. <input>) is different than other engines (read Gecko, Blink and Presto):

        - Match: WebKit, Firefox, Presto and Blink all force single line input elements to be non-resizable,
        regardless of either the 'resize' properly is set or not.

        - Mismatch: WebKit is the only engine that actually paints the resize control on single line
        input elements, even it having no effect.

        On WebKit, this happens because the 'resize' property is wrongly implemented as 'inheritable',
        differently from other engines. In the way WebKit contructs its RenderTree, 'resize' property
        ends up spilling out of <input> and entering its shadow representation, carrying the 'resize'
        property on.

        Patch fixes this by making the 'resize' properly be non-inherited, matching other vendors
        and the spec [1].

        [1] https://drafts.csswg.org/css-ui/#resize

        Tests: fast/css/resize-not-inherited.html
               fast/css/resize-single-line-input-no-paint.html

        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator==):
        * rendering/style/StyleRareInheritedData.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:

2016-04-12  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed uninitialization of Node::DataUnion with GCC 4.8.
        https://bugs.webkit.org/show_bug.cgi?id=156507

        Reviewed by Michael Catanzaro.

        This change fixes run time crashes caused by access to uninitialized
        memory in Node::renderer().

        No new tests needed.

        * dom/Node.h:

2016-04-11  Jiewen Tan  <jiewen_tan@apple.com>

        fast/loader/opaque-base-url.html crashing during mac and ios debug tests
        https://bugs.webkit.org/show_bug.cgi?id=156179
        <rdar://problem/25507719>

        Reviewed by Ryosuke Niwa.

        Navigate to about:blank if the provided src of an iframe/frame cannot be
        resolved to a valid URL.

        Test: fast/loader/iframe-src-invalid-url.html

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::requestFrame):

2016-04-11  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r193857): Text selection causes text to disappear.
        https://bugs.webkit.org/show_bug.cgi?id=156448
        rdar://problem/25578952

        Reviewed by Simon Fraser.

        Apparently when the end position of the selection range is smaller than the start position, we need
        to repaint the entire text as it indicates selection clearing.

        Test: fast/text/text-disappear-on-deselect.html

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintText):

2016-04-09  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed compilation of JPEGImageDecoder with libjpeg v9.
        https://bugs.webkit.org/show_bug.cgi?id=156445

        Reviewed by Michael Catanzaro.

        ICU defines TRUE and FALSE macros, breaking libjpeg v9 headers.

        No new tests needed.

        * platform/image-decoders/jpeg/JPEGImageDecoder.h:

2016-04-08  Said Abou-Hallawa  <sabouhallawa@apple,com>

        Timing attack on SVG feComposite filter circumvents same-origin policy
        https://bugs.webkit.org/show_bug.cgi?id=154338

        Reviewed by Oliver Hunt.

        Ensure the FEComposite arithmetic filter is clamping the resulted color
        components in a constant time.

        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::clampByte):
        (WebCore::computeArithmeticPixels):

2016-04-07  Brent Fulgham  <bfulgham@apple.com>

        Wheel event callback removing the window causes crash in WebCore.
        https://bugs.webkit.org/show_bug.cgi?id=150871
        <rdar://problem/23418283>

        Reviewed by Simon Fraser.

        Null check the FrameView before using it, since the iframe may have been removed
        from its parent document inside the event handler.
        
        The new test triggered a cross-load side-effect, where wheel event filtering wasn't
        reset between page loads. Fix by calling clearLatchedState() in EventHandler::clear(),
        which resets the filtering.

        Since the Frame destructor invokes EventHandler::clear, which invokes MainFrame methods,
        we run the risk of attempting to dereference destroyed MainFrame elements of the current
        Frame object. Instead, clear the EventHandler in the MainFrame destructor.

        Finally, confirm that the mainFrame member is not being destroyed in the handful of
        places that might attempt to access the mainFrame during object destruction (essentially
        cleanup methods).

        Test: fast/events/wheel-event-destroys-frame.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear): Protect against accessing mainFrame content during destruction.
        * page/EventHandler.cpp:
        (WebCore::EventHandler::clear): Call 'clearLatchedState' instead of endFilteringDeltas.
        (WebCore::EventHandler::clearLatchedState): Null-check the filter before calling it.
        * page/Frame.cpp:
        (WebCore::Frame::~Frame): Do not call 'setView' in the destructor for a MainFrame.
        (WebCore::Frame::setView): Check for a null event handler before invoking it.
        (WebCore::Frame::setMainFrameWasDestroyed): Added. Mark that the MainFrame
        member of the Frame is being destroyed (if the current Frame is a MainFrame) and clear
        the EventHandler member so that it doesn't attempt to access mainFrame content.
        (WebCore::Frame::mainFrame): When accessing the mainFrame member, assert that the
        mainFrame is not being destroyed.
        * page/MainFrame.cpp:
        (WebCore::MainFrame::~MainFrame): Set the m_recentWheelEventDeltaFilter to nullptr to
        prevent attempts to access it during object destruction. Call the new 'setMainFrameWasDestroyed'
        method to reset eventHandler and mark the MainFrame as being in the process of destruction.
        * page/WheelEventDeltaFilter.cpp:
        (WebCore::WheelEventDeltaFilter::filteredDelta): Add logging.
        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformCompleteWheelEvent): Add null check.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo): Add logging.

2016-04-07  Antti Koivisto  <antti@apple.com>

        FrameView::qualifiesAsVisuallyNonEmpty() returns false when loading a Google search results page before search results are loaded, even though the header is visible
        https://bugs.webkit.org/show_bug.cgi?id=156339
        <rdar://problem/24491381>

        Reviewed by Andreas Kling.

        Patch by Jeff Miller.

        Jeff's testing indicates lowering the document height threshold improves things visually during page loading.

        * page/FrameView.cpp:
        (WebCore::FrameView::qualifiesAsVisuallyNonEmpty):

            Lower document height threshold to from 200 to 48 pixels.

2016-04-06  Jer Noble  <jer.noble@apple.com>

        CRASH in AudioDestinationNode::render()
        https://bugs.webkit.org/show_bug.cgi?id=156308
        <rdar://problem/25468815>

        Reviewed by Eric Carlson.

        
        AudioDestinationNode::render() will crash when passed in a zero-length frame count. Rather than get into
        this bad state, ASSERT() and bail out early in this case.

        Also, address the situation in AudioDestinationIOS::render which can cause this 0-frame count to occur.

        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::render):
        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::AudioDestinationIOS::render):

2016-04-06  Joanmarie Diggs  <jdiggs@igalia.com>

        REGRESSION(r195463): [GTK] accessibility/roles-computedRoleString.html and accessibility/roles-exposed.html failing
        https://bugs.webkit.org/show_bug.cgi?id=153696

        Reviewed by Chris Fleizach.

        The failures were due to always mapping style format groups to GroupRole, even for
        RenderInline objects. The fix is to expose inline style format groups as InlineRole,
        add handling of GroupRole style groups to the ATK code, and InlineRole style groups
        to the Mac code.

        No new tests because we have sufficient coverage. Updated roles-computedRoleString.html
        to reflect new exposure.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole):
        * accessibility/mac/AccessibilityObjectMac.mm:
        (WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (createAccessibilityRoleMap):
        (-[WebAccessibilityObjectWrapper subrole]):

2016-04-06  Zalan Bujtas  <zalan@apple.com>

        Add ASSERT_WITH_SECURITY_IMPLICATION when a float box is referenced by multiple RootInlineBoxes.
        https://bugs.webkit.org/show_bug.cgi?id=156297
        <rdar://problem/25580844>

        Reviewed by Brent Fulgham.

        See http://trac.webkit.org/changeset/199101

        No change in functionality.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::appendFloatingObjectToLastLine):
        (WebCore::RenderBlockFlow::reattachCleanLineFloats):
        (WebCore::RenderBlockFlow::determineStartPosition):

2016-04-06  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !floatingObject->originatingLine() in WebCore::RenderBlockFlow::linkToEndLineIfNeeded
        https://bugs.webkit.org/show_bug.cgi?id=153001

        Reviewed by Dan Bernstein.

        1. Float boxes are always attached to the line where we see them first.
        2. Float box can only be attached to one line.
        3. RenderBlockFlow can perform partial layout on dirty lines only.

        In certain cases, the last dirty line can "pull up" float boxes from the first clean line.
        It simply means that due to some layout changes on previous lines now we see those floats on this last dirty line first.
        If after placing the float we still find it on the same position, the line below is still considered clean.
 
        Remove the float box from its original line if the line above already placed it.

        Test: fast/block/float/float-moves-between-lines.html

        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::reattachCleanLineFloats):
        (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange): Deleted.

2016-04-06  Antti Koivisto  <antti@apple.com>

        REGRESSION(r196629): Messages text size only changes for sending text, conversation text size does not change
        https://bugs.webkit.org/show_bug.cgi?id=156287
        <rdar://problem/24264756>

        Reviewed by Andreas Kling.

        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::makeAttributeSelectorKey):

            Include attribute value to the key. Otherwise we may deduplicate selectors that are not indentical.

        (WebCore::RuleFeatureSet::collectFeatures):
        (WebCore::RuleFeatureSet::add):

            Use HashMap::ensure().

        * css/RuleFeature.h:

2016-04-08  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [ATK] Crash getting text under element in CSS table
        https://bugs.webkit.org/show_bug.cgi?id=156328

        Reviewed by Chris Fleizach.

        AccessibilityRenderObject::textUnderElement() assumes (and asserts) that
        the first and last child of an anonymous block will each have nodes with
        which to define positions. This is not the case for CSS Tables and their
        anonymous descendants. AccessibilityNodeObject:textUnderElement() is our
        fallback for the instances where a text range cannot be created based on
        positions, so let it handle anonymous RenderTable parts.

        Test: accessibility/generated-content-with-display-table-crash.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::textUnderElement):
        (WebCore::AccessibilityRenderObject::shouldGetTextFromNode):
        * accessibility/AccessibilityRenderObject.h:

2016-04-05  Chris Dumez  <cdumez@apple.com>

        MessageEvent.source window is incorrect once window has been reified
        https://bugs.webkit.org/show_bug.cgi?id=156227
        <rdar://problem/25545831>

        Reviewed by Mark Lam.

        MessageEvent.source window was incorrect once window had been reified.

        If the Window had not been reified, we kept constructing new
        postMessage() functions when calling window.postMessage(). We used to
        pass activeDOMWindow(execState) as source Window to
        DOMWindow::postMessage(). activeDOMWindow() uses
        exec->lexicalGlobalObject() which did the right thing because we
        used to construct a new postMessage() function in the caller's context.

        However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
        was implemented, we would stop constructing new postMessage() functions
        when calling window.postMessage(). As a result, the source window would
        become incorrect because exec->lexicalGlobalObject() would return the
        target Window instead.

        In this patch, the following is done:
        1. Stop constructing a new function every time in the same origin case
           for postMessage, blur, focus and close. This was inefficient and lead
           to incorrect behavior:
           - The behavior would differ depending if the Window is reified or not
           - It would be impossible to delete those operations, which is
             incompatible with the specification and other browsers (tested
             Firefox and Chrome).
        2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
           as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
           is a new utility function that returns the caller's Window object.

        Tests: fast/dom/Window/delete-operations.html
               fast/dom/Window/messageevent-source-postmessage-reified.html
               fast/dom/Window/messageevent-source-postmessage.html
               fast/dom/Window/messageevent-source-postmessage2.html
               fast/dom/Window/window-postmessage-clone-frames.html
               fast/dom/Window/post-message-crash2.html

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::GetCallerCodeBlockFunctor::operator()):
        (WebCore::GetCallerCodeBlockFunctor::codeBlock):
        (WebCore::callerDOMWindow):
        * bindings/js/JSDOMBinding.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::handlePostMessage):

2016-04-04  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Improve viewport array access in TextureMapperGL::bindDefaultSurface()
        https://bugs.webkit.org/show_bug.cgi?id=156159

        Reviewed by Antonio Gomes.

        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::bindDefaultSurface): Create a reference to the
        viewport array in the TextureMapperGLData object. Inline the IntSize constructor
        for the object that's passed to createProjectionMatrix(), and use the reference
        to access all four elements of the array as necessary.

2016-04-04  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] resolveOverlaps() should be passed-in the first Region parameter via a reference
        https://bugs.webkit.org/show_bug.cgi?id=156158

        Reviewed by Antonio Gomes.

        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::resolveOverlaps): Don't copy the Region object that's passed through
        the first parameter by accepting a reference to the object instead. This does
        modify the passed-in object, but these modifications don't have any effect on
        any state via the call sites in TextureMapperLayer::computeOverlapRegions().

2016-04-04  Zalan Bujtas  <zalan@apple.com>

        CSS Triangles Rendering Regression affecting CSS Ribbons.
        https://bugs.webkit.org/show_bug.cgi?id=156121

        Reviewed by Simon Fraser.

        We use floored border width values for painting (see BorderEdge).
        However border-box sizing is based on rounded border values. This mismatch could result in a 2 device pixel
        gap when both top and bottom (or left and right) borders are present.
        
        This patch applies flooring on the computed border width value.

        It matches FireFox (44.0.2) behaviour (both by inspecting box-sizing visually and through getComputedStyle() values on border-width).
    
        Covered by existing tests.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertLineWidth):

2016-04-04  Emanuele Aina  <emanuele.aina@collabora.com>

        [TexMap] Trim redundant guards
        https://bugs.webkit.org/show_bug.cgi?id=155927

        Reviewed by Žan Doberšek.

        * platform/graphics/GraphicsContext3DPrivate.cpp: Drop some redundant
        checks in preprocessor guards.

2016-04-04  Emanuele Aina  <emanuele.aina@collabora.com>

        Rely on PlatformLayer to choose the TextureMapperPlatformLayer impl
        https://bugs.webkit.org/show_bug.cgi?id=155926

        Reviewed by Žan Doberšek.

        Use PlatformLayer to replace a bunch of subtly different #ifdef
        scattered over the codebase to choose between TextureMapperPlatformLayer
        and TextureMapperPlatformLayerProxyProvider.

        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/cairo/ImageBufferDataCairo.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Use
        PlatformLayer.h an inherit from PlatformLayer instead of choosing the
        right implementation every time.
        * platform/graphics/texmap/TextureMapperPlatformLayer.h: Add
        TEXTURE_MAPPER guards to make it unconditionally usable.
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h: Add
        COORDINATED_GRAPHICS_THREADED guards to make it unconditionally
        usable.

2016-04-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Rework scrollbars theming code for GTK+ 3.20
        https://bugs.webkit.org/show_bug.cgi?id=156462

        Reviewed by Michael Catanzaro.

        In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
        needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
        scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
        WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
        reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
        versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
        parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
        methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
        GtkStyleContext cache.

        * platform/gtk/RenderThemeGadget.cpp:
        (WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
        (WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
        be able to get non-CSS style properties.
        (WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
        (WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
        steppers used by the theme.
        * platform/gtk/RenderThemeGadget.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::themeChangedCallback):
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
        (WebCore::createStyleContext):
        (WebCore::createChildStyleContext):
        (WebCore::ScrollbarThemeGtk::themeChanged):
        (WebCore::ScrollbarThemeGtk::updateThemeProperties):
        (WebCore::scrollbarPartStateFlags):
        (WebCore::scrollbarGadgetForLayout):
        (WebCore::contentsGadgetForLayout):
        (WebCore::ScrollbarThemeGtk::trackRect):
        (WebCore::ScrollbarThemeGtk::hasThumb):
        (WebCore::ScrollbarThemeGtk::backButtonRect):
        (WebCore::ScrollbarThemeGtk::forwardButtonRect):
        (WebCore::ScrollbarThemeGtk::paint):
        (WebCore::paintStepper):
        (WebCore::adjustRectAccordingToMargin):
        (WebCore::ScrollbarThemeGtk::scrollbarThickness):
        (WebCore::ScrollbarThemeGtk::minimumThumbLength):
        * platform/gtk/ScrollbarThemeGtk.h:

2016-04-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Rework the theming code for GTK+ 3.20
        https://bugs.webkit.org/show_bug.cgi?id=156333

        Reviewed by Michael Catanzaro.

        During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
        themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
        something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
        the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
        Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
        3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
        properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
        Adwaita uses them like we currently do.
        This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
        for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
        ifdef blocks in the functions, and we ensure we don't break previous rendering.

        * PlatformGTK.cmake: Add new files to compilation.
        * html/shadow/SpinButtonElement.cpp:
        (WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
        current buttons state.
        * platform/gtk/RenderThemeGadget.cpp: Added.
        (WebCore::RenderThemeGadget::create):
        (WebCore::createStyleContext):
        (WebCore::appendElementToPath):
        (WebCore::RenderThemeGadget::RenderThemeGadget):
        (WebCore::RenderThemeGadget::~RenderThemeGadget):
        (WebCore::RenderThemeGadget::marginBox):
        (WebCore::RenderThemeGadget::borderBox):
        (WebCore::RenderThemeGadget::paddingBox):
        (WebCore::RenderThemeGadget::contentsBox):
        (WebCore::RenderThemeGadget::color):
        (WebCore::RenderThemeGadget::backgroundColor):
        (WebCore::RenderThemeGadget::minimumSize):
        (WebCore::RenderThemeGadget::preferredSize):
        (WebCore::RenderThemeGadget::render):
        (WebCore::RenderThemeGadget::renderFocus):
        (WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
        (WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
        (WebCore::RenderThemeTextFieldGadget::minimumSize):
        (WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
        (WebCore::RenderThemeToggleGadget::render):
        (WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
        (WebCore::RenderThemeArrowGadget::render):
        (WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
        (WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
        (WebCore::RenderThemeIconGadget::render):
        (WebCore::RenderThemeIconGadget::minimumSize):
        * platform/gtk/RenderThemeGadget.h: Added.
        (WebCore::RenderThemeGadget::context):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
        buttons.
        * rendering/RenderThemeGtk.cpp:
        (WebCore::themeChangedCallback): Just moved this code to a common place.
        (WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
        (WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
        (WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
        (WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
        (WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::RenderThemeGtk::popupInternalPaddingBox):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
        so if the text field is for a spin button, we adjust the desired size here.
        (WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
        different, so we check here if this is the entry of a spin button to use the right gadgets.
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::RenderThemeGtk::paintTextArea):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
        (WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
        (WebCore::paintSearchFieldIcon):
        (WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
        (WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        (WebCore::RenderThemeGtk::paintInnerSpinButton):
        (WebCore::styleColor):
        (WebCore::RenderThemeGtk::paintMediaButton):
        * rendering/RenderThemeGtk.h:

2016-04-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        Replace all RenderTheme::popupInternalPadding methods with a single one returning a LengthBox
        https://bugs.webkit.org/show_bug.cgi?id=156098

        Reviewed by Darin Adler.

        The caller always wants all padding sides, so we can simplify both the caller and the implementations by using a
        single method. It's also more efficient for the GTK+ port that creates and destroys the same style contexts on
        every call.

        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::adjustInnerStyle):
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::popupInternalPaddingBox):
        (WebCore::RenderTheme::popupInternalPaddingLeft): Deleted.
        (WebCore::RenderTheme::popupInternalPaddingRight): Deleted.
        (WebCore::RenderTheme::popupInternalPaddingTop): Deleted.
        (WebCore::RenderTheme::popupInternalPaddingBottom): Deleted.
        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::popupInternalPaddingBox):
        (WebCore::getComboBoxMetrics): Deleted.
        (WebCore::RenderThemeGtk::popupInternalPaddingLeft): Deleted.
        (WebCore::RenderThemeGtk::popupInternalPaddingRight): Deleted.
        (WebCore::RenderThemeGtk::popupInternalPaddingTop): Deleted.
        (WebCore::RenderThemeGtk::popupInternalPaddingBottom): Deleted.
        * rendering/RenderThemeGtk.h:
        * rendering/RenderThemeIOS.h:
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::popupInternalPaddingBox):
        (WebCore::RenderThemeIOS::popupInternalPaddingRight): Deleted.
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::popupInternalPaddingBox):
        (WebCore::RenderThemeMac::popupInternalPaddingLeft): Deleted.
        (WebCore::RenderThemeMac::popupInternalPaddingRight): Deleted.
        (WebCore::RenderThemeMac::popupInternalPaddingTop): Deleted.
        (WebCore::RenderThemeMac::popupInternalPaddingBottom): Deleted.

2016-02-26  Zalan Bujtas  <zalan@apple.com>

        RenderTheme::controlSize* methods should take const RenderStyle&.
        https://bugs.webkit.org/show_bug.cgi?id=154708

        Reviewed by Darin Adler.

        No change in functionality.

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::minimumMenuListSize):
        (WebCore::RenderTheme::popupInternalPaddingLeft):
        (WebCore::RenderTheme::popupInternalPaddingRight):
        (WebCore::RenderTheme::popupInternalPaddingTop):
        (WebCore::RenderTheme::popupInternalPaddingBottom):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::controlSizeForFont):
        (WebCore::RenderThemeMac::sizeForFont):
        (WebCore::RenderThemeMac::sizeForSystemFont):
        (WebCore::RenderThemeMac::controlSizeForSystemFont):
        (WebCore::RenderThemeMac::minimumProgressBarHeight):
        (WebCore::RenderThemeMac::popupInternalPaddingLeft):
        (WebCore::RenderThemeMac::popupInternalPaddingRight):
        (WebCore::RenderThemeMac::popupInternalPaddingTop):
        (WebCore::RenderThemeMac::popupInternalPaddingBottom):
        (WebCore::RenderThemeMac::minimumMenuListSize):

2016-03-31  Zalan Bujtas  <zalan@apple.com>

        putImageData leaves visible artifacts on retina display
        https://bugs.webkit.org/show_bug.cgi?id=156039
        <rdar://problem/25482243>

        Reviewed by Simon Fraser.

        Inflate the repaint rect to cover anti-aliasing bits.

        Test: fast/canvas/hidpi-repaint-on-retina-leaves-bits-behind.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::didDraw):

2016-04-01  Jiewen Tan  <jiewen_tan@apple.com>

        WebKit should dispatchDidFailProvisionalLoad while loading invalid URLs
        https://bugs.webkit.org/show_bug.cgi?id=155995
        <rdar://problem/14967004>

        Reviewed by Andy Estes.

        Added API Tests.

        If a loading request contains an invalid URL, DocumentLoader will now dispatch
        cannotShowURLError to the clients.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource):

2016-03-31  Daniel Bates  <dabates@apple.com>

        REGRESSION (r195605): ASSERTION FAILED: !NoEventDispatchAssertion::isEventDispatchForbidden()
        when pressing the back button on a page with a focused subframe
        https://bugs.webkit.org/show_bug.cgi?id=156033
        <rdar://problem/25446561>

        Reviewed by Chris Dumez.

        Fixes an assertion failure when navigating back, by pressing the browser back button, to
        the previous page from a page with a focused subframe.

        Following r195605 (https://bugs.webkit.org/show_bug.cgi?id=153449), the responsibility for
        dispatching a DOM pagehide event moved from CachedFrame to PageCache and we now instantiate
        a NoEventDispatchAssertion object to enforce the invariant that no additional DOM events are
        dispatched as part of adding a page to the page cache. When adding a page with a focused
        subframe to the page cache we focus its main frame, which implicitly defocuses the subframe
        and dispatches a DOM blur event at it. Therefore an assertion failure occurs when dispatching
        this DOM blur event (because a NoEventDispatchAssertion object was allocated on the stack).

        Test: fast/history/back-from-page-with-focused-iframe.html

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame): Move logic to focus the main frame from here...
        * history/PageCache.cpp:
        (WebCore::PageCache::addIfCacheable): to here such that any DOM blur and focus events
        are dispatched before instantiate the NoEventDispatchAssertion object and enter the page
        cache.

2016-03-31  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r191180): Safari does not send Referer Header to iframe src in certain situations
        https://bugs.webkit.org/show_bug.cgi?id=155754
        <rdar://problem/25296445>

        Unreviewed, roll out r191180 as it breaks sites and needs to be reworked.

        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::tagIdFor): Deleted.
        (WebCore::TokenPreloadScanner::initiatorFor): Deleted.
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Deleted.
        (WebCore::TokenPreloadScanner::StartTagScanner::resourceType): Deleted.
        * html/parser/HTMLPreloadScanner.h:

2016-03-31  Antonio Gomes  <tonikitoo@webkit.org>

        SelectionController::positionForPlatform should ask EditingBehavior for platform specific behavior
        https://bugs.webkit.org/show_bug.cgi?id=41976

        Reviewed by Darin Adler.

        SSIA.

        No new tests needed.

        * editing/EditingBehavior.h:
        (WebCore::EditingBehavior::shouldAlwaysExtendSelectionFromExtentEndpoint):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::positionForPlatform):

2016-03-30  Alex Christensen  <achristensen@webkit.org>

        Build fix.

        * platform/text/LineEnding.cpp:

2016-03-30  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build.

        * platform/text/LineEnding.cpp:
        make the char's and uint8_t's compile.

2016-03-30  Alex Christensen  <achristensen@webkit.org>

        Fix GTK and Windows builds after r198869.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::blobIsOutOfDate):
        (WebCore::addEncodedBlobItemToSoupMessageBody):
        * platform/text/LineEnding.cpp:

2016-03-30  Brady Eidson  <beidson@apple.com>

        Make BlobData use ThreadSafeSharedBuffer instead of RawData.
        https://bugs.webkit.org/show_bug.cgi?id=156041

        Reviewed by Alex Christensen.

        No new tests (No change in behavior).

        * Modules/fetch/FetchBody.cpp:
        (WebCore::FetchBody::consumeText):
        (WebCore::FetchBody::extractFromText):
        (WebCore::blobFromArrayBuffer):
        * Modules/fetch/FetchBody.h:
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.h:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::didReceiveBinaryData):
        * Modules/websockets/WebSocket.h:
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::processFrame):
        * Modules/websockets/WebSocketChannel.h:
        * Modules/websockets/WebSocketChannelClient.h:
        (WebCore::WebSocketChannelClient::didReceiveBinaryData):
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveBinaryData):
        * Modules/websockets/WorkerThreadableWebSocketChannel.h:
        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        (WebCore::Blob::create):
        * fileapi/WebKitBlobBuilder.h:
        * platform/network/BlobData.cpp:
        (WebCore::BlobData::BlobData):
        (WebCore::BlobDataItem::length):
        (WebCore::BlobData::appendData):
        (WebCore::BlobData::setContentType): Deleted.
        * platform/network/BlobData.h:
        (WebCore::BlobDataItem::type):
        (WebCore::BlobDataItem::data):
        (WebCore::BlobDataItem::file):
        (WebCore::BlobDataItem::BlobDataItem):
        (WebCore::BlobData::create):
        (WebCore::RawData::create): Deleted.
        (WebCore::RawData::data): Deleted.
        (WebCore::RawData::length): Deleted.
        (WebCore::RawData::RawData): Deleted.
        * platform/network/BlobPart.h:
        (WebCore::BlobPart::BlobPart):
        (WebCore::BlobPart::data):
        (WebCore::BlobPart::moveData):
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::appendStorageItems):
        (WebCore::BlobRegistryImpl::registerFileBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::getSizeForNext):
        (WebCore::BlobResourceHandle::readSync):
        (WebCore::BlobResourceHandle::readDataSync):
        (WebCore::BlobResourceHandle::readFileSync):
        (WebCore::BlobResourceHandle::readAsync):
        (WebCore::BlobResourceHandle::readDataAsync):
        (WebCore::BlobResourceHandle::readFileAsync):
        * platform/network/BlobResourceHandle.h:
        * platform/network/FormData.cpp:
        (WebCore::appendBlobResolved):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::blobIsOutOfDate):
        (WebCore::addEncodedBlobItemToSoupMessageBody):
        * platform/text/LineEnding.cpp:
        (WebCore::normalizeToCROrLF):
        (WebCore::normalizeLineEndingsToNative):
        (WebCore::normalizeLineEndingsToCR): Deleted.
        (WebCore::normalizeLineEndingsToLF): Deleted.
        * platform/text/LineEnding.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseBlob):

2016-03-30  Brady Eidson  <beidson@apple.com>

        Random SerializedScriptValue cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=156032

        Rubberstamped by Tim Hatcher.

        - Remove two unused functions.
        - Make the class always be ThreadSafeRefCounted.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::numberValue): Deleted.
        (WebCore::SerializedScriptValue::undefinedValue): Deleted.
        * bindings/js/SerializedScriptValue.h:

2016-03-24  Simon Fraser  <simon.fraser@apple.com>

        Make animation events non-cancelable
        https://bugs.webkit.org/show_bug.cgi?id=78110

        Reviewed by Dan Bates.

        Make the animation events non-cancelable.

        Test: animations/animation-events-not-cancelable.html

        * dom/AnimationEvent.cpp:
        (WebCore::AnimationEvent::AnimationEvent):

2016-03-29  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r196813): Missing plug-in placeholder is missing
        https://bugs.webkit.org/show_bug.cgi?id=155973
        <rdar://problem/25068392>

        Reviewed by Andy Estes.

        Show unavailable plugin indicator when UnavailablePluginIndicatorState (uninitialized, hidden, visible) is not set to hidden explicitly.
        It matches pre-196813 behaviour.

        Unable to test.

        * rendering/RenderEmbeddedObject.h:
        (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

2016-03-29  Eric Carlson  <eric.carlson@apple.com>

        media/track/track-remove-track.html is flaky, crashing and failing
        https://bugs.webkit.org/show_bug.cgi?id=130971

        Reviewed by Alexey Proskuryakov.
        
        Prevent HTMLMediaElement from being collected while it is creating media controls.
        These changes prevent the test from crashing but they do not fix the flakiness,
        which is caused by another bug. Fixing that is tracked by 
        https://bugs.webkit.org/show_bug.cgi?id=155956.

        * html/HTMLMediaElement.cpp:
        (WebCore::actionName): New, debugging-only helper function.
        (WebCore::HTMLMediaElement::HTMLMediaElement): Initialize new variables.
        (WebCore::HTMLMediaElement::scheduleDelayedAction): Log the flag names to make debugging easier.
        (WebCore::HTMLMediaElement::scheduleNextSourceChild): Add logging.
        (WebCore::HTMLMediaElement::updateActiveTextTrackCues): Update logging.
        (WebCore::HTMLMediaElement::configureTextTrackGroup): Drive-by optimization: don't call 
          updateCaptionContainer here, call it before exiting configureTextTracks so we only call
          it once instead of once per track group.
        (WebCore::controllerJSValue):
        (WebCore::HTMLMediaElement::ensureMediaControlsShadowRoot): New, wrapper around calling
          ensureUserAgentShadowRoot so m_creatingControls can be set and cleared appropriately.
        (WebCore::HTMLMediaElement::updateCaptionContainer): ensureUserAgentShadowRoot -> 
          ensureMediaControlsShadowRoot. Drive by optimization: set/test m_haveSetupCaptionContainer
          so we only do this setup once.
        (WebCore::HTMLMediaElement::configureTextTracks): Call updateCaptionContainer.
        (WebCore::HTMLMediaElement::clearMediaPlayer): Log flag names.
        (WebCore::HTMLMediaElement::hasPendingActivity): Return true when creating controls so GC
          won't happen during controls setup.
        (WebCore::HTMLMediaElement::updateTextTrackDisplay): ensureUserAgentShadowRoot -> 
          ensureMediaControlsShadowRoot.
        (WebCore::HTMLMediaElement::createMediaControls): Ditto.
        (WebCore::HTMLMediaElement::configureMediaControls): Ditto.
        (WebCore::HTMLMediaElement::configureTextTrackDisplay): Ditto.
        * html/HTMLMediaElement.h:

2016-03-28  Zalan Bujtas  <zalan@apple.com>

        Pixel turds when bordered div is resized on SMF forum software.
        https://bugs.webkit.org/show_bug.cgi?id=155957
        <rdar://problem/25010646>

        Reviewed by Simon Fraser.

        Use unmodified, non-snapped bounding box rect when computing dirty rects.

        Test: fast/repaint/hidpi-box-with-subpixel-height-inflates.html

        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getTrailingCorner):
        * rendering/RenderInline.h:
        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::borderBoundingBox): Deleted.
        * rendering/RenderLineBreak.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::setBestTruncatedAt):

2016-03-28  Zalan Bujtas  <zalan@apple.com>

        Setup cloned continuation renderer properly.
        https://bugs.webkit.org/show_bug.cgi?id=155640

        Reviewed by Simon Fraser.

        Set the "renderer has outline ancestor" flag on the cloned inline renderer when
        we split the original renderer for continuation.
        It ensures that when the cloned part of the continuation requests repaint, we properly
        invalidate the ancestor outline (if needed).

        Test: fast/inline/outline-with-continuation-assert.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::clone):

2016-03-25  Zalan Bujtas  <zalan@apple.com>

        RenderImage::repaintOrMarkForLayout fails when the renderer is detached.
        https://bugs.webkit.org/show_bug.cgi?id=155885
        <rdar://problem/25359164>

        Reviewed by Simon Fraser.

        Making containingBlockFor* functions standalone ensures that we don't
        call them on an invalid object. 

        Covered by existing tests.

        * dom/Element.cpp:
        (WebCore::layoutOverflowRectContainsAllDescendants):
        * rendering/LogicalSelectionOffsetCaches.h:
        (WebCore::LogicalSelectionOffsetCaches::LogicalSelectionOffsetCaches):
        * rendering/RenderElement.cpp:
        (WebCore::containingBlockForFixedPosition):
        (WebCore::containingBlockForAbsolutePosition):
        (WebCore::containingBlockForObjectInFlow):
        (WebCore::RenderElement::containingBlockForFixedPosition): Deleted.
        (WebCore::RenderElement::containingBlockForAbsolutePosition): Deleted.
        (WebCore::isNonRenderBlockInline): Deleted.
        (WebCore::RenderElement::containingBlockForObjectInFlow): Deleted.
        * rendering/RenderElement.h:
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::styleWillChange):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::containingBlock):

2016-03-23  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: y2 >= y1 in WebCore::RenderElement::drawLineForBoxSide
        https://bugs.webkit.org/show_bug.cgi?id=155791

        Reviewed by Simon Fraser.

        With certain combination of border rect and adjacent width, we could end up with an empty final rect.
        This patch ensures that we don't try to paint this empty rect. 

        Test: fast/borders/empty-outline-border-assert.html

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::drawLineForBoxSide):

2016-03-23  Brent Fulgham  <bfulgham@apple.com>

        [WebGL] Non-power-of-two texture optimization
        https://bugs.webkit.org/show_bug.cgi?id=118409

        Reviewed by Dean Jackson.

        Based on a patch by Przemyslaw Szymanski  <p.szymanski3@samsung.com>
 
        This patch optimizes usage of handleNPOTTextures. We do not need to
        iterate over each texture unit if no black textures were set. This
        optimization provides a few more frames per seconds for certain
        draw calls.
    
        Tested by:
        (1) Existing tests: webgl/resources/webgl_test_files/conformance/textures/texture-npot.html
        (2) New test case: fast/canvas/webgl/texture-alternating-npot.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::compressedTexImage2D): Use new helper method.
        (WebCore::WebGLRenderingContextBase::validateNPOTTextureLevel): Added.
        (WebCore::WebGLRenderingContextBase::drawArrays): Only check texture completeness
        if a black texture was used.
        (WebCore::WebGLRenderingContextBase::drawElements): Ditto.
        (WebCore::WebGLRenderingContextBase::texImage2DBase): Use new helper method.
        (WebCore::WebGLRenderingContextBase::validateTexFunc): Ditto.
        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Return flag to indicate
        if a black fallbacktexture was used.
        * html/canvas/WebGLRenderingContextBase.h:

2016-03-23  Antti Koivisto  <antti@apple.com>

        Share style by sharing RenderStyle substructures not the object itself
        https://bugs.webkit.org/show_bug.cgi?id=155787

        Reviewed by Anreas Kling.

        The current approach where we share RenderStyle objects between elements leads to lot of awkward and bug-prone code.
        Most of the RenderStyle consists of shareable substructures. It is better to just share those.

        With this patch we create shared styles with RenderStyle::clone(). Sharing is traced as state in Style::SharingResolver
        instead of relying on RenderStyle equality to locate potential sharing cousins.

        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::operator==):

            m_altText was missing from operator==
            This was exposed by TreeResolver::resolveElement change, tested by fast/css/alt-inherit-initial.html

        * style/StyleSharingResolver.cpp:
        (WebCore::Style::elementHasDirectionAuto):
        (WebCore::Style::SharingResolver::resolve):

            Save share results to a map.

        (WebCore::Style::SharingResolver::findSibling):
        (WebCore::Style::SharingResolver::locateCousinList):

            Instead of traversing we can now just do a hash lookup to locate a candidate cousin list.
            There is no need for recursion anymore, the map covers sharing beyond immediate siblings too.
            Remove most tests here as they have been already covered when sharing occured.

        (WebCore::Style::canShareStyleWithControl):
        * style/StyleSharingResolver.h:
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::styleForElement):
        (WebCore::Style::TreeResolver::resolveElement):

            No need to do forced setting anymore just to support style sharing.

2016-03-22  Darin Adler  <darin@apple.com>

        showModalDialog code runs with “first window” set to wrong window
        https://bugs.webkit.org/show_bug.cgi?id=155710

        Reviewed by Brent Fulgham.

        Test: http/tests/security/cross-origin-modal-dialog-base.html

        * page/Chrome.cpp:
        (WebCore::Chrome::runModal): Null out entryScope so that the "first window"
        checks inside the modal dialog won't run in the context of the original window
        that presented the dialog.

2016-03-22  Said Abou-Hallawa  <sabouhallawa@apple.com>

        userSpaceOnUse patterns are not stroked for empty object bounding box elements
        https://bugs.webkit.org/show_bug.cgi?id=109758

        Reviewed by Brent Fulgham.

        Checking whether the patternUnits is objectBoundingBox needs to be done
        after calling collectPatternAttributes(). Otherwise the default value
        will be always checked which is 'objectBoundingBox'.

        Tests: svg/custom/pattern-units-fill-stroke.svg

        * rendering/svg/RenderSVGResourcePattern.cpp:
        (WebCore::RenderSVGResourcePattern::buildPattern):
        (WebCore::RenderSVGResourcePattern::applyResource):

2016-03-22  John Wilander  <wilander@apple.com>

        Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
        https://bugs.webkit.org/show_bug.cgi?id=82714

        Reviewed by Brent Fulgham.

        Tests: http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html
               http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html
               http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html
               http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html
               http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html
               http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html
               http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html
               http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html

        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
        (WebCore::headerHasValidHTTPVersion):
            - Check for HTTP version 1.1 and above.
        (WebCore::WebSocketHandshake::readStatusLine):
            - Only allow ASCII characters in status line.
            - Only allow HTTP version 1.1 and above in status line.
        (WebCore::WebSocketHandshake::readHTTPHeaders):
            - Only allow ASCII characters in values for new HTTP headers.

2016-03-22  Alex Christensen  <achristensen@webkit.org>

        Add null check in CachedResourceLoader::determineRevalidationPolicy
        https://bugs.webkit.org/show_bug.cgi?id=155758
        rdar://problem/25108408

        Reviewed by Jer Noble.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::frame):
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):
        Null-check frame() before dereferencing it.

2016-03-22  Brent Fulgham  <bfulgham@apple.com>

        SharedBuffer::copy() can cause a segmentation fault.
        https://bugs.webkit.org/show_bug.cgi?id=155739

        Reviewed by Ryosuke Niwa.

        Based on a Blink patch by Huang Dongsung <luxtella@company100.net>.
        <https://src.chromium.org/viewvc/blink?revision=153850&view=revision>

        After SharedBuffer::copy(), SharedBuffer::append() can cause segmentation fault,
        because copy() calls clone->m_buffer.append(m_segments[i], segmentSize) even if
        'i' is the last index. The data size of m_segments.last() is often less than
        segmentSize. So, in the cloned instance m_size < (m_buffer.size() + SUM(m_segments[i].size())).
        This patch appends the exact size of the last segment instead of segmentSize.

        Tested by TestWebKitAPI SharedBufferTest::copy

        * platform/SharedBuffer.cpp:
        (SharedBuffer::copy): 

2016-03-22  Alberto Garcia  <berto@igalia.com>

        Unreviewed typo fix.

        * platform/gtk/LocalizedStringsGtk.cpp:
        (WebCore::textTrackAutomaticMenuItemText): "choosen" => "chosen"

2016-03-22  Zan Dobersek  <zdobersek@igalia.com>

        [TextureMapper] Destructing TextureMapperLayer should clean up its effect target
        https://bugs.webkit.org/show_bug.cgi?id=155718

        Reviewed by Darin Adler.

        TextureMapperLayer destructor should, in case of non-null effect target,
        null out the effect target's mask and replica layer pointers if those
        pointers point to the TextureMapperLayer object that's being destroyed,
        avoiding use-after-free occurrences.

        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::~TextureMapperLayer):

2016-03-21  Zalan Bujtas  <zalan@apple.com>

        WebCore::RenderTableCell::setCol should put a cap on the column value. 
        https://bugs.webkit.org/show_bug.cgi?id=155642
        <rdar://problem/15895201>

        Reviewed by Simon Fraser.

        This patch ensures that we don't crash when the column number is large enough.
        see webkit.org/b/71135 for more information.

        Test: tables/colspan-with-large-value-crash.html

        * rendering/RenderTableCell.h:
        (WebCore::RenderTableCell::setCol):

2016-03-21  Simon Fraser  <simon.fraser@apple.com>

        Very flashy scrolling on http://quellish.tumblr.com page
        https://bugs.webkit.org/show_bug.cgi?id=155728
        rdar://problem/22299375

        Reviewed by Zalan Bujtas.

        http://quellish.tumblr.com/post/126712999812/how-on-earth-the-facebook-ios-application-is-so
        has many elements that are nested inside elements with non-equal corner radius clipping.
        This requires building bezier paths for the rounded-rect clip which is expensive.

        For many rows of the table, we can avoid the rounded-rect clipping because the intersection
        of the paintDirtyRect and the clip is actually rectangular.

        * platform/graphics/FloatRoundedRect.cpp:
        (WebCore::FloatRoundedRect::intersectionIsRectangular):
        * platform/graphics/FloatRoundedRect.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::clipToRect):

2016-03-20  Jinwoo Jeong  <jw00.jeong@samsung.com>

        The setter of binaryType attribute in WebSocket should raise the exception.
        https://bugs.webkit.org/show_bug.cgi?id=135874

        Reviewed by Antonio Gomes.

        According to W3C WebSocket Specification, <https://www.w3.org/TR/2012/CR-websockets-20120920/>
        when an invalid value is set on binaryType of WebSocket, a SyntaxError should be raised.

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::setBinaryType): Add a parameter to set an exception.
        * Modules/websockets/WebSocket.h: Ditto.
        * Modules/websockets/WebSocket.idl: Update that setter of binaryType could raise an exception.

2016-03-19  Antti Koivisto  <antti@apple.com>

        Data URL DecodeTask may get deleted outside main thread
        https://bugs.webkit.org/show_bug.cgi?id=155584
        rdar://problem/24492104

        Reviewed by David Kilzer.

        Follow-up: fix a possible null pointer crash.

        * platform/network/DataURLDecoder.cpp:
        (WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):

            If timer fires under startOneShot m_decodeTask may become zero before schedule() is called.
            Fix by copying schedule context to a local before calling startOneShot.

2016-03-18  Darin Adler  <darin@apple.com>

        ASSERTION FAILED: m_isValid == valid() in WebCore::HTMLFormControlElement::isValidFormControlElement
        https://bugs.webkit.org/show_bug.cgi?id=139481

        Reviewed by Daniel Bates.

        Test: fast/forms/validity-assertion-inserting-into-datalist.html

        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::insertedInto): Set the flags that will cause
        "will validate" to be recomputed *before* calling willValidate().

2016-03-18  Brent Fulgham  <bfulgham@apple.com>

        Local file restrictions should not block sessionStorage access
        https://bugs.webkit.org/show_bug.cgi?id=155609
        <rdar://problem/25229461>

        Reviewed by Andy Estes.

        Use of 'sesssionStorage' is governed by SecurityOrigin with third party access
        set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
        reject local files for this combination of arguments.

        Test: storage/domstorage/sessionstorage/blocked-file-access.html

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
        allow local file access.

2016-03-18  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        crossorigin element resource loading should check HTTP redirection
        https://bugs.webkit.org/show_bug.cgi?id=130578

        Reviewed by Daniel Bates and Brent Fulgham.

        Moved part of DocumentThreadableLoader redirection cross origin control code
        into functions in CrossOriginAccessControl.cpp. Added cross origin control for
        redirections in SubResourceLoader when policy is set to PotentiallyCrossOriginEnabled 
        using CrossOriginAccessControl.cpp new functions. Added a new test that checks that 
        cross-origin redirections are checked against CORS.

        Test: http/tests/security/shape-image-cors-redirect.html

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::isValidCrossOriginRedirectionURL): Returns true if the redirected URL is a valid URL for cross-origin requests.
        (WebCore::cleanRedirectedRequestForAccessControl): Removes all headers added by the network backend that may cause the response CORS validation to fail.
        * loader/CrossOriginAccessControl.h: Added above function prototypes.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::redirectReceived): Used new CORS redirection methods of CrossOriginAccessControl.cpp.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::init): Initialize the SecurityOrigin to be used for loading the resource.
        (WebCore::SubresourceLoader::willSendRequest): Added cross-origin redirection response check.
        (WebCore::SubresourceLoader::checkCrossOriginAccessControl): Checks CORS and update request if needed. Returns true if control checks passed.
        * loader/SubresourceLoader.h: Added checkCrossOriginAccessControl declaration and m_origin declaration.

2016-03-17  Antti Koivisto  <antti@apple.com>

        Data URL DecodeTask may get deleted outside main thread
        https://bugs.webkit.org/show_bug.cgi?id=155584
        rdar://problem/24492104

        Reviewed by Darin Adler.

        This is unsafe as it owns strings and other types that are only safe to delete in the main thread.

        There is a race between deref in dispatch() and deref in timerFired(). If the timer fires before dispatch()
        exits the implicit deref will trigger deletion of DecodingResultDispatcher in the dispatching thread.

        (WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

            Fix by clearing m_decodeTask when the timer fires.

2016-03-17  Brent Fulgham  <bfulgham@apple.com>

        [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
        https://bugs.webkit.org/show_bug.cgi?id=155624
        <rdar://problem/25219962>

        Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>

        Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.

2016-03-17  Zalan Bujtas  <zalan@apple.com>

        Images in feed on ebay.com jiggle when one is hovered
        https://bugs.webkit.org/show_bug.cgi?id=155608
        <rdar://problem/25160681>

        The content offset in compositing layer = subpixel gap between the graphics layer and the layer bounds + layer bounds top left.

        Reviewed by Simon Fraser.

        Test: compositing/hidpi-viewport-clipping-on-composited-content.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):
        (WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):
        * rendering/RenderLayerBacking.h:

2016-03-17  Zalan Bujtas  <zalan@apple.com>

        Don't initiate a style recall while drawing text 
        https://bugs.webkit.org/show_bug.cgi?id=155618

        Reviewed by Simon Fraser.

        This patch ensures that we don't initiate a style recalc while in the middle of text drawing.

        Test: fast/canvas/crash-while-resizing-canvas.html

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal):

2016-03-17  Eric Carlson  <eric.carlson@apple.com>

        Improve some metadata tests
        https://bugs.webkit.org/show_bug.cgi?id=155616

        Reviewed by Saam Barati.

        * html/track/DataCue.cpp:
        (WebCore::DataCue::DataCue):
        (WebCore::DataCue::setData):

2016-03-17  Brent Fulgham  <bfulgham@apple.com>

        Some media tests are flaky.
        https://bugs.webkit.org/show_bug.cgi?id=155614

        Reviewed by Eric Carlson.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::~TextTrack):

2016-03-17  Brady Eidson  <beidson@apple.com>

        Don't try to restore deleted MemoryIndexes if their owning object store is not restored.
        https://bugs.webkit.org/show_bug.cgi?id=155068

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/deleteindex-4-private.html

        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):

2016-03-16  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Directly composited image layers need pixelsnapping.
        https://bugs.webkit.org/show_bug.cgi?id=155558

        Reviewed by Simon Fraser.

        In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
        layer bounds for directly composited images.

        Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::resetContentsRect):
        (WebCore::RenderLayerBacking::updateChildClippingStrategy):
        (WebCore::RenderLayerBacking::updateImageContents):

2016-03-16  Alex Christensen  <achristensen@webkit.org>

        Fix assertion failure on drive.google.com after r196052
        https://bugs.webkit.org/show_bug.cgi?id=155562

        Reviewed by Jer Noble.

        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::mapToContainer):
        Change float equality check to areEssentiallyEqual.
        This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
        but result was (944.335693, 232.047394).  They differ by (0, 0.000015).

2016-03-16  Jiewen Tan  <jiewen_tan@apple.com>

        URL Parsing should signal failure for illegal IDN
        https://bugs.webkit.org/show_bug.cgi?id=154945
        <rdar://problem/8014795>

        Reviewed by Brent Fulgham.

        WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
        that deal with IDN mapping will now return nil to signal error.

        Test: fast/url/invalid-idn.html

        * platform/URL.cpp:
        (WebCore::isSchemeFirstChar):
        (WebCore::URL::init):
        (WebCore::appendEncodedHostname):
        (WebCore::encodeHostnames):
        (WebCore::encodeRelativeString):
        * platform/mac/WebCoreNSURLExtras.h:
        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::mapHostNameWithRange):
        (WebCore::hostNameNeedsDecodingWithRange):
        (WebCore::hostNameNeedsEncodingWithRange):
        (WebCore::decodeHostNameWithRange):
        (WebCore::encodeHostNameWithRange):
        (WebCore::decodeHostName):
        (WebCore::encodeHostName):
        (WebCore::collectRangesThatNeedMapping):
        (WebCore::mapHostNames):
        (WebCore::URLWithData):
        (WebCore::dataWithUserTypedString):
        (WebCore::URLWithUserTypedString):
        (WebCore::URLWithUserTypedStringDeprecated):
        (WebCore::userVisibleString):

2016-03-16  Antti Koivisto  <antti@apple.com>

        Don't invalidate style unnecessarily when setting inline style cssText
        https://bugs.webkit.org/show_bug.cgi?id=155541
        rdar://problem/23318893

        Reviewed by Simon Fraser.

        We currently invalidate style when cssText is set whether the style declaration changed or not.

        Based on a patch by Simon.

        Test: fast/css/style-invalidation-inline-csstext.html

        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::cssText):
        (WebCore::PropertySetCSSStyleDeclaration::setCssText):

            Invalidate only if the parsed style changed.

        * css/StyleProperties.cpp:
        (WebCore::MutableStyleProperties::parseDeclaration):

            Compare the original and new style after parsing, return result.

        * css/StyleProperties.h:

2016-03-15  Simon Fraser  <simon.fraser@apple.com>

        Occasional crash under GraphicsContext::platformContext when dragging Google maps
        https://bugs.webkit.org/show_bug.cgi?id=155521
        rdar://problem/24357307

        Reviewed by Tim Horton.

        It's possible for createDragImageForSelection() to return a null image, if the bounds
        of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
        because a zero-sized ShareableBitmap will return a null GraphicsContext.
        
        To avoid this, early return from DragController::startDrag() if the dragImage is null.
        
        I wasn't able to come up with a test for this.

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

2016-03-15  Zalan Bujtas  <zalan@apple.com>

        Delay HTMLFormControlElement::focus() call until after layout is finished.
        https://bugs.webkit.org/show_bug.cgi?id=155503
        <rdar://problem/24046635>

        Reviewed by Simon Fraser.

        Calling focus on a form element can trigger arbitrary JS code which could interfere with
        the ongoing layout. 
        This patch delays HTMLFormControlElement::focus() call until after layout is finished.
        If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
        after style resolution is done. 

        Covered by LayoutTests/fast/dom/adopt-node-crash-2.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::updateBackingStore):
        * dom/Document.cpp:
        (WebCore::Document::updateStyleIfNeeded):
        (WebCore::Document::updateLayout):
        (WebCore::Document::updateLayoutIfDimensionsOutOfDate):
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::didAttachRenderers):
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::queuePostLayoutCallback):
        (WebCore::FrameView::flushPostLayoutTasksQueue):
        (WebCore::FrameView::performPostLayoutTasks):
        (WebCore::FrameView::sendResizeEventIfNeeded):
        * page/FrameView.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::imageChanged):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2016-03-15  Antti Koivisto  <antti@apple.com>

        REGRESSION (196383): Class change invalidation does not handle :not correctly
        https://bugs.webkit.org/show_bug.cgi?id=155493
        <rdar://problem/24846762>

        Reviewed by Andreas Kling.

        We fail to invalidate bar style in

            :not(.foo) bar { }

        when class foo is added or removed.

        There is a logic error in the invalidation code. It assumes that class addition can only make new selectors match
        and removal make them not match. This is not true when :not is present.

        * style/AttributeChangeInvalidation.h:
        (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
        * style/ClassChangeInvalidation.cpp:
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):

            Invalidate style and collect full set of rules that may affect descendant style.

        (WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle):

            Invalidate with this set both before and after committing the changes.

        (WebCore::Style::ClassChangeInvalidation::computeClassChange): Deleted.
        * style/ClassChangeInvalidation.h:
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

2016-03-15  Miguel Gomez  <magomez@igalia.com>

        Leak: Accelerated ImageBufferCairo doesn't destroy the used textures
        https://bugs.webkit.org/show_bug.cgi?id=155431

        Reviewed by Žan Doberšek.

        When using the Cairo backend, add a destructor to ImageBufferData and use it to destroy the
        textures created if the buffer is being accelerated.

        No new tests, already covered by existing ones.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::ImageBufferData):
        Store the renderingMode flag.
        (WebCore::ImageBufferData::~ImageBufferData):
        Destroy gl resources if renderingMode is accelerated.
        (WebCore::ImageBuffer::ImageBuffer):
        Pass renderingMode to the data class and use it fro checks instead of the function parameter.
        * platform/graphics/cairo/ImageBufferDataCairo.h:
        Add destructor and a renderingMode flag.

2016-03-10  Antonio Gomes  <tonikitoo@webkit.org>

        Selecting with shift+drag results in unexpected drag-n-drop
        https://bugs.webkit.org/show_bug.cgi?id=155314

        Reviewed by Darin Adler.

        Test: editing/selection/shift-drag-selection-no-drag-n-drop.html

        Whenever user tries to extend an existing text selection by dragging the mouse
        (left button hold) with shift key pressed, WebKit enters drag-n-drop mode.
        This behavior does not match common editing behavior out there, including other
        browsers' (Firefox, Opera/Presto and IE).

        Patch changes WebKit so that whenever one extends a selection with mouse
        and shift key pressed off of a #text node, it does not enter drag-n-drop mode.

        Additionally, patch also adds some further tests to ensure that when
        selection is extended off of either a link or an image, drag-n-drop does
        get triggered, no matter if shift key is pressed.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMousePressEvent):

2016-03-13  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION (r190840): crash inside details element's slotNameFunction
        https://bugs.webkit.org/show_bug.cgi?id=155388

        Reviewed by Antti Koivisto.

        The bug was caused by HTMLDetailsElement::isActiveSummary calling findAssignedSlot with a summary element
        inside the shadow tree of the detials element. Fixed it by existing early when the summary element passed
        to isActiveSummary is not a direct child of the details element.

        Test: fast/html/details-summary-tabindex-crash.html

        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::findAssignedSlot): Added an assertion for regression testing.
        * dom/SlotAssignment.cpp:
        (WebCore::SlotAssignment::findAssignedSlot): Removed the superfluous call to assignSlots added in r190840.
        There is no need to update the slot assignments here (entires in m_slots are added or removed by
        addSlotElementByName or removeSlotElementByName and assignSlots only updates assignedNodes in each SlotInfo
        which is never used in this function or findFirstSlotElement.
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::isActiveSummary): Fixed the bug.

2016-03-13  Antti Koivisto  <antti@apple.com>

        ComposedTreeIterator fails to traverse slots if root is shadow host
        https://bugs.webkit.org/show_bug.cgi?id=155407

        Reviewed by Darin Adler.

        Test: fast/shadow-dom/composed-tree-shadow-subtree.html

        * dom/ComposedTreeIterator.cpp:
        (WebCore::ComposedTreeIterator::ComposedTreeIterator):

            Traversal functions assume m_contextStack is deeper than 1 before they need to enter slot traversal code paths.
            Call initializeContextStack in case of shadow host which does the right thing.

        (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
        (WebCore::composedTreeAsText):

            Add option to include pointers as debugging aid.

        * dom/ComposedTreeIterator.h:
        (WebCore::composedTreeChildren):

2016-03-12  Dean Jackson  <dino@apple.com>

        REGRESSION (r188647): Teamtreehouse website sidebar buttons are not rendered
        https://bugs.webkit.org/show_bug.cgi?id=155400
        <rdar://problem/24818602>

        Reviewed by Anders Carlsson.

        When we unprefixed CSS filters we accidentally
        stopped SVG elements that use the CSS filter shorthands
        from rendering. We still don't actually support
        the shorthands in this case, but we should render
        the element without the filter.

        Tests: css3/filters/filters-on-svg-element.html
               css3/filters/filters-on-svg-root.html

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::hasReferenceFilterOnly): Add
        this new function that tells us if we have the
        style of filter that we can handle in SVG content.
        * rendering/style/RenderStyle.h:
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::prepareToRenderSVGContent):
        We can mark an element as ready to render if it
        has a shorthand filter.

2016-03-11  Jiewen Tan  <jiewen_tan@apple.com>

        WebKit should not be redirected to an invalid URL
        https://bugs.webkit.org/show_bug.cgi?id=155263
        <rdar://problem/22820172>

        Reviewed by Brent Fulgham.

        Test: http/tests/navigation/redirect-to-invalid-url.html

        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal):

2016-03-10  Maksim Kisilev <mkisilev@yandex-team.ru>

        Fix typo in StyleTreeResolver.cpp
        https://bugs.webkit.org/show_bug.cgi?id=139946

        Reviewed by Andy Estes.

        The constructor for CheckForVisibilityChangeOnRecalcStyle was improperly comparing the
        result of WKContentChange() (which is not a function) to WKContentVisibilityChange. I
        believe the above cast would implicitly resolve to WKContentNoChange in all cases,
        whether a visibility change had been observed or not.
        
        This patch corrects this problem. I would expect that this might affect some content
        visibility change behavior, but I'm not sure what the appropriate test case would be
        since this was apparently found through code inspection.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::CheckForVisibilityChangeOnRecalcStyle):

2016-03-10  Jer Noble  <jer.noble@apple.com>

        CRASH at WebCore::RenderView::updateVisibleViewportRect
        https://bugs.webkit.org/show_bug.cgi?id=155209
        <rdar://problem/23997530>

        Reviewed by Simon Fraser.

        Test: media/video-crash-invisible-autoplay-display-none.html

        Between the time when the video element's renderer is created and destroyed, we may have unset the
        InvisibleAutoplayNotPermitted restriction. So rather than check for that restriction before
        unregistering for the "visible in viewport" notification, unregister only if the renderer
        was previously registered.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::willDetachRenderers):

2016-03-10  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION: GuardMallloc crash in SVGListPropertyTearOff<SVGPointList>::processIncomingListItemWrapper
        https://bugs.webkit.org/show_bug.cgi?id=154969

        Reviewed by Darin Adler.

        The life cycle of the SVGAnimatedPropertyTearOff::m_baseVal and m_animVal
        was not correct. Like what was done in SVGAnimatedListPropertyTearOff,
        m_baseVal and m_animVal have to be raw RefCounted pointers. When requested
        through, SVGAnimatedPropertyTearOff::baseVal() and animVal() they are
        encapsulated in a RefPtr to ensure they existence as long as they are
        referenced. When the animated property object (which is stored in either
        m_baseVal or m_animVal) is not referenced by anyone, it is going to be
        deleted. In the destructor of their class, SVGAnimatedPropertyTearOff
        will be notified of this deletion through propertyWillBeDeleted() to clean
        its member m_baseVal or m_animVal.

        * bindings/scripts/CodeGeneratorJS.pm:
        (NativeToJSValue): Now all the SVG animated property return RefPtrs. In
        addition to that, SVGViewSpec.transform also returns
        RefPtr<SVGTransformListPropertyTearOff>.
        
        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (WebCore::SVGAnimatedListPropertyTearOff::animVal):
        (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
        (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
        (WebCore::SVGAnimatedListPropertyTearOff::isAnimating):
        (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
        Change propertyWillBeDeleted() to be virtual and make it takes an SVGProperty*.
        Rename m_animatingAnimVal to be m_animatedProperty. Add isAnimating() which
        returns true if m_animatedProperty is not null. Use isAnimating() instead of
        m_isAnimating because it's deleted from the base class.
        
        * svg/properties/SVGAnimatedProperty.cpp:
        (WebCore::SVGAnimatedProperty::SVGAnimatedProperty):
        (WebCore::SVGAnimatedProperty::~SVGAnimatedProperty):
        * svg/properties/SVGAnimatedProperty.h:
        (WebCore::SVGAnimatedProperty::isAnimating):
        (WebCore::SVGAnimatedProperty::propertyWillBeDeleted):
        Delete m_isAnimating since its value can be deduced from the value of
        m_animatedProperty in the derived class. Add propertyWillBeDeleted() and
        isAnimating() as virtual functions with the default behavior.
        
        * svg/properties/SVGAnimatedPropertyTearOff.h:
        (WebCore::SVGAnimatedPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedPropertyTearOff::animVal):
        Like SVGAnimatedListPropertyTearOff::baseVal() and animVal() create the
        value if it does not exist. Keep a raw RefCounted pointer but return a
        RefPtr.

        (WebCore::SVGAnimatedPropertyTearOff::isAnimating):
        (WebCore::SVGAnimatedPropertyTearOff::propertyWillBeDeleted):
        Override virtual functions.
        
        (WebCore::SVGAnimatedPropertyTearOff::currentAnimatedValue):
        (WebCore::SVGAnimatedPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedPropertyTearOff::animValWillChange):
        (WebCore::SVGAnimatedPropertyTearOff::animValDidChange):
        Replace m_isAnimating with isAnimating(). Ensure that we get a new animated
        property through animVal() and store it in a RefPtr to ensure it will not
        go away while animating.
        
        * svg/properties/SVGAnimatedStaticPropertyTearOff.h:
        (WebCore::SVGAnimatedStaticPropertyTearOff::isAnimating):
        (WebCore::SVGAnimatedStaticPropertyTearOff::currentAnimatedValue):
        (WebCore::SVGAnimatedStaticPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedStaticPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedStaticPropertyTearOff::animValWillChange):
        (WebCore::SVGAnimatedStaticPropertyTearOff::animValDidChange):
        Add isAnimating() and replace all the instances of m_isAnimating with calls
        to isAnimating().
        
        * svg/properties/SVGPropertyTearOff.h:
        (WebCore::SVGPropertyTearOff::animatedProperty):
        (WebCore::SVGPropertyTearOff::setAnimatedProperty):
        (WebCore::SVGPropertyTearOff::contextElement):
        (WebCore::SVGPropertyTearOff::SVGPropertyTearOff):
        (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
        SVGPropertyTearOff is what SVGAnimatedPropertyTearOff creates for its 
        baseVal() and animVal() values. These values can be null anytime once
        they are not referenced. The SVGAnimatedPropertyTearOff holds only raw
        RefCounted pointer for them. So (1) SVGPropertyTearOff needs to hold a
        RefPtr for its SVGAnimatedProperty and (2) it needs to notify its
        SVGAnimatedProperty when it's deleted by calling propertyWillBeDeleted()
        from the destructor. Also there is no need to get the contextElement()
        and save it in class member, m_contextElement since it can be always be
        retrieved from SVGAnimatedProperty::contextElement().

2016-03-09  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rebaseline bindings tests after r197874.

        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattribute::getOwnPropertySlot):
        * bindings/scripts/test/JS/JSattribute.h:

2016-03-09  Chris Dumez  <cdumez@apple.com>

        Move attributes to the instance for most interfaces that have "Error" in their name
        https://bugs.webkit.org/show_bug.cgi?id=155231

        Reviewed by Darin Adler.

        Our bindings generator was keeping attributes on the instances for
        interfaces having "Error" or "Exception" in their name. The reason is
        that interfaces that have "Error" in their prototype would not behave
        correctly otherwise because "Error" incorrectly has its attributes on
        the instance at the moment. However, in our bindings generator, the
        condition to decide if an interface's prototype should be "Error" is
        if $interface->isException. Therefore, we should use the same condition
        to decide if we should keep attributes on the instance until "Error"
        is updated to have its attributes on the prototype. Doing this for any
        interface having "Error" or "Exception" in their name is overkill.

        No new tests, already covered by existing test.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstance):

2016-03-09  Tim Horton  <timothy_horton@apple.com>

        Removing and re-adding a script message handler with the same name results in an unusable message handler
        https://bugs.webkit.org/show_bug.cgi?id=155223

        Reviewed by Sam Weinig.
        Patch by Geoff Garen and myself.

        New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

        * page/UserMessageHandler.h:
        (WebCore::UserMessageHandler::descriptor):
        * page/UserMessageHandlersNamespace.cpp:
        (WebCore::UserMessageHandlersNamespace::handler):
        This lazy removal mechanism combined with the fact that we only compare
        handler name and world makes it such that m_messageHandlers could have
        a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
        only in client.

        It is safe to compare the descriptors by pointer instead because m_messageHandler
        holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
        that the add-remove-add path (with identical name and world) causes a new
        UserContentController to be created.

        We also now clean up any stale UserMessageHandlers whenever we're about to
        add a new one, by removing any which the UserContentController no longer knows about.

2016-03-08  Brent Fulgham  <bfulgham@apple.com>

        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
        https://bugs.webkit.org/show_bug.cgi?id=155185
        <rdar://problem/11101440>

        Reviewed by Zalan Bujtas.

        Tested by storage/domstorage/localstorage/blocked-file-access.html.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
        universal file access, prevent access to DOM localStorage.

2016-03-22  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] WebInspector broken after r197620
        https://bugs.webkit.org/show_bug.cgi?id=155497
        <rdar://problem/25171910>

        Reviewed by Philippe Normand.

        Add resource scheme to the list of secure protocols.

        * platform/SchemeRegistry.cpp:
        (WebCore::secureSchemes):

2016-03-09  Andreas Kling  <akling@apple.com>

        ImageDocuments leak their world.
        <https://webkit.org/b/155167>
        <rdar://problem/24987363>

        Reviewed by Antti Koivisto.

        ImageDocument uses a special code path in ImageLoader in order to manually
        control how the image is loaded. It has to do this because the ImageDocument
        is really just a synthetic wrapper around a main resource that's an image.

        This custom loading code had a bug where it would create a new CachedImage
        and neglect to set its CachedResource::m_state flag to Pending (which is
        normally set by CachedResource::load(), but we don't call that for these.)

        This meant that when ImageDocument called CachedImage::finishLoading() to
        trigger the notifyFinished() callback path, the image would look at its
        loading state and see that it was Unknown (not Pending), and conclude that
        it hadn't loaded yet. So we never got the notifyFinished() signal.

        The world leaks here because ImageLoader slaps a ref on its <img> element
        while it waits for the loading operation to complete. Once finished, whether
        successfully or with an error, it derefs the <img>.

        Since we never fired notifyFinished(), we ended up with an extra ref on
        these <img> forever, and then the element kept its document alive too.

        Test: fast/dom/ImageDocument-world-leak.html

        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):

2016-03-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] scrollbar thumb clipped in 2.11.92
        https://bugs.webkit.org/show_bug.cgi?id=155586

        Reviewed by Michael Catanzaro.

        In the current version of Adwaita, the scrollbar itself also has a
        one pixel border that we are not taking into account.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::paintThumb): Use the scrollbar size
        in indicator mode, instead of only the thumb size, to correctly
        position the thumb in indicator mode.

2016-03-17  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r195661): [GTK] very slow scrolling
        https://bugs.webkit.org/show_bug.cgi?id=155334

        Reviewed by Michael Catanzaro.

        We need to also restore the PerAxisData visible length when it's
        reset because of a non animated scroll. To prevent making the same
        mistake in the future, the current position and visible lengths
        members are now required to construct PerAxisData. This also
        simplifies the code and ensures that when the ScrollAnimatorSmooth
        is created, it's updated to the current position.

        * platform/ScrollAnimationSmooth.cpp:
        (WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
        Initialize PerAxisData members.
        (WebCore::ScrollAnimationSmooth::setCurrentPosition): Pass the
        current position and visible length as parameters to the
        PerAxisData constructor.
        (WebCore::ScrollAnimationSmooth::animateScroll): Ditto.
        * platform/ScrollAnimationSmooth.h: Add a PerAxisData constructor
        that receives current position and visible length and disallow to
        use the default constructor.
        * platform/ScrollAnimatorSmooth.cpp:
        (WebCore::ScrollAnimatorSmooth::ScrollAnimatorSmooth): Pass the
        current position to the ScrollAnimationSmooth constructor.
        * platform/gtk/ScrollAnimatorGtk.cpp:
        (WebCore::ScrollAnimatorGtk::ensureSmoothScrollingAnimation): Ditto.

2016-03-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r198201.
        https://bugs.webkit.org/show_bug.cgi?id=155585

        That was not the proper solution (Requested by KaL on
        #webkit).

        Reverted changeset:

        "REGRESSION (r197724): [GTK] Web Inspector: Images being
        blocked by CSP 2.0"
        https://bugs.webkit.org/show_bug.cgi?id=155432
        http://trac.webkit.org/changeset/198201

2016-03-14  Tomas Popela  <tpopela@redhat.com>

        Enable GSS-Negotiate support in libsoup
        https://bugs.webkit.org/show_bug.cgi?id=155354

        Reviewed by Carlos Garcia Campos.

        Enable the SOUP_TYPE_AUTH_NEGOTIATE feature if libsoup was compiled
        with the GSS-Negotiate support.

        * platform/network/soup/SoupNetworkSession.cpp:
        (WebCore::SoupNetworkSession::SoupNetworkSession):

2016-03-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r195661): [GTK] very slow scrolling
        https://bugs.webkit.org/show_bug.cgi?id=155334

        Reviewed by Sergio Villar Senin.

        Fix smooth scrolling behaviour change after r195661.

        * platform/ScrollAnimationSmooth.cpp:
        (WebCore::getAnimationParametersForGranularity): Fix a typo,
        animationTime for pixel granularity should be 11 * tickTime.
        (WebCore::ScrollAnimationSmooth::animateScroll): Previous code
        reset all the data except the visibleLenght, so keep it in the
        PerAxisData after the reset.

2016-03-16  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196803.
        https://bugs.webkit.org/show_bug.cgi?id=155534

        Introduced several rendering issues in popular websites
        (Requested by KaL on #webkit).

        Reverted changeset:

        "[GTK] Limit the number of tiles according to the visible
        area"
        https://bugs.webkit.org/show_bug.cgi?id=126122
        http://trac.webkit.org/changeset/196803

2016-03-15  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
        https://bugs.webkit.org/show_bug.cgi?id=155432

        Reviewed by Darin Adler.

        The GTK+ port Web Inspector uses GResources for all internal
        resources (images, fonts, scripts, etc.) that are now blocked by
        the CSP. GResouces are like data URLs in practice, so we should
        always allow them.

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):

2016-03-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Fix rendering of slider input elements
        https://bugs.webkit.org/show_bug.cgi?id=155296

        Reviewed by Michael Catanzaro.

        Use the new gadgets for newer GTK+ and improve a bit the rendering
        for previous versions to better match GTK+.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::createStyleContext): Add ScaleContents and
        ScaleHighlight parts that are only used with GTK+ 3.19.
        (WebCore::RenderThemeGtk::paintSliderTrack): Use a smaller trough,
        centered in the given rectangle to better match GTK+. Also render
        the hightlight gadget with GTK+ 3.19.
        (WebCore::RenderThemeGtk::paintSliderThumb): Also create the style
        context for contents gadget.
        (WebCore::RenderThemeGtk::adjustSliderThumbSize): Take into
        account the slider border when calculating the slider thumb size.

2016-03-10  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Scrollbars are broken once again with current GTK+ master
        https://bugs.webkit.org/show_bug.cgi?id=155292

        Reviewed by Michael Catanzaro.

        Most of the trough theming properties have been moved to the
        scrollbar, and a new gadget "contents" has been added between the
        scrollbar and its children.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Add
        left/bottom style classes to ensure the scrollbars border is taken
        into account and rendered.
        (WebCore::ScrollbarThemeGtk::paintTrackBackground): Also create
        style context for contents gadget.
        (WebCore::ScrollbarThemeGtk::paintThumb): Ditto.
        (WebCore::ScrollbarThemeGtk::paintButton): Ditto.
        (WebCore::ScrollbarThemeGtk::scrollbarThickness): Take the
        scrollbar border into account.
        (WebCore::ScrollbarThemeGtk::buttonSize): Also create style
        context for contents gadget.
        (WebCore::ScrollbarThemeGtk::getStepperSpacing): Ditto.
        (WebCore::ScrollbarThemeGtk::minimumThumbLength): Ditto.
        (WebCore::ScrollbarThemeGtk::thumbFatness): Ditto.
        (WebCore::ScrollbarThemeGtk::getTroughBorder): Take the scrollbar
        border into account.

2016-03-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Font size computed style is innaccurate
        https://bugs.webkit.org/show_bug.cgi?id=154705
        <rdar://problem/23474068>

        Reviewed by Timothy Hatcher.

        Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
        nor Chrome do this.

        Covered by existing tests.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
        (WebCore::fontSizeFromStyle):

2016-03-08  Antonio Gomes  <tonikitoo@webkit.org>

        Scrolling does not work when the mouse down is handled by a node
        https://bugs.webkit.org/show_bug.cgi?id=19033

        Reviewed by Simon Fraser.

        Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

        When a mouse press/down event happens on a scrollbar area, but event
        is default prevented in the document level**, for example, event does not get
        properly passed to scrollbars, although it should.

        Problem started long ago with r17770, and was improved with r19596.
        However, years later, the way Scrollbar* is obtained is still currently different
        weither event is default prevented or not.

        Patch uniforms the logic for both cases, and fixes the bug.

        Note: code before used to look like

        if (swallowEvent) {
            <code>
        } else {
            <bleh>
            <foo>
        }

        .. and now looks like

        if (!swallowEvent)
            <bleh>

        <code>

        if (!swallowEvent)
            <foo>

        ** e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

        * page/EventHandler.cpp:
        (WebCore::scrollbarForMouseEvent):
        (WebCore::EventHandler::handleMousePressEvent):

2016-03-07  Daniel Bates  <dabates@apple.com>

        CSP: Source '*' should not match URLs with schemes blob, data, or filesystem
        https://bugs.webkit.org/show_bug.cgi?id=154122
        <rdar://problem/24613336>

        Reviewed by Brent Fulgham.

        Restrict matching of source expression * to HTTP or HTTPS URLs for all directives except
        img-src and media-src. This policy is more restrictive than the policy described in section
        Matching Source Expressions of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721>,
        which restricts matching * to schemes that are not blob, data, or filesystem.

        For directive img-src we restrict matching of * to HTTP, HTTPS, and data URLs. For directive
        media-src we restrict matching of * to HTTP, HTTPS, data URLs and blob URLs. We use a
        more lenient interpretation of * for directives img-src and media-src than required by
        the spec. to mitigate web compatibility issues.

        Tests: fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
               fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html
               fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html
               fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html
               fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html
               fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html
               http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html
               http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html
               http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html
               http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html
               http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html
               http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html
               http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html
               media/video-with-blob-url-allowed-by-csp-media-src-star.html
               media/video-with-data-url-allowed-by-csp-media-src-star.html
               media/video-with-file-url-blocked-by-csp-media-src-star.html

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Added.
        (WebCore::ContentSecurityPolicySourceList::matches): Modified to only match * if ContentSecurityPolicySourceList::isProtocolAllowedByStar().
        evaluates to true.
        * page/csp/ContentSecurityPolicySourceList.h:

2016-03-07  Daniel Bates  <dabates@apple.com>

        Cleanup: Add convenience function URL::procotolIsBlob()
        https://bugs.webkit.org/show_bug.cgi?id=155127
        <rdar://problem/25016829>

        Reviewed by Brent Fulgham.

        Similar to the class member function URL::protocolIsData(), add a class member function to
        class URL to determine if a URL is a blob URL.

        No functionality was changed. So, no new tests.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::shouldUseInnerURL): Modified to use URL::protocolIsBlob().
        (WebCore::getCachedOrigin): Ditto.
        * platform/URL.h:
        (WebCore::URL::protocolIsBlob): Added.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStart): Modified to use URL::protocolIsBlob().
        (urlHasSupportedProtocol): Ditto.
        * workers/Worker.cpp:
        (WebCore::Worker::didReceiveResponse): Ditto.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Ditto.

2016-03-07  Zalan Bujtas  <zalan@apple.com>

        Crash in WebCore::RenderElement::containingBlockForObjectInFlow
        https://bugs.webkit.org/show_bug.cgi?id=155109

        Reviewed by Simon Fraser.

        It's unsafe to call containingBlock() on RenderView.

        Unable to reproduce.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::styleWillChange):
        (WebCore::RenderBlock::isSelfCollapsingBlock):
        (WebCore::RenderBlock::selectionGaps):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::borderBoxRectInRegion):
        (WebCore::RenderBox::computePercentageLogicalHeight):
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing):
        (WebCore::logicalWidthIsResolvable):
        (WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
        (WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
        (WebCore::RenderLayer::updatePagination):
        (WebCore::inContainingBlockChain):
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::isValidColumnSpanner):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):
        * rendering/RenderObject.cpp:
        (WebCore::hasFixedPosInNamedFlowContainingBlock):
        * rendering/RenderReplaced.cpp:
        (WebCore::firstContainingBlockWithLogicalWidth):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::subtreeSelectionBounds):
        (WebCore::RenderView::repaintSubtreeSelection):
        (WebCore::RenderView::clearSubtreeSelection):
        (WebCore::RenderView::applySubtreeSelection):

2016-03-07  Daniel Bates  <dabates@apple.com>

        CSP: object-src directive should prohibit creation of nested browsing context
        https://bugs.webkit.org/show_bug.cgi?id=153153
        <rdar://problem/24383209>

        Reviewed by Brent Fulgham.

        Enforce the Content Security Policy object-src directive when fetching a URL for content
        that will cause an HTML object or HTML embed element to act as a nested browsing context
        (i.e. behave as if the content was loaded in an HTML iframe element). This makes our
        enforcement of the object-src directive match the behavior of the object-src directive
        in the Content Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Tests: http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html
               http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html
               http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html
               http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html

        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Extracted from SubframeLoader::pluginIsLoadable().
        Checks if the plugin element is allowed by the Content Security Policy to load the URL and MIME type.
        (WebCore::SubframeLoader::pluginIsLoadable): Extract out the logic for determining if
        the plugin content is allowed to load by the Content Security Policy into SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
        and make use of this function.
        (WebCore::SubframeLoader::requestObject): Modified to call SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
        before loading plugin content into a sub frame. If the plugin content is not allowed to load then we
        mark the plugin as unavailable with the reason being that it was blocked by the Content Security Policy.
        * loader/SubframeLoader.h:

2016-03-07  Andreas Kling  <akling@apple.com>

        Make RenderStyle copy-on-write a bit less.
        <https://webkit.org/b/155106>

        Reviewed by Antti Koivisto.

        Add a cheesy SET_NESTED_VAR macro complement to SET_VAR so we can avoid copy-on-write
        detachment of nested RenderStyle substructures when the leaf value doesn't change.

        I spotted about 300kB of these mistakes being made during PLT on iOS, most of them
        in the transformX setter.

        * rendering/style/RenderStyle.h:

2016-03-07  Miguel Gomez  <magomez@igalia.com>

        [TextureMapper] [BitmapTexturePool] Use appropriate list size when freeing textures
        https://bugs.webkit.org/show_bug.cgi?id=155105

        Reviewed by Žan Doberšek.

        Use appropriate list size when releasing the textures used as attachment.
        This is a fix for the patch to https://bugs.webkit.org/show_bug.cgi?id=154965.

        No new tests because no new functionality was added.

        * platform/graphics/texmap/BitmapTexturePool.cpp:
        (WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

2016-03-06  Benjamin Poulain  <bpoulain@apple.com>

        [JSC] Improve codegen of Compare and Test
        https://bugs.webkit.org/show_bug.cgi?id=155055

        Reviewed by Filip Pizlo.

        * cssjit/FunctionCall.h:
        (WebCore::FunctionCall::callAndBranchOnCondition):

2016-03-04  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Scrollbars are broken again with GTK+ >= 3.19.11
        https://bugs.webkit.org/show_bug.cgi?id=154890

        Reviewed by Michael Catanzaro.

        Scrollbar style properties have been deprecated in GTK+, and it
        seems that now deprecating means keeping the properties but
        ignoring them. So, this reworks the whole scrollbars theme code
        again to not cache style properties anymore, but retrieve them
        from the GtkStyleContext. Previous GTK+ versions still need to
        query the style properties, so I've added helper functions to get
        all the style properties with the ifdefs, trying to keep the
        common render code free of GTK+ versions ifdefs.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::backButtonRect):
        (WebCore::ScrollbarThemeGtk::forwardButtonRect):
        (WebCore::ScrollbarThemeGtk::trackRect):
        (WebCore::ScrollbarThemeGtk::thumbRect):
        (WebCore::ScrollbarThemeGtk::paintTrackBackground):
        (WebCore::ScrollbarThemeGtk::paintThumb):
        (WebCore::ScrollbarThemeGtk::paint):
        (WebCore::ScrollbarThemeGtk::scrollbarThickness):
        (WebCore::ScrollbarThemeGtk::buttonSize):
        (WebCore::ScrollbarThemeGtk::stepperSize):
        (WebCore::ScrollbarThemeGtk::getStepperSpacing):
        (WebCore::ScrollbarThemeGtk::troughUnderSteppers):
        (WebCore::ScrollbarThemeGtk::minimumThumbLength):
        (WebCore::ScrollbarThemeGtk::thumbFatness):
        (WebCore::ScrollbarThemeGtk::getTroughBorder):
        (WebCore::ScrollbarThemeGtk::getOrCreateStyleContext):
        (WebCore::ScrollbarThemeGtk::updateThemeProperties):
        (WebCore::ScrollbarThemeGtk::handleMousePressEvent):
        * platform/gtk/ScrollbarThemeGtk.h:

2016-03-04  Brady Eidson  <beidson@apple.com>

        Remove use of deprecated sqlite3_expired
        https://bugs.webkit.org/show_bug.cgi?id=155025

        Reviewed by Tim Horton.

        Since we exclusively use sqlite3_prepare_v2 and don't use sqlite3_prepare,
        manually checking for expired statements is not necessary.

        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::isExpired): Null check the statement, but don't bother
          with sqlite3_expired.

2016-03-04  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Crash during font loading when injected bundle cancels load
        https://bugs.webkit.org/show_bug.cgi?id=155001

        Reviewed by Tim Horton.

        If a injected bundle cancels the load, the fontLoaded() callback will be
        called twice. We can simply detect this condition.

        Test: CancelLoading.CancelFontSubresource API test

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::fontLoaded):

2016-03-04  Andreas Kling  <akling@apple.com>

        Drop DocumentSharedObjectPool immediately when going into PageCache.
        <https://webkit.org/b/154986>

        Reviewed by Antti Koivisto.

        The DocumentSharedObjectPool is a weirdly efficient little optimization
        that deduplicates ElementData during the first 10s of a Document's lifetime.
        While it's up, every ElementData created will persist so it can be used for
        deduplication.

        If a Document goes into the PageCache while its shared object pool is still
        alive, we can just kill it right away. This will sometimes allow us to free
        a bunch of ElementData sooner.

        * dom/Document.cpp:
        (WebCore::Document::Document):
        (WebCore::Document::setInPageCache):
        (WebCore::Document::clearSharedObjectPool):
        (WebCore::Document::sharedObjectPoolClearTimerFired): Deleted.
        * dom/Document.h:

2016-03-03  Miguel Gomez  <magomez@igalia.com>

        [TextureMapper] Use RGBA format for textures attached to framebuffers
        https://bugs.webkit.org/show_bug.cgi?id=154965

        Reviewed by Žan Doberšek.

        Use RGBA format when allocating textures that will be used as framebuffer
        attachments. This means adding a new flag to BitmapTexture and modifying
        BitmapTextureGL to use the appropriate format according to the flag. Also,
        BitmapTexturePool needs to use two vectors to handle both types of textures
        separately, as we want to avoid constantly switching the format of a reused
        texture.

        No new tests since the behavior change is covered by existing tests.

        * platform/graphics/texmap/BitmapTexture.h: Add new flag.
        * platform/graphics/texmap/BitmapTextureGL.cpp:
        (WebCore::BitmapTextureGL::BitmapTextureGL): Receive flags on constructor and use RGBA
        when the FBOAttachment flag is enabled.
        (WebCore::BitmapTextureGL::applyFilters): Use FBOAttachemt flag to request a texture.
        * platform/graphics/texmap/BitmapTextureGL.h: Add flags to the constructor.
        * platform/graphics/texmap/BitmapTexturePool.cpp: Add a new vector of textures to hold
        those in RGBA format.
        (WebCore::BitmapTexturePool::acquireTexture): Return a texture for the usage specified
        in the incoming flags.
        (WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired): Release textures from
        both vectors.
        (WebCore::BitmapTexturePool::createTexture): Pass the usage flag when creating a new
        texture.
        * platform/graphics/texmap/BitmapTexturePool.h: Add new texture vector and add flags to
        the needed headers.
        * platform/graphics/texmap/TextureMapper.cpp:
        (WebCore::TextureMapper::acquireTextureFromPool): Pass the received flags to the BitmapTexturePool.
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::paintIntoSurface): Use FBOAttachemt flag to request a texture.

2016-03-02  Zalan Bujtas  <zalan@apple.com>

        Paint table borders on empty cells even in quirks mode.
        https://bugs.webkit.org/show_bug.cgi?id=154928

        Reviewed by David Hyatt.

        Enable border painting for empty cells unless 'empty-cells: hide' is set. 
        This is inline with FF and Chrome behaviour.

        Test: fast/table/border-on-empty-table-cells-quirks-mode.html

        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::paintBoxDecorations):

2016-03-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: Close UniqueIDBDatabases once they become unused.
        https://bugs.webkit.org/show_bug.cgi?id=154922

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/256-open-databases.html
               storage/indexeddb/modern/exceed-open-file-limit.html

        Without this change, attempts to open a 256th database in the DatabaseProcess will fail on Mac.
        
        Due to SQLite journal files, this limit could come up as early as 128 databases if they are all
        in active use.
        
        This is because launchd - by default - limits xpc services to having 256 open file handles by default.
        
        While we should explore raising the limit, we should also close databases we no longer need.
        
        * Modules/indexeddb/server/IDBBackingStore.h:

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase):
        (WebCore::IDBServer::IDBServer::deleteUniqueIDBDatabase): Deleted.
        * Modules/indexeddb/server/IDBServer.h:

        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::MemoryBackingStoreTransaction):

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::getOrEstablishDatabaseInfo):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): Handle the case where opening
          the backing store failed by firing an error event instead of pretending everything is okay.
        (WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::isCurrentlyInUse):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired): If the database is not
          currently in use, close it.
        (WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        (WebCore::IDBServer::UniqueIDBDatabase::deletePending): Deleted.

        * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
        (WebCore::IDBObjectStoreInfo::isolatedCopy): Actually get this right.

2016-03-02  Zalan Bujtas  <zalan@apple.com>

        Use IndentTextOrNot instead of passing isFirstLine/shouldIndentText as bool.
        https://bugs.webkit.org/show_bug.cgi?id=154628

        Reviewed by Simon Fraser.

        No change in behaviour.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeStartPositionDeltaForChildAvoidingFloats):
        (WebCore::RenderBlock::logicalLeftSelectionOffset):
        (WebCore::RenderBlock::logicalRightSelectionOffset):
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::availableLogicalWidthForLineInRegion):
        (WebCore::RenderBlock::logicalRightOffsetForLineInRegion):
        (WebCore::RenderBlock::logicalLeftOffsetForLineInRegion):
        (WebCore::RenderBlock::startOffsetForLineInRegion):
        (WebCore::RenderBlock::endOffsetForLineInRegion):
        (WebCore::RenderBlock::availableLogicalWidthForLine):
        (WebCore::RenderBlock::logicalRightOffsetForLine):
        (WebCore::RenderBlock::logicalLeftOffsetForLine):
        (WebCore::RenderBlock::startOffsetForLine):
        (WebCore::RenderBlock::endOffsetForLine):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::getClearDelta):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::updateLogicalInlinePositions):
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
        (WebCore::RenderBlockFlow::checkLinesForTextOverflow):
        (WebCore::RenderBlockFlow::startAlignedOffsetForLine):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::shrinkLogicalWidthToAvoidFloats):
        (WebCore::RenderBox::containingBlockAvailableLineWidthInRegion):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::positionListMarker):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::selectionTop):
        (WebCore::RootInlineBox::selectionBottom):
        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        (WebCore::SimpleLineLayout::updateLineConstrains):
        * rendering/line/LineBreaker.cpp:
        (WebCore::LineBreaker::skipLeadingWhitespace):
        * rendering/line/LineWidth.cpp:
        (WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded):
        (WebCore::availableWidthAtOffset):
        * rendering/line/LineWidth.h:
        (WebCore::LineWidth::shouldIndentText):

2016-03-01  Gavin Barraclough  <barraclough@apple.com>

        Timer alignment in separate web processes should not all sync up to the same point.
        https://bugs.webkit.org/show_bug.cgi?id=154878

        Reviewed by Chris Dumez.

        For any given WebContent process it is desirable that timers are synchronized to a single
        alignment point, but if all WebContent processes align to the same point then there may
        be a thundering herd of processes waking up.

        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::alignedFireTime):
            - align to a randomized point.

2016-03-01  Andreas Kling  <akling@apple.com>

        REGRESSION (r154616): Accelerated drawing is off during the initial load
        <https://webkit.org/b/123812>

        Reviewed by Tim Horton.

        Robustify the hey-the-Settings-changed callbacks in Page to handle document-less frames.
        This is needed because now Settings are changed even before the main Frame has a Document.

        * page/Page.cpp:
        (WebCore::networkStateChanged):
        (WebCore::Page::updateStyleForAllPagesAfterGlobalChangeInEnvironment):
        (WebCore::Page::takeAnyMediaCanStartListener):
        (WebCore::Page::setMediaVolume):
        (WebCore::Page::setPageScaleFactor):
        (WebCore::Page::invalidateStylesForAllLinks):
        (WebCore::Page::invalidateStylesForLink):
        (WebCore::Page::dnsPrefetchingStateChanged):
        (WebCore::Page::storageBlockingStateChanged):
        (WebCore::Page::setMuted):
        (WebCore::Page::captionPreferencesChanged):
        (WebCore::Page::setSessionID):
        (WebCore::Page::setPlaybackTarget):
        (WebCore::Page::playbackTargetAvailabilityDidChange):
        (WebCore::Page::setShouldPlayToPlaybackTarget):
        * page/Settings.cpp:
        (WebCore::setImageLoadingSettings):

2016-03-01  Brady Eidson  <beidson@apple.com>

        Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
        https://bugs.webkit.org/show_bug.cgi?id=154860

        Reviewed by Alex Christensen.

        Covered by existing tests.

        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
        (WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
        (WebCore::IDBDatabaseInfo::isolatedCopy):
        * Modules/indexeddb/shared/IDBDatabaseInfo.h:

        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy,  that
          copy needs to be isolated.

2016-02-29  Zan Dobersek  <zdobersek@igalia.com>

        TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
        https://bugs.webkit.org/show_bug.cgi?id=154791

        Reviewed by Carlos Garcia Campos.

        In both functions, the passed-in model-view matrix is first copied, multiplied
        against a rect-to-rect TransformationMatrix, and then assigned into a local
        TransformationMatrix variable, which causes another copy due to the multiply()
        function returning a reference to the modified object.

        To avoid the last copy, first copy the model-view matrix into a local variable,
        and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::draw):
        (WebCore::TextureMapperGL::beginClip):

2016-02-29  Zan Dobersek  <zdobersek@igalia.com>

        ImageBufferCairo should support OpenGL ES 2 configurations
        https://bugs.webkit.org/show_bug.cgi?id=154790

        Reviewed by Carlos Garcia Campos.

        When building with OpenGL ES 2 and with accelerated 2D canvas support,
        the GLES2 header should be included instead of the OpenGLShims.h header.

        The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
        GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
        GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::createCairoGLSurface):

2016-02-29  Zan Dobersek  <zdobersek@igalia.com>

        TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
        https://bugs.webkit.org/show_bug.cgi?id=154789

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
        a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
        the passed-in PaintFlags argument. If present, the default Y-axis mode should be
        used, and the inverted Y-axis otherwise.

2016-02-28  Tim Horton  <timothy_horton@apple.com>

        Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
        https://bugs.webkit.org/show_bug.cgi?id=154785

        Reviewed by Antti Koivisto.

        Test: fast/css/variables/avoid-matched-property-cache.html

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::MatchResult::addMatchedProperties):
        Disable the matched property cache when a value is variable-dependent, because
        they can resolve to inherited values, and the matched property cache could
        end up copying the wrong value from another similarly-styled element.

2016-02-28  Konstantin Tokarev  <annulen@yandex.ru>

        SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
        https://bugs.webkit.org/show_bug.cgi?id=154794

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
        qualifiers.

2016-02-27  Chris Dumez  <cdumez@apple.com>

        Prevent cross-origin access to Location.assign() / Location.reload()
        https://bugs.webkit.org/show_bug.cgi?id=154779

        Reviewed by Darin Adler.

        Prevent cross-origin access to Location.assign() / Location.reload()
        to match the latest specification:
        - https://html.spec.whatwg.org/multipage/browsers.html#crossoriginproperties-(-o-)

        Firefox and Chrome already prevent this but WebKit allowed it.

        No new tests, already covered by existing tests.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        (WebCore::JSLocation::putDelegate): Deleted.

2016-02-26  Carlos Garcia Campos  <cgarcia@igalia.com>

        Network cache: old pages returned by disk cache on history navigation after session is restored
        https://bugs.webkit.org/show_bug.cgi?id=153230

        Reviewed by Chris Dumez.

        Add a flag to HistoryItem to mark them as restored from session
        and use it from the FrameLoader to not change the policy request
        when navigating to a history item that was restored from session,
        except for iOS port.

        * history/HistoryItem.h:
        (WebCore::HistoryItem::setWasRestoredFromSession):
        (WebCore::HistoryItem::wasRestoredFromSession):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadDifferentDocumentItem):

2016-02-26  Said Abou-Hallawa  <sabouhallawa@apple.com>

        <g> wrapping <symbol> causes display of hidden <symbol>
        https://bugs.webkit.org/show_bug.cgi?id=154576

        Reviewed by Darin Adler.
        
        The SVGSymbolElement is allowed in the shadow tree of an SVGUseElement
        only if it subtree root element. Any descendant SVGSymbolElement should
        be removed from the subtree because it is a hidden container. If the cloned
        subtree includes an SVGUseElement which references an SVGSymbolElement,
        the same rule will be applied to the descendant SVGUseElement. The goal
        is to remove all the descendant SVGSymbolElements from the cloned target
        because these SVGSymbolElements will be expanded to SVGSVGElements and
        hence become visible.

        * svg/SVGUseElement.cpp:
        (WebCore::disassociateAndRemoveClones): A helper function which removes
        cloned SVGElements and their subtrees from their parents and disassociate
        them from their originals.
        
        (WebCore::removeDisallowedElementsFromSubtree): Use disassociateAndRemoveClones().
        
        (WebCore::removeSymbolElementsFromSubtree): Removes all the descendant
        SVGSymbolElements from the cloned subtree. It does not remove the root
        element itself if it is an SVGSymbolElement because this one will be
        expanded to an SVGSVGElement which is exactly what we need.
        
        (WebCore::SVGUseElement::cloneTarget): Call removeSymbolElementsFromSubtree()
        to remove the descendant SVGSymbolElements from the cloned subtree before
        appending it to the container shadow root.

2016-02-25  Daniel Bates  <dabates@apple.com>

        CSP: Remove SecurityPolicy script interface
        https://bugs.webkit.org/show_bug.cgi?id=154694
        <rdar://problem/24846482>

        Reviewed by Andy Estes.

        Remove the Content Security Policy script interface, SecurityPolicy. This interface was only
        enabled when building with ENABLE(CSP_NEXT) (disabled by default).

        For completeness, the SecurityPolicy interface was removed from the Content Security Policy 1.1 spec.
        in <https://github.com/w3c/webappsec/commit/18882953ce2d8afca25f685557fef0e0471b2c9a> (12/26/2013).

        * CMakeLists.txt: Remove files to DOMSecurityPolicy.{cpp, idl}.
        * DerivedSources.cpp: Remove file JSDOMSecurityPolicy.cpp.
        * DerivedSources.make: Remove file DOMSecurityPolicy.idl.
        * PlatformGTK.cmake: Ditto.
        * PlatformMac.cmake: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Remove files DOMSecurityPolicy files.
        * bindings/scripts/CodeGeneratorGObject.pm: Remove reference to DOMSecurityPolicy.
        * dom/Document.cpp:
        (WebCore::Document::securityPolicy): Deleted.
        * dom/Document.h:
        * dom/Document.idl: Remove attribute securityPolicy.
        * page/DOMSecurityPolicy.cpp: Removed.
        * page/DOMSecurityPolicy.h: Removed.
        * page/DOMSecurityPolicy.idl: Removed.

2016-02-25  Andreas Kling  <akling@apple.com>

        Don't clear the weak JSString cache on memory pressure.
        <https://webkit.org/b/154693>

        Reviewed by Antti Koivisto.

        This was stupid. The cache is a WeakGCMap, so all the JSStrings pointed to are
        still alive anyway. This way we keep the ability to deduplicate common strings.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseNoncriticalMemory): Deleted.

2016-02-25  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION (r196268): Many assertion failures and crashes on SVG path animation tests when JS garbage collection happens quickly
        https://bugs.webkit.org/show_bug.cgi?id=154331

        Reviewed by Darin Adler.

        This is not an actual regression. The bug did exist before r196268 but
        the whole document was leaking once an SVGAnimatedProperty was created
        so there was no way to produce this bug. After fixing the leak, one crash
        and one assert got uncovered. Both of them happen because of the fact:
        "if an SVGAnimatedProperty is not referenced it will be deleted."

        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::lookupOrCreateDWrapper):
        The code in this function was assuming that the wrapper will be created
        only once which happens when SVGAnimatedProperty::lookupOrCreateWrapper()
        is called. Before making this single call, lookupOrCreateDWrapper() was
        building an initial SVGPathSegList from byte stream. But now
        SVGAnimatedProperty::lookupWrapper() can return false even after creating
        the SVGAnimatedProperty because it was deleted later. Calling
        buildSVGPathSegListFromByteStream() more than once was causing
        SVGAnimatedListPropertyTearOff::animationStarted() to fire the assertion
        ASSERT(m_values.size() == m_wrappers.size()) because the path segments were
        appended twice to m_values which is in fact SVGPathElement::m_pathSegList.value.
        The fix is to build the initial SVGPathSegList only once which should happen
        when m_pathSegList.value.isEmpty().
        
        (WebCore::SVGPathElement::animatedPropertyWillBeDeleted):
        * svg/SVGPathElement.h:
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::~SVGAnimatedPathSegListPropertyTearOff):
        SVGPathElement is assuming the following equivalence relation:
        m_pathSegList.shouldSynchronize ~ SVGAnimatedProperty_is_created_and_not_null.
        SVGPathElement::animatedPathSegList() and animatedNormalizedPathSegList()
        set m_pathSegList.shouldSynchronize to true when SVGAnimatedProperty is
        created but nothing sets m_pathSegList.shouldSynchronize back to false.
        This was not a problem when the SVGAnimatedProperty was leaking but after
        ensuring it is deleted when it is not referenced this equivalence relation
        becomes untrue sometimes. This caused SVGPathElement::svgAttributeChanged()
        to crash when we check m_pathSegList.shouldSynchronize and if it is true we
        assume that SVGAnimatedProperty::lookupWrapper() will return a non-null pointer
        and therefore we deference this pointer and call SVGAnimatedProperty::isAnimating().
        To fix this crash we need to set m_pathSegList.shouldSynchronize back to false
        when the associated SVGAnimatedProperty is deleted.

2016-02-28  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce uses of PassRefPtr in indexeddb
        https://bugs.webkit.org/show_bug.cgi?id=154273

        Reviewed by Darin Adler.

        No new tests, no behavior changes.

        * Modules/indexeddb/IDBDatabaseError.h:
        (WebCore::IDBDatabaseError::create):
        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::maybeCreateIDBKey):
        * Modules/indexeddb/IDBKeyData.h:
        * Modules/indexeddb/IDBKeyRange.cpp:
        (WebCore::IDBKeyRange::create):
        (WebCore::IDBKeyRange::IDBKeyRange):
        (WebCore::IDBKeyRange::only):
        (WebCore::IDBKeyRange::lowerBound):
        (WebCore::IDBKeyRange::upperBound):
        (WebCore::IDBKeyRange::bound):
        * Modules/indexeddb/IDBKeyRange.h:
        (WebCore::IDBKeyRange::create):
        (WebCore::IDBKeyRange::lower):
        (WebCore::IDBKeyRange::upper):
        (WebCore::IDBKeyRange::lowerBound):
        (WebCore::IDBKeyRange::upperBound):
        (WebCore::IDBKeyRange::bound):
        * Modules/indexeddb/IDBKeyRangeData.cpp:
        (WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):
        * Modules/indexeddb/IDBKeyRangeData.h:
        * Modules/indexeddb/IDBServerConnection.h:
        * Modules/indexeddb/legacy/IDBCallbacks.h:
        * Modules/indexeddb/legacy/IDBCursorBackend.cpp:
        (WebCore::IDBCursorBackend::continueFunction):
        * Modules/indexeddb/legacy/IDBCursorBackend.h:
        * Modules/indexeddb/legacy/IDBCursorBackendOperations.h:
        (WebCore::CursorIterationOperation::create):
        (WebCore::CursorIterationOperation::CursorIterationOperation):
        * Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:
        (WebCore::GetOperation::perform):
        (WebCore::PutOperation::perform):
        * Modules/indexeddb/legacy/LegacyCursor.cpp:
        (WebCore::LegacyCursor::continueFunction):
        * Modules/indexeddb/legacy/LegacyCursor.h:
        * Modules/indexeddb/legacy/LegacyFactory.h:
        (WebCore::LegacyFactory::create):
        * Modules/indexeddb/legacy/LegacyRequest.cpp:
        (WebCore::LegacyRequest::onSuccess):
        * Modules/indexeddb/legacy/LegacyRequest.h:
        * inspector/InspectorIndexedDBAgent.cpp:

2016-02-26  Brady Eidson  <beidson@apple.com>

        Modern IDB: New database versions are never committed to SQLite.
        <rdar://problem/24860952> and https://bugs.webkit.org/show_bug.cgi?id=154741
        
        Modern IDB: If a database handle is not open, files are not actually deleted from disk
        https://bugs.webkit.org/show_bug.cgi?id=154756

        Reviewed by Alex Christensen.

        Tested by API test "IndexedDBPersistence"

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::deleteDatabase): If there's not an open handle to the database, create one.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction): If a version change transaction, actually
          set the new version on disk.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore): If there is no open backing store, create one.
          This is necessary to both read the current database version, and to actually delete the file on disk.
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): If necessary, manufacture a "most recently
          deleted database info" from the version returned by deleteBackingStore.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-02-26  Brady Eidson  <beidson@apple.com>

        Modern IDB: Using existing database info from SQLite backing store is busted.
        <rdar://problem/24848143> and https://bugs.webkit.org/show_bug.cgi?id=154735

        Reviewed by Alex Christensen.

        No new tests.
        
        Reproducing the bug requires having a known database on disk *before* launching the DatabaseProcess to
        read in the existing IDBDatabaseInfo.
        
        Our automated infrastructure currently has no way of testing this.

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::openDatabase):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo): Do the optional migrate on
          the IndexRecords table here; *every* time we open a SQLite backing store.
        (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo): Deleted.
        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
        (WebCore::IDBDatabaseInfo::isolatedCopy): Copy the entire object, not just name/version.

2016-02-25  Brady Eidson  <beidson@apple.com>

        Remove LegacyIDB.
        https://bugs.webkit.org/show_bug.cgi?id=150854

        Reviewed by Alex Christensen.

        No new tests (No change in behavior).

        * CMakeLists.txt:
        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        (WebCore::DOMWindowIndexedDatabase::indexedDB):
        * Modules/indexeddb/IDBDatabaseMetadata.cpp: Removed.
        * Modules/indexeddb/IDBDatabaseMetadata.h: Removed.
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/IDBIndex.h:
        * Modules/indexeddb/IDBIndexMetadata.h: Removed.
        * Modules/indexeddb/IDBObjectStoreMetadata.h: Removed.
        * Modules/indexeddb/IDBOperation.h: Removed.
        * Modules/indexeddb/IDBServerConnection.h: Removed.
        * Modules/indexeddb/IDBTransaction.h:
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:
        (WebCore::WorkerGlobalScopeIndexedDatabase::indexedDB):
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:
        * Modules/indexeddb/legacy/IDBCallbacks.h: Removed.
        * Modules/indexeddb/legacy/IDBCursorBackend.cpp: Removed.
        * Modules/indexeddb/legacy/IDBCursorBackend.h: Removed.
        * Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Removed.
        * Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Removed.
        * Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Removed.
        * Modules/indexeddb/legacy/IDBDatabaseBackend.h: Removed.
        * Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Removed.
        * Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Removed.
        * Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Removed.
        * Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Removed.
        * Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Removed.
        * Modules/indexeddb/legacy/IDBPendingOpenCall.h: Removed.
        * Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Removed.
        * Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Removed.
        * Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Removed.
        * Modules/indexeddb/legacy/IDBTransactionBackend.h: Removed.
        * Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Removed.
        * Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Removed.
        * Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Removed.
        * Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Removed.
        * Modules/indexeddb/legacy/LegacyAny.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyAny.h: Removed.
        * Modules/indexeddb/legacy/LegacyCursor.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyCursor.h: Removed.
        * Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyCursorWithValue.h: Removed.
        * Modules/indexeddb/legacy/LegacyDatabase.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyDatabase.h: Removed.
        * Modules/indexeddb/legacy/LegacyFactory.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyFactory.h: Removed.
        * Modules/indexeddb/legacy/LegacyIndex.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyIndex.h: Removed.
        * Modules/indexeddb/legacy/LegacyObjectStore.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyObjectStore.h: Removed.
        * Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Removed.
        * Modules/indexeddb/legacy/LegacyRequest.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyRequest.h: Removed.
        * Modules/indexeddb/legacy/LegacyTransaction.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyTransaction.h: Removed.
        * Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Removed.
        * Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Removed.
        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        (WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::generateIndexKeysForValue): Deleted.
        * bindings/js/IDBBindingUtilities.h:
        * bindings/js/JSMainThreadExecState.cpp:
        (WebCore::JSMainThreadExecState::didLeaveScriptContext): Deleted.
        * inspector/InspectorIndexedDBAgent.cpp:
        * loader/EmptyClients.cpp:
        * page/DatabaseProvider.cpp:
        (WebCore::DatabaseProvider::idbFactoryBackend): Deleted.
        * page/DatabaseProvider.h:
        * platform/CrossThreadCopier.cpp:
        (WebCore::IDBDatabaseMetadata>::copy): Deleted.
        (WebCore::IDBIndexMetadata>::copy): Deleted.
        (WebCore::IDBObjectStoreMetadata>::copy): Deleted.
        * platform/CrossThreadCopier.h:

2016-02-25  Brady Eidson  <beidson@apple.com>

        Modern IDB: WebKit 2 IPC layer.
        https://bugs.webkit.org/show_bug.cgi?id=153808

        Reviewed by Alex Christensen.

        No new tests (Covered by over 1,000 existing tests).

        * Modules/indexeddb/IDBKeyData.h:
        (WebCore::IDBKeyData::encode): It's okay to encode Min and Max.
        (WebCore::IDBKeyData::decode): It's okay to decode Min and Max.

2016-02-25  Daniel Bates  <dabates@apple.com>

        CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
        https://bugs.webkit.org/show_bug.cgi?id=154522
        <rdar://problem/24762078>

        Reviewed by Brent Fulgham.

        Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
        as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
        of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
        Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
        of whether ENABLE(CSP_NEXT) is enabled.

        Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html

        * WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
        * dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
        * dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this
        code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
        to support attributes statusCode and columnNumebr.
        * dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
        and send a violation report (if applicable).

2016-02-24  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Tearing when entering AC mode
        https://bugs.webkit.org/show_bug.cgi?id=150955

        Reviewed by Michael Catanzaro.

        * platform/gtk/GtkUtilities.cpp:
        (WebCore::widgetIsOnscreenToplevelWindow): Allow passing nullptr.

2016-02-24  Brady Eidson  <beidson@apple.com>

        Modern IDB: Some w3c objectstore tests crash under GuardMalloc.
        https://bugs.webkit.org/show_bug.cgi?id=154460

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):  Don't delete the UniqueIDBDatabase yet 
          if there are still any connections pending close.
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformCommitTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformAbortTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted): It's possible that with this
          transaction completing, and a connection finished its close process, that the UniqueIDBDatabase is
          now ready to be deleted.

        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::abortTransactionWithoutCallback):
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h:

        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::abortWithoutCallback):

2016-02-24  Zalan Bujtas  <zalan@apple.com>

        Background of an absolutely positioned inline element inside text-indented parent is positioned statically.
        https://bugs.webkit.org/show_bug.cgi?id=154019

        Reviewed by Simon Fraser.

        This patch ensures that statically positioned out-of-flow renderers are also text-aligned
        even when none of the renderers on the first line generate a linebox (so we end up with no bidi runs at all).
        The fix is to pass IndentTextOrNot information to startAlignedOffsetForLine through updateStaticInlinePositionForChild
        so that we can compute the left position for this statically positioned out of flow renderer.

        Test: fast/css3-text/css3-text-indent/text-indent-with-absolute-pos-child.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::adjustPositionedBlock):
        (WebCore::RenderBlockFlow::updateStaticInlinePositionForChild):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
        (WebCore::RenderBlockFlow::startAlignedOffsetForLine):
        * rendering/line/LineBreaker.cpp:
        (WebCore::LineBreaker::skipTrailingWhitespace):
        (WebCore::LineBreaker::skipLeadingWhitespace):
        * rendering/line/LineInlineHeaders.h: webkit.org/b/154628 fixes the bool vs IndentTextOrNot issue.
        (WebCore::setStaticPositions):

2016-02-24  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r195949): [GTK] Test /webkit2/WebKitWebView/insert/link is failing since r195949
        https://bugs.webkit.org/show_bug.cgi?id=153747

        Reviewed by Michael Catanzaro.

        Do not return early when reaching a boundary if there's a range
        selection. In that case, the selection will be cleared and
        accessibility will be notified.

        Test: editing/selection/move-to-line-boundary-clear-selection.html

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::modify):

2016-02-23  Simon Fraser  <simon.fraser@apple.com>

        Lay the groundwork for more constness in StyleResolver-related code
        https://bugs.webkit.org/show_bug.cgi?id=154598

        Reviewed by Antti Koivisto.

        Make some of the leaf functions that are used by the style resolver take 
        const CSSValues, and use 'auto' more to automatically get const stack variables
        when appropriate.

        * css/CSSBorderImageSliceValue.h:
        (WebCore::CSSBorderImageSliceValue::slices):
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::isQuirkValue):
        * css/FontVariantBuilder.cpp:
        (WebCore::extractFontVariantLigatures):
        (WebCore::extractFontVariantNumeric):
        (WebCore::extractFontVariantEastAsian):
        * css/FontVariantBuilder.h:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertReflection):
        (WebCore::StyleBuilderConverter::convertGridAutoFlow):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueSize):
        (WebCore::StyleBuilderCustom::applyValueStroke):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::colorFromPrimitiveValueIsDerivedFromElement):
        (WebCore::StyleResolver::colorFromPrimitiveValue):
        (WebCore::StyleResolver::createFilterOperations):
        * css/StyleResolver.h:
        * css/TransformFunctions.cpp:
        (WebCore::transformsForValue):
        * css/TransformFunctions.h:
        * rendering/style/StylePendingImage.h:
        * svg/SVGLength.cpp:
        (WebCore::SVGLength::fromCSSPrimitiveValue):
        * svg/SVGLength.h:

2016-02-23  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        [SVG] Update SVG source to return string literals as ASCIILiteral and add test cases for case sensitivity
        https://bugs.webkit.org/show_bug.cgi?id=154373

        Reviewed by Youenn Fablet.

        Update SVGAnimatedEnumeration toString method to return ASCIILiteral for string literals and add test cases for
        case-sensitivity for these elements.

        Test: svg/dom/SVGAnimatedEnumeration-case-sensitive.html

        * svg/SVGComponentTransferFunctionElement.h:
        (WebCore::SVGPropertyTraits<ComponentTransferType>::toString):
        * svg/SVGFEBlendElement.h:
        (WebCore::SVGPropertyTraits<BlendMode>::toString):
        * svg/SVGFEColorMatrixElement.h:
        (WebCore::SVGPropertyTraits<ColorMatrixType>::toString):
        * svg/SVGFECompositeElement.h:
        (WebCore::SVGPropertyTraits<CompositeOperationType>::toString):
        * svg/SVGFEConvolveMatrixElement.h:
        (WebCore::SVGPropertyTraits<EdgeModeType>::toString):
        * svg/SVGFEDisplacementMapElement.h:
        (WebCore::SVGPropertyTraits<ChannelSelectorType>::toString):
        * svg/SVGFEMorphologyElement.h:
        (WebCore::SVGPropertyTraits<MorphologyOperatorType>::toString):
        * svg/SVGFETurbulenceElement.h:
        (WebCore::SVGPropertyTraits<SVGStitchOptions>::toString):
        (WebCore::SVGPropertyTraits<TurbulenceType>::toString):
        * svg/SVGGradientElement.h:
        (WebCore::SVGPropertyTraits<SVGSpreadMethodType>::toString):
        * svg/SVGMarkerElement.h:
        (WebCore::SVGPropertyTraits<SVGMarkerUnitsType>::toString):
        * svg/SVGTextContentElement.h:
        (WebCore::SVGPropertyTraits<SVGLengthAdjustType>::toString):
        * svg/SVGTextPathElement.h:
        (WebCore::SVGPropertyTraits<SVGTextPathMethodType>::toString):
        (WebCore::SVGPropertyTraits<SVGTextPathSpacingType>::toString):
        * svg/SVGUnitTypes.h:
        (WebCore::SVGPropertyTraits<SVGUnitTypes::SVGUnitType>::toString):

2016-02-22  Gavin Barraclough  <barraclough@apple.com>

        Some timer alignment cleanup.
        https://bugs.webkit.org/show_bug.cgi?id=154559

        Reviewed by Chris Dumez.

        Document shouldn't override Page's timer alignment policy with a lower alignment,
        and m_domTimerAlignmentInterval isn't really a Settings, it's just the current state
        for the page.

        * dom/Document.cpp:
        (WebCore::Document::timerAlignmentInterval):
            - take the max of the possible intervals.
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::setTimerThrottlingEnabled):
        (WebCore::Page::setDOMTimerAlignmentInterval):
            - moved here from Settings.
        * page/Page.h:
        (WebCore::Page::domTimerAlignmentInterval):
            - moved here from Settings.
        * page/Settings.cpp:
        (WebCore::Settings::setDOMTimerAlignmentInterval): Deleted.
            - moved to Page.
        * page/Settings.h:
        (WebCore::Settings::domTimerAlignmentInterval): Deleted.
            - moved to Page.

2016-02-22  Myles C. Maxfield  <mmaxfield@apple.com>

        Font features specified in @font-face blocks don't apply to local() families
        https://bugs.webkit.org/show_bug.cgi?id=154554

        Reviewed by Dean Jackson.

        The correct variables just need to be wired up. In addition, our caches need to be sensitive
        to the new data.

        Test: css3/font-feature-font-face-local.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey):
        (WebCore::FontPlatformDataCacheKey::operator==):
        (WebCore::FontPlatformDataCacheKeyHash::hash):
        (WebCore::FontCache::getCachedFontPlatformData):
        (WebCore::FontCache::fontForFamily):
        * platform/graphics/FontCache.h:
        * platform/graphics/FontFeatureSettings.h:
        (WebCore::FontFeature::operator!=):
        (WebCore::FontFeatureSettings::operator!=):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::fontWithFamily):
        (WebCore::FontCache::createFontPlatformData):
        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::collectComplexTextRunsForCharacters):
        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::FontCache::lastResortFallbackFont):
        * platform/text/TextFlags.h:
        (WebCore::FontVariantSettings::operator==):
        (WebCore::FontVariantSettings::operator!=):
        (WebCore::FontVariantSettings::uniqueValue):

2016-02-22  Daniel Bates  <dabates@apple.com>

        REGRESSION (r196892): Crash in DocumentLoader::startLoadingMainResource()
        https://bugs.webkit.org/show_bug.cgi?id=154563
        <rdar://problem/24780678>

        Reviewed by Alexey Proskuryakov.

        Fixes an issue where the provisional loader may be deallocated when starting
        a load. One example where this can occur is when cancelling the provisional load
        as part of a form submission because the Content Security Policy of the page
        blocks the submission (it violates the directive form-action).

        This crash is covered by the test http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource): Take a ref before calling
        DocumentLoader::willSendRequest().

2016-02-22  Chris Dumez  <cdumez@apple.com>

        REGRESSION (r196563): Images not loading on https://klim.co.nz/blog/paypal-sans-design-information/
        https://bugs.webkit.org/show_bug.cgi?id=154547
        <rdar://problem/24772167>

        Reviewed by Gavin Barraclough.

        The Website was doing the following:
        $ var e = window.addEventListener;
        $ e("eventname", handler)

        In such case, the jsEventTargetPrototypeFunctionDispatchEvent() bindings
        implementation was caused with a thisValue which is a JSLexicalEnvironment
        and the implementation did not know how to convert it into a global object.
        The previous implementation on JSDOMWindow used to handle tis correctly
        because it was always calling JSValue::toThis() on the thisValue before
        trying to cast it to a JSDOMWindow, and JSLexicalEnvironment::toThis()
        gets the globalThisValue. This patch updates the EventTarget bindings
        code to call always call toThis() on the thisValue before trying to
        cast it. This should correctly deal with JSLexicalEnvironment and be a
        no-op in usual cases.

        No new tests, extended existing test.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateFunctionCastedThis):

2016-02-22  Simon Fraser  <simon.fraser@apple.com>

        Repeated background images have the wrong position when using bottom/right-relative background-position
        https://bugs.webkit.org/show_bug.cgi?id=154478

        Reviewed by Dave Hyatt.

        Fix RenderBoxModelObject::calculateBackgroundImageGeometry() to use the right position when
        painting repeated background images when right/bottom edges are used.

        Also rename BackgroundEdgeOrigin to Edge

        Test: fast/images/background-position.html

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator Edge):
        (WebCore::CSSPrimitiveValue::operator BackgroundEdgeOrigin): Deleted.
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::resolveEdgeRelativeLength):
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/style/FillLayer.cpp:
        (WebCore::FillLayer::FillLayer):
        * rendering/style/FillLayer.h:
        (WebCore::FillLayer::backgroundXOrigin):
        (WebCore::FillLayer::backgroundYOrigin):
        (WebCore::FillLayer::setBackgroundXOrigin):
        (WebCore::FillLayer::setBackgroundYOrigin):
        * rendering/style/RenderStyleConstants.cpp:
        (WebCore::operator<<):
        * rendering/style/RenderStyleConstants.h:

2016-02-21  Chris Dumez  <cdumez@apple.com>

        iframe/frame/object.contentDocument should be on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154409

        Reviewed by Sam Weinig.

        Move iframe/frame/object.contentDocument to the prototype. They used
        to be on the instance due to the [CheckSecurityForNode] IDL extended
        attribute. This patch updates the bindings generator so that such
        attributes are now on the prototype. While they are now on the
        prototype, the security checks are still generated in the
        corresponding getters and setters so cross origin access is still
        prevented.

        Test: http/tests/security/cross-origin-iframe-contentDocument.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (AttributeShouldBeOnInstance): Deleted.

2016-02-24  Daniel Bates  <dabates@apple.com>

        CSP: Enable plugin-types directive by default
        https://bugs.webkit.org/show_bug.cgi?id=154420
        <rdar://problem/24730322>

        Reviewed by Brent Fulgham.

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::isExperimentalDirectiveName): Move plugin-types from the directives considered
        experimental to...
        (WebCore::isCSPDirectiveName): ...the list of standard directives.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the plugin-types
        directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.

2016-02-23  Daniel Bates  <dabates@apple.com>

        CSP: Enable base-uri directive by default
        https://bugs.webkit.org/show_bug.cgi?id=154521
        <rdar://problem/24762032>

        Reviewed by Brent Fulgham.

        Tests: http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored.html
               http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::isExperimentalDirectiveName): Move base-uri from the directives considered
        experimental to...
        (WebCore::isCSPDirectiveName): ...the list of standard directives.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the base-uri
        directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.

2016-02-23  Daniel Bates  <dabates@apple.com>

        REGRESSION (r196892): No longer emit error message when CSP form-action directive is used as a source expression
        https://bugs.webkit.org/show_bug.cgi?id=154555
        <rdar://problem/24776777>

        Reviewed by Andy Estes.

        Fixes an issue where an error message is not emitted when directive form-action is used as a
        source expression. Prior to <http://trac.webkit.org/changeset/196892>, when directive form-action
        was used as a source expression a console error message would be emitted with the form:

            The Content Security Policy directive 'script-src' contains 'form-action' as a source expression.
            Did you mean 'script-src ...; form-action...' (note the semicolon)?

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::isCSPDirectiveName): Return true if the specified directive name is "form-action".

2016-02-21  Daniel Bates  <dabates@apple.com>

        CSP: Enable form-action directive by default
        https://bugs.webkit.org/show_bug.cgi?id=154520
        <rdar://problem/24762029>

        Reviewed by Sam Weinig.

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the form-action
        directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.
        (WebCore::isExperimentalDirectiveName): Remove form-action from the directives considered
        experimental.

2016-02-21  Daniel Bates  <dabates@apple.com>

        CSP: Violation report should include column number
        https://bugs.webkit.org/show_bug.cgi?id=154418
        <rdar://problem/24729525>

        Reviewed by Brent Fulgham.

        Include column-number in the Content Security Policy violation report for the column number
        in the source script where the violation occurred (for a script violation) as per section
        Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        When a CSP report is created for a script violation the source file and line number of the
        source code line where the violation occurred are included in the report. We now include
        the column number in the source file where the violation occurred so as to help narrow
        down the operation that triggered the violation in a complicated source code line.

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation):

2016-02-21  Daniel Bates  <dabates@apple.com>

        CSP: Violation report should include HTTP status code and effective-directive of protected resource
        https://bugs.webkit.org/show_bug.cgi?id=154288
        <rdar://problem/24674982>
        And
        https://bugs.webkit.org/show_bug.cgi?id=115707
        <rdar://problem/24383128>

        Reviewed by Brent Fulgham.

        Include status-code and effective-directive in the Content Security Policy violation report for
        the HTTP status code of the protected resource and name of the policy directive that was violated,
        respectively, as per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Test: http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation): Add key status-code to the report with value
        equal to the HTTP response code for the document or 0 depending on whether the document was
        delivered over HTTP or not. Additionally, remove ENABLE(CSP_NEXT)-guard/experimentalFeaturesEnabled()-condition
        around code to include the effective-directive property in the report.

2016-02-21  Daniel Bates  <dabates@apple.com>

        CSP: report-url directive should be ignored when contained in a policy defined via a meta element
        https://bugs.webkit.org/show_bug.cgi?id=154307
        <rdar://problem/24684817>

        Reviewed by Brent Fulgham.

        The Content Security Policy report-uri directive should only be honored when defined via an HTTP header
        as per section report-uri of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Currently we honor the report-uri directive when enforcing or monitoring a policy defined either via
        an HTML meta element or an HTTP header. Instead we should only honor this directive when defined
        via an HTTP header and log a message to the Web Inspector console to explain that the directive
        was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

        Test: http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive report-uri when
        the Content Security Policy came from an HTML meta element.

2016-02-21  Daniel Bates  <dabates@apple.com>

        CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
        https://bugs.webkit.org/show_bug.cgi?id=154299
        <rdar://problem/24680433>

        Reviewed by Brent Fulgham.

        The Content Security Policy sandbox directive should only be honored when enforcing a policy
        defined via an HTTP header as per section sandbox of the Content Security Policy 2.0 spec.,
        <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Currently we honor the sandbox directive when enforcing a policy defined either via an HTML
        meta element or an HTTP header. Instead we should only honor this directive when defined
        via an HTTP header and log a message to the Web Inspector console to explain that the directive
        was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

        Tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php
               http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php
               http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php
               http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Substitute ContentSecurityPolicy::processHTTPEquiv() for
        ContentSecurityPolicy::didReceiveHeader() as the latter was made private.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::copyStateFrom): Updated as needed based on ContentSecurityPolicy::didReceiveHeader() change below.
        (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
        (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
        and pass it through to ContentSecurityPolicyDirectiveList::create().
        (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInHTTPEquivMeta): Logs a message to the Web Inspector console
        that the specified directive was ignored because it was delivered via an HTML meta element.
        * page/csp/ContentSecurityPolicy.h: Made member function ContentSecurityPolicy::didReceiveHeader() private. Defined
        enum class PolicyFrom to represent the source of the Content Security Policy: HTTP equiv meta element, HTTP header, or
        inherited from another ContentSecurityPolicy object (this value is only used by ContentSecurityPolicy::copyStateFrom()).
        (WebCore::ContentSecurityPolicy::processHTTPEquiv): Added; turns around and calls ContentSecurityPolicy::didReceiveHeader().
        The name of this function better describes its purpose - to handle the processing of a Content Security Policy
        delivered via <meta http-equiv="Content-Security-Policy" content="...">.
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::create): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
        as pass it through to ContentSecurityPolicyDirectiveList::parse().
        (WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive sandbox when the Content Security
        Policy came from an HTML meta element.
        * page/csp/ContentSecurityPolicyDirectiveList.h:

2016-02-20  Antti Koivisto  <antti@apple.com>

        Resolve style iteratively
        https://bugs.webkit.org/show_bug.cgi?id=154355

        Reviewed by Andreas Kling.

        Instead of a set of recursive functions use ComposedTreeIterator for traversing the DOM
        tree in composed tree order.

        This, along with maintaining explicit parent stack makes style resolve code more tractable
        for future work.

        It also makes the ComposedTreeIterator the definite authority for the shape of the composed tree
        instead of duplicating it as a set of recursive style resolve functions. This eliminates
        a significant source of bugs and confusion.

        The render tree building code path remains recursive for now.

        * css/StyleInvalidationAnalysis.cpp:
        (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):

            Invalidate the host element instead of the shadow root. This reduces need for special handling for shadow roots.

        * dom/ComposedTreeIterator.cpp:
        (WebCore::ComposedTreeIterator::initializeContextStack):
        (WebCore::ComposedTreeIterator::dropAssertions):

            Add support for dropping DOM mutation assertions.

        (WebCore::ComposedTreeIterator::traverseShadowRoot):
        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::context):
        (WebCore::ComposedTreeIterator::current):
        * dom/PseudoElement.h:
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::TreeResolver):
        (WebCore::Style::TreeResolver::Scope::Scope):
        (WebCore::Style::TreeResolver::Parent::Parent):
        (WebCore::Style::TreeResolver::pushScope):
        (WebCore::Style::resetStyleForNonRenderedDescendants):
        (WebCore::Style::pseudoStyleCacheIsInvalid):
        (WebCore::Style::TreeResolver::resolveElement):
        (WebCore::Style::resolveTextNode):
        (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
        (WebCore::Style::TreeResolver::pushParent):
        (WebCore::Style::TreeResolver::popParent):
        (WebCore::Style::TreeResolver::popParentsToDepth):

            Maintain explicit parent stack.

        (WebCore::Style::TreeResolver::resolveComposedTree):

            The main loop that iterates over the composed tree and computes style for dirty elements.

        (WebCore::Style::TreeResolver::resolve):
        (WebCore::Style::detachRenderTree):
        (WebCore::Style::TreeResolver::resolveLocally): Deleted.
        (WebCore::Style::TreeResolver::resolveChildAtShadowBoundary): Deleted.
        (WebCore::Style::TreeResolver::resolveShadowTree): Deleted.
        (WebCore::Style::TreeResolver::resolveChildren): Deleted.
        (WebCore::Style::TreeResolver::resolveSlotAssignees): Deleted.
        (WebCore::Style::TreeResolver::resolveRecursively): Deleted.

            Recursive functions go away.

        * style/StyleTreeResolver.h:
        (WebCore::Style::TreeResolver::scope):
        (WebCore::Style::TreeResolver::parent):

2016-02-19  Antti Koivisto  <antti@apple.com>

        ComposedTreeIterator traverses normal children for elements with empty shadow root
        https://bugs.webkit.org/show_bug.cgi?id=154464

        Reviewed by Ryosuke Niwa.

        Test: fast/shadow-dom/composed-tree-basic.html

        * dom/ComposedTreeIterator.cpp:
        (WebCore::ComposedTreeIterator::initializeContextStack):
        (WebCore::ComposedTreeIterator::traverseShadowRoot):

            If the shadow root is empty continue by skipping the real children.

        (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
        (WebCore::composedTreeAsText):
        (WebCore::ComposedTreeIterator::pushContext): Deleted.
        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::context):
        (WebCore::ComposedTreeIterator::current):
        (WebCore::ComposedTreeIterator::traverseNext):
        (WebCore::composedTreeChildren):
        * testing/Internals.cpp:
        (WebCore::Internals::composedTreeAsText):

            Testing support.

        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-19  Simon Fraser  <simon.fraser@apple.com>

        Use more concrete types for parsing positions
        https://bugs.webkit.org/show_bug.cgi?id=154481

        Reviewed by Dean Jackson.

        Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
        the need to downcast<> the values returned by the parsing functions.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parsePositionX):
        (WebCore::CSSParser::parsePositionY):
        (WebCore::CSSParser::parse4ValuesFillPosition):
        (WebCore::CSSParser::parse3ValuesFillPosition):
        (WebCore::CSSParser::parseFillPosition):
        (WebCore::CSSParser::parse2ValuesFillPosition):
        (WebCore::CSSParser::parseFillProperty):
        (WebCore::CSSParser::parseTransformOriginShorthand):
        (WebCore::CSSParser::parseBasicShapeCircle):
        (WebCore::CSSParser::parseBasicShapeEllipse):
        (WebCore::CSSParser::parseDeprecatedRadialGradient):
        (WebCore::CSSParser::parseRadialGradient):
        (WebCore::CSSParser::parseTransformOrigin):
        (WebCore::CSSParser::parsePerspectiveOrigin):
        * css/CSSParser.h:

2016-02-18  Gavin Barraclough  <barraclough@apple.com>

        JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
        https://bugs.webkit.org/show_bug.cgi?id=154416

        Reviewed by Geoff Garen.

        * testing/Internals.cpp:
        (WebCore::Internals::isReadableStreamDisturbed):
            - fastGetOwnPropertySlot -> getOwnPropertySlot
              (internal method removed; test shouldn't really have been using this anyway)

2016-02-19  Zalan Bujtas  <zalan@apple.com>

        Blocked plug-in placeholder is sometimes not shown.
        https://bugs.webkit.org/show_bug.cgi?id=154434
        <rdar://problem/22584973>

        Reviewed by Brent Fulgham.

        m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
        It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
        was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
        (The reason why the indicator showed up most of the time was because some renderer
        triggered repaint on the view.)

        Unable to test.

        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
        (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.
        * rendering/RenderEmbeddedObject.h:
        (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

2016-02-19  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] clean-up various leaks
        https://bugs.webkit.org/show_bug.cgi?id=154285

        Reviewed by Carlos Garcia Campos.

        * platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:
        (webkit_web_audio_src_init): Take full ownership of the GstTask.
        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::adoptGRef): Null pointer support in ASSERTs.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::initializeGStreamerAndRegisterWebKitElements): Take full ownership of the GstElementFactory pointers.
        (WebCore::MediaPlayerPrivateGStreamer::isAvailable): Ditto.

2016-02-18  Andy Estes  <aestes@apple.com>

        Revert to dispatching the popstate event synchronously
        https://bugs.webkit.org/show_bug.cgi?id=153297
        rdar://problem/24092294

        Reviewed by Brent Fulgham.

        r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
        due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
        r192369's changes to Document.cpp, but retains the new tests.

        Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
        fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
        frames from the document that will later be accessed by HistoryController::recursiveGoToItem().

        To prevent the crashes, this change does two things:
        1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
           loadInSameDocument() might otherwise delete it.
        2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
           since calling goToItem() on one frame might cause another frame to be deleted.

        Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
        fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

        * dom/Document.cpp:
        (WebCore::Document::enqueuePopstateEvent):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadSameDocumentItem):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::recursiveGoToItem):

2016-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GObject DOM bindings API break after r196769.

        * html/HTMLTextAreaElement.idl:

2016-02-18  Gwang Yoon Hwang  <yoon@igalia.com>

        [GTK] Limit the number of tiles according to the visible area
        https://bugs.webkit.org/show_bug.cgi?id=126122

        Reviewed by Carlos Garcia Campos.

        TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
        means it creates the huge amount of textures if there is an excessively big
        layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
        drivers.

        This patch modifies TextureMapperTiledBackingStore to take into account the
        visible area with a coverage multiplier when creating tiles.

        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
        Set a flag to recalculate the visible area of the layer when there are
        geometric changes.
        (WebCore::GraphicsLayerTextureMapper::setContentsToImage):
        (WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
        (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
        (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
        (WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
        (WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
        (WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
        Compute the inverse transform matrix to map a global visible are to
        the local visible area.
        (WebCore::clampToContentsRectIfRectIsInfinite):
        (WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
        In HiDPI, the directly composited image is uploaded to the unscaled
        texture to reduce memory usages. So we should apply device scale
        factor to render it correctly.
        (WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
        Create tiles which covered by visible rect with a coverage multiplier.

2016-02-18  Brent Fulgham  <bfulgham@apple.com>

        Extend HashCountedSet with a method to efficiently set the count of an entry
        https://bugs.webkit.org/show_bug.cgi?id=154352

        Reviewed by Geoffrey Garen.

        Tested by new TestWebKitAPI tests.

        * loader/ResourceLoadStatistics.cpp:
        (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

2016-02-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196790.
        https://bugs.webkit.org/show_bug.cgi?id=154439

        made fast/events/wheelevent-basic-actual.txt fail in WK2
        (Requested by alexchristensen on #webkit).

        Reverted changeset:

        "Wheel event callback removing the window causes crash in
        WebCore."
        https://bugs.webkit.org/show_bug.cgi?id=150871
        http://trac.webkit.org/changeset/196790

2016-02-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196791.
        https://bugs.webkit.org/show_bug.cgi?id=154438

        broke windows build (Requested by alexchristensen on #webkit).

        Reverted changeset:

        "Extend HashCountedSet with a method to efficiently set the
        count of an entry"
        https://bugs.webkit.org/show_bug.cgi?id=154352
        http://trac.webkit.org/changeset/196791

2016-02-18  Chris Dumez  <cdumez@apple.com>

        window.history / window.navigator should not be replaceable
        https://bugs.webkit.org/show_bug.cgi?id=154412

        Reviewed by Ryosuke Niwa.

        window.history / window.navigator should not be replaceable as per
        the latest HTML specification:
        https://html.spec.whatwg.org/multipage/browsers.html#the-window-object

        Firefox and Chrome already match the specification. This patch aligns
        our behavior.

        No new tests, already covered by existing tests.

        * page/DOMWindow.idl:

2016-02-18  Chris Dumez  <cdumez@apple.com>

        HTMLTableHeaderCellElement.scope should only return known values
        https://bugs.webkit.org/show_bug.cgi?id=154423
        <rdar://problem/24731018>

        Reviewed by Ryosuke Niwa.

        HTMLTableHeaderCellElement.scope should only return known values as per:
        - https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope

        Known values are document here:
        - https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope

        No new tests, already covered by existing test.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLElementsAllInOne.cpp:
        * html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
        (WebCore::HTMLTableHeaderCellElement::scope):
        (WebCore::HTMLTableHeaderCellElement::setScope):
        * html/HTMLTableHeaderCellElement.h:
        * html/HTMLTableHeaderCellElement.idl:

2016-02-18  Brent Fulgham  <bfulgham@apple.com>

        Extend HashCountedSet with a method to efficiently set the count of an entry
        https://bugs.webkit.org/show_bug.cgi?id=154352

        Reviewed by Geoffrey Garen.

        Tested by new TestWebKitAPI tests.

        * loader/ResourceLoadStatistics.cpp:
        (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

2016-02-18  Simon Fraser  <simon.fraser@apple.com>

        Wheel event callback removing the window causes crash in WebCore.
        https://bugs.webkit.org/show_bug.cgi?id=150871

        Reviewed by Brent Fulgham.
        
        Null check the FrameView before using it, since the iframe may have been removed
        from its parent document inside the event handler.

        Test: fast/events/wheel-event-destroys-frame.html

        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformCompleteWheelEvent):

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix IDBGetResult encoder/decoder.
        https://bugs.webkit.org/show_bug.cgi?id=154421

        Reviewed by Alex Christensen.

        No new tests, as Modern IDB is still disabled for WK2.
        
        But if you manually enable it, "Basic IndexedDB Seems To Work"

        * Modules/indexeddb/IDBGetResult.h:
        (WebCore::IDBGetResult::encode):
        (WebCore::IDBGetResult::decode):

2016-02-18  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments after r196747.

        Unreviewed.

        * css/CSSFontFaceSet.h:
        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::size):
        (WebCore::FontFaceSet::clear):
        * css/FontFaceSet.h:

2016-02-18  Zalan Bujtas  <zalan@apple.com>

        Soft hyphen is not shown when it is placed at the end of an inline element
        https://bugs.webkit.org/show_bug.cgi?id=153980

        Reviewed by David Hyatt.

        This patch handles the case when the character at the breaking position does not fit the
        line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
        (foo&shy;bar where b overflows the line).
        In such cases we don't yet have an item in the breaking history so we need to take a look at
        the current context instead.    

        Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
        (WebCore::BreakingContext::handleText):

2016-02-18  Andreas Kling  <akling@apple.com>

        Fake memory pressure handler should log detailed memory breakdown.
        <https://webkit.org/b/154415>

        Reviewed by Antti Koivisto.

        Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
        and have the fake memory handler dump before/after/diff after it runs.

        * page/ResourceUsageThread.h:
        (WebCore::TagInfo::TagInfo):
        * page/cocoa/ResourceUsageThreadCocoa.mm:
        (WebCore::logFootprintComparison):
        (WebCore::displayNameForVMTag):
        (WebCore::pagesPerVMTag):
        (WebCore::TagInfo::TagInfo): Deleted.
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement server->client operations in WK2.
        https://bugs.webkit.org/show_bug.cgi?id=154411

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.
    
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::encode):
        (WebCore::IDBTransactionInfo::decode):

2016-02-18  Csaba Osztrogonác  <ossy@webkit.org>

        Fix unused-const-variable warning on non Cocoa platforms
        https://bugs.webkit.org/show_bug.cgi?id=154394

        Reviewed by Michael Catanzaro.

        * html/HTMLPlugInImageElement.cpp:

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement client->server operations in WK2.
        https://bugs.webkit.org/show_bug.cgi?id=154400

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/server/IDBServer.h:
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:

2016-02-18  Chris Dumez  <cdumez@apple.com>

        [Unforgeable] operations should not be writable as per Web IDL
        https://bugs.webkit.org/show_bug.cgi?id=154396
        <rdar://problem/24721063>

        Reviewed by Ryosuke Niwa.

        [Unforgeable] operations should not be writable as per the Web IDL specification:
        http://heycam.github.io/webidl/#es-operations

        They were currently non-configurable in WebKit but still writable.

        No new tests, already covered by existing test.

        * bindings/scripts/CodeGeneratorJS.pm:
        Mark [Unforgeable] operations as ReadOnly.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        * bindings/scripts/test/TestObj.idl:
        Add bindings test coverage for [Unforgeable].

2016-02-18  Chris Dumez  <cdumez@apple.com>

        Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
        https://bugs.webkit.org/show_bug.cgi?id=154398

        Reviewed by Ryosuke Niwa.

        Fix behavior of reflecting unsigned long IDL attributes that are limited
        to only non-negative numbers greater than zero to comply with:
        - https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero

        This patch updates the following IDL attributes:
        - colgroup.span
        - col.span
        - input.size
        - textarea.cols
        - textareal.rows

        All of them now:
        - Have "unsigned long" type on IDL size and "unsigned" type on native
          side.
        - On getting, return the value if it is in the range [1; 2147483647],
          otherwise return the default value.
        - On setting, set to the input value if it is in the range
          [1; 2147483647], otherwise, set to the default value.

        Note that as per the specification, we are supposed to throw an
        IndexSizeError exception when trying to set those attributes to zero.
        However, we instead use the default value to match other browsers.
        It would be risky to be the only browser to throw in this case.

        No new tests, already covered by existing test.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseAttribute):
        (WebCore::HTMLInputElement::setSize):
        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::parseAttribute):
        (WebCore::HTMLTableColElement::setSpan):
        * html/HTMLTableColElement.h:
        * html/HTMLTableColElement.idl:
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::parseAttribute):
        (WebCore::HTMLTextAreaElement::setCols):
        (WebCore::HTMLTextAreaElement::setRows):
        (WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.
        * html/HTMLTextAreaElement.h:
        * html/HTMLTextAreaElement.idl:
        * html/parser/HTMLParserIdioms.h:
        (WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):

2016-02-18  David Kilzer  <ddkilzer@apple.com>

        Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro

        Follow-up fix noted by Andy Estes for:

            [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
            <http://webkit.org/b/154364>

        * platform/mac/SoftLinking.h:
        (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
        ASSERT_WITH_MESSAGE_UNUSED().

2016-02-18  Andreas Kling  <akling@apple.com>

        Reduce tiling coverage immediately when memory pressure hits.
        <https://webkit.org/b/154374>

        Reviewed by Simon Fraser.

        We already had a policy that reduced tiling coverage to a minimum while the system
        is under memory pressure. However, that policy wouldn't kick in immediately after
        receiving the pressure notification, but the next time we flush compositing state.

        This change makes it happen sooner, improving our chances to escape death!

        * page/Page.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):

            Add a little helper for visiting every Page.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):

            When under critical memory pressure, schedule a compositing flush in all Pages.
            This ensures that the reduced tiling coverage policy takes effect, allowing us to
            immediately drop several tiles in each visible web view.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

            To ensure that this behavior is testable with the fake memory pressure notification,
            make the fake handler set the "in memory pressure" state just like the real one would.
            I don't know why we were not doing this previously, it was just an oversight.
            After the simulation completes, it schedules a runloop callback that resets the
            "in memory pressure" state.

2016-02-17  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] Implement FontFaceSet
        https://bugs.webkit.org/show_bug.cgi?id=153348

        Reviewed by Simon Fraser.

        The CSS Font Loading spec includes a FontFaceSet object which represents
        a collection of FontFaces. This patch implements such an object, and
        backs it with a vector of FontFaces. Similarly to the FontFace object,
        FontFaceSet is separated into a FontFaceSet frontend object and a
        CSSFontFaceSet backend object, which actually owns the FontFace objects.
        All the interaction with Promises is performed in the frontend object.

        This patch does not implement the EventTarget part of the FontFaceSet
        API, so the only way to know when a font is finished loading is by using
        the associated Promise objects.

        The CSS Font Loading spec describes how the Document should vend an
        instance of FontFaceSet which represents the font faces currently
        associated with the Document. However, that functionality is
        forthcoming. Currently, the only way to get a FontFaceSet is to create
        one yourself (using the constructor). Therefore, this patch does not
        implement the spec's notion of a "CSS-connected font face."

        Test: fast/text/font-face-set-javascript.html

        * CMakeLists.txt: Add new files.
        * DerivedSources.make: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/JSFontFaceSetCustom.cpp: Added.
        (WebCore::JSFontFaceSet::ready): Use the Promise member.
        (WebCore::JSFontFaceSet::entries): Use existing iterator code.
        (WebCore::JSFontFaceSet::keys):
        (WebCore::JSFontFaceSet::values):
        * css/CSSAllInOne.cpp: Add new files.
        * css/CSSFontFace.cpp: We now have a collection of clients (instead of
        just one). Also, we need to keep a pointer to our FontFace wrapper.
        (WebCore::CSSFontFace::CSSFontFace):
        (WebCore::CSSFontFace::addClient):
        (WebCore::CSSFontFace::removeClient):
        (WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
        more clear.
        (WebCore::CSSFontFace::fontLoaded):
        (WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
        (WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.
        * css/CSSFontFace.h: Same as above.
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::Client::~Client):
        (WebCore::CSSFontFace::Client::kick):
        (WebCore::CSSFontFace::Client::stateChanged):
        (WebCore::CSSFontFace::wrapper):
        (WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.
        * css/CSSFontFaceSet.cpp: Added. Initial imlementation.
        (WebCore::CSSFontFaceSet::CSSFontFaceSet):
        (WebCore::CSSFontFaceSet::~CSSFontFaceSet):
        (WebCore::CSSFontFaceSet::incrementActiveCount):
        (WebCore::CSSFontFaceSet::decrementActiveCount):
        (WebCore::CSSFontFaceSet::has):
        (WebCore::CSSFontFaceSet::add):
        (WebCore::CSSFontFaceSet::remove):
        (WebCore::extractFamilies):
        (WebCore::familiesIntersect): Because this is an initial imlementation,
        this function is not optimized. A subsequent patch (which implements
        Document.fonts) will optimize this.
        (WebCore::CSSFontFaceSet::matchingFaces):
        (WebCore::CSSFontFaceSet::load):
        (WebCore::CSSFontFaceSet::check):
        (WebCore::CSSFontFaceSet::stateChanged):
        * css/CSSFontFaceSet.h: Added.
        (WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
        (WebCore::CSSFontFaceSet::size):
        (WebCore::CSSFontFaceSet::operator[]):
        (WebCore::CSSFontFaceSet::status):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::familyNameFromPrimitive):
        (WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::familyNameFromPrimitive): Deleted.
        (WebCore::CSSFontSelector::kick): Deleted.
        * css/CSSFontSelector.h:
        * css/CSSSegmentedFontFace.cpp:
        (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
        (WebCore::CSSSegmentedFontFace::appendFontFace):
        (WebCore::CSSSegmentedFontFace::kick):
        (WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.
        * css/CSSSegmentedFontFace.h:
        * css/FontFace.cpp:
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::~FontFace):
        (WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
        (WebCore::FontFace::kick): Deleted.
        * css/FontFace.h:
        * css/FontFaceSet.cpp: Added.
        (WebCore::createPromise):
        (WebCore::FontFaceSet::FontFaceSet):
        (WebCore::FontFaceSet::~FontFaceSet):
        (WebCore::FontFaceSet::Iterator::Iterator):
        (WebCore::FontFaceSet::Iterator::next):
        (WebCore::FontFaceSet::PendingPromise::PendingPromise):
        (WebCore::FontFaceSet::PendingPromise::~PendingPromise):
        (WebCore::FontFaceSet::has):
        (WebCore::FontFaceSet::size):
        (WebCore::FontFaceSet::add):
        (WebCore::FontFaceSet::remove):
        (WebCore::FontFaceSet::clear):
        (WebCore::FontFaceSet::load): Most of the complexity of loading is
        due to the promises involved. Rather than use the Javascript function
        Promise.all(), this patch builds a data structure to represent the
        promises which need to be resolved. When fonts finish loading, we look
        at the data structure to determine which promises to resolve.
        (WebCore::FontFaceSet::check):
        (WebCore::FontFaceSet::status):
        (WebCore::FontFaceSet::canSuspendForDocumentSuspension):
        (WebCore::FontFaceSet::startedLoading):
        (WebCore::FontFaceSet::completedLoading):
        (WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
        (WebCore::FontFaceSet::faceFinished):
        * css/FontFaceSet.h: Added.
        (WebCore::FontFaceSet::create):
        (WebCore::FontFaceSet::load):
        (WebCore::FontFaceSet::check):
        (WebCore::FontFaceSet::createIterator):
        (WebCore::FontFaceSet::PendingPromise::create):
        * css/FontFaceSet.idl: Added.
        * dom/EventNames.h:
        * dom/EventTargetFactory.in:

2016-02-17  Mark Lam  <mark.lam@apple.com>

        Callers of JSString::value() should check for exceptions thereafter.
        https://bugs.webkit.org/show_bug.cgi?id=154346

        Reviewed by Geoffrey Garen.

        No new tests.  The crash that results from this issue is dependent on a race
        condition where an OutOfMemory error occurs precisely at the point where the
        JSString::value() function is called on a rope JSString.

        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::putDelegate):
        - Added a comment at the site of the exception check to clarify the meaning of
          the return value.

2016-02-17  David Kilzer  <ddkilzer@apple.com>

        [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
        <http://webkit.org/b/154364>

        Reviewed by Alexey Proskuryakov.

        * platform/mac/SoftLinking.h:
        (SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
        RELEASE_ASSERT_WITH_MESSAGE().
        (SOFT_LINK_FRAMEWORK): Ditto.
        (SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
        (SOFT_LINK_STAGED_FRAMEWORK): Ditto.
        (SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
        (SOFT_LINK): Ditto.
        (SOFT_LINK_POINTER): Ditto.
        (SOFT_LINK_CONSTANT): Ditto.
        (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
        RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
        optional.

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
        https://bugs.webkit.org/show_bug.cgi?id=154357

        Reviewed by Alexey Proskuryakov.

        Make location.assign() / location.replace()'s parameter mandatory,
        as per the specification:
        https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface

        Previously, calling location.assign() / location.replace() without
        parameter would be identical to calling location.assign("undefined") /
        location.replace("undefined"), which is not useful.

        After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
        test location.assign() / location.replace() further because they are now
        on the instance (where they should be) instead of the prototype. One of
        these tests calls these functions without parameter, expecting them to
        throw an exception. However, in WebKit, it would not throw and it would
        redirect us to http://w3c-test.org/html/dom/undefined.

        Firefox and Chrome both follow the specification already and throw in
        this case.

        No new tests, already covered by existing test.

        * page/Location.idl:
        Make location.assign() / location.replace()'s parameter mandatory,
        as per the specification.

2016-02-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196738.
        https://bugs.webkit.org/show_bug.cgi?id=154380

        broke css3/calc/transforms-translate.html (Requested by
        alexchristensen on #webkit).

        Reverted changeset:

        "WebKitCSSMatrix transformList with calculated relative length
        crashes Safari."
        https://bugs.webkit.org/show_bug.cgi?id=153333
        http://trac.webkit.org/changeset/196738

2016-02-17  Dean Jackson  <dino@apple.com>

        WebKitCSSMatrix transformList with calculated relative length crashes Safari.
        https://bugs.webkit.org/show_bug.cgi?id=153333
        <rdar://problem/17198383>

        Reviewed by Simon Fraser.

        WebKitCSSMatrix objects should fail to construct when not
        using absolute lengths.

        Updated existing tests:
        - transforms/cssmatrix-2d-interface.xhtml
        - transforms/cssmatrix-3d-interface.xhtml

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
        that we don't require absolute lengths.
        * css/TransformFunctions.cpp:
        (WebCore::convertToFloatLength): Add an optional parameter that will
        cause the conversion to fail if the primitive value has a non-absolute
        length.
        (WebCore::transformsForValue): Pass the parameter for requiring an
        absolute length on to convertToFloatLength when necessary.
        * css/TransformFunctions.h:
        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
        require all transform strings to have absolute lengths, not ones
        that depend on the font size or are calculated.

2016-02-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196712.
        https://bugs.webkit.org/show_bug.cgi?id=154371

        This change caused 5 API test failures on ios-simulator
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "[iOS] Purge GraphicsServices font cache on memory warning."
        https://bugs.webkit.org/show_bug.cgi?id=154343
        http://trac.webkit.org/changeset/196712

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
        https://bugs.webkit.org/show_bug.cgi?id=154356

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
        (WebCore::IDBDatabaseInfo::encode):
        (WebCore::IDBDatabaseInfo::decode):

        * Modules/indexeddb/shared/IDBError.h:
        (WebCore::IDBError::encode):
        (WebCore::IDBError::decode):

        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::decode):

        * Modules/indexeddb/shared/IDBResultData.h:
        (WebCore::IDBResultData::encode):
        (WebCore::IDBResultData::decode):

2016-02-17  Saam barati  <sbarati@apple.com>

        Implement Proxy [[Get]]
        https://bugs.webkit.org/show_bug.cgi?id=154081

        Reviewed by Michael Saboff.

        Tests are in JavaScriptCore.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::getProperty):
        (WebCore::getHashAlgorithm):
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::getJSArrayFromJSON):
        (WebCore::getStringFromJSON):
        (WebCore::getBooleanFromJSON):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::DialogHandler::returnValue):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::tryGetProperty):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::deleteProperty):
        (WebCore::JSStorage::deletePropertyByIndex):
        (WebCore::JSStorage::putDelegate):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::getProperty):
        * testing/Internals.cpp:
        (WebCore::Internals::isReadableStreamDisturbed):

2016-02-17  Simon Fraser  <simon.fraser@apple.com>

        PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
        https://bugs.webkit.org/show_bug.cgi?id=148182

        Reviewed by Brent Fulgham.

        When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
        teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
        so the old FrameView was left with a stale pointer in its scrollableAreaSet.

        Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
        before the Frame gets a new FrameView.

        Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
        so that the Widget is not kept alive over a possible navigation.

        I was unable to make an automated test, because reproducing the bug requires handling
        a Command-arrow key event in a way that the last ref to a Widget is held over the event
        handling, and this wasn't possible in an iframe.

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::defaultEventHandler):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::willDetachRenderers):
        * plugins/PluginViewBase.h:
        (WebCore::PluginViewBase::willDetatchRenderer):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::detachRenderTree): Drive-by nullptr.

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
        https://bugs.webkit.org/show_bug.cgi?id=154351

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        (WebCore::IDBDatabaseIdentifier::encode):
        (WebCore::IDBDatabaseIdentifier::decode):
        
        * Modules/indexeddb/shared/IDBCursorInfo.h:
        (WebCore::IDBCursorInfo::encode):
        (WebCore::IDBCursorInfo::decode):
        
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        (WebCore::IDBIndexInfo::encode):
        (WebCore::IDBIndexInfo::decode):
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        (WebCore::IDBObjectStoreInfo::encode):
        (WebCore::IDBObjectStoreInfo::decode):
        
        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::encode):
        (WebCore::IDBRequestData::decode):
        
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:
        (WebCore::IDBResourceIdentifier::encode):
        (WebCore::IDBResourceIdentifier::decode):
        
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::encode):
        (WebCore::IDBTransactionInfo::decode):

2016-02-17  Andreas Kling  <akling@apple.com>

        [iOS] Purge GraphicsServices font cache on memory warning.
        <https://webkit.org/b/154343>

        Reviewed by Antti Koivisto.

        The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
        Call SPI to purge it on memory pressure.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/spi/ios/GraphicsServicesSPI.h:

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=154330

        Reviewed by Gavin Barraclough.

        window.showModalDialog is no longer undefined if the client does not
        allow showing modal dialog after r196648. This patch fixes the issue
        and add test coverage for this.

        Test: fast/dom/Window/forbid-showModalDialog.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        - Move the DOMWindow::canShowModalDialog() check *before* checking
          for static properties as showModalDialog is now in the static
          property table after r196648.
        - Add check for Base::getOwnPropertySlot() first to support overriding
          window.showModalDialog (This behavior matches Firefox).
        - Return false if DOMWindow::canShowModalDialog() returns false as this
          seems cleaner than claiming that the property is there but undefined.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::canShowModalDialogNow): Deleted.
        This was indentical to canShowModalDialog().

        (WebCore::DOMWindow::canShowModalDialog):
        (WebCore::DOMWindow::setCanShowModalDialogOverride):
        (WebCore::DOMWindow::showModalDialog):
        * page/DOMWindow.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setCanShowModalDialogOverride):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add support for overriding the ChromeClient's canShowModalDialog
        decision and hook it up to Internals to add layout test coverage.

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: More WK2 IPC Scaffolding.
        https://bugs.webkit.org/show_bug.cgi?id=154317

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/shared/IDBCursorInfo.cpp:
        (WebCore::IDBCursorInfo::IDBCursorInfo):
        * Modules/indexeddb/shared/IDBCursorInfo.h:
        (WebCore::IDBCursorInfo::decode):
        * Modules/indexeddb/shared/IDBError.h:
        (WebCore::IDBError::decode):
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        (WebCore::IDBIndexInfo::decode):
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        (WebCore::IDBObjectStoreInfo::decode):
        * Modules/indexeddb/shared/IDBRequestData.cpp:
        (WebCore::IDBRequestData::IDBRequestData):
        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::decode):
        * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
        (WebCore::IDBResourceIdentifier::IDBResourceIdentifier):
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:
        (WebCore::IDBResourceIdentifier::decode):
        * Modules/indexeddb/shared/IDBResultData.cpp:
        (WebCore::IDBResultData::IDBResultData):
        * Modules/indexeddb/shared/IDBResultData.h:
        (WebCore::IDBResultData::decode):
        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::IDBTransactionInfo):
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::decode):
        * WebCore.xcodeproj/project.pbxproj:

2016-02-17  Eric Carlson  <eric.carlson@apple.com>

        [Win] Allow ports to disable automatic text track selection
        https://bugs.webkit.org/show_bug.cgi?id=154322
        <rdar://problem/24623986>

        Reviewed by Brent Fulgham.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (MTEnableCaption2015BehaviorPtr): Implement for Windows.

2016-02-17  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::put should not do the same thing twice
        https://bugs.webkit.org/show_bug.cgi?id=154334

        Reviewed by Chris Dumez.

        It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
        In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
        table entries.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::put):
            - just call Base::put.
        (WebCore::JSDOMWindow::putByIndex):
            - just call Base::putByIndex.

2016-02-17  Nan Wang  <n_wang@apple.com>

        AX: Implement sentence related text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=154312

        Reviewed by Chris Fleizach.

        Using CharacterOffset to implement sentence related text marker calls. Reused
        logic from VisibleUnits class. Also fixed an issue where paragraph navigation
        should skip preceding and following BR nodes.

        Test: accessibility/mac/text-marker-sentence-nav.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::resetNodeAndOffsetForReplacedNode):
        (WebCore::setRangeStartOrEndWithCharacterOffset):
        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
        (WebCore::AXObjectCache::previousCharacterOffset):
        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
        (WebCore::AXObjectCache::leftWordRange):
        (WebCore::AXObjectCache::rightWordRange):
        (WebCore::AXObjectCache::characterBefore):
        (WebCore::characterOffsetNodeIsBR):
        (WebCore::parentEditingBoundary):
        (WebCore::AXObjectCache::nextBoundary):
        (WebCore::AXObjectCache::previousBoundary):
        (WebCore::AXObjectCache::paragraphForCharacterOffset):
        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
        (WebCore::AXObjectCache::startCharacterOffsetOfSentence):
        (WebCore::AXObjectCache::endCharacterOffsetOfSentence):
        (WebCore::AXObjectCache::sentenceForCharacterOffset):
        (WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
        (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
        (WebCore::AXObjectCache::rootAXEditableElement):
        (WebCore::startWordBoundary): Deleted.
        (WebCore::endWordBoundary): Deleted.
        (WebCore::AXObjectCache::nextWordBoundary): Deleted.
        (WebCore::AXObjectCache::previousWordBoundary): Deleted.
        * accessibility/AXObjectCache.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        * editing/VisibleUnits.cpp:
        (WebCore::startWordBoundary):
        (WebCore::startOfWord):
        (WebCore::endWordBoundary):
        (WebCore::startSentenceBoundary):
        (WebCore::startOfSentence):
        (WebCore::endSentenceBoundary):
        * editing/VisibleUnits.h:

2016-02-17  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] GridSpan refactoring
        https://bugs.webkit.org/show_bug.cgi?id=153868

        Reviewed by Sergio Villar Senin.

        Add new enum to know if a GridSpan is definite or indefinite.
        That way we don't need GridUnresolvedSpan class (which is removed).
        We can always have two GridSpans in GridCoordinate,
        if the position is "auto" the GridSpan will be marked as indefinite.
        This will allow in a follow-up patch to avoid repeated calls
        to methods that resolve positions.

        Most operations in GridSpan are restricted to definite GridSpans (access
        to positions, iterator, etc.). For indefinite GridSpans we only need to
        know that they're indefinite, we shouldn't use the rest of the data.

        No new tests, no change of behavior.

        * css/CSSGridTemplateAreasValue.cpp:
        (WebCore::stringForPosition):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateAreasRow):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        (WebCore::RenderGrid::insertItemIntoGrid):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
        (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
        (WebCore::RenderGrid::populateGridPositions): Deleted.
        * rendering/style/GridCoordinate.h:
        (WebCore::GridSpan::definiteGridSpan):
        (WebCore::GridSpan::indefiniteGridSpan):
        (WebCore::GridSpan::operator==):
        (WebCore::GridSpan::integerSpan):
        (WebCore::GridSpan::resolvedInitialPosition):
        (WebCore::GridSpan::resolvedFinalPosition):
        (WebCore::GridSpan::begin):
        (WebCore::GridSpan::end):
        (WebCore::GridSpan::isDefinite):
        (WebCore::GridSpan::GridSpan):
        (WebCore::GridCoordinate::GridCoordinate):
        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::initialPositionSide):
        (WebCore::finalPositionSide):
        (WebCore::adjustGridPositionsFromStyle):
        (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveGridPositionAgainstOppositePosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
        (WebCore::implicitNamedGridLineForSide): Deleted.
        (WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
        (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
        (WebCore::resolveGridPositionFromStyle): Deleted.
        * rendering/style/GridResolvedPosition.h:
        (WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
        (WebCore::GridResolvedPosition::operator*): Deleted.
        (WebCore::GridResolvedPosition::operator++): Deleted.
        (WebCore::GridResolvedPosition::operator==): Deleted.

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Window should have its 'constructor' property on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154037
        <rdar://problem/24689078>

        Reviewed by Gavin Barraclough.

        Window should have its 'constructor' property on the prototype as per
        the Web IDL specification:
        http://heycam.github.io/webidl/#interface-prototype-object

        Firefox and Chrome already match the specification.

        No new tests, covered by:
        - fast/dom/Window/window-constructor-settable.html
        - fast/dom/Window/window-constructor.html
        - http/tests/security/cross-origin-window-property-access.html
        - imported/w3c/web-platform-tests/html/dom/interfaces.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (ConstructorShouldBeOnInstance): Deleted.
        Drop this routine as all constructors are now on the prototype.

        (InstancePropertyCount):
        Do not account for constructor properties as these can only be
        on the prototype now.

        (PrototypePropertyCount):
        Increment the property count by 1 if the interface has a constructor
        property (e.g. [NoInterfaceObject] interfaces do not have one).

        (GeneratePropertiesHashTable):
        Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
        Always generated the "constructor" property if:
        1. We are generating the prototype hash table.
        and
        2. The interface needs a constructor (i.e. not marked as
           [NoInterfaceObject]).

        (GenerateImplementation):
        - Drop code handling the case where ConstructorShouldBeOnInstance()
          returns true as constructors are not always on the prototype and
          the ConstructorShouldBeOnInstance() routine has been dropped.
        - Drop code handling [CustomProxyToJSObject]. Now that the constructor
          is always on the prototype, we never need to cast thisValue to a
          JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue
          is now casted to a JSDOMWindowPrototype*, similarly to other interfaces
          so we don't need a special casting function anymore.
        - Stop generating security checks. This only impacts Window as it is the
          only interface marked as [CheckSecurity]. The cross-origin checking code
          as it was would not work when "constructor" is on the prototype because
          thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no
          way of getting the wrapped window. Also, the security check is no longer
          needed because:
          1. Accessing crossOriginWindow.constructor will not work now that
             constructor is on the prototype because
             JSDOMWindow::getOwnPropertySlot() already prevents access to the
             prototype in the cross-origin case.
          2. "constructor" is a value property, not a getter/setter. Therefore,
             it is no possible to use the getter/setter from a same origin window
             instance and call it on a cross origin window.

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Add a way to test ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=153479

        Reviewed by Michael Catanzaro.

        Tests: fast/scrolling/overlay-scrollbars-scroll-corner.html
               fast/scrolling/scroll-animator-basic-events.html
               fast/scrolling/scroll-animator-overlay-scrollbars-hovered.html
               fast/scrolling/scroll-animator-select-list-events.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * page/FrameView.cpp:
        (WebCore::FrameView::usesMockScrollAnimator):
        (WebCore::FrameView::logMockScrollAnimatorMessage):
        * page/FrameView.h:
        * page/Settings.cpp:
        (WebCore::Settings::setUsesMockScrollAnimator):
        (WebCore::Settings::usesMockScrollAnimator):
        * page/Settings.h:
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollAnimator):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::usesMockScrollAnimator):
        (WebCore::ScrollableArea::logMockScrollAnimatorMessage):
        * platform/mock/ScrollAnimatorMock.cpp: Added.
        (WebCore::ScrollAnimatorMock::create):
        (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
        (WebCore::ScrollAnimatorMock::~ScrollAnimatorMock):
        (WebCore::ScrollAnimatorMock::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorMock::didAddHorizontalScrollbar):
        (WebCore::ScrollAnimatorMock::willRemoveVerticalScrollbar):
        (WebCore::ScrollAnimatorMock::willRemoveHorizontalScrollbar):
        (WebCore::ScrollAnimatorMock::mouseEnteredContentArea):
        (WebCore::ScrollAnimatorMock::mouseMovedInContentArea):
        (WebCore::ScrollAnimatorMock::mouseExitedContentArea):
        (WebCore::ScrollAnimatorMock::mouseEnteredScrollbar):
        (WebCore::ScrollAnimatorMock::mouseExitedScrollbar):
        (WebCore::ScrollAnimatorMock::mouseIsDownInScrollbar):
        * platform/mock/ScrollAnimatorMock.h: Added.
        * platform/mock/ScrollbarThemeMock.cpp:
        (WebCore::ScrollbarThemeMock::usesOverlayScrollbars):
        * platform/mock/ScrollbarThemeMock.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::usesMockScrollAnimator):
        (WebCore::RenderLayer::logMockScrollAnimatorMessage):
        * rendering/RenderLayer.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::usesMockScrollAnimator):
        (WebCore::RenderListBox::logMockScrollAnimatorMessage):
        * rendering/RenderListBox.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setUsesMockScrollAnimator):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Enable overlay scrollbars in GTK+ after r196641.

        This was blocked by bug #153404, but the commit that introduced
        the regression was rolled out in r196641.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):

2016-02-16  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154257

        Reviewed by Chris Dumez.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
            - JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot

2016-02-16  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::getOwnPropertySlot should not search photo chain
        https://bugs.webkit.org/show_bug.cgi?id=154102

        Reviewed by Chris Dumez.

        Should only return *own* properties.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):

2016-02-16  Alex Christensen  <achristensen@webkit.org>

        CMake build fix.

        * PlatformMac.cmake:

2016-02-16  Chris Dumez  <cdumez@apple.com>

        Navigator.geolocation should not be marked a [Replaceable] and should be on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154304
        <rdar://problem/24685092>

        Reviewed by Gavin Barraclough.

        1. Drop the [Replaceable] IDL extended attribute for navigator.geolocation
           as this does not match other browsers or the specification:
           - https://dev.w3.org/geo/api/spec-source.html#geolocation_interface
        2. Move Navigator attributes to the prototype, where they should be as
           per the Web IDL specification.

        The previous behavior was meant as a workaround for a bug in the Amazon
        iOS app (rdar://problem/16332749). However, I have confirmed that the
        latest Amazon App no longer has any issue with those changes.

        Test: js/navigator-set-geolocation.html

        * Modules/geolocation/NavigatorGeolocation.idl:
        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.

2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
        https://bugs.webkit.org/show_bug.cgi?id=154221

        Reviewed by Brent Fulgham.

        In r196268, a destructor was added to SVGListPropertyTearOff that notifies
        its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
        allows the wrapper to nullify any references to the wrapped content.
        
        We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
        SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
        SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
        which needs to be notified.
        
        Tests: exiting svg path animation tests should not crash.

        * svg/properties/SVGPathSegListPropertyTearOff.h:
        (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):

2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
        https://bugs.webkit.org/show_bug.cgi?id=154185

        Reviewed by Ryosuke Niwa.

        This is a regression caused by adding support for HTMLSlotElement. The
        crash happens when adding an HTMLSlotElement to anther element which should
        not have it as a child like SVGTextElement for example. In this case, we
        were creating a RenderText which should not be happen inside an SVG document.
        The RenderText::createTextBox() was creating InlineTextBox for the slot's
        text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
        the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
        But since we have an InlineTextBox instead, the crash happens when casting
        the InlineTextBox to SVGInlineFlowBox.

        The fix is for createRenderTreeForSlotAssignees() to not create a renderer
        when the parent element should not have a renderer for the this element.
        This is the same thing we do for createRenderer() which handles the non
        HTMLSlotElement case and which is called also from createRenderTreeRecursively().
        
        Test: fast/shadow-dom/text-slot-child-crash.svg

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::moveToFlowThreadIfNeeded):
        (WebCore::Style::TreeResolver::createRenderer): Delete the check for
        shouldCreateRenderer() and handling the case when resolvedStyle is null
        since these are handled by the caller createRenderTreeRecursively().
        
        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
        Assert shouldCreateRenderer() is true for this element.
        
        (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
        the renderer if shouldCreateRenderer() returns false. Also handle the case
        when resolvedStyle is null and pass the new style to createRenderer().
        
        * style/StyleTreeResolver.h:

2016-02-16  Simon Fraser  <simon.fraser@apple.com>

        Every RenderLayer should not have to remove itself from the scrollableArea set
        https://bugs.webkit.org/show_bug.cgi?id=154311

        Reviewed by Zalan Bujtas.

        A subset of RenderLayers are are scrollable, and get registered on the FrameView,
        but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
        
        Store a bit that tells RenderLayer that it's in the set and needs to be removed.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::~RenderLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Update violation report 'Content-Type' header
        https://bugs.webkit.org/show_bug.cgi?id=153166
        <rdar://problem/24383327>

        Reviewed by Brent Fulgham.

        Inspired by Blink patch:
        <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>

        Post the Content Security Policy violation report with Content-Type application/csp-report as
        per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Currently we post CSP violation reports with Content-Type application/json.

        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
        * loader/PingLoader.cpp:
        (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
        to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
        we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
        application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
        as opposed to a constant string literal to avoid a copy of a constant string literal.
        * loader/PingLoader.h: Add enum class ViolationReportType.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.

2016-02-16  Alex Christensen  <achristensen@webkit.org>

        Add checks before redirecting with NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=154298

        Reviewed by Andy Estes.

        This fixes http/tests/security/cors-post-redirect-307.html and 
        http/tests/navigation/post-307-response.html when using NetworkSession.

        * platform/network/ResourceRequestBase.h:
        WEBCORE_EXPORT some functions newly used in WebKit2.

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Fix parsing of 'host/path' source expressions
        https://bugs.webkit.org/show_bug.cgi?id=153170
        <rdar://problem/24383407>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Mike West):
        <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>

        Fixes an issue where a source of the form example.com/A/ was incorrectly considered
        invalid and hence such a requested resource would be blocked. A source of this form
        is valid by the definition of host-source in section Source List Syntax of the Content
        Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::parseSource):

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Disallow an empty host in a host-source source expression
        https://bugs.webkit.org/show_bug.cgi?id=153168
        <rdar://problem/24383366>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by rob@robwu.nl):
        <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::parseSource):

2016-02-16  Brady Eidson  <beidson@apple.com>

        Modern IDB: WK2 IPC Scaffolding.
        https://bugs.webkit.org/show_bug.cgi?id=154296

        Reviewed by Alex Christensen.
        
        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/server/IDBConnectionToClient.h:
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:

2016-02-16  Chris Dumez  <cdumez@apple.com>

        [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
        https://bugs.webkit.org/show_bug.cgi?id=154120
        <rdar://problem/24613231>

        Reviewed by Gavin Barraclough.

        Operations should be on the instance for global objects or if
        [Unforgeable] as per the Web IDL specification:
        - http://heycam.github.io/webidl/#es-operations
        - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface

        This patch implements this behavior in order to align
        with the specification and other browsers.

        No new tests, already covered by existing tests.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        Update function names now that they have "Instance" in their
        name instead of "Prototype".

        (WebCore::JSDOMWindow::getOwnPropertySlot):
        - Update function names now that they have "Instance" in their
          name instead of "Prototype".
        - Move the functions hard-coding *before* the static table check
          now that these functions are in the static table to maintain
          the previous behavior.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        Update function names now that they have "Instance" in their
        name instead of "Prototype".

        * bindings/scripts/CodeGeneratorJS.pm:
        - Move functions to the instance if their interface is a global
          object or if they are marked as [Unforgeable]. Operations are
          now treated more like attributes, as they can now be either on
          the instance or the prototype. In a lot of places, I now use
          the naming "properties" instead of "attributes" as "properties"
          refer both "attributes" and "operations" / "functions".

        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        Rebaseline bindings tests.

2016-02-16  Simon Fraser  <simon.fraser@apple.com>

        Rollout r188659. This broke scrolling of iframes and overflow when
        navigating back to a page in the page cache.
        
        The fix was overly agressive and had no layout test. I will fix the original
        issue a different way.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        * page/FrameView.cpp:
        (WebCore::FrameView::clearScrollableAreas): Deleted.
        * page/FrameView.h:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] No hover-horizontal scrolling available
        https://bugs.webkit.org/show_bug.cgi?id=122859

        Reviewed by Michael Catanzaro.

        This is a regression of WebKit2, because in WebKit1 we used native
        widgets for frame scrollbars that handled this automatically. Now
        we need to also check if the mouse is over frame scrollbars to
        adjust the wheel event.

        Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
        event to platformCompleteWheelEvent().
        * page/gtk/EventHandlerGtk.cpp:
        (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
        Check also frame scrollbars.

2016-02-16  Antti Koivisto  <antti@apple.com>

        Factor id mutation style invalidation code into a class
        https://bugs.webkit.org/show_bug.cgi?id=154287

        Reviewed by Andreas Kling.

        Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.

        It would be easy to implement fine grained invalidation like with classes and attribute selectors.
        However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
        the required data structures.

        Test: fast/css/style-invalidation-id-change-descendants.html

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        * css/RuleFeature.h:
        * dom/Element.cpp:
        (WebCore::makeIdForStyleResolution):
        (WebCore::Element::attributeChanged):
        (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
        * style/IdChangeInvalidation.cpp: Added.
        (WebCore::Style::IdChangeInvalidation::invalidateStyle):
        * style/IdChangeInvalidation.h: Added.
        (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
        (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):

2016-02-16  Andreas Kling  <akling@apple.com>

        Drop StyleResolver and SelectorQueryCache when entering PageCache.
        <https://webkit.org/b/154238>

        Reviewed by Antti Koivisto.

        Stop keeping these around for cached pages to save lots of memory.
        We can easily rebuild them if a cached navigation occurs, and this
        way we also don't need to worry about invalidating style for cached
        pages in all the right places.

        Restoring a cached page will now lead to a forced style recalc.
        We don't try to defer this (beyond a zero-timer) since it's going
        to happen anyway, and it's nicer to front-load the cost rather than
        stuttering on the first user content interaction.

        * dom/Document.cpp:
        (WebCore::Document::setInPageCache):
        * history/CachedPage.cpp:
        (WebCore::CachedPage::restore):
        (WebCore::CachedPage::clear): Deleted.
        * history/CachedPage.h:
        (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
        (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
        * history/PageCache.cpp:
        (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
        (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
        * history/PageCache.h:
        * page/Frame.cpp:
        (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
        * page/Page.cpp:
        (WebCore::Page::setViewScaleFactor): Deleted.
        (WebCore::Page::setDeviceScaleFactor): Deleted.
        (WebCore::Page::setPagination): Deleted.
        (WebCore::Page::setPaginationLineGridEnabled): Deleted.
        (WebCore::Page::setVisitedLinkStore): Deleted.

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
        https://bugs.webkit.org/show_bug.cgi?id=115363

        Reviewed by Michael Catanzaro.

        Allow ScrollbarTheme to decide the behavior of a button press event,
        instead of only deciding whether to center on thumb or not. This
        way we can match the current GTK+ behavior in WebKit, without
        affecting other ports.

        * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
        event for the pressed part and do the requested action.
        * platform/ScrollbarTheme.cpp:
        (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
        implementation. It's equivalent to the previous default implementation.
        * platform/ScrollbarTheme.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
        GTK+ behavior: left click centers on thumb and right click
        scrolls. Dragging the thumb works for left and middle buttons.
        * platform/gtk/ScrollbarThemeGtk.h:
        * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
        and don't override handleMousePressEvent since iOS wants the
        default behavior.
        * platform/ios/ScrollbarThemeIOS.mm:
        * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
        and remove shouldCenterOnThumb.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::shouldCenterOnThumb): Same implementation just made it
        static to be used as helper.
        (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
        desired action keeping the same behavior.
        * platform/win/ScrollbarThemeWin.cpp:
        (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
        * platform/win/ScrollbarThemeWin.h:
        * rendering/RenderScrollbarTheme.h:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Mouse cursor doesn't change when entering scrollbars
        https://bugs.webkit.org/show_bug.cgi?id=154243

        Reviewed by Simon Fraser.

        If the scrollbar is over or very close to text or a link, when
        entering the scrollbar the cursor is not changed, keeping the beam
        or hand cursor when using the scrollbar. Same happens for image
        documents where the magnifier cursor is used and it remains when
        entering the scrollbars. We should use pointer cursor always for
        scrollbars.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateCursor): Request also to include
        frame scrollbars in hit test result.
        (WebCore::EventHandler::selectCursor): Use always pointer cursor
        for scrollbars.

2016-02-15  Antti Koivisto  <antti@apple.com>

        Optimize style invalidations for attribute selectors
        https://bugs.webkit.org/show_bug.cgi?id=154242

        Reviewed by Andreas Kling.

        Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
        This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
        should be performant.

        This patch implements optimization strategy for attributes similar to what we already have for classes:

        - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
        - When an attribute value changes check if there are any such rules for it.
        - Check if the value change affects the results of any of the attribute selectors.
        - Only if it does invalidate the exact descendant elements affected by the rules.

        Test: fast/css/style-invalidation-attribute-change-descendants.html

        * WebCore.xcodeproj/project.pbxproj:
        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::ancestorClassRules):
        (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):

            Create optimization RuleSets when needed.

        * css/DocumentRuleSets.h:
        (WebCore::DocumentRuleSets::uncommonAttribute):
        (WebCore::DocumentRuleSets::features):
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::makeAttributeSelectorKey):
        (WebCore::RuleFeatureSet::collectFeatures):

            Collect rules with descendant affecting attribute selectors.

        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        (WebCore::RuleFeatureSet::shrinkToFit):
        * css/RuleFeature.h:
        * css/SelectorChecker.cpp:
        (WebCore::anyAttributeMatches):
        (WebCore::SelectorChecker::attributeSelectorMatches):

            Expose function for matching single attribute selectors.

        (WebCore::canMatchHoverOrActiveInQuirksMode):
        * css/SelectorChecker.h:
        * dom/Attr.cpp:
        (WebCore::Attr::setValue):
        (WebCore::Attr::childrenChanged):
        * dom/Element.cpp:
        (WebCore::Element::setAttributeInternal):
        (WebCore::makeIdForStyleResolution):
        (WebCore::Element::attributeChanged):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttribute):

            Add AttributeChangeInvalidation where needed.

        (WebCore::Element::needsStyleInvalidation):

            Move to Element from ClassChangeInvalidation.

        (WebCore::Element::willModifyAttribute):

            No more full style invalidation on attribute change.

        * style/AttributeChangeInvalidation.cpp: Added.
        (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):

            Invalidate local style.
            Check if we need to invalidate descendants by looking into ancestorAttributeRules.

        (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):

            Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.

        * style/AttributeChangeInvalidation.h: Added.
        (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
        (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
        (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):

            If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.

2016-02-16  Chris Dumez  <cdumez@apple.com>

        Do security checks early in JSDOMWindow::put*()
        https://bugs.webkit.org/show_bug.cgi?id=154270

        Reviewed by Gavin Barraclough.

        Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
        and return as soon as possible. This makes it less error-prone as we need
        to do the security check only once, at the top of the function.

        Also lock down the security further by calling lookupPut() only if the
        property name is "location". The "location" property is the only one that
        can be set cross-origin. Previously, trying to set a property such as
        "name" (which cannot be set cross-origin) relied on the attribute setter
        doing the security check when getting called. The new check is less error
        prone and will correctly prevent overriding window's method cross-origin
        once these move down from the prototype (Bug 154120).

        Finally, the previous code was failing to set the "location" property
        cross-origin after the window has been reified. This patch fixes the
        issue by always calling the original "location" property setter from the
        static table in the cross-origin case.

        Test: http/tests/security/cross-origin-reified-window-location-setting.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::put):
        (WebCore::JSDOMWindow::putByIndex):

2016-02-15  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Gather some rudimentary statistics during resource load 
        https://bugs.webkit.org/show_bug.cgi?id=153575
        <rdar://problem/24075254>

        Reviewed by Brady Eidson.

        Tested by: http/tests/navigation/statistics.html

        * CMakeLists.txt:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
        with the ResourceLoadObserver.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
        user interacted with the document.
        * loader/ResourceLoadObserver.cpp: Added.
        * loader/ResourceLoadObserver.h: Added.
        * loader/ResourceLoadStatistics.cpp: Added.
        * loader/ResourceLoadStatistics.h: Added.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
        * page/Settings.cpp:
        (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
        * page/Settings.h:
        (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
        * platform/Logging.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resourceLoadStatisticsForOrigin):
        (WebCore::Internals::setResourceLoadStatisticsEnabled):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-15  Chris Dumez  <cdumez@apple.com>

        The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
        https://bugs.webkit.org/show_bug.cgi?id=154250
        <rdar://problem/24660829>

        Reviewed by Eric Carlson.

        The following properties should exist on the global object:
        - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack

        These interfaces are not marked as [NoInterfaceObject] in:
        - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects

        No new tests, already covered by existing tests.

        * html/track/AudioTrack.idl:
        * html/track/AudioTrackList.idl:
        * html/track/VideoTrack.idl:
        * html/track/VideoTrackList.idl:

2016-02-15  Sam Weinig  <sam@webkit.org>

        Stop using NSMapTable in places where we were only using it to be GC safe
        <rdar://problem/24063723>
        https://bugs.webkit.org/show_bug.cgi?id=154264

        Reviewed by Dan Bernstein.

        Switch from NSMapTable to HashMap.

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/objc/DOMInternal.h:
        * bindings/objc/DOMInternal.mm:
        * bindings/objc/WebScriptObject.mm:
        * bridge/objc/objc_instance.mm:
        * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.

2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] Implement FontFace JavaScript object
        https://bugs.webkit.org/show_bug.cgi?id=153345

        Reviewed by Antti Koivisto.

        Test: fast/text/font-face-javascript.html

        This patch implements the FontFace Javascript object. This object mostly consists of
        style getters / setters, which we implement by parsing input strings and generating
        output strings similarly to getComputedStyle(). This object also has a load() function
        which returns a promise which will be fulfilled or rejected depending on the load.
        There is also a "loaded" attribute which exposes this promise directly. Also, a status
        field is exposed so script knows what the state of the load is.

        Currently, loading depends on our CachedResourceLoader which is part of the Document,
        so this API is not available in a non-document context.

        Another caveat is that immediate-mode font loading (where the content provides an
        ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
        changing the relationship between CSSFontFaceSource and CachedFont.

        CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
        is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
        the CSSFontSelector is removed from the Document, it explicitly clears its constituent
        CSSFontFaces, thereby breaking the reference cycle.

        Test: fast/text/font-face-javascript-expected.html

        * CMakeLists.txt: Add new files.
        * DerivedSources.cpp: Ditto.
        * DerivedSources.make: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/JSDOMPromise.cpp:
        (WebCore::DeferredWrapper::globalObject): Remove whitespace.
        (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
        * bindings/js/JSDOMPromise.h:
        (WebCore::DOMPromise::deferred): Ditto.
        * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
        (WebCore::JSFontFace::loaded):
        (WebCore::JSFontFace::load):
        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::CSSFontFace): 
        (WebCore::CSSFontFace::adoptSource):
        (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
        (WebCore::CSSFontFace::fontLoaded):
        (WebCore::CSSFontFace::pump):
        (WebCore::CSSFontFace::load):
        * css/CSSFontFace.h:
        (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::status):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
        (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
        (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
        (WebCore::CSSFontSelector::kick): Ditto.
        (WebCore::appendSources): Deleted.
        (WebCore::registerLocalFontFacesForFamily): Deleted.
        * css/CSSFontSelector.h:
        * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
        * css/FontFace.cpp:
        (WebCore::createPromise): Implement the remaining Javascript API functions.
        (WebCore::valueFromDictionary):
        (WebCore::FontFace::create):
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::parseString):
        (WebCore::FontFace::status):
        (WebCore::FontFace::kick):
        (WebCore::FontFace::load):
        (WebCore::FontFace::fulfillPromise):
        (WebCore::FontFace::rejectPromise):
        (WebCore::parseString): Deleted.
        * css/FontFace.h:
        (WebCore::FontFace::promise):
        (WebCore::FontFace::backing):
        (WebCore::FontFace::create): Deleted.
        * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.

2016-02-15  Jer Noble  <jer.noble@apple.com>

        Null-deref crash in DefaultAudioDestinationNode::suspend()
        https://bugs.webkit.org/show_bug.cgi?id=154248

        Reviewed by Alex Christensen.

        Drive-by fix: AudioContext should be a reference, not a pointer.

        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::AnalyserNode):
        * Modules/webaudio/AnalyserNode.h:
        (WebCore::AnalyserNode::create):
        * Modules/webaudio/AudioBasicInspectorNode.cpp:
        (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
        (WebCore::AudioBasicInspectorNode::connect):
        (WebCore::AudioBasicInspectorNode::disconnect):
        (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
        (WebCore::AudioBasicInspectorNode::updatePullStatus):
        * Modules/webaudio/AudioBasicInspectorNode.h:
        * Modules/webaudio/AudioBasicProcessorNode.cpp:
        (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
        (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::create):
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        (WebCore::AudioBufferSourceNode::renderFromBuffer):
        (WebCore::AudioBufferSourceNode::setBuffer):
        (WebCore::AudioBufferSourceNode::startPlaying):
        (WebCore::AudioBufferSourceNode::looping):
        (WebCore::AudioBufferSourceNode::setLooping):
        * Modules/webaudio/AudioBufferSourceNode.h:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::AudioContext):
        (WebCore::AudioContext::createBufferSource):
        (WebCore::AudioContext::createMediaElementSource):
        (WebCore::AudioContext::createMediaStreamDestination):
        (WebCore::AudioContext::createScriptProcessor):
        (WebCore::AudioContext::createBiquadFilter):
        (WebCore::AudioContext::createWaveShaper):
        (WebCore::AudioContext::createPanner):
        (WebCore::AudioContext::createConvolver):
        (WebCore::AudioContext::createDynamicsCompressor):
        (WebCore::AudioContext::createAnalyser):
        (WebCore::AudioContext::createGain):
        (WebCore::AudioContext::createDelay):
        (WebCore::AudioContext::createChannelSplitter):
        (WebCore::AudioContext::createChannelMerger):
        (WebCore::AudioContext::createOscillator):
        * Modules/webaudio/AudioContext.h:
        (WebCore::operator==):
        (WebCore::operator!=):
        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::AudioDestinationNode):
        (WebCore::AudioDestinationNode::render):
        (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::AudioNode):
        (WebCore::AudioNode::connect):
        (WebCore::AudioNode::disconnect):
        (WebCore::AudioNode::setChannelCount):
        (WebCore::AudioNode::setChannelCountMode):
        (WebCore::AudioNode::setChannelInterpretation):
        (WebCore::AudioNode::scriptExecutionContext):
        (WebCore::AudioNode::processIfNecessary):
        (WebCore::AudioNode::checkNumberOfChannelsForInput):
        (WebCore::AudioNode::propagatesSilence):
        (WebCore::AudioNode::pullInputs):
        (WebCore::AudioNode::enableOutputsIfNecessary):
        (WebCore::AudioNode::deref):
        (WebCore::AudioNode::finishDeref):
        * Modules/webaudio/AudioNode.h:
        (WebCore::AudioNode::context):
        * Modules/webaudio/AudioNodeInput.cpp:
        (WebCore::AudioNodeInput::connect):
        (WebCore::AudioNodeInput::disconnect):
        (WebCore::AudioNodeInput::disable):
        (WebCore::AudioNodeInput::enable):
        (WebCore::AudioNodeInput::updateInternalBus):
        (WebCore::AudioNodeInput::bus):
        (WebCore::AudioNodeInput::internalSummingBus):
        (WebCore::AudioNodeInput::sumAllConnections):
        (WebCore::AudioNodeInput::pull):
        * Modules/webaudio/AudioNodeOutput.cpp:
        (WebCore::AudioNodeOutput::setNumberOfChannels):
        (WebCore::AudioNodeOutput::updateNumberOfChannels):
        (WebCore::AudioNodeOutput::propagateChannelCount):
        (WebCore::AudioNodeOutput::pull):
        (WebCore::AudioNodeOutput::bus):
        (WebCore::AudioNodeOutput::fanOutCount):
        (WebCore::AudioNodeOutput::paramFanOutCount):
        (WebCore::AudioNodeOutput::addInput):
        (WebCore::AudioNodeOutput::removeInput):
        (WebCore::AudioNodeOutput::disconnectAllInputs):
        (WebCore::AudioNodeOutput::addParam):
        (WebCore::AudioNodeOutput::removeParam):
        (WebCore::AudioNodeOutput::disconnectAllParams):
        (WebCore::AudioNodeOutput::disable):
        (WebCore::AudioNodeOutput::enable):
        * Modules/webaudio/AudioNodeOutput.h:
        (WebCore::AudioNodeOutput::context):
        * Modules/webaudio/AudioParam.cpp:
        (WebCore::AudioParam::value):
        (WebCore::AudioParam::smooth):
        (WebCore::AudioParam::calculateSampleAccurateValues):
        (WebCore::AudioParam::calculateFinalValues):
        (WebCore::AudioParam::calculateTimelineValues):
        (WebCore::AudioParam::connect):
        (WebCore::AudioParam::disconnect):
        * Modules/webaudio/AudioParam.h:
        (WebCore::AudioParam::create):
        (WebCore::AudioParam::AudioParam):
        * Modules/webaudio/AudioParamTimeline.cpp:
        (WebCore::AudioParamTimeline::valueForContextTime):
        * Modules/webaudio/AudioParamTimeline.h:
        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
        (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
        (WebCore::AudioScheduledSourceNode::start):
        (WebCore::AudioScheduledSourceNode::finish):
        * Modules/webaudio/AudioScheduledSourceNode.h:
        * Modules/webaudio/AudioSummingJunction.cpp:
        (WebCore::AudioSummingJunction::AudioSummingJunction):
        (WebCore::AudioSummingJunction::~AudioSummingJunction):
        (WebCore::AudioSummingJunction::changedOutputs):
        (WebCore::AudioSummingJunction::updateRenderingState):
        * Modules/webaudio/AudioSummingJunction.h:
        (WebCore::AudioSummingJunction::context):
        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::BiquadFilterNode):
        * Modules/webaudio/BiquadFilterNode.h:
        (WebCore::BiquadFilterNode::create):
        * Modules/webaudio/BiquadProcessor.cpp:
        (WebCore::BiquadProcessor::BiquadProcessor):
        * Modules/webaudio/BiquadProcessor.h:
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        (WebCore::ChannelMergerNode::ChannelMergerNode):
        (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        (WebCore::ChannelSplitterNode::ChannelSplitterNode):
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::ConvolverNode):
        (WebCore::ConvolverNode::setBuffer):
        * Modules/webaudio/ConvolverNode.h:
        (WebCore::ConvolverNode::create):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
        (WebCore::DefaultAudioDestinationNode::resume):
        (WebCore::DefaultAudioDestinationNode::suspend):
        (WebCore::DefaultAudioDestinationNode::close):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        (WebCore::DefaultAudioDestinationNode::create):
        * Modules/webaudio/DelayNode.cpp:
        (WebCore::DelayNode::DelayNode):
        * Modules/webaudio/DelayNode.h:
        (WebCore::DelayNode::create):
        * Modules/webaudio/DelayProcessor.cpp:
        (WebCore::DelayProcessor::DelayProcessor):
        * Modules/webaudio/DelayProcessor.h:
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        * Modules/webaudio/DynamicsCompressorNode.h:
        (WebCore::DynamicsCompressorNode::create):
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::GainNode):
        (WebCore::GainNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/GainNode.h:
        (WebCore::GainNode::create):
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::create):
        (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
        (WebCore::MediaElementAudioSourceNode::setFormat):
        * Modules/webaudio/MediaElementAudioSourceNode.h:
        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
        (WebCore::MediaStreamAudioDestinationNode::create):
        (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
        * Modules/webaudio/MediaStreamAudioDestinationNode.h:
        * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
        (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
        (WebCore::MediaStreamAudioSourceNode::setFormat):
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
        (WebCore::OfflineAudioDestinationNode::offlineRender):
        (WebCore::OfflineAudioDestinationNode::notifyComplete):
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        (WebCore::OfflineAudioDestinationNode::create):
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        (WebCore::OscillatorNode::OscillatorNode):
        * Modules/webaudio/OscillatorNode.h:
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::PannerNode):
        (WebCore::PannerNode::pullInputs):
        (WebCore::PannerNode::process):
        (WebCore::PannerNode::listener):
        (WebCore::PannerNode::setPanningModel):
        * Modules/webaudio/PannerNode.h:
        (WebCore::PannerNode::create):
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::create):
        (WebCore::ScriptProcessorNode::ScriptProcessorNode):
        (WebCore::ScriptProcessorNode::initialize):
        (WebCore::ScriptProcessorNode::fireProcessEvent):
        * Modules/webaudio/ScriptProcessorNode.h:
        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::WaveShaperNode):
        (WebCore::WaveShaperNode::setOversample):
        * Modules/webaudio/WaveShaperNode.h:
        (WebCore::WaveShaperNode::create):

2016-02-15  Jer Noble  <jer.noble@apple.com>

        Null-deref crash in DefaultAudioDestinationNode::suspend()
        https://bugs.webkit.org/show_bug.cgi?id=154248

        Reviewed by Alex Christensen.

        Null-check scriptExecutionContext() before deref.

        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::resume):
        (WebCore::DefaultAudioDestinationNode::suspend):
        (WebCore::DefaultAudioDestinationNode::close):

2016-02-15  Chris Dumez  <cdumez@apple.com>

        XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154230

        Reviewed by Alex Christensen.

        MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
        as per:
        https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget

        Firefox and Chrome already match the specification.

        No new tests, already covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestEventTarget.h: Added.
        * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
        * xml/XMLHttpRequestUpload.h:
        * xml/XMLHttpRequestUpload.idl:

2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>

        Refine SimulatedMouseEvent to support Event.isTrusted
        https://bugs.webkit.org/show_bug.cgi?id=154133
        <rdar://problem/24616246>

        Reviewed by Darin Adler.

        This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
        and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
        After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
        that we both want to tell whether the call sites are from user agent/bindings and keep the
        SimulatedMouseEvent intact.

        Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
        for the bindings. Therefore, HTMLElement.click will be treated as untrusted.

        Some of the changes in this patch referred Blink r200401:
        https://codereview.chromium.org/1285793004

        Modified test:
        LayoutTests/imported/blink/fast/events/event-trusted.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::Element::dispatchSimulatedClick):
        (WebCore::Element::dispatchSimulatedClickForBindings):
        * dom/Element.h:
        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
        * dom/EventDispatcher.h:
        * dom/MouseEvent.cpp:
        (WebCore::SimulatedMouseEvent::create): Deleted.
        (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
        (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
        * dom/MouseEvent.h:
        * dom/SimulatedClick.cpp: Added.
        (WebCore::simulateMouseEvent):
        (WebCore::simulateClick):
        * dom/SimulatedClick.h: Added.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::click):

2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Web Workers have no access to console for debugging
        https://bugs.webkit.org/show_bug.cgi?id=26237

        Reviewed by Timothy Hatcher.

        This adds the most basic console message support to Workers.
        Messages logged from workers get surfaced through the Page's console.
        This lacks support for logging and interacting with arguments,
        which would be addressed when adding more complete Worker
        debugging tools.

        Test: inspector/console/messageAdded-from-worker.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::~WorkerScriptController):
        (WebCore::WorkerScriptController::initScript):
        Set the ConsoleClient for the Worker's global object. We route
        the messages to the Page's console.

        * bindings/js/WorkerScriptController.h:
        * workers/WorkerConsoleClient.h: Added.
        * workers/WorkerConsoleClient.cpp: Added.
        (WebCore::WorkerConsoleClient::WorkerConsoleClient):
        (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
        (WebCore::WorkerConsoleClient::profile):
        (WebCore::WorkerConsoleClient::profileEnd):
        (WebCore::WorkerConsoleClient::count):
        (WebCore::WorkerConsoleClient::time):
        (WebCore::WorkerConsoleClient::timeEnd):
        (WebCore::WorkerConsoleClient::timeStamp):
        Stub most console methods in a Worker.

        (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
        Send worker log messages to the global scope and on to the main page.

        * workers/WorkerGlobalScope.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::addConsoleMessage):
        (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
        Ideally we want to converge on simple addConsoleMessage
        APIs that just take a ConsoleMessage, without a barrage
        of parameters. Add these versions now.

2016-02-15  Alex Christensen  <achristensen@webkit.org>

        CMake build fix.

        * PlatformMac.cmake:

2016-02-15  Chris Dumez  <cdumez@apple.com>

        Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
        https://bugs.webkit.org/show_bug.cgi?id=154245

        Reviewed by Ryosuke Niwa.

        This patch adds support for calling the EventListener API without an
        explicit 'this' value. If no explicit 'this' value is passed, then we
        fall back to using the global object. This matches Chrome and Firefox's
        behavior. It also fixes the Dromaeo/cssquery-dojo.html test.

        Test: fast/dom/Window/addEventListener-implicit-this.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateFunctionCastedThis):

2016-02-14  Gavin Barraclough  <barraclough@apple.com>

        Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154224

        Reviewed by Chris Dumez.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
            - organized property access sequence into a more logical order, removed
              duplicated code & added comments.
        (WebCore::namedItemGetter): Deleted.
            - there was no need for a custom callback here; merged functionality into
              jsDOMWindowGetOwnPropertySlotNamedItemGetter.
        (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
            - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
              (this now also handles frameless access).

2016-02-15  Daniel Bates  <dabates@apple.com>

        CSP: 'sandbox' should be ignored in report-only mode
        https://bugs.webkit.org/show_bug.cgi?id=153167
        <rdar://problem/22708669>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Mike West):
        <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
        console message to the console to explain that the specified directive is invalid in
        report-only mode.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
        policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
        to log a message to the console.

2016-02-15  Daniel Bates  <dabates@apple.com>

        CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
        https://bugs.webkit.org/show_bug.cgi?id=154177
        <rdar://problem/22708772>

        Reviewed by Brent Fulgham.

        Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
        delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
        2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).

        Currently we have logic that implements this functionality, but it is guarded behind the compile-
        time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
        code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
        towards removing the ENABLE_CSP_NEXT macro entirely.

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::protocolMatchesSelf):

2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidated Linux-specific file lists.
        https://bugs.webkit.org/show_bug.cgi?id=154219

        Reviewed by Gyuyoung Kim.

        No new tests needed.

        * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
        * PlatformGTK.cmake: Ditto.
        * platform/Linux.cmake: Added.

2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
        https://bugs.webkit.org/show_bug.cgi?id=154104

        Reviewed by Myles C. Maxfield.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::CSSFontFaceSource):

2016-02-14  Antti Koivisto  <antti@apple.com>

        Add test for class change style invalidation optimization
        https://bugs.webkit.org/show_bug.cgi?id=154226

        Reviewed by Myles Maxfield.

        Test for https://trac.webkit.org/r196383

        Add internals.styleChangeType function.

        Test: fast/css/style-invalidation-class-change-descendants.html

        * testing/Internals.cpp:
        (WebCore::Internals::nodeNeedsStyleRecalc):
        (WebCore::asString):
        (WebCore::Internals::styleChangeType):
        (WebCore::Internals::description):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-14  Simon Fraser  <simon.fraser@apple.com>

        [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
        https://bugs.webkit.org/show_bug.cgi?id=154108

        Reviewed by Sam Weinig.
        
        When checking whether we can directly composite an image, we need to check for software-rendered
        filters.

        Test: compositing/filters/simple-image-with-svg-filter.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Drop the [EventTarget] WebKit-specific IDL extended attribute
        https://bugs.webkit.org/show_bug.cgi?id=154171

        Reviewed by Sam Weinig.

        Drop the [EventTarget] WebKit-specific IDL extended attribute now that
        all interfaces inherit EventTarget when they should.

        No new tests, no Web-Exposed behavior change.

        * Modules/battery/BatteryManager.idl:
        * Modules/encryptedmedia/MediaKeySession.idl:
        * Modules/indexeddb/IDBDatabase.idl:
        * Modules/indexeddb/IDBOpenDBRequest.idl:
        * Modules/indexeddb/IDBRequest.idl:
        * Modules/indexeddb/IDBTransaction.idl:
        * Modules/mediasession/MediaRemoteControls.idl:
        * Modules/mediasource/MediaSource.idl:
        * Modules/mediasource/SourceBuffer.idl:
        * Modules/mediasource/SourceBufferList.idl:
        * Modules/mediastream/MediaStream.idl:
        * Modules/mediastream/MediaStreamTrack.idl:
        * Modules/mediastream/RTCDTMFSender.idl:
        * Modules/mediastream/RTCDataChannel.idl:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/notifications/Notification.idl:
        * Modules/speech/SpeechSynthesisUtterance.idl:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/AudioNode.idl:
        * Modules/webaudio/OfflineAudioContext.idl:
        * Modules/websockets/WebSocket.idl:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (ImplementsInterface):
        (SkipFunction): Deleted.
        (GenerateCFile): Deleted.
        * bindings/scripts/CodeGeneratorJS.pm:
        (InstanceNeedsVisitChildren):
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/TestEventTarget.idl:
        * bindings/scripts/test/TestNode.idl:
        * css/FontLoader.idl:
        * dom/EventTarget.idl:
        * dom/MessagePort.idl:
        * dom/Node.idl:
        * dom/WebKitNamedFlow.idl:
        * fileapi/FileReader.idl:
        * html/MediaController.idl:
        * html/track/AudioTrackList.idl:
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.idl:
        * html/track/TextTrackList.idl:
        * html/track/VideoTrackList.idl:
        * loader/appcache/DOMApplicationCache.idl:
        * page/DOMWindow.idl:
        * page/EventSource.idl:
        * page/Performance.idl:
        * workers/WorkerGlobalScope.idl:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestUpload.idl:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix the Mac CMake build after r196136

        * PlatformMac.cmake:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix the Windows build.

        * Modules/webdatabase/Database.cpp:
        * bridge/c/c_utility.cpp:
        * platform/MemoryPressureHandler.cpp:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Window and WorkerGlobalScope should inherit EventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154170
        <rdar://problem/24642377>

        Reviewed by Darin Adler.

        Window and WorkerGlobalScope should inherit EventTarget instead of
        duplicating the EventTarget API in their IDL. These were the last
        interfaces that needed fixing. The next step will be to get rid
        of the [EventTarget] IDL extended attribute and rely entirely
        on the EventTarget inheritance.

        Test:
        - fast/frames/detached-frame-eventListener.html
        - Covered by existing tests.

        * WebCore.xcodeproj/project.pbxproj:
        Add JSEventTargetCustom.h header to the project.

        * bindings/js/JSDOMWindowCustom.cpp:
        Drop custom bindings for Window's addEventListener() and
        removeEventListener(). The only reason these needed custom
        code was to add a check for frameless windows. The frameless
        Window checks was moved to the respective methods in the
        JSEventTarget generated bindings.

        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::setWindow):
        Set WindowPrototype's prototype to EventTarget's prototype.

        * bindings/js/JSDOMWindowShell.h:
        * bindings/js/JSDictionary.cpp:
        Include "DOMWindow.h" to fix the build.

        * bindings/js/JSEventTargetCustom.cpp:
        (WebCore::JSEventTarget::toWrapped):
        Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
        and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
        now that all interfaces inherit EventTarget when they should.
        The reason DOMWindow and WorkerGlobalScope still need special
        handling is because their wrappers (JSDOMWindow /
        JSWorkerGlobalScope) do not subclass JSEventTarget.

        (WebCore::JSEventTargetOrGlobalScope::create):
        * bindings/js/JSEventTargetCustom.h: Added.
        (WebCore::JSEventTargetOrGlobalScope::wrapped):
        (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
        (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
        Add a wrapper type for JSEventTarget / JSDOMWindow and
        JSWorkerGlobalScope for use in the generated bindings. This is
        needed because JSDOMWindow and JSWorkerGlobalScope do not
        subclass JSEventTarget. Subclassing JSEventTarget would be
        complicated for them because they already subclass
        JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
        JSDOMGlobalObject.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::initScript):
        Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (ShouldGenerateToJSDeclaration):
        Do not generate to toJS() implementation for interfaces that use
        the [CustomProxyToJSObject] IDL extended attribute, even if they
        inherit EventTarget.

        (GetCastingHelperForThisObject):
        To initialize castedThis from thisValue JSValue, we now use the
        JSEventTargetOrGlobalScope wrapper for the EventTarget
        implementation. This is to work around the fact that JSDOMWindow
        and JSWorkerGlobalScope do not subclass JSEventTarget.

        (GenerateFunctionCastedThis):
        - Drop code handling [WorkerGlobalScope] IDL extended attribute
          as there is no such attribute.
        - Use auto instead of auto* type for castedThis because
          JSEventTargetOrGlobalScope::create() returns a unique_ptr.
        - Do not check that castedThis inherits JSEventTarget in the
          EventTarget bindings code as this no longer holds true.

        (GenerateImplementation):
        Generate frameless window() and security checks for EventTarget
        methods when thisValue is a JSDOMWindow.

        * dom/EventTarget.idl:
        Add [JSCustomHeader] IDL Extended attribute as we need a header
        to expose JSEventTargetOrGlobalScope class.

        * page/DOMWindow.idl:
        * workers/WorkerGlobalScope.idl:
        Inherit EventTarget and stop duplicating the EventTarget API.
        This matches the HTML specification.

2016-02-14  Darin Adler  <darin@apple.com>

        Small tweaks to some SimpleLineLayout code
        https://bugs.webkit.org/show_bug.cgi?id=154229

        Reviewed by Zalan Bujtas.

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
        Use auto instead of const auto& for a for loop where the local object is
        copied and not a reference.
        (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
        (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
        ceilf. Use a modern for loop, and use slightly more descriptive local
        variable names.
        (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
        const auto& as above.
        (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
        the name "range" for the range rather than the name "it", since the range
        is not an iterator.
        (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
        const auto& as above.
        (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
        (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.

        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
        to a StringView using the StringView constructor instead of writing out
        explicit 8-bit and 16-bit cases.

2016-02-13  Antti Koivisto  <antti@apple.com>

        Factor class change style invalidation code into a class
        https://bugs.webkit.org/show_bug.cgi?id=154163

        Reviewed by Andreas Kling.

        Factor this piece of functionality out of Element and into ClassChangeInvalidation class.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::classStringHasClassName):
        (WebCore::Element::classAttributeChanged):
        (WebCore::collectClasses): Deleted.
        (WebCore::computeClassChange): Deleted.
        (WebCore::invalidateStyleForClassChange): Deleted.
        * style/ClassChangeInvalidation.cpp: Added.
        (WebCore::Style::ClassChangeInvalidation::computeClassChange):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
        * style/ClassChangeInvalidation.h: Added.
        (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>

        [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
        https://bugs.webkit.org/show_bug.cgi?id=154222

        Reviewed by Antti Koivisto.

        Windows ImageBuffer code is sensitive to broken bounding box and
        descent code.

        Covered by existing tests.

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendHHEATable):
        (WebCore::SVGToOTFFontConverter::appendOS2Table):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

2016-02-13  Antti Koivisto  <antti@apple.com>

        Add version number for default stylesheet
        https://bugs.webkit.org/show_bug.cgi?id=154220

        Reviewed by Ryosuke Niwa.

        We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
        (for example when media controls stylesheet is initialized).

        No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
        rely on rule features being up-to-date.

        * css/CSSDefaultStyleSheets.cpp:
        (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):

            Increment version number when the default stylesheet changes.

        * css/CSSDefaultStyleSheets.h:
        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
        (WebCore::DocumentRuleSets::collectFeatures):

            Store the current default stylesheet version number.

        * css/DocumentRuleSets.h:
        (WebCore::DocumentRuleSets::features):

            Collect features again if the default stylesheet has changed.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):

2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidate building of GStreamer and OpenWebRTC code.
        https://bugs.webkit.org/show_bug.cgi?id=154116

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
        * PlatformGTK.cmake: Ditto.
        * platform/GStreamer.cmake: Added.

2016-02-13  Mark Lam  <mark.lam@apple.com>

        Add thread violation checks to WebView public APIs.
        https://bugs.webkit.org/show_bug.cgi?id=154183

        Reviewed by Timothy Hatcher.

        No new tests.  Just adding a new thread violation round.

        * platform/ThreadCheck.h:
        * platform/mac/ThreadCheck.mm:
        - Adding WebCoreThreadViolationCheckRoundThree().

2016-02-12  Nan Wang  <n_wang@apple.com>

        AX: Implement paragraph related text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=154098
        <rdar://problem/24269675>

        Reviewed by Chris Fleizach.

        Using CharacterOffset to implement paragraph related text marker calls. Reused
        logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
        to get better performance. Also fixed an issue where we can't navigate through a text
        node with line breaks in it using next/previousCharacterOffset call.

        Test: accessibility/mac/text-marker-paragraph-nav.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
        (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
        (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
        (WebCore::AXObjectCache::nextNode):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
        (WebCore::AXObjectCache::nextCharacterOffset):
        (WebCore::AXObjectCache::previousCharacterOffset):
        (WebCore::startWordBoundary):
        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
        (WebCore::AXObjectCache::previousWordBoundary):
        (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
        (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
        (WebCore::AXObjectCache::paragraphForCharacterOffset):
        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
        (WebCore::AXObjectCache::rootAXEditableElement):
        * accessibility/AXObjectCache.h:
        (WebCore::CharacterOffset::remaining):
        (WebCore::CharacterOffset::isNull):
        (WebCore::CharacterOffset::isEqual):
        (WebCore::AXObjectCache::isNodeInUse):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
        (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (startOrEndTextmarkerForRange):
        (nextTextMarkerForCharacterOffset):
        (previousTextMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
        (textMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
        * editing/VisibleUnits.cpp:
        (WebCore::nextSentencePosition):
        (WebCore::findStartOfParagraph):
        (WebCore::findEndOfParagraph):
        (WebCore::startOfParagraph):
        (WebCore::endOfParagraph):
        * editing/VisibleUnits.h:

2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>

        Reset results for bindings tests after r196520

        Unreviewed test gardening.

        No new tests needed.

        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
        (webkit_dom_test_event_target_dispatch_event):
        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
        (webkit_dom_test_node_dispatch_event):

2016-02-12  Saam barati  <sbarati@apple.com>

        Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):

2016-02-12  Daniel Bates  <dabates@apple.com>

        CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
        https://bugs.webkit.org/show_bug.cgi?id=153158
        <rdar://problem/24383264>

        Reviewed by Brent Fulgham.

        A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
        of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).

        Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
               http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
        contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
        URL. The URL of the requested resource should be matched against the source list source expressions.

2016-02-12  Daniel Bates  <dabates@apple.com>

        CSP: Implement child-src directive
        https://bugs.webkit.org/show_bug.cgi?id=153562
        <rdar://problem/24610087>

        Reviewed by Brent Fulgham.

        Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
        which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
        child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.

        As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
        as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.

        Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
        * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
        enforce the child-src directive on redirect.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
        We use the same message prefix as used by Blink.
        (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
        (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
        directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        * workers/AbstractWorker.cpp:
        (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
        as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
        * workers/Worker.cpp:
        (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).

2016-02-12  Saam barati  <sbarati@apple.com>

        The parser doesn't properly protect against global variable references in builtins
        https://bugs.webkit.org/show_bug.cgi?id=154144

        Reviewed by Geoffrey Garen.

        Change JS builtins to no longer reference global variables.

        No new tests because old tests cover the issues here.

        * Modules/mediastream/NavigatorUserMedia.js:
        (webkitGetUserMedia):
        * Modules/mediastream/RTCPeerConnection.js:
        (addIceCandidate):
        (getStats):
        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (setLocalOrRemoteDescription):
        * Modules/plugins/QuickTimePluginReplacement.js:
        (Replacement.prototype.handleEvent):
        * Modules/streams/ByteLengthQueuingStrategy.js:
        (initializeByteLengthQueuingStrategy):
        * Modules/streams/CountQueuingStrategy.js:
        (initializeCountQueuingStrategy):
        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStream):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        * bindings/js/WebCoreBuiltinNames.h:

2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>

        WebKit should expose the DOM 4 Event.isTrusted property
        https://bugs.webkit.org/show_bug.cgi?id=76121
        <rdar://problem/22558494>

        Reviewed by Darin Adler.

        Implements Event.isTrusted. The implementation here is slitely different from and better than
        the DOM specification. Here Event.isTrusted will be initialized differently depending on the
        callers of the constructors/create methods. If the caller is from user agent, the isTrusted
        will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
        and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
        and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
        dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
        events dispatched by user agent, and unset for those by bindings.

        EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
        in this patch as well. So that, together with the improved design of the API, developers in
        the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
        incorrectly comparing to the DOM design.

        After this patch, all events that are created by user agent should be dispatched by
        EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
        EventTarget::dispatchEventForBindings.

        Some of the changes in this patch referred Blink r198996:
        https://codereview.chromium.org/1241613004

        Test: imported/blink/fast/events/event-trusted.html

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateEventTargetIface):
        * dom/Event.cpp:
        (WebCore::Event::Event):
        (WebCore::Event::initEvent):
        * dom/Event.h:
        (WebCore::Event::isTrusted):
        (WebCore::Event::setUntrusted):
        * dom/Event.idl:
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::dispatchEventForBindings):
        (WebCore::EventTarget::dispatchEvent): Deleted.
        * dom/EventTarget.h:
        * dom/EventTarget.idl:
        * page/DOMWindow.idl:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent):
        * workers/WorkerGlobalScope.idl:

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
        https://bugs.webkit.org/show_bug.cgi?id=154153

        Reviewed by Alex Christensen.

        No new tests (No testable change in behavior).

        This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
        while their IDBTransaction is still in progress.

        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::IDBIndex):
        (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
        (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBIndex::hasPendingActivity):
        * Modules/indexeddb/client/IDBIndexImpl.h:
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::create):
        (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
        (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
        (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
        (WebCore::IDBClient::IDBObjectStore::index):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::objectStore):
        (WebCore::IDBClient::IDBTransaction::createObjectStore):
        (WebCore::IDBClient::IDBTransaction::createIndex):

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
        https://bugs.webkit.org/show_bug.cgi?id=154187

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/deleteindex-3-private.html
               storage/indexeddb/modern/deleteindex-3.html

        Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
        owned by an IDBObjectStore.
        
        To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
        store simply hangs on to deleted indexes until it is destroyed itself.
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::markAsDeleted):
        (WebCore::IDBClient::IDBIndex::ref):
        (WebCore::IDBClient::IDBIndex::deref):
        * Modules/indexeddb/client/IDBIndexImpl.h:
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:

2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [CSS Font Loading] Implement CSSFontFace Boilerplate
        https://bugs.webkit.org/show_bug.cgi?id=154145

        Reviewed by Dean Jackson.

        The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
        accessors and mutators for a bunch of properties. Our CSSFontFace object currently
        contains this parsed information, but it isn't accessible via string-based methods.
        This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
        to use these mutators where necessary.

        There is more work to come on CSSFontFace; the next step is to create an .idl file
        and hook it up to our CSSFontFace object. In this patch I have left some
        unimplemented pieces (for example: where the spec dictates that some operation should
        throw a JavaScript exception) which will be implemented in a follow-up patch. This
        patch does not have any visible behavior change; I'm separating out the boilerplate
        into this patch in order to ease reviewing burden.

        This patch separates the externally-facing JavaScript API into a new class, FontFace.
        This class owns a CSSFontFace, which provides the backing implementation. There will
        be a system of shared ownership of these objects once FontFaceSet is implemented.

        No new tests because there is no behavior change.

        * CMakeLists.txt: Add new files to CMake builds.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
        * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
        * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
        (WebCore::CSSFontFace::CSSFontFace):
        (WebCore::CSSFontFace::~CSSFontFace):
        (WebCore::CSSFontFace::setFamilies):
        (WebCore::CSSFontFace::setStyle):
        (WebCore::CSSFontFace::setWeight):
        (WebCore::CSSFontFace::setUnicodeRange):
        (WebCore::CSSFontFace::setVariantLigatures):
        (WebCore::CSSFontFace::setVariantPosition):
        (WebCore::CSSFontFace::setVariantCaps):
        (WebCore::CSSFontFace::setVariantNumeric):
        (WebCore::CSSFontFace::setVariantAlternates):
        (WebCore::CSSFontFace::setVariantEastAsian):
        (WebCore::CSSFontFace::setFeatureSettings):
        * css/CSSFontFace.h: Clean up.
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::families):
        (WebCore::CSSFontFace::traitsMask):
        (WebCore::CSSFontFace::featureSettings):
        (WebCore::CSSFontFace::variantSettings):
        (WebCore::CSSFontFace::setVariantSettings):
        (WebCore::CSSFontFace::setTraitsMask):
        (WebCore::CSSFontFace::isLocalFallback):
        (WebCore::CSSFontFace::addRange): Deleted.
        (WebCore::CSSFontFace::insertFeature): Deleted.
        (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
        (WebCore::CSSFontFace::setVariantPosition): Deleted.
        (WebCore::CSSFontFace::setVariantCaps): Deleted.
        (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
        (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
        (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
        (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
        (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
        (WebCore::CSSFontFace::setVariantAlternates): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
        (WebCore::CSSFontFace::CSSFontFace): Deleted.
        * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
        to use the new API.
        (WebCore::appendSources):
        (WebCore::registerLocalFontFacesForFamily):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::computeTraitsMask): Deleted.
        (WebCore::createFontFace): Deleted.
        * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::~FontFace):
        (WebCore::parseString):
        (WebCore::FontFace::setFamily):
        (WebCore::FontFace::setStyle):
        (WebCore::FontFace::setWeight):
        (WebCore::FontFace::setStretch):
        (WebCore::FontFace::setUnicodeRange):
        (WebCore::FontFace::setVariant):
        (WebCore::FontFace::setFeatureSettings):
        (WebCore::FontFace::family):
        (WebCore::FontFace::style):
        (WebCore::FontFace::weight):
        (WebCore::FontFace::stretch):
        (WebCore::FontFace::unicodeRange):
        (WebCore::FontFace::variant):
        (WebCore::FontFace::featureSettings):
        * css/FontFace.h: Added. Ditto.
        (WebCore::FontFace::create):
        * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
        Refactored to support a new client (CSSFontFace).
        (WebCore::extractFontVariantLigatures):
        (WebCore::extractFontVariantNumeric):
        (WebCore::extractFontVariantEastAsian):
        (WebCore::computeFontVariant):
        * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
        (WebCore::applyValueFontVariantLigatures): Deleted.
        (WebCore::applyValueFontVariantNumeric): Deleted.
        (WebCore::applyValueFontVariantEastAsian): Deleted.
        * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
        (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
        (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
        (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
        * platform/text/TextFlags.h: Provide convenience classes.
        (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
        (WebCore::FontVariantNumericValues::FontVariantNumericValues):
        (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):

2016-02-12  Jer Noble  <jer.noble@apple.com>

        Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
        TestWebKitAPI.

        * WebCore.xcodeproj/project.pbxproj:

2016-02-11  Jer Noble  <jer.noble@apple.com>

        [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
        https://bugs.webkit.org/show_bug.cgi?id=154136

        Reviewed by Alex Christensen.

        MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
        when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
        WebCoreNSURLSession.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession delegateQueue]):
        (-[WebCoreNSURLSession streamTaskWithNetService:]):
        (-[WebCoreNSURLSession isKindOfClass:]):
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
        (-[WebCoreNSURLSessionDataTask _restart]):
        (-[WebCoreNSURLSessionDataTask _cancel]):
        (-[WebCoreNSURLSessionDataTask resume]):
        (-[WebCoreNSURLSessionDataTask _timingData]):
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
        (-[WebCoreNSURLSession loader]): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
        (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
        (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):

2016-02-12  Alex Christensen  <achristensen@webkit.org>

        Fix non-internal builds when using NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=152285

        * platform/spi/cf/CFNetworkSPI.h:
        Add SPI declaration used in r194156.

2016-02-12  Andreas Kling  <akling@apple.com>

        Throw out all live resource decoded data on memory pressure / suspension.
        <https://webkit.org/b/154176>

        Reviewed by Antti Koivisto.

        When pruning live resource decoded data from the memory cache,
        we normally avoid pruning anything that's been painted in the last second.
        This is an optimization to avoid getting into image decoding loops.

        For memory pressure / process suspension scenarios this doesn't really
        make sense though:

            - In the pressure case, if we have to render again soon it'll likely
              be a new GIF frame which we have to decode anyway.

            - In the process suspension case, we might *never* render again,
              so we should be good citizens and drop all the decoded data we can.

        This patch makes us drop all the decoded data, recently painted or not.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):

2016-02-12  Gavin Barraclough  <barraclough@apple.com>

        Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154156

        Reviewed by Chris Dumez.

        JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
        static properties, relying on the property to perform the access check. This is
        a little insecure, since it is error prone - someone could easily add a property
        to the static table without realizing it would be automatcially exposed.

        Instead, add a hard-coded filter to restrict access. As a future implementation
        we might consider autogenerating this (the properties are already tagged in IDL,
        we might be able to track this in a flag on the static table).

        By separating out the handling of the same- and cross-origin access we can
        simplify & make the policy being enforced much clearer.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::objectToStringFunctionGetter): Deleted.
            - removed objectToStringFunctionGetter - this duplicated functionality of
              nonCachingStaticFunctionGetter.
        * bindings/js/JSDOMBinding.h:
        (WebCore::objectToStringFunctionGetter): Deleted.
            - removed objectToStringFunctionGetter - this duplicated functionality of
              nonCachingStaticFunctionGetter.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
            - explicitly handle providing access to only the things we do want to allow cross-origin.
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
            - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
        (WebCore::childFrameGetter): Deleted.
            - this was just a deoptimiztion - moving access into a callback saved very
              little & caused more work to be duplicated.

2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>

        Update ICU header files to version 52
        https://bugs.webkit.org/show_bug.cgi?id=154160

        Reviewed by Alex Christensen.

        Update ICU header files to version 52 to allow the use of newer APIs.

        No new tests because there is no behavior change.

        * icu/unicode/bytestream.h:
        * icu/unicode/chariter.h:
        * icu/unicode/localpointer.h:
        * icu/unicode/platform.h:
        * icu/unicode/ptypes.h:
        * icu/unicode/putil.h:
        * icu/unicode/rep.h:
        (Replaceable::Replaceable):
        * icu/unicode/std_string.h:
        * icu/unicode/strenum.h:
        * icu/unicode/stringpiece.h:
        * icu/unicode/ubrk.h:
        * icu/unicode/uchar.h:
        * icu/unicode/ucnv.h:
        * icu/unicode/ucol.h:
        * icu/unicode/ucoleitr.h:
        * icu/unicode/uconfig.h:
        * icu/unicode/ucsdet.h:
        * icu/unicode/uenum.h:
        * icu/unicode/uidna.h:
        * icu/unicode/uiter.h:
        * icu/unicode/uloc.h:
        * icu/unicode/umachine.h:
        * icu/unicode/unistr.h:
        (UnicodeString::UnicodeString):
        (UnicodeString::operator== ):
        (UnicodeString::startsWith):
        (UnicodeString::setTo):
        (UnicodeString::remove):
        (UnicodeString::replace): Deleted.
        (UnicodeString::extract): Deleted.
        (UnicodeString::char32At): Deleted.
        (UnicodeString::getChar32Start): Deleted.
        (UnicodeString::getChar32Limit): Deleted.
        (UnicodeString::getTerminatedBuffer): Deleted.
        (UnicodeString::append): Deleted.
        (UnicodeString::truncate): Deleted.
        * icu/unicode/unorm2.h:
        * icu/unicode/uobject.h:
        * icu/unicode/urename.h:
        * icu/unicode/uscript.h:
        * icu/unicode/usearch.h:
        * icu/unicode/uset.h:
        * icu/unicode/ushape.h:
        * icu/unicode/ustring.h:
        * icu/unicode/utext.h:
        * icu/unicode/utf.h:
        * icu/unicode/utf16.h:
        * icu/unicode/utf8.h:
        * icu/unicode/utf_old.h:
        * icu/unicode/utypes.h:
        * icu/unicode/uvernum.h:
        * icu/unicode/uversion.h:

2016-02-12  Andreas Kling  <akling@apple.com>

        [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
        <https://webkit.org/b/154172>

        Reviewed by Antti Koivisto.

        The underlying mechanism in CoreAnimation that made this work is no longer in place.

        Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
        every single frame of large GIF animations, sometimes leading to monstrous memory usage.

        Remove the code from WebCore since it's not doing at all what it means to.

        Now iOS and Mac will behave the same again, and frame caching decisions will be
        made by WebKit, based on total pixel byte size.

        * loader/cache/CachedImage.h:
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
        (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.h:
        (WebCore::Image::decodedDataIsPurgeable): Deleted.
        * platform/graphics/cg/BitmapImageCG.cpp:
        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::createFrameAtIndex): Deleted.

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
        https://bugs.webkit.org/show_bug.cgi?id=154110

        Reviewed by Darin Adler.

        No new tests (Currently untestable).

        The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
        
        This patch does a few semi-gnarly things:
        1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
            opaque roots.
        2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
            can happen on any thread.
        3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
            the owning IDBObjectStore.
        4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
            store no longer has a reference back to the index, but the index still needs a reference back to the
            object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
            its IDBObjectStore.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBIndex.h:
        (WebCore::IDBIndex::isModern):
        * Modules/indexeddb/IDBIndex.idl:
        
        * Modules/indexeddb/IDBObjectStore.h:
        (WebCore::IDBObjectStore::isModern):
        * Modules/indexeddb/IDBObjectStore.idl:
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::objectStore):
        (WebCore::IDBClient::IDBIndex::openCursor):
        (WebCore::IDBClient::IDBIndex::doCount):
        (WebCore::IDBClient::IDBIndex::openKeyCursor):
        (WebCore::IDBClient::IDBIndex::doGet):
        (WebCore::IDBClient::IDBIndex::doGetKey):
        (WebCore::IDBClient::IDBIndex::markAsDeleted):
        (WebCore::IDBClient::IDBIndex::ref):
        (WebCore::IDBClient::IDBIndex::deref):
        (WebCore::IDBClient::IDBIndex::create): Deleted.
        * Modules/indexeddb/client/IDBIndexImpl.h:
        (WebCore::IDBClient::IDBIndex::modernObjectStore):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::createIndex):
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        
        * Modules/indexeddb/legacy/LegacyIndex.cpp:
        (WebCore::LegacyIndex::ref):
        (WebCore::LegacyIndex::deref):
        * Modules/indexeddb/legacy/LegacyIndex.h:
        
        * bindings/js/JSIDBIndexCustom.cpp: Added.
        (WebCore::JSIDBIndex::visitAdditionalChildren):
        
        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::JSIDBObjectStore::visitAdditionalChildren):

2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>

        [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
        https://bugs.webkit.org/show_bug.cgi?id=154165

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * svg/SVGToOTFFontConversion.cpp:
        * svg/SVGToOTFFontConversion.h:

2016-02-12  Chris Dumez  <cdumez@apple.com>

        Unreviewed nit fixes after r196466.

        * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
          placement.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Use wrappableObject instead of domObject.
        * bindings/scripts/test/*: Rebaseline.
        * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.

2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Properly handle classes inheriting from EventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154158

        Reviewed by Michael Catanzaro.

        Instead of removing its parent we now handle the case of classes
        having EventTarget as parent to make them implement the interface
        instead.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (ShouldBeExposedAsInterface): Whether the parent given class
        should be exposed as an interface instead of a parent class.
        (GetParentClassName): Return Object as parent for classes having
        a parent that should be exposed as an interface.
        (GetParentImplClassName): Ditto.
        (GetBaseClass): Ditto.
        (GetParentGObjType): Ditto.
        (SkipFunction): Add FIXME comment.
        (ImplementsInterface): Helper function to check if a class
        implements the given interface.
        (GenerateCFile): Check whether the class implements EventTarget to
        generate the interface implementation.
        (GenerateInterface): Do not remove the parent class when it's EventTarget.

2016-02-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196470.
        https://bugs.webkit.org/show_bug.cgi?id=154167

        Broke some tests (Requested by anttik on #webkit).

        Reverted changeset:

        "Factor class change style invalidation code into a class"
        https://bugs.webkit.org/show_bug.cgi?id=154163
        http://trac.webkit.org/changeset/196470

2016-02-12  Antti Koivisto  <antti@apple.com>

        Factor class change style invalidation code into a class
        https://bugs.webkit.org/show_bug.cgi?id=154163

        Reviewed by Andreas Kling.

        Factor this piece of functionality out of Element and into ClassChangeInvalidation class.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::classStringHasClassName):
        (WebCore::Element::classAttributeChanged):
        (WebCore::collectClasses): Deleted.
        (WebCore::computeClassChange): Deleted.
        (WebCore::invalidateStyleForClassChange): Deleted.
        * style/ClassChangeInvalidation.cpp: Added.
        (WebCore::Style::ClassChangeInvalidation::computeClassChange):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
        * style/ClassChangeInvalidation.h: Added.
        (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>

        GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
        https://bugs.webkit.org/show_bug.cgi?id=154162

        Reviewed by Andreas Kling.

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):

2016-02-12  Andreas Kling  <akling@apple.com>

        Don't invalidate the FontCache on memory pressure.
        <https://webkit.org/b/154161>

        Reviewed by Antti Koivisto.

        Invalidating the FontCache does more harm than good:

            - Anything that's still in the cache at this point is also
              referenced outside the cache, thus will not actually get deleted.

            - Future deduplication will fail, leading to more objects.

            - The global FontCache generation gets bumped, causing future style
              recalcs to be less efficient and breaking style sharing.

            - All FontSelector invalidation callbacks will fire, potentially
              causing forced full-document style recalcs.

        In fact, the only win from invalidating the FontCache comes from some
        minor shrinkage in the containers that make up the cache itself.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.

2016-02-11  Chris Dumez  <cdumez@apple.com>

        [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
        https://bugs.webkit.org/show_bug.cgi?id=154121
        <rdar://problem/24613234>

        Reviewed by Gavin Barraclough.

        Interfaces should inherit EventTarget instead of duplicating the
        EventTarget API in their IDL. Not only the duplication is ugly and
        error-prone, but this also does not match the specifications and
        have subtle web-exposed differences.

        This patch takes care of all interfaces except for DOMWindow and
        WorkerGlobalScope. Those will be updated in the follow-up patch
        as they will require a little bit more work and testing.

        We should also be able to get rid of the [EventTarget] WebKit IDL
        attribute in a follow-up.

        No new tests, already covered by existing tests.

        * Modules/battery/BatteryManager.idl:
        * Modules/encryptedmedia/MediaKeySession.idl:
        * Modules/indexeddb/IDBDatabase.h:
        * Modules/indexeddb/IDBDatabase.idl:
        * Modules/indexeddb/IDBRequest.h:
        * Modules/indexeddb/IDBRequest.idl:
        * Modules/indexeddb/IDBTransaction.h:
        * Modules/indexeddb/IDBTransaction.idl:
        * Modules/mediasession/MediaRemoteControls.idl:
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/MediaSource.idl:
        * Modules/mediasource/SourceBuffer.h:
        * Modules/mediasource/SourceBuffer.idl:
        * Modules/mediasource/SourceBufferList.h:
        * Modules/mediasource/SourceBufferList.idl:
        * Modules/mediastream/MediaStream.h:
        * Modules/mediastream/MediaStream.idl:
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/MediaStreamTrack.idl:
        * Modules/mediastream/RTCDTMFSender.h:
        * Modules/mediastream/RTCDTMFSender.idl:
        * Modules/mediastream/RTCDataChannel.h:
        * Modules/mediastream/RTCDataChannel.idl:
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/notifications/Notification.idl:
        * Modules/speech/SpeechSynthesisUtterance.idl:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/AudioNode.idl:
        * Modules/websockets/WebSocket.idl:
        * css/FontLoader.idl:
        * dom/EventTarget.h:
        * dom/MessagePort.idl:
        * dom/Node.h:
        * dom/Node.idl:
        * dom/WebKitNamedFlow.idl:
        * fileapi/FileReader.idl:
        * html/MediaController.idl:
        * html/track/AudioTrackList.idl:
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.idl:
        * html/track/TextTrackList.idl:
        * html/track/VideoTrackList.idl:
        * loader/appcache/DOMApplicationCache.h:
        * loader/appcache/DOMApplicationCache.idl:
        * page/EventSource.idl:
        * page/Performance.h:
        * page/Performance.idl:
        * workers/Worker.idl:
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestUpload.idl:
        - Drop hardcoded EventTarget operations and inherit EventTarget instead.
        - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
          attributes for interfaces inheriting the EventTarget interface as
          the bindings generator now does this automatically for us.
        - On native side, have EventTarget subclass ScriptWrappable instead of
          each of its subclasses doing so. The issue was that
          EventTargetOwner::finalize() was calling uncacheWrapper() with an
          EventTarget*, which would not clear inlined cached wrapped (see
          clearInlineCachedWrapper()) because EventTarget did not subclass
          ScriptWrappable. However, cacheWrapper() is called is a specific
          subtype pointer (e.g. Node*) and we would decide to create an
          inline cached wrapper because Node subclassed ScriptWrappable
          (as well as EventTarget).

        * WebCore.xcodeproj/project.pbxproj:
        Export JSEventTarget.h as private header to fix the build.

        * bindings/js/JSDOMBinding.h:
        (WebCore::wrapperKey):
        (WebCore::getCachedWrapper):
        (WebCore::cacheWrapper):
        (WebCore::uncacheWrapper):
        Use new wrapperKey() function that is generated for each bindings
        class that also has wrapperOwner(). This is used instead of the
        C cast to void* in order to cast to the base wrapped type to fix
        issues with multiple inheritance. The issue was that cacheWrapper()
        was getting called with a DOM object subtype pointer (e.g.
        AudioContext*) but uncacheWrapper() was getting called with a base
        wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
        use multiple inheritance and thus the pointer values (used as keys
        in the weak map) may differ.

        * bindings/js/JSTrackCustom.cpp:
        (WebCore::toJS):
        Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
        instead of TrackBase type. TrackBase does not have corresponding
        generated bindings and therefore does not have a wrapperKey()
        function.

        * bindings/scripts/CodeGeneratorJS.pm:
        (ShouldGenerateToWrapped):
        (ShouldGenerateToJSDeclaration):
        (GenerateHeader):
        - Generate a wrapperKey() utility function along-side wrapperOwner()
          to help cast to the base wrapped type.
        - Generate toWrapped() / toJS() utility functions for interfaces
          that inherit EventTarget as those are required by our
          implementation and this avoids having to explicitly have them in
          the IDL.

        * bindings/scripts/test/*:
        Rebaseline bindings tests.

2016-02-11  Brent Fulgham  <bfulgham@apple.com>

        Optimize texture-complete checks
        https://bugs.webkit.org/show_bug.cgi?id=98308

        Reviewed by Dean Jackson.

        No new tests: No change in behavior.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
        textures as suspect.
        (WebCore::WebGLRenderingContextBase::extensions): New helper function.
        (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
        (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
        them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
        (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
        from our set of invalid textures.
        (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
        the 'bad' textures, rather than checking every single texture.
        * html/canvas/WebGLRenderingContextBase.h:

2016-02-11  Alex Christensen  <achristensen@webkit.org>

        Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
        https://bugs.webkit.org/show_bug.cgi?id=154061

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
        Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.

2016-02-11  Enrica Casucci  <enrica@apple.com>

        WebContent process crashes when performing data detection on content with existing data detector links.
        https://bugs.webkit.org/show_bug.cgi?id=154118
        rdar://problem/24511860

        Reviewed by Tim Horton.

        The DOM mutation caused by removing the existing links, can shift the range endpoints.
        We now save the range enpoints as positions so that we can recreate the ranges,
        if a DOM mutation occurred.

        * editing/cocoa/DataDetection.mm:
        (WebCore::removeResultLinksFromAnchor):
        (WebCore::searchForLinkRemovingExistingDDLinks):
        (WebCore::DataDetection::detectContentInRange):

2016-02-11  Jer Noble  <jer.noble@apple.com>

        Make MediaResourceLoader behave more like a CachedResourceLoader.
        https://bugs.webkit.org/show_bug.cgi?id=154117

        Reviewed by Alex Christensen.

        MediaResourceLoader currently can only handle a single request at a time. Split the class
        into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
        and CachedRawResource respectively. With this devision, the same loader can be used to issue
        multiple simultaneous resource requests.

        This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
        the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
        object when creating the loader; instead, the client is required to create the resource.
        This also matches the CachedRawResource API.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
        * html/HTMLMediaElement.h:
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::MediaResourceLoader):
        (WebCore::MediaResourceLoader::~MediaResourceLoader):
        (WebCore::MediaResourceLoader::requestResource): Renamed from start().
        (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
        (WebCore::MediaResource::create): Utility factory.
        (WebCore::MediaResource::MediaResource):
        (WebCore::MediaResource::~MediaResource):
        (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
        (WebCore::MediaResource::setDefersLoading): Ditto.
        (WebCore::MediaResource::responseReceived): Ditto.
        (WebCore::MediaResource::redirectReceived): Ditto.
        (WebCore::MediaResource::dataSent): Ditto.
        (WebCore::MediaResource::dataReceived): Ditto.
        (WebCore::MediaResource::notifyFinished): Ditto.
        (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
        * loader/MediaResourceLoader.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::createResourceLoader):
        * platform/graphics/MediaPlayer.h:
        (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
        * platform/graphics/PlatformMediaResourceLoader.h:
        (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
        (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
        (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
        (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
        (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
        (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
        (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
        (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
        (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
        (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
        (WebCore::PlatformMediaResource::PlatformMediaResource): 
        (WebCore::PlatformMediaResource::~PlatformMediaResource): 
        (WebCore::PlatformMediaResource::setClient):
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webKitWebSrcStart):
        (webKitWebSrcNeedData):
        (webKitWebSrcEnoughData):
        (CachedResourceStreamingClient::getOrCreateReadBuffer):
        (CachedResourceStreamingClient::responseReceived):
        (CachedResourceStreamingClient::dataReceived):
        (CachedResourceStreamingClient::accessControlCheckFailed):
        (CachedResourceStreamingClient::loadFailed):
        (CachedResourceStreamingClient::loadFinished):

2016-02-11  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Make focusring painting subpixel aware.
        https://bugs.webkit.org/show_bug.cgi?id=154111

        Reviewed by David Hyatt.

        Do not integral snap focusring rects while collecting them (use device pixel snapping instead
        right before passing them to GraphicsContext::drawFocusRing).

        Unable to test.

        * platform/graphics/GraphicsContext.h:
        * platform/graphics/displaylists/DisplayListItems.h:
        (WebCore::DisplayList::DrawFocusRingRects::create):
        (WebCore::DisplayList::DrawFocusRingRects::rects):
        (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
        * platform/graphics/displaylists/DisplayListRecorder.cpp:
        (WebCore::DisplayList::Recorder::drawFocusRing):
        * platform/graphics/displaylists/DisplayListRecorder.h:
        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::GraphicsContext::drawFocusRing):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
        (WebCore::RenderBlock::addFocusRingRects):
        * rendering/RenderBlock.h:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
        * rendering/RenderBlockFlow.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::addFocusRingRects):
        * rendering/RenderBox.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::paintFocusRing):
        (WebCore::RenderElement::issueRepaintForOutlineAuto):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::absoluteRects):
        (WebCore::RenderInline::addFocusRingRects):
        * rendering/RenderInline.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::addFocusRingRects):
        * rendering/RenderListBox.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::addPDFURLRect):
        (WebCore::RenderObject::absoluteFocusRingQuads):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::addFocusRingRects):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::addFocusRingRects):
        * rendering/RenderTextControl.h:
        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::addFocusRingRects):
        * rendering/svg/RenderSVGContainer.h:
        * rendering/svg/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::addFocusRingRects):
        * rendering/svg/RenderSVGImage.h:
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::addFocusRingRects):
        * rendering/svg/RenderSVGShape.h:

2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments after r196393

        Unreviewed.

        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::getFontFace):
        * css/CSSSegmentedFontFace.h:

2016-02-11  Antti Koivisto  <antti@apple.com>

        Rename Element::style() to Element::cssomStyle()
        https://bugs.webkit.org/show_bug.cgi?id=154107

        Reviewed by Alex Christensen.

        It implements the IDL "style" attribute that returns a CSSOM object.
        Inside WebCore "style" generally refers to a RenderStyle.

        * dom/Element.cpp:
        (WebCore::Element::hasAttributeNS):
        (WebCore::Element::cssomStyle):
        (WebCore::Element::focus):
        (WebCore::Element::style): Deleted.
        * dom/Element.h:
        (WebCore::Element::tagQName):
        * dom/Element.idl:
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::~StyledElement):
        (WebCore::StyledElement::cssomStyle):
        (WebCore::StyledElement::style): Deleted.
        * dom/StyledElement.h:
        (WebCore::StyledElement::synchronizeStyleAttributeInternal):
        (WebCore::StyledElement::collectStyleForPresentationAttribute):
        * editing/Editor.cpp:
        (WebCore::Editor::applyEditingStyleToElement):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
        (WebCore::InspectorCSSAgent::getInlineStylesForNode):
        (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
        (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
        (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
        * svg/SVGElement.idl:

2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidate TextureMapper file and include dir lists.
        https://bugs.webkit.org/show_bug.cgi?id=154106

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * CMakeLists.txt: Moved texmap include dir and source list to
        TextureMapper.cmake, removed non-existent include dir "filters/texmap".
        * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
        dirs and source list to TextureMapper.cmake.
        * PlatformGTK.cmake: Ditto, also removed non-existent include dir
        "texmap/threadedcompositor"
        * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
        * platform/TextureMapper.cmake: Added.

2016-02-11  Chris Dumez  <cdumez@apple.com>

        Move 'length' property to the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154051
        <rdar://problem/24577385>

        Reviewed by Darin Adler.

        Move 'length' property to the prototype, where it should be. We used to
        keep it on the instance because our implementation of
        getOwnPropertySlot() was wrong for interfaces with a named property
        getter. However, our implementation of getOwnPropertySlot() is now
        spec-compliant so this should be OK.

        Moving 'length' to the prototype is also a little bit risky in terms of
        performance, especially for HTMLCollection / NodeList. However, I did
        not see an impact on realistic benchmarks like Speedometer and only saw
        a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
        correct and monitor performance. If we see any benchmark we care about
        regress then we should try and optimize while keeping the attribute on
        the prototype.

        No new tests, already covered by existing tests.

        * bindings/js/JSDOMBinding.h:
        (WebCore::getStaticValueSlotEntryWithoutCaching):
        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot):
        (WebCore::JSHTMLDocument::nameGetter): Deleted.
        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::putDelegate):
        * bindings/js/JSPluginElementFunctions.h:
        (WebCore::pluginElementCustomGetOwnPropertySlot):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::deleteProperty):
        (WebCore::JSStorage::deletePropertyByIndex):
        (WebCore::JSStorage::putDelegate):
        Leverage the new hasStaticPropertyTable static property in the
        generated bindings for performance.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        Generate a "hasStaticPropertyTable" static const boolean property
        for each bindings class so we can check at build time if
        ClassInfo::staticPropHashTable is null.

        (AttributeShouldBeOnInstance):
        Move "length" to the prototype.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        * bindings/scripts/test/JS/JSTestException.h:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        * bindings/scripts/test/JS/JSattribute.h:
        * bindings/scripts/test/JS/JSreadonly.h:
        Rebaseline bindings tests.


2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
        https://bugs.webkit.org/show_bug.cgi?id=154035

        Reviewed by Antti Koivisto.

        Follow-up fix after r196365. Removed guards around slotNodeIndex.

        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::Context::Context):

2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>

        Updating bindings test reference file for JSTestEventConstructor.cpp after r196400

        Unreviewed test gardening.

        No new tests needed.

        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::construct):

2016-02-10  Eric Carlson  <eric.carlson@apple.com>

        Update "manual" caption track logic
        https://bugs.webkit.org/show_bug.cgi?id=154084
        <rdar://problem/24530516>

        Reviewed by Dean Jackson.

        No new tests, media/track/track-manual-mode.html was updated.

        * English.lproj/Localizable.strings: Add new string.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
        (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
          in manual selection mode.
        (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
        (WebCore::TextTrack::kind): Deleted.
        * html/track/TextTrack.h:

        * html/track/TrackBase.h:
        (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.

        * platform/LocalizedStrings.cpp:
        (WebCore::forcedTrackMenuItemText): New.
        * platform/LocalizedStrings.h:

2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>

        Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
        https://bugs.webkit.org/show_bug.cgi?id=153903
        <rdar://problem/24518146>

        Reviewed by Darin Adler.

        Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
        (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
        support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
        to create events not for bindings and vice versa. Therefore, this patch also cleanup
        corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
        as it is combined with Event::initEvent to create an event for bindings for legacy content.

        After this patch, all call sites of *Event::create* are supposed to use *Event::create
        to create events for user agent and *Event::createForBindings for bindings.

        No change in behavior.

        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
        (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
        (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
        (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
        * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
        (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
        (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
        * Modules/encryptedmedia/MediaKeyMessageEvent.h:
        (WebCore::MediaKeyMessageEvent::create):
        (WebCore::MediaKeyMessageEvent::createForBindings):
        * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
        (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
        (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
        * Modules/encryptedmedia/MediaKeyNeededEvent.h:
        (WebCore::MediaKeyNeededEvent::create):
        (WebCore::MediaKeyNeededEvent::createForBindings):
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::sendMessage):
        * Modules/gamepad/GamepadEvent.h:
        (WebCore::GamepadEvent::create):
        (WebCore::GamepadEvent::createForBindings):
        (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
        * Modules/indieui/UIRequestEvent.cpp:
        (WebCore::UIRequestEvent::createForBindings):
        (WebCore::UIRequestEvent::UIRequestEvent):
        (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
        (WebCore::UIRequestEvent::create): Deleted.
        * Modules/indieui/UIRequestEvent.h:
        * Modules/mediastream/MediaStreamEvent.cpp:
        (WebCore::MediaStreamEvent::createForBindings):
        (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
        (WebCore::MediaStreamEvent::create): Deleted.
        * Modules/mediastream/MediaStreamEvent.h:
        * Modules/mediastream/MediaStreamTrackEvent.cpp:
        (WebCore::MediaStreamTrackEvent::createForBindings):
        (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
        (WebCore::MediaStreamTrackEvent::create): Deleted.
        * Modules/mediastream/MediaStreamTrackEvent.h:
        * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
        (WebCore::RTCDTMFToneChangeEvent::createForBindings):
        (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
        * Modules/mediastream/RTCDTMFToneChangeEvent.h:
        * Modules/mediastream/RTCDataChannelEvent.cpp:
        (WebCore::RTCDataChannelEvent::createForBindings):
        (WebCore::RTCDataChannelEvent::create): Deleted.
        * Modules/mediastream/RTCDataChannelEvent.h:
        * Modules/mediastream/RTCIceCandidateEvent.cpp:
        (WebCore::RTCIceCandidateEvent::createForBindings):
        (WebCore::RTCIceCandidateEvent::create): Deleted.
        * Modules/mediastream/RTCIceCandidateEvent.h:
        * Modules/mediastream/RTCTrackEvent.cpp:
        (WebCore::RTCTrackEvent::createForBindings):
        (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
        (WebCore::RTCTrackEvent::create): Deleted.
        * Modules/mediastream/RTCTrackEvent.h:
        * Modules/speech/SpeechSynthesisEvent.cpp:
        (WebCore::SpeechSynthesisEvent::createForBindings):
        (WebCore::SpeechSynthesisEvent::create):
        (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
        * Modules/speech/SpeechSynthesisEvent.h:
        * Modules/webaudio/AudioProcessingEvent.cpp:
        (WebCore::AudioProcessingEvent::create): Deleted.
        * Modules/webaudio/AudioProcessingEvent.h:
        (WebCore::AudioProcessingEvent::create):
        (WebCore::AudioProcessingEvent::createForBindings):
        * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
        (WebCore::OfflineAudioCompletionEvent::createForBindings):
        (WebCore::OfflineAudioCompletionEvent::create): Deleted.
        * Modules/webaudio/OfflineAudioCompletionEvent.h:
        * Modules/websockets/CloseEvent.h:
        (WebCore::CloseEvent::create):
        (WebCore::CloseEvent::createForBindings):
        (WebCore::CloseEvent::CloseEvent):
        (WebCore::CloseEventInit::CloseEventInit): Deleted.
        * bindings/objc/DOM.mm:
        (-[DOMNode nextFocusNode]):
        (-[DOMNode previousFocusNode]):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorDefinition):
        * dom/AnimationEvent.cpp:
        (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
        * dom/AnimationEvent.h:
        * dom/BeforeLoadEvent.h:
        (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
        * dom/ClipboardEvent.h:
        * dom/CompositionEvent.cpp:
        (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
        * dom/CompositionEvent.h:
        * dom/CustomEvent.cpp:
        (WebCore::CustomEventInit::CustomEventInit): Deleted.
        * dom/CustomEvent.h:
        * dom/DeviceMotionEvent.h:
        * dom/DeviceOrientationEvent.h:
        * dom/Document.cpp:
        (WebCore::Document::createEvent):
        * dom/Element.cpp:
        (WebCore::Element::dispatchMouseEvent):
        * dom/ErrorEvent.cpp:
        (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
        * dom/ErrorEvent.h:
        * dom/Event.cpp:
        (WebCore::EventInit::EventInit): Deleted.
        * dom/Event.h:
        (WebCore::Event::createForBindings):
        (WebCore::Event::create): Deleted.
        * dom/FocusEvent.cpp:
        (WebCore::FocusEventInit::FocusEventInit): Deleted.
        * dom/FocusEvent.h:
        * dom/HashChangeEvent.h:
        (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
        * dom/KeyboardEvent.cpp:
        (WebCore::KeyboardEvent::KeyboardEvent):
        (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
        * dom/KeyboardEvent.h:
        * dom/MessageEvent.cpp:
        (WebCore::MessageEvent::MessageEvent):
        (WebCore::MessageEventInit::MessageEventInit): Deleted.
        * dom/MessageEvent.h:
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::createForBindings):
        (WebCore::MouseEvent::create):
        (WebCore::MouseEvent::MouseEvent):
        (WebCore::MouseEvent::cloneFor):
        (WebCore::MouseEventInit::MouseEventInit): Deleted.
        * dom/MouseEvent.h:
        (WebCore::MouseEvent::createForBindings):
        (WebCore::MouseEvent::create): Deleted.
        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::MouseRelatedEvent):
        (WebCore::MouseRelatedEvent::init):
        * dom/MouseRelatedEvent.h:
        (WebCore::MouseRelatedEvent::screenX):
        (WebCore::MouseRelatedEvent::screenY):
        (WebCore::MouseRelatedEvent::screenLocation):
        (WebCore::MouseRelatedEvent::clientX):
        (WebCore::MouseRelatedEvent::clientY):
        (WebCore::MouseRelatedEvent::movementX):
        (WebCore::MouseRelatedEvent::movementY):
        (WebCore::MouseRelatedEvent::clientLocation):
        (WebCore::MouseRelatedEvent::isSimulated):
        (WebCore::MouseRelatedEvent::absoluteLocation):
        (WebCore::MouseRelatedEvent::setAbsoluteLocation):
        * dom/MutationEvent.h:
        * dom/OverflowEvent.cpp:
        (WebCore::OverflowEvent::OverflowEvent):
        (WebCore::OverflowEvent::initOverflowEvent):
        (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
        * dom/OverflowEvent.h:
        * dom/PageTransitionEvent.cpp:
        (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
        * dom/PageTransitionEvent.h:
        * dom/PopStateEvent.cpp:
        (WebCore::PopStateEvent::createForBindings):
        (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
        (WebCore::PopStateEvent::PopStateEvent): Deleted.
        (WebCore::PopStateEvent::create): Deleted.
        * dom/PopStateEvent.h:
        * dom/ProgressEvent.cpp:
        (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
        * dom/ProgressEvent.h:
        (WebCore::ProgressEvent::createForBindings):
        (WebCore::ProgressEvent::create): Deleted.
        * dom/SecurityPolicyViolationEvent.h:
        (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
        * dom/TextEvent.cpp:
        (WebCore::TextEvent::createForBindings):
        (WebCore::TextEvent::create): Deleted.
        * dom/TextEvent.h:
        * dom/TouchEvent.h:
        * dom/TransitionEvent.cpp:
        (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
        * dom/TransitionEvent.h:
        * dom/UIEvent.cpp:
        (WebCore::UIEventInit::UIEventInit): Deleted.
        * dom/UIEvent.h:
        (WebCore::UIEvent::createForBindings):
        (WebCore::UIEvent::create): Deleted.
        * dom/UIEventWithKeyState.h:
        (WebCore::UIEventWithKeyState::ctrlKey):
        (WebCore::UIEventWithKeyState::shiftKey):
        (WebCore::UIEventWithKeyState::altKey):
        (WebCore::UIEventWithKeyState::metaKey):
        (WebCore::UIEventWithKeyState::UIEventWithKeyState):
        * dom/WebKitAnimationEvent.cpp:
        (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
        * dom/WebKitAnimationEvent.h:
        * dom/WebKitTransitionEvent.cpp:
        (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
        * dom/WebKitTransitionEvent.h:
        * dom/WheelEvent.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
        (WebCore::HTMLMediaElement::mediaPlayerKeyError):
        (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
        (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
        * html/MediaKeyEvent.cpp:
        (WebCore::MediaKeyEvent::MediaKeyEvent):
        (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
        * html/MediaKeyEvent.h:
        * html/canvas/WebGLContextEvent.cpp:
        (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
        * html/canvas/WebGLContextEvent.h:
        * html/track/TrackEvent.cpp:
        (WebCore::TrackEvent::TrackEvent):
        (WebCore::TrackEventInit::TrackEventInit): Deleted.
        * html/track/TrackEvent.h:
        * html/track/TrackListBase.cpp:
        (TrackListBase::scheduleTrackEvent):
        (TrackListBase::scheduleChangeEvent):
        * page/EventSource.cpp:
        (WebCore::EventSource::createMessageEvent):
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation):
        (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
        * storage/StorageEvent.cpp:
        (WebCore::StorageEvent::createForBindings):
        (WebCore::StorageEventInit::StorageEventInit): Deleted.
        (WebCore::StorageEvent::create): Deleted.
        * storage/StorageEvent.h:
        * svg/SVGZoomEvent.h:
        (WebCore::SVGZoomEvent::createForBindings):
        (WebCore::SVGZoomEvent::create): Deleted.
        * xml/XMLHttpRequestProgressEvent.h:
        (WebCore::XMLHttpRequestProgressEvent::createForBindings):
        (WebCore::XMLHttpRequestProgressEvent::create): Deleted.

2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>

        Rebaselining bindings tests

        Unreviewed test gardening.

        No new tests needed.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestCallback.cpp:
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/JS/JSreadonly.cpp:

2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidate CMake code related to image decoders.
        https://bugs.webkit.org/show_bug.cgi?id=154074

        Reviewed by Alex Christensen.

        Common image decoder sources, includes and libs are moved to
        platform/ImageDecoders.cmake.

        Also, added include directories of libjpeg and libpng to
        WebCore_SYSTEM_INCLUDE_DIRECTORIES.

        No new tests needed.

        * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
        * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
        * PlatformGTK.cmake: Ditto.
        * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
        * platform/ImageDecoders.cmake: Added.

2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>

        CSSSegmentedFontFace does not need to be reference counted
        https://bugs.webkit.org/show_bug.cgi?id=154083

        Reviewed by Antti Koivisto.

        ...There is only ever a single reference to one.

        No new tests because there is no behavior change.

        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::getFontFace):
        * css/CSSFontSelector.h:
        * css/CSSSegmentedFontFace.h:
        (WebCore::CSSSegmentedFontFace::create): Deleted.

2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>

        FontCache's clients should use references instead of pointers
        https://bugs.webkit.org/show_bug.cgi?id=154085

        Reviewed by Antti Koivisto.

        They are never null.

        No new tests because there is no behavior change.

        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::CSSFontSelector):
        (WebCore::CSSFontSelector::~CSSFontSelector):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::addClient):
        (WebCore::FontCache::removeClient):
        * platform/graphics/FontCache.h:

2016-02-10  Chris Dumez  <cdumez@apple.com>

        [Web IDL] interface objects should be Function objects
        https://bugs.webkit.org/show_bug.cgi?id=154038
        <rdar://problem/24569358>

        Reviewed by Geoffrey Garen.

        interface objects should be Function objects as per Web IDL:
        - http://heycam.github.io/webidl/#interface-object
        - http://heycam.github.io/webidl/#es-interfaces

        So window.Event should be a Function object for e.g. but in WebKit it
        is a regular EventConstructor JSObject.
        Firefox and Chrome match the specification.

        Test: js/interface-objects.html

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::callThrowTypeError):
        (WebCore::DOMConstructorObject::getCallData):
        When calling the interface object as a function, we throw a TypeError
        with a message asking to use the 'new' operator to match the behavior
        of Firefox and Chrome.

        * bindings/js/JSDOMBinding.h:
        Add JSC::TypeOfShouldCallGetCallData structure flag and implement
        getCallData() so that typeof returns "function", as per the
        specification and the behavior of other browsers.

        (WebCore::DOMConstructorObject::className):
        Implement className() and return "Function" to match the specification and
        other browsers. Otherwise, it would fall back to using ClassInfo::className
        which os the function name and interface name (e.g. "Event").

        * bindings/js/JSDOMConstructor.h:
        (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
        (WebCore::JSDOMConstructorNotConstructable::getCallData):
        As per the specification, interfaces that do not have a [Constructor]
        should throw a TypeError when called as a function. Use the "Illegal
        constructor" error message to match Firefox and Chrome.

        * bindings/js/JSDOMGlobalObject.h:
        (WebCore::getDOMConstructor):
        Instead of using objectPrototype as prototype for all DOM constructors,
        we now call the prototypeForStructure() static function that is
        generated for each bindings class. As per the Web IDL specification,
        The [[Prototype]] internal property of an interface object for a
        non-callback interface is determined as follows:
        1. If the interface inherits from some other interface, the value of
           [[Prototype]] is the interface object for that other interface.
        2. If the interface doesn't inherit from any other interface, the value
           of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).

        * bindings/js/JSImageConstructor.cpp:
        (WebCore::JSImageConstructor::prototypeForStructure):
        Have the Image's interface object use HTMLElement's interface object
        as prototype as HTMLImageElement inherits HTMLElement.

        * bindings/scripts/CodeGenerator.pm:
        (getInterfaceExtendedAttributesFromName):
        Add a utility function to cheaply retrieve an interface's IDL extended
        attributes without actually parsing the IDL. This is used to check if
        an interface's parent is marked as [NoInterfaceObject] currently.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        (GenerateCallbackHeader):
        (GenerateCallbackImplementation):
        Mark JSGlobalObject* parameter as const as the implementation does not
        alter the globalObject.

        (GenerateConstructorHelperMethods):
        - Generate prototypeForStructure() function for each bindings class that
          is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
          prototype to use for the interface object / constructor when constructing
          it.
        - Use the interface name for the interface object, without the "Constructor"
          suffix, to match the behavior of Firefox and Chrome.

        * bindings/scripts/test/*:
        Rebaseline bindings tests.

2016-02-10  Jer Noble  <jer.noble@apple.com>

        [Mac] Graphical corruption in videos when enabling custom loading path
        https://bugs.webkit.org/show_bug.cgi?id=154044

        Reviewed by Alex Christensen.

        Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.

        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):

2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>

        CSSSegmentedFontFace does not need to be reference counted
        https://bugs.webkit.org/show_bug.cgi?id=154083

        Reviewed by Antti Koivisto.

        ...There is only ever a single reference to one.

        No new tests because there is no behavior change.

        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::getFontFace):
        * css/CSSFontSelector.h:
        * css/CSSSegmentedFontFace.h:
        (WebCore::CSSSegmentedFontFace::create): Deleted.

2016-02-10  Antti Koivisto  <antti@apple.com>

        Optimize style invalidation after class attribute change
        https://bugs.webkit.org/show_bug.cgi?id=154075
        rdar://problem/12526450

        Reviewed by Andreas Kling.

        Currently a class attribute change invalidates style for the entire element subtree for any class found in the
        active stylesheet set.

        This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
        rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
        of rules are hashes by the class name.

        On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
        exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
        makes selector matching cheap and the number of relevant rules is typically small.

        This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
        cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.

        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::collectFeatures):
        (WebCore::DocumentRuleSets::ancestorClassRules):

            Create optimization RuleSets on-demand when there is an actual dynamic class change.

        * css/DocumentRuleSets.h:
        (WebCore::DocumentRuleSets::features):
        (WebCore::DocumentRuleSets::sibling):
        (WebCore::DocumentRuleSets::uncommonAttribute):
        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ElementRuleCollector):

            Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.

        (WebCore::ElementRuleCollector::matchAuthorRules):
        (WebCore::ElementRuleCollector::matchUserRules):
        * css/ElementRuleCollector.h:
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):

            Collect class names that show up in the ancestor portion of the selector.
            Make this a member.

        (WebCore::RuleFeatureSet::collectFeatures):

            Move this code from RuleData.
            Add the rule to ancestorClassRules if needed.

        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        (WebCore::RuleFeatureSet::shrinkToFit):
        (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
        (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
        * css/RuleFeature.h:
        (WebCore::RuleFeature::RuleFeature):
        (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
        * css/RuleSet.cpp:
        (WebCore::RuleData::RuleData):
        (WebCore::RuleSet::RuleSet):
        (WebCore::RuleSet::~RuleSet):
        (WebCore::RuleSet::addToRuleSet):
        (WebCore::RuleSet::addRule):
        (WebCore::RuleSet::addRulesFromSheet):
        (WebCore::collectFeaturesFromRuleData): Deleted.
        * css/RuleSet.h:
        (WebCore::RuleSet::tagRules):
        (WebCore::RuleSet::RuleSet): Deleted.
        * css/StyleInvalidationAnalysis.cpp:
        (WebCore::shouldDirtyAllStyle):
        (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):

            Add a new constructor that takes a ready made RuleSet instead of a stylesheet.

        (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
        (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
        (WebCore::StyleInvalidationAnalysis::invalidateStyle):

            New function for invalidating a subtree instead of the whole document.

        * css/StyleInvalidationAnalysis.h:
        (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
        (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
        * dom/Element.cpp:
        (WebCore::classStringHasClassName):
        (WebCore::collectClasses):
        (WebCore::computeClassChange):

            Factor to return the changed classes.

        (WebCore::invalidateStyleForClassChange):

            First filter out classes that don't show up in stylesheets. If something remains invalidate the current
            element for inline style change (that is a style change that doesn't affect descendants).

            Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
            to find any affected descendants and invalidate them with inline style change as well.

        (WebCore::Element::classAttributeChanged):

            Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.

        (WebCore::Element::absoluteLinkURL):
        (WebCore::checkSelectorForClassChange): Deleted.
        * dom/ElementData.h:
        (WebCore::ElementData::setClassNames):
        (WebCore::ElementData::classNames):
        (WebCore::ElementData::classNamesMemoryOffset):
        (WebCore::ElementData::clearClass): Deleted.
        (WebCore::ElementData::setClass): Deleted.

2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments after r196322

        Unreviwed.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * css/CSSFontFaceSource.h:

2016-02-10  Chris Dumez  <cdumez@apple.com>

        Attributes on the Window instance should be configurable unless [Unforgeable]
        https://bugs.webkit.org/show_bug.cgi?id=153920
        <rdar://problem/24563211>

        Reviewed by Darin Adler.

        Attributes on the Window instance should be configurable unless [Unforgeable]:
        1. 'constructor' property:
           - http://www.w3.org/TR/WebIDL/#interface-prototype-object
        2. Constructor properties (e.g. window.Node):
           - http://www.w3.org/TR/WebIDL/#es-interfaces
        3. IDL attributes:
           - http://heycam.github.io/webidl/#es-attributes (configurable unless
             [Unforgeable], e.g. window.location)

        Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.

        Test: fast/dom/Window/window-properties-configurable.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        For known Window properties (i.e. properties in the static property table),
        if we have reified and this is same-origin access, then call
        Base::getOwnPropertySlot() to get the property from the local property
        storage. If we have not reified yet, or this is cross-origin access, query
        the static property table. This is to match the behavior of Firefox and
        Chrome which seem to keep returning the original properties upon cross
        origin access, even if those were deleted or redefined.

        (WebCore::JSDOMWindow::put):
        The previous code used to call the static property setter for properties in
        the static table. However, this does not do the right thing if properties
        were reified. For example, deleting window.name and then trying to set it
        again would not work. Therefore, update this code to only do this if the
        properties have not been reified, similarly to what is done in
        JSObject::putInlineSlow().

        * bindings/scripts/CodeGeneratorJS.pm:
        (ConstructorShouldBeOnInstance):
        Add a FIXME comment indicating that window.constructor should be on
        the prototype as per the Web IDL specification.

        (GenerateAttributesHashTable):
        - Mark 'constructor' property as configurable for Window, as per the
          specification and consistently with other 'constructor' properties:
          http://www.w3.org/TR/WebIDL/#interface-prototype-object
        - Mark properties as configurable even though they are on the instance.
          Window has its properties on the instance as per the specification:
          1. http://heycam.github.io/webidl/#es-attributes
          2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
          However, these properties should be configurable as long as they are
          not marked as [Unforgeable], as per 1.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        Rebaseline bindings tests.

2016-02-10  Brady Eidson  <beidson@apple.com>

        Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
        https://bugs.webkit.org/show_bug.cgi?id=154061

        Reviewed by Alex Christensen.

        No new tests (Currently untestable).

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
          set the new state, and then clear the set of referenced object stores which is no longer needed.
        (WebCore::IDBClient::IDBTransaction::abort):
        (WebCore::IDBClient::IDBTransaction::commit):
        * Modules/indexeddb/client/IDBTransactionImpl.h:

2016-02-10  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
        https://bugs.webkit.org/show_bug.cgi?id=153727
        <rdar://problem/24429886>

        Reviewed by Darin Adler.

        Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
        affect the MemoryCache when allowsCaching() is false.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::removeClient):

2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
        https://bugs.webkit.org/show_bug.cgi?id=154035

        Reviewed by Antti Koivisto.

        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::Context::Context):

2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Toggle buttons are blurry with GTK+ 3.19
        https://bugs.webkit.org/show_bug.cgi?id=154007

        Reviewed by Michael Catanzaro.

        Use min-width/min-height style properties when GTK+ >= 3.19.7 to
        get the size of toggle buttons.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::setToggleSize):
        (WebCore::paintToggle):

2016-02-09  Aakash Jain  <aakash_jain@apple.com>

        Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
        https://bugs.webkit.org/show_bug.cgi?id=146984

        Reviewed by Alexey Proskuryakov.

        * Modules/speech/SpeechSynthesis.h:
        * contentextensions/ContentExtensionError.h:
        * dom/DeviceOrientationClient.h:
        * platform/graphics/Color.h:
        * platform/ios/wak/WebCoreThread.h:
        * platform/network/CacheValidation.h:
        * platform/network/cf/CertificateInfo.h:

2016-02-09  Nan Wang  <n_wang@apple.com>

        AX: Implement word related text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=153939
        <rdar://problem/24269605>

        Reviewed by Chris Fleizach.

        Using CharacterOffset to implement word related text marker calls. Reused
        logic from previousBoundary and nextBoundary in VisibleUnits class.

        Test: accessibility/mac/text-marker-word-nav.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        (WebCore::AXObjectCache::rangeForNodeContents):
        (WebCore::isReplacedNodeOrBR):
        (WebCore::characterOffsetsInOrder):
        (WebCore::resetNodeAndOffsetForReplacedNode):
        (WebCore::setRangeStartOrEndWithCharacterOffset):
        (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
        (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
        (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
        (WebCore::AXObjectCache::previousNode):
        (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
        (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
        (WebCore::AXObjectCache::nextCharacterOffset):
        (WebCore::AXObjectCache::previousCharacterOffset):
        (WebCore::startWordBoundary):
        (WebCore::endWordBoundary):
        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
        (WebCore::AXObjectCache::nextWordEndCharacterOffset):
        (WebCore::AXObjectCache::leftWordRange):
        (WebCore::AXObjectCache::rightWordRange):
        (WebCore::characterForCharacterOffset):
        (WebCore::AXObjectCache::characterAfter):
        (WebCore::AXObjectCache::characterBefore):
        (WebCore::parentEditingBoundary):
        (WebCore::AXObjectCache::nextWordBoundary):
        (WebCore::AXObjectCache::previousWordBoundary):
        (WebCore::AXObjectCache::rootAXEditableElement):
        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::removeNodeForUse):
        (WebCore::AXObjectCache::isNodeInUse):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
        (textMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        * editing/VisibleUnits.cpp:
        (WebCore::rightWordPosition):
        (WebCore::prepend):
        (WebCore::appendRepeatedCharacter):
        (WebCore::suffixLengthForRange):
        (WebCore::prefixLengthForRange):
        (WebCore::backwardSearchForBoundaryWithTextIterator):
        (WebCore::forwardSearchForBoundaryWithTextIterator):
        (WebCore::previousBoundary):
        (WebCore::nextBoundary):
        * editing/VisibleUnits.h:

2016-02-09  Daniel Bates  <dabates@apple.com>

        CSP: Extract helper classes into their own files
        https://bugs.webkit.org/show_bug.cgi?id=154040
        <rdar://problem/24571189>

        Reviewed by Brent Fulgham.

        No functionality was changed. So, no new tests.

        * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
        variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
        (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
        (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
        (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
        (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
        (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
        (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
        (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
        (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
        (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
        (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirective.h: Added.
        * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
        Updated code to make use of the functions defined in ParsingUtilities.h.
        (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
        (WebCore::isCSPDirectiveName): Ditto.
        (WebCore::isDirectiveNameCharacter): Ditto.
        (WebCore::isDirectiveValueCharacter): Ditto.
        (WebCore::isNotASCIISpace): Ditto.
        * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
        * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
        (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
        (WebCore::isNotASCIISpace): Ditto.
        * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
        * page/csp/ContentSecurityPolicySource.cpp: Added.
        * page/csp/ContentSecurityPolicySource.h: Added.
        * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
        (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
        (WebCore::isHostCharacter): Ditto.
        (WebCore::isPathComponentCharacter): Ditto.
        (WebCore::isSchemeContinuationCharacter): Ditto.
        (WebCore::isNotColonOrSlash): Ditto.
        (WebCore::isSourceListNone): Ditto.
        * page/csp/ContentSecurityPolicySourceList.h: Added.
        * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
        * page/csp/ContentSecurityPolicySourceListDirective.h: Added.

2016-02-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: TransactionOperation objects leak.
        https://bugs.webkit.org/show_bug.cgi?id=154054

        Reviewed by Alex Christensen.

        No new tests (Currently untestable).

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
          the map, as this operation doesn't complete "normally" like most others.
        (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
        
        * Modules/indexeddb/client/TransactionOperation.h:
        (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
          as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
        (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.

2016-02-09  Jer Noble  <jer.noble@apple.com>

        [Mac] Graphical corruption in videos when enabling custom loading path
        https://bugs.webkit.org/show_bug.cgi?id=154044

        Reviewed by Alex Christensen.

        The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
        set to be a serial queue. So when adding dataReceived operations to that queue, there exists
        the possibility that some operations are handled before others, and the client will receieve
        data out of order.

        A real NSURLSession object will only issue another operation when the first operation
        completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
        The internal queue will enqueue an operation to the resource loader's queue, and block until
        that operation completes, thus ensuring ordering of the data (and other) operations.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
        (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
        (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
        (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
        (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
        (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
        (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
        (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.

        Drive-by fix:
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
            queue, matching NSURLSessionDataTask's behavior.

2016-02-09  Nan Wang  <n_wang@apple.com>

        [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
        https://bugs.webkit.org/show_bug.cgi?id=154039

        Reviewed by Chris Fleizach.

        We are accessing the derefed node in the CharacterOffset object, we should create an empty
        CharacterOffset object if the node is not in use.

        It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityTextMarker characterOffset]):
        (-[WebAccessibilityTextMarker isIgnored]):

2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Unreviewed build fix after r196322

        Unreviewed.

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::font):

2016-02-09  Zalan Bujtas  <zalan@apple.com>

        Outline corners do not align properly for multiline inlines.
        https://bugs.webkit.org/show_bug.cgi?id=154025

        Reviewed by David Hyatt.

        Adjust border position when outline-offset > 0. This patch also
        removes integral pixelsnapping (drawLineForBoxSide takes care of
        device pixelsnapping). 

        Test: fast/inline/outline-corners-with-offset.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutlineForLine):

2016-02-09  Jer Noble  <jer.noble@apple.com>

        [Mac] Adopt NSURLSession properties in AVAssetResourceLoader

        Rubber-stamped by Eric Carlson;

        Set the correct global variable from setAVFoundationNSURLSessionEnabled().

        * page/Settings.cpp:
        (WebCore::Settings::setAVFoundationNSURLSessionEnabled):

2016-02-07  Gavin Barraclough  <barraclough@apple.com>

        GetValueFunc/PutValueFunc should not take both slotBase and thisValue
        https://bugs.webkit.org/show_bug.cgi?id=154009

        Reviewed by Geoff Garen.

        In JavaScript there are two types of properties - regular value properties, and accessor properties.
        One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
        what object they operate on in the case of a prototype access. If you access a value property of a
        prototype object it return a value pertinent to the prototype, but in the case of a prototype object
        returning an accessor, then the accessor function is applied to the base object of the access.

        JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
        can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
        is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
        supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
        right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.

        Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::printErrorMessageForFrame):
        (WebCore::objectToStringFunctionGetter):
        * bindings/js/JSDOMBinding.h:
        (WebCore::propertyNameToString):
        (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
        (WebCore::nonCachingStaticFunctionGetter):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::visitAdditionalChildren):
        (WebCore::childFrameGetter):
        (WebCore::namedItemGetter):
        (WebCore::jsDOMWindowWebKit):
        (WebCore::jsDOMWindowIndexedDB):
            - add missing null check, in case indexDB acessor is applied to non-window object.
        * bindings/js/JSPluginElementFunctions.cpp:
        (WebCore::pluginScriptObject):
        (WebCore::pluginElementPropertyGetter):
        * bindings/js/JSPluginElementFunctions.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        * bridge/runtime_array.cpp:
        (JSC::RuntimeArray::destroy):
        (JSC::RuntimeArray::lengthGetter):
        * bridge/runtime_array.h:
        * bridge/runtime_method.cpp:
        (JSC::RuntimeMethod::finishCreation):
        (JSC::RuntimeMethod::lengthGetter):
        * bridge/runtime_method.h:
        * bridge/runtime_object.cpp:
        (JSC::Bindings::RuntimeObject::invalidate):
        (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
        (JSC::Bindings::RuntimeObject::fieldGetter):
        (JSC::Bindings::RuntimeObject::methodGetter):
        * bridge/runtime_object.h:
            - Merged slotBase & thisValue to custom property callbacks.

2016-02-09  Jer Noble  <jer.noble@apple.com>

        Build-fix; add Nullibility macros around previously un-macro'd class definitions.

        * platform/spi/mac/AVFoundationSPI.h:

2016-02-04  Jer Noble  <jer.noble@apple.com>

        [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=153873

        Reviewed by Eric Carlson.

        Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
        use for media loading, and control the use of this property with a new Setting.

        * page/Settings.cpp:
        (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
        * page/Settings.h:
        (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
        * platform/spi/mac/AVFoundationSPI.h:

2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>

        Decouple font creation from font loading
        https://bugs.webkit.org/show_bug.cgi?id=153414

        Reviewed by Darin Adler.

        Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
        that the function which triggers the download also has the goal of returning a font to use. However,
        the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
        creation overhead.

        In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
        this:
                            => Success
                          //
        Pending => Loading
                          \\
                            => Failure

        Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
        that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
        CSSFontFaceSources may be in.

        No new tests because there is no behavior change.

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
        (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
        (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
        (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
        (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
        (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
        (WebCore::CSSFontFace::isValid): Deleted.
        (WebCore::CSSFontFace::addSource): Deleted.
        (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
        (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
        * css/CSSFontFace.h:
        (WebCore::CSSFontFace::create): Remove old dead code.
        (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
        (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
        (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
        (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
        (WebCore::CSSFontFaceSource::load): Pulled out code from font().
        (WebCore::CSSFontFaceSource::font): Moved code into load().
        (WebCore::CSSFontFaceSource::isValid): Deleted.
        (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
        (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
        * css/CSSFontFaceSource.h: Much cleaner API.
        * css/CSSFontSelector.cpp:
        (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
        reorganization.
        (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
        (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
        (WebCore::CSSFontSelector::getFontFace): Ditto.
        * css/CSSSegmentedFontFace.cpp:
        (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
        (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
        (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
        (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
        (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
        (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
        (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
        (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
        (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
        * css/CSSSegmentedFontFace.h:
        (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
        (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
        (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
        (WebCore::CachedFont::checkNotify): Ditto.
        * loader/cache/CachedFontClient.h:
        (WebCore::CachedFontClient::fontLoaded): Ditto.

2016-02-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: IDBOpenDBRequests leak.
        https://bugs.webkit.org/show_bug.cgi?id=154032

        Reviewed by Alex Christensen.

        No new tests (Currently untestable).

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
        drop the last ref to the request after its last event fires or is otherwise destroyed:
        * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
        (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
        * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
        (WebCore::IDBRequestCompletionEvent::create):

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
        (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
        (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
          completion event to fire, clear the back-ref to the request.

2016-02-09  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196286.
        https://bugs.webkit.org/show_bug.cgi?id=154026

        Looks like 5% iOS PLT regression (Requested by kling on
        #webkit).

        Reverted changeset:

        "[iOS] Throw away some unlinked code when navigating to a new
        page."
        https://bugs.webkit.org/show_bug.cgi?id=154014
        http://trac.webkit.org/changeset/196286

2016-02-08  Chris Dumez  <cdumez@apple.com>

        Attribute getters should not require an explicit 'this' value for Window properties
        https://bugs.webkit.org/show_bug.cgi?id=153968

        Reviewed by Darin Adler.

        Attribute getters should not require an explicit 'this' value for
        Window properties. This is because the Window interface is marked
        as [ImplicitThis]:
        - http://heycam.github.io/webidl/#ImplicitThis
        - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421

        This matches the behavior of Firefox and the expectations of the W3C
        web-platform-tests.

        No new tests, already covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        In attribute getters of an interface marked as [ImplicitThis],
        if 'thisValue' is undefined or null, fall back to using the
        global object as 'thisValue'.

        * bindings/scripts/IDLAttributes.txt:
        Add support for [ImplicitThis]:
        http://heycam.github.io/webidl/#ImplicitThis

        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        Rebaseline bindings tests.

        * page/DOMWindow.idl:
        Mark Window as [ImplicitThis]:
        http://heycam.github.io/webidl/#ImplicitThis

2016-02-08  Nan Wang  <n_wang@apple.com>

        AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
        https://bugs.webkit.org/show_bug.cgi?id=154018

        Reviewed by Chris Fleizach.

        Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
        and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
        object.

        Test: accessibility/text-marker/text-marker-range-stale-node-crash.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
        (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        * accessibility/AXObjectCache.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
        (characterOffsetForTextMarker):
        (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
        (textMarkerForVisiblePosition):

2016-02-08  Andreas Kling  <akling@apple.com>

        [iOS] Throw away some unlinked code when navigating to a new page.
        <https://webkit.org/b/154014>

        Reviewed by Gavin Barraclough.

        Extended the mechanism introduced earlier to also throw away unlinked code
        that's only relevant to the page that we're navigating away from.

        The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
        like, deleting unlinked and linked code but leaving code caches alone.

        This means that if the page we're navigating to wants to parse some of the
        same JS that the page we're leaving had on it, it might still be found in the
        JSC::CodeCache.

        Doing a back navigation to a PageCache'd page may now incur some reparsing,
        just like leaving the app or tab would.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::deleteAllCodeExceptCaches):
        (WebCore::GCController::deleteAllLinkedCode): Deleted.
        * bindings/js/GCController.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

2016-02-08  Daniel Bates  <dabates@apple.com>

        CSP connect-src directive should block redirects
        https://bugs.webkit.org/show_bug.cgi?id=69359
        <rdar://problem/24383025>

        Reviewed by Brent Fulgham.

        Inspired by Blink patch:
        <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>

        Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
        of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
        <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).

        Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
        the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
        then we do not try to load URLs j >= i.

        Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
               http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
               http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
               http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
               http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
               http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html

        * fileapi/FileReaderLoader.cpp:
        (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
        with the Web Inspector.
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
        and pass it through to DocumentThreadableLoader::create().
        (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
        to DocumentThreadableLoader::DocumentThreadableLoader().
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
        Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
        that is not allowed by the CSP. The caller should not create a loader for such a request.
        (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
        then notify the client that the redirect check failed.
        (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
        by the enforced CSP directive.
        (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
        DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
        * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
        that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
        (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
        * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
        directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
        only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
        with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
        to the DocumentThreadableLoader.
        * loader/WorkerThreadableLoader.h:
        * page/EventSource.cpp:
        (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
        * workers/AbstractWorker.cpp:
        (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
        instead of querying for it directly.
        * workers/AbstractWorker.h:
        * workers/Worker.cpp:
        (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
        on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
        of the worker's script URL.
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
        Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
        (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
        * workers/WorkerScriptLoader.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
        an isolated world.

2016-02-08  Antti Koivisto  <antti@apple.com>

        Try to fix Yosemite build.

        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
        (WebCore::ComposedTreeIterator::traverseNext):

2016-02-08  Antti Koivisto  <antti@apple.com>

        Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
        https://bugs.webkit.org/show_bug.cgi?id=154003

        Reviewed by Darin Adler.

        Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
        It can also return nodes other than Element and Text which should not be part of the composed tree.

        This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
        ComposedTreeIterator is then implemented using this new iterator.

        When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
        iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
        local iterator becomes active.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/ComposedTreeIterator.cpp:
        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
        (WebCore::ComposedTreeIterator::initializeContextStack):
        (WebCore::ComposedTreeIterator::pushContext):
        (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
        (WebCore::ComposedTreeIterator::traverseNextLeavingContext):
        (WebCore::ComposedTreeIterator::advanceInSlot):
        (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
        (WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
        (WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
        (WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
        (WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
        * dom/ComposedTreeIterator.h:
        (WebCore::ComposedTreeIterator::operator*):
        (WebCore::ComposedTreeIterator::operator->):
        (WebCore::ComposedTreeIterator::operator==):
        (WebCore::ComposedTreeIterator::operator!=):
        (WebCore::ComposedTreeIterator::operator++):
        (WebCore::ComposedTreeIterator::Context::Context):
        (WebCore::ComposedTreeIterator::context):
        (WebCore::ComposedTreeIterator::current):
        (WebCore::ComposedTreeIterator::ComposedTreeIterator):
        (WebCore::ComposedTreeIterator::traverseNext):
        (WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
        (WebCore::ComposedTreeIterator::traverseNextSibling):
        (WebCore::ComposedTreeIterator::traversePreviousSibling):
        (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
        (WebCore::ComposedTreeDescendantAdapter::begin):
        (WebCore::ComposedTreeDescendantAdapter::end):
        (WebCore::ComposedTreeDescendantAdapter::at):
        (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
        (WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
        (WebCore::ComposedTreeChildAdapter::begin):
        (WebCore::ComposedTreeChildAdapter::end):
        (WebCore::ComposedTreeChildAdapter::at):
        (WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
        (WebCore::ComposedTreeIterator::traverseParent): Deleted.
        * dom/ElementAndTextDescendantIterator.h: Added.

            New iterator type that traverses Element and Text nodes (that is renderable nodes only).
            It also tracks depth for future use.

2016-02-08  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
        https://bugs.webkit.org/show_bug.cgi?id=148605

        Reviewed by Brian Burg.

        Test: inspector/console/command-line-api-copy.html

        * inspector/CommandLineAPIModuleSource.js:
        (CommandLineAPIImpl.prototype.copy):
        Support copying different types. This is meant to be more
        convenient then just JSON.stringify, so it handles types
        like Node, Symbol, RegExp, and Function a bit better.

2016-02-08  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r181345): SVG polyline and polygon leak page
        https://bugs.webkit.org/show_bug.cgi?id=152759

        Reviewed by Darin Adler.

        The leak happens because of cyclic reference between SVGListPropertyTearOff 
        and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
        There is also cyclic reference between SVGAnimatedProperty and SVGElement
        and this causes the whole document to be leaked. So if the JS requests, for
        example, an instance of SVGPolylineElement.points, the whole document will be
        leaked.

        The fix depends on having the cyclic reference as is since the owning and the
        owned classes have to live together if any of them is referenced. But the owning
        class caches a raw 'ref-counted' pointer of the owned class. If it is requested
        for an instance of the owned class it returned a RefPtr<> of it. Once the owned
        class is not used, it can delete itself. The only thing needed here is to notify
        the owner class of the deletion so it cleans its caches and be able to create a
        new pointer if it is requested for an instance of the owned class later.

        Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
        to break the cyclic reference between SVGElement and SVGAnimatedProperty.
        
        Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
        animVal() to break cyclic reference between SVGListPropertyTearOff and
        SVGAnimatedListPropertyTearOff.

        Test: svg/animations/smil-leak-list-property-instances.svg

        * bindings/scripts/CodeGeneratorJS.pm:
        (NativeToJSValue): The SVG non-string list tear-off properties became of
        type RefPtr<>. So we need to use get() with the casting expressions.
        
        * svg/SVGMarkerElement.cpp:
        (WebCore::SVGMarkerElement::orientType):
        Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().

        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::pathByteStream):
        (WebCore::SVGPathElement::lookupOrCreateDWrapper):
        Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to 
        use get() for the casting expressions.
        
        (WebCore::SVGPathElement::pathSegList):
        (WebCore::SVGPathElement::normalizedPathSegList):
        (WebCore::SVGPathElement::animatedPathSegList):
        (WebCore::SVGPathElement::animatedNormalizedPathSegList):
        * svg/SVGPathElement.h:
        Change the return value from raw pointer to RefPtr<>.

        * svg/SVGPathSegWithContext.h:
        (WebCore::SVGPathSegWithContext::animatedProperty):
        Change the return type to be RefPtr<> to preserve the value from being deleted.
        
        * svg/SVGPolyElement.cpp:
        (WebCore::SVGPolyElement::parseAttribute):
        Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
        use get() for the casting expressions.
        
        (WebCore::SVGPolyElement::points):
        (WebCore::SVGPolyElement::animatedPoints):
        * svg/SVGPolyElement.h:
        Change the return value from raw pointer to RefPtr<>.
        
        * svg/SVGViewSpec.cpp:
        (WebCore::SVGViewSpec::setTransformString):
        Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
        use get() for the casting expressions.

        (WebCore::SVGViewSpec::transform):
        * svg/SVGViewSpec.h:
        Change the return value from raw pointer to RefPtr<>.
        
        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedListPropertyTearOff::animVal):
        Change the return value from raw pointer to RefPtr<> and change the cached
        value from RefPtr<> to raw pointer. If the property is null, it will be
        created, its raw pointer will be cached and the only ref-counted RefPtr<>
        will be returned. This will guarantee, the RefPtr<> will be deleted once
        it is not used anymore. 
        
        (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
        Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
        actual pointer. This function will be called from the destructor of
        SVGListPropertyTearOff.
        
        (WebCore::SVGAnimatedListPropertyTearOff::findItem):
        (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
        We have to ensure the baseVal() is created before using it.
        
        (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
        (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
        (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
        (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
        (WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
        (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
        For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
        to the animVal(). This will prevent deleting m_animVal while animation.
        
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
        Same as what is done in SVGAnimatedListPropertyTearOff.
        
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
        (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
        Same as what is done in SVGAnimatedListPropertyTearOff.
        
        * svg/properties/SVGAnimatedProperty.h:
        (WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
        Change the return value from raw reference to Ref<> and change the
        cached value from Ref<> to raw pointer. This reverts the change of
        r181345 in this function.
        
        (WebCore::SVGAnimatedProperty::lookupWrapper):
        Change the return value from raw pointer to RefPtr<>.
        
        * svg/properties/SVGAnimatedPropertyMacros.h:
        Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
        
        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
        (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
        Same as what is done in SVGAnimatedListPropertyTearOff.

        * svg/properties/SVGListPropertyTearOff.h:
        (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
        Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
        its raw pointers when the RefPtr<> deletes itself.

2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] WebKitWebView should send crossing events to the WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=153740

        Reviewed by Michael Catanzaro.

        Update the target element under the mouse also when only updating
        scrollbars, so that if the mouse enters the page when the window
        is not active, the scroll animator is notified that the mouse
        entered the scrollable area.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseMoveEvent): Call
        updateMouseEventTargetNode() before early returning in case of
        only updating scrollbars.

2016-02-08  Jeremy Jones  <jeremyj@apple.com>

        PiP and external playback are mutually exclusive.
        https://bugs.webkit.org/show_bug.cgi?id=153988
        rdar://problem/24108661

        Reviewed by Eric Carlson.

        Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
        when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to 
        turn-off external playback when entering picture-in-picture.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController isPlayingOnExternalScreen]):
        (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):

2016-02-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196253.
        https://bugs.webkit.org/show_bug.cgi?id=153990

        Caused several crashes in GTK+ bots (Requested by KaL on
        #webkit).

        Reverted changeset:

        "[GTK] WebKitWebView should send crossing events to the
        WebProcess"
        https://bugs.webkit.org/show_bug.cgi?id=153740
        http://trac.webkit.org/changeset/196253

2016-02-08  Jeremy Jones  <jeremyj@apple.com>

        WebAVPlayerController should implement currentTimeWithinEndTimes.
        https://bugs.webkit.org/show_bug.cgi?id=153983
        rdar://problem/22864621

        Reviewed by Eric Carlson.

        Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
        implementation becuase AVPlayer start and end times aren't used.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerController currentTimeWithinEndTimes]):
        (-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
        (+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):

2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] WebKitWebView should send crossing events to the WebProcess
        https://bugs.webkit.org/show_bug.cgi?id=153740

        Reviewed by Michael Catanzaro.

        Update the target element under the mouse also when only updating
        scrollbars, so that if the mouse enters the page when the window
        is not active, the scroll animator is notified that the mouse
        entered the scrollable area.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleMouseMoveEvent): Call
        updateMouseEventTargetNode() before early returning in case of
        only updating scrollbars.

2016-02-08  Jeremy Jones  <jeremyj@apple.com>

        WebVideoFullscreenInterface should handle video resizing.
        https://bugs.webkit.org/show_bug.cgi?id=153982
        rdar://problem/22031249

        Reviewed by Eric Carlson.

        Video fullscreen can be initiated before video dimension are available.
        Protect against an initial width or height of zero and observe resize events 
        to update once video dimensions become available or change.

        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::updateForEventName):
        (WebVideoFullscreenModelVideoElement::observedEventNames):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerLayer layoutSublayers]):
        (-[WebAVPlayerLayer videoRect]):
        (WebVideoFullscreenInterfaceAVKit::setVideoDimensions):

2016-02-08  Adrien Plazas  <aplazas@igalia.com>

        Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
        https://bugs.webkit.org/show_bug.cgi?id=153824

        Reviewed by Michael Catanzaro.

        * editing/markup.cpp:
        (WebCore::highestAncestorToWrapMarkup):

2016-02-07  Sam Weinig  <sam@webkit.org>

        Remove unused enum ScrollbarOverlayState.

        Rubber-stamped by Dan Bernstein.

        * platform/ScrollTypes.h:

2016-02-07  Sam Weinig  <sam@webkit.org>

        Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
        https://bugs.webkit.org/show_bug.cgi?id=153970

        Reviewed by Dan Bernstein.

        -[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
        -[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
        are now available on all supported OS's. No need to check for them.

        * platform/mac/ScrollAnimatorMac.mm:
        (macScrollbarTheme):
        (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
        (WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
        (WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
        (WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
        (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
        (supportsUIStateTransitionProgress): Deleted.
        (supportsExpansionTransitionProgress): Deleted.
        (supportsContentAreaScrolledInDirection): Deleted.
        * platform/mac/ScrollbarThemeMac.mm:
        (+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
        (+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
        (WebCore::ScrollbarThemeMac::scrollbarThickness):

2016-02-07  Sam Weinig  <sam@webkit.org>

        Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
        https://bugs.webkit.org/show_bug.cgi?id=153969

        Reviewed by Dan Bernstein.

        * WebCore.xcodeproj/project.pbxproj:
        Add new file NSScrollerImpSPI.h

        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        Use new include of NSScrollerImpSPI.h.

        * platform/ScrollbarThemeComposite.h:
        Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.

        * platform/mac/NSScrollerImpDetails.h:
        Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h

        * platform/mac/NSScrollerImpDetails.mm:
        (WebCore::recommendedScrollerStyle):
        Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].

        * platform/mac/ScrollAnimatorMac.mm:
        (supportsUIStateTransitionProgress):
        (supportsExpansionTransitionProgress):
        (supportsContentAreaScrolledInDirection):
        Stop using NSClassFromString now that we can reference the classes explicitly.

        (-[WebScrollbarPainterControllerDelegate invalidate]):
        (-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
        (-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
        (-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
        (-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
        (-[WebScrollbarPainterDelegate layer]):
        (-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
        (-[WebScrollbarPainterDelegate convertRectToLayer:]):
        (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
        (-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
        (-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
        (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
        (WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
        (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
        (WebCore::ScrollAnimatorMac::updateScrollerStyle):
        Add proper conforming to protocols and replace ids with proper types.

        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::supportsExpandedScrollbars):
        (WebCore::ScrollbarThemeMac::registerScrollbar):
        (WebCore::ScrollbarThemeMac::scrollbarThickness):
        (WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
        Stop using NSClassFromString now that we can reference the classes explicitly.

        * platform/spi/mac/NSScrollerImpSPI.h: Added.

2016-02-07  Zalan Bujtas  <zalan@apple.com>

        Outline does not clip when ancestor has overflow: hidden and requires layer.
        https://bugs.webkit.org/show_bug.cgi?id=153901

        Now that outline is part of visual overflow, we no longer need the special outline cliprect.
        PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
        at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
        With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc). 

        Reviewed by David Hyatt.

        Test: fast/repaint/outline-with-overflow-hidden-ancestor.html

        * rendering/LayerFragment.h:
        (WebCore::LayerFragment::setRects):
        (WebCore::LayerFragment::moveBy): Deleted.
        (WebCore::LayerFragment::intersect): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::collectFragments):
        (WebCore::RenderLayer::paintOutlineForFragments):
        (WebCore::RenderLayer::calculateClipRects):
        (WebCore::RenderLayer::paintForegroundForFragments): Deleted.
        * rendering/RenderLayer.h:
        * rendering/RenderTreeAsText.cpp:
        (WebCore::write):
        (WebCore::writeLayers):

2016-02-07  Daniel Bates  <dabates@apple.com>

        CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
        https://bugs.webkit.org/show_bug.cgi?id=153622
        <rdar://problem/24400023>

        Reviewed by Gavin Barraclough.

        Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
        would be subject to the Content Security Policy of the page.

        Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
        the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
        subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
        the page.

        Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html

        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
        main world Content Security Policy now that script execution context knows this information.
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
        * bindings/js/ScriptController.h:
        * dom/Document.cpp:
        (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
        * dom/Document.h:
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
        do not bypass the main world Content Security Policy.
        * page/EventSource.cpp:
        (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
        main world Content Security Policy now that script execution context knows this information.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
        * page/csp/ContentSecurityPolicy.h:
        * workers/AbstractWorker.cpp:
        (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
        Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
        directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
        always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
        this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
        as to whether to bypass the main world Content Security Policy and only apply the Content Security
        Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
        (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
        as to whether to bypass the main world Content Security Policy.
        * workers/DedicatedWorkerGlobalScope.h:
        * workers/DedicatedWorkerThread.cpp:
        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
        * workers/DedicatedWorkerThread.h:
        * workers/Worker.cpp:
        (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
        that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
        We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
        because it is dependent on the current JavaScript program stack at the time this function is invoked.
        (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
        * workers/Worker.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
        main world Content Security Policy and store it in a member field. Also, always instantiate a Content
        Security Policy object as our current code assumes that one is always created.
        * workers/WorkerGlobalScope.h:
        * workers/WorkerGlobalScopeProxy.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
        as to whether to bypass the main world Content Security Policy.
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
        whether to bypass the main world Content Security Policy and store it in a member field.
        (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
        as to whether to bypass the main world Content Security Policy.
        (WebCore::WorkerThread::workerThread): Ditto.
        * workers/WorkerThread.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
        main world Content Security Policy now that script execution context knows this information.

2016-02-07  Dan Bernstein  <mitz@apple.com>

        [Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
        https://bugs.webkit.org/show_bug.cgi?id=153963

        Reviewed by Sam Weinig.

        * accessibility/mac/AXObjectCacheMac.mm:
        * crypto/CommonCryptoUtilities.cpp:
        * crypto/CommonCryptoUtilities.h:
        * editing/mac/TextUndoInsertionMarkupMac.h:
        * editing/mac/TextUndoInsertionMarkupMac.mm:
        * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
        * platform/graphics/cg/ImageSourceCG.cpp:
        * platform/graphics/mac/PDFDocumentImageMac.mm:
        * platform/network/ios/NetworkStateNotifierIOS.mm:
        * platform/network/mac/BlobDataFileReferenceMac.mm:
        * platform/network/mac/ResourceHandleMac.mm:
        * rendering/RenderThemeMac.mm:

2016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
        https://bugs.webkit.org/show_bug.cgi?id=153695

        Reviewed by Michael Catanzaro.

        The problem is that ScrollAnimation objects are not destroyed by
        the ScrollAnimator destructor, because I forgot to add a virtual
        destructor for ScrollAnimation in r195661.

        * platform/ScrollAnimation.h:
        (WebCore::ScrollAnimation::~ScrollAnimation):

2016-02-06  Chris Dumez  <cdumez@apple.com>

        Prevent cross-origin access to window.history
        https://bugs.webkit.org/show_bug.cgi?id=153931

        Reviewed by Darin Adler.

        Prevent cross-origin access to window.history to match the specification [1]
        and the behavior of other browsers (tested Firefox and Chrome).

        [1] https://html.spec.whatwg.org/multipage/browsers.html#security-window

        No new tests, already covered by existing tests that
        were updated in this patch.

        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::pushState):
        (WebCore::JSHistory::replaceState):
        (WebCore::JSHistory::state): Deleted.
        * page/DOMWindow.idl:
        * page/History.idl:

2016-02-06  Beth Dakin  <bdakin@apple.com>

        ScrollbarPainters needs to be deallocated on the main thread
        https://bugs.webkit.org/show_bug.cgi?id=153932
        -and corresponding-
        rdar://problem/24015483

        Reviewed by Dan Bernstein.

        Darin pointed out that this was still race-y. There was still a race 
        condition between the destruction of the two local variables and the
        destruction of the lambda on the main thread. This should fix that. 
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

2016-02-06  Darin Adler  <darin@apple.com>

        Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
        https://bugs.webkit.org/show_bug.cgi?id=153905

        Reviewed by Sam Weinig.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
        tweaked style a tiny bit and used u_toupper rather than converting an entire
        string to uppercase.

        * dom/Document.cpp:
        (WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
        of case folding rather than lowercasing.
        (WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
        (WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
        * dom/Document.h: Ditto.
        * dom/DocumentOrderedMap.cpp:
        (WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
        (WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
        * dom/DocumentOrderedMap.h: Ditto.

        * dom/TreeScope.cpp:
        (WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
        Simplified logic for cases where the URL does not have a "#" character in it.
        Use case folding instead of lowercase.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::_processText): Removed unneded special case for the empty string.
        Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
        functions by their new names.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
        lowerasing for the usemap attribute.
        (WebCore::HTMLImageElement::insertedInto): Ditto.
        (WebCore::HTMLImageElement::removedFrom): Ditto.
        (WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
        * html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.

        * html/HTMLMapElement.cpp:
        (WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
        for usemap.
        (WebCore::HTMLMapElement::parseAttribute): Ditto.

        * platform/Language.cpp:
        (WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
        (WebCore::indexOfBestMatchingLanguageInList): Ditto.

        * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
        (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.

        * platform/network/HTTPParsers.cpp:
        (WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
        of lowercasing to check for a specific header value.

        * platform/network/MIMEHeader.cpp:
        (WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
        (WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
        instead of lowercasing.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
        (WebCore::clientCertificates): Ditto.
        (WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
        set is now ASCII case-insensitive.
        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
        (WebCore::ResourceHandle::setClientCertificate): Ditto.

        * platform/network/curl/CookieJarCurl.cpp:
        (WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
        lowercasing.

        * platform/network/curl/MultipartHandle.cpp:
        (WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
        make a MIME type lowercase.

        * platform/network/curl/ResourceHandleCurl.cpp:
        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
        conversion to lowercase now that the set is ASCII case-insensitive.
        (WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
        that is then never used for anything.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::headerCallback): Use convertToASCIILowercase for MIME type.

        * platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
        ASCII case-insensitive.
        (WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
        is now ASCII case insensitve.
        (WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
        don't have to write out the map type.
        (WebCore::sslIgnoreHTTPSCertificate): Ditto.
        (WebCore::certVerifyCallback): Ditto.

        * platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
        ASCII case-insensitive.
        (WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
        (WebCore::handleUnignoredTLSErrors): Ditto.
        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
        (WebCore::ResourceHandle::setClientCertificate): Ditto.

        * platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
        names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
        (WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
        unnecessary lowercasing of the script name before looking at the map.
        (WebCore::localeToScriptCodeForFontSelection): Ditto.

        * platform/text/win/LocaleWin.cpp:
        (WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
        unneeded lowercasing.

        * platform/win/PasteboardWin.cpp:
        (WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
        of lowercasing.

        * rendering/RenderText.cpp:
        (WebCore::applyTextTransform): Use new names for the upper and lower functions.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
        DOMImplementation now has ASCII case-insensitive handling of MIME types.

2016-02-06  Zalan Bujtas  <zalan@apple.com>

        Outline should contribute to visual overflow.
        https://bugs.webkit.org/show_bug.cgi?id=153299

        This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
        Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
        outline borders.
        This patch fixes several focusring related repaint issues. However when both the outline: auto
        and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
        (Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
        It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.

        Reviewed by David Hyatt.

        Test: fast/repaint/focus-ring-repaint.html
              fast/repaint/focus-ring-repaint-with-negative-offset.html

        * css/html.css: resetting to old behavior.
        (:focus):
        (input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
        * rendering/InlineFlowBox.cpp:
        (WebCore::InlineFlowBox::addToLine):
        (WebCore::InlineFlowBox::addOutlineVisualOverflow):
        (WebCore::InlineFlowBox::computeOverflow):
        (WebCore::InlineFlowBox::paint): Deleted.
        * rendering/InlineFlowBox.h:
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeOverflow):
        (WebCore::RenderBlock::outlineStyleForRepaint):
        (WebCore::RenderBlock::paint): Deleted.
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutBlock): Deleted.
        (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::addVisualEffectOverflow):
        (WebCore::RenderBox::applyVisualEffectOverflow):
        (WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderDetailsMarker.cpp:
        (WebCore::RenderDetailsMarker::paint): Deleted.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::insertChildInternal):
        (WebCore::RenderElement::styleDidChange):
        (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
        (WebCore::RenderElement::issueRepaintForOutlineAuto):
        (WebCore::RenderElement::updateOutlineAutoAncestor):
        (WebCore::RenderElement::computeMaxOutlineSize): Deleted.
        (WebCore::RenderElement::styleWillChange): Deleted.
        * rendering/RenderElement.h:
        (WebCore::RenderElement::hasContinuation):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutlineForLine): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::anyLineIntersectsRect):
        (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
        (WebCore::RenderLineBoxList::paint):
        (WebCore::isOutlinePhase): Deleted.
        * rendering/RenderLineBoxList.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::computePreferredLogicalWidths):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::paint): Deleted.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
        painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
        the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
        issue the repaint on the ancestor if we crossed repaint container.
 
        (WebCore::RenderObject::repaintUsingContainer):
        (WebCore::RenderObject::adjustRectForOutlineAndShadow):
        (WebCore::RenderObject::setHasOutlineAutoAncestor):
        (WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.
        
        * rendering/RenderObject.h: We mark the descendants of outline: auto so that
        when a child renderer changes we can propagate the repaint to the ancestor with outline.

        (WebCore::RenderObject::hasOutlineAutoAncestor):
        (WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::overflowRectForFlowThreadPortion):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::shouldPaint): Deleted.
        (WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::paint): Deleted.
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
        (WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::layout):
        (WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::layoutRows):
        (WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
        (WebCore::RenderTableSection::paintObject): Deleted.
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::platformFocusRingWidth):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::setMaximalOutlineSize): Deleted.
        * rendering/RenderView.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeAffectsVisualOverflow):
        (WebCore::RenderStyle::outlineWidth):
        * rendering/style/RenderStyle.h:

2016-02-06  Andreas Kling  <akling@apple.com>

        [iOS] Throw away linked code when navigating to a new page.
        <https://webkit.org/b/153851>

        Reviewed by Gavin Barraclough.

        When navigating to a new page, tell JSC to throw out any linked code it has lying around.
        Linked code is tied to a specific global object, and as we're creating a new one for the
        new page, none of it is useful to us here.

        In the event that the user navigates back, the cost of relinking some code will be far
        lower than the memory cost of keeping all of it around.

        This landed previously but was rolled out due to a Speedometer regression. I've made one
        minor but important change here: only throw away code if we're navigating away from an
        existing history item. Or in other words, don't throw away code for "force peeks" or any
        other navigations that are not traditional top-level main frame navigations.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::deleteAllLinkedCode):
        * bindings/js/GCController.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

2016-02-06  Konstantin Tokarev  <annulen@yandex.ru>

        Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
        https://bugs.webkit.org/show_bug.cgi?id=153924

        Reviewed by Andreas Kling.

        No new tests needed.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
        (WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
        (WebCore::AXObjectCache::rangeForNodeContents): Ditto.
        (WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
        (WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
        (WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
        (WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.

2016-02-04  Antti Koivisto  <antti@apple.com>

        Use scope stack instead of nested TreeResolvers for shadow trees
        https://bugs.webkit.org/show_bug.cgi?id=153893

        Reviewed by Andreas Kling.

        Make TreeResolver per-document. This is a step towards iterative style resolve.

        This is done replacing use of nested TreeResolvers with a scope stack that maintains
        the style resolver and the selector filter for the current tree scope.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::ensurePlaceholderStyle):
        (WebCore::Style::TreeResolver::Scope::Scope):
        (WebCore::Style::TreeResolver::TreeResolver):
        (WebCore::Style::shouldCreateRenderer):
        (WebCore::Style::TreeResolver::styleForElement):
        (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
        (WebCore::Style::TreeResolver::createRenderTreeRecursively):
        (WebCore::Style::TreeResolver::resolveLocally):
        (WebCore::Style::TreeResolver::resolveShadowTree):
        (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
        (WebCore::Style::TreeResolver::resolveChildren):
        (WebCore::Style::TreeResolver::resolveSlotAssignees):
        (WebCore::Style::TreeResolver::resolveRecursively):
        (WebCore::Style::TreeResolver::resolve):
        (WebCore::Style::detachRenderTree):
        * style/StyleTreeResolver.h:
        (WebCore::Style::TreeResolver::scope):
        (WebCore::Style::TreeResolver::pushScope):
        (WebCore::Style::TreeResolver::pushEnclosingScope):
        (WebCore::Style::TreeResolver::popScope):

2016-02-06  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196104.
        https://bugs.webkit.org/show_bug.cgi?id=153940

        Regressed Speedometer on iOS (Requested by kling on #webkit).

        Reverted changeset:

        "[iOS] Throw away linked code when navigating to a new page."
        https://bugs.webkit.org/show_bug.cgi?id=153851
        http://trac.webkit.org/changeset/196104

2016-02-05  Beth Dakin  <bdakin@apple.com>

        ScrollbarPainters needs to be deallocated on the main thread
        https://bugs.webkit.org/show_bug.cgi?id=153932
        -and corresponding-
        rdar://problem/24015483

        Reviewed by Geoff Garen.

        Follow-up fix since the first one was still race-y.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

2016-02-05  Beth Dakin  <bdakin@apple.com>

        ScrollbarPainters needs to be deallocated on the main thread
        https://bugs.webkit.org/show_bug.cgi?id=153932
        -and corresponding-
        rdar://problem/24015483

        Reviewed by Tim Horton.

        Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the 
        assignments done in this class are not responsible for deallocating the 
        ScrollbarPainter. 
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):

2016-02-05  Chris Dumez  <cdumez@apple.com>

        Instance property getters / setters cannot be called on another instance of the same type
        https://bugs.webkit.org/show_bug.cgi?id=153895

        Reviewed by Gavin Barraclough.

        It should be possible to call instance property getters / setters on
        other instances of the same type, as per the WEB IDL specification:
        - http://heycam.github.io/webidl/#dfn-attribute-getter
        - http://heycam.github.io/webidl/#dfn-attribute-setter

        This matches the behavior of Firefox.

        The issue without our bindings was that the getters / setters were
        using |slotBase| instead of |thisValue| and therefore ended up using
        the instance the getter was taken from instead of the actual target
        object.

        Test:
        js/instance-property-getter-other-instance.html
        js/instance-property-setter-other-instance.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        - Have instance getters / setters use thisValue instead of slotBase.
        - In the case of interfaces that have attributes on the instance for
          compatibility reasons, try the prototype object if |thisValue| does
          does have the right type, instead of using slotBase like previously.
          I believe this maintains the original compatibility intention while
          also behaving correctly when called on another instance.

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestException.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        Rebaseline bindings tests.

2016-02-05  Brady Eidson  <beidson@apple.com>

        Modern IDB: UniqueIDBDatabase's m_databaseInfo is unsafely used from multiple threads.
        https://bugs.webkit.org/show_bug.cgi?id=153912

        Reviewed by Alex Christensen.

        No new tests (Anything testable about this patch is already covered by existing tests).

        * Modules/indexeddb/server/IDBBackingStore.h:

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::infoForObjectStore):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:

        Teach the SQLiteIDBBackingStore to actually keep its m_databaseInfo up to date as it changes,
        and to revert it when version change transactions abort:
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): Use the IDBBackingStore's copy of the 
          IDBObjectStoreInfo, meant only for the database thread, instead of the UniqueIDBDatabase's copy, 
          which is meant only for the main thread.

2016-02-05  Alex Christensen  <achristensen@webkit.org>

        Clean up Blob code
        https://bugs.webkit.org/show_bug.cgi?id=153910

        Reviewed by Alexey Proskuryakov.

        No new tests, no change in behavior.

        * css/StyleSheet.h:
        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        (WebCore::Blob::normalizedContentType):
        (WebCore::Blob::isNormalizedContentType):
        (WebCore::Blob::registry):
        * fileapi/Blob.h:
        * fileapi/BlobURL.cpp:
        (WebCore::BlobURL::createPublicURL):
        * fileapi/BlobURL.h:
        (WebCore::BlobURL::BlobURL):
        (WebCore::BlobURL::blobProtocol): Deleted.
        * platform/PlatformStrategies.cpp:
        (WebCore::setPlatformStrategies):
        (WebCore::hasPlatformStrategies): Deleted.
        * platform/PlatformStrategies.h:
        * platform/network/BlobRegistry.cpp:
        (WebCore::blobRegistry):
        * platform/network/BlobRegistry.h:
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::~BlobRegistryImpl):
        (WebCore::createResourceHandle):
        (WebCore::registerBlobResourceHandleConstructor):
        (WebCore::BlobRegistryImpl::createResourceHandle):
        (WebCore::BlobRegistryImpl::appendStorageItems):
        (WebCore::BlobRegistryImpl::registerFileBlobURL):
        (WebCore::BlobRegistryImpl::registerBlobURL):
        * platform/network/BlobRegistryImpl.h:
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::loadResourceSynchronously):
        (WebCore::BlobResourceHandle::BlobResourceHandle):
        * platform/network/ResourceHandle.h:

2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Scrollbars incorrectly rendered with older versions of GTK+
        https://bugs.webkit.org/show_bug.cgi?id=153861

        Reviewed by Michael Catanzaro.

        The theme doesn't really know it's a scrollbar. Older versions of
        GTK+ require to explicitly add the scrollbar style class to the
        child GtkStyleContext.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::createChildStyleContext):

2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Scrollbars not correctly rendered in non GNOME environments
        https://bugs.webkit.org/show_bug.cgi?id=153860

        Reviewed by Michael Catanzaro.

        I noticed this in a matchbox environment, where there's no
        gnome-setting-daemon running. The problem is only with the
        scrollbars, because we initialize the GtkSettings in
        RenderThemeGtk and notify the ScrollbarTheme when it changes, but
        ScrollbarTheme is created before RenderThemeGtk so we initialize
        the theme properties before the GtkSettings have been
        initialized. We can just let the ScrollbarTheme monitor the
        theme itself instead of relying on being notified by the WebCore
        layer.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::themeChangedCallback):
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::gtkStyleChangedCallback): Deleted.

2016-02-05  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Remove DOMWrapped parameter from JSKeyValueIterator
        https://bugs.webkit.org/show_bug.cgi?id=153859

        Reviewed by Sam Weinig.

        No change in behavior.

        Using std::declval to infer DOMWrapped from JSWrapper::wrapped.

        * bindings/js/JSFetchHeadersCustom.cpp:
        (WebCore::JSFetchHeaders::entries):
        (WebCore::JSFetchHeaders::keys):
        (WebCore::JSFetchHeaders::values):
        * bindings/js/JSKeyValueIterator.h:
        (WebCore::createIterator):
        (WebCore::JSKeyValueIterator<JSWrapper>::destroy):
        (WebCore::JSKeyValueIterator<JSWrapper>::next):
        (WebCore::JSKeyValueIteratorPrototypeFunctionNext):
        (WebCore::JSKeyValueIteratorPrototype<JSWrapper>::finishCreation):

2016-02-05  Nan Wang  <n_wang@apple.com>

        AX: WebKit hanging when VoiceOver attempts to focus in on page
        https://bugs.webkit.org/show_bug.cgi?id=153899
        <rdar://problem/24506603>

        Reviewed by Chris Fleizach.

        The VisiblePosition to CharacterOffset conversion will lead to an infinite loop if the
        nextVisiblePostion call is returning the original VisiblePosition. Fixed it by breaking out
        of the loop early in that situation. 

        Test: accessibility/text-marker/character-offset-visible-position-conversion-hang.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):

2016-02-04  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: InspectorTimelineAgent doesn't need to recompile functions because it now uses the sampling profiler
        https://bugs.webkit.org/show_bug.cgi?id=153500
        <rdar://problem/24352458>

        Reviewed by Timothy Hatcher.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::supportsLegacyProfiling):
        (WebCore::JSDOMWindowBase::supportsRichSourceInfo):
        (WebCore::JSDOMWindowBase::supportsProfiling): Deleted.
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::supportsLegacyProfiling):
        (WebCore::JSWorkerGlobalScopeBase::supportsProfiling): Deleted.
        * bindings/js/JSWorkerGlobalScopeBase.h:
        * inspector/InspectorController.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::legacyProfilerEnabled):
        (WebCore::InspectorController::setLegacyProfilerEnabled):
        Be more explicit about enabling legacy profiling.

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend): Deleted.
        TimelineAgent doesn't need to recompile if using the sampling profiler.
        This breaks console.profile, but console.profile should move to using
        the sampling profiler as well.

        (WebCore::InspectorTimelineAgent::startFromConsole):
        (WebCore::InspectorTimelineAgent::stopFromConsole):
        (WebCore::startProfiling): Deleted.
        (WebCore::stopProfiling): Deleted.
        Inlined the use once static functions.

        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::profile):
        (WebCore::PageConsoleClient::profileEnd):
        Added FIXMEs for improving console.profile and profileEnd.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setLegacyJavaScriptProfilingEnabled):
        (WebCore::Internals::setJavaScriptProfilingEnabled): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:
        Be more explicit about enabling legacy profiling.

2016-02-04  Brent Fulgham  <bfulgham@apple.com>

        Follow-up: Add "WebKit built-in PDF" Plugin to set of publicly visible plugins
        https://bugs.webkit.org/show_bug.cgi?id=153657
        <rdar://problem/24413107>

        Reviewed by Darin Adler.

        * plugins/PluginData.cpp:
        (WebCore::shouldBePubliclyVisible): Revise comments to provide a
        better explanation of the function and why it exists.

2016-02-04  Jonathan Davis  <jond@apple.com>

        Add Fetch API and CSS Variables to feature status
        https://bugs.webkit.org/show_bug.cgi?id=153896

        Reviewed by Timothy Hatcher.

        * features.json:

2016-02-04  Daniel Bates  <dabates@apple.com>

        WebKit for iOS Simulator fails to build with public iOS SDK
        https://bugs.webkit.org/show_bug.cgi?id=153881

        Reviewed by Alex Christensen.

        Make constants have internal linkage to match the Apple Internal SDK.

        * platform/spi/ios/MobileGestaltSPI.h:

2016-02-04  Chris Dumez  <cdumez@apple.com>

        Object.getOwnPropertyDescriptor() returns incomplete descriptor for instance properties
        https://bugs.webkit.org/show_bug.cgi?id=153817

        Reviewed by Geoffrey Garen.

        Update the bindings generator so that property getters / setters now
        make sure |this| has the right type and throw a TypeError if it does
        not, as per:
        - http://heycam.github.io/webidl/#dfn-attribute-getter (step 2.4.2)
        - http://heycam.github.io/webidl/#dfn-attribute-setter (step 3.5)

        This was an issue when doing something like:
        Object.getOwnPropertyDescriptor(window, "location").get.call(nonWindow)

        We would call toJSDOMWindow(thisValue), which would return null as
        thisValue is not a JSDOMWindow. We would then dereference this null
        pointer and crash. We now do a null check and throw a TypeError in
        this case, as per the Web IDL specification.

        The generated bindings still have some non-spec compliant behavior
        though:
        1. The getters / setters of instance properties use slotBase instead
           of thisValue, which means that calling instanceA's getter on
           instanceB returns instanceA's property insteas of instanceB's.
        2. Global object property getters should not require an explicit
           |this| so calling the following should work:
           - Object.getOwnPropertyDescriptor(window, "location").get.call()
           We currently throw in this case.

        These issues will be addressed in follow-up patches.

        Tests: js/getOwnPropertyDescriptor-unforgeable-attributes.html
               js/getOwnPropertyDescriptor-window-attributes.html
               js/instance-property-getter-other-instance.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectExcitingAttr):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::jsTestExceptionName):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjConstructorTestSubObj):
        (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
        (WebCore::jsTestObjConditionalAttr4Constructor):
        (WebCore::jsTestObjConditionalAttr5Constructor):
        (WebCore::jsTestObjConditionalAttr6Constructor):
        (WebCore::jsTestObjContentDocument):
        (WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
        (WebCore::setJSTestObjConditionalAttr4Constructor):
        (WebCore::setJSTestObjConditionalAttr5Constructor):
        (WebCore::setJSTestObjConditionalAttr6Constructor):
        (WebCore::setJSTestObjConstructor): Deleted.
        (WebCore::setJSTestObjConstructorStaticStringAttr): Deleted.
        (WebCore::setJSTestObjConditionalAttr3): Deleted.
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::jsTestTypedefsConstructorTestSubObj):

2016-02-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: LayoutTest imported/w3c/indexeddb/keyorder-private.html is flaky.
        https://bugs.webkit.org/show_bug.cgi?id=153438.

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/idbkey-array-equality-private.html
               storage/indexeddb/modern/idbkey-array-equality.html

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::loggingString):
        (WebCore::IDBKeyData::operator==): Fix obvious bug.

2016-02-04  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix the EFL clean build after r196123
        https://bugs.webkit.org/show_bug.cgi?id=153875

        * CMakeLists.txt:
        * PlatformGTK.cmake:
        * PlatformMac.cmake:
        * html/DOMSettableTokenList.h:
        * html/DOMSettableTokenList.idl:

2016-02-04  Eric Carlson  <eric.carlson@apple.com>

        PageGroup::captionPreferences should return a reference
        https://bugs.webkit.org/show_bug.cgi?id=153877
        <rdar://problem/24506917>

        Reviewed by Jer Noble.

        No new tests, no functional change.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::sortedTrackListForMenu):
        (WebCore::MediaControlsHost::displayNameForTrack):
        (WebCore::MediaControlsHost::captionMenuOffItem):
        (WebCore::MediaControlsHost::captionDisplayMode):
        * dom/Document.cpp:
        (WebCore::Document::registerForCaptionPreferencesChangedCallbacks):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::addTextTrack):
        (WebCore::HTMLMediaElement::configureTextTrackGroup):
        (WebCore::HTMLMediaElement::setSelectedTextTrack):
        (WebCore::HTMLMediaElement::configureTextTracks):
        (WebCore::HTMLMediaElement::captionPreferencesChanged):
        (WebCore::HTMLMediaElement::mediaPlayerPreferredAudioCharacteristics):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlClosedCaptionsTrackListElement::updateDisplay):
        (WebCore::MediaControlClosedCaptionsTrackListElement::rebuildTrackListMenu):
        (WebCore::MediaControlTextTrackContainerElement::updateActiveCuesFontSize):
        * page/PageGroup.cpp:
        (WebCore::PageGroup::captionPreferencesChanged):
        (WebCore::PageGroup::captionPreferences):
        * page/PageGroup.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::updateLegibleOptions):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setShouldDisplayTrackKind):
        (WebCore::InternalSettings::shouldDisplayTrackKind):
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::Internals):
        (WebCore::Internals::userPreferredAudioCharacteristics):
        (WebCore::Internals::setUserPreferredAudioCharacteristic):
        (WebCore::Internals::captionsStyleSheetOverride):
        (WebCore::Internals::setCaptionsStyleSheetOverride):
        (WebCore::Internals::setPrimaryAudioTrackLanguageOverride):
        (WebCore::Internals::setCaptionDisplayMode):

2016-02-04  Konstantin Tokarev  <annulen@yandex.ru>

        Removed unused Settings::setPrivateBrowsingEnabled.
        https://bugs.webkit.org/show_bug.cgi?id=153869

        Reviewed by Alexey Proskuryakov.

        Implementation of Settings::setPrivateBrowsingEnabled was removed
        in r166661, but declaration is still here.

        No new tests needed.

        * page/Settings.h:
        (WebCore::Settings::setPrivateBrowsingEnabled): Deleted.

2016-02-04  Eric Carlson  <eric.carlson@apple.com>

        Don't discard in-band cues with negative start times
        https://bugs.webkit.org/show_bug.cgi?id=153867
        <rdar://problem/19588632>

        Reviewed by Jer Noble.

        No new tests, updated and un-skipped http/tests/media/track-in-band-hls-metadata.html.

        * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
        (WebCore::InbandMetadataTextTrackPrivateAVF::addDataCue):  ASSERT if passed negative time value.
        (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes): Ditto. Correct logging.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): ASSERT if passed negative time value.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive): Convert negative cue times to zero.
        (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
          Ditto.

2016-02-04  Hyemi Shin  <hyemi.sin@samsung.com>

        Specify an exception for createChannelMerger, createChannelSplitter and createPeriodicWave
        https://bugs.webkit.org/show_bug.cgi?id=150925

        Reviewed by Darin Adler.

        createChannelMerger and createChannelSplitter should throw INDEX_SIZE_ERR
        for invalid numberOfInputs value.
        createPeriodicWave should throw INDEX_SIZE_ERR for invalid lengths of parameters.

        Tests: webaudio/audiochannelmerger-basic.html
               webaudio/audiochannelsplitter.html
               webaudio/periodicwave-lengths.html

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::createChannelSplitter):
        (WebCore::AudioContext::createChannelMerger):
        (WebCore::AudioContext::createPeriodicWave):

2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Add support for iterating over Headers
        https://bugs.webkit.org/show_bug.cgi?id=153787

        Reviewed by Darin Adler.

        Relanding, updating bindings/js/JSKeyValueIterator.h for Windows bots.

        Covered by updated tests.
        Introducing template class (JSKeyValueIterator) to support key-value iterators in DOM classes.
        Using JSKeyValueIterator to implement Headers entries(), keys() and values() as custom methods.
        Binding generator should be updated to generate directly these custom methods and handle iterator Symbol.

        * CMakeLists.txt:
        * Modules/fetch/FetchHeaders.cpp:
        (WebCore::FetchHeaders::Iterator::next):
        (WebCore::FetchHeaders::Iterator::Iterator):
        * Modules/fetch/FetchHeaders.h:
        (WebCore::FetchHeaders::createIterator):
        * Modules/fetch/FetchHeaders.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSDOMBinding.h:
        (WebCore::jsPair):
        * bindings/js/JSFetchHeadersCustom.cpp: Added.
        (WebCore::JSFetchHeaders::entries):
        (WebCore::JSFetchHeaders::keys):
        (WebCore::JSFetchHeaders::values):
        * bindings/js/JSKeyValueIterator.h: Added.
        (WebCore::JSKeyValueIteratorPrototype::create):
        (WebCore::JSKeyValueIteratorPrototype::createStructure):
        (WebCore::JSKeyValueIteratorPrototype::JSKeyValueIteratorPrototype):
        (WebCore::createIterator):
        (WebCore::DOMWrapped>::destroy):
        (WebCore::DOMWrapped>::next):
        (WebCore::DOMWrapped>::finishCreation):

2016-02-04  Chris Dumez  <cdumez@apple.com>

        Merge DOMTokenList and DOMSettableTokenList
        https://bugs.webkit.org/show_bug.cgi?id=153677
        <rdar://problem/24419675>

        Reviewed by Sam Weinig.

        Merge DOMTokenList and DOMSettableTokenList, as per a recent
        specification change:
        - https://github.com/whatwg/dom/pull/120
        - https://github.com/whatwg/html/issues/361

        No new tests, already covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.idl:
        * dom/Node.h:
        * dom/NodeRareData.h:
        * html/AttributeDOMTokenList.h:
        * html/DOMSettableTokenList.cpp: Removed.
        * html/DOMSettableTokenList.h:
        * html/DOMSettableTokenList.idl:
        * html/DOMTokenList.cpp:
        (WebCore::DOMTokenList::setValue):
        * html/DOMTokenList.h:
        * html/DOMTokenList.idl:
        * html/HTMLAnchorElement.idl:
        * html/HTMLAreaElement.idl:
        * html/HTMLElement.cpp:
        * html/HTMLElement.idl:
        * html/HTMLIFrameElement.cpp:
        (WebCore::HTMLIFrameElement::sandbox):
        * html/HTMLIFrameElement.h:
        * html/HTMLIFrameElement.idl:
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::sizes):
        * html/HTMLLinkElement.h:
        * html/HTMLLinkElement.idl:
        * html/HTMLOutputElement.cpp:
        (WebCore::HTMLOutputElement::htmlFor):
        * html/HTMLOutputElement.h:
        * html/HTMLOutputElement.idl:
        * html/HTMLTableCellElement.idl:
        * page/DOMWindow.cpp:
        * page/DOMWindow.idl:

2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Unreviewed.
        Reverting r196115 and r19116, related tohttps://bugs.webkit.org/show_bug.cgi?id=153787.

2016-02-04  Alejandro G. Castro  <alex@igalia.com>

        [GTK] Implement mediastream mediaplayer
        https://bugs.webkit.org/show_bug.cgi?id=153541

        Reviewed by Martin Robinson.

        Added the implementation of the mediaplayer for the
        mediastream. The code was implemented by Philippe Normand and
        Alessandro Decina.

        * PlatformGTK.cmake: Added the file to the compilation.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setSrcObject): Set the src of the
        media element to the mediastream.
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::buildMediaEnginesVector): Register the mediastream
        mediaplayer as an option in the media engines vector.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp: Added.
        (WebCore::MediaPlayerPrivateGStreamerOwr::MediaPlayerPrivateGStreamerOwr):
        (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
        (WebCore::MediaPlayerPrivateGStreamerOwr::play):
        (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
        (WebCore::MediaPlayerPrivateGStreamerOwr::hasVideo):
        (WebCore::MediaPlayerPrivateGStreamerOwr::hasAudio):
        (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
        (WebCore::MediaPlayerPrivateGStreamerOwr::load):
        (WebCore::MediaPlayerPrivateGStreamerOwr::loadingFailed):
        (WebCore::MediaPlayerPrivateGStreamerOwr::didLoadingProgress):
        (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
        (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
        (WebCore::MediaPlayerPrivateGStreamerOwr::registerMediaEngine):
        (WebCore::MediaPlayerPrivateGStreamerOwr::getSupportedTypes):
        (WebCore::MediaPlayerPrivateGStreamerOwr::supportsType):
        (WebCore::MediaPlayerPrivateGStreamerOwr::isAvailable):
        (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
        (WebCore::MediaPlayerPrivateGStreamerOwr::sourceStopped):
        (WebCore::MediaPlayerPrivateGStreamerOwr::sourceMutedChanged):
        (WebCore::MediaPlayerPrivateGStreamerOwr::sourceSettingsChanged):
        (WebCore::MediaPlayerPrivateGStreamerOwr::preventSourceFromStopping):
        (WebCore::MediaPlayerPrivateGStreamerOwr::createVideoSink):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h: Added.
        (WebCore::MediaPlayerPrivateGStreamerOwr::engineDescription):
        (WebCore::MediaPlayerPrivateGStreamerOwr::load):
        (WebCore::MediaPlayerPrivateGStreamerOwr::cancelLoad):
        (WebCore::MediaPlayerPrivateGStreamerOwr::prepareToPlay):
        (WebCore::MediaPlayerPrivateGStreamerOwr::duration):
        (WebCore::MediaPlayerPrivateGStreamerOwr::seek):
        (WebCore::MediaPlayerPrivateGStreamerOwr::seeking):
        (WebCore::MediaPlayerPrivateGStreamerOwr::setRate):
        (WebCore::MediaPlayerPrivateGStreamerOwr::setPreservesPitch):
        (WebCore::MediaPlayerPrivateGStreamerOwr::paused):
        (WebCore::MediaPlayerPrivateGStreamerOwr::hasClosedCaptions):
        (WebCore::MediaPlayerPrivateGStreamerOwr::setClosedCaptionsVisible):
        (WebCore::MediaPlayerPrivateGStreamerOwr::maxTimeSeekable):
        (WebCore::MediaPlayerPrivateGStreamerOwr::buffered):
        (WebCore::MediaPlayerPrivateGStreamerOwr::totalBytes):
        (WebCore::MediaPlayerPrivateGStreamerOwr::bytesLoaded):
        (WebCore::MediaPlayerPrivateGStreamerOwr::canLoadPoster):
        (WebCore::MediaPlayerPrivateGStreamerOwr::setPoster):
        (WebCore::MediaPlayerPrivateGStreamerOwr::isLiveStream):
        (WebCore::MediaPlayerPrivateGStreamerOwr::audioSink):

2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Add support for iterating over Headers
        https://bugs.webkit.org/show_bug.cgi?id=153787

        Reviewed by Darin Adler.

        Covered by updated tests.
        Introducing template class (JSKeyValueIterator) to support key-value iterators in DOM classes.
        Using JSKeyValueIterator to implement Headers entries(), keys() and values() as custom methods.
        Binding generator should be updated to generate directly these custom methods and handle iterator Symbol.

        * CMakeLists.txt:
        * Modules/fetch/FetchHeaders.cpp:
        (WebCore::FetchHeaders::Iterator::next):
        (WebCore::FetchHeaders::Iterator::Iterator):
        * Modules/fetch/FetchHeaders.h:
        (WebCore::FetchHeaders::createIterator):
        * Modules/fetch/FetchHeaders.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMBinding.h:
        (WebCore::jsPair):
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSFetchHeadersCustom.cpp: Added.
        (WebCore::JSFetchHeaders::entries):
        (WebCore::JSFetchHeaders::keys):
        (WebCore::JSFetchHeaders::values):
        * bindings/js/JSKeyValueIterator.h: Added.
        (WebCore::JSKeyValueIteratorPrototype::create):
        (WebCore::JSKeyValueIteratorPrototype::createStructure):
        (WebCore::JSKeyValueIteratorPrototype::JSKeyValueIteratorPrototype):
        (WebCore::JSKeyValueIteratorPrototypeFuncNext):

2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        Do not show context menu when right clicking on a scrollbar
        https://bugs.webkit.org/show_bug.cgi?id=153493

        Reviewed by Michael Catanzaro.

        Scrollbars don't currently handle right clicks, but we are showing
        the context menu when they are right clicked. This is not desired
        at least in GTK+ and I've checked that it isn't consistent with
        other applications in Mac either.

        Test: fast/events/contextmenu-on-scrollbars.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::sendContextMenuEvent):

2016-02-03  Andreas Kling  <akling@apple.com>

        [iOS] Throw away linked code when navigating to a new page.
        <https://webkit.org/b/153851>

        Reviewed by Gavin Barraclough.

        When navigating to a new page, tell JSC to throw out any linked code it has lying around.
        Linked code is tied to a specific global object, and as we're creating a new one for the
        new page, none of it is useful to us here.
        In the event that the user navigates back, the cost of relinking some code will be far
        lower than the memory cost of keeping all of it around.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::deleteAllLinkedCode):
        * bindings/js/GCController.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

2016-02-03  Alex Christensen  <achristensen@webkit.org>

        Report wasBlocked and cannotShowURL errors when using NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=153846

        Reviewed by Antti Koivisto.

        No new tests, but this fixes http/tests/xmlhttprequest/redirect-cross-origin-2.html
        when using NetworkSession.

        * platform/URL.h:
        WEBCORE_EXPORT because we are using portAllowed in WebKit2 now.

2016-02-03  Jer Noble  <jer.noble@apple.com>

        iOS build fix after Yosemite build fix broke iOS build.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:

2016-02-03  Beth Dakin  <bdakin@apple.com>

        Accepted candidates should not be autocorrected
        https://bugs.webkit.org/show_bug.cgi?id=153813
        -and corresponding-
        rdar://problem/24066924

        Reviewed by Darin Adler.

        New document marker to mark inserted candidates. This was we can treat 
        inserted candidates just like a RejectedCorrection and we won’t accidentally 
        autocorrect them later on.
        * dom/DocumentMarker.h:
        (WebCore::DocumentMarker::AllMarkers::AllMarkers):
        * editing/AlternativeTextController.cpp:
        (WebCore::AlternativeTextController::processMarkersOnTextToBeReplacedByResult):

        When handling an acceptant candidate, set m_isHandlingAcceptedCandidate to
        true while the text is being inserted, and then mark the range as an accepted 
        candidate.
        * editing/Editor.cpp:
        (WebCore::Editor::handleAcceptedCandidate):
        * editing/Editor.h:
        (WebCore::Editor::isHandlingAcceptedCandidate):

        If frame.editor. isHandlingAcceptedCandidate() then return early from 
        markMisspellingsAfterTyping.
        * editing/TypingCommand.cpp:
        (WebCore::TypingCommand::markMisspellingsAfterTyping):

        Add some test infrastructure. 
        * testing/Internals.cpp:
        (WebCore::Internals::handleAcceptedCandidate):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-03  Jer Noble  <jer.noble@apple.com>

        [Win] Pass entire request (rather than just URL) to clients of WebCoreAVCFResourceLoader
        https://bugs.webkit.org/show_bug.cgi?id=153653

        Reviewed by Brent Fulgham.

        This will allow those clients to see the byte-range request ("Range:") header and respond
        appropriately.

        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::startLoading):

2016-02-03  Jer Noble  <jer.noble@apple.com>

        Yosemite build fix; hide the entire WebCoreNSURLSessionDataTask class from Yosemite and prior.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]):
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):

2016-02-03  Jer Noble  <jer.noble@apple.com>

        [EME][Mac] MediaKeys.createSession() fails with initData containing a contentId whose length is > 1/2 the initData.
        https://bugs.webkit.org/show_bug.cgi?id=153517
        <rdar://problem/24303782>

        Reviewed by Eric Carlson.

        The length of contentId is given in bytes, not Uint16 characters. Use the former when extracting
        the contentId string from the initData.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::extractKeyURIKeyIDAndCertificateFromInitData):

2016-02-03  Jer Noble  <jer.noble@apple.com>

        [Mac] Wrap a resource and resource loader in a NSURLSession-like object for use by lower level frameworks
        https://bugs.webkit.org/show_bug.cgi?id=153669

        Reviewed by Alex Christensen.

        API Test: WebCore.WebCoreNSURLSession

        Add a NSURLSession-like object, which wraps a CachedResourceLoader and CachedRawResource, which we can
        hand to lower-level frameworks, so that network loads by those frameworks use WebKit's loader.

        * platform/network/cocoa/WebCoreNSURLSession.h: Added.
        * platform/network/cocoa/WebCoreNSURLSession.mm: Added.
        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]):
        (-[WebCoreNSURLSession dealloc]):
        (-[WebCoreNSURLSession copyWithZone:]):
        (-[WebCoreNSURLSession delegateQueue]):
        (-[WebCoreNSURLSession configuration]):
        (-[WebCoreNSURLSession loader]):
        (-[WebCoreNSURLSession finishTasksAndInvalidate]):
        (-[WebCoreNSURLSession invalidateAndCancel]):
        (-[WebCoreNSURLSession resetWithCompletionHandler:]):
        (-[WebCoreNSURLSession flushWithCompletionHandler:]):
        (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
        (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
        (-[WebCoreNSURLSession dataTaskWithRequest:]):
        (-[WebCoreNSURLSession dataTaskWithURL:]):
        (-[WebCoreNSURLSession uploadTaskWithRequest:fromFile:]):
        (-[WebCoreNSURLSession uploadTaskWithRequest:fromData:]):
        (-[WebCoreNSURLSession uploadTaskWithStreamedRequest:]):
        (-[WebCoreNSURLSession downloadTaskWithRequest:]):
        (-[WebCoreNSURLSession downloadTaskWithURL:]):
        (-[WebCoreNSURLSession downloadTaskWithResumeData:]):
        (-[WebCoreNSURLSession streamTaskWithHostName:port:]):
        (-[WebCoreNSURLSession streamTaskWithNetService:]):
        (-[WebCoreNSURLSession isKindOfClass:]):

        Add a C++ class which can act as a CachedRawResourceClient, passing the results back to a WebCoreNSURLSessionDataTask:

        (WebCore::WebCoreNSURLSessionDataTaskClient::WebCoreNSURLSessionDataTaskClient):
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent):
        (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived):
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived):
        (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived):
        (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished):

        Add a NSURLSessionDataTask-like object, which takes a request, then uses it to create and wrap a CachedRawResource.
        Becase NSURSessionDataTask is intended to be used off-main-thread, care must be taken to dispatch back to the main-
        (or web-) thread before calling CachedRawResource functions.

        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]):
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
        (-[WebCoreNSURLSessionDataTask copyWithZone:]):
        (-[WebCoreNSURLSessionDataTask _restart]):
        (-[WebCoreNSURLSessionDataTask _cancel]):
        (-[WebCoreNSURLSessionDataTask _finish]):
        (-[WebCoreNSURLSessionDataTask _setDefersLoading:]):
        (-[WebCoreNSURLSessionDataTask cancel]):
        (-[WebCoreNSURLSessionDataTask suspend]):
        (-[WebCoreNSURLSessionDataTask resume]):
        (-[WebCoreNSURLSessionDataTask _timingData]):
        (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
        (-[WebCoreNSURLSessionDataTask resourceFinished:]):
        * WebCore.xcodeproj/project.pbxproj: Add new files to project.

2016-02-03  Darin Adler  <darin@apple.com>

        Convert another batch of String::lower callsites to something better, typically convertToASCIILowercase
        https://bugs.webkit.org/show_bug.cgi?id=153789

        Reviewed by Sam Weinig.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::isXMLMIMEType): Use equalLettersIgnoringASCIICase
        and the boolean argument to endsWith to ignore ASCII case.
        (WebCore::DOMImplementation::isTextMIMEType): Ditto. Also simplified the logic
        by removing an if statement.

        * dom/Document.cpp:
        (WebCore::isSeparator): Deleted. Moved to WindowFeatures.cpp.
        (WebCore::processArguments): Ditto.
        (WebCore::Document::processViewport): Call the processFeaturesString function
        from WindowFeatures.h; the code here was originally just a pasted copy of that code!
        (WebCore::Document::processFormatDetection): Ditto.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::toEncodingMimeType): Remove now-unneeded
        lowercasing of MIME type before calling isSupportedImageMIMETypeForEncoding,
        since the MIME type registry now ignores ASCII case. Use convertToASCIILowercase
        on the return value, to preserve behavior.
        (WebCore::HTMLCanvasElement::toDataURL): Minor coding style tweaks.

        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::parseAttribute): Use convertToASCIILowercase for
        the service type here.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Remove now-unneeded
        lowercasing since MIME type registry now ignores ASCII case. And use
        equalLettersIgnoringASCIICase for the case here.

        * html/HTMLInputElement.cpp:
        (WebCore::parseAcceptAttribute): Use convertToASCIILowercase for the type here.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::parseAttribute): Use convertToASCIILowercase for the
        media value here.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::canPlayType): Use convertToASCIILowercase for the
        content type here.
        (WebCore::HTMLMediaElement::selectNextSourceChild): Ditto.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parseAttribute): Use convertToASCIILowercase for
        the service type here.

        * html/HTMLTrackElement.cpp:
        (WebCore::HTMLTrackElement::parseAttribute): Use convertToASCIILowercase for
        the kind here.
        (WebCore::HTMLTrackElement::ensureTrack): Ditto. Also use fastGetAttribute
        since this is neither the style attribute nor an animatable SVG attribute.

        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::createCaseMap): Use convertToASCIILowercase for the local names here.

        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::patchNode): Use containsIgnoringASCIICase instead
        of combining lower with find == notFound here.
        (WebCore::nodeName): Use convertToASCIILowercase here.

        * inspector/InspectorOverlay.cpp:
        (WebCore::buildObjectForElementData): Use convertToASCIILowercase for node
        name here.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::createXHRTextDecoder): Remove a now-unneeded call to lower since
        DOMImplementation::isXMLMIMEType now ignores ASCII case.

        * inspector/InspectorStyleSheet.cpp:
        (WebCore::lowercasePropertyName): Use convertToASCIILowercase for property
        names here. Also use startsWith rather than a hand-written alternative.
        (WebCore::InspectorStyle::populateAllProperties): Use the return value of
        the add function to avoid doing a double hash table lookp.
        (WebCore::InspectorStyle::styleWithProperties): Use convertToASCIILowercase
        to lowercase the property name.

        * inspector/NetworkResourcesData.cpp:
        (WebCore::createOtherResourceTextDecoder): Remove unneeded call to lower since
        DOMImplement::isXMLMIMEType now ignores ASCII case.

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::createAccessControlPreflightRequest): Use convertToASCIILowercase
        to lowercase the access control request header field value.

        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::mimeType): Use convertToASCIILowercase on the content type.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::languageIdentifier): Use convertToASCIILowercase on the language code.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::open): Call parseWindowFeatures instead of using the
        constructor for WindowFeatures.
        (WebCore::DOMWindow::showModalDialog): Call parseDialogFeatures instead of
        using the constructor for WindowFeatures.

        * page/EventHandler.cpp:
        (WebCore::findDropZone): Remove unneeded lowercasing and empty string checking,
        and use the option SpaceSplitString already has to convert to lowercase.
        (WebCore::EventHandler::handleAccessKey): Remove unneeded call to lower since
        getElementByAccessKey now ignores case. Also tweaked coding style a bit.

        * page/OriginAccessEntry.cpp:
        (WebCore::OriginAccessEntry::OriginAccessEntry): Use convertToASCIILowercase
        on the protocol and host.
        (WebCore::OriginAccessEntry::matchesOrigin): Ditto.

        * page/SecurityOrigin.cpp:
        (WebCore::shouldTreatAsUniqueOrigin): Remove unneeded call to lower since
        SchemeRegistry now ignores ASCII case.
        (WebCore::SecurityOrigin::SecurityOrigin): Use convertToASCIILowercase on
        the protocol and host.
        (WebCore::SecurityOrigin::setDomainFromDOM): Use convertToASCIILowercase on
        the domain.
        (WebCore::SecurityOrigin::canDisplay): Remove call to lower since SchemeRegistry
        now ignores ASCII case and because this now uses equalIgnoringASCIICase in
        one place that used to use exact matching.

        * page/WindowFeatures.cpp: Refactored so this is now some helper functions
        plus a struct rather than a class.
        (WebCore::isSeparator): Renamed this and removed special handling for NUL.
        (WebCore::parseWindowFeatures): Moved the code that was formerly in the
        WindowFeatures constructor in here. Refactored the parsing into the
        processFeaturesString function, shared with the functions in Document that
        do the same kind of parsing. Removed the code that converts the entire string
        to lowercase before parsing.
        (WebCore::processFeaturesString): Moved the improved version of this function
        here from Document.cpp; more efficient because it doesn't allocate strings.
        (WebCore::setWindowFeature): Changed to be a function private to this file
        with internal linkage. Use equalLettersIgnoringASCIICase so we no longer
        rely on converting the string to lowercase before parsing.
        (WebCore::parseDialogFeatures): Similar refactoring, but also changed all
        the default handling to use Optional<> instead of default values.
        (WebCore::boolFeature): Changed to use option and to ignore ASCII case.
        (WebCore::floatFeature): Ditto.
        (WebCore::parseDialogFeaturesMap): Removed the calls to lower, which are
        not needed any more.

        * page/WindowFeatures.h: Added default values for all the data members,
        and removed all the functions from the WindowFeatures struct. Added the two
        functions for parsing window and dialog features. Also added the
        processFeaturesString function so we can share it with Document.cpp.

        * platform/SchemeRegistry.cpp:
        (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal): Use
        equalLettersIgnoringASCIICase to ignore ASCII case.

        * platform/efl/MIMETypeRegistryEfl.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension): Use a modern for loop,
        and equalIgnoringASCIICase rather than calling lower.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::load): Use convertToASCIILowercase on MIME type and
        key system.
        (WebCore::MediaPlayer::generateKeyRequest): Ditto.
        (WebCore::MediaPlayer::addKey): Ditto.
        (WebCore::MediaPlayer::cancelKeyRequest): Ditto.

        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::Extensions3DOpenGLCommon): Use
        convertToASCIILowercase on vendor string.

        * platform/gtk/MIMETypeRegistryGtk.cpp:
        (WebCore::MIMETypeRegistry::getMIMETypeForExtension): Use a modern for loop,
        and equalIgnoringASCIICase rather than calling lower.

        * platform/mac/PasteboardMac.mm:
        (WebCore::cocoaTypeFromHTMLClipboardType): Use convertToASCIILowercase
        on the type. Also did a bit of renaming and tweaking the logic.

2016-02-03  Dave Hyatt  <hyatt@apple.com>

        Implement hanging-punctuation property parsing.
        https://bugs.webkit.org/show_bug.cgi?id=18109.

        Reviewed by Zalan Bujtas.

        Added parsing test in fast/css.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::renderEmphasisPositionFlagsToCSSValue):
        (WebCore::hangingPunctuationToCSSValue):
        (WebCore::fillRepeatToCSSValue):
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseTextIndent):
        (WebCore::CSSParser::parseHangingPunctuation):
        (WebCore::CSSParser::parseLineBoxContain):
        * css/CSSParser.h:
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator HangingPunctuation):
        (WebCore::CSSPrimitiveValue::operator LineBreak):
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertRegionBreakInside):
        (WebCore::StyleBuilderConverter::convertHangingPunctuation):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        * rendering/style/RenderStyle.h:
        * rendering/style/RenderStyleConstants.h:
        (WebCore::operator| ):
        (WebCore::operator|= ):
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator==):
        * rendering/style/StyleRareInheritedData.h:

2016-02-03  Jessie Berlin  <jberlin@webkit.org>

        Build fix.

        [NSEvent context] has always returned nil. Replace uses with nullptr.

        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):

2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Layout Test http/tests/appcache/different-https-origin-resource-main.html is failing
        https://bugs.webkit.org/show_bug.cgi?id=145253

        Reviewed by Michael Catanzaro.

        The problem is that when the load is cancelled while the
        connection is still being established,
        SoupMessage::notify::tls-errors is emitted and the handler calls
        ResourceHandleClient::didFail() which can delete the ResourceHandle.

        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::tlsErrorsChangedCallback): Protect the ResourceHandle
        for the scope of the callback because
        ResourceHandleClient::didFail() could delete the object.

2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r191948): [GStreamer] 4 new timeouts on layout tests.
        https://bugs.webkit.org/show_bug.cgi?id=152797

        Reviewed by Darin Adler.

        Always schedule messages to the main thread, even when the bus
        sync handlder was called in the main thread. It seems that
        GStreamer expects things to happen in the next main loop
        iteration.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

2016-02-03  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] CompositingCoordinator should store the overlay layer, flush it as appropriate
        https://bugs.webkit.org/show_bug.cgi?id=152058

        Reviewed by Michael Catanzaro.

        Previously, the CompositingCoordinator only added the overlay layer to the
        layer tree, but flushing its compositing state is also required. For that to
        happen, CompositingCoordinator has to store a pointer to the overlay layer
        object and flush it in ::flushPendingLayerChanges().

        Overlay layers are most prominently used by the Web Inspector to highlight
        the DOM elements on the Web page that are being hovered in the inspector.

        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::CompositingCoordinator):
        (WebCore::CompositingCoordinator::setRootCompositingLayer):
        (WebCore::CompositingCoordinator::flushPendingLayerChanges):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.h:

2016-02-03  Zan Dobersek  <zdobersek@igalia.com>

        [CoordinatedGraphics] CompositingCoordinator destructor is scheduling layer flushes
        https://bugs.webkit.org/show_bug.cgi?id=153823

        Reviewed by Carlos Garcia Campos.

        Purging the backing stores during the CompositingCoordinator destructor
        is also scheduling layer flushes in the object's client, which is an object
        of the LayerTreeHost-deriving class that owns the CompositingCoordinator
        object in question and is also being destroyed.

        In case of ThreadedCoordinatedLayerTreeHost, this scheduling can access
        the RunLoop::Timer object which has already been destroyed, causing a
        crash. Another problem with this is that we're invoking a virtual function
        on an object that's being destructed, which works well enough in this case
        but should be discouraged in general.

        In order to avoid this, add the m_isDestructing boolean to the
        CompositingCoordinator class, flip it to true during the destruction,
        and check for its falseness before scheduling a layer flush.

        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::CompositingCoordinator):
        (WebCore::CompositingCoordinator::~CompositingCoordinator):
        (WebCore::CompositingCoordinator::notifyFlushRequired):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.h:

2016-02-03  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Don't use RELEASE_ASSERT in TextureMapperLayer::computeTransformsRecursive()
        https://bugs.webkit.org/show_bug.cgi?id=153822

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::computeTransformsRecursive):
        Use ASSERT to check that the m_children members are indeed children
        of the current layer, RELEASE_ASSERT probably slipped in unnoticed
        at some point.

2016-02-03  Zan Dobersek  <zdobersek@igalia.com>

        PlatformPathCairo: Lazily allocate the path surface
        https://bugs.webkit.org/show_bug.cgi?id=153821

        Reviewed by Carlos Garcia Campos.

        Move the static variable that holds the Cairo surface into
        the pathSurface() function (previously getPathSurface). This
        way the surface will only be allocated once the function is
        called for the first time from the CairoPath surface.

        No change in functionality, just a cleanup.

        * platform/graphics/cairo/PlatformPathCairo.cpp:
        (WebCore::pathSurface):
        (WebCore::CairoPath::CairoPath):
        (WebCore::getPathSurface): Deleted.

2016-02-02  Fujii Hironori  <Hironori.Fujii@jp.sony.com>

        ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result)
        https://bugs.webkit.org/show_bug.cgi?id=153576

        Reviewed by Darin Adler.

        Tests: fast/block/geometry-map-assertion-with-rounding-negative-half.html

        The results of roundedIntPoint of FloatPoint and LayoutPoint may be different
        because of the uniqueness of LayoutUnit::round introduced by this bug
        <https://bugs.webkit.org/show_bug.cgi?id=107208>.
        Should convert a FloatPoint to a LayoutPoint before rounding.

        * rendering/RenderGeometryMap.cpp:
        (WebCore::RenderGeometryMap::mapToContainer):

2016-02-02  Aakash Jain  <aakash_jain@apple.com>

        Remove references to CallFrameInlines.h
        https://bugs.webkit.org/show_bug.cgi?id=153810

        Reviewed by Mark Lam.

        * ForwardingHeaders/interpreter/CallFrameInlines.h: Removed.

2016-02-02  Jinyoung Hur  <hur.ims@navercorp.com>

        WEBGL_debug_shaders should be disabled for OpenGLES backend also
        https://bugs.webkit.org/show_bug.cgi?id=153788

        Reviewed by Darin Adler.

        WEBGL_debug_shaders extension is disabled for OpenGL backed platform
        because the implementation is not fully compliant to the spec yet.
        Because this is not an OpenGL-specific problem, WEBGL_debug_shaders extension
        should be disabled for OpenGLES backed platforms also.

        No new tests, already covered by existing tests.

        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::supportsExtension): Deleted.
        * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
        (WebCore::Extensions3DOpenGLCommon::supports):

2016-02-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-primary-key-order.html fails with SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153800

        Reviewed by Alex Christensen.

        No new tests (Existing tests now unskipped).

        The IndexRecords SQL schema did not order things by primaryKey.
        
        Easy fix to the schema. Sadly requires a migration...

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::v1IndexRecordsTableSchema):
        (WebCore::IDBServer::v1IndexRecordsTableSchemaAlternate):
        (WebCore::IDBServer::v2IndexRecordsTableSchema):
        (WebCore::IDBServer::v2IndexRecordsTableSchemaAlternate):
        (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidIndexRecordsTable):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-02-02  Tim Horton  <timothy_horton@apple.com>

        <attachment> should attempt to guess the icon from the file extension if all else fails
        https://bugs.webkit.org/show_bug.cgi?id=153804
        <rdar://problem/24448146>

        Reviewed by Anders Carlsson.

        Test: fast/attachment/attachment-icon-from-file-extension.html

        * platform/graphics/Icon.h:
        * platform/graphics/mac/IconMac.mm:
        (WebCore::Icon::createIconForFileExtension):
        * rendering/RenderThemeMac.mm:
        (WebCore::iconForAttachment):
        If we can't find an icon any other way, try assuming that the title is a filename,
        grab its extension, and have NSWorkspace try to work out an icon for it.

2016-02-02  Antti Koivisto  <antti@apple.com>

        Factor style sharing code out of StyleResolver
        https://bugs.webkit.org/show_bug.cgi?id=153768

        Reviewed by Darin Adler.

        Move the code to a new class, Style::SharingResolver.

        When resolving document style we query the sharing resolver first before using the regular style resolver.
        Other paths that call style resolver were mostly already disabling it with DisallowStyleSharing flag.

        * WebCore.xcodeproj/project.pbxproj:
        * css/ElementRuleCollector.cpp:
        (WebCore::MatchRequest::MatchRequest):
        (WebCore::ElementRuleCollector::matchAllRules):
        (WebCore::ElementRuleCollector::hasAnyMatchingRules):

            More const.

        * css/ElementRuleCollector.h:
        (WebCore::ElementRuleCollector::setRegionForStyling):
        (WebCore::ElementRuleCollector::setMedium):
        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::prepareEvaluator):
        * css/StyleMedia.cpp:
        (WebCore::StyleMedia::matchMedium):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::cacheBorderAndBackground):
        (WebCore::StyleResolver::StyleResolver):
        (WebCore::StyleResolver::sweepMatchedPropertiesCache):
        (WebCore::StyleResolver::State::State):
        (WebCore::StyleResolver::State::setStyle):
        (WebCore::isAtShadowBoundary):
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::classNamesAffectedByRules): Deleted.
        (WebCore::parentElementPreventsSharing): Deleted.
        (WebCore::StyleResolver::locateCousinList): Deleted.
        (WebCore::StyleResolver::styleSharingCandidateMatchesRuleSet): Deleted.
        (WebCore::StyleResolver::canShareStyleWithControl): Deleted.
        (WebCore::elementHasDirectionAuto): Deleted.
        (WebCore::StyleResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
        (WebCore::StyleResolver::canShareStyleWithElement): Deleted.
        (WebCore::StyleResolver::findSiblingForStyleSharing): Deleted.
        (WebCore::StyleResolver::locateSharedStyle): Deleted.

            Style sharing code moves to SharingResolver.

        * css/StyleResolver.h:
        (WebCore::StyleResolver::mediaQueryEvaluator):
        (WebCore::StyleResolver::State::regionForStyling):
        (WebCore::StyleResolver::State::elementLinkState):
        (WebCore::StyleResolver::State::setApplyPropertyToRegularStyle):
        (WebCore::StyleResolver::State::setApplyPropertyToVisitedLinkStyle):
        (WebCore::StyleResolver::state):
        (WebCore::StyleResolver::setTextOrientation):
        (WebCore::StyleResolver::State::setElementAffectedByClassRules): Deleted.
        (WebCore::StyleResolver::State::elementAffectedByClassRules): Deleted.
        (WebCore::StyleResolver::styleNotYetAvailable): Deleted.

            Placeholder code moves to TreeResolver.

        * dom/VisitedLinkState.cpp:
        (WebCore::linkAttribute):
        (WebCore::VisitedLinkState::invalidateStyleForAllLinks):
        (WebCore::linkHashForElement):
        (WebCore::VisitedLinkState::invalidateStyleForLink):
        (WebCore::VisitedLinkState::determineLinkStateSlowCase):
        * dom/VisitedLinkState.h:
        (WebCore::VisitedLinkState::determineLinkState):
        * html/HTMLFormControlElement.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getUncachedPseudoStyle):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::computeStyleInRegion):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::isStyleAvailable):
        (WebCore::RenderStyle::hasUniquePseudoStyle):
        * style/StyleSharingResolver.cpp: Added.
        (WebCore::Style::SharingResolver::SharingResolver):
        (WebCore::Style::parentElementPreventsSharing):
        (WebCore::Style::elementHasDirectionAuto):
        (WebCore::Style::SharingResolver::searchSimilar):
        (WebCore::Style::SharingResolver::findSibling):
        (WebCore::Style::SharingResolver::locateCousinList):
        (WebCore::Style::canShareStyleWithControl):
        (WebCore::Style::SharingResolver::canShareStyleWithElement):
        (WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):
        (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
        (WebCore::Style::SharingResolver::classNamesAffectedByRules):
        * style/StyleSharingResolver.h: Added.
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::ensurePlaceholderStyle):
        (WebCore::Style::TreeResolver::TreeResolver):
        (WebCore::Style::TreeResolver::styleForElement):

            Try to use SharingResolver first.
            Also move placeholder style handling here, it is only relevant when resolving document style.

        (WebCore::Style::postResolutionCallbacksAreSuspended):
        (WebCore::Style::isPlaceholderStyle):
        * style/StyleTreeResolver.h:
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::customStyleForRenderer):
        * svg/SVGElementRareData.h:
        (WebCore::SVGElementRareData::overrideComputedStyle):

2016-02-02  Tim Horton  <timothy_horton@apple.com>

        <attachment> icon should be a folder for the custom MIME type multipart/x-folder
        https://bugs.webkit.org/show_bug.cgi?id=153795
        <rdar://problem/24416632>

        Reviewed by Anders Carlsson.

        Test: fast/attachment/attachment-folder-icon.html

        * rendering/RenderThemeMac.mm:
        (WebCore::iconForAttachment):
        (WebCore::paintAttachmentIcon):
        Mail uses this special MIME type to indicate that something is a folder, which there
        isn't a normal non-deprecated MIME type for.

2016-02-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-continue-validity.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=153791

        Reviewed by Alex Christensen.

        No new tests (Existing test now unskipped).

        There was a preexisting check in the SQLite cursor for remembering the current record and
        refusing to refetch it.
        
        This check was causing this bug, because we needed to refetch the current record.
        
        Removing the check (and its associated flag) doesn't regress any other test, and fixes this one.

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:

2016-02-01  Dave Hyatt  <hyatt@apple.com>

        Add a line grid pagination SPI to WebKit.
        https://bugs.webkit.org/show_bug.cgi?id=153757
        <rdar://problem/23041598>

        Reviewed by Anders Carlsson.

        New tests in fast/multicol/pagination.

        * page/Page.cpp:
        (WebCore::Page::setPaginationLineGridEnabled):
        * page/Page.h:
        (WebCore::Page::paginationLineGridEnabled):
        Add a boolean to the page to turn the line grid on and off.

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        Propagate the body's font up to the paginated RenderView so that
        it can be used to establish the line grid.

        * style/StyleResolveForDocument.cpp:
        (WebCore::Style::resolveForDocument):
        Set up a line grid with containment snapping by default if the
        line grid enabled flag is set.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setPagination):
        (WebCore::Internals::setPaginationLineGridEnabled):
        (WebCore::Internals::configurationForViewport):
        * testing/Internals.h:
        (WebCore::Internals::setPagination):
        * testing/Internals.idl:
        Add support for testing the grid being enabled.

2016-02-01  Antti Koivisto  <antti@apple.com>

        Tab suspension code shouldn't use page cache cacheability logic
        https://bugs.webkit.org/show_bug.cgi?id=153680

        Reviewed by Andreas Kling.

        Most of PageCache::canCache() is unnecessary for tab suspension.

        Also improve robustness and introduce 1 minute delay before suspending.

        * page/Page.cpp:
        (WebCore::Page::setPageActivityState):
        (WebCore::Page::setIsVisible):
        (WebCore::Page::setIsVisibleInternal):
        (WebCore::Page::setIsPrerender):
        (WebCore::Page::canTabSuspend):

            Include visibility test here.

            Instead of calling PageCache::canCache() just check for each frame
            - that the document is loaded
            - that active DOM objects allow suspension

        (WebCore::Page::setIsTabSuspended):
        (WebCore::Page::setTabSuspensionEnabled):
        (WebCore::Page::updateTabSuspensionState):

            Refactor for robustness.

        (WebCore::Page::tabSuspensionTimerFired):

            Call canTabSuspend, the result might have changed.

        (WebCore::Page::scheduleTabSuspension): Deleted.
        * page/Page.h:

2016-02-02  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Introduce BytecodeIntrinsic constant rep like @undefined
        https://bugs.webkit.org/show_bug.cgi?id=153737

        Reviewed by Darin Adler.

        * Modules/fetch/FetchHeaders.js:
        (initializeFetchHeaders):
        * Modules/streams/ReadableStream.js:
        (initializeReadableStream):
        (closeDestination):
        (abortDestination):
        (pipeTo):
        * Modules/streams/ReadableStreamInternals.js:
        (privateInitializeReadableStreamController):
        (teeReadableStream):
        (isReadableStreamReader):
        (errorReadableStream):
        (finishClosingReadableStream):
        (enqueueInReadableStream):
        (readFromReadableStreamReader):
        * Modules/streams/ReadableStreamReader.js:
        (releaseLock):
        * Modules/streams/StreamInternals.js:
        (shieldingPromiseResolve):
        (promiseInvokeOrNoopNoCatch):
        (promiseInvokeOrFallbackOrNoop):
        (validateAndNormalizeQueuingStrategy):
        * Modules/streams/WritableStream.js:
        (initializeWritableStream):
        (write):
        * Modules/streams/WritableStreamInternals.js:
        (errorWritableStream):

2016-02-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/dont-wedge.html sometimes ASSERTs.
        https://bugs.webkit.org/show_bug.cgi?id=153790

        Reviewed by Tim Horton.

        No new tests (Failing test now unskipped).

        This test uncovered an unhandled race where the main thread tried to perform an OpenDB operation 
        multiple times while it was already in-progress on the server thread.

        There was already a flag meant to cover this race, and it just needed to be applied to one more site.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):

2016-02-02  Daniel Bates  <dabates@apple.com>

        CSP: Support checking content security policy without a script execution context
        https://bugs.webkit.org/show_bug.cgi?id=153748
        <rdar://problem/24439149>

        Reviewed by Darin Alder.

        Towards checking a Web Worker's content security policy against a redirected worker
        script load or redirected XHR request for an XHR request initiated from it, we should
        support instantiating a ContentSecurityPolicy object without a ScriptExecutionContext.

        No functionality was changed. So, no new tests.

        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext): Pass |this| as a reference instead of as a pointer.
        * page/csp/ContentSecurityPolicy.cpp: Remove extraneous includes ScriptState.h, TextEncoding.h,
        and URL.h as they are included by ContentSecurityPolicy.h, FormDataList.h and FormData.h, respectively.
        (WebCore::CSPSource::CSPSource): Take a constant reference to a ContentSecurityPolicy instead
        of a pointer since we never expected a null pointer.
        (WebCore::CSPSource::schemeMatches): Move logic for checking the protocol of source "self"
        from here to ContentSecurityPolicy::protocolMatchesSelf() because we may not have a security
        origin if ContentSecurityPolicy was initiated without a ScriptExecutionContext object.
        (WebCore::CSPSourceList::allowSelf): Added.
        (WebCore::CSPSourceList::CSPSourceList): Take a constant reference to a ContentSecurityPolicy
        instead of a pointer since we never expected a null pointer. Remove fields from member
        initialization list that can be initialized using C++11 in-class initialization syntax.
        (WebCore::CSPSourceList::matches): Call ContentSecurityPolicy::urlMatchesSelf() to match the
        effective URL against the URL of source "self".
        (WebCore::CSPSourceList::parse): Update code as necessary now that m_policy is a reference
        instead of a pointer.
        (WebCore::CSPSourceList::parseSource): Simplify code by setting internal member fields directly
        instead of via member functions.
        (WebCore::CSPSourceList::parsePath): Update code as necessary now that m_policy is a reference
        instead of a pointer.
        (WebCore::CSPDirective::CSPDirective): Take a constant reference to a ContentSecurityPolicy
        instead of a pointer since we never expected a null pointer.
        (WebCore::CSPDirective::policy): Return a reference to a const ContentSecurityPolicy.
        (WebCore::MediaListDirective::MediaListDirective): Take a constant reference to a ContentSecurityPolicy
        instead of a pointer since we never expected a null pointer.
        (WebCore::MediaListDirective::parse): Update code as necessary now that m_policy is a reference
        instead of a pointer.
        (WebCore::SourceListDirective::SourceListDirective): Take a constant reference to a ContentSecurityPolicy
        instead of a pointer since we never expected a null pointer.
        (WebCore::SourceListDirective::allows): Write in terms of CSPSourceList::allowSelf() because we
        may not have a security origin to get a URL from if ContentSecurityPolicy was initiated without
        a ScriptExecutionContext object.
        (WebCore::CSPDirectiveList::reportURIs): Change return type from Vector<URL> to Vector<String>
        The caller will convert the strings to URLs with respect to the script execution context.
        (WebCore::CSPDirectiveList::parseReportURI): Store the report URI as a string instead of a URL
        because we may not have a security origin to compute the absolute URL if ContentSecurityPolicy
        was initiated without a ScriptExecutionContext object.
        (WebCore::CSPDirectiveList::CSPDirectiveList): Take a reference to a ContentSecurityPolicy
        instead of a pointer since we never expected a null pointer. It would be better to take a const
        reference to a ContentSecurityPolicy, but ContentSecurityPolicy::applySandboxPolicy() needs to set
        state on ContentSecurityPolicy :(
        (WebCore::CSPDirectiveList::create): Ditto.
        (WebCore::CSPDirectiveList::reportViolation): Update code as necessary now that m_policy is a reference
        instead of a pointer.
        (WebCore::CSPDirectiveList::checkEvalAndReportViolation): Ditto.
        (WebCore::CSPDirectiveList::checkInlineAndReportViolation): Ditto.
        (WebCore::CSPDirectiveList::parseDirective): Ditto.
        (WebCore::CSPDirectiveList::parseReportURI): Store the report URI as a string instead of a URL
        because we may not have a security origin to compute the absolute URL if ContentSecurityPolicy
        was initiated without a ScriptExecutionContext object.
        (WebCore::CSPDirectiveList::setCSPDirective): Update code as necessary now that m_policy is a reference
        instead of a pointer.
        (WebCore::CSPDirectiveList::applySandboxPolicy): Ditto.
        (WebCore::CSPDirectiveList::parseReflectedXSS): Ditto.
        (WebCore::CSPDirectiveList::addDirective): Ditto.
        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Modified to take the ScriptExecutionObject
        as a reference and compute the CSPSource object for "self" and cache the protocol for "self". Removed
        field m_overrideInlineStyleAllowed from the member initialization list and used C++11 in-class
        initialization syntax to initialize it. Added overloaded constructor that takes a SecurityOrigin object.
        We are not making use of this overloaded constructor at this time. We will in a subsequent patch.
        (WebCore::ContentSecurityPolicy::didReceiveHeader): Store the eval disabled error message for
        the last parsed policy in a member field instead of using it as part of disabling eval execution
        on the script execution context because we may not have such a context.
        (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext): Applies the content security
        policy eval and sandbox restrictions to the script execution context.
        (WebCore::ContentSecurityPolicy::urlMatchesSelf): Match the specified URL against the URL for
        source "self".
        (WebCore::ContentSecurityPolicy::protocolMatchesSelf): Match the protocol of the specified URL
        against the protocol for source "self".
        (WebCore::ContentSecurityPolicy::gatherReportURIs): Modified to use the script execution context
        to compute the absolute URL for each report URI.
        (WebCore::ContentSecurityPolicy::reportViolation): Bail out if we do not have a script execution
        context.
        (WebCore::ContentSecurityPolicy::logToConsole): Only log to the console if we have a script
        execution context.
        (WebCore::ContentSecurityPolicy::reportBlockedScriptExecutionToInspector): Only report blocked
        script execution to the Web Inspector if we have a script execution context.
        (WebCore::CSPSourceList::addSourceSelf): Deleted.
        (WebCore::CSPSourceList::addSourceStar): Deleted.
        (WebCore::CSPSourceList::addSourceUnsafeInline): Deleted.
        (WebCore::CSPSourceList::addSourceUnsafeEval): Deleted.
        (WebCore::CSPDirectiveList::gatherReportURIs): Deleted.
        (WebCore::ContentSecurityPolicy::securityOrigin): Deleted.
        (WebCore::ContentSecurityPolicy::url): Deleted.
        (WebCore::ContentSecurityPolicy::completeURL): Deleted.
        (WebCore::ContentSecurityPolicy::enforceSandboxFlags): Deleted.
        * page/csp/ContentSecurityPolicy.h:
        (WebCore::ContentSecurityPolicy::enforceSandboxFlags): Accumulates the parsed sandbox flags. We
        will apply the sandbox flags in ContentSecurityPolicy::applyPolicyToScriptExecutionContext().
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate ContentSecurityPolicy.
        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Move instantiation of
        ContentSecurityPolicy from here to constructor.

2016-02-02  Eric Carlson  <eric.carlson@apple.com>

        Allow ports to disable automatic text track selection
        https://bugs.webkit.org/show_bug.cgi?id=153761
        <rdar://problem/24416768>

        Reviewed by Darin Adler.

        Test: media/track/track-manual-mode.html

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::manualKeyword): New.
        (WebCore::MediaControlsHost::captionDisplayMode): Support 'manual' mode.
        * Modules/mediacontrols/MediaControlsHost.h:

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.buildCaptionMenu): Check the 'off' item when in manual mode.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::addTextTrack): Update m_captionDisplayMode when called for the first
          time so it is always correct. Set the track's manual selection mode as appropriate.
        (WebCore::HTMLMediaElement::captionPreferencesChanged): Set each track's manual selection 
          mode as appropriate.

        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::kind): Return 'subtitles' for forced tracks when in manual mode.
        * html/track/TextTrack.h:

        * html/track/TrackBase.h:
        (WebCore::TrackBase::kind): Make virtual.

        * page/CaptionUserPreferences.cpp:
        (WebCore::CaptionUserPreferences::beginBlockingNotifications): New.
        (WebCore::CaptionUserPreferences::endBlockingNotifications): Ditto.
        (WebCore::CaptionUserPreferences::notify): Don't notify when blocked.
        * page/CaptionUserPreferences.h:

        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::CaptionUserPreferencesMediaAF): Set manual mode 
          when appropriate.
        (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode): Check manual mode.
        (WebCore::CaptionUserPreferencesMediaAF::setCaptionDisplayMode): Ditto.
        (WebCore::CaptionUserPreferencesMediaAF::setPreferredLanguage): Ditto.
        (WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Return zero when in manual mode.
        (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Consider manual mode. Fix
          typos in logging.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::mediaDescriptionForKind): Return 'auxiliary' when in manual mode.

        * testing/Internals.cpp:
        (WebCore::Internals::setCaptionDisplayMode): Support manual mode.

2016-02-02  Adrien Plazas  <aplazas@igalia.com>

        REGRESSION(r195899): ASSERTION FAILED: is<Target>(source) in EventPath::retargetTouch() since r195899
        https://bugs.webkit.org/show_bug.cgi?id=153741

        Reviewed by Ryosuke Niwa.

        * dom/EventDispatcher.cpp:
        (WebCore::EventPath::retargetTouch):

2016-02-01  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: High Level Memory Overview Instrument
        https://bugs.webkit.org/show_bug.cgi?id=153516
        <rdar://problem/24356378>

        Reviewed by Brian Burg.

        Add a new agent that gathers data from the ResourceUsageThread
        and sends to the frontend.

        Test: inspector/memory/tracking.html

        * CMakeLists.txt:
        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        New files.

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        Add the new agent.

        * inspector/InspectorMemoryAgent.h: Added.
        * inspector/InspectorMemoryAgent.cpp: Added.
        (WebCore::InspectorMemoryAgent::InspectorMemoryAgent):
        (WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
        (WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorMemoryAgent::startTracking):
        (WebCore::InspectorMemoryAgent::stopTracking):
        (WebCore::InspectorMemoryAgent::collectSample):
        Implement the agent by adding / removing it as a ResourceUsage
        observer. When receiving the data forward it to the frontend.

2016-02-01  Alex Christensen  <achristensen@webkit.org>

        Fix CMake build.

        * PlatformMac.cmake:

2016-02-01  Brady Eidson  <beidson@apple.com>

        Modern IDB: Cursors (still) do not keep their opening request alive.
        https://bugs.webkit.org/show_bug.cgi?id=153724

        Reviewed by Alex Christensen.

        No new tests (All existing tests pass without flakiness).

        IDBCursors did not properly keep their JS wrappers alive.
        Making them ActiveDOMObjects that keep track of how many requests might be in flight fixes this.
        This also makes them actually keep their opening-request live via the opaque-root mechanism.
        
        IDBCursorWithValue also needed to opt in to all of these mechanisms.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBCursor.h:
        (WebCore::IDBCursor::hasPendingActivity): The base IDBCursor always has no pending activity,
          to maintain current behavior in LegacyIDB. This weirdness will go away when LegacyIDB does.
        * Modules/indexeddb/IDBCursor.idl:
        * Modules/indexeddb/IDBCursorWithValue.idl:

        Track a count for all outstanding requests to keep the cursor alive as an ActiveDOMObject.
        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::IDBCursor):
        (WebCore::IDBClient::IDBCursor::update):
        (WebCore::IDBClient::IDBCursor::uncheckedIterateCursor):
        (WebCore::IDBClient::IDBCursor::deleteFunction):
        (WebCore::IDBClient::IDBCursor::activeDOMObjectName):
        (WebCore::IDBClient::IDBCursor::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBCursor::hasPendingActivity):
        (WebCore::IDBClient::IDBCursor::decrementOutstandingRequestCount):
        * Modules/indexeddb/client/IDBCursorImpl.h:
        
        Rework the "delete" family of functions on the object store to allow for returning a modern IDBRequest.
        A lot of this can go away when LegacyIDB does.
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::deleteFunction):
        (WebCore::IDBClient::IDBObjectStore::doDelete):
        (WebCore::IDBClient::IDBObjectStore::modernDelete):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::setSource): Setup a ScopeGuard to decrement the cursor's request
          count whenever it makes sense to do so.
        (WebCore::IDBClient::IDBRequest::dispatchEvent): Clear the ScopeGuard (if it exists) to decrement the count.
        (WebCore::IDBClient::IDBRequest::willIterateCursor): Set the ScopeGuard.
        (WebCore::IDBClient::IDBRequest::didOpenOrIterateCursor): Clear the ScopeGuard (if it exists) to decrement the count.
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::ScopeGuard::ScopeGuard): Deleted.
        (WebCore::IDBServer::ScopeGuard::~ScopeGuard): Deleted.
        (WebCore::IDBServer::ScopeGuard::enable): Deleted.
        (WebCore::IDBServer::ScopeGuard::disable): Deleted.
        
        * bindings/js/JSIDBCursorWithValueCustom.cpp: Added.
        (WebCore::JSIDBCursorWithValue::visitAdditionalChildren):
        
        * platform/ScopeGuard.h: Added.
        (WebCore::ScopeGuard::ScopeGuard):
        (WebCore::ScopeGuard::~ScopeGuard):
        (WebCore::ScopeGuard::enable):
        (WebCore::ScopeGuard::disable):

2016-02-01  Sun-woo Nam  <sunny.nam@samsung.com>

        Free Colormap when XWindow is destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=153413

        Reviewed by Žan Doberšek.

        Colormap is needed to create XWindow and it should be freed when XWindow is destroyed.
        Unless Colormap is freed before destroying XWindow, memory leak is suspected.
        XFreeColormap therefore is needed on X11Helper.

        * platform/graphics/surfaces/glx/X11Helper.cpp: Added XFreeColormap.
        (WebCore::X11Helper::destroyWindow):

2016-02-01  Tim Horton  <timothy_horton@apple.com>

        Move some SPI declarations into the appropriate SPI header
        https://bugs.webkit.org/show_bug.cgi?id=153755

        Reviewed by Darin Adler.

        * platform/graphics/cocoa/IOSurface.mm:
        * platform/spi/cg/CoreGraphicsSPI.h:

2016-02-01  Tim Horton  <timothy_horton@apple.com>

        Snapshot surfaces are forever wired after being compressed
        https://bugs.webkit.org/show_bug.cgi?id=153751
        <rdar://problem/24354546>

        Reviewed by Darin Adler.

        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::convertToFormat):
        Allow IOSurfaceAccelerator to unwire surfaces after they're transformed.

2016-02-01  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/20150072> [iOS] Remove some file upload code only needed before iOS 9
        https://bugs.webkit.org/show_bug.cgi?id=153754

        Reviewed by Darin Adler.

        * English.lproj/Localizable.strings: Updated for removal of WebKit2 string.

2016-02-01  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Cache the Path instead of creating it every time it is required
        https://bugs.webkit.org/show_bug.cgi?id=152939

        Reviewed by Darin Adler.

        Instead of creating the Path object every time it is required, we should 
        cache it in an LRU cache. TinyLRUCache returns a reference to the cached
        entry so we do not have to pay the cost of copying it either.

        * platform/graphics/FloatRoundedRect.h:
        (WebCore::operator!=):
        Implement the inequality operator for FloatRoundedRect since it is
        called by TinyLRUCache.
        
        * rendering/ClipPathOperation.h:
        Return a reference to the path in the cache since instead of creating a
        new copy.
        
        * rendering/style/BasicShapes.cpp:
        (WebCore::SVGPathTranslatedByteStream::SVGPathTranslatedByteStream):
        (WebCore::SVGPathTranslatedByteStream::operator==):
        (WebCore::SVGPathTranslatedByteStream::operator!=):
        (WebCore::SVGPathTranslatedByteStream::isEmpty):
        (WebCore::SVGPathTranslatedByteStream::path):
        This struct holds an offset and an SVGPathByteStream. It is the key of 
        the LRU cache for the the translated SVGPathByteStream.
        
        (WebCore::EllipsePathPolicy::isKeyNull):
        (WebCore::EllipsePathPolicy::createValueForKey):
        (WebCore::RoundedRectPathPolicy::isKeyNull):
        (WebCore::RoundedRectPathPolicy::createValueForKey):
        (WebCore::PolygonPathPolicy::isKeyNull):
        (WebCore::PolygonPathPolicy::createValueForKey):
        (WebCore::TranslatedByteStreamPathPolicy::isKeyNull):
        (WebCore::TranslatedByteStreamPathPolicy::createValueForKey):
        Inherit from the LRU cache policy template, so have a specific name for
        the desired path contents and pass this class explicitly to the LRU cache
        template.
        
        (WebCore::cachedEllipsePath):
        (WebCore::cachedRoundedRectPath):
        (WebCore::cachedPolygonPath):
        (WebCore::cachedTranslatedByteStreamPath):
        Return a cached path object for specific path contents.
        
        (WebCore::BasicShapeCircle::path):
        (WebCore::BasicShapeEllipse::path):
        (WebCore::BasicShapePolygon::path):
        (WebCore::BasicShapePath::path):
        (WebCore::BasicShapeInset::path):
        Get the Path object from the cache; create a new one if it does not exist.
        
        * rendering/style/BasicShapes.h:
        Change the prototype of the path() function to return a reference to the
        path in the cache instead of a having to copying it.
        
        * svg/SVGPathByteStream.h:
        (WebCore::SVGPathByteStream::operator!=):
        Implement the inequality operator for SVGPathByteStream because it is
        called by TinyLRUCache.

2016-02-01  Chris Dumez  <cdumez@apple.com>

        Move properties that use custom bindings to the prototype
        https://bugs.webkit.org/show_bug.cgi?id=153735

        Reviewed by Darin Adler.

        Move properties that use custom bindings to the prototype. Whether a
        property's bindings code is generated or custom-written should not
        impact where the property is located.

        No new tests, already covered by existing tests.

        * bindings/js/JSHTMLDocumentCustom.cpp:
        (WebCore::JSHTMLDocument::getOwnPropertySlot):
        Add null-check for staticPropHashTable. HTMLDocument no longer has
        any property on the instance so staticPropHashTable is now null.

        * bindings/scripts/CodeGeneratorJS.pm:

2016-02-01  Jer Noble  <jer.noble@apple.com>

        REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
        https://bugs.webkit.org/show_bug.cgi?id=153727
        <rdar://problem/24429886>

        Reviewed by Chris Dumez.

        The `this` object may be freed after calling deleteIfPossible(). Make the early-return-if-
        deleted more explicit, and only check allowsCaching() after the deleteIfPossible() return
        value check.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::removeClient):

2016-02-01  Dan Bernstein  <mitz@apple.com>

        Tried to fix a build after r195899.

        * dom/EventContext.h: Enabled TouchEventContext type trait specialization on iOS.

2016-02-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Implement Fetch API Request
        https://bugs.webkit.org/show_bug.cgi?id=153437

        Added support for Fetch Request and Body.
        Body is sharing functionality between Request and Response.
        Conversion between various body types are not implemented yet.

        Added a FetchOptions class. Options in this class are partially redundant with ResourceLoaderOptions.

        Fixing bug in Headers constructor.
        Making error reporting in case of modifying headers compliant with the spec.

        Reviewed by Darin Adler.

        Tests: imported/w3c/web-platform-tests/fetch/api/request/request-clone.sub.html
               imported/w3c/web-platform-tests/fetch/api/request/request-consume.html
               imported/w3c/web-platform-tests/fetch/api/request/request-disturbed.html
               imported/w3c/web-platform-tests/fetch/api/request/request-error.html
               imported/w3c/web-platform-tests/fetch/api/request/request-headers.html
               imported/w3c/web-platform-tests/fetch/api/request/request-idl.html
               imported/w3c/web-platform-tests/fetch/api/request/request-init-001.sub.html
               imported/w3c/web-platform-tests/fetch/api/request/request-init-002.html
               imported/w3c/web-platform-tests/fetch/api/request/request-init-003.sub.html
               imported/w3c/web-platform-tests/fetch/api/request/request-structure.html

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * Modules/fetch/FetchBody.cpp: Added.
        (WebCore::FetchBody::initBody):
        (WebCore::FetchBody::clear):
        (WebCore::FetchBody::processIfEmptyOrDisturbed):
        (WebCore::FetchBody::arrayBuffer):
        (WebCore::FetchBody::formData):
        (WebCore::FetchBody::blob):
        (WebCore::FetchBody::text):
        (WebCore::FetchBody::json):
        * Modules/fetch/FetchBody.h: Added.
        (WebCore::FetchBody::~FetchBody):
        (WebCore::FetchBody::isEmpty):
        (WebCore::FetchBody::isDisturbed):
        (WebCore::FetchBody::setDisturbed):
        (WebCore::FetchBody::setMimeType):
        (WebCore::FetchBody::mimeType):
        * Modules/fetch/FetchBody.idl: Added.
        * Modules/fetch/FetchHeaders.cpp:
        (WebCore::canWriteHeader):
        (WebCore::FetchHeaders::append):
        (WebCore::FetchHeaders::remove):
        (WebCore::FetchHeaders::set):
        (WebCore::FetchHeaders::fill): Helper routine implementing https://fetch.spec.whatwg.org/#concept-headers-fill
        * Modules/fetch/FetchHeaders.h: Adding header getter/setter for FetchRequest.
        (WebCore::FetchHeaders::fastGet):
        (WebCore::FetchHeaders::fastSet):
        * Modules/fetch/FetchHeaders.js: Fixing bug in constructor (covered by modified headers-basc.html test).
        (initializeFetchHeaders):
        * Modules/fetch/FetchOptions.h: Added.
        (WebCore::FetchOptions::FetchOptions):
        (WebCore::FetchOptions::type):
        (WebCore::FetchOptions::destination):
        (WebCore::FetchOptions::mode):
        (WebCore::FetchOptions::credentials):
        (WebCore::FetchOptions::cache):
        (WebCore::FetchOptions::redirect):
        (WebCore::FetchOptions::referrerPolicy):
        (WebCore::FetchOptions::setType):
        (WebCore::FetchOptions::setDestination):
        (WebCore::FetchOptions::setMode):
        (WebCore::FetchOptions::setCredentials):
        (WebCore::FetchOptions::setCache):
        (WebCore::FetchOptions::setRedirect):
        (WebCore::FetchOptions::setReferrerPolicy):
        * Modules/fetch/FetchRequest.cpp: Added.
        (WebCore::FetchRequest::create):
        (WebCore::FetchRequest::FetchRequest):
        (WebCore::FetchRequest::init):
        (WebCore::FetchRequest::setReferrer):
        (WebCore::FetchRequest::setReferrerPolicy):
        (WebCore::FetchRequest::setMode):
        (WebCore::FetchRequest::setCredentials):
        (WebCore::FetchRequest::setCache):
        (WebCore::FetchRequest::setRedirect):
        (WebCore::FetchRequest::type):
        (WebCore::FetchRequest::destination):
        (WebCore::FetchRequest::referrerPolicy):
        (WebCore::FetchRequest::referrer):
        (WebCore::FetchRequest::mode):
        (WebCore::FetchRequest::credentials):
        (WebCore::FetchRequest::cache):
        (WebCore::FetchRequest::redirect):
        (WebCore::FetchRequest::setMethod):
        (WebCore::FetchRequest::clone):
        * Modules/fetch/FetchRequest.h: Added.
        (WebCore::FetchRequest::method):
        (WebCore::FetchRequest::url):
        (WebCore::FetchRequest::integrity):
        (WebCore::FetchRequest::headers):
        * Modules/fetch/FetchRequest.idl: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/Dictionary.h:
        (WebCore::Dictionary::execState):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::convertValue):
        * bindings/js/JSDictionary.h:
        (WebCore::JSDictionary::get):

2016-01-31  Jeremy Jones  <jeremyj@apple.com>

        Add resize event for HTMLMediaElement
        https://bugs.webkit.org/show_bug.cgi?id=125715

        Reviewed by Darin Adler.

        Tests: http/tests/media/hls/hls-video-resize.html
               media/video-resize.html

        Move resize javascript event from DOMWindow.idl to GlobalEventHandlers.idl
        per https://html.spec.whatwg.org/multipage/webappapis.html#globaleventhandlers

        Post resize event from video element when metadata loads and when content size changes.

        * dom/GlobalEventHandlers.idl: Add onresize.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::createEventHandlerNameMap): Add onresizeAttr.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::setReadyState):
        (WebCore::HTMLMediaElement::mediaPlayerSizeChanged):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::scheduleResizeEvent):
        (WebCore::HTMLMediaElement::scheduleResizeEventIfSizeChanged):
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::scheduleResizeEvent): Sechedule event.
        (WebCore::HTMLVideoElement::scheduleResizeEventIfSizeChanged): Schedule event if size has changed.
        * html/HTMLVideoElement.h: Add declarations.
        * page/DOMWindow.idl: Remove onresize.

2016-01-31  Darin Adler  <darin@apple.com>

        Revert accidental behavior change from previous patch.

        * platform/URL.cpp:
        (WebCore::mimeTypeFromDataURL): Restore behavior where an empty MIME type would
        be turned into "text/plain".

2016-01-31  Darin Adler  <darin@apple.com>

        Cut down on calls to String::lower; mostly replace with convertToASCIILowercase
        https://bugs.webkit.org/show_bug.cgi?id=153732

        Reviewed by Dean Jackson.

        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::isTypeSupported): Added comment about mysterious call
        to lower(); should probably return here and remove it.

        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::initProtocolHandlerWhitelist): Deleted. Moved into isProtocolWhitelisted.
        (WebCore::isProtocolWhitelisted): Changed set to be ASCIICaseInsensitiveHash and
        initialized it using a lambda instead of a separate function.
        (WebCore::verifyProtocolHandlerScheme): Added a FIXME about some case sensitive
        checking of the protocol prefix here.

        * Modules/plugins/QuickTimePluginReplacement.mm:
        (WebCore::QuickTimePluginReplacement::supportsMimeType): Changed set to be
        ASCIICaseInsensitiveHash and initialized it using a lambda instead of using
        an explict check for empty.
        (WebCore::QuickTimePluginReplacement::supportsFileExtension): Ditto.

        * Modules/plugins/YouTubePluginReplacement.cpp:
        (WebCore::queryKeysAndValues): Use convertToASCIILowercase. The keys here are
        going to be all ASCII.
        (WebCore::isYouTubeURL): Use equalLettersIgnoringASCIICase instead of lowercasing
        the string.
        (WebCore::processAndCreateYouTubeURL): Use url.protocolIsInHTTPFamily instead of
        listing "http" and then "https" explicitly. Use equalLettersIgnoringASCIICase
        instead of lowercasing a string.
        (WebCore::YouTubePluginReplacement::youTubeURL): Ditto.

        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::hostName): Use convertToASCIILowercase on host name.
        (WebCore::WebSocketHandshake::host): Ditto.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (webkitAccessibleGetAttributes): Call convertToASCIILowercase instead of lower
        to lowercase an element's tag name. This is a strange way to do things; typically
        would be better to use some other function on Element, since tagName goes out of
        its way to be capitalized, but some ATK expert can improve this later.

        * css/CSSGrammar.y.in: Use the new convertToASCIILowercaseInPlace function rather
        than the old lower function. We only need to lowercase the ASCII letters, and it's
        also better to have the function have a clearer name.

        * css/CSSParser.cpp:
        (WebCore::convertToASCIILowercaseInPlace): Renamed from makeLower and made it deal
        with only ASCII lowercasing.
        (WebCore::CSSParserString::convertToASCIILowercaseInPlace): Renamed from lower.
        (WebCore::isUniversalKeyword): Added. Helper for the function below that uses
        equalLettersIgnoringASCIICase rather than lowercasing the string.
        (WebCore::parseKeywordValue): Use isUniversalKeyword. Also clarified a comment.
        (WebCore::CSSParser::parseAttr): Use convertToASCIILowercaseInPlace and delay
        String creation until later in the function, using CSSParserString operations more.

        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoElementSelector): Use
        convertToASCIILowercaseInPlace by its new name, with its new behavior.

        * css/CSSParserValues.h: Tweaked comment and formatting a bit. Replaced the lower
        function with the convertToASCIILowercaseInPlace function.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::RareData::parseNth): Rewrote this to avoid the need to
        make a lowercased copy of m_argument. Use equalLettersIgnoringASCIICase, and two
        calls to find. Also use String::toIntStrict so we don't have to create String
        objects for substrings.

        * css/MediaQuery.cpp:
        (WebCore::MediaQuery::MediaQuery): Use convertToASCIILowercase for media type name.
        * css/MediaQueryExp.cpp:
        (WebCore::MediaQueryExp::serialize): Use convertToASCIILowercase for media feature name.

        * dom/Document.cpp:
        (WebCore::isSeparator): Tweaked formatting and removed non-helpful comment.
        (WebCore::processArguments): Changed this from a static member function to a non-member
        file internal function. Use a std::function instead of a function pointer with a void*
        pointer. Rewrote algorithm to simplify it and use StringView instead of String for the
        keys and values.
        (WebCore::Document::processViewport): Use a lambda instead of a function pointer to
        call setViewportFeature, so that function's interface is no longer dictated by
        the exact type of the function pointer argument to processArguments.
        (WebCore::Document::processFormatDetection): Use a lambda instead of the
        setParserFeature function above; use equalLettersIgnoringASCIICase for both the
        key and the value, since processArguments no longer lowercases the string.
        (WebCore::Document::processArguments): Deleted.

        * dom/Document.h: Removed unnecessary declaration of processArguments and
        ArgumentsCallback. Both are now private to the cpp file.

        * dom/Element.cpp:
        (WebCore::makeIdForStyleResolution): Use convertToASCIILowercase. When in quirks mode,
        we want to match IDs in an ASCII case-insensitive way not match compatibility caseless.

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::isScriptTypeSupported): Remove the use of lower here since
        the MIME type registry is now itself ASCII case-insensitive.

        * dom/ViewportArguments.cpp:
        (WebCore::numericPrefix): Changed to use StringView and take a Document&, rearranged
        argument order so Document& comes first.
        (WebCore::findSizeValue): Ditto.
        (WebCore::findScaleValue): Ditto.
        (WebCore::findBooleanValue): Ditto. Also use std::abs instead of fabs, possibly
        avoiding a conversion from float to double (not sure it was happening before but it's
        definitely not happening now).
        (WebCore::setViewportFeature): Changed to put arguments in a more logical order, to take
        the ViewportArguments as a reference, not a void*, and to use StringView to avoid forcing
        the caller to allocate strings. Also changed to use equalLettersIgnoringASCIICase so we
        don't rely on the caller to make the key lowercase for us.
        (WebCore::reportViewportWarning): Changed argument types. Added a couple comments about
        mistakes in the function.

        * dom/ViewportArguments.h: Removed unnecessary declaration of reportViewportWarning,
        which is now private to the cpp file. Updated for new arguments to setViewportFeature.

        * editing/EditorCommand.cpp:
        (WebCore::executeFormatBlock): Use convertToASCIILowercase on the argument, which is
        specifying a tag name.

        * fileapi/Blob.cpp:
        (WebCore::Blob::isValidContentType): Removed unnecessary separate loops for
        8-bit and 16-bit strings. Content types are short strings and this small optimization is
        not worth the additional code complexity.
        (WebCore::Blob::normalizedContentType): Use convertToASCIILowercase since valid
        content types are guaranteed to be all ASCII.
        (WebCore::Blob::isNormalizedContentType): Removed unnecessary separate loops for
        8-bit and 16-bit strings. Content types are short strings and this small optimization is
        not worth the additional code complexity.

        * html/parser/HTMLParserIdioms.cpp: Added now-needed include of QualifiedName.h.

        * html/parser/HTMLParserIdioms.h: Removed unneeded include of QualifiedName.h and
        WTFString.h. Made sure every function is declared first, even if it's also defined
        later in the header in the section for functions templates and inline functions.

        * loader/archive/ArchiveFactory.cpp:
        (WebCore::ArchiveFactory::registerKnownArchiveMIMETypes): Use auto& for the type of
        the set of MIME types here, since it's now using ASCIICaseInsensitiveHash.

        * platform/MIMETypeRegistry.cpp: Changed the MIME type sets to use
        ASCIICaseInsensitiveHash since MIME type are not case sensitive.
        (WebCore::initializeSupportedImageMIMETypes): Use a modern for loop.
        (WebCore::initializeSupportedImageMIMETypesForEncoding): Updated for HashSet type change.
        (WebCore::initializePDFMIMETypes): Use a modern for loop.
        (WebCore::initializeSupportedNonImageMimeTypes): Use a modern for loop.
        (WebCore::initializeSupportedMediaMIMETypes): Updated for HashSet type change.
        (WebCore::initializeUnsupportedTextMIMETypes): Use a modern for loop.
        (WebCore::initializeMIMETypeRegistry): Updated for HashSet type change.
        (WebCore::MIMETypeRegistry::getSupportedImageMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getSupportedImageResourceMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getSupportedImageMIMETypesForEncoding): Ditto.
        (WebCore::MIMETypeRegistry::getSupportedNonImageMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getSupportedMediaMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getPDFMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getPDFAndPostScriptMIMETypes): Ditto.
        (WebCore::MIMETypeRegistry::getUnsupportedTextMIMETypes): Ditto.
        (WebCore::mimeTypeAssociationMap): Use ASCIICaseInsensitiveHash.
        (WebCore::MIMETypeRegistry::getNormalizedMIMEType): Use auto to make code tighter.

        * platform/MIMETypeRegistry.h: Changed return types of the getMIMETypes functions
        to use ASCIICaseInsensitiveHash.

        * platform/SchemeRegistry.cpp:
        (WebCore::schemesForbiddenFromDomainRelaxation): Changed type to
        use ASCIICaseInsensitiveHash.

        * platform/URL.cpp:
        (WebCore::mimeTypeFromDataURL): Use convertToASCIILowercase instead of lower.
        Also removed some dead code that tried to handle the case where the data URL
        has a comma as one of the first 5 characters: That can't happen since it's a
        precondition of this function that the first five characters are "data:".

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::getSupportedTypes): Change type of argument to
        a HashSet with ASCIICaseInsensitiveHash.
        * platform/graphics/MediaPlayer.h: Ditto.

        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
        (WebCore::MediaPlayerPrivateAVFoundation::staticMIMETypeList):
        Changed type of HashSet to use ASCIICaseInsensitiveHash.
        * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h: Ditto.

        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::avfMIMETypes):
        Changed type of HashSet to use ASCIICaseInsensitiveHash.
        (WebCore::MediaPlayerPrivateAVFoundationCF::getSupportedTypes): Ditto.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h: Ditto.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        Changed type of HashSet to use ASCIICaseInsensitiveHash.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithImageGenerator): Removed
        an unnecessary line of code to set a local variable to 0 just before it falls
        out of scope.
        (WebCore::avfMIMETypes): Ditto. Also tightened up the code a bit.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::getSupportedTypes): Ditto.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        Changed type of HashSet to use ASCIICaseInsensitiveHash.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::mimeTypeCache): Ditto.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::getSupportedTypes): Ditto.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Ditto.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::getSupportedTypes): Ditto.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::mimeTypeCache): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::getSupportedTypes): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h: Ditto.

        * platform/graphics/mac/MediaPlayerPrivateQTKit.h: Ditto.
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::shouldRejectMIMEType): Made this non-case-sensitive by using startsWith
        and the "false" argument. Later change this to startsWithIgnoringASCIICase or
        startsWithLettersIgnoringASCIICase.
        (WebCore::addFileTypesToCache): Use ASCIICaseInsensitiveHash. ALso rewrote to
        tighten up the code a bit and use modern Objective-C for loops.
        (WebCore::mimeCommonTypesCache): Use ASCIICaseInsensitiveHash.
        (WebCore::mimeModernTypesCache): Ditto.
        (WebCore::concatenateHashSets): Ditto.
        (WebCore::MediaPlayerPrivateQTKit::getSupportedTypes): Ditto.
        (WebCore::MediaPlayerPrivateQTKit::disableUnsupportedTracks): Initialied
        track type set using lambda, but left it case sensitive.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::mimeTypeCache): Changed type of HashSet to use ASCIICaseInsensitiveHash.
        (WebCore::MediaPlayerPrivateMediaFoundation::getSupportedTypes): Ditto.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

        * platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:
        (WebCore::mimeTypeCache): Ditto.
        (WebCore::MockMediaPlayerMediaSource::getSupportedTypes): Ditto.
        * platform/mock/mediasource/MockMediaPlayerMediaSource.h: Ditto.

2016-01-31  Brent Fulgham  <bfulgham@apple.com>

        Add "WebKit built-in PDF" Plugin to set of publicly visible plugins
        https://bugs.webkit.org/show_bug.cgi?id=153657
        <rdar://problem/24413107>

        Reviewed by Darin Adler.

        Tested by http/tests/plugins/visible_plugins.html.

        A number of poorly-coded sites break when WebKit reports that it understands PDF mime types,
        but does not have a list of plugins that the site can iterate through.

        To avoid this compatibility problem, we should also expose the "WebKit built-in PDF" plugin
        to avoid this edge case.

        * plugins/PluginData.cpp:
        (WebCore::shouldBePubliclyVisible): Add "WebKit built-in PDF" plugin.

2016-01-31  Doug Russell  <d_russell@apple.com>

        AX: Add a boundary value to AXTextStateChangeType
        https://bugs.webkit.org/show_bug.cgi?id=153085

        Reviewed by Darin Adler.

        Post an AT notification when navigation is attempted past
        an editable element's boundaries.

        Test: accessibility/mac/selection-boundary-userinfo.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::showIntent):
        * accessibility/AXTextStateChangeIntent.h:
        * accessibility/mac/AXObjectCacheMac.mm:
        (platformChangeTypeForWebCoreChangeType):
        (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::modifyMovingRight):
        (WebCore::FrameSelection::modifyMovingForward):
        (WebCore::FrameSelection::modifyMovingLeft):
        (WebCore::FrameSelection::modifyMovingBackward):
        (WebCore::textSelectionWithDirectionAndGranularity):
        (WebCore::FrameSelection::modify):
        (WebCore::FrameSelection::modifyExtendingBackward): Deleted.
        (WebCore::FrameSelection::textSelectionIntent): Deleted.
        * editing/FrameSelection.h:
        * editing/VisiblePosition.cpp:
        (WebCore::VisiblePosition::next):
        (WebCore::VisiblePosition::previous):
        (WebCore::VisiblePosition::left):
        (WebCore::VisiblePosition::right):
        (WebCore::VisiblePosition::honorEditingBoundaryAtOrBefore):
        (WebCore::VisiblePosition::honorEditingBoundaryAtOrAfter):
        (WebCore::VisiblePosition::leftVisuallyDistinctCandidate): Deleted.
        (WebCore::VisiblePosition::rightVisuallyDistinctCandidate): Deleted.
        * editing/VisiblePosition.h:
        * editing/VisibleUnits.cpp:
        (WebCore::startOfLine):
        (WebCore::logicalStartOfLine):
        (WebCore::endOfLine):
        (WebCore::logicalEndOfLine):
        (WebCore::leftBoundaryOfLine):
        (WebCore::rightBoundaryOfLine):
        (WebCore::inSameLogicalLine): Deleted.
        (WebCore::endOfEditableContent): Deleted.
        (WebCore::isEndOfEditableOrNonEditableContent): Deleted.
        * editing/VisibleUnits.h:

2016-01-31  Daniel Bates  <dabates@apple.com>

        CSP: Use the served CSP header for dedicated workers
        https://bugs.webkit.org/show_bug.cgi?id=153157
        <rdar://problem/24383254>
        And
        https://bugs.webkit.org/show_bug.cgi?id=153156
        <rdar://problem/24383246>

        Reviewed by Brent Fulgham.

        Inspired by Blink commit:
        <https://src.chromium.org/viewvc/blink?revision=194143&view=revision>

        Implement support for respecting Content Security Policy (CSP) HTTP headers included in the
        HTTP response for a Web Worker's script as per section Workers of the CSP 2.0 spec,
        <https://w3c.github.io/webappsec-csp/2/#processing-model-workers> (29 August 2015).

        Currently a Web Worker always inherits the CSP of its owner document. Instead a web worker
        will inherit the CSP of its owner document only if its script is incapable of defining a
        content security policy (i.e. its origin is a globally unique identifier). Otherwise, the
        CSP HTTP headers delivered with the script will be used to define the CSP for the worker.

        Tests: fast/workers/worker-inherits-csp-blocks-eval.html
               fast/workers/worker-inherits-csp-blocks-xhr.html
               http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-blocks-eval.html

        * CMakeLists.txt: Add file ContentSecurityPolicyResponseHeaders.cpp.
        * WebCore.vcxproj/WebCore.vcxproj: Add files ContentSecurityPolicyResponseHeaders.{cpp, h}.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Update code to use enum class ContentSecurityPolicyHeaderType.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::didBeginDocument): Extract logic to collect Content Security Policy HTTP headers
        into class ContentSecurityPolicyResponseHeaders and make use of it here.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::CSPDirectiveList::headerType): Modified to use enum class ContentSecurityPolicyHeaderType.
        (WebCore::CSPDirectiveList::CSPDirectiveList): Ditto.
        (WebCore::CSPDirectiveList::create): Ditto.
        (WebCore::ContentSecurityPolicy::responseHeaders): Creates and returns a ContentSecurityPolicyResponseHeaders
        object with the parsed CSP policy headers.
        (WebCore::ContentSecurityPolicy::didReceiveHeaders): Processed the CSP policy headers represented by the
        specified ContentSecurityPolicyResponseHeaders object.
        (WebCore::ContentSecurityPolicy::deprecatedHeader): Deleted.
        (WebCore::ContentSecurityPolicy::deprecatedHeaderType): Deleted.
        * page/csp/ContentSecurityPolicy.h: Defines a class that represents a collection of CSP policy headers.
        This class has two purposes:
            - It extracts the CSP policy headers from a HTTP response (ResourceResponse object). We make use of
            this functionality in both FrameLoader::didBeginDocument() and Worker::didReceiveResponse().
            - It serves as a memento that externalizes the internal CSP policy details of an instance of
            ContentSecurityPolicy. We make use of this memento functionality to support inheriting the
            CSP policy of the worker's owner document in a thread-safe manner. You can create and restore
            a memento using ContentSecurityPolicy::responseHeaders() and ContentSecurityPolicy::didReceiveHeaders(), respectively.
        * page/csp/ContentSecurityPolicyResponseHeaders.cpp: Added.
        (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders): Extracts the
        CSP HTTP headers from a ResourceResponse object.
        (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy): Make a copy of this object that is
        safe to pass to another thread.
        * page/csp/ContentSecurityPolicyResponseHeaders.h: Added.
        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::create): Modified to use class ContentSecurityPolicyResponseHeaders.
        * workers/DedicatedWorkerGlobalScope.h:
        * workers/DedicatedWorkerThread.cpp:
        (WebCore::DedicatedWorkerThread::create): Ditto.
        (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
        (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
        * workers/DedicatedWorkerThread.h:
        * workers/Worker.cpp:
        (WebCore::Worker::didReceiveResponse): Create a ContentSecurityPolicyResponseHeaders if the origin of
        the worker's script is capable of providing a CSP. Otherwise, we will inherit the CSP of the worker's owner
        document in Worker::notifyFinished().
        (WebCore::Worker::notifyFinished): Pass the appropriate CSP response headers to WorkerMessagingProxy::startWorkerGlobalScope().
        * workers/Worker.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Renamed; formerly named applyContentSecurityPolicyFromString().
        Modified to take a ContentSecurityPolicyResponseHeaders and apply it to the ContentSecurityPolicy object associated with the worker.
        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyFromString): Deleted.
        * workers/WorkerGlobalScope.h:
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass the worker's ContentSecurityPolicyResponseHeaders object.
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Added field m_contentSecurityPolicyResponseHeaders to store
        the CSP response headers to be applied to the worker's ContentSecurityPolicy object.
        (WebCore::WorkerThread::WorkerThread): Modified to use ContentSecurityPolicyResponseHeaders.
        (WebCore::WorkerThread::workerThread): Pass the ContentSecurityPolicyResponseHeaders object from the start up data struct
        to DedicatedWorkerThread::createWorkerGlobalScope().
        * workers/WorkerThread.h:

2016-01-31  Darin Adler  <darin@apple.com>

        Get rid of most calls to String::upper; mostly replace them with convertToASCIIUppercase
        https://bugs.webkit.org/show_bug.cgi?id=153715

        Reviewed by Gyuyoung Kim.

        * editing/cocoa/HTMLConverter.mm:
        (HTMLConverter::computedAttributesForElement): Use convertToASCIILowercase to fold
        ASCII case when searching for fonts by name.

        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::platformLazyInit): Use convertToASCIIUppercase to make
        the HTTP version string canonical. Not sure why it's needed at all, but the letters
        we might be uppercasing are "HTTP", so no need to handle non-ASCII.
        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::platformLazyInit): Ditto.

        * rendering/svg/SVGRenderTreeAsText.cpp:
        (WebCore::operator<<): Use convertToASCIIUppercase when writing the spread
        method type into a text stream. The method types are all ASCII.

2016-01-31  Dan Bernstein  <mitz@apple.com>

        [Cocoa] Remove __has_include guards around use of WebKitAdditions
        https://bugs.webkit.org/show_bug.cgi?id=153728

        Reviewed by Andy Estes.

        Guard WebKitAdditions includes with #if USE(APPLE_INTERNAL_SDK) rather than with __has_include.

        * dom/EventNames.h:
        * loader/EmptyClients.cpp:
        (WebCore::fillWithEmptyClients):
        * page/MainFrame.cpp:
        (WebCore::MainFrame::MainFrame):
        * page/MainFrame.h:
        * page/PageConfiguration.h:
        * platform/cocoa/WebKitAdditions.mm:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        * platform/ios/LegacyTileGridTile.mm:

2016-01-31  Darin Adler  <darin@apple.com>

        Replace CaseFoldingHash with ASCIICaseInsensitiveHash
        https://bugs.webkit.org/show_bug.cgi?id=153639

        Reviewed by Filip Pizlo.

        * Modules/webdatabase/DatabaseAuthorizer.h: Use ASCIICaseInsensitiveHash
        for whitelisted functions. Function names are all ASCII.

        * accessibility/AccessibilityObject.cpp: Use ASCIICaseInsensitiveHash
        for ARIA roles. ARIA roles are all ASCII.

        * crypto/CryptoAlgorithmRegistry.h: Use ASCIICaseInsensitiveHash for
        crypto algorithm names. Algorithm names are all ASCII.

        * css/CSSFontSelector.cpp:
        (WebCore::registerLocalFontFacesForFamily): Use ASCIICaseInsensitiveHash
        for font faces. Face names should use ASCII case insensitive matching;
        there is no need for non-ASCII case folding.
        * css/CSSFontSelector.h: Ditto.

        * dom/DOMImplementation.cpp: Use ASCIICaseInsensitiveHash for the
        FeatureSet. The features are all ASCII.

        * dom/Document.h: Use ASCIICaseInsensitiveHash for the access key
        map. Access keys are all ASCII.

        * dom/ScriptElement.cpp:
        (WebCore::isLegacySupportedJavaScriptLanguage): Use ASCIICaseInsensitiveHash
        for the language set. These strings are all ASCII.

        * editing/EditorCommand.cpp: Use ASCIICaseInsensitiveHash for editor
        command names. These names are all ASCII.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parametersForPlugin): Use ASCIICaseInsensitiveHash
        for parameter names. These names are all ASCII.

        * html/InputType.cpp: Use ASCIICaseInsensitiveHash for the input types.
        The input types are all ASCII.

        * loader/CrossOriginAccessControl.h: Use ASCIICaseInsensitiveHash for
        HTTP header field names. These names are all ASCII.
        * loader/CrossOriginPreflightResultCache.h: Ditto.

        * loader/archive/ArchiveFactory.cpp: Use ASCIICaseInsensitiveHash for
        MIME types. MIME types are all ASCII.
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes): Ditto.

        * platform/SchemeRegistry.h: Use ASCIICaseInsensitiveHas for URL schemes.
        URL schemes are all ASCII.
        * platform/URL.cpp: Ditto.

        * platform/graphics/FontCache.cpp:
        (WebCore::FontPlatformDataCacheKey::operator==): Use ASCIICaseInsensitiveHash.
        (WebCore::FontPlatformDataCacheKeyHash::hash): Use ASCIICaseInsensitiveHash.

        * platform/graphics/FontCascade.cpp:
        (WebCore::keysMatch): Rename from operator== since this operation is not
        equality. Changed to equalIgnoringASCIICase and did a little streamlining.
        (WebCore::makeFontCascadeCacheKey): Use reserveInitialCapacity for slightly
        better memory use.
        (WebCore::computeFontCascadeCacheHash): Use IntegerHasher to make computing
        a hash more efficient by eliminating the overhead of building a vector and
        even possible heap allocation and deallocation.
        (WebCore::retrieveOrAddCachedFonts): Use keysMatch instead of ==.

        * platform/graphics/cocoa/FontCacheCoreText.cpp: Use ASCIICaseInsensitiveHash
        for font family names. These names should use ASCII case insensitive matching;
        there is no need for non-ASCII case folding.

        * platform/network/HTTPHeaderMap.h: Use ASCIICaseInsensitiveHash for
        HTTP header field names. These names are all ASCII.

        * rendering/style/RenderStyle.cpp:
        (WebCore::computeFontHash): Use IntegerHasher to avoid allocating memory just
        to compute a hash. Use ASCIICaseInsensitiveHash.

2016-01-31  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce PassRefPtr uses in dom - 5
        https://bugs.webkit.org/show_bug.cgi?id=153470

        Reviewed by Darin Adler.

        As a step to remove PassRefPtr, this patch reduces uses of PassRefPtr in WebCore/dom. 

        * dom/Document.cpp:
        (WebCore::Document::adoptNode):
        (WebCore::Document::implicitClose):
        (WebCore::Document::enqueuePopstateEvent):
        (WebCore::Document::setInputCursor):
        * dom/Document.h:
        * dom/DocumentMarker.cpp:
        (WebCore::DocumentMarkerTextMatch::instanceFor):
        * dom/Event.cpp:
        (WebCore::Event::setUnderlyingEvent):
        * dom/Event.h:
        * dom/EventDispatcher.h:
        * dom/GenericEventQueue.cpp:
        (WebCore::GenericEventQueue::enqueueEvent):
        * dom/GenericEventQueue.h:
        * dom/MouseEvent.cpp:
        (WebCore::SimulatedMouseEvent::SimulatedMouseEvent):
        * dom/Node.cpp:
        (WebCore::Node::dispatchDOMActivateEvent):
        * dom/NodeIterator.h:
        * dom/PendingScript.h:
        * dom/PopStateEvent.cpp:
        (WebCore::PopStateEvent::create):
        * dom/PopStateEvent.h:
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::setCSSStyleSheet): Deleted. Nobody calls this function.
        * dom/ProcessingInstruction.h:
        * dom/RangeBoundaryPoint.h:
        (WebCore::RangeBoundaryPoint::RangeBoundaryPoint):
        * dom/TextEvent.cpp:
        (WebCore::TextEvent::createForFragmentPaste):
        (WebCore::TextEvent::TextEvent):
        * dom/TextEvent.h:
        * editing/Editor.cpp:
        (WebCore::Editor::pasteAsFragment):
        * editing/Editor.h:
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::replaceNodeFromPasteboard):

2016-01-31  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Use std::make_unique<> when creating an unique_ptr object.
        https://bugs.webkit.org/show_bug.cgi?id=153705

        Reviewed by Darin Adler.

        Some factory functions have used std::unique_ptr<> for creating an unique_ptr object.
        It is wrong. We have to use std::make_unique<>.

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::WebMediaSessionManager::mockPicker):
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::internalStart):
        * platform/cf/RunLoopObserver.cpp:
        (WebCore::RunLoopObserver::create): Deleted.
        * platform/cf/RunLoopObserver.h:
        (WebCore::RunLoopObserver::RunLoopObserver):
        * platform/graphics/avfoundation/WebMediaSessionManagerMac.cpp:
        (WebCore::WebMediaSessionManagerMac::platformPicker):
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
        * platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:
        (WebCore::MediaPlaybackTargetPickerMac::create): Deleted.
        * platform/graphics/ca/cocoa/LayerFlushSchedulerMac.cpp:
        (WebCore::LayerFlushScheduler::LayerFlushScheduler):
        * platform/mock/MediaPlaybackTargetPickerMock.cpp:
        (WebCore::MediaPlaybackTargetPickerMock::create): Deleted.
        * platform/mock/MediaPlaybackTargetPickerMock.h:
        * rendering/FloatingObjects.cpp:
        (WebCore::FloatingObject::copyToNewContainer):

2016-01-30  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, fix GTK debug build after r195899

        * dom/EventContext.h:
        (isType):

2016-01-30  Jeremy Huddleston Sequoia  <jeremyhu@apple.com>

        Add missing include to fix building debug configuration
        https://bugs.webkit.org/show_bug.cgi?id=153719

        Reviewed by Darin Adler.

        No new tests.

        * rendering/RenderObject.cpp:

2016-01-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195911.
        https://bugs.webkit.org/show_bug.cgi?id=153723

        Caused frequent assertion failures on bots (Requested by ap on
        #webkit).

        Reverted changeset:

        "Replace CaseFoldingHash with ASCIICaseInsensitiveHash"
        https://bugs.webkit.org/show_bug.cgi?id=153639
        http://trac.webkit.org/changeset/195911

2016-01-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195799 and r195828.
        https://bugs.webkit.org/show_bug.cgi?id=153722

        Caused assertion failures, severely affecting EWS (Requested
        by ap on #webkit).

        Reverted changesets:

        "Web Inspector: InspectorTimelineAgent doesn't need to
        recompile functions because it now uses the sampling profiler"
        https://bugs.webkit.org/show_bug.cgi?id=153500
        http://trac.webkit.org/changeset/195799

        "Attempt to fix the Windows build after r195799"
        http://trac.webkit.org/changeset/195828

2016-01-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Some tests crash with specific odd database names.
        https://bugs.webkit.org/show_bug.cgi?id=153688

        Reviewed by Darin Adler.

        No new tests (2 existing tests now pass).

        * platform/FileSystem.cpp:
        (WebCore::shouldEscapeUChar): Return true for some surrogate-pair situations.
        (WebCore::encodeForFileName): Pass along the previous and next characters, as well,
          and do a two byte escaping for some characters.

2016-01-30  Eric Carlson  <eric.carlson@apple.com>

        More than one audio and/or text track sometimes selected in media controls menu
        https://bugs.webkit.org/show_bug.cgi?id=153664

        Use an <img> element for the track menu item checkmark instead of a background image and
        the ::before selector.

        Reviewed by Jer Noble.

        Test: media/controls/track-menu.html

        * Modules/mediacontrols/mediaControlsApple.css:
        (audio::-webkit-media-controls-closed-captions-container li:hover):
        (audio::-webkit-media-controls-closed-captions-container li .checkmark-container):
        (audio::-webkit-media-controls-closed-captions-container li.selected .checkmark-container):
        (audio::-webkit-media-controls-closed-captions-container li.selected:hover .checkmark-container):
        (audio::-webkit-media-controls-closed-captions-container li.selected::before): Deleted.
        (audio::-webkit-media-controls-closed-captions-container li.selected:hover::before): Deleted.
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.buildCaptionMenu):
        (Controller.prototype.):
        (Controller.prototype.getCurrentControlsStatus):

2016-01-30  Darin Adler  <darin@apple.com>

        Replace CaseFoldingHash with ASCIICaseInsensitiveHash
        https://bugs.webkit.org/show_bug.cgi?id=153639

        Reviewed by Filip Pizlo.

        * Modules/webdatabase/DatabaseAuthorizer.h: Use ASCIICaseInsensitiveHash
        for whitelisted functions. Function names are all ASCII.

        * accessibility/AccessibilityObject.cpp: Use ASCIICaseInsensitiveHash
        for ARIA roles. ARIA roles are all ASCII.

        * crypto/CryptoAlgorithmRegistry.h: Use ASCIICaseInsensitiveHash for
        crypto algorithm names. Algorithm names are all ASCII.

        * css/CSSFontSelector.cpp:
        (WebCore::registerLocalFontFacesForFamily): Use ASCIICaseInsensitiveHash
        for font faces. Face names should use ASCII case insensitive matching;
        there is no need for non-ASCII case folding.
        * css/CSSFontSelector.h: Ditto.

        * dom/DOMImplementation.cpp: Use ASCIICaseInsensitiveHash for the
        FeatureSet. The features are all ASCII.

        * dom/Document.h: Use ASCIICaseInsensitiveHash for the access key
        map. Access keys are all ASCII.

        * dom/ScriptElement.cpp:
        (WebCore::isLegacySupportedJavaScriptLanguage): Use ASCIICaseInsensitiveHash
        for the language set. These strings are all ASCII.

        * editing/EditorCommand.cpp: Use ASCIICaseInsensitiveHash for editor
        command names. These names are all ASCII.

        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::parametersForPlugin): Use ASCIICaseInsensitiveHash
        for parameter names. These names are all ASCII.

        * html/InputType.cpp: Use ASCIICaseInsensitiveHash for the input types.
        The input types are all ASCII.

        * loader/CrossOriginAccessControl.h: Use ASCIICaseInsensitiveHash for
        HTTP header field names. These names are all ASCII.
        * loader/CrossOriginPreflightResultCache.h: Ditto.

        * loader/archive/ArchiveFactory.cpp: Use ASCIICaseInsensitiveHash for
        MIME types. MIME types are all ASCII.
        * platform/MIMETypeRegistry.cpp:
        (WebCore::initializeSupportedImageMIMETypes): Ditto.

        * platform/SchemeRegistry.h: Use ASCIICaseInsensitiveHas for URL schemes.
        URL schemes are all ASCII.
        * platform/URL.cpp: Ditto.

        * platform/graphics/FontCache.cpp: Reworked FontPlatformDataCacheKey struct:
        Made it a conventional struct with non-prefixed data members names. Removed
        the "==" operator since it was appropriate for hash table lookup but wasn't
        a true equality operator. Tightened the implementations of the constructors.
        (WebCore::FontPlatformDataCacheKeyHash::hash): Use ASCIICaseInsensitiveHash.
        (WebCore::FontPlatformDataCacheKeyHash::equal): Do the equality check here,
        not using the == operator. And use equalIgnoringASCIICase.
        (WebCore::FontPlatformDataCacheKeyTraits::isEmptyValue): Added this entire
        traits struct so we check empty values in a more efficient way.
        (WebCore::FontCache::getCachedFontPlatformData): Added comments and tweaked
        style in this function.

        * platform/graphics/FontCascade.cpp:
        (WebCore::keysMatch): Rename from operator== since this operation is not
        equality. Changed to equalIgnoringASCIICase and did a little streamlining.
        (WebCore::makeFontCascadeCacheKey): Use reserveInitialCapacity for slightly
        better memory use.
        (WebCore::computeFontCascadeCacheHash): Use IntegerHasher to make computing
        a hash more efficient by eliminating the overhead of building a vector and
        even possible heap allocation and deallocation.
        (WebCore::retrieveOrAddCachedFonts): Use keysMatch instead of ==.

        * platform/graphics/cocoa/FontCacheCoreText.cpp: Use ASCIICaseInsensitiveHash
        for font family names. These names should use ASCII case insensitive matching;
        there is no need for non-ASCII case folding.

        * platform/network/HTTPHeaderMap.h: Use ASCIICaseInsensitiveHash for
        HTTP header field names. These names are all ASCII.

        * rendering/style/RenderStyle.cpp:
        (WebCore::computeFontHash): Use IntegerHasher to avoid allocating memory just
        to compute a hash. Use ASCIICaseInsensitiveHash.

2016-01-30  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r195871.

        Caused several layout tests to time out

        Reverted changeset:

        "Tab suspension code shouldn't use page cache cacheability
        logic"
        https://bugs.webkit.org/show_bug.cgi?id=153680
        http://trac.webkit.org/changeset/195871

2016-01-30  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rebaseline bindings tests after r195904.

        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetter::getOwnPropertySlot):
        (WebCore::jsTestCustomNamedGetterConstructor):
        (WebCore::setJSTestCustomNamedGetterConstructor):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTarget::getOwnPropertySlot):
        (WebCore::jsTestEventTargetConstructor):
        (WebCore::setJSTestEventTargetConstructor):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        (WebCore::JSTestOverrideBuiltins::getOwnPropertySlot):
        (WebCore::jsTestOverrideBuiltinsConstructor):
        (WebCore::setJSTestOverrideBuiltinsConstructor):

2016-01-30  Chris Dumez  <cdumez@apple.com>

        [JS Bindings] prototype.constructor should be writable
        https://bugs.webkit.org/show_bug.cgi?id=149412
        <rdar://problem/22545096>

        Reviewed by Darin Adler.

        prototype.constructor should have the following properties:
        { [[Writable]]: true, [[Enumerable]]: false, [[Configurable]]: true }

        as per the Web IDL specification:
        https://heycam.github.io/webidl/#interface-prototype-object

        In WebKit, it is currently not writable. It is writable in Firefox.

        This patch was first landed in r190085 but was rolled out for causing
        crashes: <rdar://problem/22825602>. The issue was that even though we
        marked constructor as writable, we failed to generate a setter for it.
        This patch addresses the issue and the crash in <rdar://problem/22825602>
        no longer occurs after this change. A regression test is also added for
        this crash.

        Tests:
        fast/dom/HTMLDocument/constructor-setter-crash.html
        fast/dom/prototype-constructor-setter.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateAttributesHashTable):
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::setJSTestActiveDOMObjectConstructor):
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        (WebCore::setJSTestClassWithJSBuiltinConstructorConstructor):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        (WebCore::setJSTestCustomConstructorWithNoInterfaceObjectConstructor):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::setJSTestCustomNamedGetterConstructor):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::setJSTestEventConstructorConstructor):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::setJSTestEventTargetConstructor):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::setJSTestExceptionConstructor):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::setJSTestGenerateIsReachableConstructor):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::setJSTestInterfaceConstructor):
        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
        (WebCore::setJSTestJSBuiltinConstructorConstructor):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::setJSTestMediaQueryListListenerConstructor):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::setJSTestNamedConstructorConstructor):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::setJSTestNodeConstructor):
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::setJSTestNondeterministicConstructor):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::setJSTestObjConstructor):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::setJSTestOverloadedConstructorsConstructor):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        (WebCore::setJSTestOverrideBuiltinsConstructor):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::setJSTestSerializedScriptValueInterfaceConstructor):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::setJSTestTypedefsConstructor):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::setJSattributeConstructor):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::setJSreadonlyConstructor):
        * page/DOMWindow.idl:

2016-01-30  Chris Dumez  <cdumez@apple.com>

        Move more 'constructor' properties to the prototype
        https://bugs.webkit.org/show_bug.cgi?id=153667

        Reviewed by Darin Adler.

        Move more 'constructor' properties to the prototype. In particular, we
        used to keep the 'constructor' on the instance for interfaces that have
        an indexed / named property getter because our getOwnPropertySlot()
        implementation used to be wrong for such interfaces.

        However, getOwnPropertySlot() should be correct after r188590 so we
        should now be able to move the 'constructor' up to the prototype for
        these interfaces, as per the specification:
        http://heycam.github.io/webidl/#interface-prototype-object

        No new tests, already covered by existing tests.

        * bindings/js/JSPluginElementFunctions.h:
        (WebCore::pluginElementCustomGetOwnPropertySlot):
        Add a null check for staticPropHashTable. It is now null because this
        type no longer has any property on the instance now that 'constructor'
        is on the prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (ConstructorShouldBeOnInstance):

2016-01-29  Ada Chan  <adachan@apple.com>

        Enable VIDEO_PRESENTATION_MODE only in Debug and Release builds on Mac
        https://bugs.webkit.org/show_bug.cgi?id=153665

        Reviewed by Dan Bernstein.

        * Configurations/FeatureDefines.xcconfig:

2016-01-30  David Kilzer  <ddkilzer@apple.com>

        [iOS] WebKit1 apps crash in ___ZN7WebCore16DiskCacheMonitorC2ERKNS_15ResourceRequestENS_9SessionIDEPK20_CFCachedURLResponse_block_invoke1
        <http://webkit.org/b/153710>
        <rdar://problem/23116706>

        Reviewed by Darin Adler.

        * loader/cocoa/DiskCacheMonitorCocoa.mm:
        (WebCore::DiskCacheMonitor::DiskCacheMonitor):
        - Fix race condition on iOS WebKit1 clients by calling the block
          to cancel the DiskCacheMonitor on the WebThread, which is the
          same thread where the CFCachedURLResponseCallBackBlock is
          called.
        - Removed whitespace to adhere to style.

2016-01-30  Ryosuke Niwa  <rniwa@webkit.org>

        TouchList should be retargeted
        https://bugs.webkit.org/show_bug.cgi?id=149592

        Reviewed by Antti Koivisto.

        Retarget touch target's using the same algorithm as the one used for related targets instead of
        EventRelatedNodeResolver which is removed in this patch.

        Also enable the retargeting on iOS.

        Test: fast/shadow-dom/touch-event-ios.html

        * dom/EventContext.cpp:
        (WebCore::TouchEventContext::TouchEventContext):
        (WebCore::TouchEventContext::handleLocalEvents):
        (WebCore::TouchEventContext::checkReachability):
        * dom/EventContext.h:
        (WebCore::toTouchEventContext):
        (WebCore::EventContext::isUnreachableNode):
        * dom/EventDispatcher.cpp:
        (WebCore::EventRelatedNodeResolver): Deleted.
        (WebCore::EventPath::EventPath):
        (WebCore::EventDispatcher::dispatchEvent): 
        (WebCore::addRelatedNodeResolversForTouchList): Deleted.
        (WebCore::EventPath::updateTouchLists): Deleted.
        (WebCore::EventPath::setRelatedTarget): Removed superfluous UNUSED_PARAM since the argument is always used.
        (WebCore::EventPath::retargetTouch): Extracted from updateTouchLists/setRelatedTarget. Clones Touch object
        with the new target for each event context just like related targets.
        (WebCore::EventPath::retargetTouchLists): Renamed from updateTouchLists. Calls retargetTouch on each Touch
        object in each TouchList.
        * dom/TouchEvent.h:

2016-01-30 Dave Hyatt  <hyatt@apple.com>

        Support break-after, break-before and break-inside.
        https://bugs.webkit.org/show_bug.cgi?id=148814

        Reviewed by Dean Jackson.

        New tests added in printing/, fast/multicol/, and fast/regions.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::convertToPageBreak):
        (WebCore::convertToColumnBreak):
        (WebCore::convertToRegionBreak):
        For backwards compatibility, keep support for all the old properties in
        computed style. This means we have to convert the break-* property values
        into keywords that make sense for the legacy properties. This mainly
        involves mapping "page", "column", "region" to "always" (similar rule for
        the avoid-* versions as well).

        (WebCore::ComputedStyleExtractor::propertyValue):
        Add support for the three new break-* properties.

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        Add support for the new break properties.

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::operator BreakBetween):
        (WebCore::CSSPrimitiveValue::operator BreakInside):
        Add converters for the new BreakBetween and BreakInside enums. Remove
        the EPageBreak enum, since it is no longer used.

        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        Add the new properties and the new values supported by the properties
        to the keywords lists.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertFontSynthesis):
        (WebCore::StyleBuilderConverter::convertPageBreakBetween):
        (WebCore::StyleBuilderConverter::convertPageBreakInside):
        (WebCore::StyleBuilderConverter::convertColumnBreakBetween):
        (WebCore::StyleBuilderConverter::convertColumnBreakInside):
        (WebCore::StyleBuilderConverter::convertRegionBreakBetween):
        (WebCore::StyleBuilderConverter::convertRegionBreakInside):
        In order to map the legacy properties into the new break-* values
        we have custom converter functions.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::paintChild):
        (WebCore::RenderBlock::childBoxIsUnsplittableForFragmentation):
        (WebCore::RenderBlock::computeRegionRangeForBoxChild):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::applyBeforeBreak):
        (WebCore::RenderBlockFlow::applyAfterBreak):
        Patch the block code to check the correct new break-* constants. For
        avoidance, this means checking both the general avoid value and the
        specific value (e.g., avoid-page). In place of "always", we check
        the specific value (e.g., column) and then for page specifically, we
        also treat "left", "right", "recto" and "verso" as "always break" for now.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::changeRequiresLayout):
        Make sure changes to the break properties trigger relayout.

        * rendering/style/RenderStyle.h:
        Add getters and setters for the break-* properties and remove all
        occurrences of the legacy page, column and region values from the RenderStyle.

        * rendering/style/RenderStyleConstants.cpp:
        (WebCore::alwaysPageBreak):
        We have a helper function here for mapping several constant values to "page".

        * rendering/style/RenderStyleConstants.h:
        Definitions of the new BreakBetween and BreakInside enums.

        * rendering/style/StyleMultiColData.cpp:
        (WebCore::StyleMultiColData::StyleMultiColData):
        (WebCore::StyleMultiColData::operator==):
        * rendering/style/StyleMultiColData.h:
        Remove the column-specific break data.

        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        Remove the region-specific break data and replace it with generic break
        data that is now used by all three pagination models.

2016-01-29  Per Arne Vollan  <peavo@outlook.com>

        [Win] Fix compile error.
        https://bugs.webkit.org/show_bug.cgi?id=153646

        Reviewed by Darin Adler.

        * platform/text/win/LocaleWin.cpp:
        (WebCore::LCIDFromLocaleInternal):

2016-01-29  Antti Koivisto  <antti@apple.com>

        Tab suspension code shouldn't use page cache cacheability logic
        https://bugs.webkit.org/show_bug.cgi?id=153680

        Reviewed by Andreas Kling.

        Most of PageCache::canCache() is unnecessary for tab suspension.

        Also improve robustness.

        * page/Page.cpp:
        (WebCore::Page::setPageActivityState):
        (WebCore::Page::setIsVisible):
        (WebCore::Page::setIsVisibleInternal):
        (WebCore::Page::setIsPrerender):
        (WebCore::Page::canTabSuspend):

            Include visibility test here.

            Instead of calling PageCache::canCache() just check for each frame that
            - that the document is loaded
            - that active DOM objects allow suspension

        (WebCore::Page::setIsTabSuspended):
        (WebCore::Page::setTabSuspensionEnabled):
        (WebCore::Page::updateTabSuspensionState):

            Refactor for robustness.

        (WebCore::Page::tabSuspensionTimerFired):

            Call canTabSuspend, the result might have changed.

        (WebCore::Page::scheduleTabSuspension): Deleted.
        * page/Page.h:

2016-01-29  Ryosuke Niwa  <rniwa@webkit.org>

        fast/shadow-dom/Element-interface-attachShadow.html fails on iOS
        https://bugs.webkit.org/show_bug.cgi?id=153681

        Reviewed by Antti Koivisto.

        The bug was caused by canHaveUserAgentShadowRoot() returning false on a meter element since it's disabled on iOS.
        Override HTMLUnknownElement's canHaveUserAgentShadowRoot to return false for compatbility on iOS.

        * html/HTMLUnknownElement.h:
        (WebCore::HTMLUnknownElement::canHaveUserAgentShadowRoot):

2016-01-29  Brady Eidson  <beidson@apple.com>

        Modern IDB: Getting records for key ranges with null keys aren't properly handled in SQLite backend
        https://bugs.webkit.org/show_bug.cgi?id=153666

        Reviewed by Tim Horton.

        No new tests (Two failing tests now pass).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):

2016-01-29  Simon Fraser  <simon.fraser@apple.com>

        image-rendering: -webkit-optimize-contrast not working for background images
        https://bugs.webkit.org/show_bug.cgi?id=97991

        Reviewed by Darin Adler.
        
        Don't equate "pixelated" and "crisp-edges" values for image-rendering with low
        quality scaling; they should map to InterpolationNone, not InterpolationLow.
        
        To support this change ImageQualityController to return a InterpolationQuality
        from the renamed chooseInterpolationQuality(). If the returned value is not
        InterpolationDefault, set the GraphicsContext image interpolation when drawing
        images and image buffers.
        
        Remove the redundant "useLowQualityScale" from 

        Test: fast/images/image-rendering-interpolation.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::paint):
        * html/HTMLCanvasElement.h:
        * page/DragController.cpp:
        (WebCore::DragController::doImageDrag):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::drawImageBuffer):
        (WebCore::GraphicsContext::drawConsumingImageBuffer):
        (WebCore::InterpolationQualityMaintainer::InterpolationQualityMaintainer): Deleted.
        (WebCore::InterpolationQualityMaintainer::~InterpolationQualityMaintainer): Deleted.
        * platform/graphics/GraphicsContext.h:
        (WebCore::ImagePaintingOptions::ImagePaintingOptions):
        (WebCore::ImagePaintingOptions::usesDefaultInterpolation):
        (WebCore::InterpolationQualityMaintainer::InterpolationQualityMaintainer):
        (WebCore::InterpolationQualityMaintainer::~InterpolationQualityMaintainer):
        * platform/graphics/GraphicsTypes.h:
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::drawConsuming):
        (WebCore::ImageBuffer::draw):
        * rendering/ImageQualityController.cpp:
        (WebCore::ImageQualityController::interpolationQualityFromStyle):
        (WebCore::ImageQualityController::chooseInterpolationQuality):
        (WebCore::ImageQualityController::ImageQualityController): Deleted.
        (WebCore::ImageQualityController::shouldPaintAtLowQuality): Deleted.
        * rendering/ImageQualityController.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::chooseInterpolationQuality):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        (WebCore::RenderBoxModelObject::shouldPaintAtLowQuality): Deleted.
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::paintSnapshotImage):
        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::paintReplaced):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintIntoRect):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::paintSnapshot):
        * rendering/style/RenderStyle.h:

2016-01-29  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/modern/index-3.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=153661

        Reviewed by Tim Horton.

        No new tests (1 failing test now passes, others get closer).

        When indexing a new record fails due to uniqueness constraints, remove all traces of the record.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):

2016-01-29  Brent Fulgham  <bfulgham@apple.com>

        [WebGL] Check vertex array bounds before permitting a glDrawArrays to execute
        https://bugs.webkit.org/show_bug.cgi?id=153643
        <rdar://problem/23424456>

        Reviewed by Dean Jackson.

        Tested by fast/canvas/webgl/webgl-drawarrays-crash.html.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateDrawArrays): Make sure that we have at
        least one buffer bound to a program if a drawArray call with a non-zero range of
        requested data is being made.
        (WebCore::WebGLRenderingContextBase::validateDrawElements): Drive-by formatting fix.

2016-01-29  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix logging that overwhelms python with strings of excessive length.
        https://bugs.webkit.org/show_bug.cgi?id=153652

        Reviewed by Tim Horton.

        No new tests (Two skipped tests now pass).

        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::loggingString): Limit the length of the string.
        
        * Modules/indexeddb/IDBKeyRangeData.cpp:
        (WebCore::IDBKeyRangeData::loggingString): Limit the length of the string.

2016-01-29  Jer Noble  <jer.noble@apple.com>

        Unreviewed Windows build fix; one more ResourceLoaderOptions call site which needs to
        be updated after adding the CachingPolicy parameter.

        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::startLoading):

2016-01-29  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Implement overlay scrollbars
        https://bugs.webkit.org/show_bug.cgi?id=153405

        Reviewed by Michael Catanzaro.

        Add support for overlay scrollbars to GTK+ platform following the
        same style and behavior than GtkScrolledWindow. They are only
        available for GTK+ >= 3.19, but honoring the GTK_OVERLAY_SCROLLING
        environment variable, so they could be disable at run time, except
        when threaded compositor is enabled. A new ScrollAnimator class
        has been added for GTK+ to implement overlay scrollbars and still
        allow smooth scrolling when available.

        * PlatformGTK.cmake: Add ScrollAnimatorGtk and stop building ScrollAnimatorSmooth.
        * platform/ScrollAnimator.h:
        (WebCore::ScrollAnimator::ScrollAnimator::mouseEnteredContentArea):
        Remove const to allow the ScrollAnimator to be updated.
        (WebCore::ScrollAnimator::ScrollAnimator::mouseExitedContentArea): Ditto.
        (WebCore::ScrollAnimator::ScrollAnimator::mouseMovedInContentArea): Ditto.
        (WebCore::ScrollAnimator::ScrollAnimator::contentAreaDidShow): Ditto.
        (WebCore::ScrollAnimator::ScrollAnimator::contentAreaDidHide): Ditto.
        * platform/Scrollbar.h:
        (WebCore::Scrollbar::opacity): Get scrollbar opacity.
        (WebCore::Scrollbar::setOpacity): Set scrollbar opacity.
        * platform/gtk/ScrollAnimatorGtk.cpp: Added.
        (WebCore::ScrollAnimator::create): Create a ScrollAnimatorGtk.
        (WebCore::ScrollAnimatorGtk::ScrollAnimatorGtk):
        (WebCore::ScrollAnimatorGtk::~ScrollAnimatorGtk):
        (WebCore::ScrollAnimatorGtk::ensureSmoothScrollingAnimation):
        Initialize the ScrollAnimationSmooth if it doesn't exist.
        (WebCore::ScrollAnimatorGtk::scroll): Ensure we have a
        ScrollAnimationSmooth if smooth scrolling is enabled. This also
        fixes the problem of having to reload the page after changing the
        smooth scrolling setting.
        (WebCore::ScrollAnimatorGtk::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimatorGtk::willEndLiveResize):
        (WebCore::ScrollAnimatorGtk::didAddVerticalScrollbar): Register
        the scrollbar if it's an overlay scrollbar and make it visible
        without animating it. Start the hide animation.
        (WebCore::ScrollAnimatorGtk::didAddHorizontalScrollbar): Ditto.
        (WebCore::ScrollAnimatorGtk::willRemoveVerticalScrollbar):
        Unregister the scrollbar if it was registered and resrt the
        animation state if it was the only scrollbar.
        (WebCore::ScrollAnimatorGtk::willRemoveHorizontalScrollbar): Ditto.
        (WebCore::ScrollAnimatorGtk::updateOverlayScrollbarsOpacity): Update
        the scrollbars opacity and invalidate the indicator.
        (WebCore::easeOutCubic):
        (WebCore::ScrollAnimatorGtk::overlayScrollbarAnimationTimerFired):
        Update the scrollbars opacity and schedule a next frame if the
        animation didn't finish or start the hide animation otherwhise.
        (WebCore::ScrollAnimatorGtk::showOverlayScrollbars): Start the
        fade animation to show the scrollbars if needed.
        (WebCore::ScrollAnimatorGtk::hideOverlayScrollbars): Start the
        dafe animation to hide the scrollbars if needed.
        (WebCore::ScrollAnimatorGtk::mouseEnteredContentArea): Call
        showOverlayScrollbars().
        (WebCore::ScrollAnimatorGtk::mouseExitedContentArea): Call
        hideOverlayScrollbars().
        (WebCore::ScrollAnimatorGtk::mouseMovedInContentArea): Call
        showOverlayScrollbars().
        (WebCore::ScrollAnimatorGtk::contentAreaDidShow): Ditto.
        (WebCore::ScrollAnimatorGtk::contentAreaDidHide): Hide the
        scrollbars without animations.
        (WebCore::ScrollAnimatorGtk::notifyContentAreaScrolled): Call
        showOverlayScrollbars().
        (WebCore::ScrollAnimatorGtk::lockOverlayScrollbarStateToHidden):
        Update the lock state and hide or show the scrollbars when locked
        or unlocked.
        * platform/gtk/ScrollAnimatorGtk.h: Added.
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::backButtonRect): Pass
        StyleContextMode to getOrCreateStyleContext depending on the
        painting parameter.
        (WebCore::ScrollbarThemeGtk::forwardButtonRect): Ditto.
        (WebCore::ScrollbarThemeGtk::trackRect): Ditto.
        (WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Add
        StyleContextMode parameter to add the hovering class
        unconditionally when using overlay scrollbars in layout mode. In
        paint mode we add the hovering clas only when the scrollbar is
        hovered. This way we always claim the size of the scrollbar when
        hovered to be able to show the full scrollbar when the mouse is
        close enough to the indicator.
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Initialize
        m_usesOverlayScrollbars.
        (WebCore::ScrollbarThemeGtk::thumbRect): Pass the scrollbar to
        getOrCreateStyleContext().
        (WebCore::adjustRectAccordingToMargin): Fix the top margin.
        (WebCore::ScrollbarThemeGtk::paintTrackBackground): Pass the
        scrollbar and paint mode to getOrCreateStyleContext().
        (WebCore::ScrollbarThemeGtk::paintScrollbarBackground): Ditto.
        (WebCore::ScrollbarThemeGtk::paintThumb): Adjust the thumb
        rectangle when overlay scrollbar is not hovered to its current
        size, since we always claim the size of the scrollbar in hovered
        mode.
        (WebCore::ScrollbarThemeGtk::paintButton): Pass the scrollbar and
        paint mode to getOrCreateStyleContext().
        (WebCore::ScrollbarThemeGtk::paint): Take the scrollbar opacity
        into account when rendering overlay scrollbars as indicators. Also
        get the scrollbar opacity from the GTK+ theme and use a
        transparency group when the global opacity is not full opaque.
        (WebCore::ScrollbarThemeGtk::buttonSize): Pass the scrollbar to
        getOrCreateStyleContext().
        * platform/gtk/ScrollbarThemeGtk.h:
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::mouseEnteredContentArea):
        (WebCore::ScrollAnimatorMac::mouseExitedContentArea):
        (WebCore::ScrollAnimatorMac::mouseMovedInContentArea):
        (WebCore::ScrollAnimatorMac::contentAreaDidShow):
        (WebCore::ScrollAnimatorMac::contentAreaDidHide):

2016-01-29  ChangSeok Oh  <changseok.oh@collabora.com>

        [GStreamer] built-in media player doesn't update
        https://bugs.webkit.org/show_bug.cgi?id=151816

        Reviewed by Xabier Rodriguez-Calvar.

        The timeline of audio controls in media document is not properly updated since it is assumed
        that the controls are hidden as soon as playing. However, such full page audio always has
        opacity : 1 declared by video:-webkit-full-page-media::-webkit-media-controls-panel.no-video.
        i.e. it is not actually hidden. We can fix this by simply returning false for no-video media
        in controlsAreHidden();

        Test: media/audio-controls-timeline-in-media-document.html

        * Modules/mediacontrols/mediaControlsBase.js:
        (Controller.prototype.controlsAreAlwaysVisible):
        (Controller.prototype.controlsAreHidden):

2016-01-29  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] Store lines instead of tracks in GridResolvedPosition
        https://bugs.webkit.org/show_bug.cgi?id=153592

        Reviewed by Sergio Villar Senin.

        Due to the new feature that allows to create implicit tracks before the
        explicit ones, we will need to use lines instead of tracks in the
        code to be able to implement it properly.

        This is just a first simple patch using lines instead of tracks in
        GridResolvedPosition. It modifies the code that was using it, as it was
        considering that the resolvedFinalPosition was a track index and
        not a line index.

        So if we've an item positioned like:
          grid-column: 2 / 5;
          grid-row: 1 / span 2;

        Before we were storing this information on the GridSpan:
        * columns:
          * resolvedInitialPosition: 1
          * resolvedFinalPosition:  3
        * rows:
          * resolvedInitialPosition: 0
          * resolvedFinalPosition:  1

        And now we're storing:
        * columns:
          * resolvedInitialPosition: 1
          * resolvedFinalPosition:  4
        * rows:
          * resolvedInitialPosition: 0
          * resolvedFinalPosition:  2

        No new tests, no change of behavior.

        * css/CSSGridTemplateAreasValue.cpp:
        (WebCore::stringForPosition):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateAreasRow):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::ensureGridSize):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        * rendering/RenderGrid.h:
        * rendering/style/GridCoordinate.h:
        (WebCore::GridSpan::GridSpan):
        (WebCore::GridSpan::integerSpan):
        (WebCore::GridSpan::end):
        (WebCore::GridCoordinate::GridCoordinate):
        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveGridPositionAgainstOppositePosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
        (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
        * rendering/style/GridResolvedPosition.h:

2016-01-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: SQLite backend mismanages key generator values.
        https://bugs.webkit.org/show_bug.cgi?id=153625

        Reviewed by Andy Estes.

        No new tests (Many failing tests pass, a few get closer).

        There's mixed assumptions about whether the value stored is the current value or the next value.

        Fixing those assumptions fixes tests.
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::generateKeyNumber): Store/retrieve the correct value.
        (WebCore::IDBServer::SQLiteIDBBackingStore::revertGeneratedKeyNumber): Ditto.
        (WebCore::IDBServer::SQLiteIDBBackingStore::maybeUpdateKeyGeneratorNumber): Ditto.

2016-01-28  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: InspectorTimelineAgent doesn't need to recompile functions because it now uses the sampling profiler
        https://bugs.webkit.org/show_bug.cgi?id=153500
        <rdar://problem/24352458>

        Reviewed by Timothy Hatcher.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::supportsLegacyProfiling):
        (WebCore::JSDOMWindowBase::supportsRichSourceInfo):
        (WebCore::JSDOMWindowBase::supportsProfiling): Deleted.
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::supportsLegacyProfiling):
        (WebCore::JSWorkerGlobalScopeBase::supportsProfiling): Deleted.
        * bindings/js/JSWorkerGlobalScopeBase.h:
        * inspector/InspectorController.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::legacyProfilerEnabled):
        (WebCore::InspectorController::setLegacyProfilerEnabled):
        Be more explicit about enabling legacy profiling.

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
        (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend): Deleted.
        TimelineAgent doesn't need to recompile if using the sampling profiler.
        This breaks console.profile, but console.profile should move to using
        the sampling profiler as well.

        (WebCore::InspectorTimelineAgent::startFromConsole):
        (WebCore::InspectorTimelineAgent::stopFromConsole):
        (WebCore::startProfiling): Deleted.
        (WebCore::stopProfiling): Deleted.
        Inlined the use once static functions.

        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::profile):
        (WebCore::PageConsoleClient::profileEnd):
        Added FIXMEs for improving console.profile and profileEnd.

        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setLegacyJavaScriptProfilingEnabled):
        (WebCore::Internals::setJavaScriptProfilingEnabled): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:
        Be more explicit about enabling legacy profiling.

2016-01-28  Chris Dumez  <cdumez@apple.com>

        Move attributes to the prototype for List types / and types with indexed/named property getters
        https://bugs.webkit.org/show_bug.cgi?id=153599

        Reviewed by Darin Adler.

        Move attributes to the prototype for List types / and types with indexed/named property getters.

        We used to keep them on the instance because:
        1. Our GetOwnProperty lookup used to be in incorrect order for interfaces with indexed/named property getters.
        -> This was fixed recently and we now match the specification and other browsers.
        2. This used to regress performance when iterating over those list types
        -> Local testing seems to show that this is no longer a regression (tested Speedometer and various related Bindings PerformanceTests).

        No new tests, already covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstance): Deleted.
        (AttributeShouldBeOnInstanceForCompatibility): Deleted.

2016-01-28  Antti Koivisto  <antti@apple.com>

        Tab suspension code hits asserts
             

        Reviewed by Chris Dumez.

        Enabling tab suspension and navigating around in a few tabs hits an assert in
        ScriptExecutionContext::suspendActiveDOMObject. This is because suspend/resume reasons don't pair properly

        * dom/Document.cpp:
        (WebCore::Document::documentWillBecomeInactive):
        (WebCore::Document::suspend):
        (WebCore::Document::resume):

            Provide the reason as argument.

        * dom/Document.h:
        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::restore):

            No need to call resumeActiveDOMObjects/resumeScriptedAnimationControllerCallbacks explicitly as Document::resume does that.

        (WebCore::CachedFrame::CachedFrame):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):
        * page/Page.cpp:
        (WebCore::Page::canTabSuspend):
        (WebCore::Page::setIsTabSuspended):

2016-01-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix several more problems with object store changes during cursor iteration in SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153616

        Reviewed by Alex Christensen.

        No new tests (A few failing tests pass, a few get closer).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
        
        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::bindArguments):
        
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::iterateCursor):

2016-01-28  Daniel Bates  <dabates@apple.com>

        Cleanup: Make DedicatedWorkerThread::create() an inline template method
        https://bugs.webkit.org/show_bug.cgi?id=153612

        Reviewed by Andy Estes.

        Make use of variadic template arguments and std::forward() to forward the arguments passed
        from DedicatedWorkerThread::create() to DedicatedWorkerThread::DedicatedWorkerThread(). This
        removes the need to duplicate code whenever we modify the parameter types or number of
        parameters taken by DedicatedWorkerThread::DedicatedWorkerThread().

        * workers/DedicatedWorkerThread.cpp:
        (WebCore::DedicatedWorkerThread::create): Deleted.
        * workers/DedicatedWorkerThread.h: Reorganized listing of member functions such that we
        group the creation/constructor and destructor functions.
        (WebCore::DedicatedWorkerThread::create): Modified to be an inline template with variadic
        parameters that std::forward()s its arguments to DedicatedWorkerThread::DedicatedWorkerThread().

2016-01-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: SQLite backend doesn't handle mutation during cursor iteration.
        https://bugs.webkit.org/show_bug.cgi?id=153614

        Reviewed by Alex Christensen.

        No new tests (A few failing tests pass, a few get closer).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange): Call notifyCursorsOfChanges.
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord): Ditto.

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        (WebCore::IDBServer::SQLiteIDBCursor::~SQLiteIDBCursor):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:

        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::maybeOpenBackingStoreCursor): Remember these transient backing 
          store cursors so they can be notified of changes.
        (WebCore::IDBServer::SQLiteIDBTransaction::closeCursor): Handle removing the cursor from the right set.
        (WebCore::IDBServer::SQLiteIDBTransaction::notifyCursorsOfChanges):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:

2016-01-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: SQLite backend doesn't support deleting ranges with more than one key.
        https://bugs.webkit.org/show_bug.cgi?id=153604

        Reviewed by Andy Estes.

        No new tests (A few failing tests pass, a few get closer).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange):

2016-01-28  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build after r195774.

        * platform/network/ParsedContentRange.cpp:

2016-01-28  Anders Carlsson  <andersca@apple.com>

        Add an ArrayValue::get overload that returns a string
        https://bugs.webkit.org/show_bug.cgi?id=153613

        Reviewed by Tim Horton.

        * bindings/js/ArrayValue.cpp:
        (WebCore::ArrayValue::get):
        * bindings/js/ArrayValue.h:

2016-01-28  Chris Dumez  <cdumez@apple.com>

        EventHandler IDL attributes should be enumerable
        https://bugs.webkit.org/show_bug.cgi?id=153595

        Reviewed by Sam Weinig.

        Most of our EventHandler IDL attributes were marked as [NotEnumerable]
        but should not have been according to the specification:
        - https://html.spec.whatwg.org/#globaleventhandlers
        - https://html.spec.whatwg.org/#windoweventhandlers

        Firefox and Chrome behave according to the specification.
        This patch aligns our behavior.

        No new tests, already covered by existing tests.

        * dom/Document.idl:
        * dom/GlobalEventHandlers.idl:
        * page/WindowEventHandlers.idl:

2016-01-28  Jer Noble  <jer.noble@apple.com>

        Windows build fix; PRId64 formatting macro for int64_t undefined, so provide Windows-specific alternative.

        * platform/network/ParsedContentRange.cpp:

2016-01-28  ChangSeok Oh  <changseok.oh@collabora.com>

        [ThreadedCompositor] Fix flickers happening on video when entering/leaving fullscreen.
        https://bugs.webkit.org/show_bug.cgi?id=153585

        Reviewed by Michael Catanzaro.

        Video thumbnail flickers where threaded compositor is enabled. This is because
        a content buffer is not set to a target layer which changes before swapBuffer.
        This is a very rare case though, it happens where video size changes many times in a short period.

        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
        (WebCore::TextureMapperPlatformLayerProxy::activateOnCompositingThread):

2016-01-27  Jer Noble  <jer.noble@apple.com>

        Allow CachedResourceLoader clients to opt out of the MemoryCache.
        https://bugs.webkit.org/show_bug.cgi?id=153549

        Reviewed by Darin Adler.

        Add a flag to ResourceLoaderOptions which allow loader clients to opt out of having
        resources stored in the MemoryCache. 

        * loader/ResourceLoaderOptions.h:
        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
        (WebCore::ResourceLoaderOptions::cachingPolicy):

        Existing clients will have to add the (default) AllowCaching flag when they create a
        ResourceLoaderOptions object.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::start):
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
        (WebCore::ResourceLoaderOptions::setCachingPolicy):
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading):
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading):

        Every time the CachedResource or CachedResourceLoader accesses the MemoryCache, check
        to see whether the resource or the request have allowed caching before adding resources
        to, removing resources from, or sourcing resource data from the MemoryCache.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::~CachedResource):
        (WebCore::CachedResource::failBeforeStarting):
        (WebCore::CachedResource::addClientToSet):
        (WebCore::CachedResource::removeClient):
        (WebCore::CachedResource::setDecodedSize):
        (WebCore::CachedResource::setEncodedSize):
        (WebCore::CachedResource::didAccessDecodedData):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::allowsCaching):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::CachedResourceLoader::revalidateResource):
        (WebCore::CachedResourceLoader::loadResource):
        (WebCore::CachedResourceLoader::printPreloadStats):
        (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
        * loader/cache/CachedResourceRequest.h:
        (WebCore::CachedResourceRequest::allowsCaching):

2016-01-28  Enrica Casucci  <enrica@apple.com>

        Should avoid navigation for some data detector urls.
        https://bugs.webkit.org/show_bug.cgi?id=153600

        Reviewed by Tim Horton.

        Adding helper function to decide whether the default action should be performed.

        * editing/cocoa/DataDetection.h:
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::shouldCancelDefaultAction):

2016-01-28  Dave Hyatt  <hyatt@apple.com>

        Roll out r194555, as it introduced some bad regressions and was not
        correct.

        * rendering/RenderText.cpp:
        (WebCore::RenderText::computePreferredLogicalWidths):

2016-01-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: Index uniqueness broken in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153596

        Reviewed by Alex Christensen.

        No new tests (Many failing tests now pass, others improve).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedHasIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateOneIndexForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateAllIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateIndexesForAddRecord): Deleted.
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-01-08  Jer Noble  <jer.noble@apple.com>

        Custom protocol loading through AVFoundation does not support byte-range requests.
        https://bugs.webkit.org/show_bug.cgi?id=152919
        <rdar://problem/23664657>

        Reviewed by Alex Christensen.

        Tests: http/tests/xmlhttprequest/blob-request-byte-range.html
               TestWebkitAPI/Tests/WebCore/ParsedContentRange.cpp

        When loading data through the AVAssetResourceLoaderDelegateProtocol, AVFoundation will issue
        requests for specific byte-ranges by adding a "Range:" HTTP header to the NSURLRequest it
        passes to the delegate.  WebCore ignores this header, loads the entire resource, and replies
        to the callback with the requested subset of the entire resource.

        For byte-range requests near the end of a resource, this is inefficient, as the entire
        resource up to, and including, the requested range must be loaded before any data can be
        returned. Explicitly handle byte-range requests by creating a CachedResourceRequest with the
        underlying NSURLRequest (which includes the "Range:" header) rather than just the request's
        URL. BlobResourceHandle must be modified to add the "Content-Range:" response header to the
        ResourceResponse. 

        To facilitate both generating and parsing the "Content-Range:" header, add a new
        ParsedContentRange class for use by ResourceResponse and its clients. This class provides
        methods both for parsing a "Content-Range" header value string, and for generating the
        header value from elemental values.

        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading):
        (WebCore::WebCoreAVFResourceLoader::responseReceived):
        (WebCore::WebCoreAVFResourceLoader::fulfillRequestWithResource):
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::BlobResourceHandle):
        (WebCore::BlobResourceHandle::didGetSize):
        (WebCore::BlobResourceHandle::seek):
        (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
        * platform/network/BlobResourceHandle.h:
        * platform/network/HTTPHeaderNames.in:
        * platform/network/ParsedContentRange.cpp: Added.
        (WebCore::areContentRangeValuesValid):
        (WebCore::parseContentRange):
        (WebCore::ParsedContentRange::ParsedContentRange):
        (WebCore::ParsedContentRange::headerValue):
        * platform/network/ParsedContentRange.h: Added.
        (WebCore::ParsedContentRange::ParsedContentRange):
        (WebCore::ParsedContentRange::isValid):
        (WebCore::ParsedContentRange::firstBytePosition):
        (WebCore::ParsedContentRange::lastBytePosition):
        (WebCore::ParsedContentRange::instanceLength):
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::updateHeaderParsedState):
        (WebCore::parseContentRangeInHeader):
        (WebCore::ResourceResponseBase::contentRange):
        * platform/network/ResourceResponseBase.h:
        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:

2016-01-28  Chris Dumez  <cdumez@apple.com>

        Storage interface's attributes / operations should be enumerable
        https://bugs.webkit.org/show_bug.cgi?id=153573

        Reviewed by Darin Adler.

        Storage interface's attributes / operations should be enumerable:
        - https://html.spec.whatwg.org/#the-storage-interface

        Firefox matches the specification.

        No new tests, already covered by existing test.

        * storage/Storage.idl:

2016-01-26  Ada Chan  <adachan@apple.com>

        Get WebVideoFullscreenManager and related classes to also compile for Mac platform
        with video presentation mode support.
        https://bugs.webkit.org/show_bug.cgi?id=153221

        Reviewed by Eric Carlson.

        No new tests, no actual behavior change with a stub implementation of WebVideoFullscreenInterfaceMac.

        * WebCore.xcodeproj/project.pbxproj:
        Add PlatformView.h, WebVideoFullscreenChangeObserver.h, and WebVideoFullscreenInterfaceMac.h.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::mediaPlayerEngineUpdated):
        (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
        * html/HTMLMediaElement.h:
        Enable the code that deals with the video fullscreen layer also for Mac platform with
        video presentation mode support.

        * platform/cocoa/PlatformView.h:
        Header file for declaring the view types for each Cocoa platform.

        * platform/cocoa/WebVideoFullscreenChangeObserver.h:
        (WebCore::WebVideoFullscreenChangeObserver::~WebVideoFullscreenChangeObserver):
        Interface declaration moved from WebVideoFullscreenInterfaceAVKit.h.

        * platform/cocoa/WebVideoFullscreenInterface.h:
        Stop guarding the declaration of WebVideoFullscreenInterface to be iOS specific. It is now
        enabled for iOS and Mac platform with video presentation mode support.

        * platform/cocoa/WebVideoFullscreenModel.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h:
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
        Enable also for Mac platform with video presentation mode support.
        (WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer):
        Set the video fullscreen layer's anchor point to (0, 0) since we are not changing the position of
        the video layer on Mac.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        Import WebVideoFullscreenChangeObserver.h now that the interface declaration has been moved to that file.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Move the declaration of WebVideoFullscreenChangeObserver to a separate header.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        Import WebVideoFullscreenChangeObserver.h now that the interface declaration has been moved to that file.

        * platform/mac/WebVideoFullscreenInterfaceMac.h: Added.
        * platform/mac/WebVideoFullscreenInterfaceMac.mm:
        (WebCore::WebVideoFullscreenInterfaceMac::~WebVideoFullscreenInterfaceMac):
        (WebCore::WebVideoFullscreenInterfaceMac::setWebVideoFullscreenModel):
        (WebCore::WebVideoFullscreenInterfaceMac::setWebVideoFullscreenChangeObserver):
        (WebCore::WebVideoFullscreenInterfaceMac::resetMediaState):
        (WebCore::WebVideoFullscreenInterfaceMac::setDuration):
        (WebCore::WebVideoFullscreenInterfaceMac::setCurrentTime):
        (WebCore::WebVideoFullscreenInterfaceMac::setBufferedTime):
        (WebCore::WebVideoFullscreenInterfaceMac::setRate):
        (WebCore::WebVideoFullscreenInterfaceMac::setVideoDimensions):
        (WebCore::WebVideoFullscreenInterfaceMac::setSeekableRanges):
        (WebCore::WebVideoFullscreenInterfaceMac::setCanPlayFastReverse):
        (WebCore::WebVideoFullscreenInterfaceMac::setAudioMediaSelectionOptions):
        (WebCore::WebVideoFullscreenInterfaceMac::setLegibleMediaSelectionOptions):
        (WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback):
        (WebCore::WebVideoFullscreenInterfaceMac::setWirelessVideoPlaybackDisabled):
        (WebCore::WebVideoFullscreenInterfaceMac::setupFullscreen):
        (WebCore::WebVideoFullscreenInterfaceMac::enterFullscreen):
        (WebCore::WebVideoFullscreenInterfaceMac::exitFullscreen):
        (WebCore::WebVideoFullscreenInterfaceMac::cleanupFullscreen):
        (WebCore::WebVideoFullscreenInterfaceMac::invalidate):
        (WebCore::WebVideoFullscreenInterfaceMac::requestHideAndExitFullscreen):
        (WebCore::WebVideoFullscreenInterfaceMac::preparedToReturnToInline):
        (WebCore::WebVideoFullscreenInterfaceMac::setMode):
        (WebCore::WebVideoFullscreenInterfaceMac::clearMode):
        (WebCore::WebVideoFullscreenInterfaceMac::mayAutomaticallyShowVideoPictureInPicture):
        (WebCore::WebVideoFullscreenInterfaceMac::applicationDidBecomeActive):
        (WebCore::supportsPictureInPicture):
        Add a stub implementation of WebVideoFullscreenInterfaceMac.

2016-01-28  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        [SVG] Add support for 'lighter' operator in feComposite
        https://bugs.webkit.org/show_bug.cgi?id=141376

        Reviewed by Darin Adler.

        Added new cases where needed to support the lighter (aka 'plus')
        Porter Duff operator in SVG Filter Effects.
        https://www.w3.org/TR/filter-effects/#valdef-operator-lighter
        Note that in the specification, no constant was added to the IDL for
        the lighter operator. 

        Test: svg/filters/feCompositeOpaque.html
              svg/dom/script-tests/SVGAnimatedEnumeration-SVGFECompositeElement.js

        * platform/graphics/filters/FEComposite.cpp:
        (WebCore::FEComposite::platformApplySoftware):
          Add case to support lighter.
        (WebCore::operator<<):
          Add case to support lighter for text stream operations.
        * platform/graphics/filters/FEComposite.h:
          Add case for lighter to CompositeOperationType enum.
        * svg/SVGFECompositeElement.h:
        (WebCore::SVGIDLEnumLimits<CompositeOperationType>::highestExposedEnumValue):
          Higest exposed value is arithmetic - do not expose lighter.
        (WebCore::SVGPropertyTraits<CompositeOperationType>::highestEnumValue):
          Highest possible value is now lighter.
        (WebCore::SVGPropertyTraits<CompositeOperationType>::toString):
          Add case to support lighter.
        (WebCore::SVGPropertyTraits<CompositeOperationType>::fromString):
          Add case to support lighter.

2016-01-28  Darin Adler  <darin@apple.com>

        Remove equalIgnoringCase since all callers really wanted equalIgnoringASCIICase
        https://bugs.webkit.org/show_bug.cgi?id=153411

        Reviewed by Ryosuke Niwa.

        Tests: fast/media/media-query-non-ASCII-case-folding.html
               fast/dom/HTMLAnchorElement/anchor-non-ASCII-case-folding.html
               fast/xpath/xpath-non-ASCII-case-folding.html

        No tests included that cover the minor behavior changes in Document::setDomain,
        CSPSource::schemeMatches, CSPSource::hostMatches, OriginAccessEntry::operator==,
        UserContentURLPattern::matches, UserContentURLPattern::matchesHost,
        ContentFilterUnblockHandler::canHandleRequest. Would like to add tests for those
        if possible, but it seems clear all are progressions.

        For background on why this is the right thing to do in almost every case:

        - MIME types are all ASCII and not case sensitive (details in RFC 2045)
          <http://tools.ietf.org/html/rfc2045>
        - case insensitive comparisons in HTML are all "ASCII case-insensitive"
          https://www.w3.org/TR/html/infrastructure.html#ascii-case-insensitive
        - same for CSS

        * Modules/webdatabase/DatabaseAuthorizer.cpp:
        (WebCore::DatabaseAuthorizer::denyBasedOnTableName): Use equalIgnoringASCIICase.
        No change in behavior since the string we are comparing with is always
        "__WebKitDatabaseInfoTable__" in practice.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::siblingWithAriaRole): Changed argument type to take a const char*,
        added some FIXMEs and use equalIgnoringCase. No change in behavior since the
        strings we are comparing with are "menu" and "menuitem".
        (WebCore::AccessibilityNodeObject::menuElementForMenuButton): Updated to pass
        arguments in reverse order.
        (WebCore::AccessibilityNodeObject::menuItemElementForMenu): Ditto.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceValue): Use equalIgnoringASCIICase.
        No change in behavior because the property names are all ASCII constants.

        * css/CSSParserValues.h: Removed unused equalIgnoringCase function.

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::mediaTypeMatch): Use equalIgnoringASCIICase.
        Changes behavior: No non-ASCII case folding when matching media types.
        Covered by new test.
        (WebCore::MediaQueryEvaluator::mediaTypeMatchSpecific): Use equalIgnoringASCIICase.
        No change in behavior since the only string this is ever called with is "print".

        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::hasFileOfType): Use equalIgnoringASCIICase.
        No change in behavior because local files will not have content types with
        non-ASCII characters in them. In the extremely unlikely case that this is incorrect,
        the change in behavior is a progression.

        * dom/Document.cpp:
        (WebCore::Document::setDomain): Use equalIgnoringASCIICase.
        Changes behavior: Domains considered equal because of non-ASCII case folding
        would get through without an error before, and now will properly throw an exception.

        * dom/Element.cpp:
        (WebCore::isStyleAttribute): Refactored into a helper function. Use
        equalLettersIgnoringASCIICase. No change in behavior.
        (WebCore::Element::synchronizeAttribute): Use isStyleAttribute.

        * dom/TreeScope.cpp:
        (WebCore::TreeScope::findAnchor): Use equalIgnoringASCIICase.
        Changes behavior: Could go to an anchor and it would be considered a match because
        of non-ASCII case folding. Covered by new test.

        * html/HiddenInputType.cpp:
        (WebCore::HiddenInputType::appendFormData): Use equalIgnoringASCIICase.
        No change in behavior: comparing with an ASCII literal.
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getExtension): Ditto.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension): Ditto.

        * html/parser/CSSPreloadScanner.cpp:
        (WebCore::CSSPreloadScanner::emitRule): Use equalLettersIgnoringASCIICase and
        StringView to avoid needing a special ruleEqualIgnoringCase function.
        No change in behavior.

        * inspector/InspectorNodeFinder.cpp:
        (WebCore::InspectorNodeFinder::matchesElement): Use equalIgnoringASCIICase.
        Changes behavior, but it's an inspector UI thing, not a web behavior thing,
        so I don't think a new regression test is needed.

        * loader/HistoryController.cpp:
        (WebCore::HistoryController::currentItemShouldBeReplaced): Use
        equalIgnoringASCIICase. No change in behavior because we are comparing
        with "about:blank".

        * loader/SubframeLoader.cpp:
        (WebCore::findPluginMIMETypeFromURL): Use equalIgnoringASCIICase.
        No change in behavior unless a plug-in claims an extension with non-ASCII
        characters. I don't think a new regression test is needed.

        * loader/appcache/ApplicationCacheHost.cpp:
        (WebCore::ApplicationCacheHost::shouldLoadResourceFromApplicationCache):
        Use equalIgnoringASCIICase. No change in behavior because both strings are
        protocols from URLs and we don't parse non-ASCII characters into protocol strings;
        non-ASCII are already encoding as punycode.
        * loader/appcache/ManifestParser.cpp:
        (WebCore::parseManifest): Ditto.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::isExperimentalDirectiveName): Added. Used by isDirectiveName.
        Uses equalLettersIgnoringASCIICase. No change in behavior.
        (WebCore::isDirectiveName): Use equalLettersIgnoringASCIICase.
        No change in behavior.
        (WebCore::isSourceListNone): Use equalLettersIgnoringASCIICase. No
        change in behavior.
        (WebCore::CSPSource::schemeMatches): Use equalLettersIgnoringASCIICase
        and equalIgnoringASCIICase. It's all about comparing URL protocols. The
        old code might have done something strange if someone specified a protocol
        with a non-ASCII character in it.
        (WebCore::CSPSource::hostMatches): Use equalIgnoringASCIICase.
        (WebCore::CSPSourceList::parseSource): Use equalLettersIgnoringASCIICase.
        No change in behavior.
        (WebCore::CSPDirectiveList::checkSourceAndReportViolation): Tweaked code
        to do less unnecessary String allocation.
        (WebCore::CSPDirectiveList::parseReflectedXSS): Use
        equalLettersIgnoringASCIICase. No change in behavior.
        (WebCore::CSPDirectiveList::addDirective): Ditto.
        (WebCore::ContentSecurityPolicy::reportUnsupportedDirective): Use
        equalLettersIgnoringASCIICase and remove unneeded global constant strings.
        No change in behavior.
        (WebCore::ContentSecurityPolicy::reportDirectiveAsSourceExpression):
        Tweak code to eliminate unneeded local.
        (WebCore::ContentSecurityPolicy::reportDuplicateDirective): Ditto.
        (WebCore::ContentSecurityPolicy::reportInvalidSourceExpression): Use
        equalLettersIgnoringASCIICase. No change in behavior.

        * page/OriginAccessEntry.h:
        (WebCore::operator==): Use equalLettersIgnoringASCIICase.

        * page/Performance.cpp:
        (WebCore::Performance::webkitGetEntriesByName): Use equalLettersIgnoringASCIICase.
        No change in behavior.

        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::matches): Use equalIgnoringASCIICase to match
        schemes.
        (WebCore::UserContentURLPattern::matchesHost): Use equalIgnoringASCIICase to
        match host names.

        * platform/URL.cpp:
        (WebCore::URL::init): Use equalIgnoringASCIICase, and also use StringView to
        avoid having to allocate a second string just for comparison purposes. Should be
        better for efficiency with no change in behavior.

        * platform/cocoa/ContentFilterUnblockHandlerCocoa.mm:
        (WebCore::ContentFilterUnblockHandler::canHandleRequest): Use equalIgnoringASCIICase
        to compare hosts.

        * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
        (WebCore::PlatformSpeechSynthesisProviderEfl::voiceName): Use StringView and
        equalIgnoringASCIICase to compare language tags. No test needed because there are
        no language tags with non-ASCII characters in them.

        * platform/graphics/FontCache.cpp:
        (WebCore::FontPlatformDataCacheKey::operator==): Changed to use the equal
        function from CaseFoldingHash. In a subsequent patch we will change this to be
        ASCIICaseFoldingHash since font names don't need to compare non-ASCII characters
        in a case folding manner, but for now preserve behavior.
        (WebCore::alternateFamilyName): Use equalLettersIgnoringASCIICase to avoid having
        to use a special familyNameEqualIgnoringCase function. This does mean there will
        be a null check and a length check that wasn't there before, but the actual
        comparison function will be tighter. Guessing it will be a wash. Also improved
        the comments and sorted the Windows cases in with the others. No behavior change.

        * platform/graphics/FontCascade.cpp:
        (WebCore::operator==): Changed to use the equal function from CaseFoldingHash.
        Same rationale as above in FontPlatformDataCacheKey.

        * platform/graphics/FontDescription.cpp:
        (WebCore::FontCascadeDescription::familiesEqualForTextAutoSizing): Use
        equalIgnoringASCIICase to compare font family names. Only possible change in
        behavior would be if actual fonts with non-ASCII names but that were specified
        with different case in style sheets. Highly unlikely this exists.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::supportsType): Use equalLettersIgnoringASCIICase.
        No change in behavior.
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::keySystemIsSupported): Ditto.

        * platform/graphics/freetype/FontCacheFreeType.cpp:
        (WebCore::isCommonlyUsedGenericFamily): Added.
        (WebCore::FontCache::createFontPlatformData): Moved code into the
        isCommonlyUsedGenericFamily helper and used equalIgnoringASCIICase.

        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat): Use
        equalLettersIgnoringASCIICase. No change in behavior.
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::adjustedGDIFontWeight): Ditto.
        (WebCore::FontCache::createFontPlatformData): Ditto.
        * platform/graphics/win/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat): Ditto.
        * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat): Ditto.

        * platform/mac/PlatformSpeechSynthesizerMac.mm:
        (-[WebSpeechSynthesisWrapper speakUtterance:]): Use equalIgnoringASCIICase to
        compare languages. No change in behavior because languages have all-ASCII names.

        * platform/network/CacheValidation.cpp:
        (WebCore::shouldUpdateHeaderAfterRevalidation): Use equalIgnoringASCIICase.
        No change in behavior since it's a fixed list of all ASCII headers.
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::isAppendableHeader): Ditto.

        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::willSendRequest): Use equalIgnoringASCIICase.
        No change in behavior because HTTP methods are all ASCII letters.

        * platform/text/mac/LocaleMac.mm:
        (WebCore::determineLocale): Use equalIgnoringASCIICase. No change in behavior
        because locale languages identifiers are all ASCII.
        * platform/text/win/LocaleWin.cpp:
        (WebCore::LCIDFromLocaleInternal): Ditto.

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
        Use equalIgnoringASCIICase. No change in behavior because Arabic form attribute
        values are all ASCII.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::uppercaseKnownHTTPMethod): Use equalIgnoringASCIICase.
        No change in behavior because these are all fixed known ASCII HTTP method names.

        * xml/XPathFunctions.cpp:
        (WebCore::XPath::FunLang::evaluate): Use equalIgnoringASCIICase. Changes behavior
        if specifying a non-ASCII character. Covered by new test.

        * xml/XPathStep.cpp:
        (WebCore::XPath::nodeMatchesBasicTest): Use equalIgnoringASCIICase. Changes
        behavior if an element local name or XPath predicate has a non-ASCII character.
        Covered by new test.

2016-01-28  Zalan Bujtas  <zalan@apple.com>

        Unexpected content wrapping at http://email.osh.com/H/2/v100000152474feb8ec7c1a1f4bbe5c7c0/HTML
        https://bugs.webkit.org/show_bug.cgi?id=153430

        Reviewed by Simon Fraser.

        Ensure that min/max preferred and computed widths never shrink while converting LayoutUnit to float and back.

        Test: fast/table/fixed-size-table-with-fixed-size-content.html

        * rendering/AutoTableLayout.cpp:
        (WebCore::AutoTableLayout::recalcColumn):
        (WebCore::AutoTableLayout::calcEffectiveLogicalWidth):
        (WebCore::AutoTableLayout::layout):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computePreferredLogicalWidths): Deleted.

2016-01-28  Gwang Yoon Hwang  <yoon@igalia.com>

        [GStreamer] Clean up includes and headers related with GStreamerGL
        https://bugs.webkit.org/show_bug.cgi?id=153590

        Reviewed by Philippe Normand.

        Remove gstglmemory from the including list and reorder includes to
        organize GSTREAMER_GL related headers. It violates style rules of the
        include order, but there is no clean way to include gst/gl/gl.h
        without violating it.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

2016-01-28  Gwang Yoon Hwang  <yoon@igalia.com>

        [GStreamer] MediaPlayerPrivateGStreamerBase::handleSyncMessage leaks GstContext
        https://bugs.webkit.org/show_bug.cgi?id=153580

        Reviewed by Philippe Normand.

        When we creates GstContext using gst_context_new it increases refcount itself.
        And the refcount of GstContext is increased when it is passed to
        gst_element_set_context, also. Therefore We should unref GstContext after
        using it to prevent GstContext leaks.

        * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
        (WTF::adoptGRef): Added for GstContext.
        (WTF::refGPtr<GstContext>): Ditto
        (WTF::derefGPtr<GstContext>): Ditto
        * platform/graphics/gstreamer/GRefPtrGStreamer.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::handleSyncMessage):
        Use GRefPtr<GstContext> to handle currect refcounting

2016-01-27  Alex Christensen  <achristensen@webkit.org>

        Fix clean CMake build after r195711.

        * PlatformWin.cmake:
        Copy forwarding headers from the new directory to find ContentSecurityPolicy.h.
        This should fix EWS issues like the one seen in bug 153573.

2016-01-27  Chris Dumez  <cdumez@apple.com>

        Expose ValidityState on the global Window object
        https://bugs.webkit.org/show_bug.cgi?id=153582

        Reviewed by Antti Koivisto.

        Expose ValidityState on the global Window object:
        https://html.spec.whatwg.org/#validitystate

        Firefox and Chrome match the specification.

        No new tests, already covered by existing tests.

        * html/ValidityState.idl:

2016-01-27  Chris Dumez  <cdumez@apple.com>

        Expose ApplicationCache on the global Window object
        https://bugs.webkit.org/show_bug.cgi?id=153578

        Reviewed by Antti Koivisto.

        Expose ApplicationCache on the global Window object as per:
        https://html.spec.whatwg.org/#the-storage-interface

        Chrome follows the spec.

        No new tests, already covered by existing test.

        * loader/appcache/DOMApplicationCache.idl:

2016-01-27  Ryosuke Niwa  <rniwa@webkit.org>

        REGRESSION(r190430): Assertion failure in Text::~Text()
        https://bugs.webkit.org/show_bug.cgi?id=153577

        Reviewed by Antti Koivisto.

        The bug was caused by destroyRenderTreeIfNeeded exiting early on all HTMLSlotElement as it lacks a render object.
        Fixed it by explicitly avoiding the early return when child is a HTMLSlotElement.

        Test: fast/shadow-dom/slot-removal-crash-2.html

        * dom/ContainerNode.cpp:
        (WebCore::destroyRenderTreeIfNeeded):

2016-01-27  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Garbage is displayed when root svg element has mix-blend-mode set
        https://bugs.webkit.org/show_bug.cgi?id=150556

        Reviewed by Darin Adler.

        This bug happens when compositing on a CALayer and drawing on a transparent
        layer, so it happens with WK2 with <svg style="mix-blend-mode...">. And it
        can happen with WK1 also with <svg style="opacity=...;mix-blend-mode...">.
        But in both cases, the SVG root renderer should be the root of the render
        tree. So it happens only with the stand alone SVG documents.

        SVGRenderContext::prepareToRenderSVGContent() ignores the opacity of
        the SVG root but it creates a transparent layer for the blend-mode.

        But RenderLayer::beginTransparencyLayers() creates a transparent layer
        for opacity and it sets the blend-mode also.

        The fix is to begin two transparent layers for the SVG root renderer: one
        for the opacity and the second for the blend-mode. The opacity transparent
        layer will be still managed by RenderLayer::beginTransparencyLayers(). While
        the blend-mode transparent layer will be managed by SVGRenderContext
        ::prepareToRenderSVGContent().

        Tests: svg/css/mix-blend-mode-background-root.svg
               svg/css/mix-blend-mode-opacity-root.svg

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::beginTransparencyLayers):

2016-01-27  Enrica Casucci  <enrica@apple.com>

        Cache results of data detection in the UI process when load completes.
        https://bugs.webkit.org/show_bug.cgi?id=153560

        Reviewed by Tim Horton.

        Adding new FrameLoaderClient method to notify that data
        detection is complete and provide the results.

        * loader/EmptyClients.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        * loader/FrameLoaderClient.h:

2016-01-27  Daniel Bates  <dabates@apple.com>

        Move ContentSecurityPolicy.{cpp, h} to its own directory
        https://bugs.webkit.org/show_bug.cgi?id=153527
        <rdar://problem/24359892>

        Reviewed by Sam Weinig.

        Move ContentSecurityPolicy.{cpp, h} from Source/WebCore/page to Source/WebCore/page/csp.
        This will facilitate separating out the policy support classes (e.g. CSPDirectiveList)
        into their own files to improve the hackability of this code.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * page/csp/ContentSecurityPolicy.cpp: Renamed from Source/WebCore/page/ContentSecurityPolicy.cpp.
        * page/csp/ContentSecurityPolicy.h: Renamed from Source/WebCore/page/ContentSecurityPolicy.h.

2016-01-27  Brady Eidson  <beidson@apple.com>

        Modern IDB: Incorrect handling of iterating cursors to their end.
        https://bugs.webkit.org/show_bug.cgi?id=153569

        Reviewed by Alex Christensen.

        No new tests (3 tests now pass, others are closer to passing).

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::advance):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

2016-01-27  Nan Wang  <n_wang@apple.com>

        AX: Crash in AccessibilityTableColumn::headerObject
        https://bugs.webkit.org/show_bug.cgi?id=153553
        <rdar://problem/23196278>

        Reviewed by Chris Fleizach.

        Webkit was crashing sometimes when we asked for column headers of a table.
        The columns vector of the table was reset during the iteration when we
        were asking for the headerObject of each column. The column's addChildren()
        function calls elementRect() for each child cell and that sometimes causes 
        the parent table to reset its children.
        Fixed it by caching the columns vector and moving out the elementRect() logic
        from AccessibilityTalbeColumn::addChildren().  

        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::columnHeaders):
        (WebCore::AccessibilityTable::rowHeaders):
        * accessibility/AccessibilityTableColumn.cpp:
        (WebCore::AccessibilityTableColumn::elementRect):
        (WebCore::AccessibilityTableColumn::headerObject):
        (WebCore::AccessibilityTableColumn::addChildren):
        * accessibility/AccessibilityTableColumn.h:

2016-01-27  Chris Dumez  <cdumez@apple.com>

        Settings a reflected DOMString attribute to null should set it to the "null" string rather than the empty string
        https://bugs.webkit.org/show_bug.cgi?id=153504
        <rdar://problem/24353072>

        Reviewed by Ryosuke Niwa.

        Settings a reflected DOMString attribute to null should set it to the "null"
        string rather than the empty string:
        - https://html.spec.whatwg.org/#reflecting-content-attributes-in-idl-attributes
        - http://heycam.github.io/webidl/#es-DOMString
        - http://people.mozilla.org/~jorendorff/es6-draft.html#sec-tostring

        Firefox and Chrome match the specification here.

        This is causing a lot of W3C HTML reflection tests to fail on WebKit, e.g.:
        - http://w3c-test.org/html/dom/reflection-text.html

        No new tests, already covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (JSValueToNative):
        Call toString() instead of valueToStringWithNullCheck() for reflected
        attributes. This way, null gets converted to the string "null", as
        expected, instead of a null String object.

        * html/HTMLInputElement.idl:
        Dropping [TreatNullAs=NullString] IDL extended attribute for
        input.defaultValue, as this is not present in the specification:
        - https://html.spec.whatwg.org/#htmlinputelement

        Without this change, assigning null to input.defaultValue would not
        set to to the "null" string, as is expected.

        * html/HTMLTextAreaElement.idl:
        Dropping [TreatNullAs=NullString] IDL extended attribute for
        textArea.defaultValue, as this is not present in the specification:
        - https://html.spec.whatwg.org/#htmltextareaelement

        Without this change, assigning null to textArea.defaultValue would not
        set to to the "null" string, as is expected.

        * html/HTMLTitleElement.idl:
        Dropping [TreatNullAs=NullString] IDL extended attribute for
        title.text, as this is not present in the specification:
        - https://html.spec.whatwg.org/#htmltitleelement

        Without this change, assigning null to title.text would not
        set to to the "null" string, as is expected.

2016-01-27  Simon Fraser  <simon.fraser@apple.com>

        Support CSS3 Images values for the image-rendering property
        https://bugs.webkit.org/show_bug.cgi?id=153556

        Reviewed by Dean Jackson.

        CSS3 Images has the following values for image-rendering:
            auto, crisp-edges, pixelated

        The old code supported:
            optimizeSpeed, optimizeQuality, -webkit-crisp-edges, -webkit-optimize-contrast

        Add support for the new values without prefixes. Map -webkit-crisp-edges to crisp-edges,
        and -webkit-optimize-contrast to crisp-edges. Support pixelated which behaves like 
        crisp-edges (a low quality scale).

        The spec says that optimizeQuality should behave like 'auto', but that would be
        a behavior change since ImageQualityController::shouldPaintAtLowQuality() currently
        uses it as a trigger to avoid low quality scaling, so don't change that for now.

        No new tests, covered by fast/css/script-tests/image-rendering-parsing.js

        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator EImageRendering):
        * css/CSSValueKeywords.in:
        * rendering/ImageQualityController.cpp:
        (WebCore::ImageQualityController::shouldPaintAtLowQuality):
        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::paintReplaced):
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleRareInheritedData.h: Need another bit.

2016-01-27  Anders Carlsson  <andersca@apple.com>

        Add WebKitAdditions extension points to WebCore, WebKit and WebKitLegacy
        https://bugs.webkit.org/show_bug.cgi?id=153550

        Reviewed by Sam Weinig.

        * DerivedSources.make:
        Add the ability for WebKitAdditions to add events and event targets.

        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/scripts/InFilesCompiler.pm:
        (initializeFromCommandLine):
        (compile):
        Handle multiple --input parameters.

        * dom/EventNames.h:
        Handle adding more event names.

        * loader/EmptyClients.cpp:
        (WebCore::fillWithEmptyClients):
        * page/MainFrame.cpp:
        (WebCore::MainFrame::MainFrame):
        * page/MainFrame.h:
        * page/PageConfiguration.h:
        Add extension points.

        * platform/cocoa/WebKitAdditions.mm: Added.
        Import additions.

2016-01-27  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix many Index tests.
        https://bugs.webkit.org/show_bug.cgi?id=153561

        Reviewed by Alex Christensen.

        No new tests (Many failing tests now pass).

        * Modules/indexeddb/server/MemoryIndex.cpp:
        (WebCore::IDBServer::MemoryIndex::getResultForKeyRange):
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):
        
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        (WebCore::IDBServer::SQLiteIDBCursor::didComplete):

2016-01-27  Brady Eidson  <beidson@apple.com>

        Modern IDB: Cursors are utterly broken in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153558

        Reviewed by Alex Christensen.

        No new tests (35 failures now pass, others improve).

        - Fixes incorrect usage of Index cursors when ObjectStore cursors are intended.
        - Improves the state of getting the cursor value vs. reaching the end of a cursor.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::openCursor):
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        (WebCore::IDBServer::SQLiteIDBCursor::currentData):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:

2016-01-27  Chris Dumez  <cdumez@apple.com>

        Getting / Setting property on prototype object must throw TypeError
        https://bugs.webkit.org/show_bug.cgi?id=153547
        <rdar://problem/24370650>

        Reviewed by Ryosuke Niwa.

        Gettingi / Setting property on prototype object must throw TypeError as per
        Web IDL specification:
        http://heycam.github.io/webidl/#dfn-attribute-getter (Step 2.4.2)
        http://heycam.github.io/webidl/#dfn-attribute-setter (Step 3.5)

        Firefox and Chrome already throw a TypeError in this case, as per
        the specification. However, WebKit was returning null and merely
        logging a deprecation error message. This patch aligns our behavior
        with other browsers and the specification.

        This patch also adds support for the [LenientThis] IDL extended
        attribute:
        http://heycam.github.io/webidl/#LenientThis

        For [LenientThis] attributes, we do not throw a TypeError if the
        attribute getter / setter is called on an object which does not
        implement the expected interface, as per:
        http://heycam.github.io/webidl/#dfn-attribute-getter (Step 2.4.1)
        http://heycam.github.io/webidl/#dfn-attribute-setter (Step 3.5)

        No new tests, already covered by existing tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        Add support for [LenientThis]:
        http://heycam.github.io/webidl/#LenientThis

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestNode.cpp:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        * bindings/scripts/test/JS/JSattribute.cpp:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        Rebaseline bindings tests.

        * bindings/scripts/test/TestObj.idl:
        Add coverage for [LenientThis] attributes.

        * dom/Document.idl:
        Mark 'onreadystatechange' as [LenientThis] as per the HTML
        specification:
        https://html.spec.whatwg.org/#document

        * dom/GlobalEventHandlers.idl:
        Mark 'onmouseeneter' / 'onmouseleave' as [LenientThis] as per the
        HTML specification:
        https://html.spec.whatwg.org/#globaleventhandlers

2016-01-27  Chris Dumez  <cdumez@apple.com>

        window.atob() should ignore spaces in input
        https://bugs.webkit.org/show_bug.cgi?id=153522
        <rdar://problem/24357822>

        Reviewed by Benjamin Poulain.

        window.atob() should ignore spaces in input as per:
        - https://html.spec.whatwg.org/#dom-windowbase64-atob (Step 3)

        Previously, WebKit would throw an exception and it was the only browser
        to do so. Firefox and Chrome behavior according to the specification.

        This was causing us to fail 10 checks in the following W3C HTML test:
        http://w3c-test.org/html/webappapis/atob/base64.html

        No new tests, updated existing test.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::atob):
        * page/Page.cpp:
        (WebCore::Page::userStyleSheetLocationChanged):
        * platform/network/DataURL.cpp:
        (WebCore::handleDataURL):
        * platform/network/DataURLDecoder.cpp:
        (WebCore::DataURLDecoder::decodeBase64):

2016-01-27  Ada Chan  <adachan@apple.com>

        Move some logic related to the presentation mode button from mediaControlsiOS.js to mediaControlsApple.js
        https://bugs.webkit.org/show_bug.cgi?id=153476

        Reviewed by Eric Carlson.

        Also, add the necessary styles to support that control in mediaControlsApple.css.

        * Modules/mediacontrols/mediaControlsApple.css:
        (video::-webkit-media-controls-panel.picture-in-picture):
        (audio::-webkit-media-controls-wireless-playback-status.picture-in-picture):
        (audio::-webkit-media-controls-wireless-playback-text-top.picture-in-picture):
        (audio::-webkit-media-controls-wireless-playback-text-bottom.picture-in-picture):
        (video::-webkit-media-controls-panel .picture-in-picture-button):
        Use the same mask image as iOS, but with a different size and a background color specified
        (since there's another rule that makes buttons within the panel have a transparent
        background color).
        (video::-webkit-media-controls-panel .picture-in-picture-button.return-from-picture-in-picture):

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.addVideoListeners):
        (Controller.prototype.removeVideoListeners):
        Listen for (and stop listening for) the webkitpresentationmodechanged event if presentation
        mode is supported for this video element.
        (Controller.prototype.createControls):
        Add a class name to the pictureInPictureButton so we can query for it in the stylesheet.
        (Controller.prototype.configureInlineControls):
        Call updatePictureInPictureButton().
        (Controller.prototype.presentationMode):
        Moved from mediaControlsiOS.js.
        (Controller.prototype.isFullScreen):
        Ditto, with a bug fix to not call presentationMode(), since that method calls isFullScreen(),
        resulting in infinite recursion.
        (Controller.prototype.updatePictureInPictureButton):
        Ditto.
        (Controller.prototype.handlePresentationModeChange):
        Ditto.
        (Controller.prototype.handleFullscreenChange):
        Call handlePresentationModeChanged() if presentation mode is supported for this video element.
        (Controller.prototype.controlsAlwaysVisible):
        Ditto.
        (Controller.prototype.handlePictureInPictureButtonClicked):
        Ditto.
        * Modules/mediacontrols/mediaControlsiOS.js:
        (ControllerIOS.prototype.handlePresentationModeChange):
        Most logic has been moved to the same method in mediaControlsApple.js, except
        updating the style of the panelContainer, which doesn't exist in the Mac controls.
        (ControllerIOS.prototype.addVideoListeners): Deleted.
        (ControllerIOS.prototype.removeVideoListeners): Deleted.
        (ControllerIOS.prototype.presentationMode): Deleted.
        (ControllerIOS.prototype.isFullScreen): Deleted.
        (ControllerIOS.prototype.handlePictureInPictureButtonClicked): Deleted.
        (ControllerIOS.prototype.updatePictureInPictureButton): Deleted.
        (ControllerIOS.prototype.handleFullscreenChange): Deleted.
        (ControllerIOS.prototype.controlsAlwaysVisible): Deleted.
        Delete all code that's already handled in the Controller.

2016-01-26  Ada Chan  <adachan@apple.com>

        Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaSourceAVFObjC
        also on Mac platform with video presentation mode support.
        https://bugs.webkit.org/show_bug.cgi?id=153223

        Reviewed by Jer Noble.

        Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
        layer and the inline layer depending on the current presentation mode.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::MediaPlayerPrivateMediaSourceAVFObjC):
        Create m_videoFullscreenLayerManager.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::platformLayer):
        Return the video inline layer from the VideoFullscreenLayerManager.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer):
        Call VideoFullscreenLayerManager::setVideoLayer() with the m_sampleBufferDisplayLayer.
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::removeDisplayLayer):
        Call VideoFullscreenLayerManager::didDestroyVideoLayer().
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
        Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenFrame):
        Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

2016-01-27  Brady Eidson  <beidson@apple.com>

        Modern IDB: SQLite backend doesn't update index records as object records are added.
        https://bugs.webkit.org/show_bug.cgi?id=153548

        Reviewed by Alex Christensen.

        No new tests (4 more tests pass, others improve).

        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::initializeVM):
        (WebCore::IDBServer::SQLiteIDBBackingStore::vm):
        (WebCore::IDBServer::SQLiteIDBBackingStore::globalObject):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexKey):
        (WebCore::IDBServer::SQLiteIDBBackingStore::updateIndexesForAddRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:

2016-01-27  Ryosuke Niwa  <rniwa@webkit.org>

        Add API to access closed shadowRoot in InjectedBundle
        https://bugs.webkit.org/show_bug.cgi?id=153533

        Reviewed by Antti Koivisto.

        Always return the shadow root in Element.shadowRootForBindings when the DOM wrapper world has
        shadowRootIsAlwaysOpen set to true. Also renamed bindingShadowRoot to shadowRootForBindings
        to be consistent.

        * bindings/js/DOMWrapperWorld.h:
        (WebCore::DOMWrapperWorld::setShadowRootIsAlwaysOpen): Added.
        (WebCore::DOMWrapperWorld::shadowRootIsAlwaysOpen): Added.
        * dom/Element.cpp:
        (WebCore::Element::shadowRootForBindings): Renamed from bindingShadowRoot.
        * dom/Element.h:
        * dom/Element.idl:

2016-01-27  Zhuo Li  <zachli@apple.com>

        Need ability to specify alternate image for AutoFill button in input fields.
        https://bugs.webkit.org/show_bug.cgi?id=153116.
        rdar://problem/23384854.

        Reviewed by Darin Adler.

        Add a new AutoFill button that can be shown in <input> elements.

        Tests: fast/forms/auto-fill-button/input-contacts-auto-fill-button.html
               fast/forms/auto-fill-button/show-correct-auto-fill-button-when-auto-fill-button-type-changes.html

        * css/html.css:
        (input::-webkit-contacts-auto-fill-button):
        (input::-webkit-contacts-auto-fill-button:hover):
        (input::-webkit-contacts-auto-fill-button:active):
        Add default style rules for the Contacts AutoFill button based on the ones used for
        Manual AutoFill button.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setShowAutoFillButton):
        * html/HTMLInputElement.h:
        (WebCore::HTMLInputElement::autoFillButtonType):
        - Replace the boolean parameter with a new parameter to specify the type of the AutoFill button.
        - Declare a private variable to keep a record of the type of the current AutoFill
        button.
        (WebCore::HTMLInputElement::showAutoFillButton): Deleted.

        * html/HTMLTextFormControlElement.h:
        Declare enum for AutoFill button type.

        * html/TextFieldInputType.cpp:
        (WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
        (WebCore::isAutoFillButtonTypeChanged):
        (WebCore::TextFieldInputType::shouldDrawAutoFillButton): None means the AutoFill button is not
        enabled.
        (WebCore::TextFieldInputType::createAutoFillButton): Only create the AutoFill button
        if the type is expected.
        (WebCore::TextFieldInputType::updateAutoFillButton):
        Handle the case where AutoFill button type changes in the text field.
        * html/TextFieldInputType.h:

        * testing/Internals.cpp:
        (WebCore::stringToAutoFillButtonType): Convert the string to AutoFill button type.
        (WebCore::Internals::setShowAutoFillButton): Add a new parameter to specify the type of the AutoFill button.
        * testing/Internals.h: Ditto.
        * testing/Internals.idl: Ditto.

2016-01-26  Ryosuke Niwa  <rniwa@webkit.org>

        Add Node.treeRoot
        https://bugs.webkit.org/show_bug.cgi?id=153537

        Reviewed by Antti Koivisto.

        Exposed highestAncestor as Node.prototype.treeRoot, which was added to shadow DOM spec in
        https://github.com/w3c/webcomponents/commit/6864a40fe4efa8a737e78512e3c85319ddc5bf8b

        See also:
        http://w3c.github.io/webcomponents/spec/shadow/#extensions-to-node-interface

        Test: fast/shadow-dom/Node-interface-treeRoot.html

        * dom/Node.idl:

2016-01-26  Ryosuke Niwa  <rniwa@webkit.org>

        Rename HTMLSlotElement.getDistributedNodes to getAssignedNodes
        https://bugs.webkit.org/show_bug.cgi?id=153534

        Reviewed by Antti Koivisto.

        Did the rename.

        * html/HTMLSlotElement.idl:

2016-01-27  Tim Horton  <timothy_horton@apple.com>

        Need to be able to specify MIME type for <attachment> without filename or handle
        https://bugs.webkit.org/show_bug.cgi?id=153552
        <rdar://problem/20145857>

        Reviewed by Anders Carlsson.

        Tests: fast/attachment/attachment-default-icon.html
               fast/attachment/attachment-type-attribute.html

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::parseAttribute):
        Invalidate attachment when 'type' attribute changes.

        (WebCore::HTMLAttachmentElement::attachmentType):
        * html/HTMLAttachmentElement.h:
        * platform/graphics/Icon.h:
        * platform/graphics/mac/IconMac.mm:
        (WebCore::Icon::createIconForUTI):
        (WebCore::Icon::createIconForMIMEType):
        Add Icon class methods to retrieve an icon given a UTI or MIME type.

        * rendering/RenderThemeMac.mm:
        (WebCore::paintAttachmentIcon):
        Use the 'type' attribute (a MIME type) if we have one. Otherwise,
        use the filename. Lastly fall back to a plain file icon (using the root
        file UTI, public.data).

2016-01-27  Alexey Proskuryakov  <ap@apple.com>

        Remove ENABLE_CURRENTSRC
        https://bugs.webkit.org/show_bug.cgi?id=153545

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2016-01-26  Anders Carlsson  <andersca@apple.com>

        Stop echoing echo commands to stdout
        https://bugs.webkit.org/show_bug.cgi?id=153531

        Reviewed by Csaba Osztrogonác.

        * DerivedSources.make:

2016-01-26  Jer Noble  <jer.noble@apple.com>

        Calling video.controls=true during a scrub operation cancels scrub.
        https://bugs.webkit.org/show_bug.cgi?id=153494

        Reviewed by Eric Carlson.

        Test: media/media-controls-drag-timeline-set-controls-property.html

        Verify that the video.controls attribute actually changed before tearing down and
        re-adding the media controls to the Shadow DOM.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleControlsChange):
        (Controller.prototype.hasControls):

2016-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK][EFL] Rename ScrollAnimationNone as ScrollAnimationSmooth
        https://bugs.webkit.org/show_bug.cgi?id=153481

        Reviewed by Simon Fraser.

        ScrollAnimationNone has always been used by EFL and GTK ports to
        implement smooth scrolling. I think it should be possible for
        other scroll animators to implement smooth scrolling or even
        implement other kind of scroll animations. For example, in the
        future I would like to have kinetic scrolling implemented for the
        GTK+ port to match all other GTK+ application and decide at
        runtime between different animations without having to use a
        different scroll animator class. So, this patch also moves the
        smooth scrolling animation implementation to its own class
        ScrollAnimationSmooth that impements an interface ScrollAnimation
        that could be used to implement other animations. This will allow
        the GTK+ port to add its own scroll animator class and still
        support smooth scrolling sharing the code with the
        ScrollAnimationSmooth.

        * PlatformEfl.cmake: Add new files to compilation and remove ScrollAnimationNone.
        * PlatformGTK.cmake: Ditto.
        * platform/ScrollAnimation.h: Added.
        (WebCore::ScrollAnimation::serviceAnimation):
        (WebCore::ScrollAnimation::ScrollAnimation):
        * platform/ScrollAnimationSmooth.cpp: Added.
        (WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
        (WebCore::ScrollAnimationSmooth::scroll):
        (WebCore::ScrollAnimationSmooth::stop):
        (WebCore::ScrollAnimationSmooth::updateVisibleLengths):
        (WebCore::ScrollAnimationSmooth::setCurrentPosition):
        (WebCore::ScrollAnimationSmooth::serviceAnimation):
        (WebCore::ScrollAnimationSmooth::~ScrollAnimationSmooth):
        (WebCore::curveAt):
        (WebCore::attackCurve):
        (WebCore::releaseCurve):
        (WebCore::coastCurve):
        (WebCore::curveIntegralAt):
        (WebCore::attackArea):
        (WebCore::releaseArea):
        (WebCore::getAnimationParametersForGranularity):
        (WebCore::ScrollAnimationSmooth::updatePerAxisData):
        (WebCore::ScrollAnimationSmooth::animateScroll):
        (WebCore::ScrollAnimationSmooth::animationTimerFired):
        (WebCore::ScrollAnimationSmooth::startNextTimer):
        (WebCore::ScrollAnimationSmooth::animationTimerActive):
        * platform/ScrollAnimationSmooth.h: Added.
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::scroll):
        (WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimator::setCurrentPosition):
        (WebCore::ScrollAnimator::updateActiveScrollSnapIndexForOffset):
        (WebCore::ScrollAnimator::notifyPositionChanged):
        (WebCore::ScrollAnimator::scrollOffsetOnAxis):
        * platform/ScrollAnimator.h:
        (WebCore::ScrollAnimator::ScrollAnimator::currentPosition):
        * platform/ScrollAnimatorNone.cpp: Removed.
        * platform/ScrollAnimatorNone.h: Removed.
        * platform/ScrollAnimatorSmooth.cpp: Added.
        (WebCore::ScrollAnimator::create):
        (WebCore::ScrollAnimatorSmooth::ScrollAnimatorSmooth):
        (WebCore::ScrollAnimatorSmooth::~ScrollAnimatorSmooth):
        (WebCore::ScrollAnimatorSmooth::scroll):
        (WebCore::ScrollAnimatorSmooth::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimatorSmooth::cancelAnimations):
        (WebCore::ScrollAnimatorSmooth::serviceScrollAnimations):
        (WebCore::ScrollAnimatorSmooth::willEndLiveResize):
        (WebCore::ScrollAnimatorSmooth::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorSmooth::didAddHorizontalScrollbar):
        * platform/ScrollAnimatorSmooth.h: Added.
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::immediateScrollToPosition):
        (WebCore::ScrollAnimatorMac::immediateScrollBy):

2016-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        Overlay scrollbars should always use the whole contents
        https://bugs.webkit.org/show_bug.cgi?id=153352

        Reviewed by Michael Catanzaro.

        In case of having both horizontal and vertical scrollbars, the
        scrollbars respect the scroll corner. That looks good for legacy
        scrollbars that show the track, but with the overlay indicators
        it looks weird that the indicator stops so early before the end of
        the contents, giving the impression that there's something else to
        scroll. This happens because the scroll corner is transparent, so
        it's not obvious that's the scroll corner. It also happens with
        the text areas having a resizer. Legacy scrollbars take into
        account the resizer, which is good, but I expect overlay
        scrollbars to be rendered also over the resizer. The resizer takes
        precedence so you can still click and drag to resize the text area.
        In the case of main frame scrollbars we are indeed returning an
        empty rectangle from ScrollView::scrollCornerRect() when using
        overlay scrollbars, but when calculating the size of the
        scrollbars we are using the actual width/height instead of the
        occupied with/height. For other scrollbars
        RenderLayer::scrollCornerRect() is not checking whether scrollbars
        are overlay or not and we are always returning a scroll corner
        rectangle when scrollbars are present.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars): Use the occupied
        width/height when calculating the space the one scrollbar
        should leave for the other.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollCornerRect): Return an empty
        rectangle when using overlay scrollbars.

2016-01-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        ScrollAnimator is not notified when mouse entered, moved or exited a RenderListBox
        https://bugs.webkit.org/show_bug.cgi?id=153398

        Reviewed by Michael Catanzaro.

        EvenHandler is checking whether the enclosing layer of a node is
        registered as scrollable area of its frame view. That doesn't work
        for list boxes, because they are the scrollable area
        themselves. Also when entering a list box the node under mouse is
        not usually the list box itself, but any of its children, a
        HTMLOptionElement or a HTMLOptGroupElement. Instead of comparing
        layers, we should find the enclosing scrollable area of the target
        elements and compare them to decide whether the mouse has entered,
        left or moved a scrollable area.

        * page/EventHandler.cpp:
        (WebCore::enclosingScrollableArea): Return the enclosing
        scrollable area of the given node. If the node doesn't have a
        renderer, it traverses its parents. If the renderer is a
        RenderListBox it is returned, otherwhise the enclosing layer is
        returned.
        (WebCore::EventHandler::mouseMoved): Use enclosingScrollableArea.
        (WebCore::EventHandler::updateMouseEventTargetNode): Ditto.

2016-01-26  Sam Weinig  <sam@webkit.org>

        Try touching DerivedSources.make to force rebuilding.

        * DerivedSources.make:
        * page/DOMWindow.idl:

2016-01-26  Sam Weinig  <sam@webkit.org>

        Try to force a rebuild.

        * page/DOMWindow.idl:

2016-01-26  Chris Dumez  <cdumez@apple.com>

        fast/history/page-cache-webdatabase-no-transaction-db.html flakily crashes
        https://bugs.webkit.org/show_bug.cgi?id=153525

        Reviewed by Andreas Kling.

        The test was crashing because DatabaseThread::hasPendingDatabaseActivity()
        was accessing m_openDatabaseSet from the main thread without any locking
        mechanism. This is an issue because m_openDatabaseSet is altered by the
        database thread.

        No new tests, already covered by fast/history/page-cache-webdatabase-no-transaction-db.html.

        * Modules/webdatabase/DatabaseThread.cpp:
        (WebCore::DatabaseThread::databaseThread):
        (WebCore::DatabaseThread::recordDatabaseOpen):
        (WebCore::DatabaseThread::recordDatabaseClosed):
        (WebCore::DatabaseThread::hasPendingDatabaseActivity):
        * Modules/webdatabase/DatabaseThread.h:

2016-01-26  Joseph Pecoraro  <pecoraro@apple.com>

        Unreviewed CMake build fix after r195644.

        * PlatformMac.cmake:

2016-01-26  Brady Eidson  <beidson@apple.com>

        Modern IDB: Key generator support for SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153427

        Reviewed by Alex Christensen.

        No new tests (Existing failing tests now pass, others improved).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedGetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedSetKeyGeneratorValue):
        (WebCore::IDBServer::SQLiteIDBBackingStore::generateKeyNumber):
        (WebCore::IDBServer::SQLiteIDBBackingStore::revertGeneratedKeyNumber):
        (WebCore::IDBServer::SQLiteIDBBackingStore::maybeUpdateKeyGeneratorNumber):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-01-26  Simon Fraser  <simon.fraser@apple.com>

        Allow canvas to use display-list drawing for testing
        https://bugs.webkit.org/show_bug.cgi?id=153475

        Reviewed by Dean Jackson.

        Optionally have 2D <canvas> use display-list drawing, which is only enabled
        via Internals for now.

        Support displayListAsText() and replayDisplayListAsText() on canvas, so we can
        use it to test playback optimizations. [Note that displayListAsText() always
        returns an empty string currently, because the display list is cleared when the
        canvas is painted to the page.]

        Display list rendering is implemented by giving CanvasRenderingContext2D an
        optional DisplayListDrawingContext, which packages up a display list, recorder
        and recording context. The existing paintRenderingResultsToCanvas() is overridden
        to replay the recorded display list into the primary canvas context.

        Tracked replay display lists are stored in a static map, keyed by the CanvasRenderingContext2D.

        Test: displaylists/canvas-display-list.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::HTMLCanvasElement):
        (WebCore::HTMLCanvasElement::getContext):
        (WebCore::HTMLCanvasElement::paint):
        (WebCore::HTMLCanvasElement::setUsesDisplayListDrawing):
        (WebCore::HTMLCanvasElement::setTracksDisplayListReplay):
        (WebCore::HTMLCanvasElement::displayListAsText):
        (WebCore::HTMLCanvasElement::replayDisplayListAsText):
        * html/HTMLCanvasElement.h:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::DisplayListDrawingContext::DisplayListDrawingContext):
        (WebCore::contextDisplayListMap):
        (WebCore::CanvasRenderingContext2D::~CanvasRenderingContext2D):
        (WebCore::CanvasRenderingContext2D::setTracksDisplayListReplay):
        (WebCore::CanvasRenderingContext2D::displayListAsText):
        (WebCore::CanvasRenderingContext2D::replayDisplayListAsText):
        (WebCore::CanvasRenderingContext2D::paintRenderingResultsToCanvas):
        (WebCore::CanvasRenderingContext2D::drawingContext):
        (WebCore::CanvasRenderingContext2D::CanvasRenderingContext2D): Deleted.
        * html/canvas/CanvasRenderingContext2D.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setElementUsesDisplayListDrawing):
        (WebCore::Internals::setElementTracksDisplayListReplay):
        (WebCore::Internals::displayListForElement):
        (WebCore::Internals::replayDisplayListForElement):

2016-01-26  Joseph Pecoraro  <pecoraro@apple.com>

        Generalize ResourceUsageData gathering to be used outside of ResourceUsageOverlay
        https://bugs.webkit.org/show_bug.cgi?id=153509
        <rdar://problem/24354291>

        Reviewed by Andreas Kling.

        * CMakeLists.txt:
        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * page/Page.cpp:
        * page/Page.h:
        * page/Settings.cpp:
        * page/Settings.h:
        * page/ResourceUsageOverlay.cpp:
        * page/ResourceUsageOverlay.h:
        Add new files to the build and updated ENABLE flag name.

        * page/ResourceUsageData.cpp: Added.
        (WebCore::ResourceUsageData::ResourceUsageData):
        * page/ResourceUsageData.h: Added.
        (WebCore::MemoryCategoryInfo::MemoryCategoryInfo):
        Platform agnostic resource data that may be used by multiple clients,
        such as the ResourceUsageOverlay and later the Inspector.

        * page/ResourceUsageThread.h: Added.
        * page/ResourceUsageThread.cpp: Added.
        (WebCore::ResourceUsageThread::ResourceUsageThread):
        (WebCore::ResourceUsageThread::singleton):
        (WebCore::ResourceUsageThread::addObserver):
        (WebCore::ResourceUsageThread::removeObserver):
        (WebCore::ResourceUsageThread::waitUntilObservers):
        (WebCore::ResourceUsageThread::notifyObservers):
        (WebCore::ResourceUsageThread::createThreadIfNeeded):
        (WebCore::ResourceUsageThread::threadCallback):
        (WebCore::ResourceUsageThread::threadBody):
        Platform agnostic resource usage thread that can be used to gather data
        into a ResourceUsageData struct on a background thread and notify observers
        on the main thread. Platforms need only implement ResourceUsageThread::platformThreadBody
        to populate the ResourceUsageData struct with data.

        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::HistoricMemoryCategoryInfo::HistoricMemoryCategoryInfo):
        (WebCore::HistoricResourceUsageData::HistoricResourceUsageData):
        (WebCore::historicUsageData):
        (WebCore::appendDataToHistory):
        (WebCore::ResourceUsageOverlay::platformInitialize):
        (WebCore::ResourceUsageOverlay::platformDestroy):
        (WebCore::drawMemHistory):
        (WebCore::drawMemoryPie):
        (WebCore::ResourceUsageOverlay::platformDraw):
        Move CPU and memory resource usage calculations to ResourceUsageThread.
        The overlay adds itself as an observer, and builds its RingBuffer list
        of data from notifications from the ResourceUsageThread. Renamed
        some of the fields.

        * page/cocoa/ResourceUsageThreadCocoa.mm: Added.
        (WebCore::vmPageSize):
        (WebCore::TagInfo::TagInfo):
        (WebCore::pagesPerVMTag):
        (WebCore::cpuUsage):
        (WebCore::categoryForVMTag):
        (WebCore::ResourceUsageThread::platformThreadBody):
        Extracted from ResourceUsageOverlayCocoa.

        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::dispatch):
        Drive-by, don't call singleton again, we already have the result.

2016-01-26  Simon Fraser  <simon.fraser@apple.com>

        Use initializers in HTMLCanvasElement
        https://bugs.webkit.org/show_bug.cgi?id=153472

        Reviewed by Michael Catanzaro.

        Use initializers, and re-order member variables for better packing.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::HTMLCanvasElement):
        * html/HTMLCanvasElement.h:

2016-01-26  Chris Dumez  <cdumez@apple.com>

        Setting HTMLInputElement.value to null to set its value to the empty string
        https://bugs.webkit.org/show_bug.cgi?id=153519

        Reviewed by Ryosuke Niwa.

        Setting HTMLInputElement.value to null to set its value to the empty string:
        - https://html.spec.whatwg.org/#htmlinputelement
        - http://heycam.github.io/webidl/#TreatNullAs

        WebKit would previously unset the value attribute instead, which caused
        it to fallback to input.defaultValue if set.

        Firefox and Chrome behave correctly.

        Test: fast/dom/HTMLInputElement/input-value-set-null.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::setValue):

2016-01-26  Anders Carlsson  <andersca@apple.com>

        WebKitAdditions should be able to modify derived source rules
        https://bugs.webkit.org/show_bug.cgi?id=153514

        Reviewed by Tim Horton.

        * DerivedSources.make:
        Include WebCoreDerivedSourcesAdditions.make.

        * WebCore.xcodeproj/project.pbxproj:
        Pass our WebKitAdditions paths as include paths to make.

2016-01-26  Chris Dumez  <cdumez@apple.com>

        document.open() / write() should be prevented in beforeunload event handlers
        https://bugs.webkit.org/show_bug.cgi?id=153432

        Reviewed by Ryosuke Niwa.

        document.open() / write() should be prevented in beforeunload event handlers:
        - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
        - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
        - https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
        - https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document

        Test: fast/frames/page-beforeunload-document-open.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::dispatchBeforeUnloadEvent):

2016-01-26  Chris Dumez  <cdumez@apple.com>

        Add support for HTMLDataElement
        https://bugs.webkit.org/show_bug.cgi?id=153459

        Reviewed by Ryosuke Niwa.

        Add support for HTMLDataElement:
        https://html.spec.whatwg.org/multipage/semantics.html#the-data-element

        Firefox already supports it.

        No new tests, already covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLDataElement.cpp: Added.
        (WebCore::HTMLDataElement::create):
        (WebCore::HTMLDataElement::HTMLDataElement):
        * html/HTMLDataElement.h: Added.
        * html/HTMLDataElement.idl: Added.
        * html/HTMLElementsAllInOne.cpp:
        * html/HTMLTagNames.in:

2016-01-26  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195610.
        https://bugs.webkit.org/show_bug.cgi?id=153513

        The test added with this change is timing out on almost every
        run (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "Calling video.controls=true during a scrub operation cancels
        scrub."
        https://bugs.webkit.org/show_bug.cgi?id=153494
        http://trac.webkit.org/changeset/195610

2016-01-26  Brady Eidson  <beidson@apple.com>

        History.pushState causes intense memory pressure.
        https://bugs.webkit.org/show_bug.cgi?id=153435

        Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen.

        Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html
               fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html
               fast/loader/stateobjects/pushstate-frequency.html
               fast/loader/stateobjects/replacestate-frequency-iframe.html
               fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html
               fast/loader/stateobjects/replacestate-frequency.html
               loader/stateobjects/pushstate-size-iframe.html
               loader/stateobjects/pushstate-size.html
               loader/stateobjects/replacestate-size-iframe.html
               loader/stateobjects/replacestate-size.html

        Add restrictions on how frequently push/replaceState can be called,
        as well as how much of a cumulative payload they can deliver.
        
        * bindings/js/JSHistoryCustom.cpp:
        (WebCore::JSHistory::pushState):
        (WebCore::JSHistory::replaceState):
        
        * page/History.cpp:
        (WebCore::History::stateObjectAdded):
        * page/History.h:

2016-01-26  Anders Carlsson  <andersca@apple.com>

        Add a Dictionary overload that returns an Optional result
        https://bugs.webkit.org/show_bug.cgi?id=153507

        Reviewed by Tim Horton.

        * bindings/js/Dictionary.h:
        (WebCore::Dictionary::get):

2016-01-26  Philip Rogers  <pdr@chromium.org>

        Let SVG images not taint canvases except when containing foreignObjects
        https://bugs.webkit.org/show_bug.cgi?id=119639

        Reviewed by Brent Fulgham.

        r153876 caused SVG images to not taint canvases but the patch allowed
        for subimage resources. This can be a problem if a subimage (e.g., data
        uri image) contains a foreignObject which can violate security (e.g.,
        visited links).

        This patch updates SVGImage::hasSingleSecurityOrigin to check if the
        image contains any foreignObjects or images that themselves contain
        foreignObjects. SVG images without foreignObjects are allowed to not
        taint canvases.

        Canvas patterns are problematic because an animated SVG image can switch
        between tainting and not tainting the canvas. A FIXME has been added to
        solve this, and in the meantime we cause SVG images to taint patterns.

        Tests: svg/as-image/svg-canvas-pattern-with-link-tainted.html
               svg/as-image/svg-canvas-svg-with-feimage-with-link-tainted.html
               svg/as-image/svg-canvas-svg-with-image-with-link-tainted.html

        * html/canvas/CanvasPattern.cpp:
        (WebCore::CanvasPattern::CanvasPattern):
        (WebCore::CanvasPattern::~CanvasPattern):
        * svg/SVGFEImageElement.cpp:
        (WebCore::SVGFEImageElement::~SVGFEImageElement):
        (WebCore::SVGFEImageElement::hasSingleSecurityOrigin):
        (WebCore::SVGFEImageElement::clearResourceReferences):
        * svg/SVGFEImageElement.h:
        * svg/SVGImageElement.cpp:
        (WebCore::SVGImageElement::create):
        (WebCore::SVGImageElement::hasSingleSecurityOrigin):
        (WebCore::SVGImageElement::isSupportedAttribute):
        * svg/SVGImageElement.h:
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::hasSingleSecurityOrigin):

2016-01-26  Michael Catanzaro  <mcatanzaro@igalia.com>

        CSSGrammar.y:1742.31-34: warning: unused value: $3
        https://bugs.webkit.org/show_bug.cgi?id=153462

        Reviewed by Alex Christensen.

        This warning indicates that we have a memory leak. From the bison manual:

        "Right-hand side symbols of a rule that explicitly triggers a syntax error via YYERROR are
        not discarded automatically. As a rule of thumb, destructors are invoked only when user
        actions cannot manage the memory."

        Arguably a design error, but that's how it is.

        * css/CSSGrammar.y.in:

2016-01-26  Jer Noble  <jer.noble@apple.com>

        Calling video.controls=true during a scrub operation cancels scrub.
        https://bugs.webkit.org/show_bug.cgi?id=153494

        Reviewed by Eric Carlson.

        Test: media/media-controls-drag-timeline-set-controls-property.html

        Verify that the video.controls attribute actually changed before tearing down and
        re-adding the media controls to the Shadow DOM.

        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleControlsChange):
        (Controller.prototype.hasControls):

2016-01-26  Jeremy Noble  <jer.noble@apple.com>

        [EME][Mac] Crash in [AVStreamSession addStreamDataParser:]; uncaught exception
        https://bugs.webkit.org/show_bug.cgi?id=153495

        Reviewed by Eric Carlson.

        When AVContentKeySession is not available, fall back to pre-AVContentKeySession behavior;
        namely, immediately create an AVStreamSession object in
        willProvideContentKeyRequestInitializationData, rather than waiting for didProvide.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID):

2016-01-26  Dean Jackson  <dino@apple.com>

        [iOS] Documents without an explicit width should not get fast tapping
        https://bugs.webkit.org/show_bug.cgi?id=153465
        <rdar://problem/23962529>

        Reviewed by Simon Fraser (and Wenson Hseih).

        As the title says, documents that do not set a viewport should
        not get the fast click behaviour. There were complaints that we broke
        double-tap to scroll in ImageDocuments where the image was narrow and long.

        The fix is to just keep a flag that tells the UI process if the
        width was explicit. However, it turns out that those ImageDocuments
        are given an explicit device-width, which is fine for scaling but
        really should behave as auto for fast tapping. So we also need
        to tell the UIProcess if the viewport arguments came from an
        ImageDocument.

        Test: fast/events/ios/viewport-no-width-value-allows-double-tap.html

        * dom/ViewportArguments.cpp:
        (WebCore::findSizeValue): Add a parameter that toggles a flag
        if the size was explicitly set.
        (WebCore::setViewportFeature): Remember if the width was
        explicit.
        * dom/ViewportArguments.h: Add a widthWasExplicit flag.
        (WebCore::ViewportArguments::operator==):

2016-01-25  Dave Hyatt  <hyatt@apple.com>

        Speculative fixes for crashing in viewportChangeAffectedPicture
        https://bugs.webkit.org/show_bug.cgi?id=153450

        Reviewed by Dean Jackson.

        Don't attach any conditions to the removal of a picture element from
        the document's HashSet. This ensures that if the condition is ever
        wrong for any reason, we'll still remove the picture element on
        destruction.

        Fix the media query evaluation to match the other evaluations (used by
        the preload scanner and HTMLImageElement). This includes using the
        document element's computed style instead of our own and also null
        checking the document element first. This is the likely cause of the
        crashes.

        * html/HTMLPictureElement.cpp:
        (WebCore::HTMLPictureElement::~HTMLPictureElement):
        (WebCore::HTMLPictureElement::didMoveToNewDocument):
        (WebCore::HTMLPictureElement::viewportChangeAffectedPicture):

2016-01-26  Chris Dumez  <cdumez@apple.com>

        Make sure a page is still PageCache-able after firing the 'pagehide' events
        https://bugs.webkit.org/show_bug.cgi?id=153449

        Reviewed by Andreas Kling.

        Make sure a page is still PageCache-able after firing the 'pagehide'
        events and abort if it isn't. This should improve robustness and it is
        easy for pagehide event handlers to do things that would make a Page no
        longer PageCache-able and this leads to bugs that are difficult to
        investigate.

        To achieve this, the 'pagehide' event firing logic was moved out of the
        CachedFrame constructor. It now happens earlier in
        PageCache::addIfCacheable() after checking if the page is cacheable and
        before constructing the CachedPage / CachedFrames. After firing the
        'pagehide' event in PageCache::addIfCacheable(), we check again that
        the page is still cacheable and we abort early if it is not.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        * history/PageCache.cpp:
        (WebCore::setInPageCache):
        (WebCore::firePageHideEventRecursively):
        (WebCore::PageCache::addIfCacheable):
        * history/PageCache.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

2016-01-26  Beth Dakin  <bdakin@apple.com>

        Rubber-stamped by Tim Horton.

        Add one more bit of SPI.
        * platform/spi/mac/NSSpellCheckerSPI.h:

2016-01-26  Olivier Blin  <olivier.blin@softathome.com>

        Fix build with ENABLE_DEVICE_ORIENTATION on non-iOS platforms
        https://bugs.webkit.org/show_bug.cgi?id=153490

        Reviewed by Michael Catanzaro.

        This has been broken since r178702, which changed the Page
        argument from a pointer to a reference in logCanCachePageDecision().

        No new tests since this is a build fix.

        * history/PageCache.cpp:
        (WebCore::canCachePage):

2016-01-25  Ada Chan  <adachan@apple.com>

        Move WebVideoFullscreenManager and related classes from iOS specific folders to cocoa folders
        https://bugs.webkit.org/show_bug.cgi?id=153473

        Reviewed by Eric Carlson.

        No new tests, just moving files.

        * WebCore.xcodeproj/project.pbxproj:
        Update due to changes to the file locations.
        * platform/cocoa/WebVideoFullscreenModel.h: Renamed from Source/WebCore/platform/ios/WebVideoFullscreenModel.h.
        * platform/cocoa/WebVideoFullscreenModelVideoElement.h: Renamed from Source/WebCore/platform/ios/WebVideoFullscreenModelVideoElement.h.
        (WebCore::WebVideoFullscreenModelVideoElement::create):
        Fix a style error by moving the opening curly brace down one line.
        * platform/cocoa/WebVideoFullscreenModelVideoElement.mm: Renamed from Source/WebCore/platform/ios/WebVideoFullscreenModelVideoElement.mm.

2016-01-26  Konstantin Tokarev  <annulen@yandex.ru>

        Do not convert GlyphBufferAdvance to FloatSize
        https://bugs.webkit.org/show_bug.cgi?id=153429

        GlyphBufferAdvance is not necessaryly convertible to FloatSize.
        Also, this code was doing extra work by transforming height value.

        Reviewed by Antti Koivisto.

        No new tests needed.

        * rendering/svg/SVGTextRunRenderingContext.cpp:
        (WebCore::SVGGlyphToPathTranslator::extents):

2016-01-22  Ada Chan  <adachan@apple.com>

        Enable API related to the video fullscreen layer in MediaPlayerPrivateAVFoundationObjC
        also on Mac with video presentation mode support.
        https://bugs.webkit.org/show_bug.cgi?id=153222

        Reviewed by Eric Carlson.

        No new tests. Covered by existing tests.

        Introduce VideoFullscreenLayerManager to deal with the video layer when switching
        between inline and fullscreen mode. We'll reuse it in other MediaPlayerPrivateInterface
        implementations.

        Now that MediaPlayerPrivateAVFoundationObjC's platform layer can be a WebVideoContainerLayer,
        this exposes a bug in PlatformCALayerCocoa::clone() where we assumed the platform layer
        is always an AVPlayerLayer if the PlatformCALayer's layer type is LayerTypeAVPlayerLayer.
        Add a helper method to get an AVPlayerLayer from a PlatformCALayerCocoa (which also handles
        WebVideoContainerLayer case) and use it in PlatformCALayerCocoa::clone().

        * WebCore.xcodeproj/project.pbxproj:
        Add VideoFullscreenLayerManager to the project.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::MediaPlayerPrivateAVFoundationObjC):
        Create m_videoFullscreenLayerManager. The video inline layer, video fullscreen layer,
        and the video fullscreen frame are now managed by that class.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
        Just call VideoFullscreenLayerManager::setVideoLayer() to handle adding the video
        layer in either the inline or fullscreen layer.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer):
        Call VideoFullscreenLayerManager::didDestroyVideoLayer().
        (WebCore::MediaPlayerPrivateAVFoundationObjC::platformLayer):
        Get the video inline layer from VideoFullscreenLayerManager.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer):
        Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame):
        Call VideoFullscreenLayerManager::setVideoFullscreenFrame().
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
        Guard the iOS specific code properly.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity):
        Get the video fullscreen layer from VideoFullscreenLayerManager.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::requiresTextTrackRepresentation):
        Ditto.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds):
        Get the video fullscreen layer and video fullscreen frame from VideoFullscreenLayerManager.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setTextTrackRepresentation):
        Get the video fullscreen layer from VideoFullscreenLayerManager.

        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: Added.
        (WebCore::VideoFullscreenLayerManager::videoInlineLayer):
        (WebCore::VideoFullscreenLayerManager::videoFullscreenLayer):
        (WebCore::VideoFullscreenLayerManager::videoFullscreenFrame):
        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: Added.
        (-[WebVideoContainerLayer setBounds:]):
        (-[WebVideoContainerLayer setPosition:]):
        WebVideoContainerLayer was moved from MediaPlayerPrivateAVFoundationObjC.mm.
        (WebCore::VideoFullscreenLayerManager::create):
        (WebCore::VideoFullscreenLayerManager::VideoFullscreenLayerManager):
        (WebCore::VideoFullscreenLayerManager::setVideoLayer):
        Code moved from MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer().
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer):
        Code moved from MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer().
        (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame):
        Code moved from MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenFrame().
        (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer):
        Code moved from MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer().

        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.h:
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (PlatformCALayerCocoa::clone):
        Use the new PlatformCALayerCocoa::avPlayerLayer() method to get the AVPlayerLayer from both the
        destination and source PlatformCALayers.
        (PlatformCALayerCocoa::avPlayerLayer):
        Return nil if the layer type is not LayerTypeAVPlayerLayer. Otherwise, return the
        platform layer if it is indeed an AVPlayerLayer. If not, it should be a WebVideoContainerLayer
        and we should return its sublayer which should be an AVPlayerLayer.

2016-01-26  Chris Dumez  <cdumez@apple.com>

        First parameter to window.showModalDialog() should be mandatory
        https://bugs.webkit.org/show_bug.cgi?id=153436

        Reviewed by Youenn Fablet.

        Make window.showModalDialog()'s first parameter mandatory to match the
        last specification containing it:
        http://dev.w3.org/html5/spec-preview/user-prompts.html#dialogs-implemented-using-separate-documents

        The new behavior also matches Firefox, while Chrome no longer supports
        this operation.

        With this change, the W3C HTML test suite no longer hangs in the middle
        because it mistakenly pops up a modal dialog during testing.

        Test: fast/dom/Window/showModalDialog-mandatory-parameter.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::showModalDialog):

2016-01-26  Eric Carlson  <eric.carlson@apple.com>

        LayoutTest media/airplay-target-availability.html is flaky
        https://bugs.webkit.org/show_bug.cgi?id=153100
        <rdar://problem/24346796>

        Reviewed by Daniel Bates.

        No new tests, media/airplay-target-availability.html was updated

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a configuration scan if
          any of the config flags have changed.
        (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Update logging.

2016-01-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        Main frame scrollbars not updated on hovering when using overlay scrollbars
        https://bugs.webkit.org/show_bug.cgi?id=153304

        Reviewed by Michael Catanzaro.

        Legacy scrollbars were fixed in r194155, but overlay scrollbars
        are not notified when they are hovered. This is because the layer
        hit test in RenderView::hitTest always returns true when using
        overlay scrollbars and we are returning early in such case,
        ignoring the HitTestRequest::AllowFrameScrollbars flag. So, in
        case of using overlay scrollbars we still need to check the
        RenderView scrollbars even when the layer hit test succeeded.

        * rendering/RenderView.cpp:
        (WebCore::RenderView::hitTest):

2016-01-26  Daniel Bates  <dabates@apple.com>

        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
        https://bugs.webkit.org/show_bug.cgi?id=153250
        <rdar://problem/12172843>
        And
        <rdar://problem/24248040>

        Reviewed by Alexey Proskuryakov.

        Remove an incorrect assertion that the absolute URL associated with a protection space cannot
        contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
        This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
        with the invariants for WebCore::protectionSpaceMapKeyFromURL().

        Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
               http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

        * platform/network/CredentialStorage.cpp:
        (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

2016-01-26  Daniel Bates  <dabates@apple.com>

        Remove XMLHttpRequestException
        https://bugs.webkit.org/show_bug.cgi?id=102698
        <rdar://problem/24338476>

        Reviewed by Chris Dumez.

        Inspired by a patch by Erik Arvidsson.

        As per <https://xhr.spec.whatwg.org> (21 January 2016) and <https://html.spec.whatwg.org/multipage/workers.html#dom-workerglobalscope-importscripts> (25 January 2016)
        XMLHttpRequest and WorkerGlobalScope.importScripts() should throw a DOMException object instead
        of a XMLHttpRequestException object when a NetworkError, AbortError, or TimeoutError occur. This
        makes the behavior of WebKit more closely conform to these standards as well as the behavior of
        other browsers.

        * CMakeLists.txt: Remove entries for XMLHttpRequestException.idl and XMLHttpRequestException.cpp.
        * DerivedSources.make: Remove entry for XMLHttpRequestException.idl.
        * WebCore.order: Remove exported symbols for XMLHttpRequestException.
        * WebCore.vcxproj/WebCore.vcxproj: Remove entries for JSXMLHttpRequestException.{cpp, h}, XMLHttpRequestException.{cpp, h}
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/JSExceptionBase.cpp:
        (WebCore::toExceptionBase): Remove logic for XMLHttpRequestException.
        * dom/DOMExceptions.in: Remove entry for XMLHttpRequestException.
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::importScripts): Throw DOMException.NETWORK_ERR instead of XMLHttpRequestException.NETWORK_ERR.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Ditto.
        (WebCore::XMLHttpRequest::didFail): Throw DOMException.ABORT_ERR instead of XMLHttpRequestException.ABORT_ERR.
        (WebCore::XMLHttpRequest::didReachTimeout): Throw DOMException.TIMEOUT_ERR instead of XMLHttpRequestException.TIMEOUT_ERR.
        * xml/XMLHttpRequestException.cpp: Removed.
        * xml/XMLHttpRequestException.h: Removed.
        * xml/XMLHttpRequestException.idl: Removed.

2016-01-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        WebCoreJSBuiltins do not use to do conditional include
        https://bugs.webkit.org/show_bug.cgi?id=153306

        Reviewed by Alex Christensen.

        Removing compilation guards as builtin generator adds them in the files themselves.
        Fixing MediaDevices.js to generate MEDIA_STREAM compilation guard.

        No change in behavior.

        * Modules/mediastream/MediaDevices.js: Changing @optional to @conditional.
        * Modules/mediastream/NavigatorUserMedia.js: Making it @conditional.
        * bindings/js/WebCoreJSBuiltins.cpp:
        * bindings/js/WebCoreJSBuiltins.h:

2016-01-25  Alex Christensen  <achristensen@webkit.org>

        Fix internal Windows build
        https://bugs.webkit.org/show_bug.cgi?id=153469

        Reviewed by Brent Fulgham.

        * CMakeLists.txt:
        Pass the GPERF_EXECUTABLE that we found to perl scripts so they can use it instead of just calling gperf.
        This is needed for builds where gperf is not in the PATH.
        * DerivedSources.make:
        Pass "gperf" as the gperf command to retain existing functionality on mac.
        * bindings/scripts/preprocess-idls.pl:
        (CygwinPathIfNeeded):
        * bindings/scripts/preprocessor.pm:
        (applyPreprocessor):
        Add /cygdrive/c/cygwin/bin to the PATH before calling cygpath.
        This is needed for builds where we are using cygwin, but C:/cygwin/bin is not in the PATH.
        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/makeSelectorPseudoElementsMap.py:
        * css/makeprop.pl:
        * platform/network/create-http-header-name-table:
        Use the gperf executable passed in as a command line parameter if it is given.

2016-01-25  Simon Fraser  <simon.fraser@apple.com>

        DisplayList items can log paths now
        https://bugs.webkit.org/show_bug.cgi?id=153417

        Reviewed by Zalan Bujtas.

        Now that Path supports TextStream logging, clean up its output a little and
        enable dumping of Paths in DisplayListItems.

        * platform/graphics/Path.cpp:
        (WebCore::operator<<):
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::operator<<):

2016-01-25  Antti Koivisto  <antti@apple.com>

        Fix the comment.

        * rendering/style/RenderStyle.h:

2016-01-25  Enrica Casucci  <enrica@apple.com>

        Add support for DataDetectors in WK (iOS).
        https://bugs.webkit.org/show_bug.cgi?id=152989
        rdar://problem/22855960

        Reviewed by Tim Horton.

        Adding new helper functions for data detection related tasks.
        The patch also fixes a bug when creating DOM ranges from DDQueryRange
        spanning multiple fragments.

        * editing/cocoa/DataDetection.h:
        * editing/cocoa/DataDetection.mm:
        (WebCore::DataDetection::isDataDetectorLink):
        (WebCore::DataDetection::dataDetectorIdentifier):
        (WebCore::detectItemAtPositionWithRange):
        (WebCore::DataDetection::detectItemAroundHitTestResult):
        (WebCore::resultIsURL):
        (WebCore::removeResultLinksFromAnchor):
        (WebCore::searchForLinkRemovingExistingDDLinks):
        (WebCore::DataDetection::detectContentInRange):

2016-01-25  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove broken cache from CSSFontFaceSource
        https://bugs.webkit.org/show_bug.cgi?id=153440

        Reviewed by Simon Fraser.

        This cache has been broken since 2013 (r158085). Given we didn't notice a perf
        hit when it broke, and the fact it's been broken for years, it clearly isn't
        necessary.

        https://bugs.webkit.org/show_bug.cgi?id=153414 consists of a fairly invasive
        change to CSSFontFaceSource; this patch includes a working version of this
        cache, along with an easy way to enable/disable it (to measure possible perf
        changes).

        This patch is a short-term cleanup patch in the mean time until the above
        invasive change gets landed.

        No new tests because there is no behavior (or performance!) change.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        (WebCore::CSSFontFaceSource::~CSSFontFaceSource): Deleted.
        (WebCore::CSSFontFaceSource::pruneTable): Deleted.
        (WebCore::CSSFontFaceSource::fontLoaded): Deleted.
        * css/CSSFontFaceSource.h:

2016-01-25  Sam Weinig  <sam@webkit.org>

        Try to fix the simulator build.

        * platform/spi/cocoa/DataDetectorsCoreSPI.h:

2016-01-25  Sam Weinig  <sam@webkit.org>

        Roll back in r195559 with a build fix.

        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/DataDetection.mm:
        * platform/cocoa/DataDetectorsCoreSoftLink.mm: Added.
        * platform/cocoa/DataDetectorsCoreSoftLink.h: Added.
        * platform/spi/cocoa/DataDetectorsCoreSPI.h:

2016-01-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195559.
        https://bugs.webkit.org/show_bug.cgi?id=153458

        This change broke the iOS build (Requested by ryanhaddad on
        #webkit).

        Reverted changeset:

        "Fix the ASAN build."
        http://trac.webkit.org/changeset/195559

2016-01-25  Antti Koivisto  <antti@apple.com>

        Resolving direction and writing mode properties should not mutate document
        https://bugs.webkit.org/show_bug.cgi?id=153446

        Reviewed by Andreas Kling.

        Replace directionSetOnDocumentElement/writingModeSetOnDocumentElement document flags them with style flags.

        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyValueDirection):
        (WebCore::StyleBuilderCustom::resetEffectiveZoom):
        (WebCore::StyleBuilderCustom::applyValueWebkitWritingMode):
        (WebCore::StyleBuilderCustom::applyValueWebkitTextOrientation):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):
        * dom/Document.cpp:
        (WebCore::Document::Document):
        * dom/Document.h:
        (WebCore::Document::markers):
        (WebCore::Document::directionSetOnDocumentElement): Deleted.
        (WebCore::Document::writingModeSetOnDocumentElement): Deleted.
        (WebCore::Document::setDirectionSetOnDocumentElement): Deleted.
        (WebCore::Document::setWritingModeSetOnDocumentElement): Deleted.
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        * rendering/style/RenderStyle.h:
        * style/StyleResolveForDocument.cpp:
        (WebCore::Style::resolveForDocument):

2016-01-25  Sam Weinig  <sam@webkit.org>

        Fix the ASAN build.

        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/DataDetection.mm:
        * platform/cocoa/DataDetectorsCoreSoftLink.mm: Added.
        * platform/cocoa/DataDetectorsCoreSoftLink.h: Added.
        * platform/spi/cocoa/DataDetectorsCoreSPI.h:

2016-01-25  Alex Christensen  <achristensen@webkit.org>

        [Win] Another build fix after r195545

        * CMakeLists.txt:
        r195548 didn't change all the pre-builds back to post-builds.

2016-01-25  Alex Christensen  <achristensen@webkit.org>

        [Win] Fix clean build after r195545.

        * CMakeLists.txt:
        * PlatformWin.cmake:
        I got a little carried away.  WebCore already had a pre-build event.  It was correct before r195545.

2016-01-25  Beth Dakin  <bdakin@apple.com>

        Handle soft spaces after accepted candidates
        https://bugs.webkit.org/show_bug.cgi?id=153331
        -and corresponding-
        rdar://problem/23958418

        Reviewed by Darin Adler.

        Candidates now come with built-in spaces, so we should not insert a space for 
        them.
        * editing/Editor.cpp:
        (WebCore::Editor::handleAcceptedCandidate):

        New SPI to properly handle these soft spaces.
        * platform/spi/mac/NSSpellCheckerSPI.h:

2016-01-25  Alex Christensen  <achristensen@webkit.org>

        [Win] Copy forwarding headers before building a project
        https://bugs.webkit.org/show_bug.cgi?id=153434

        Reviewed by Brent Fulgham.

        * CMakeLists.txt:
        * PlatformWin.cmake:

2016-01-25  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement getIndexRecord in the SQLite backing store.
        https://bugs.webkit.org/show_bug.cgi?id=153425

        Reviewed by Darin Adler.

        No new tests (Some failures now pass, other failures progressed closer to passing).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):

2016-01-25  Eric Carlson  <eric.carlson@apple.com>

        Media "ended" event incorrectly fires when currentTime is set
        https://bugs.webkit.org/show_bug.cgi?id=150348
        <rdar://problem/24247974>

        Reviewed by Jer Noble.

        Test: media/media-ended-fired-once.html

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::invalidateCachedTime): Always mark m_cachedTime as invalid.

2016-01-25  Konstantin Tokarev  <annulen@yandex.ru>

        Do not convert GlyphBufferAdvance to FloatSize
        https://bugs.webkit.org/show_bug.cgi?id=153421

        Reviewed by Simon Fraser.

        No new tests needed.

        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::DrawGlyphs::computeBounds):

2016-01-22  Ryosuke Niwa  <rniwa@webkit.org>

        document.createElement should be able to create a custom element
        https://bugs.webkit.org/show_bug.cgi?id=153173

        Reviewed by Darin Adler.

        Added the support for constructing a custom element via document.createElement.

        Extracted HTMLElementFactory::createKnownElement, which returns nullptr when the specified name doesn't match
        any builtin element instead of out of HTMLUnknownElement, out of HTMLElementFactory::createElement.

        Test: fast/custom-elements/Document-createElement.html

        * bindings/js/JSCustomElementInterface.cpp:
        (WebCore::JSCustomElementInterface::constructHTMLElement): Added. Constructs a custom element by invoking its
        constructor. We allow exceptions to be thrown by the constructor so the caller is responsible for checking
        any exceptions in the ExecState before preceeding if the returned value is null.

        * bindings/js/JSCustomElementInterface.h:
        (WebCore::JSCustomElementInterface::constructSVGElement): Added.
        * bindings/js/JSElementCustom.cpp:
        (WebCore::toJSNewlyCreated): Exit early if the element is a custom element as the wrapper had already been
        created by super() call inside the custom element'c constructor.

        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState):
        * bindings/js/JSMainThreadExecStateInstrumentation.h:
        (WebCore::JSMainThreadExecState::instrumentFunctionInternal): Generalized from instrumentFunctionCall so that
        we can use it for both call and construct.
        (WebCore::JSMainThreadExecState::instrumentFunctionCall): Specialized the above function for call.
        (WebCore::JSMainThreadExecState::instrumentFunctionConstruct): Ditto for construct.

        * dom/CustomElementDefinitions.cpp:
        (WebCore::CustomElementDefinitions::findInterface): Added.
        * dom/CustomElementDefinitions.h:

        * dom/Document.cpp:
        (WebCore::createHTMLElementWithNameValidation): Extracted from createElement.
        (WebCore::Document::createElementForBindings): Renamed from createElement. Specifies
        ShouldCreateCustomElement::Create to create a custom element before using fallback elements.
        * dom/Document.h:
        * dom/Document.idl:

        * dom/Node.h:
        (WebCore::Node::isCustomElement): Added. This flag is used to identify a custom element.
        (WebCore::Node::setIsCustomElement): Added.

        * dom/make_names.pl: Extracted createKnownElement from createElement for createHTMLElementWithNameValidation.

        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument): Use qualified name object to instantiate
        a style element and set type content attribute.
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::setNodeName): Use createElementForBindings here since we might be creating an
        arbitrary element here. Also use RefPtr instead of raw pointers while mutating DOM for safety.

2016-01-25  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r192773): [GTK] maps.google.com unresponsive/stalls since r192773
        https://bugs.webkit.org/show_bug.cgi?id=153194

        Reviewed by Michael Catanzaro.

        In r192773 we implemented the JavaScriptCore garbage collector
        timers for the GTK+ port. Those timers schedule sources in the
        current thread default main context, but JS web worker threads
        implementation doesn't use WTF::RunLoop, but its own WorkerRunLoop
        class that doesn't create a GMainContext for the new thread. This
        means that for web sites using workers, we are now doing garbage
        collection of worker VMs in the main thread which ends up in a
        deadlock at some point. We need to ensure that worker threads
        create a GMainContext and push it as the default one for the
        thread before the WorkerGlobalScope is created. This way when the
        worker Heap is created, the GC timers use the right context to
        schedule their sources. And then we need to check if there are
        sources pending in the thread main context on every worker run
        loop iteration.

        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::runInMode):
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::workerThread):

2016-01-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195533.
        https://bugs.webkit.org/show_bug.cgi?id=153423

        It is again breaking builds of several ports (Requested by
        youenn on #webkit).

        Reverted changeset:

        "WebCoreJSBuiltins do not use to do conditional include"
        https://bugs.webkit.org/show_bug.cgi?id=153306
        http://trac.webkit.org/changeset/195533

2016-01-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        WebCoreJSBuiltins do not use to do conditional include
        https://bugs.webkit.org/show_bug.cgi?id=153306

        Reviewed by Alex Christensen.

        Removing compilation guards as builtin generator adds them in the files themselves.
        Fixing MediaDevices.js to generate MEDIA_STREAM compilation guard.

        No change in behavior.

        * Modules/mediastream/MediaDevices.js: Changing @optional to @conditional.
        * bindings/js/WebCoreJSBuiltins.cpp:
        * bindings/js/WebCoreJSBuiltins.h:

2016-01-25  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195531.
        https://bugs.webkit.org/show_bug.cgi?id=153420

        It is breaking builds of several ports (Requested by youenn on
        #webkit).

        Reverted changeset:

        "WebCoreJSBuiltins do not use to do conditional include"
        https://bugs.webkit.org/show_bug.cgi?id=153306
        http://trac.webkit.org/changeset/195531

2016-01-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        WebCoreJSBuiltins do not use to do conditional include
        https://bugs.webkit.org/show_bug.cgi?id=153306

        Reviewed by Alex Christensen.

        Removing compilation guards as builtin generator adds them in the files themselves.

        No change in behavior.

        * bindings/js/WebCoreJSBuiltins.cpp:
        * bindings/js/WebCoreJSBuiltins.h:

2016-01-25  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Implement Fetch API Headers
        https://bugs.webkit.org/show_bug.cgi?id=152384

        Reviewed by Darin Adler.

        Adding Fetch Headers API as a wapper around HTTPHeaderMap.

        Tests: imported/w3c/web-platform-tests/fetch/api/headers/headers-basic.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-casing.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-errors.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-idl.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-nameshake.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-normalize.html
               imported/w3c/web-platform-tests/fetch/api/headers/headers-structure.html

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * Modules/fetch/FetchHeaders.cpp: Added.
        (WebCore::FetchHeaders::initializeWith):
        (WebCore::isForbiddenHeaderName):
        (WebCore::isForbiddenResponseHeaderName):
        (WebCore::isSimpleHeader):
        (WebCore::canWriteHeader):
        (WebCore::FetchHeaders::append):
        (WebCore::FetchHeaders::remove):
        (WebCore::FetchHeaders::get):
        (WebCore::FetchHeaders::has):
        (WebCore::FetchHeaders::set):
        * Modules/fetch/FetchHeaders.h: Added.
        (WebCore::FetchHeaders::create):
        (WebCore::FetchHeaders::~FetchHeaders):
        (WebCore::FetchHeaders::internalHeaders):
        (WebCore::FetchHeaders::FetchHeaders):
        * Modules/fetch/FetchHeaders.idl: Added.
        * Modules/fetch/FetchHeaders.js: Added.
        (initializeFetchHeaders):
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * bindings/js/WebCoreJSBuiltins.cpp:
        * bindings/js/WebCoreJSBuiltins.h:
        (WebCore::JSBuiltinFunctions::JSBuiltinFunctions):
        (WebCore::JSBuiltinFunctions::fetchHeadersBuiltins):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::contains):
        (WebCore::HTTPHeaderMap::remove):
        * platform/network/HTTPHeaderMap.h:

2016-01-22  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] grid shorthand must reset gap properties to their initial values
        https://bugs.webkit.org/show_bug.cgi?id=153354

        Reviewed by Darin Adler.

        Both 'grid-row-gap' & 'grid-column-gap' are considered reset-only subproperties of the
        'grid' shorthand meaning that, even thought the shorthand does not offer a way to set
        their values, it must in any case reset them to the initial ones.

        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridShorthand):
        * css/CSSPropertyNames.in:

2016-01-24  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement deleteIndex and getCount for the SQLite backing store.
        https://bugs.webkit.org/show_bug.cgi?id=153415

        Reviewed by Darin Adler.

        No new tests (Handful of tests now pass, improvements on a handful of others).

        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteIndex):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::takeIndexByIdentifier):
        (WebCore::IDBServer::MemoryObjectStore::deleteIndex):
        (WebCore::IDBServer::MemoryObjectStore::deleteAllIndexes):
        (WebCore::IDBServer::MemoryObjectStore::takeIndexByName): Deleted.
        * Modules/indexeddb/server/MemoryObjectStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getCount):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::maybeCreateBackingStoreCursor):
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:
        
        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::maybeOpenBackingStoreCursor):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::deleteIndex):
        (WebCore::IDBServer::UniqueIDBDatabase::performDeleteIndex):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformDeleteIndex):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
        (WebCore::IDBObjectStoreInfo::deleteIndex):
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:

2016-01-24  Brady Eidson  <beidson@apple.com>

        Unreviewed, speculative fix for:
        Modern IDB: Some IDB tests crash in ~SQLiteIDBBackingStore
        https://bugs.webkit.org/show_bug.cgi?id=153418

        No new tests.

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::~SQLiteIDBBackingStore): Clear the global object
          before wiping out the VM.

2016-01-24  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce PassRefPtr uses in dom - 4
        https://bugs.webkit.org/show_bug.cgi?id=153270

        Reviewed by Darin Adler.

        As a step to remove PassRefPtr uses, this patch reduces the uses in WebCore/dom.

        * bindings/js/JSDeviceMotionEventCustom.cpp:
        (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
        * dom/DeviceMotionData.cpp:
        (WebCore::DeviceMotionData::create):
        (WebCore::DeviceMotionData::DeviceMotionData):
        * dom/DeviceMotionData.h:
        * dom/Document.cpp:
        (WebCore::Document::setBodyOrFrameset):
        (WebCore::Document::setFocusedElement):
        (WebCore::Document::setDecoder):
        (WebCore::Document::pushCurrentScript):
        * dom/Document.h:
        * dom/Event.cpp:
        (WebCore::Event::cloneFor):
        * dom/Event.h:
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::cloneFor):
        * dom/MouseEvent.h:
        * dom/NodeIterator.cpp:
        (WebCore::NodeIterator::NodePointer::NodePointer):
        (WebCore::NodeIterator::NodeIterator):
        * dom/NodeIterator.h:
        (WebCore::NodeIterator::create):
        * html/RadioInputType.cpp:
        (WebCore::RadioInputType::handleKeydownEvent):
        * platform/ios/DeviceMotionClientIOS.mm:
        (WebCore::DeviceMotionClientIOS::motionChanged):
        * xml/XSLTProcessor.cpp:
        (WebCore::XSLTProcessor::createDocumentFromSource):

2016-01-24  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] General cleanup
        https://bugs.webkit.org/show_bug.cgi?id=153403

        Reviewed by Darin Adler.

        It turns out that CSSFontFaceSource::m_hasExternalSVGFont exactly equals
        whether or not CSSFontFaceSource::m_font is a CachedSVGFont. Therefore,
        the variable is redundant.

        In addition, it was being passed to functions on CSSFontFaceSource::m_font,
        which means it was always true inside the CachedSVGFont subclass and
        always false for the CachedFont. Therefore, there is no reason pass this
        variable to these functions because its value can be determined at
        authorship time.

        No new tests because there is no behavior change.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        (WebCore::CSSFontFaceSource::CSSFontFaceSource): Deleted.
        * css/CSSFontFaceSource.h:
        * css/CSSFontSelector.cpp:
        (WebCore::createFontFace):
        * loader/cache/CachedFont.cpp:
        (WebCore::CachedFont::ensureCustomFontData):
        (WebCore::CachedFont::createFont):
        * loader/cache/CachedFont.h:
        * loader/cache/CachedSVGFont.cpp:
        (WebCore::CachedSVGFont::createFont):
        (WebCore::CachedSVGFont::ensureCustomFontData):
        * loader/cache/CachedSVGFont.h:
        * platform/network/HTTPParsers.cpp:
        (WebCore::isValidHTTPToken):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::uppercaseKnownHTTPMethod):

2016-01-24  Chris Dumez  <cdumez@apple.com>

        An XMLDocument interface should be exposed on the global Window object
        https://bugs.webkit.org/show_bug.cgi?id=153378
        <rdar://problem/24315465>

        Reviewed by Darin Adler.

        Expose an XMLDocument interface on the global Window object, as per:
        - https://dom.spec.whatwg.org/#xmldocument

        DOMImplementation.createDocument() now returns an XMLDocument instead
        of a Document, as per:
        - https://dom.spec.whatwg.org/#dom-domimplementation-createdocument

        Previously, WebKit would alias XMLDocument to Document which caused
        some W3C tests to fail.

        Chrome and Firefox already match the specification here.

        No new tests, already covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.cpp:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::createNewDocumentWrapper):
        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createDocument):
        * dom/DOMImplementation.h:
        * dom/DOMImplementation.idl:
        * dom/Document.cpp:
        (WebCore::Document::cloneDocumentWithoutChildren):
        * dom/Document.h:
        (WebCore::Document::isXMLDocument):
        (WebCore::Document::create): Deleted.
        (WebCore::Document::createNonRenderedPlaceholder): Deleted.
        * dom/XMLDocument.h: Added.
        (WebCore::XMLDocument::create):
        (WebCore::XMLDocument::createXHTML):
        (WebCore::XMLDocument::XMLDocument):
        (isType):
        * dom/XMLDocument.idl: Added.
        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::patchDocument):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::setOuterHTML):
        * page/DOMWindow.idl:
        * page/PageSerializer.cpp:
        (WebCore::SerializerMarkupAccumulator::SerializerMarkupAccumulator):
        * svg/SVGDocument.cpp:
        (WebCore::SVGDocument::SVGDocument):
        * svg/SVGDocument.h:
        * svg/SVGDocument.idl:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseXML):
        * xml/XSLTProcessor.cpp:
        (WebCore::XSLTProcessor::createDocumentFromSource):

2016-01-24  Brady Eidson  <beidson@apple.com>

        Modern IDB: Support IDBObjectStore.createIndex in the SQLite backing store.
        https://bugs.webkit.org/show_bug.cgi?id=153410

        Reviewed by Darin Adler.

        No new tests (Covered by unskipping many existing tests).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::~SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedHasIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::uncheckedPutIndexRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
        (WebCore::IDBServer::SQLiteIDBCursor::maybeCreateBackingStoreCursor):
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        * Modules/indexeddb/server/SQLiteIDBCursor.h:

        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::maybeOpenBackingStoreCursor):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:

2016-01-24  Simon Fraser  <simon.fraser@apple.com>

        Make the dumped display list representation a bit more compact
        https://bugs.webkit.org/show_bug.cgi?id=153409

        Reviewed by Zalan Bujtas.

        Don't make a group for every display list item.

        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::asText):

2016-01-24  Simon Fraser  <simon.fraser@apple.com>

        Add testing for display list replay, and skip clipped-out items on replay
        https://bugs.webkit.org/show_bug.cgi?id=153408

        Reviewed by Zalan Bujtas.
        
        Make it possible to save and serialize a DisplayList of Items which were
        actually applied on replay, so that replay-time optimizations can be tested.
        
        This exposes internals.setElementTracksDisplayListReplay() and
        internals.replayDisplayListForElement().
        
        Do a trivial replay-time optimization, which is to skip items whose extents are
        outside the replay clip.

        Test: displaylists/replay-skip-clipped-rect.html

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::setIsTrackingDisplayListReplay):
        (WebCore::GraphicsLayer::isTrackingDisplayListReplay):
        (WebCore::GraphicsLayer::replayDisplayListAsText):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::layerDisplayListMap): Use a singleton map to store the replay display lists
        to avoid bloating GraphicsLayerCA for test-only code. The map stores a pair of the
        replay list and a clip rect, which are both dumped. Dumping the clip rect ensures that
        we're reporting the replay for the correct tile in a test (since there will be a replay
        for each tile).
        (WebCore::GraphicsLayerCA::~GraphicsLayerCA):
        (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
        (WebCore::GraphicsLayerCA::setIsTrackingDisplayListReplay):
        (WebCore::GraphicsLayerCA::replayDisplayListAsText):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/displaylists/DisplayList.h:
        (WebCore::DisplayList::DisplayList::appendItem):
        * platform/graphics/displaylists/DisplayListReplayer.cpp:
        (WebCore::DisplayList::Replayer::replay): In the unlikely event of tracking replays,
        allocate a new DisplayList and append to it items which actually get applied.
        * platform/graphics/displaylists/DisplayListReplayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setIsTrackingDisplayListReplay):
        (WebCore::RenderLayerBacking::replayDisplayListAsText):
        * rendering/RenderLayerBacking.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setElementTracksDisplayListReplay):
        (WebCore::Internals::replayDisplayListForElement):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-01-23  Wonchul Lee  <wonchul.lee@collabora.co.uk>

        [GTK] Fix media controls displaying without controls attribute
        https://bugs.webkit.org/show_bug.cgi?id=152500

        Media controls is not displayed without controls attribute by default
        when the video element has text track. It'll be displayed on fullscreen
        regardless of controls attribute.

        Reviewed by Michael Catanzaro.

        * Modules/mediacontrols/mediaControlsGtk.js:
        (ControllerGtk.prototype.shouldHaveControls):
        (ControllerGtk.prototype.reconnectControls):
        (ControllerGtk.prototype.removeControls):
        (ControllerGtk.prototype.configureControls): Deleted.
2016-01-23  Alex Christensen  <achristensen@webkit.org>

        Use credentials from a URL with NetworkSession like we did with ResourceHandle
        https://bugs.webkit.org/show_bug.cgi?id=153328

        Reviewed by Alexey Proskuryakov.

        This patch fixes at least http/tests/xmlhttprequest/basic-auth-credentials-escaping.html when using NetworkSession.

        * platform/network/ProtectionSpaceBase.h:
        (WebCore::ProtectionSpaceBase::encodingRequiresPlatformData):
        * platform/network/ResourceRequestBase.h:
        Add some WEBCORE_EXPORT macros for functions that are now used in WebKit2.

2016-01-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement clearing object stores and opening cursors in the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153396

        Reviewed by Alex Christensen.

        No new tests (Some failing tests now pass, others improved).

        Copy more LegacyIDB SQLite backend code over to the new SQLite backend.
        
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::openCursor):
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):

2016-01-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195493.
        https://bugs.webkit.org/show_bug.cgi?id=153397

        Broke authenticaiton tests (leaks credentials) (Requested by
        ap on #webkit).

        Reverted changeset:

        "LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-
        unterminated.html crashing"
        https://bugs.webkit.org/show_bug.cgi?id=153250
        http://trac.webkit.org/changeset/195493

2016-01-20  Ryosuke Niwa  <rniwa@webkit.org>

        HTMLElement::nodeName should not upper case non-ASCII characters
        https://bugs.webkit.org/show_bug.cgi?id=153231

        Reviewed by Darin Adler.

        Use the newly added convertToASCIIUppercase to generate the string for tagName and nodeName.

        Test: fast/dom/Element/tagName-must-be-ASCII-uppercase-in-HTML-document.html

        * dom/QualifiedName.cpp:
        (WebCore::QualifiedName::localNameUpper): Use convertToASCIIUppercase.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::nodeName): Use convertToASCIIUppercase.

2016-01-22  Brady Eidson  <beidson@apple.com>

        Modern IDB: Disable simultaneous transactions in the SQLite backend for now.
        https://bugs.webkit.org/show_bug.cgi?id=153381

        Reviewed by Alex Christensen.

        No new tests (This resolves many of the currently crashing/asserting tests).

        Right now we're porting the Legacy IDB SQLite backend to Modern IDB.
        
        The way the Legacy backend works is restricted to one transaction at a time.
        
        There's many tricks we can play to resolve this, but that task is better performed
        once all of the basic functionality is done.
        
        Fixing this limitation is covered by https://bugs.webkit.org/show_bug.cgi?id=153382

        * Modules/indexeddb/server/IDBBackingStore.h: Add a "supports simultaneous transactions" getter.
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::enqueueTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction): If the backing store does
          not support simultaneous transactions but there is a transaction in progress, return.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-01-22  Chris Dumez  <cdumez@apple.com>

        document.charset should be an alias for document.characterSet
        https://bugs.webkit.org/show_bug.cgi?id=153367

        Reviewed by Ryosuke Niwa.

        document.charset should be an alias for document.characterSet:
        - https://dom.spec.whatwg.org/#dom-document-charset

        It should also be read-only.

        Chrome matches the specification.

        No new tests, already covered by existing tests.

        * dom/Document.h:
        * dom/Document.idl:

2016-01-22  Chris Dumez  <cdumez@apple.com>

        Document.open / Document.write should be prevented while the document is being unloaded
        https://bugs.webkit.org/show_bug.cgi?id=153255
        <rdar://problem/22741293>

        Reviewed by Ryosuke Niwa.

        Document.open / Document.write should be prevented while the document
        is being unloaded, as per the HTML specification:
        - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
        - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)

        This patch is aligning our behavior with the specification and Firefox.
        Calling Document.open / Document.write during the document was being
        unloaded would cause us to crash as this was unexpected.

        Tests: fast/frames/page-hide-document-open.html
               fast/frames/page-unload-document-open.html

        * WebCore.xcodeproj/project.pbxproj:
        Add new IgnoreOpensDuringUnloadCountIncrementer.h header.

        * dom/Document.cpp:
        (WebCore::Document::open):
        Abort if the document's ignore-opens-during-unload counter is greater
        than zero, as per:
        https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)

        (WebCore::Document::write):
        Abort if the insertion point is undefined and the document's
        ignore-opens-during-unload counter is greater than zero, as per:
        https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)

        * dom/Document.h:
        Add data member to maintain the document's ignore-opens-during-unload counter:
        https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter

        * dom/IgnoreOpensDuringUnloadCountIncrementer.h: Added.
        Add utility class to increment / decrement a document's
        ignore-opens-during-unload counter.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        When a page goes into PageCache, we don't end up calling
        FrameLoader::detachChildren() so we need to increment the document's
        ignore-opens-during-unload counter before calling stopLoading() on each
        subframe.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::detachChildren):
        detachChildren() will end up firing the pagehide / unload events in each
        child frame so we increment the parent frame's document's
        ignore-opens-during-unload counter. This behavior matches the text of:
        https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document

        As per the spec, the document's ignore-opens-during-unload counter should
        be incremented before firing the pagehide / unload events at the document's
        Window object. It should be decremented only after firing the pagehide /
        unload events in each subframe. This is needed in case a subframe tries to
        call document.open / document.write on a parent frame's document, from its
        pagehide or unload handler.

        (WebCore::FrameLoader::dispatchUnloadEvents):
        Increment the document's ignore-opens-during-unload counter before firing
        the pagehide / unload events and decrement it after. As per the spec, we
        are not supposed to decrement this early. We actually supposed to wait
        until the pagehide / unload events have been fired in all the subframes.
        For this reason, we take care of re-incrementing the document's
        ignore-opens-during-unload in detachChildren(), which will take care of
        firing the pagehide / unload in the subframes.

2016-01-22  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement put, get, and delete records for the SQLite backend.
        https://bugs.webkit.org/show_bug.cgi?id=153375

        Reviewed by Alex Christensen.

        No new tests (Covered by many existing tests now passing).

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::keyExistsInObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

2016-01-22  Enrica Casucci  <enrica@apple.com>

        Add support for DataDetectors in WK (iOS).
        https://bugs.webkit.org/show_bug.cgi?id=152989
        rdar://problem/22855960

        Reviewed by Tim Horton.

        This patch adds the logic to perform data detection and modify
        the DOM by adding data detector links as appropriate.
        The data detector results returned by detectContentInRange are
        stored in the Frame object.

        * editing/cocoa/DataDetection.h:
        * editing/cocoa/DataDetection.mm:
        (WebCore::resultIsURL):
        (WebCore::constructURLStringForResult):
        (WebCore::removeResultLinksFromAnchor):
        (WebCore::searchForLinkRemovingExistingDDLinks):
        (WebCore::dataDetectorTypeForCategory):
        (WebCore::buildQuery):
        (WebCore::DataDetection::detectContentInRange):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        * page/Frame.h:
        (WebCore::Frame::setDataDetectionResults):
        (WebCore::Frame::dataDetectionResults):
        * platform/spi/cocoa/DataDetectorsCoreSPI.h:
        (DDQueryOffsetCompare):

2016-01-22  Daniel Bates  <dabates@apple.com>

        LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
        https://bugs.webkit.org/show_bug.cgi?id=153250
        <rdar://problem/12172843>
        And
        <rdar://problem/24248040>

        Reviewed by Alexey Proskuryakov.

        Remove an incorrect assertion that the absolute URL associated with a protection space cannot
        contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
        This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
        with the invariants for WebCore::protectionSpaceMapKeyFromURL().

        Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
               http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

        * platform/network/CredentialStorage.cpp:
        (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

2016-01-22  Chris Dumez  <cdumez@apple.com>

        DOMImplementation.createHTMLDocument("") should append an empty Text Node to the title Element
        https://bugs.webkit.org/show_bug.cgi?id=153374

        Reviewed by Ryosuke Niwa.

        DOMImplementation.createHTMLDocument("") should append an empty Text
        Node to the title Element as per the steps at:
        - https://dom.spec.whatwg.org/#dom-domimplementation-createhtmldocument (step 6)

        Firefox and Chrome follow the specification here.

        Previously, WebKit would rely on HTMLTitleElement.text setter which
        does not create a Text Node if the title is the empty string, as per:
        - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
        - https://dom.spec.whatwg.org/#dom-node-textcontent

        No new tests, already covered by existing test.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::createHTMLDocument):

2016-01-17  Ada Chan  <adachan@apple.com>

        Add a mode parameter to MediaControllerInterface::supportsFullscreen() and ChromeClient::supportsVideoFullscreen().
        https://bugs.webkit.org/show_bug.cgi?id=153220

        Reviewed by Eric Carlson.

        No new tests, just code refactoring.

        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::supportsFullscreen):
        Just pass in VideoFullscreenModeStandard as this is used for checking the standard fullscreen case.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::enterFullscreen):
        Only use the FullScreen API if the mode is VideoFullscreenModeStandard. Call ChromeClient::supportsVideoFullscreen()
        with the mode.
        (WebCore::HTMLMediaElement::exitFullscreen):
        Move the fullscreen element check up so we can use this method to exit picture-in-picture mode.
        * html/HTMLMediaElement.h:

        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::supportsFullscreen):
        Ditto.
        (WebCore::HTMLVideoElement::webkitEnterFullscreen):
        Pass in VideoFullscreenModeStandard to supportsFullscreen() as this is used for the standard fullscreen case.
        (WebCore::HTMLVideoElement::webkitSupportsFullscreen):
        Ditto.
        (WebCore::HTMLVideoElement::webkitSupportsPresentationMode):
        Pass in the correct VideoFullscreenMode to supportsFullscreen() corresponding to the mode string passed in.
        (WebCore::HTMLVideoElement::setFullscreenMode):
        Pass in the mode to supportsFullscreen().
        * html/HTMLVideoElement.h:

        * html/MediaController.h:
        * html/MediaControllerInterface.h:
        Make supportsFullscreen() take a VideoFullscreenMode.

        * html/shadow/MediaControls.cpp:
        (WebCore::MediaControls::reset):
        Pass in VideoFullscreenModeStandard to supportsFullscreen() here since this is used for the standard
        fullscreen button.
        * html/shadow/MediaControlsApple.cpp:
        (WebCore::MediaControlsApple::reset):
        Ditto.

        * page/ChromeClient.h:
        Make supportsVideoFullscreen() take a VideoFullscreenMode.

        * rendering/HitTestResult.cpp:
        (WebCore::HitTestResult::mediaSupportsFullscreen):
        (WebCore::HitTestResult::toggleMediaFullscreenState):
        (WebCore::HitTestResult::enterFullscreenForVideo):
        Pass in VideoFullscreenModeStandard in the code relating to the standard fullscreen.

2016-01-22  Chris Dumez  <cdumez@apple.com>

        Document.URL / Document.documentURI should return "about:blank" instead of empty string / null
        https://bugs.webkit.org/show_bug.cgi?id=153363
        <rdar://problem/22549736>

        Reviewed by Ryosuke Niwa.

        Document.URL / Document.documentURI should return "about:blank" instead
        of empty string / null, as per the specification:
        - https://dom.spec.whatwg.org/#dom-document-url
        - https://dom.spec.whatwg.org/#concept-document-url

        Also, Document.documentURI should be an alias for Document.URL as per:
        - https://dom.spec.whatwg.org/#dom-document-url

        Firefox matches the specification.

        No new tests, already covered by existing W3C tests.

        * dom/Document.h:
        (WebCore::Document::urlForBindings):
        * dom/Document.idl:

2016-01-22  Brent Fulgham  <bfulgham@apple.com>

        Don't ignore the return value of CCRandomCopyBytes
        https://bugs.webkit.org/show_bug.cgi?id=153369
        <rdar://problem/22198376>
        <rdar://problem/22198378>

        Reviewed by Alexey Proskuryakov.

        Tested by existing Crypto tests.

        * crypto/mac/CryptoKeyMac.cpp:
        (WebCore::CryptoKey::randomData): RELEASE_ASSERT if CCRandomCopyBytes ever returns
        anything besides kCCSuccess.
        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
        (WebCore::createAndStoreMasterKey): Ditto.
        (WebCore::wrapSerializedCryptoKey): Ditto.

2016-01-21  Sam Weinig  <sam@webkit.org>

        Treat non-https actions on secure pages as mixed content
        <rdar://problem/23144492>
        https://bugs.webkit.org/show_bug.cgi?id=153322

        Reviewed by Alexey Proskuryakov.

        Tests:  http/tests/security/mixedContent/insecure-form-in-iframe.html
                http/tests/security/mixedContent/insecure-form-in-main-frame.html
                http/tests/security/mixedContent/javascript-url-form-in-main-frame.html

        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::parseAttribute):
        Check form actions for mixed content.

        * loader/MixedContentChecker.cpp:
        (WebCore::MixedContentChecker::checkFormForMixedContent):
        * loader/MixedContentChecker.h:
        Add new function to check and warn if a form's action is mixed content.

2016-01-22  Nan Wang  <n_wang@apple.com>

        AX: Crash in setTextMarkerDataWithCharacterOffset
        https://bugs.webkit.org/show_bug.cgi?id=153365
        <rdar://problem/24287924>

        Reviewed by Chris Fleizach.

        Sometimes when we try to create a text marker range from a stale text marker with a removed
        node, it will cause crash. Fixed it by adding a null check for the AccessibilityObject we
        create in setTextMarkerDataWithCharacterOffset.

        Test: accessibility/text-marker/text-marker-range-with-removed-node-crash.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):

2016-01-22  Brady Eidson  <beidson@apple.com>

        Modern IDB: Add transactions and create/delete object store to SQLite backend
        https://bugs.webkit.org/show_bug.cgi?id=153359

        Reviewed by Alex Christensen.

        No new tests (Covered by many tests now passing).

        * Modules/indexeddb/server/IDBBackingStore.h: Change deleteObjectStore to work on an ID instead of name.

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::takeObjectStoreByIdentifier):
        (WebCore::IDBServer::MemoryIDBBackingStore::takeObjectStoreByName): Deleted.
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:

        Clean up filename generation a bit to actually match the previous directory structure.
        Add begin/commit/abort transaction support.
        Add create/delete object store support:
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::filenameForDatabaseName):
        (WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectory):
        (WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabasePath):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        Clean up SQLiteIDBTransaction to fit with the new WebCore backing store model, which is slightly
        different from the old WebKit2 backing store model:
        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp:
        (WebCore::IDBServer::SQLiteIDBTransaction::SQLiteIDBTransaction):
        (WebCore::IDBServer::SQLiteIDBTransaction::begin):
        (WebCore::IDBServer::SQLiteIDBTransaction::commit):
        (WebCore::IDBServer::SQLiteIDBTransaction::abort):
        (WebCore::IDBServer::SQLiteIDBTransaction::reset):
        (WebCore::IDBServer::SQLiteIDBTransaction::rollback): Deleted.
        * Modules/indexeddb/server/SQLiteIDBTransaction.h:
        (WebCore::IDBServer::SQLiteIDBTransaction::transactionIdentifier):
        (WebCore::IDBServer::SQLiteIDBTransaction::mode):
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::deleteObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::performDeleteObjectStore):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformDeleteObjectStore):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
        (WebCore::IDBDatabaseInfo::deleteObjectStore):
        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        (WebCore::IDBObjectStoreInfo::maxIndexID):
        
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::identifier):

2016-01-22  Antti Koivisto  <antti@apple.com>

        Style resolver initialization cleanups
        https://bugs.webkit.org/show_bug.cgi?id=153356

        Reviewed by Simon Fraser.

            Simplify StyleResolver::State initialization.
            Also use more references and other cleanups.

        * css/MediaQueryMatcher.cpp:
        (WebCore::MediaQueryMatcher::prepareEvaluator):
        * css/StyleMedia.cpp:
        (WebCore::StyleMedia::matchMedium):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::clear):
        (WebCore::StyleResolver::StyleResolver):
        (WebCore::StyleResolver::classNamesAffectedByRules):
        (WebCore::StyleResolver::State::State):

            Initialize State using a constructor instead of bunch of construction functions.
            Remove m_styledElement field which is just a casted version of m_element.

        (WebCore::StyleResolver::State::updateConversionData):
        (WebCore::StyleResolver::State::setStyle):
        (WebCore::StyleResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
        (WebCore::StyleResolver::canShareStyleWithElement):
        (WebCore::StyleResolver::locateSharedStyle):
        (WebCore::isAtShadowBoundary):
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::styleForKeyframe):
        (WebCore::StyleResolver::keyframeStylesForAnimation):
        (WebCore::StyleResolver::pseudoStyleForElement):
        (WebCore::StyleResolver::styleForPage):
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        (WebCore::StyleResolver::clearCachedPropertiesAffectedByViewportUnits):
        (WebCore::isCacheableInMatchedPropertiesCache):

            Disallow caching of document element style entirely because the writing-mode and direction properties have special handling.
            The existing check wasn't robust.

        (WebCore::extractDirectionAndWritingMode):
        (WebCore::StyleResolver::applyMatchedProperties):
        (WebCore::StyleResolver::applyPropertyToStyle):
        (WebCore::StyleResolver::State::initElement): Deleted.
        (WebCore::StyleResolver::initElement): Deleted.
        (WebCore::StyleResolver::State::initForStyleResolve): Deleted.
        * css/StyleResolver.h:
        (WebCore::StyleResolver::mediaQueryEvaluator):
        (WebCore::StyleResolver::State::State):
        (WebCore::StyleResolver::State::document):
        (WebCore::StyleResolver::State::element):
        (WebCore::StyleResolver::State::style):
        (WebCore::StyleResolver::State::takeStyle):
        (WebCore::StyleResolver::State::styledElement): Deleted.
        * dom/Element.cpp:
        (WebCore::Element::resolveStyle):
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::KeyframeAnimation):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::getUncachedPseudoStyle):
        (WebCore::RenderElement::containingBlockForFixedPosition):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::computeStyleInRegion):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::styleForElement):
        * svg/SVGElement.cpp:
        (WebCore::SVGElement::customStyleForRenderer):
        (WebCore::SVGElement::computedStyle):
        (WebCore::addQualifiedName):
        * svg/SVGElementRareData.h:
        (WebCore::SVGElementRareData::ensureAnimatedSMILStyleProperties):
        (WebCore::SVGElementRareData::overrideComputedStyle):

2016-01-22  Chris Fleizach  <cfleizach@apple.com>

        AX: <code> group and friends should have a custom subrole
        https://bugs.webkit.org/show_bug.cgi?id=153282

        Reviewed by Mario Sanchez Prada.

        Add some custom subroles for the mac for code, ins, del, cite, var, samp, pre, kbd,
        so that assistive tech can recognize them.

        Test: accessibility/mac/subroles-for-formatted-groups.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isStyleFormatGroup):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored):
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper subrole]):

2016-01-22  Enrica Casucci  <enrica@apple.com>

        Remove dependency from DataDetectorsCore on iOS.
        https://bugs.webkit.org/show_bug.cgi?id=153358
        rdar://problem/24294651

        Reviewed by Anders Carlsson.

        Avoid build dependencies.

        * Configurations/WebCore.xcconfig:

2016-01-22  Chris Fleizach  <cfleizach@apple.com>

        AX: ARIA combo boxes are not returning the right value for selected text range
        https://bugs.webkit.org/show_bug.cgi?id=153260

        Reviewed by Darin Adler.

        Just because an element has an ARIA role doesn't mean we should always use the selected text range of the whole document.
        If the element is also a text based ARIA control, we can still use the element's inner text range to return the right value.

        Test: accessibility/selected-text-range-aria-elements.html

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::selectedTextRange):

2016-01-22  Chris Dumez  <cdumez@apple.com>

        Unreviewed iOS build fix after r195452.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::colorValue):

2016-01-21  Dave Hyatt  <hyatt@apple.com>

        Elements with overflow and border-radius don't show in multicolumn properly.
        https://bugs.webkit.org/show_bug.cgi?id=152920

        Reviewed by Simon Fraser.

        Added new test in fast/multicol.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::convertToLayerCoords):
        (WebCore::RenderLayer::offsetFromAncestor):
        (WebCore::RenderLayer::clipToRect):
        * rendering/RenderLayer.h:

        Make sure the crawl up the containing block chain to apply clips properly offsets
        to account for columns. convertToLayerCoords could already handle this, so
        offsetFromAncestor now takes the same extra argument (whether or not to adjust for
        columns) that convertToLayerCoords does.

2016-01-22  Darin Adler  <darin@apple.com>

        Reduce use of equalIgnoringCase to just ignore ASCII case
        https://bugs.webkit.org/show_bug.cgi?id=153266

        Reviewed by Ryosuke Niwa.

        Changed many call sites that were using equalIgnoringCase to instead use
        equalLettersIgnoringASCIICase. What these all have in common is that the
        thing they are comparing with is a string literal that has all lowercase
        letters, spaces, and a few simple examples of punctuation.

        Not 100% sure that the new function name is just right, but it's a long name
        so it's easy to change it with a global replace if we come up with a better one.

        Or if we decide ther eis no need for the "letters" optimization, we can change
        these all to just use equalIgnoringASCIICase, also with a global replace.

        Also made a few tweaks to some code nearby and some includes.

        * Modules/encryptedmedia/CDMPrivateClearKey.cpp:
        (WebCore::CDMPrivateClearKey::supportsKeySystem): Use equalLettersIgnoringASCIICase.
        (WebCore::CDMPrivateClearKey::supportsKeySystemAndMimeType): Ditto.
        * Modules/encryptedmedia/CDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::update): Ditto.
        * Modules/plugins/YouTubePluginReplacement.cpp:
        (WebCore::YouTubePluginReplacement::supportsMimeType): Ditto.
        (WebCore::YouTubePluginReplacement::supportsFileExtension): Ditto.
        * Modules/webdatabase/DatabaseAuthorizer.cpp:
        (WebCore::DatabaseAuthorizer::createVTable): Ditto.
        (WebCore::DatabaseAuthorizer::dropVTable): Ditto.
        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::readHTTPHeaders): Ditto.
        (WebCore::WebSocketHandshake::checkResponseHeaders): Ditto.
        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::findAriaModalNodes): Ditto.
        (WebCore::AXObjectCache::handleMenuItemSelected): Ditto.
        (WebCore::AXObjectCache::handleAriaModalChange): Ditto.
        (WebCore::isNodeAriaVisible): Ditto.
        * accessibility/AccessibilityListBoxOption.cpp:
        (WebCore::AccessibilityListBoxOption::isEnabled): Ditto.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::determineAccessibilityRole): Use isColorControl
        instead of checking the typeAttr of the HTMLInputElement directly.
        (WebCore::AccessibilityNodeObject::isEnabled): Use equalLettersIgnoringASCIICase.
        (WebCore::AccessibilityNodeObject::isPressed): Ditto.
        (WebCore::AccessibilityNodeObject::isChecked): Ditto.
        (WebCore::AccessibilityNodeObject::isMultiSelectable): Ditto.
        (WebCore::AccessibilityNodeObject::isRequired): Ditto.
        (WebCore::shouldUseAccessibilityObjectInnerText): Ditto.
        (WebCore::AccessibilityNodeObject::colorValue): Ditto.

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
        Use equalLettersIgnoringASCIICase.
        (WebCore::AccessibilityObject::ariaIsMultiline): Ditto.
        (WebCore::AccessibilityObject::liveRegionStatusIsEnabled): Ditto.
        (WebCore::AccessibilityObject::sortDirection): Ditto.
        (WebCore::AccessibilityObject::supportsARIAPressed): Ditto.
        (WebCore::AccessibilityObject::supportsExpanded): Ditto.
        (WebCore::AccessibilityObject::isExpanded): Ditto.
        (WebCore::AccessibilityObject::checkboxOrRadioValue): Ditto.
        (WebCore::AccessibilityObject::isARIAHidden): Ditto.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::supportsARIADragging): Ditto.
        (WebCore::AccessibilityRenderObject::defaultObjectInclusion): Ditto.
        (WebCore::AccessibilityRenderObject::elementAttributeValue): Ditto.
        (WebCore::AccessibilityRenderObject::isSelected): Ditto.
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
        (WebCore::AccessibilityRenderObject::orientation): Ditto.
        (WebCore::AccessibilityRenderObject::canSetExpandedAttribute): Ditto.
        (WebCore::AccessibilityRenderObject::canSetValueAttribute): Ditto.
        (WebCore::AccessibilityRenderObject::ariaLiveRegionAtomic): Ditto.

        * accessibility/AccessibilityTableCell.cpp:
        (WebCore::AccessibilityTableCell::ariaRowSpan): Use == to compare a string
        with "0" since there is no need to "ignore case" when there are no letters.

        * css/CSSCalculationValue.cpp:
        (WebCore::CSSCalcValue::create): Use equalLettersIgnoringASCIICase.

        * css/CSSCalculationValue.h: Removed unneeded include of CSSParserValues.h.
        * css/CSSCustomPropertyValue.h: Ditto.

        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::isSVGFontFaceSrc): Use equalLettersIgnoringASCIICase.

        * css/CSSGrammar.y.in: Use equalLettersIgnoringASCIICase. Also restructured the code
        a bit to have more normal formatting and reordered it slightly.

        * css/CSSParser.cpp:
        (WebCore::equal): Deleted.
        (WebCore::equalIgnoringCase): Deleted.
        (WebCore::equalLettersIgnoringASCIICase): Added. Replaces function templates named
        equal and equalIgnoringCase that are no longer used.
        (WebCore::CSSParser::parseValue): Use equalLettersIgnoringASCIICase.
        (WebCore::CSSParser::parseNonElementSnapPoints): Ditto.
        (WebCore::CSSParser::parseAlt): Ditto.
        (WebCore::CSSParser::parseContent): Ditto.
        (WebCore::CSSParser::parseFillImage): Ditto.
        (WebCore::CSSParser::parseAnimationName): Ditto.
        (WebCore::CSSParser::parseAnimationTrigger): Ditto.
        (WebCore::CSSParser::parseAnimationProperty): Ditto.
        (WebCore::CSSParser::parseKeyframeSelector): Ditto.
        (WebCore::CSSParser::parseAnimationTimingFunction): Ditto.
        (WebCore::CSSParser::parseGridTrackList): Ditto.
        (WebCore::CSSParser::parseGridTrackSize): Ditto.
        (WebCore::CSSParser::parseDashboardRegions): Ditto.
        (WebCore::CSSParser::parseClipShape): Ditto.
        (WebCore::CSSParser::parseBasicShapeInset): Ditto.
        (WebCore::CSSParser::parseBasicShape): Ditto.
        (WebCore::CSSParser::parseFontFaceSrcURI): Ditto.
        (WebCore::CSSParser::parseFontFaceSrc): Ditto.
        (WebCore::CSSParser::isCalculation): Ditto.
        (WebCore::CSSParser::parseColorFromValue): Ditto.
        (WebCore::CSSParser::parseBorderImage): Ditto.
        (WebCore::parseDeprecatedGradientPoint): Ditto.
        (WebCore::parseDeprecatedGradientColorStop): Ditto.
        (WebCore::CSSParser::parseDeprecatedGradient): Ditto.
        (WebCore::CSSParser::parseLinearGradient): Ditto.
        (WebCore::CSSParser::parseRadialGradient): Ditto.
        (WebCore::CSSParser::isGeneratedImageValue): Ditto.
        (WebCore::CSSParser::parseGeneratedImage): Ditto.
        (WebCore::filterInfoForName): Ditto.
        (WebCore::validFlowName): Ditto.
        (WebCore::CSSParser::realLex): Ditto.
        (WebCore::isValidNthToken): Ditto.
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePagePseudoSelector): Ditto.

        * css/CSSParserValues.h:
        (WebCore::equalLettersIgnoringASCIICase): Added.

        * css/CSSVariableDependentValue.h: Removed unneeded include of CSSParserValues.h.

        * css/MediaList.cpp:
        (WebCore::reportMediaQueryWarningIfNeeded): Use equalLettersIgnoringASCIICase.
        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::mediaTypeMatch): Ditto.
        (WebCore::MediaQueryEvaluator::mediaTypeMatchSpecific): Ditto.
        (WebCore::evalResolution): Ditto.

        * css/SelectorPseudoTypeMap.h: Removed unneeded include of CSSParserValues.h.

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertTouchCallout): Use equalLettersIgnoringASCIICase.

        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py: Added an include of
        CSSParserValues.h since it's no longer included by SelectorPseudoTypeMap.h.

        * dom/Document.cpp:
        (WebCore::setParserFeature): Use equalLettersIgnoringASCIICase.
        (WebCore::Document::processReferrerPolicy): Ditto.
        (WebCore::Document::createEvent): Ditto.
        (WebCore::Document::parseDNSPrefetchControlHeader): Ditto.

        * dom/Element.cpp:
        (WebCore::Element::spellcheckAttributeState): Use isNull instead of doing
        checking equality with nullAtom. Use isEmpty instead of equalIgnoringCase("").
        Use equalLettersIgnoringASCIICase.
        (WebCore::Element::canContainRangeEndPoint): Ditto.

        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::isValidCSSContentType): Use equalLettersIgnoringASCIICase.
        Added comment about peculiar behavior where we do case-sensitive processing of
        the MIME type if the document is XML.

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::requestScript): Use equalLettersIgnoringASCIICase.
        (WebCore::ScriptElement::isScriptForEventSupported): Ditto.
        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::parseSandboxPolicy): Ditto.
        * dom/ViewportArguments.cpp:
        (WebCore::findSizeValue): Ditto.
        (WebCore::findScaleValue): Ditto.
        (WebCore::findBooleanValue): Ditto.

        * editing/EditorCommand.cpp:
        (WebCore::executeDefaultParagraphSeparator): Use equalLettersIgnoringASCIICase.
        (WebCore::executeInsertBacktab): Use ASCIILiteral.
        (WebCore::executeInsertHTML): Use emptyString.
        (WebCore::executeInsertLineBreak): Use ASCIILiteral.
        (WebCore::executeInsertNewline): Ditto.
        (WebCore::executeInsertTab): Ditto.
        (WebCore::executeJustifyCenter): Ditto.
        (WebCore::executeJustifyFull): Ditto.
        (WebCore::executeJustifyLeft): Ditto.
        (WebCore::executeJustifyRight): Ditto.
        (WebCore::executeStrikethrough): Ditto.
        (WebCore::executeStyleWithCSS): Use equalLettersIgnoringASCIICase.
        (WebCore::executeUseCSS): Ditto.
        (WebCore::executeSubscript): Use ASCIILiteral.
        (WebCore::executeSuperscript): Ditto.
        (WebCore::executeToggleBold): Ditto.
        (WebCore::executeToggleItalic): Ditto.
        (WebCore::executeUnderline): Ditto.
        (WebCore::executeUnscript): Ditto.
        (WebCore::stateBold): Ditto.
        (WebCore::stateItalic): Ditto.
        (WebCore::stateStrikethrough): Ditto.
        (WebCore::stateSubscript): Ditto.
        (WebCore::stateSuperscript): Ditto.
        (WebCore::stateUnderline): Ditto.
        (WebCore::stateJustifyCenter): Ditto.
        (WebCore::stateJustifyFull): Ditto.
        (WebCore::stateJustifyLeft): Ditto.
        (WebCore::stateJustifyRight): Ditto.
        (WebCore::valueFormatBlock): Use emptyString.
        (WebCore::Editor::Command::value): Use ASCIILiteral.

        * editing/TextIterator.cpp:
        (WebCore::isRendererReplacedElement): Use equalLettersIgnoringASCIICase.

        * fileapi/Blob.cpp:
        (WebCore::Blob::isNormalizedContentType): Use isASCIIUpper.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::setFormInfoFromRequest): Use equalLettersIgnoringASCIICase.

        * html/Autocapitalize.cpp:
        (WebCore::valueOn): Deleted.
        (WebCore::valueOff): Deleted.
        (WebCore::valueNone): Deleted.
        (WebCore::valueWords): Deleted.
        (WebCore::valueSentences): Deleted.
        (WebCore::valueAllCharacters): Deleted.
        (WebCore::autocapitalizeTypeForAttributeValue): Use equalLettersIgnoringASCIICase.
        (WebCore::stringForAutocapitalizeType): Put the AtomicString globals right in the
        switch statement instead of in separate functions.

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::draggable): Use equalLettersIgnoringASCIICase.
        * html/HTMLAreaElement.cpp:
        (WebCore::HTMLAreaElement::parseAttribute): Ditto.
        * html/HTMLBRElement.cpp:
        (WebCore::HTMLBRElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::parseAttribute): Ditto.

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::toDataURL): Use ASCIILiteral.

        * html/HTMLDivElement.cpp:
        (WebCore::HTMLDivElement::collectStyleForPresentationAttribute):
        Use equalLettersIgnoringASCIICase.

        * html/HTMLDocument.cpp:
        (WebCore::HTMLDocument::designMode): Use ASCIILiteral.
        (WebCore::HTMLDocument::setDesignMode): Use equalLettersIgnoringASCIICase.

        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::nodeName): Updated comment.
        (WebCore::isLTROrRTLIgnoringCase): Use equalLettersIgnoringASCIICase.
        (WebCore::contentEditableType): Ditto.
        (WebCore::HTMLElement::collectStyleForPresentationAttribute): Ditto.
        (WebCore::toValidDirValue): Ditto.
        (WebCore::HTMLElement::insertAdjacent): Ditto.
        (WebCore::contextElementForInsertion): Ditto.
        (WebCore::HTMLElement::applyAlignmentAttributeToStyle): Ditto.
        (WebCore::HTMLElement::setContentEditable): Ditto.
        (WebCore::HTMLElement::draggable): Ditto.
        (WebCore::HTMLElement::translateAttributeMode): Ditto.
        (WebCore::HTMLElement::hasDirectionAuto): Ditto.
        (WebCore::HTMLElement::directionality): Ditto.
        (WebCore::HTMLElement::dirAttributeChanged): Ditto.
        (WebCore::HTMLElement::addHTMLColorToStyle): Ditto.
        * html/HTMLEmbedElement.cpp:
        (WebCore::HTMLEmbedElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::autocorrect): Ditto.
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::autocorrect): Ditto.
        (WebCore::HTMLFormElement::shouldAutocomplete): Ditto.
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::parseAttribute): Ditto.

        * html/HTMLFrameSetElement.cpp:
        (WebCore::HTMLFrameSetElement::parseAttribute): Use equalLettersIgnoringASCIICase.
        Use == when comparing with "0" and "1" since there is no need for case folding.

        * html/HTMLHRElement.cpp:
        (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
        Use equalLettersIgnoringASCIICase.
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::draggable): Ditto.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseAttribute): Ditto.
        * html/HTMLKeygenElement.cpp:
        (WebCore::HTMLKeygenElement::appendFormData): Ditto.
        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::parseAttribute): Ditto.
        * html/HTMLMetaElement.cpp:
        (WebCore::HTMLMetaElement::process): Ditto.

        * html/HTMLObjectElement.cpp:
        (WebCore::mapDataParamToSrc): Use references, modern for loops, simplify
        logic to not use array indices, use ASCIILiteral and equalLettersIgnoringASCIICase.
        (WebCore::HTMLObjectElement::parametersForPlugin): Update to call new function.
        (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk): Use equalLettersIgnoringASCIICase.
        (WebCore::HTMLObjectElement::containsJavaApplet): Ditto.
        * html/HTMLParagraphElement.cpp:
        (WebCore::HTMLParagraphElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLParamElement.cpp:
        (WebCore::HTMLParamElement::isURLParameter): Ditto.
        * html/HTMLTableElement.cpp:
        (WebCore::getBordersFromFrameAttributeValue): Ditto.
        (WebCore::HTMLTableElement::collectStyleForPresentationAttribute): Ditto.
        (WebCore::HTMLTableElement::parseAttribute): Ditto.
        * html/HTMLTablePartElement.cpp:
        (WebCore::HTMLTablePartElement::collectStyleForPresentationAttribute): Ditto.
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::parseAttribute): Ditto.
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::setRangeText): Ditto.
        (WebCore::HTMLTextFormControlElement::directionForFormData): Ditto.
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::parseAttribute): Ditto.
        * html/InputType.cpp:
        (WebCore::InputType::applyStep): Ditto.
        * html/LinkRelAttribute.cpp:
        (WebCore::LinkRelAttribute::LinkRelAttribute): Ditto.
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled): Ditto.
        * html/NumberInputType.cpp:
        (WebCore::NumberInputType::sizeShouldIncludeDecoration): Ditto.
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::createStepRange): Ditto.
        (WebCore::RangeInputType::handleKeydownEvent): Ditto.
        * html/StepRange.cpp:
        (WebCore::StepRange::parseStep): Ditto.
        * html/canvas/CanvasStyle.cpp:
        (WebCore::parseColor): Ditto.
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::setCompatibilityModeFromDoctype): Ditto.
        * html/parser/HTMLElementStack.cpp:
        (WebCore::HTMLElementStack::isHTMLIntegrationPoint): Ditto.
        * html/parser/HTMLMetaCharsetParser.cpp:
        (WebCore::HTMLMetaCharsetParser::encodingFromMetaAttributes): Ditto.
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Ditto.
        (WebCore::TokenPreloadScanner::StartTagScanner::crossOriginModeAllowsCookies): Ditto.
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::processStartTagForInBody): Ditto.
        (WebCore::HTMLTreeBuilder::processStartTagForInTable): Ditto.
        * html/parser/XSSAuditor.cpp:
        (WebCore::isDangerousHTTPEquiv): Ditto.

        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::hasRequiredFileIdentifier): Removed unneeded special case
        for empty string.

        * inspector/InspectorPageAgent.cpp:
        (WebCore::createXHRTextDecoder): Use equalLettersIgnoringASCIICase.
        * inspector/NetworkResourcesData.cpp:
        (WebCore::createOtherResourceTextDecoder): Ditto.
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::isOnAccessControlSimpleRequestHeaderWhitelist): Ditto.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::continueAfterContentPolicy): Ditto.
        * loader/FormSubmission.cpp:
        (WebCore::appendMailtoPostFormDataToURL): Ditto.
        (WebCore::FormSubmission::Attributes::parseEncodingType): Ditto.
        (WebCore::FormSubmission::Attributes::parseMethodType): Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldPerformFragmentNavigation): Ditto.
        (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument): Ditto.
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement): Ditto.
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::start): Ditto.
        * loader/SubframeLoader.cpp:
        (WebCore::SubframeLoader::createJavaAppletWidget): Ditto.
        * loader/TextResourceDecoder.cpp:
        (WebCore::TextResourceDecoder::determineContentType): Ditto.
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::load): Ditto.
        * loader/appcache/ApplicationCache.cpp:
        (WebCore::ApplicationCache::requestIsHTTPOrHTTPSGet): Ditto.
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::canUseSheet): Ditto.
        * loader/cache/CachedResource.cpp:
        (WebCore::shouldCacheSchemeIndefinitely): Ditto.
        * page/DOMSelection.cpp:
        (WebCore::DOMSelection::modify): Ditto.
        * page/EventSource.cpp:
        (WebCore::EventSource::didReceiveResponse): Ditto.
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollToAnchor): Ditto.
        * page/Performance.cpp:
        (WebCore::Performance::webkitGetEntriesByType): Ditto.
        * page/PerformanceResourceTiming.cpp:
        (WebCore::passesTimingAllowCheck): Ditto.

        * page/SecurityOrigin.cpp:
        (WebCore::SecurityOrigin::SecurityOrigin): Use emptyString.
        (WebCore::SecurityOrigin::toString): Use ASCIILiteral.
        (WebCore::SecurityOrigin::databaseIdentifier): Ditto.

        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::parse): Use equalLettersIgnoringASCIICase.
        (WebCore::UserContentURLPattern::matches): Ditto.
        * platform/URL.cpp:
        (WebCore::URL::protocolIs): Ditto.

        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm:
        (WebCore::CDMPrivateMediaSourceAVFObjC::supportsKeySystemAndMimeType):
        Changed to use early exit and equalLettersIgnoringASCIICase. Added comment
        about inconsistency with next function.
        (WebCore::CDMPrivateMediaSourceAVFObjC::supportsMIMEType): Added comment
        about inconsistency with previous function.

        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::generateKeyRequest):
        Use equalLettersIgnoringASCIICase.
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        (WebCore::CDMSessionAVStreamSession::generateKeyRequest): Ditto.
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::utiFromMIMEType): Ditto.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::FontCache::similarFont): Changed to not use so many global
        variables and use equalLettersIgnoringASCIICase.
        * platform/graphics/ios/FontCacheIOS.mm:
        (WebCore::platformFontWithFamilySpecialCase): Ditto.

        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::supportsFormat): Use equalLettersIgnoringASCIICase.
        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::readString): Ditto.
        * platform/network/BlobResourceHandle.cpp:
        (WebCore::BlobResourceHandle::createAsync): Ditto.
        (WebCore::BlobResourceHandle::loadResourceSynchronously): Ditto.
        * platform/network/CacheValidation.cpp:
        (WebCore::parseCacheControlDirectives): Ditto.
        * platform/network/FormData.h:
        (WebCore::FormData::parseEncodingType): Ditto.
        * platform/network/HTTPParsers.cpp:
        (WebCore::contentDispositionType): Ditto.
        (WebCore::parseXFrameOptionsHeader): Ditto.

        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::isHTTP): Use protocolIsInHTTPFamily, which is
        both clearer and more efficient.
        (WebCore::ResourceResponseBase::isAttachment): Rewrite to be a bit more terse
        and use equalLettersIgnoringASCIICase.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegate::createResourceRequest):
        Use equalLettersIgnoringASCIICase.
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::willSendRequest): Ditto.
        * platform/sql/SQLiteDatabase.cpp:
        (WebCore::SQLiteDatabase::open): Ditto.
        * platform/sql/SQLiteStatement.cpp:
        (WebCore::SQLiteStatement::isColumnDeclaredAsBlob): Ditto.

        * platform/text/TextEncodingRegistry.cpp:
        (WebCore::defaultTextEncodingNameForSystemLanguage): Use ASCIILiteral
        and equalLettersIgnoringASCIICase.

        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::updateFromElement): Use equalLettersIgnoringASCIICase.
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically): Ditto.
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter): Ditto.
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::setEditingBehavior): Ditto.
        (WebCore::InternalSettings::setShouldDisplayTrackKind): Ditto.
        (WebCore::InternalSettings::shouldDisplayTrackKind): Ditto.
        * testing/Internals.cpp:
        (WebCore::markerTypeFrom): Ditto.
        (WebCore::markerTypesFrom): Ditto.
        (WebCore::Internals::mediaElementHasCharacteristic): Ditto.
        (WebCore::Internals::setCaptionDisplayMode): Ditto.
        (WebCore::Internals::beginMediaSessionInterruption): Ditto.
        (WebCore::Internals::endMediaSessionInterruption): Ditto.
        (WebCore::Internals::setMediaSessionRestrictions): Ditto.
        (WebCore::Internals::setMediaElementRestrictions): Ditto.
        (WebCore::Internals::postRemoteControlCommand): Ditto.
        (WebCore::Internals::setAudioContextRestrictions): Ditto.
        (WebCore::Internals::setMockMediaPlaybackTargetPickerState): Ditto.
        * testing/MockCDM.cpp:
        (WebCore::MockCDM::supportsKeySystem): Ditto.
        (WebCore::MockCDM::supportsKeySystemAndMimeType): Ditto.
        (WebCore::MockCDM::supportsMIMEType): Ditto.
        * xml/XMLHttpRequest.cpp:
        (WebCore::isSetCookieHeader): Ditto.
        (WebCore::XMLHttpRequest::responseXML): Ditto.
        (WebCore::XMLHttpRequest::isAllowedHTTPMethod): Ditto.
        (WebCore::XMLHttpRequest::didReceiveData): Ditto.

2016-01-22  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Remove PassRefPtr from ResourceRequest and FormData
        https://bugs.webkit.org/show_bug.cgi?id=153229

        Reviewed by Chris Dumez.

        Covered by existing tests.

        Making ResourceRequest::setHTTPBody take a RefPtr<FormData>&&.
        Moving FormData from PassRefPtr to RefPtr.

        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::XSSAuditorDelegate::didBlockScript):
        * loader/FormSubmission.cpp:
        (WebCore::FormSubmission::populateFrameLoadRequest):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadPostRequest):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/PingLoader.cpp:
        (WebCore::PingLoader::sendViolationReport):
        * loader/PingLoader.h:
        * page/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation):
        * platform/network/FormData.cpp:
        (WebCore::FormData::create):
        (WebCore::FormData::createMultiPart):
        (WebCore::FormData::copy):
        (WebCore::FormData::deepCopy):
        (WebCore::FormData::resolveBlobReferences):
        * platform/network/FormData.h:
        (WebCore::FormData::decode):
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::adopt):
        (WebCore::ResourceRequestBase::setHTTPBody):
        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::setHTTPBody):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::setHTTPBody):
        * platform/network/cf/FormDataStreamCFNet.h:
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::updateFromDelegatePreservingOldProperties):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::getFormElementsCount):
        * platform/network/mac/FormDataStreamMac.h:
        * platform/network/mac/FormDataStreamMac.mm:
        (WebCore::setHTTPBody):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::doRedirect):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest):

2016-01-22  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !ENABLE(INDEXED_DATABASE) build after r195443
        https://bugs.webkit.org/show_bug.cgi?id=153350

        Unreviewed buildfix.

        * page/Page.cpp:
        (WebCore::Page::setSessionID):

2016-01-22  ChangSeok Oh  <changseok.oh@collabora.com>

        [GTK] Remove a focus ring on anchor node when focused by mouse.
        https://bugs.webkit.org/show_bug.cgi?id=136121

        Reviewed by Michael Catanzaro.

        Safari, Chrome and FF don't show a focus ring, the dotted rectangle on anchor node
        for mouse clicking. I think the behavior is reasonable and looks better.
        No reason for gtk & efl ports to keep the focus on anchor node. Of course, this change should not
        affect the focus ring for tab navigation.

        No new tests since an existing test can cover this.
        Tests: fast/events/click-focus-anchor.html

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::isMouseFocusable):

2016-01-21  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r168244): Content in horizontal-bt page is offset such that only the end is viewable and there is a white gap at the top
        https://bugs.webkit.org/show_bug.cgi?id=136019

        Reviewed by Dan Bernstein.

        In horizontal-bt documents (where the page starts scrolled to the bottom, and scrolling up goes into negative scroll positions),
        the position of the root content layer would be set incorrectly by the scrolling thread, resulting in misplaced
        content.

        Fix by having the renamed "yPositionForRootContentLayer" take scroll origin into
        account, and being more consistent about using scrollOrigin to position this layer.

        Test: fast/scrolling/programmatic-horizontal-bt-document-scroll.html

        * page/FrameView.cpp:
        (WebCore::FrameView::yPositionForFooterLayer): Moved
        (WebCore::FrameView::positionForRootContentLayer): Take scrollOrigin, and subtract it from the computed value.
        (WebCore::FrameView::yPositionForRootContentLayer): Renamed.
        * page/FrameView.h:
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll): We've already pushed the new scrollPosition onto the FrameView,
        so we can just use the member function to compute the positionForContentsLayer.
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition): This is the bug fix; FrameView::positionForRootContentLayer()
        now takes scrollOrigin into account.
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateRootLayerPosition): Rather than using the documentRect, position the root content layer
        in terms of the scroll origin (which is -documentRect.location()).

2016-01-21  Brady Eidson  <beidson@apple.com>

        Modern IDB: Support populating/extracting database metadata with SQLite backend.
        Nhttps://bugs.webkit.org/show_bug.cgi?id=153318

        Reviewed by Alex Christensen.

        No new tests (Covered by current tests).

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::willAbortTransaction): Committing transactions can abort if the commit
          ends in error.

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::didCommit): Before a committing transaction is aborted, notify the
          IDBDatabase that it aborted.

        Copied over from WK2:
        * Modules/indexeddb/server/IDBSerialization.cpp: Added.
        (WebCore::serializeIDBKeyPath):
        (WebCore::deserializeIDBKeyPath):
        (WebCore::serializeIDBKeyData):
        (WebCore::deserializeIDBKeyData):
        * Modules/indexeddb/server/IDBSerialization.h: Added.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::createBackingStore): Optionally create a SQLite backing store.
        
        Mostly copied over verbatim from WebKit2's UniqueIDBDatabaseBackingStoreSQLite.cpp: 
        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::idbKeyCollate):
        (WebCore::IDBServer::v1RecordsTableSchema):
        (WebCore::IDBServer::v1RecordsTableSchemaAlternate):
        (WebCore::IDBServer::v2RecordsTableSchema):
        (WebCore::IDBServer::v2RecordsTableSchemaAlternate):
        (WebCore::IDBServer::createOrMigrateRecordsTableIfNecessary):
        (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidRecordsTable):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::extractExistingDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::unregisterCursor):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
        
        Copied over from WK2:
        * Modules/indexeddb/server/SQLiteIDBCursor.cpp: Added.
        (WebCore::IDBServer::SQLiteIDBCursor::maybeCreate):
        (WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
        (WebCore::IDBServer::buildIndexStatement):
        (WebCore::IDBServer::buildObjectStoreStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::createSQLiteStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::objectStoreRecordsChanged):
        (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
        (WebCore::IDBServer::SQLiteIDBCursor::bindArguments):
        (WebCore::IDBServer::SQLiteIDBCursor::advance):
        (WebCore::IDBServer::SQLiteIDBCursor::advanceUnique):
        (WebCore::IDBServer::SQLiteIDBCursor::advanceOnce):
        (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
        (WebCore::IDBServer::SQLiteIDBCursor::iterate):
        * Modules/indexeddb/server/SQLiteIDBCursor.h: Added.
        (WebCore::IDBServer::SQLiteIDBCursor::identifier):
        (WebCore::IDBServer::SQLiteIDBCursor::transaction):
        (WebCore::IDBServer::SQLiteIDBCursor::objectStoreID):
        (WebCore::IDBServer::SQLiteIDBCursor::currentKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentPrimaryKey):
        (WebCore::IDBServer::SQLiteIDBCursor::currentValueBuffer):
        (WebCore::IDBServer::SQLiteIDBCursor::didError):

        Copied over from WK2:
        * Modules/indexeddb/server/SQLiteIDBTransaction.cpp: Added.
        (WebCore::IDBServer::SQLiteIDBTransaction::SQLiteIDBTransaction):
        (WebCore::IDBServer::SQLiteIDBTransaction::~SQLiteIDBTransaction):
        (WebCore::IDBServer::SQLiteIDBTransaction::begin):
        (WebCore::IDBServer::SQLiteIDBTransaction::commit):
        (WebCore::IDBServer::SQLiteIDBTransaction::reset):
        (WebCore::IDBServer::SQLiteIDBTransaction::rollback):
        (WebCore::IDBServer::SQLiteIDBTransaction::maybeOpenCursor):
        (WebCore::IDBServer::SQLiteIDBTransaction::closeCursor):
        (WebCore::IDBServer::SQLiteIDBTransaction::notifyCursorsOfChanges):
        (WebCore::IDBServer::SQLiteIDBTransaction::clearCursors):
        (WebCore::IDBServer::SQLiteIDBTransaction::inProgress):
        * Modules/indexeddb/server/SQLiteIDBTransaction.h: Added.
        (WebCore::IDBServer::SQLiteIDBTransaction::transactionIdentifier):
        (WebCore::IDBServer::SQLiteIDBTransaction::mode):
        (WebCore::IDBServer::SQLiteIDBTransaction::sqliteTransaction):

        * page/Page.cpp:
        (WebCore::Page::setSessionID): If the new SessionID is different from the last one,
          clear the IDBConnectionToServer.
        (WebCore::Page::idbConnection): Always ask the DatabaseProvider; It handles whether or not 
          the session is ephemeral.

2016-01-21  Alex Christensen  <achristensen@webkit.org>

        CMake build fix after r195302.

        * PlatformMac.cmake:

2016-01-21  Ryosuke Niwa  <rniwa@webkit.org>

        createElementFromSavedToken shouldn't have the code to create a non-HTML element
        https://bugs.webkit.org/show_bug.cgi?id=153327

        Reviewed by Chris Dumez.

        Since HTMLConstructionSite::createElementFromSavedToken is only used to instantiate a formatting element,
        there is no need for it to support creating a non-HTML elements. Remove the branch and assert that this
        is indeed the case.

        createElementFromSavedToken is called in HTMLTreeBuilder::callTheAdoptionAgency and HTMLConstructionSite's
        reconstructTheActiveFormattingElements. In both cases, the stack item passed to createElementFromSavedToken
        is guaranteed to be in the list of active formatting elements, which only contains formatting elements.

        No new tests since there is no behavioral change.

        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::insertHTMLHeadElement):
        (WebCore::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML):
        (WebCore::HTMLConstructionSite::insertFormattingElement):
        (WebCore::HTMLConstructionSite::createElement): Returns Ref<Element> instead of PassRefPtr<Element>.
        (WebCore::HTMLConstructionSite::createHTMLElement): Ditto.
        (WebCore::HTMLConstructionSite::createElementFromSavedToken): Ditto. Removed the code to instantiate
        a non-HTML element. Also assert that an element created by this function is a formatting tag.
        * html/parser/HTMLConstructionSite.h:
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLConstructionSite::isFormattingTag): Put into HTMLConstructionSite to add an assertion.
        (WebCore::HTMLTreeBuilder::processEndTagForInBody):

2016-01-21  Andreas Kling  <akling@apple.com>

        CGImageSource sometimes retains temporary SharedBuffer data indefinitely, doubling memory cost.
        <https://webkit.org/b/153325>

        Reviewed by Anders Carlsson.

        After a resource has finished downloading, and has been cached to disk cache,
        we mmap() the disk cached version so we can throw out the temporary download buffer.

        Due to the way CGImageSource works on Mac/iOS, it's not possible to replace the data
        being decoded once the image has been fully decoded once. When doing the replacement,
        we'd end up with the SharedBuffer wrapping the mmap() data, and the CGImageSource
        keeping the old SharedBuffer::DataBuffer alive, effectively doubling the memory cost.

        This patch adds a CachedResource::didReplaceSharedBufferContents() callback that
        CachedImage implements to throw out the decoded data. This is currently the only way
        to make CGImageSource drop the retain it holds on the SharedBuffer::DataBuffer.
        The downside of this approach is that we'll sometimes incur the cost of one additional
        image decode after an image downloads and is cached for the first time.

        I put a FIXME in there since we could do better with a little help from CGImageSource.

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::didReplaceSharedBufferContents):
        * loader/cache/CachedImage.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::tryReplaceEncodedData):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::didReplaceSharedBufferContents):

2016-01-21  Beth Dakin  <bdakin@apple.com>

        Add the ability to update WebKitAdditions to WK2
        https://bugs.webkit.org/show_bug.cgi?id=153320
        -and corresponding-
        rdar://problem/23639629

        Reviewed by Anders Carlsson.

        This SPI is un-used now.
        * platform/spi/mac/NSSpellCheckerSPI.h:

2016-01-21  Simon Fraser  <simon.fraser@apple.com>

        GraphicsContext: low quality drawImage and drawImageBuffer should use InterpolationLow
        https://bugs.webkit.org/show_bug.cgi?id=49002

        Reviewed by Chris Dumez.

        When using low quality image scaling for images which are getting painted often,
        the code used InterpolationNone, which make the images look even worse than they should.

        Not easily testable.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawImageBuffer):
        (WebCore::GraphicsContext::drawConsumingImageBuffer):

2016-01-19  Ada Chan  <adachan@apple.com>

        Make it possible to enable VIDEO_PRESENTATION_MODE on other Cocoa platforms.
        https://bugs.webkit.org/show_bug.cgi?id=153218

        Reviewed by Eric Carlson.

        No new tests. Code refactoring.

        * Configurations/FeatureDefines.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        Move WebVideoFullscreenInterface.h from ios to cocoa.
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::webkitSupportsPresentationMode):
        The declaration of supportsPictureInPicture() has been moved to WebVideoFullscreenInterface.h
        so include that header instead. Guard the supportsPictureInPicture() call with PLATFORM(COCOA)
        as that method is only defined in Cocoa.
        * platform/cocoa/WebVideoFullscreenInterface.h: Renamed from Source/WebCore/platform/ios/WebVideoFullscreenInterface.h.
        Also move the declaration of supportsPictureInPicture() here.
        * platform/graphics/MediaPlayer.cpp:
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        Implementations of methods related to the video fullscreen layer are now guarded by
        PLATFORM(IOS) || (PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)) instead.
        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        Declaration of supportsPictureInPicture() has been moved to WebVideoFullscreenInterface.h
        * platform/mac/WebVideoFullscreenInterfaceMac.mm: Added.
        (WebCore::supportsPictureInPicture):
        Return false for now.

2016-01-21  Said Abou-Hallawa  <sabouhallawa@apple.com>

        A crash reproducible in Path::isEmpty() under RenderSVGShape::paint()
        https://bugs.webkit.org/show_bug.cgi?id=149613

        Reviewed by Darin Adler.

        When RenderSVGRoot::layout() realizes its layout size has changed and
        it has resources which have relative sizes, it marks all the clients of
        the resources for invalidates regardless whether they belong to the
        same RenderSVGRoot or not. But it reruns the layout only for its children.
        If one of these clients comes before the current RenderSVGRoot in the render
        tree, ee end up having renderer marked for invalidation at rendering time.
        This also prevents scheduling the layout if the same renderer is marked
        for another invalidation later. We prevent this because we do not want
        to schedule another layout for a renderer which is already marked for
        invalidation. This can cause crash if the renderer is an RenderSVGPath.
        
        The fix is to mark "only" the clients of a resource which belong to the
        same RenderSVGRoot of the resource. Also we need to run the layout for
        all the resources which belong to different RenderSVGRoots before running
        the layout for an SVG renderer.
         
        Tests: svg/custom/filter-update-different-root.html
               svg/custom/pattern-update-different-root.html

        * rendering/svg/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation):
        We should not mark any client outside the current root for invalidation
        
        * rendering/svg/RenderSVGResourceContainer.h: Remove unneeded private keyword.
        
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::addResourceForClientInvalidation):
        Code clean up; use findTreeRootObject() instead of repeating the same code.
        
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::isEmpty): Avoid crashing if RenderSVGShape::isEmpty()
        is called before calling RenderSVGShape::layout().
         
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::layout): findTreeRootObject() now returns a pointer.
        
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::findTreeRootObject): I do think nothing 
        guarantees that an SVG renderer has to have an RenderSVGRoot in its
        ancestors. So change this function to return a pointer. Also Provide
        the non-const version of this function.
         
        (WebCore::SVGRenderSupport::layoutDifferentRootIfNeeded): Runs the layout
        if needed for all the resources which belong to different RenderSVGRoots.
        
        (WebCore::SVGRenderSupport::layoutChildren): Make sure all the renderer's
        resources which belong to different RenderSVGRoots are laid out before
        running the layout for this renderer.
        
        * rendering/svg/SVGRenderSupport.h: Remove a mysterious comment.
        
        * rendering/svg/SVGResources.cpp:
        (WebCore::SVGResources::layoutDifferentRootIfNeeded): Run the layout for
        all the resources which belong to different RenderSVGRoots outside the
        context of their RenderSVGRoots.
        
        * rendering/svg/SVGResources.h:
        (WebCore::SVGResources::clipper):
        (WebCore::SVGResources::markerStart):
        (WebCore::SVGResources::markerMid):
        (WebCore::SVGResources::markerEnd):
        (WebCore::SVGResources::masker):
        (WebCore::SVGResources::filter):
        (WebCore::SVGResources::fill):
        (WebCore::SVGResources::stroke):
        Code clean up; use nullptr instead of 0.

2016-01-21  Jer Noble  <jer.noble@apple.com>

        [EME] Correctly report errors when generating key requests from AVContentKeySession.
        https://bugs.webkit.org/show_bug.cgi?id=151963

        Reviewed by Eric Carlson.

        WebIDL's "unsigned long" is a 32-bit unsigned integer, and C++'s "unsigned long" is (or, can
        be) a 64-bit integer on 64-bit platforms. Casting a negative integer to a 64-bit integer
        results in a number which cannot be accurately stored in a double-length floating point
        number. Previously, the mac CDM code would work around this issue by returning the absolute
        value of NSError code returned by media frameworks. Instead, fix the underlying problem by
        storing the MediaKeyError's systemCode as a uint32_t (which more accurately represents the
        size of a WebIDL "unsigned long" on all platforms.)

        Check the error code issued by -contentKeyRequestDataForApp:contentIdentifier:options:error:.

        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/CDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::generateKeyRequest):
        (WebCore::CDMSessionClearKey::update):
        * Modules/encryptedmedia/CDMSessionClearKey.h:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::keyRequestTimerFired):
        (WebCore::MediaKeySession::addKeyTimerFired):
        (WebCore::MediaKeySession::sendError):
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleReadyStateChange):
        * WebCore.xcodeproj/project.pbxproj:
        * html/MediaKeyError.h:
        (WebCore::MediaKeyError::create):
        (WebCore::MediaKeyError::systemCode):
        * html/MediaKeyEvent.h:
        * platform/graphics/CDMSession.h:
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp:
        (WebCore::CDMSessionAVFoundationCF::generateKeyRequest):
        (WebCore::CDMSessionAVFoundationCF::update):
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::generateKeyRequest):
        (WebCore::CDMSessionAVContentKeySession::update):
        (WebCore::CDMSessionAVContentKeySession::generateKeyReleaseMessage):
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        (WebCore::CDMSessionAVFoundationObjC::generateKeyRequest):
        (WebCore::CDMSessionAVFoundationObjC::update):
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        (WebCore::CDMSessionAVStreamSession::generateKeyRequest):
        (WebCore::CDMSessionAVStreamSession::update):
        (WebCore::CDMSessionAVStreamSession::generateKeyReleaseMessage):
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::layerDidReceiveError):
        (WebCore::CDMSessionMediaSourceAVFObjC::rendererDidReceiveError):
        (WebCore::CDMSessionMediaSourceAVFObjC::systemCodeForError): Deleted.
        * testing/MockCDM.cpp:
        (WebCore::MockCDMSession::generateKeyRequest):
        (WebCore::MockCDMSession::update):2016-01-15  Simon Fraser  <simon.fraser@apple.com>

2016-01-21  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] GResource resources should be cached indefinitely in memory cache
        https://bugs.webkit.org/show_bug.cgi?id=153275

        Reviewed by Žan Doberšek.

        GResources can't change so they will always return the same data,
        we never need to revalidate them.

        * loader/cache/CachedResource.cpp:
        (WebCore::shouldCacheSchemeIndefinitely):

2016-01-21  Nan Wang  <n_wang@apple.com>

        AX: [IOS] Implement next/previous text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=153292
        <rdar://problem/24268243>

        Reviewed by Chris Fleizach.

        Added support for the refactored next/previous text marker functions on iOS. And 
        made text marker tests working on iOS.
        Also, fixed an issue in AXObjectCache where creating a range with a replaced node
        at the start or end might exclude that node.

        Tests: accessibility/text-marker/text-marker-previous-next.html
               accessibility/text-marker/text-marker-with-user-select-none.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::characterOffsetsInOrder):
        (WebCore::resetNodeAndOffsetForReplacedNode):
        (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker textMarkerWithVisiblePosition:cache:]):
        (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
        (+[WebAccessibilityTextMarker startOrEndTextMarkerForRange:isStart:cache:]):
        (-[WebAccessibilityTextMarker dataRepresentation]):
        (-[WebAccessibilityTextMarker visiblePosition]):
        (-[WebAccessibilityTextMarker characterOffset]):
        (-[WebAccessibilityTextMarker isIgnored]):
        (-[WebAccessibilityTextMarker accessibilityObject]):
        (-[WebAccessibilityTextMarker description]):
        (-[WebAccessibilityObjectWrapper stringForTextMarkers:]):
        (blockquoteLevel):
        (-[WebAccessibilityObjectWrapper textMarkerRange]):
        (-[WebAccessibilityObjectWrapper accessibilityObjectForTextMarker:]):
        (-[WebAccessibilityObjectWrapper nextMarkerForMarker:]):
        (-[WebAccessibilityObjectWrapper previousMarkerForMarker:]):
        (-[WebAccessibilityObjectWrapper textMarkerForPoint:]):
        (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
        (-[WebAccessibilityObjectWrapper lengthForTextMarkers:]):
        (-[WebAccessibilityObjectWrapper startOrEndTextMarkerForTextMarkers:isStart:]):
        (-[WebAccessibilityObjectWrapper textMarkerRangeForMarkers:]):
        (-[WebAccessibilityObjectWrapper accessibilityIdentifier]):

2016-01-20  Zalan Bujtas  <zalan@apple.com>

        http://victordarras.fr/cssgame/ doesn't work in Safari.
        https://bugs.webkit.org/show_bug.cgi?id=153285
        <rdar://problem/24212369>

        Reviewed by Tim Horton.

        This patch adds support for hittesting ClipPathOperation::Reference.

        Tests: svg/clip-path/hittest-clip-path-reference-miss.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::nodeAtPoint):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isSVGResourceClipper):
        * rendering/svg/RenderSVGResourceClipper.h:
        (isType):

2016-01-20  David Kilzer  <ddkilzer@apple.com>

        ResourceHandleCFURLConnectionDelegateWithOperationQueue delegate methods don't NULL-check m_handle->client()
        <https://webkit.org/b/152675>
        <rdar://problem/24034044>

        Reviewed by Brent Fulgham.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveDataArray):
        - Add NULL check for m_handle->client() as is done in the
          WebCoreResourceHandleAsOperationQueueDelegate class in
          WebCoreResourceHandleAsOperationQueueDelegate.mm.  (The NULL
          check for -connection:didReceiveResponse: is currently
          missing, but there are crashes there, too, that are covered by
          Bug 152673.)

2016-01-20  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Use TinyLRUCache in caching the CGColorRef in WebCore::cachedCGColor()
        https://bugs.webkit.org/show_bug.cgi?id=153279

        Reviewed by Dean Jackson.

        Reuse the new template TinyLRUCache in caching the CGColor instead of
        having the same code repeated twice.

        * platform/graphics/cg/ColorCG.cpp:
        (WebCore::leakCGColor):
        (WebCore::RetainPtr<CGColorRef>>::createValueForKey):
        (WebCore::cachedCGColor):

2016-01-20  Timothy Hatcher  <timothy@apple.com>

        Web Inspector: InspectorCSSAgent does not call disable in willDestroyFrontendAndBackend
        https://bugs.webkit.org/show_bug.cgi?id=153289
        <rdar://problem/24242600>

        Reviewed by Joseph Pecoraro.

        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::willDestroyFrontendAndBackend): Call disable().

2016-01-20  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Refactor AtomicStringKeyedMRUCache to be a generic LRU cache
        https://bugs.webkit.org/show_bug.cgi?id=153109

        Reviewed by Darin Adler.

        Replace the template specialization of AtomicStringKeyedMRUCache with
        template derived from TinyLRUCachePolicy. Override the functions which
        are needed for creating the values and the null value. Also replace the
        static function which was returning a NeverDestroyed AtomicStringKeyedMRUCache
        with a singleton function 'cache' inside the derived template.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/text/AtomicStringKeyedMRUCache.h: Removed.
        * platform/text/cf/HyphenationCF.cpp:
        (WebCore::canHyphenate):
        (WebCore::lastHyphenLocation):
        (WebCore::AtomicStringKeyedMRUCache<RetainPtr<CFLocaleRef>>::createValueForNullKey): Deleted.
        (WebCore::AtomicStringKeyedMRUCache<RetainPtr<CFLocaleRef>>::createValueForKey): Deleted.
        (WebCore::cfLocaleCache): Deleted.
        * platform/text/hyphen/HyphenationLibHyphen.cpp:
        (WebCore::countLeadingSpaces):
        (WebCore::lastHyphenLocation):
        (WebCore::AtomicStringKeyedMRUCache<RefPtr<HyphenationDictionary>>::createValueForNullKey): Deleted.
        (WebCore::AtomicStringKeyedMRUCache<RefPtr<HyphenationDictionary>>::createValueForKey): Deleted.
        (WebCore::hyphenDictionaryCache): Deleted.

2016-01-20  Chris Dumez  <cdumez@apple.com>

        Drop support for obsolete Node.isSupported()
        https://bugs.webkit.org/show_bug.cgi?id=153164

        Reviewed by Darin Adler.

        Drop support for obsolete Node.isSupported(). Chrome and Firefox already
        dropped it.

        No new tests, already covered by existing test.

        * dom/Node.cpp:
        (WebCore::Node::isSupportedForBindings):
        * dom/Node.h:
        * dom/Node.idl:

2016-01-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix compile warning when building with GTK+ < 3.14.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::loadThemedIcon):

2016-01-20  Csaba Osztrogonác  <ossy@webkit.org>

        [Mac] Speculative cmake buildfix after r195317.

        * PlatformMac.cmake:

2016-01-19  Chris Dumez  <cdumez@apple.com>

        DocumentType.publicId / systemId should never return null
        https://bugs.webkit.org/show_bug.cgi?id=153264

        Reviewed by Ryosuke Niwa.

        DocumentType.publicId / systemId should never return null as these
        attributes are not nullable in the IDL:
        https://dom.spec.whatwg.org/#interface-documenttype

        Instead we should return the empty string. Firefox and Chrome match the
        specification.

        No new tests, already covered by existing tests.

        * dom/DocumentType.idl:

2016-01-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195302.
        https://bugs.webkit.org/show_bug.cgi?id=153267

        This change broke the Windows build, rolling out so it isn't
        broken all night before investigation. (Requested by
        ryanhaddad on #webkit).

        Reverted changeset:

        "[EME] Correctly report errors when generating key requests
        from AVContentKeySession."
        https://bugs.webkit.org/show_bug.cgi?id=151963
        http://trac.webkit.org/changeset/195302

2016-01-19  Chris Dumez  <cdumez@apple.com>

        DOMImplementation.createDocument() should treat undefined namespace as null
        https://bugs.webkit.org/show_bug.cgi?id=153252

        Reviewed by Ryosuke Niwa.

        DOMImplementation.createDocument() should treat undefined namespace as null as
        the DOMString parameter is nullable:
        https://dom.spec.whatwg.org/#domimplementation

        Firefox behaves according to the specification, Chrome does not.

        No new tests, already covered by existing test.

        * dom/DOMImplementation.idl:

2016-01-19  Enrica Casucci  <enrica@apple.com>

        Add support for DataDetectors in WK (iOS).
        https://bugs.webkit.org/show_bug.cgi?id=152989
        rdar://problem/22855960

        Reviewed by Tim Horton.

        This is the first step toward implementing Data Detectors support
        in WK2. The patch adds a new memeber to the Settings object
        to retrieve the type of detection desired. The DataDetection files
        have been moved under cocoa, since they are no longer OS X specific.

        * Configurations/FeatureDefines.xcconfig:
        * Configurations/WebCore.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/DataDetection.h: Copied from Source/WebCore/editing/mac/DataDetection.h.
        * editing/cocoa/DataDetection.mm: Copied from Source/WebCore/editing/mac/DataDetection.mm.
        (WebCore::detectItemAtPositionWithRange):
        (WebCore::DataDetection::detectItemAroundHitTestResult):
        (WebCore::DataDetection::detectContentInRange):
        * editing/mac/DataDetection.h: Removed.
        * editing/mac/DataDetection.mm: Removed.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        * page/Settings.h:
        * page/Settings.in:
        * platform/spi/mac/DataDetectorsSPI.h:

2016-01-19  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        SVG 2 requires a mechanism for restricting enum values exposed through the DOM
        https://bugs.webkit.org/show_bug.cgi?id=152814

        Reviewed by Darin Adler.

        No new tests (No change in functionality, blocked bugs add new tests).
 
        This patch adds a mechanism to restrict the values returned through the
        SVGAnimatedEnumeration interface.
        This is required for SVG 2, which does not expose new enumeration
        values through the IDL.
        See http://www.w3.org/TR/SVG2/types.html#InterfaceSVGAnimatedEnumeration
        Getters:
        SVG 2 does not add numeric type values for new options, new options
        should return UNKNOWN.
        E.g. See the table defining numeric type values for orient at
        http://www.w3.org/TR/SVG2/painting.html#InterfaceSVGMarkerElement
        Setters:
        On setting baseVal, the following steps are run:
        1. ...
        2. If value is 0 or is not the numeric type value for any value of the reflected attribute, then set the reflected attribute to the empty string.

        * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
        Override baseVal() and animVal() to perform range checks against
        the highest exposed enum value.
        * svg/properties/SVGAnimatedStaticPropertyTearOff.h:
        (WebCore::SVGAnimatedStaticPropertyTearOff::baseVal): Mark function as virtual as it's over-ridden for enumerations.
        (WebCore::SVGAnimatedStaticPropertyTearOff::animVal): Mark function as virtual as it's over-ridden for enumerations.
        * svg/properties/SVGPropertyTraits.h:
        Add SVGIDLEnumLimits struct that contains function for querying the
        highest exposed enum value.
        (WebCore::SVGIDLEnumLimits::highestExposedEnumValue): New function that returns the highest enum value that should
        be exposed through the DOM. This function should be specialized for enum types that need to restrict the exposed
        values.

2016-01-19  Konstantin Tokarev  <annulen@yandex.ru>

        Fixed compilation of AXObjectCache in case of !HAVE(ACCESSIBILITY).
        https://bugs.webkit.org/show_bug.cgi?id=153243

        Reviewed by Chris Fleizach.

        No new tests needed.

        * accessibility/AXObjectCache.h:
        (WebCore::AXObjectCache::AXObjectCache):
        (WebCore::nodeHasRole): Deleted.

2016-01-19  Antti Koivisto  <antti@apple.com>

        Use references in SelectorChecker
        https://bugs.webkit.org/show_bug.cgi?id=153240

        Reviewed by Andreas Kling.

        Element and selector can't be null in most places.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::collectMatchingRules):
        * css/SelectorChecker.cpp:
        (WebCore::attributeValueMatches):
        (WebCore::anyAttributeMatches):
        (WebCore::SelectorChecker::checkOne):
        (WebCore::SelectorChecker::matchSelectorList):
        (WebCore::SelectorChecker::checkScrollbarPseudoClass):
        (WebCore::SelectorChecker::determineLinkMatchType):
        (WebCore::isFrameFocused):
        (WebCore::SelectorChecker::matchesFocusPseudoClass):
        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::isCommonPseudoClassSelector):
        (WebCore::SelectorChecker::checkExactAttribute): Deleted.
        * css/SelectorCheckerTestFunctions.h:
        (WebCore::isAutofilled):
        (WebCore::isDefaultButtonForForm):
        (WebCore::isDisabled):
        (WebCore::isEnabled):
        (WebCore::isMediaDocument):
        (WebCore::isChecked):
        (WebCore::isInRange):
        (WebCore::isOutOfRange):
        (WebCore::isInvalid):
        (WebCore::isOptionalFormControl):
        (WebCore::isRequiredFormControl):
        (WebCore::isValid):
        (WebCore::isWindowInactive):
        (WebCore::containslanguageSubtagMatchingRange):
        (WebCore::matchesLangPseudoClass):
        (WebCore::matchesReadOnlyPseudoClass):
        (WebCore::matchesReadWritePseudoClass):
        (WebCore::shouldAppearIndeterminate):
        (WebCore::scrollbarMatchesEnabledPseudoClass):
        (WebCore::scrollbarMatchesCornerPresentPseudoClass):
        (WebCore::matchesFullScreenPseudoClass):
        (WebCore::matchesFullScreenAnimatingFullScreenTransitionPseudoClass):
        (WebCore::matchesFullScreenAncestorPseudoClass):
        (WebCore::matchesFullScreenDocumentPseudoClass):
        (WebCore::matchesFutureCuePseudoClass):
        (WebCore::matchesPastCuePseudoClass):

2016-01-19  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r195179.

        It relies on r195141 which was rolled out

        Reverted changeset:

        "Allocate style sheet media queries in BumpArena."
        https://bugs.webkit.org/show_bug.cgi?id=153188
        http://trac.webkit.org/changeset/195179

2016-01-19  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r195173.

        It relies on r195141 which was rolled out

        Reverted changeset:

        "Give RuleSet a BumpArena and start using it for
        RuleDataVectors."
        https://bugs.webkit.org/show_bug.cgi?id=153169
        http://trac.webkit.org/changeset/195173

2016-01-19  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195300.
        https://bugs.webkit.org/show_bug.cgi?id=153244

        enrica wants more time to fix Windows (Requested by thorton on
        #webkit).

        Reverted changeset:

        "Add support for DataDetectors in WK (iOS)."
        https://bugs.webkit.org/show_bug.cgi?id=152989
        http://trac.webkit.org/changeset/195300

2016-01-19  Zalan Bujtas  <zalan@apple.com>

        outline-offset does not work for inlines.
        https://bugs.webkit.org/show_bug.cgi?id=153238

        Reviewed by Simon Fraser.

        Adjust outline box width/height with outline-offset.

        Test: fast/inline/inlines-with-outline-offset.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutline):
        (WebCore::RenderInline::paintOutlineForLine):

2016-01-19  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r195141.

        Seems to cause crashes on iOS9 64bit

        Reverted changeset:

        "Fragmentation-free allocator for timeless and/or coupled
        allocations."
        https://bugs.webkit.org/show_bug.cgi?id=152696
        http://trac.webkit.org/changeset/195141

2015-12-07  Jer Noble  <jer.noble@apple.com>

        [EME] Correctly report errors when generating key requests from AVContentKeySession.
        https://bugs.webkit.org/show_bug.cgi?id=151963

        Reviewed by Eric Carlson.

        WebIDL's "unsigned long" is a 32-bit unsigned integer, and C++'s "unsigned long" is (or, can
        be) a 64-bit integer on 64-bit platforms. Casting a negative integer to a 64-bit integer
        results in a number which cannot be accurately stored in a double-length floating point
        number. Previously, the mac CDM code would work around this issue by returning the absolute
        value of NSError code returned by media frameworks. Instead, fix the underlying problem by
        storing the MediaKeyError's systemCode as a uint32_t (which more accurately represents the
        size of a WebIDL "unsigned long" on all platforms.)

        Check the error code issued by -contentKeyRequestDataForApp:contentIdentifier:options:error:.

        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/CDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::generateKeyRequest):
        (WebCore::CDMSessionClearKey::update):
        * Modules/encryptedmedia/CDMSessionClearKey.h:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::keyRequestTimerFired):
        (WebCore::MediaKeySession::addKeyTimerFired):
        (WebCore::MediaKeySession::sendError):
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/mediacontrols/mediaControlsApple.js:
        (Controller.prototype.handleReadyStateChange):
        * WebCore.xcodeproj/project.pbxproj:
        * html/MediaKeyError.h:
        (WebCore::MediaKeyError::create):
        (WebCore::MediaKeyError::systemCode):
        * html/MediaKeyEvent.h:
        * platform/graphics/CDMSession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::generateKeyRequest):
        (WebCore::CDMSessionAVContentKeySession::update):
        (WebCore::CDMSessionAVContentKeySession::generateKeyReleaseMessage):
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        (WebCore::CDMSessionAVFoundationObjC::generateKeyRequest):
        (WebCore::CDMSessionAVFoundationObjC::update):
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        (WebCore::CDMSessionAVStreamSession::generateKeyRequest):
        (WebCore::CDMSessionAVStreamSession::update):
        (WebCore::CDMSessionAVStreamSession::generateKeyReleaseMessage):
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::layerDidReceiveError):
        (WebCore::CDMSessionMediaSourceAVFObjC::rendererDidReceiveError):
        (WebCore::CDMSessionMediaSourceAVFObjC::systemCodeForError): Deleted.
        * testing/MockCDM.cpp:
        (WebCore::MockCDMSession::generateKeyRequest):
        (WebCore::MockCDMSession::update):2016-01-15  Simon Fraser  <simon.fraser@apple.com>

2016-01-19  Enrica Casucci  <enrica@apple.com>

        Add support for DataDetectors in WK (iOS).
        https://bugs.webkit.org/show_bug.cgi?id=152989
        rdar://problem/22855960

        Reviewed by Tim Horton.

        This is the first step toward implementing Data Detectors support
        in WK2. The patch adds a new memeber to the Settings object
        to retrieve the type of detection desired. The DataDetection files
        have been moved under cocoa, since they are no longer OS X specific.

        * Configurations/FeatureDefines.xcconfig:
        * Configurations/WebCore.xcconfig:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/DataDetection.h: Copied from Source/WebCore/editing/mac/DataDetection.h.
        * editing/cocoa/DataDetection.mm: Copied from Source/WebCore/editing/mac/DataDetection.mm.
        (WebCore::detectItemAtPositionWithRange):
        (WebCore::DataDetection::detectItemAroundHitTestResult):
        (WebCore::DataDetection::detectContentInRange):
        * editing/mac/DataDetection.h: Removed.
        * editing/mac/DataDetection.mm: Removed.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
        * page/Settings.h:
        * page/Settings.in:
        * platform/spi/mac/DataDetectorsSPI.h:

2016-01-19  Chris Dumez  <cdumez@apple.com>

        Unreviewed, fix typo in comment added in r195157.

        * dom/DocumentType.h:

2016-01-18  Antti Koivisto  <antti@apple.com>

        Selector checker should not mutate document and style
        https://bugs.webkit.org/show_bug.cgi?id=153205

        Reviewed by Darin Adler.

        Selector checker currently writes affected-by bits and similar directly to the document and style during selector
        matching. This is confusing, complicated and wrong.

        This patch changes SelectorChecker and SelectorCompiler to collect style relatationship metadata to a separate
        data structure (currently part of SelectorChecker::CheckingContext) instead of changing the document and style
        directly. The mutations are performed later outside selector checker.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ruleMatches):
        (WebCore::ElementRuleCollector::commitStyleRelations):

            Apply the relationship bit to elements and style.

        (WebCore::ElementRuleCollector::collectMatchingRulesForList):
        * css/ElementRuleCollector.h:
        * css/SelectorChecker.cpp:
        (WebCore::SelectorChecker::LocalContext::LocalContext):

            LocalContext is now a separate data structure.

        (WebCore::addStyleRelation):

            Helper for recording new style relations. This is used where code mutated elements or style directly before.

        (WebCore::isFirstChildElement):
        (WebCore::isLastChildElement):
        (WebCore::isFirstOfType):
        (WebCore::isLastOfType):
        (WebCore::countElementsBefore):
        (WebCore::countElementsOfTypeBefore):
        (WebCore::SelectorChecker::SelectorChecker):
        (WebCore::SelectorChecker::match):
        (WebCore::hasScrollbarPseudoElement):
        (WebCore::localContextForParent):
        (WebCore::SelectorChecker::matchRecursively):
        (WebCore::attributeValueMatches):
        (WebCore::anyAttributeMatches):
        (WebCore::canMatchHoverOrActiveInQuirksMode):
        (WebCore::tagMatches):
        (WebCore::SelectorChecker::checkOne):
        (WebCore::SelectorChecker::matchSelectorList):
        (WebCore::SelectorChecker::checkScrollbarPseudoClass):
        (WebCore::SelectorChecker::CheckingContextWithStatus::CheckingContextWithStatus): Deleted.
        (WebCore::checkingContextForParent): Deleted.
        * css/SelectorChecker.h:
        (WebCore::SelectorChecker::CheckingContext::CheckingContext):
        * css/SelectorCheckerTestFunctions.h:
        (WebCore::isEnabled):
        (WebCore::isMediaDocument):
        (WebCore::isChecked):
        (WebCore::isInRange):
        (WebCore::isOutOfRange):
        * css/StyleResolver.h:
        (WebCore::checkRegionSelector):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelation):

            Helpers for generating code for recording new style relations. This is used where code mutated elements or style directly before.

        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorCheckerExcludingPseudoElements):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
        (WebCore::SelectorCompiler::addStyleRelationElementFunction):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::jumpIfNoPreviousAdjacentElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::moduloIsZero):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::linkFailures):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
        (WebCore::SelectorCompiler::elementIsActive):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
        (WebCore::SelectorCompiler::jumpIfElementIsNotEmpty):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsEmpty):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
        (WebCore::SelectorCompiler::elementIsHovered):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsInLanguage):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
        (WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
        (WebCore::SelectorCompiler::isPlaceholderShown):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasPlaceholderShown):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLink):
        (WebCore::SelectorCompiler::nthFilterIsAlwaysSatisified):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChildOf):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateMarkPseudoStyleForPseudoElement):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::addFlagsToElementStyleFromContext): Deleted.
        (WebCore::SelectorCompiler::setNodeFlag): Deleted.
        (WebCore::SelectorCompiler::SelectorCodeGenerator::markElementIfResolvingStyle): Deleted.
        (WebCore::SelectorCompiler::setFirstChildState): Deleted.
        (WebCore::SelectorCompiler::elementIsActiveForStyleResolution): Deleted.
        (WebCore::SelectorCompiler::setElementStyleIsAffectedByEmpty): Deleted.
        (WebCore::SelectorCompiler::setElementStyleFromContextIsAffectedByEmptyAndUpdateRenderStyleIfNecessary): Deleted.
        (WebCore::SelectorCompiler::elementIsHoveredForStyleResolution): Deleted.
        (WebCore::SelectorCompiler::setLastChildState): Deleted.
        (WebCore::SelectorCompiler::setOnlyChildState): Deleted.
        (WebCore::SelectorCompiler::makeElementStyleUniqueIfNecessaryAndTestIsPlaceholderShown): Deleted.
        (WebCore::SelectorCompiler::setElementChildIndex): Deleted.
        (WebCore::SelectorCompiler::setChildrenAffectedByBackwardPositionalRules): Deleted.
        (WebCore::SelectorCompiler::setParentAffectedByLastChildOf): Deleted.
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorDataList::selectorMatches):
        (WebCore::SelectorDataList::selectorClosest):
        (WebCore::SelectorDataList::matches):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::buildObjectForSelectorHelper):

2016-01-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ build with GTK+ < 3.14.

        Flags GTK_ICON_LOOKUP_DIR_LTR and GTK_ICON_LOOKUP_DIR_RTL were
        added in GTK+ 3.14.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::loadThemedIcon):

2016-01-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GObject DOM bindings API break after r195264.

        Add webkit_dom_character_data_set_data to the list of functions
        that used to raise exceptions.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (FunctionUsedToRaiseException):

2016-01-19  Javier Fernandez  <jfernandez@igalia.com>

        [css-grid][css-align] justify-self stretch is not applied for img elements
        https://bugs.webkit.org/show_bug.cgi?id=153206

        Reviewed by Darin Adler.

        When computing the logical height, we check first if there is an override
        height value set as a consequence of the stretching logic, so we use it
        directly for any kind of element. However, in the case of the width
        computation, we don't use such override value because it's the default
        behavior of block-level boxes.

        However, we consider some special cases which have to be treated as
        replaced elements. Theses cases are evaluated first, so we don't let the
        regular width computation logic to be executed, which is what we want
        to implement the stretch behavior.

        In order to let replaced elements, such images, to be stretched as a
        consequence of the CSS alignment properties, we need to exclude grid
        items from the cases to be treated as replaced elements during the width
        computation.

        Test: fast/css-grid-layout/grid-align-stretching-replaced-items.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeLogicalWidthInRegion):
        (WebCore::RenderBox::hasStretchedLogicalWidth):
        (WebCore::RenderBox::sizesLogicalWidthToFitContent):
        * rendering/RenderBox.h:

2016-01-19  Ryosuke Niwa  <rniwa@webkit.org>

        Text::splitText doesn't update Range end points anchored on parent nodes
        https://bugs.webkit.org/show_bug.cgi?id=153227

        Reviewed by Antti Koivisto.

        When a Text node is split into two and there is a Range whose boundary points' container node
        is its parent and offset appears after the Text node, we must update the boundary points as specified
        in step 7 of the concept "split" a Text node at https://dom.spec.whatwg.org/#concept-text-split

        1. Insert new node into parent before node’s next sibling.
        2. For each range whose start node is node and start offset is greater than offset, set its start node
           to new node and decrease its start offset by offset.
        3. For each range whose end node is node and end offset is greater than offset, set its end node to
           new node and decrease its end offset by offset.
        4. For each range whose start node is parent and start offset is equal to the index of node + 1,
           increase its start offset by one.
        5. For each range whose end node is parent and end offset is equal to the index of node + 1, increase
           its end offset by one.

        Fixed the bug by implementing steps 4 and 5 in boundaryTextNodesSplit. New behavior matches the DOM spec
        as well as the behavior of Firefox.

        Test: fast/dom/Range/update-range-in-split-text.html

        * dom/Range.cpp:
        (WebCore::boundaryTextNodesSplit): See above.
        * dom/RangeBoundaryPoint.h:
        (WebCore::RangeBoundaryPoint::setToAfterChild): Added.

2016-01-19  Ryosuke Niwa  <rniwa@webkit.org>

        CharacterData::setData doesn't need ExceptionCode as an out argument
        https://bugs.webkit.org/show_bug.cgi?id=153225

        Reviewed by Antti Koivisto.

        Removed the ExceptionCode out argument from CharacterData::setData since it's never used.

        * dom/CharacterData.cpp:
        (WebCore::CharacterData::setData):
        (WebCore::CharacterData::containsOnlyWhitespace):
        (WebCore::CharacterData::setNodeValue):
        (WebCore::CharacterData::setDataAndUpdate):
        * dom/CharacterData.h:
        (WebCore::CharacterData::data):
        (WebCore::CharacterData::dataMemoryOffset):
        (WebCore::CharacterData::length):
        * dom/CharacterData.idl:
        * dom/Range.cpp:
        (WebCore::Range::processContentsBetweenOffsets):
        * dom/Text.cpp:
        (WebCore::Text::replaceWholeText):
        * editing/markup.cpp:
        (WebCore::replaceChildrenWithFragment):
        (WebCore::replaceChildrenWithText):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::setText):
        * html/HTMLScriptElement.cpp:
        (WebCore::HTMLScriptElement::setText):
        * html/HTMLTitleElement.cpp:
        (WebCore::HTMLTitleElement::setText):

2016-01-19  Ryosuke Niwa  <rniwa@webkit.org>

        innerHTML should always add a mutation record for removing all children
        https://bugs.webkit.org/show_bug.cgi?id=148782
        <rdar://problem/22571962>

        Reviewed by Antti Koivisto.

        Fixed the bug by disabling WebKit's optimization to avoid the node replacement when the behavior
        is observable to scripts by either:
         - Author scripts has a reference to the node
         - MutationObserver can be observing this subtree
         - Mutation events can be observing this subtree

        Note that no caller of this function exposes fragment to author scripts so it couldn't be referenced.
        It also means that we don't need to check DOMNodeInsertedIntoDocument since it doesn't bubble up
        (it's only relevant if the text node in fragment has its event listener but that's impossible).

        Test: fast/dom/innerHTML-single-text-node.html

        * dom/ChildListMutationScope.h:
        (WebCore::ChildListMutationScope::canObserve): Added.

        * editing/markup.cpp:
        (WebCore::hasMutationEventListeners): Added.
        (WebCore::replaceChildrenWithFragment):

2016-01-18  Ryosuke Niwa  <rniwa@webkit.org>

        createAttribute should lowercase the attribute name in a HTML document
        https://bugs.webkit.org/show_bug.cgi?id=153112

        Reviewed by Darin Adler.

        In a HTML document, we should always lowercase localName in document.createAttribute as specified in
        https://dom.spec.whatwg.org/#dom-document-createattribute:

        1. If localName does not match the Name production in XML, throw an InvalidCharacterError exception.
        2. If the context object is an HTML document, let localName be converted to ASCII lowercase.
        3. Return a new attribute whose local name is localName.

        Change WebKit's behavior to match the spec as well as Firefox. document.createAttributeNS will
        continue to preserve the case as spec'ed.

        No new tests are added since the behavior change is covered by existing tests.

        * dom/Document.cpp:
        (WebCore::Document::createAttribute):

2016-01-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Add private-browsing variant for many IDB tests, and enable private browsing in Modern IDB.
        https://bugs.webkit.org/show_bug.cgi?id=153179

        Reviewed by Darin Adler.

        Tests: Many private-browsing copies of existing IDB tests.

        * Modules/indexeddb/client/IDBFactoryImpl.cpp:
        (WebCore::IDBClient::shouldThrowSecurityException): Allow IDB access in private browsing.

2016-01-18  Eric Carlson  <eric.carlson@apple.com>

        [iOS Simulator WK1] ASSERT loading Blink layout test imported/web-platform-tests/mediacapture-streams/stream-api/mediastream/mediastream-idl.html
        https://bugs.webkit.org/show_bug.cgi?id=153070
        <rdar://problem/24183105>

        Reviewed by Darin Adler.

        No new tests, this prevents an existing test from crashing.

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource): Create the timer with RunLoop::current
          instead of RunLoop::main.

2016-01-18  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce PassRefPtr uses in dom - 3
        https://bugs.webkit.org/show_bug.cgi?id=153055

        Reviewed by Darin Adler.

        Third patch to reduce uses of PassRefPtr in WebCore/dom.

        * dom/MutationObserverInterestGroup.cpp:
        (WebCore::MutationObserverInterestGroup::enqueueMutationRecord):
        * dom/MutationRecord.cpp:
        (WebCore::MutationRecord::createChildList):
        (WebCore::MutationRecord::createAttributes):
        (WebCore::MutationRecord::createCharacterData):
        (WebCore::MutationRecord::createWithNullOldValue):
        * dom/MutationRecord.h:
        * dom/NamedFlowCollection.cpp:
        (WebCore::NamedFlowCollection::createCSSOMSnapshot):
        * dom/NamedFlowCollection.h:
        * dom/PendingScript.cpp:
        (WebCore::PendingScript::releaseElementAndClear):
        * dom/PendingScript.h:
        * dom/ScriptRunner.h:
        * dom/SecurityContext.h:
        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::cloneNode):
        * dom/ShadowRoot.h:
        * dom/SpaceSplitString.cpp:
        (WebCore::SpaceSplitStringData::create):
        * dom/SpaceSplitString.h:
        * dom/TreeWalker.cpp:
        (WebCore::TreeWalker::setCurrent):
        (WebCore::TreeWalker::parentNode):
        (WebCore::TreeWalker::previousNode):
        (WebCore::TreeWalker::nextNode):
        * dom/TreeWalker.h:
        * dom/default/PlatformMessagePortChannel.cpp:
        (WebCore::PlatformMessagePortChannel::entangledChannel):
        * dom/default/PlatformMessagePortChannel.h:

2016-01-18  Nan Wang  <n_wang@apple.com>

        AX: [Mac] Implement next/previous text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=152728

        Reviewed by Chris Fleizach.

        The existing AXTextMarker based calls are implemented using visible position, and that introduced
        some bugs which make VoiceOver working incorrectly on Mac sometimes. Since TextIterator uses rendering
        position, we tried to use it to refactor those AXTextMarker based calls.
        In this patch, I implemented functions to navigate to previous/next text marker using Range and TextIterator.
        Also added a conversion between visible position and character offset to make sure unconverted text marker
        related functions are still working correctly.

        Tests: accessibility/mac/previous-next-text-marker.html
               accessibility/mac/text-marker-with-user-select-none.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        (WebCore::AXObjectCache::lengthForRange):
        (WebCore::AXObjectCache::rangeForNodeContents):
        (WebCore::characterOffsetsInOrder):
        (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
        (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
        (WebCore::AXObjectCache::nextNode):
        (WebCore::AXObjectCache::previousNode):
        (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
        (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
        (WebCore::AXObjectCache::accessibilityObjectForTextMarkerData):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
        * accessibility/AXObjectCache.h:
        (WebCore::CharacterOffset::CharacterOffset):
        (WebCore::CharacterOffset::remaining):
        (WebCore::CharacterOffset::isNull):
        (WebCore::AXObjectCache::setNodeInUse):
        (WebCore::AXObjectCache::removeNodeForUse):
        (WebCore::AXObjectCache::isNodeInUse):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::selectionRange):
        (WebCore::AccessibilityObject::elementRange):
        (WebCore::AccessibilityObject::selectText):
        (WebCore::AccessibilityObject::lineRangeForPosition):
        (WebCore::AccessibilityObject::replacedNodeNeedsCharacter):
        (WebCore::renderListItemContainerForNode):
        (WebCore::listMarkerTextForNode):
        (WebCore::AccessibilityObject::listMarkerTextForNodeAndPosition):
        (WebCore::AccessibilityObject::stringForRange):
        (WebCore::AccessibilityObject::stringForVisiblePositionRange):
        (WebCore::replacedNodeNeedsCharacter): Deleted.
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::visiblePositionRange):
        (WebCore::AccessibilityObject::visiblePositionRangeForLine):
        (WebCore::AccessibilityObject::boundsForVisiblePositionRange):
        (WebCore::AccessibilityObject::setSelectedVisiblePositionRange):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (isTextMarkerIgnored):
        (-[WebAccessibilityObjectWrapper accessibilityObjectForTextMarker:]):
        (accessibilityObjectForTextMarker):
        (-[WebAccessibilityObjectWrapper textMarkerRangeFromRange:]):
        (textMarkerRangeFromRange):
        (-[WebAccessibilityObjectWrapper startOrEndTextMarkerForRange:isStart:]):
        (startOrEndTextmarkerForRange):
        (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]):
        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
        (textMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
        (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
        (textMarkerForVisiblePosition):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):

2016-01-18  Olivier Blin  <olivier.blin@softathome.com>

        [Mac] Remove unused playerToPrivateMap()
        https://bugs.webkit.org/show_bug.cgi?id=153203

        Reviewed by Darin Adler.

        This was used in previous EME implementations, but is unnecessary
        since r163907.

        No new tests since this removes dead code only.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::globalLoaderDelegateQueue): Deleted.
        (WebCore::MediaPlayerPrivateAVFoundationObjC::~MediaPlayerPrivateAVFoundationObjC): Deleted.

2016-01-18  Simon Fraser  <simon.fraser@apple.com>

        Add TextStream-based logging for Position and VisiblePosition
        https://bugs.webkit.org/show_bug.cgi?id=153195

        Reviewed by Ryosuke Niwa.

        Make it easy to dump Positions and VisiblePositions with a TextStream.

        * dom/Position.cpp:
        (WebCore::operator<<):
        * dom/Position.h:
        * editing/VisiblePosition.cpp:
        (WebCore::operator<<):
        * editing/VisiblePosition.h:

2016-01-18  Zan Dobersek  <zdobersek@igalia.com>

        Sink the Vector<uint8_t> buffer into the SerializedScriptValue constructor
        https://bugs.webkit.org/show_bug.cgi?id=142634

        Reviewed by Darin Adler.

        Have the SerializedScriptValue constructor take in the Vector<uint8_t> buffer
        through an rvalue reference, avoiding the copying into the m_data member. The
        three-parameter constructor now takes in the Vector<String> blob URL object
        via const reference, and the std::unique_ptr<> object via a rvalue reference.

        Adjust all the call sites and affected code to now either move or copy a
        non-movable object into the SerializedScriptValue constructor or the helper
        methods.

        No new tests -- no change in behavior.

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::deserializeIDBValueDataToJSValue):
        (WebCore::deserializeIDBValueBuffer):
        (WebCore::idbValueDataToJSValue):
        * bindings/js/IDBBindingUtilities.h:
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        (WebCore::SerializedScriptValue::create):
        (WebCore::SerializedScriptValue::numberValue):
        (WebCore::SerializedScriptValue::undefinedValue):
        (WebCore::SerializedScriptValue::nullValue):
        * bindings/js/SerializedScriptValue.h:
        * testing/Internals.cpp:
        (WebCore::Internals::deserializeBuffer):

2016-01-18  Olivier Blin  <olivier.blin@softathome.com>

        [GStreamer] Remove unused m_endTime
        https://bugs.webkit.org/show_bug.cgi?id=153209

        Reviewed by Michael Catanzaro.

        m_endTime has been unused since r47710 in MediaPlayerPrivateGStreamer.

        No new tests since this is just a member cleanup.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:

2016-01-18  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the --minimal build due to missing VM.h include
        https://bugs.webkit.org/show_bug.cgi?id=153128

        Reviewed by Michael Catanzaro.

        * bindings/js/WebCoreJSBuiltinInternals.h:

2016-01-18  Csaba Osztrogonác  <ossy@webkit.org>

        Remove the SKIP_UNUSED_PARAM define
        https://bugs.webkit.org/show_bug.cgi?id=153129

        Reviewed by Michael Catanzaro.

        * bindings/js/WebCoreJSBuiltinInternals.cpp:
        (WebCore::JSBuiltinInternalFunctions::visit):
        (WebCore::JSBuiltinInternalFunctions::initialize):
        * bindings/js/WebCoreJSBuiltinInternals.h:

2016-01-17  Simon Fraser  <simon.fraser@apple.com>

        More displaylist tests, and minor cleanup
        https://bugs.webkit.org/show_bug.cgi?id=153198

        Reviewed by Zalan Bujtas.

        Have the DisplayListRecorder's constructor push the recorder onto the GraphicsContext,
        and remove that code from GraphicsLayerCA.

        Tests: displaylists/extent-includes-shadow.html
               displaylists/extent-includes-transforms.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):
        * platform/graphics/displaylists/DisplayListRecorder.cpp:
        (WebCore::DisplayList::Recorder::Recorder):

2016-01-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove TextRun::allowsRoundingHacks()
        https://bugs.webkit.org/show_bug.cgi?id=153185

        Reviewed by Simon Fraser.

        Rounding hacks are disallowed by default, and are only re-enabled on iOS 4 and
        earlier, which are not supported OSes. Because they are disallowed on all
        supported configurations, remove support for them wholesale.

        No new tests.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawTextInternal):
        * platform/graphics/FontCascade.cpp:
        * platform/graphics/FontCascade.h:
        (WebCore::FontCascade::isRoundingHackCharacter): Deleted.
        * platform/graphics/StringTruncator.cpp:
        (WebCore::stringWidth):
        (WebCore::truncateString):
        (WebCore::StringTruncator::centerTruncate):
        (WebCore::StringTruncator::rightTruncate):
        (WebCore::StringTruncator::width):
        (WebCore::StringTruncator::leftTruncate):
        (WebCore::StringTruncator::rightClipToCharacter):
        (WebCore::StringTruncator::rightClipToWord):
        * platform/graphics/StringTruncator.h:
        * platform/graphics/TextRun.cpp:
        (WebCore::TextRun::setAllowsRoundingHacks): Deleted.
        (WebCore::TextRun::allowsRoundingHacks): Deleted.
        * platform/graphics/TextRun.h:
        (WebCore::TextRun::TextRun):
        (WebCore::TextRun::applyRunRounding): Deleted.
        (WebCore::TextRun::applyWordRounding): Deleted.
        (WebCore::TextRun::disableRoundingHacks): Deleted.
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::advanceInternal):
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
        * platform/mac/DragImageMac.mm:
        (WebCore::widthWithFont): Deleted.
        (WebCore::drawAtPoint): Deleted.
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::fileTextValue):
        (WebCore::RenderFileUploadControl::paintObject): Deleted.
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::paintItemForeground):
        (WebCore::RenderListBox::updateFromElement): Deleted.
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::getAverageCharWidth): Deleted.
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::fileListNameForWidth):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::fileListNameForWidth):
        * rendering/svg/SVGInlineTextBox.cpp:
        (WebCore::SVGInlineTextBox::constructTextRun): Deleted.
        * rendering/svg/SVGTextMetrics.cpp:
        (WebCore::SVGTextMetrics::constructTextRun): Deleted.
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState): Deleted.
        (WebCore::Internals::allowRoundingHacks): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:

2016-01-16  Andreas Kling  <akling@apple.com>

        Allocate style sheet media queries in BumpArena.
        <https://webkit.org/b/153188>

        Reviewed by Antti Koivisto.

        Teach the CSS parser to allocate MediaQuery and MediaQueryExp from BumpArena as well.

        * css/CSSGrammar.y.in:
        * css/MediaQuery.h:
        * css/MediaQueryExp.h:

2016-01-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Add a couple comments to ScrollbarThemeGtk
        https://bugs.webkit.org/show_bug.cgi?id=153184

        Reviewed by Carlos Garcia Campos.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::paint):

2016-01-16  Andreas Kling  <akling@apple.com>

        Give RuleSet a BumpArena and start using it for RuleDataVectors.
        <https://webkit.org/b/153169>

        Reviewed by Antti Koivisto.

        Since RuleSet only supports appending rules and doesn't need to worry about removing them,
        it's a great candidate for BumpArena optimizations.

        Give each RuleSet its own BumpArena and teach them how to allocate RuleDataVector objects
        out of them.

        There are more things that can be done here, ideally all the sub-allocations inside RuleSet
        that happen via e.g Vector and HashMap would also come out of the BumpArena.

        * css/RuleSet.cpp:
        (WebCore::RuleSet::RuleSet):
        (WebCore::RuleSet::addToRuleSet):
        (WebCore::RuleSet::copyShadowPseudoElementRulesFrom):
        * css/RuleSet.h:
        (WebCore::RuleSet::RuleDataVector::create):
        (WebCore::RuleSet::RuleSet): Deleted.

2016-01-16  Simon Fraser  <simon.fraser@apple.com>

        Fix flakiness of displaylists/layer-dispay-list.html
        
        When toggling "uses display list drawing" on a GraphicsLayerCA, do
        a repaint.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::setUsesDisplayListDrawing):

2016-01-15  Simon Fraser  <simon.fraser@apple.com>

        Remove GraphicsContext::drawConvexPolygon() and GraphicsContext::clipConvexPolygon()
        https://bugs.webkit.org/show_bug.cgi?id=153174

        Reviewed by Zalan Bujtas.

        GraphicsContext::drawConvexPolygon() and GraphicsContext::clipConvexPolygon() were
        poorly named (non-convex polygons are allowed), and just syntactic sugar over
        clipPath() and drawPath().
        
        Remove them, but add a convenience function to create a Path from a Vector of 
        points. For CG, we can use the more efficient CGPathAddLines().
        
        Add TextStream dumping for Path.

        * platform/graphics/GraphicsContext.h:
        * platform/graphics/Path.cpp:
        (WebCore::Path::polygonPathFromPoints):
        (WebCore::Path::dump):
        (WebCore::operator<<):
        * platform/graphics/Path.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::setPlatformShouldAntialias):
        (WebCore::addConvexPolygonToContext): Deleted.
        (WebCore::GraphicsContext::drawConvexPolygon): Deleted.
        (WebCore::GraphicsContext::clipConvexPolygon): Deleted.
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::addConvexPolygonToPath): Deleted.
        (WebCore::GraphicsContext::drawConvexPolygon): Deleted.
        (WebCore::GraphicsContext::clipConvexPolygon): Deleted.
        * platform/graphics/cg/PathCG.cpp:
        (WebCore::Path::polygonPathFromPoints):
        (WebCore::Path::moveTo):
        (WebCore::Path::addLineTo):
        (WebCore::Path::addQuadCurveTo):
        (WebCore::Path::addBezierCurveTo):
        (WebCore::Path::addArcTo):
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::Item::sizeInBytes): Deleted.
        (WebCore::DisplayList::ClipConvexPolygon::ClipConvexPolygon): Deleted.
        (WebCore::DisplayList::ClipConvexPolygon::apply): Deleted.
        (WebCore::DisplayList::operator<<): Deleted.
        (WebCore::DisplayList::addConvexPolygonToPath): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::DrawConvexPolygon): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::localBounds): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::apply): Deleted.
        * platform/graphics/displaylists/DisplayListItems.h:
        (WebCore::DisplayList::ClipConvexPolygon::create): Deleted.
        (WebCore::DisplayList::ClipConvexPolygon::points): Deleted.
        (WebCore::DisplayList::ClipConvexPolygon::antialias): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::create): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::points): Deleted.
        (WebCore::DisplayList::DrawConvexPolygon::antialiased): Deleted.
        * platform/graphics/displaylists/DisplayListRecorder.cpp:
        (WebCore::DisplayList::Recorder::drawConvexPolygon): Deleted.
        (WebCore::DisplayList::Recorder::clipConvexPolygon): Deleted.
        * platform/graphics/displaylists/DisplayListRecorder.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::clipBorderSidePolygon):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::drawLineForBoxSide):
        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintMenuListButtonDecorations):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintMenuListButtonDecorations):

2016-01-16  Jeremy Huddleston Sequoia  <jeremyhu@apple.com>

        Add Platform.cpp to ANGLESupport

        https://bugs.webkit.org/show_bug.cgi?id=153120

        Reviewed by Darin Adler.

        No new tests, only addresses a build failure.

        * CMakeLists.txt:

2016-01-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] List box selections stopped working again with GTK+ from current git master
        https://bugs.webkit.org/show_bug.cgi?id=153122

        Reviewed by Michael Catanzaro.

        The problem is that the ListBox selection implementation is
        wrong. We are using a similar implementation to GtkEntry, but
        GtkTreeView doesn't have a child CSS node for selections.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::styleColor): Don't use a child style context for ListBox selections.
        (WebCore::createStyleContext): Remove ListBoxSelection.

2016-01-14  Carlos Garcia Campos  <cgarcia@igalia.com>

        [SOUP] Initialize HTTP version of ResourceResponse
        https://bugs.webkit.org/show_bug.cgi?id=153088

        Reviewed by Michael Catanzaro.

        * platform/network/soup/ResourceResponseSoup.cpp:
        (WebCore::ResourceResponse::updateFromSoupMessage):

2016-01-16  Myles C. Maxfield  <mmaxfield@apple.com>

        Tiny cleanup in FontFaceComparator
        https://bugs.webkit.org/show_bug.cgi?id=153044

        Reviewed by Zalan Bujtas.

        This is a follow-up patch to r194923.

        No new tests because there is no behavior change.

        * css/CSSFontSelector.cpp:
        (WebCore::FontFaceComparator::FontFaceComparator):
        (WebCore::FontFaceComparator::operator()):

2016-01-15  Jiewen Tan  <jiewen_tan@apple.com>

        FrameLoaderClient::didReceiveServerRedirectForProvisionalLoadForFrame() is never called when loading a main resource from the memory cache
        https://bugs.webkit.org/show_bug.cgi?id=152520
        <rdar://problem/23305737>

        Reviewed by Andy Estes.

        Test: http/tests/loading/server-redirect-for-provisional-load-caching.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):
        Dispatch message to notify client that a cached resource was redirected. So,
        client can make proper actions to treat server side redirection.
        * loader/cache/CachedRawResource.h:
        Add a method to tell whether the cached resource was redirected.

2016-01-15  Chris Dumez  <cdumez@apple.com>

        Drop obsolete HTMLDocument.width / height attributes
        https://bugs.webkit.org/show_bug.cgi?id=153144

        Reviewed by Ryosuke Niwa.

        Drop obsolete HTMLDocument.width / height attributes as these are
        obsolete and already not supported by other major browsers (tested
        Firefox and Chrome).

        No new tests, already covered by existing tests.

        * html/HTMLDocument.idl:

2016-01-15  Chris Dumez  <cdumez@apple.com>

        Drop obsolete DocumentType.entities / notations
        https://bugs.webkit.org/show_bug.cgi?id=153147

        Reviewed by Ryosuke Niwa.

        Drop obsolete DocumentType.entities / notations attributes.

        Firefox and Chrome already dropped those. We already dropped support for
        entities and notations so these always returned null.

        No new tests, already covered by existing tests.

        * dom/DocumentType.h:
        * dom/DocumentType.idl:

2016-01-10  Simon Fraser  <simon.fraser@apple.com>

        Make a way to test display-list drawing
        https://bugs.webkit.org/show_bug.cgi?id=152956

        Reviewed by Ryosuke Niwa.

        Make it possible to toggle display-list drawing for a given compositing
        layer via internals, as well as getting a textual representation of the display
        list, optionally including items with platform-specific behavior.
        
        Add one test that uses this.

        Test: displaylists/layer-dispay-list.html

        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::displayListAsText):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::displayListAsText):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::shouldDumpForFlags):
        (WebCore::DisplayList::DisplayList::asText):
        * platform/graphics/displaylists/DisplayList.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::setUsesDisplayListDrawing):
        (WebCore::RenderLayerBacking::displayListAsText):
        * rendering/RenderLayerBacking.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setElementUsesDisplayListDrawing):
        (WebCore::Internals::displayListForElement):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-01-15  Olivier Blin  <olivier.blin@softathome.com>

        Fix audio build with video disabled
        https://bugs.webkit.org/show_bug.cgi?id=153134

        Reviewed by Michael Catanzaro.

        Build fails when WebAudio is enabled but VIDEO disabled.

        No new tests since this is a build fix only.

        * platform/audio/PlatformMediaSession.cpp:
        * platform/audio/PlatformMediaSession.h:
        * platform/audio/PlatformMediaSessionManager.cpp:
        * testing/Internals.cpp:
        (WebCore::Internals::setAudioContextRestrictions):

2016-01-15  Olivier Blin  <olivier.blin@softathome.com>

        [GTK] Fix build of RenderThemeGtk without VIDEO by including HTMLInputElement
        https://bugs.webkit.org/show_bug.cgi?id=153133

        Reviewed by Michael Catanzaro.

        Build was fine with VIDEO enabled, since HTMLInputElement.h was
        included by transitivity through MediaControlElements.h and
        MediaControlElementTypes.h.

        This seems to be broken since r194847.

        No new tests since this is just a build fix.

        * rendering/RenderThemeGtk.cpp:

2016-01-15  Ryosuke Niwa  <rniwa@webkit.org>

        createElementNS and createAttributeNS should treat undefined namespaceURI as null string
        https://bugs.webkit.org/show_bug.cgi?id=153119

        Reviewed by Chris Dumez.

        Treat undefined as null in document.createElementNS and document.createAttributeNS as defined in:
        https://dom.spec.whatwg.org/#document

        Test: fast/dom/Document/createAttributeNS-undefined-namespace.html

        * dom/Document.idl:

2016-01-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Font features are not applied to the system font
        https://bugs.webkit.org/show_bug.cgi?id=153053

        Reviewed by Dean Jackson.

        We simply need to call preparePlatformFont() on it.

        Test: fast/text/system-font-features.html

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::fontWithFamily):

2016-01-15  Tim Horton  <timothy_horton@apple.com>

        Data detector yellow highlight location is vertically mirrored in WebKit1
        https://bugs.webkit.org/show_bug.cgi?id=152216
        <rdar://problem/23848003>

        Reviewed by Beth Dakin.

        No new tests, because we currently have no decent mechanism for testing
        where TextIndicator/Lookup/DataDetectors actually make it to the screen,
        nor for synthetic force-click in WebKit1.

        * editing/mac/DictionaryLookup.h:
        * editing/mac/DictionaryLookup.mm:
        (WebCore::showPopupOrCreateAnimationController):
        (WebCore::DictionaryLookup::showPopup):
        (WebCore::DictionaryLookup::animationControllerForPopup):
        Add an optional function for converting between root-FrameView and
        handed-in-NSView coordinates, and use it to convert textBoundingRectInRootViewCoordinates
        into the coordinates of the WebView.

2016-01-15  Joseph Pecoraro  <pecoraro@apple.com>

        Media Query (-webkit-video-playable-inline) is failing as an invalid media query expression
        https://bugs.webkit.org/show_bug.cgi?id=153111

        Reviewed by Dean Jackson.

        Test: fast/media/video-playable-inline-media-query.html

        * css/MediaQueryEvaluator.cpp:
        (WebCore::video_playable_inlineMediaFeatureEval):
        (WebCore::isRunningOnIPhoneOrIPod): Deleted.
        Make the media query work regardless of the platform.
        It should just check the web view's settings.

        * css/MediaQueryExp.cpp:
        (WebCore::featureWithoutValue):
        This media query expects no value, include it in the list
        so it is not treated as invalid.

2016-01-15  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: canHaveChildren() || canHaveGeneratedChildren() in WebCore::RenderElement::insertChildInternal
        https://bugs.webkit.org/show_bug.cgi?id=123331

        Reviewed by Darin Adler.

        Do not set named flow fragment bit on the flow until after the renderer is attached. Setting/resetting it too early
        could affect the attach/detach process itself (This is similar to attaching a multi column flow thread).

        Test: fast/regions/input-box-with-region-assert.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::willBeDestroyed):
        (WebCore::RenderBlockFlow::createRenderNamedFlowFragmentIfNeeded):
        (WebCore::RenderBlockFlow::setRenderNamedFlowFragment):

2016-01-15  Simon Fraser  <simon.fraser@apple.com>

        Add kdebug_trace signposts for a few WebCore operations
        https://bugs.webkit.org/show_bug.cgi?id=153136
        rdar://problem/24208487

        Reviewed by Sam Weinig.

        Add trace points for style recalc, layout, view painting and layer painting.

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):
        * page/FrameView.cpp:
        (WebCore::FrameView::layout):
        (WebCore::FrameView::paintContents):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::platformCALayerPaintContents):

2016-01-15  Andreas Kling  <akling@apple.com>

        Use BumpArena for style sheet object tree.
        <https://webkit.org/b/152696>

        Reviewed by Antti Koivisto.

        Give each StyleSheetContents its own BumpArena, and plumb it down through CSSParser
        to allocate StyleRule, StyleProperties and CSSSelectorList's selector arrays there.

        This basically means that most objects that make up a given style sheet will end up
        in one (or a few) contiguous region(s) of memory, instead of being scattered all
        over the malloc heap.

        In the common case (no CSSOM manipulation), the lifetimes of these objects are very
        predictable: everything tends to die when the StyleSheetContents dies.
        This dramatically improves space-efficiency in those cases, and allows us to return
        contiguous chunks of memory to the system once a style sheet is no longer needed.

        One-off CSS parses that don't work within a StyleSheetContents context will have
        their StyleRules & co allocated through FastMalloc just like before.

        Bonus: give SelectorQueryCache a dedicated BumpArena as well, since it has very
        predictable lifetime.

        * css/CSSGrammar.y.in:
        * css/CSSKeyframesRule.h:
        (WebCore::StyleRuleKeyframes::create):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::createStyleProperties):
        (WebCore::CSSParser::createMediaRule):
        (WebCore::CSSParser::createSupportsRule):
        (WebCore::CSSParser::createKeyframesRule):
        (WebCore::CSSParser::setArena):
        (WebCore::CSSParser::arena):
        (WebCore::CSSParser::createStyleRule):
        (WebCore::CSSParser::createFontFaceRule):
        (WebCore::CSSParser::createPageRule):
        (WebCore::CSSParser::createRegionRule):
        (WebCore::CSSParser::createViewportRule):
        * css/CSSParser.h:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector):
        (WebCore::CSSParserSelector::adoptSelectorVector):
        * css/CSSParserValues.h:
        * css/CSSSelectorList.cpp:
        (WebCore::CSSSelectorList::CSSSelectorList):
        (WebCore::CSSSelectorList::adoptSelectorVector):
        (WebCore::CSSSelectorList::deleteSelectors):
        * css/CSSSelectorList.h:
        * css/StyleProperties.cpp:
        (WebCore::ImmutableStyleProperties::create):
        (WebCore::StyleProperties::immutableCopyIfNeeded):
        * css/StyleProperties.h:
        * css/StyleRule.cpp:
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):
        (WebCore::StyleRuleRegion::StyleRuleRegion):
        * css/StyleRule.h:
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::parserAdoptSelectorVector):
        (WebCore::StyleRuleFontFace::create):
        (WebCore::StyleRulePage::create):
        (WebCore::StyleRulePage::parserAdoptSelectorVector):
        (WebCore::StyleRuleMedia::create):
        (WebCore::StyleRuleSupports::create):
        (WebCore::StyleRuleRegion::create):
        (WebCore::StyleRuleViewport::create):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::parseStringAtPosition):
        * css/StyleSheetContents.h:
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorQueryCache::SelectorQueryCache):
        (WebCore::SelectorQueryCache::add):
        * dom/SelectorQuery.h:
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::SVGFontFaceElement):

2016-01-15  Dave Hyatt  <hyatt@apple.com>

        Avoid downloading the wrong image for <picture> elements.
        https://bugs.webkit.org/show_bug.cgi?id=153027

        Reviewed by Dean Jackson.

        No tests, since they are always flaky.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::~HTMLImageElement):
        (WebCore::HTMLImageElement::createForJSConstructor):
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        (WebCore::HTMLImageElement::insertedInto):
        (WebCore::HTMLImageElement::removedFrom):
        (WebCore::HTMLImageElement::pictureElement):
        (WebCore::HTMLImageElement::setPictureElement):
        (WebCore::HTMLImageElement::width):
        * html/HTMLImageElement.h:
        (WebCore::HTMLImageElement::hasShadowControls):
        * html/HTMLPictureElement.h:
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createHTMLElement):
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):

        Images that are built underneath a <picture> element are now connected
        to that picture element via a setPictureNode call from the parser. This
        ensures that the correct <source> elements are examined before checking the image.

        This connection between images and their picture owners is handled using a static
        HashMap in HTMLImageElement. This connection is made both from the parser and from
        DOM insertions, and the map is queried now instead of looking directly at the
        image's parentNode().

2016-01-15  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Expose ReadableStream and relatives to Worker
        https://bugs.webkit.org/show_bug.cgi?id=152066

        Reviewed by Darin Adler.

        Covered by rebased tests.

        * Modules/streams/ByteLengthQueuingStrategy.idl:
        * Modules/streams/CountQueuingStrategy.idl:
        * Modules/streams/ReadableStream.idl:
        * Modules/streams/ReadableStreamController.idl:
        * Modules/streams/ReadableStreamReader.idl:

2016-01-15  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        CORS: Fix the handling of redirected request containing Origin null.
        https://bugs.webkit.org/show_bug.cgi?id=128816

        Reviewed by Brent Fulgham.

        Merging Blink patch from George Ancil (https://chromiumcodereview.appspot.com/20735002).

        This patch removes the check for securityOrigin->isUnique() in passesAccessControlCheck().
        This check prevented a redirected request with "Origin: null" from being
        successful even when the response contains "Access-Control-Allow-Origin: null"

        Tests: http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-origin-null.html
               http/tests/xmlhttprequest/redirect-cors-origin-null.html

        * loader/CrossOriginAccessControl.cpp:
        (WebCore::passesAccessControlCheck):

2016-01-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195064.
        https://bugs.webkit.org/show_bug.cgi?id=153118

        test fails most of the time (Requested by alexchristensen on
        #webkit).

        Reverted changeset:

        "Avoid downloading the wrong image for <picture> elements."
        https://bugs.webkit.org/show_bug.cgi?id=153027
        http://trac.webkit.org/changeset/195064

2016-01-14  Ryosuke Niwa  <rniwa@webkit.org>

        createElement should not lowercase non-ASCII characters
        https://bugs.webkit.org/show_bug.cgi?id=153114

        Reviewed by Alex Christensen.

        According to step 2 in https://dom.spec.whatwg.org/#dom-document-createelement, document.createElement should not
        lowercase non-ASCII letters, and this is also what Firefox does. Match that behavior by lowercasing the tag name
        by convertToASCIILowercase() instead of lower() in createElement.

        Also merged HTMLDocument::createElement into Document::createElement for simplicity and avoid duplicating
        the call to isValidName and setting a DOM exception.

        No new tests since the behavior change is covered by the existing W3C tests.

        * dom/Document.cpp:
        (WebCore::Document::createElement): Create a HTML element with ASCII-lowercased tag name inside a HTML document.
        * dom/Document.h:
        * html/HTMLDocument.cpp:
        (WebCore::addLocalNameToSet):
        (WebCore::HTMLDocument::createElement): Merged into Document::createElement.
        * html/HTMLDocument.h:

2016-01-14  Brady Eidson  <beidson@apple.com>

        Modern IDB: Support opening and deleting SQLite databases on disk.
        https://bugs.webkit.org/show_bug.cgi?id=153084

        Reviewed by Alex Christensen, Sam Weinig and Andy Estes (oh my!).

        No new tests (Infrastructure, no testable change in behavior).

        * Modules/indexeddb/IDBDatabaseIdentifier.cpp:
        (WebCore::IDBDatabaseIdentifier::databaseDirectoryRelativeToRoot):
        * Modules/indexeddb/IDBDatabaseIdentifier.h:

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::create):
        (WebCore::IDBServer::IDBServer::IDBServer):
        (WebCore::IDBServer::IDBServer::createBackingStore):
        * Modules/indexeddb/server/IDBServer.h:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
        (WebCore::IDBServer::SQLiteIDBBackingStore::SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h:

        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::create):
        (WebCore::InProcessIDBServer::InProcessIDBServer):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

2016-01-14  Myles C. Maxfield  <mmaxfield@apple.com>

        Mixing Content Blocking of fonts and display:none rules causes battery drain
        https://bugs.webkit.org/show_bug.cgi?id=153051
        <rdar://problem/23187709>

        Reviewed by Alex Christensen.

        If we have applied a rule before and we are not applying it again, don't
        resolve the style again.

        Test: http/tests/contentextensions/font-display-none-repeated-layout.html

        * contentextensions/ContentExtensionStyleSheet.cpp:
        (WebCore::ContentExtensions::ContentExtensionStyleSheet::addDisplayNoneSelector):
        * contentextensions/ContentExtensionStyleSheet.h:
        * dom/ExtensionStyleSheets.cpp:
        (WebCore::ExtensionStyleSheets::addDisplayNoneSelector):

2016-01-14  Ryosuke Niwa  <rniwa@webkit.org>

        Add document.defineCustomElement
        https://bugs.webkit.org/show_bug.cgi?id=153092

        Reviewed by Chris Dumez.

        Added document.defineCustomElement and added a constructor to HTMLElement which can be called
        as "super" in a subclass of HTMLElement. This is a prototype of new custom elements API and
        willfully violates the current specification at http://w3c.github.io/webcomponents/spec/custom/

        Each author defined class can define multiple elements using distinct tag names. In such cases,
        the super call must specify the tag name. e.g.

        class SomeCustomElement extends HTMLElement { constructor(name) { super(name); } }
        document.defineCustomElement('some-custom-element', SomeCustomElement);
        document.defineCustomElement('other-custom-element', SomeCustomElement);
        new SomeCustomElement('some-custom-element');

        When a class is associated with exactly one tag name, the argument can be omitted. e.g.

        class AnotherCustomElement extends HTMLElement {}
        document.defineCustomElement('another-custom-element', AnotherCustomElement);
        new AnotherCustomElement();

        We allow only subclassing of HTMLElement and only in (X)HTML namespace.

        Tests: fast/custom-elements/Document-defineCustomElement.html
               fast/custom-elements/HTMLElement-constructor.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * bindings/js/JSCustomElementInterface.cpp: Added. Abstracts an author-defined class associated
        with a custom element. It's a Active DOM object and lives until the associated document dies.
        (WebCore::JSCustomElementInterface::JSCustomElementInterface):
        (WebCore::JSCustomElementInterface::~JSCustomElementInterface):
        * bindings/js/JSCustomElementInterface.h: Added.
        (WebCore::JSCustomElementInterface::create):
        (WebCore::JSCustomElementInterface::scriptExecutionContext):
        (WebCore::JSCustomElementInterface::constructor):

        * bindings/js/JSDocumentCustom.cpp:
        (WebCore::JSDocument::defineCustomElement): Added. Define a custom element by associating a tag
        name with an author defined JS class after validating arguments.

        * bindings/js/JSHTMLElementCustom.cpp:
        (WebCore::constructJSHTMLElement): Added. Look up the tag name based on new.target if one is not
        specified. If a tag name is specified, check that new.target is associated with the tag name.

        * dom/CustomElementDefinitions.cpp: Added.
        (WebCore::CustomElementDefinitions::checkName): Added. Restricts tag names similarly to
        http://w3c.github.io/webcomponents/spec/custom/#dfn-custom-element-type
        (WebCore::CustomElementDefinitions::defineElement): Added. Associates a JS class with a tag name.
        (WebCore::CustomElementDefinitions::findInterface): Added. Finds a JS class by a tag name.
        (WebCore::CustomElementDefinitions::findName): Added. Finds a tag name by a JS class.
        * dom/CustomElementDefinitions.h: Added.
        (WebCore::CustomElementDefinitions::CustomElementInfo): Added.

        * dom/Document.cpp:
        (WebCore::Document::ensureCustomElementDefinitions): Added.
        * dom/Document.h:
        (WebCore::Document::customElementDefinitions): Added.

        * dom/Document.idl:
        * html/HTMLElement.idl:

2016-01-14  Simon Fraser  <simon.fraser@apple.com>

        Remove workaround for rdar://problem/23623670
        https://bugs.webkit.org/show_bug.cgi?id=153107
        rdar://problem/23633319

        Reviewed by Tim Horton.

        Remove the code that uses IOSurfaceAcceleratorTransformSurface() when copying from
        back-to-front buffer, now that CGIOSurfaceContextCreate()-code path works correctly.

        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::ensurePlatformContext):
        (IOSurface::copyToSurface): Deleted.

2016-01-14  Beth Dakin  <bdakin@apple.com>

        WK1 and WK2 should share more candidate request code
        https://bugs.webkit.org/show_bug.cgi?id=153108

        Reviewed by Simon Fraser.

        requestCandidatesForSelection() does not need to be exposed as an 
        EditorClient function. WK1 can just call invoke this code from the existing 
        respondToChangedSelection EditorClient function, which is what WK2 does.
        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection):
        * loader/EmptyClients.h:
        * page/EditorClient.h:
        (WebCore::EditorClient::supportsGlobalSelection):

2016-01-14  Beth Dakin  <bdakin@apple.com>

        WK2: Request completion candidates when needed
        https://bugs.webkit.org/show_bug.cgi?id=153040
        -and corresponding-
        rdar://problem/24155631

        Reviewed by Enrica Casucci and Tim Horton.

        Helper functions for stringForCandidateRequest() and 
        handleAcceptedCandidate()
        * editing/Editor.cpp:
        (WebCore::candidateRangeForSelection):
        (WebCore::candidateWouldReplaceText):

        Request candidates for the word that is currently being typed so long as the 
        candidate would replace that word. Otherwise, use String().
        (WebCore::Editor::stringForCandidateRequest):

        When a candidate has been accepted, insert the text.
        (WebCore::Editor::handleAcceptedCandidate):
        * editing/Editor.h:

2016-01-14  Daniel Bates  <dabates@apple.com>

        Disallow use of Geolocation service from unique origins
        https://bugs.webkit.org/show_bug.cgi?id=153102
        <rdar://problem/23055645>

        Reviewed by Alexey Proskuryakov.

        Tests: fast/dom/Geolocation/dataURL-getCurrentPosition.html
               fast/dom/Geolocation/dataURL-watchPosition.html
               fast/dom/Geolocation/srcdoc-getCurrentPosition.html
               fast/dom/Geolocation/srcdoc-watchPosition.html
               http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html
               http/tests/security/sandboxed-iframe-geolocation-watchPosition.html

        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::securityOrigin): Convenience function to get the SecurityOrigin object
        associated with this script execution context.
        (WebCore::Geolocation::startRequest): Notify requester POSITION_UNAVAILABLE when requested
        from a document with a unique origin.
        * Modules/geolocation/Geolocation.h:
        * page/SecurityOrigin.h:
        (WebCore::SecurityOrigin::canRequestGeolocation): Added.

2016-01-14  Daniel Bates  <dabates@apple.com>

        [XSS Auditor] Extract attribute truncation logic and formalize string canonicalization
        https://bugs.webkit.org/show_bug.cgi?id=152874

        Reviewed by Brent Fulgham.

        Derived from Blink patch (by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=176339&view=revision>

        Extract the src-like and script-like attribute truncation logic into independent functions
        towards making it more straightforward to re-purpose this logic. Additionally, formalize the
        concept of string canonicalization as a member function that consolidates the process of
        decoding URL escape sequences, truncating the decoded string (if applicable), and removing
        characters that are considered noise.

        * html/parser/XSSAuditor.cpp:
        (WebCore::truncateForSrcLikeAttribute): Extracted from XSSAuditor::decodedSnippetForAttribute().
        (WebCore::truncateForScriptLikeAttribute): Ditto.
        (WebCore::XSSAuditor::init): Write in terms of XSSAuditor::canonicalize().
        (WebCore::XSSAuditor::filterCharacterToken): Updated to make use of formalized canonicalization methods.
        (WebCore::XSSAuditor::filterScriptToken): Ditto.
        (WebCore::XSSAuditor::filterObjectToken): Ditto.
        (WebCore::XSSAuditor::filterParamToken): Ditto.
        (WebCore::XSSAuditor::filterEmbedToken): Ditto.
        (WebCore::XSSAuditor::filterAppletToken): Ditto.
        (WebCore::XSSAuditor::filterFrameToken): Ditto.
        (WebCore::XSSAuditor::filterInputToken): Ditto.
        (WebCore::XSSAuditor::filterButtonToken): Ditto.
        (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected): Ditto.
        (WebCore::XSSAuditor::eraseAttributeIfInjected): Updated code to use early return style and avoid an unnecessary string
        comparison when we know that a src attribute was injected.
        (WebCore::XSSAuditor::canonicalizedSnippetForTagName): Renamed; formerly known as XSSAuditor::decodedSnippetForName(). Updated
        to make use of XSSAuditor::canonicalize().
        (WebCore::XSSAuditor::snippetFromAttribute): Renamed; formerly known as XSSAuditor::decodedSnippetForAttribute(). Moved
        truncation logic from here to WebCore::truncateFor{Script, Src}LikeAttribute.
        (WebCore::XSSAuditor::canonicalize): Added.
        (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Added.
        (WebCore::canonicalize): Deleted.
        (WebCore::XSSAuditor::decodedSnippetForName): Deleted.
        (WebCore::XSSAuditor::decodedSnippetForAttribute): Deleted.
        (WebCore::XSSAuditor::decodedSnippetForJavaScript): Deleted.
        * html/parser/XSSAuditor.h: Define enum class for the various attribute truncation styles.

2016-01-14  Daniel Bates  <dabates@apple.com>

        [XSS Auditor] Partial bypass when web server collapses path components
        https://bugs.webkit.org/show_bug.cgi?id=152872

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=167610&view=revision>

        Test: http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::isNonCanonicalCharacter):
        (WebCore::XSSAuditor::init):
        (WebCore::XSSAuditor::decodedSnippetForName):
        (WebCore::XSSAuditor::decodedSnippetForAttribute):
        (WebCore::XSSAuditor::decodedSnippetForJavaScript):
        (WebCore::fullyDecodeString): Deleted.

2016-01-14  Beth Dakin  <bdakin@apple.com>

        imported/blink/editing/text-iterator/read-past-cloned-first-letter.html 
        crashes
        https://bugs.webkit.org/show_bug.cgi?id=153104
        -and corresponding-
        rdar://problem/24155631

        Reviewed by Simon Fraser.

        Though we merged the Blink test, we never merged Blink patch that fixed this 
        bug. So this is a merge of https://github.com/ChromiumWebApps/blink/commit/5a0d23d4368c661f621364339fde66b41ef019e5
        * editing/TextIterator.cpp:
        (WebCore::SimplifiedBackwardsTextIterator::handleFirstLetter):

2016-01-14  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !newRelayoutRoot.container() || !newRelayoutRoot.container()->needsLayout() in WebCore::FrameView::scheduleRelayoutOfSubtree
        https://bugs.webkit.org/show_bug.cgi?id=151605#c1

        Reviewed by David Hyatt.

        Do not let RenderMultiColumnSet/RenderFlowThread mark ancestors dirty while updating scrollbars
        for overflow content. While updating scrollbars, we only layout descendants so marking parents dirty
        is unnecessary and could lead to an invalid dirty state.

        Test: fast/multicol/body-stuck-with-dirty-bit-with-columns.html

        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::layoutSpecialExcludedChild):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::invalidateRegions):
        * rendering/RenderFlowThread.h:
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::prepareForLayout):

2016-01-14  Dave Hyatt  <hyatt@apple.com>

        Avoid downloading the wrong image for <picture> elements.
        https://bugs.webkit.org/show_bug.cgi?id=153027

        Reviewed by Dean Jackson.

        Added test in fast/picture.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::~HTMLImageElement):
        (WebCore::HTMLImageElement::createForJSConstructor):
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        (WebCore::HTMLImageElement::insertedInto):
        (WebCore::HTMLImageElement::removedFrom):
        (WebCore::HTMLImageElement::pictureElement):
        (WebCore::HTMLImageElement::setPictureElement):
        (WebCore::HTMLImageElement::width):
        * html/HTMLImageElement.h:
        (WebCore::HTMLImageElement::hasShadowControls):
        * html/HTMLPictureElement.h:
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createHTMLElement):
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):

        Images that are built underneath a <picture> element are now connected
        to that picture element via a setPictureNode call from the parser. This
        ensures that the correct <source> elements are examined before checking the image.

        This connection between images and their picture owners is handled using a static
        HashMap in HTMLImageElement. This connection is made both from the parser and from
        DOM insertions, and the map is queried now instead of looking directly at the
        image's parentNode().

2016-01-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r195002.
        https://bugs.webkit.org/show_bug.cgi?id=153098

        Crashes many/most editing tests (Requested by ap on #webkit).

        Reverted changeset:

        "WK2: Request completion candidates when needed"
        https://bugs.webkit.org/show_bug.cgi?id=153040
        http://trac.webkit.org/changeset/195002

2016-01-14  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [EFL] Hyphenation can never work in practice due to requirements on lang tags
        https://bugs.webkit.org/show_bug.cgi?id=147310

        Reviewed by Michael Catanzaro.

        Test: platform/gtk/fast/text/hyphenate-flexible-locales.html

        * platform/text/hyphen/HyphenationLibHyphen.cpp: Make locale matching for dictionary
        selection a lot looser by matching case insensitively, matching multiple dictionaries
        when only the language is specified, and ignoring the difference between '_' and '-' in
        the locale name.
        (WebCore::scanDirectoryForDicionaries): Now produce HashMap of Vectors instead of a single
        path for each locale. Also add alternate entries to handle different ways of specifying
        the locale.
        (WebCore::scanTestDictionariesDirectoryIfNecessary): Update to handle the difference
        in HashMap type.
        (WebCore::availableLocales): Ditto.
        (WebCore::canHyphenate): Also look for the lowercased version of the locale.
        (WebCore::AtomicStringKeyedMRUCache<RefPtr<HyphenationDictionary>>::createValueForKey):
        Key on the dictionary path now so that we can load more than one dictionary per locale.
        (WebCore::lastHyphenLocation): Iterate through each matched dictionary in turn.

2016-01-14  Per Arne Vollan  <peavo@outlook.com>

        [Win] Remove workarounds for fixed bugs in fmod and pow.
        https://bugs.webkit.org/show_bug.cgi?id=153071

        Reviewed by Brent Fulgham.

        Compile fix, help MSVC pick correct pow overload.

        * rendering/shapes/BoxShape.cpp:
        (WebCore::adjustRadiusForMarginBoxShape):

2016-01-14  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Fix problems with cross-origin redirects
        https://bugs.webkit.org/show_bug.cgi?id=116075

        Reviewed by Daniel Bates.

        Merging https://chromium.googlesource.com/chromium/blink/+/7ea774e478f84f355748108d2aaabca15355d512 by Ken Russell
        Same origin redirect responses leading to cross-origin requests were checked as cross-origin redirect responses.
        Introduced ClientRequestedCredentials to manage whether credentials are needed or not in the cross-origin request.

        In addition to Blink patch, it was needed to update some loaders with the newly introduced ClientRequestedCredentials parameter.
        Added the clearing of "Accept-Encoding" header from cross-origin requests as Mac HTTP network layer is adding it for same-origin requests.

        Test: http/tests/xmlhttprequest/access-control-and-redirects-async-same-origin.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource): Added new security parameter (from Blink patch).
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::redirectReceived): Updated checks so that same origin redirections are not treated as cross origin redirections (from Blink patch).
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::start):
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Added new security parameter.
        * loader/ResourceLoaderOptions.h:
        (WebCore::ResourceLoaderOptions::ResourceLoaderOptions): Added new security parameter (from Blink patch).
        (WebCore::ResourceLoaderOptions::credentialRequest):
        (WebCore::ResourceLoaderOptions::setCredentialRequest):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Ditto.
        (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Ditto.
        * loader/icon/IconLoader.cpp:
        (WebCore::IconLoader::startLoading): Added new security parameter.
        * page/EventSource.cpp:
        (WebCore::EventSource::connect): Added new security parameter (from Blink patch).
        * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
        (WebCore::WebCoreAVCFResourceLoader::startLoading): Added new security parameter.
        * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
        (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
        * platform/network/ResourceHandleTypes.h: Added new security parameter constants (from Blink patch).
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::clearHTTPAcceptEncoding): Function to remove "Accept-Encoding" header.
        * platform/network/ResourceRequestBase.h: Ditto.
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::createRequest): Added new security parameter.

2016-01-13  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing more post-review comments after r194566

        Unreviewed.

        No new tests because there is no behavior change.

        * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
        (WebCore::topLanguagePreference):

2016-01-13  Alex Christensen  <achristensen@webkit.org>

        Implement custom protocols when using NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=153078

        Reviewed by Andy Estes.

        No new tests, but this makes the WebKit2CustomProtocolsTest api tests pass when using NetworkSession.

        * WebCore.xcodeproj/project.pbxproj:
        Make NSURLConnectionSPI.h private so we can include it from within WebKit2.

2016-01-13  Brent Fulgham  <bfulgham@apple.com>

        Cross-protocol, cross-site scripting (XPSS) using HTML forms
        https://bugs.webkit.org/show_bug.cgi?id=153017
        <rdar://problem/5873254>

        Reviewed by David Kilzer.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived): If response HTTP version is 0.9,
        sandbox against script execution and plugins.
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::didReceiveResponse): Ditto.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::didReceiveResponse): Ditto.
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::adopt): Update for HTTP version.
        (WebCore::ResourceResponseBase::copyData): Ditto.
        (WebCore::ResourceResponseBase::httpVersion): Added.
        (WebCore::ResourceResponseBase::setHTTPVersion): Ditto.
        * platform/network/ResourceResponseBase.h:
        (WebCore::ResourceResponseBase::encode): Update for HTTP version.
        (WebCore::ResourceResponseBase::decode): Ditto.
        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::platformLazyInit): Capture HTTP version.
        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::platformLazyInit): Ditto.

2016-01-13  Beth Dakin  <bdakin@apple.com>

        WK2: Request completion candidates when needed
        https://bugs.webkit.org/show_bug.cgi?id=153040
        -and corresponding-
        rdar://problem/24155631

        Reviewed by Enrica Casucci.

        Helper functions for stringForCandidateRequest() and 
        handleAcceptedCandidate()
        * editing/Editor.cpp:
        (WebCore::candidateRangeForSelection):
        (WebCore::candidateWouldReplaceText):

        Request candidates for the word that is currently being typed so long as the 
        candidate would replace that word. Otherwise, use String().
        (WebCore::Editor::stringForCandidateRequest):

        When a candidate has been accepted, insert the text.
        (WebCore::Editor::handleAcceptedCandidate):
        * editing/Editor.h:

2016-01-13  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments after r194566

        Unreviewed.

        No new tests because there is no behavior difference.

        * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
        (WebCore::textBreakLocalePreference):
        (WebCore::topLanguagePreference):
        (WebCore::getSearchLocale):
        (WebCore::getTextBreakLocale):
        (WebCore::canonicalLanguageIdentifier): Deleted.

2016-01-12  Ryosuke Niwa  <rniwa@webkit.org>

        formaction must return document's address when formaction is missing
        https://bugs.webkit.org/show_bug.cgi?id=148874

        Reviewed by Chris Dumez.

        Fixed the bug by falling back to document.url() when the attribute is not set or is empty in formAction getter.

        Test: fast/forms/formaction-attribute-with-empty-value.html

        * html/HTMLButtonElement.idl:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::formAction): Added.
        (WebCore::HTMLFormControlElement::setFormAction): Added.
        * html/HTMLFormControlElement.h:
        * html/HTMLInputElement.idl:

2016-01-13  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r194900.

        Roll back in as this did not actually regress PLT

        Reverted changeset:

        "Unreviewed, rolling out r194826."
        https://bugs.webkit.org/show_bug.cgi?id=153020
        http://trac.webkit.org/changeset/194900

2016-01-13  Konstantin Tokarev  <annulen@yandex.ru>

        Removed empty #if block from Font.h
        https://bugs.webkit.org/show_bug.cgi?id=153067

        Reviewed by Alex Christensen.

        No new tests needed.

        * platform/graphics/Font.h:
        (WebCore::Font::scriptCache): Deleted.

2016-01-13  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Consistently use virtual and override specifiers in ScrollbarThemeGtk
        https://bugs.webkit.org/show_bug.cgi?id=153076

        Reviewed by Alex Christensen.

        No behavior change.

        * platform/gtk/ScrollbarThemeGtk.h:

2016-01-13  Daniel Bates  <dabates@apple.com>

        Cleanup: XSS Auditor should avoid re-evaluating the parsed script tag
        https://bugs.webkit.org/show_bug.cgi?id=152870

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?revision=154354&view=revision>

        Although the XSS Auditor caches the decoded start tag of a script as an optimization to
        avoid decoding it again when filtering the character data of the script, it is sufficient
        to cache whether the HTTP response contains the decoded start tag of a script. This
        avoids both decoding the start tag of a script and determining whether the HTTP response
        contains it again when filtering the character data of the script. Moreover, this removes
        the need to cache a string object.

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::filterCharacterToken):
        (WebCore::XSSAuditor::filterScriptToken):
        * html/parser/XSSAuditor.h:

2016-01-13  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194963.
        https://bugs.webkit.org/show_bug.cgi?id=153079

        This change causes ASan tests to crash and exit early
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "Fragmentation-free allocator for timeless and/or coupled
        allocations."
        https://bugs.webkit.org/show_bug.cgi?id=152696
        http://trac.webkit.org/changeset/194963

2016-01-13  Daniel Bates  <dabates@apple.com>

        [XSS Auditor] Do not include trailing comment characters in JavaScript snippets
        https://bugs.webkit.org/show_bug.cgi?id=152873

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?view=rev&revision=169967>

        Test: http/tests/security/xssAuditor/script-tag-with-injected-comment.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::decodedSnippetForJavaScript):

2016-01-13  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Add support for RTCRtpSender.replaceTrack()
        https://bugs.webkit.org/show_bug.cgi?id=153063

        Reviewed by Eric Carlson.

        Add the API and infrastructure to support RTCRtpSender.replaceTrack(). The platform is
        reached through the RTCPeerConnection object that created the RTCRtpSender via a client
        interface.

        Test: fast/mediastream/RTCRtpSender-replaceTrack.html

        * Modules/mediastream/MediaEndpointPeerConnection.cpp:
        (WebCore::MediaEndpointPeerConnection::replaceTrack):
        * Modules/mediastream/MediaEndpointPeerConnection.h:
        * Modules/mediastream/PeerConnectionBackend.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::addTrack):
        (WebCore::RTCPeerConnection::removeTrack):
        (WebCore::RTCPeerConnection::replaceTrack):
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCRtpSender.cpp:
        (WebCore::RTCRtpSender::RTCRtpSender):
        (WebCore::RTCRtpSender::replaceTrack):
        * Modules/mediastream/RTCRtpSender.h:
        (WebCore::RTCRtpSenderClient::~RTCRtpSenderClient):
        (WebCore::RTCRtpSender::create):
        (WebCore::RTCRtpSender::trackId):
        (WebCore::RTCRtpSender::stop):
        * Modules/mediastream/RTCRtpSender.idl:

2016-01-13  Brady Eidson  <beidson@apple.com>

        Modern IDB: A few cursor tests are flaky because JS wrappers are GC'ed.
        https://bugs.webkit.org/show_bug.cgi?id=153038

        Reviewed by Alex Christensen.

        No new tests (Couldn't write a test that was any more reliable than "flaky", so fixing the existing flaky tests will do).

        And IDBCursor has an associated IDBRequest that is re-used each time the IDBCursor iterates.
        
        The normal ActiveDOMObject approach to prevent the IDBRequest's wrapper from being garbage collected was not good enough
        because, while the IDBRequest may not currently be waiting on any activity, as long as its associated IDBCursor is still
        reachable then the request might be reused in the future.
        
        Fortunately there's an IDL allowance for "one object keeping another alive during GC" and that's JSCustomMarkFunction
        combined with GenerateIsReachable.
        
        Applying those to IDBCursor and IDBRequest fix this handily.
        
        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBCursor.h:
        (WebCore::IDBCursor::isModernCursor):
        * Modules/indexeddb/IDBCursor.idl:
        
        * Modules/indexeddb/IDBRequest.idl:
        
        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::advance):
        (WebCore::IDBClient::IDBCursor::continueFunction):
        (WebCore::IDBClient::IDBCursor::uncheckedIterateCursor):
        (WebCore::IDBClient::IDBCursor::uncheckedIteratorCursor): Deleted. Fixed the typo of this name.
        * Modules/indexeddb/client/IDBCursorImpl.h:
        
        * bindings/js/JSIDBCursorCustom.cpp: Added.
        (WebCore::JSIDBCursor::visitAdditionalChildren):

2016-01-13  Zalan Bujtas  <zalan@apple.com>

        Get text drawing working with display lists.
        https://bugs.webkit.org/show_bug.cgi?id=152957

        Reviewed by Simon Fraser.

        This patch enables text drawing for display lists.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::drawGlyphBuffer):
        * platform/graphics/FontCascade.h:
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawGlyphs):
        (WebCore::GraphicsContext::drawText): Deleted.
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::DrawGlyphs::apply):

2016-01-13  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Add support for word-break property.
        https://bugs.webkit.org/show_bug.cgi?id=153054

        Reviewed by Antti Koivisto.

        This patch enables word-break property for simple line layout.
        (https://drafts.csswg.org/css-text-3/#propdef-word-break)

        word-break: normal and keep-all -> existing, non-(force)breaking behaviour.
                    break-all -> breaks words when needed.

        Covered by existing tests like fast/text/word-break.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::createLineRuns):
        (WebCore::SimpleLineLayout::canUseForStyle): Deleted.
        (WebCore::SimpleLineLayout::printReason): Deleted.
        * rendering/SimpleLineLayoutTextFragmentIterator.cpp:
        (WebCore::SimpleLineLayout::TextFragmentIterator::Style::Style):
        (WebCore::SimpleLineLayout::TextFragmentIterator::findNextTextFragment):
        * rendering/SimpleLineLayoutTextFragmentIterator.h:
        (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::TextFragment):
        (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::operator==):
        (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::isBreakable): Deleted.
        (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::split): Deleted.

2016-01-13  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Reference cycle between SVGPathElement and SVGPathSegWithContext leaks Document
        https://bugs.webkit.org/show_bug.cgi?id=151810

        Reviewed by Darin Adler.

        Break the reference cycle between SVGPathElement and SVGPathSegWithContext
        by changing the back-pointer to be a WeakPtr pointer instead of having it
        RefPtr. Make sure the SVGPathSegWithContext derived classes handle correctly
        the case when the SVGPathElement back-pointer is deleted.

        Also change the SVGPathElement argument to the SVGPathSeg creation functions
        and constructors to be a const reference instead of having it as a pointer
        since SVGPathElement is the class factory for all these classes.

        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::SVGPathElement):
        (WebCore::SVGPathElement::createSVGPathSegClosePath):
        (WebCore::SVGPathElement::createSVGPathSegMovetoAbs):
        (WebCore::SVGPathElement::createSVGPathSegMovetoRel):
        (WebCore::SVGPathElement::createSVGPathSegLinetoAbs):
        (WebCore::SVGPathElement::createSVGPathSegLinetoRel):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoCubicAbs):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoCubicRel):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoQuadraticAbs):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoQuadraticRel):
        (WebCore::SVGPathElement::createSVGPathSegArcAbs):
        (WebCore::SVGPathElement::createSVGPathSegArcRel):
        (WebCore::SVGPathElement::createSVGPathSegLinetoHorizontalAbs):
        (WebCore::SVGPathElement::createSVGPathSegLinetoHorizontalRel):
        (WebCore::SVGPathElement::createSVGPathSegLinetoVerticalAbs):
        (WebCore::SVGPathElement::createSVGPathSegLinetoVerticalRel):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoCubicSmoothAbs):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoCubicSmoothRel):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoQuadraticSmoothAbs):
        (WebCore::SVGPathElement::createSVGPathSegCurvetoQuadraticSmoothRel):
        (WebCore::SVGPathElement::isSupportedAttribute):
        * svg/SVGPathElement.h:
        * svg/SVGPathSegArc.h:
        (WebCore::SVGPathSegArc::SVGPathSegArc):
        * svg/SVGPathSegArcAbs.h:
        (WebCore::SVGPathSegArcAbs::create):
        (WebCore::SVGPathSegArcAbs::SVGPathSegArcAbs):
        * svg/SVGPathSegArcRel.h:
        (WebCore::SVGPathSegArcRel::create):
        (WebCore::SVGPathSegArcRel::SVGPathSegArcRel):
        * svg/SVGPathSegClosePath.h:
        (WebCore::SVGPathSegClosePath::create):
        (WebCore::SVGPathSegClosePath::SVGPathSegClosePath):
        * svg/SVGPathSegCurvetoCubic.h:
        (WebCore::SVGPathSegCurvetoCubic::SVGPathSegCurvetoCubic):
        * svg/SVGPathSegCurvetoCubicAbs.h:
        (WebCore::SVGPathSegCurvetoCubicAbs::create):
        (WebCore::SVGPathSegCurvetoCubicAbs::SVGPathSegCurvetoCubicAbs):
        * svg/SVGPathSegCurvetoCubicRel.h:
        (WebCore::SVGPathSegCurvetoCubicRel::create):
        (WebCore::SVGPathSegCurvetoCubicRel::SVGPathSegCurvetoCubicRel):
        * svg/SVGPathSegCurvetoCubicSmooth.h:
        (WebCore::SVGPathSegCurvetoCubicSmooth::SVGPathSegCurvetoCubicSmooth):
        * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
        (WebCore::SVGPathSegCurvetoCubicSmoothAbs::create):
        (WebCore::SVGPathSegCurvetoCubicSmoothAbs::SVGPathSegCurvetoCubicSmoothAbs):
        * svg/SVGPathSegCurvetoCubicSmoothRel.h:
        (WebCore::SVGPathSegCurvetoCubicSmoothRel::create):
        (WebCore::SVGPathSegCurvetoCubicSmoothRel::SVGPathSegCurvetoCubicSmoothRel):
        * svg/SVGPathSegCurvetoQuadratic.h:
        (WebCore::SVGPathSegCurvetoQuadratic::SVGPathSegCurvetoQuadratic):
        * svg/SVGPathSegCurvetoQuadraticAbs.h:
        (WebCore::SVGPathSegCurvetoQuadraticAbs::create):
        (WebCore::SVGPathSegCurvetoQuadraticAbs::SVGPathSegCurvetoQuadraticAbs):
        * svg/SVGPathSegCurvetoQuadraticRel.h:
        (WebCore::SVGPathSegCurvetoQuadraticRel::create):
        (WebCore::SVGPathSegCurvetoQuadraticRel::SVGPathSegCurvetoQuadraticRel):
        * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
        (WebCore::SVGPathSegCurvetoQuadraticSmoothAbs::create):
        (WebCore::SVGPathSegCurvetoQuadraticSmoothAbs::SVGPathSegCurvetoQuadraticSmoothAbs):
        * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
        (WebCore::SVGPathSegCurvetoQuadraticSmoothRel::create):
        (WebCore::SVGPathSegCurvetoQuadraticSmoothRel::SVGPathSegCurvetoQuadraticSmoothRel):
        * svg/SVGPathSegLinetoAbs.h:
        (WebCore::SVGPathSegLinetoAbs::create):
        (WebCore::SVGPathSegLinetoAbs::SVGPathSegLinetoAbs):
        * svg/SVGPathSegLinetoHorizontal.h:
        (WebCore::SVGPathSegLinetoHorizontal::SVGPathSegLinetoHorizontal):
        * svg/SVGPathSegLinetoHorizontalAbs.h:
        (WebCore::SVGPathSegLinetoHorizontalAbs::create):
        (WebCore::SVGPathSegLinetoHorizontalAbs::SVGPathSegLinetoHorizontalAbs):
        * svg/SVGPathSegLinetoHorizontalRel.h:
        (WebCore::SVGPathSegLinetoHorizontalRel::create):
        (WebCore::SVGPathSegLinetoHorizontalRel::SVGPathSegLinetoHorizontalRel):
        * svg/SVGPathSegLinetoRel.h:
        (WebCore::SVGPathSegLinetoRel::create):
        (WebCore::SVGPathSegLinetoRel::SVGPathSegLinetoRel):
        * svg/SVGPathSegLinetoVertical.h:
        (WebCore::SVGPathSegLinetoVertical::SVGPathSegLinetoVertical):
        * svg/SVGPathSegLinetoVerticalAbs.h:
        (WebCore::SVGPathSegLinetoVerticalAbs::create):
        (WebCore::SVGPathSegLinetoVerticalAbs::SVGPathSegLinetoVerticalAbs):
        * svg/SVGPathSegLinetoVerticalRel.h:
        (WebCore::SVGPathSegLinetoVerticalRel::create):
        (WebCore::SVGPathSegLinetoVerticalRel::SVGPathSegLinetoVerticalRel):
        * svg/SVGPathSegMovetoAbs.h:
        (WebCore::SVGPathSegMovetoAbs::create):
        (WebCore::SVGPathSegMovetoAbs::SVGPathSegMovetoAbs):
        * svg/SVGPathSegMovetoRel.h:
        (WebCore::SVGPathSegMovetoRel::create):
        (WebCore::SVGPathSegMovetoRel::SVGPathSegMovetoRel):
        * svg/SVGPathSegWithContext.h:
        (WebCore::SVGPathSegWithContext::SVGPathSegWithContext):
        (WebCore::SVGPathSegWithContext::animatedProperty):
        (WebCore::SVGPathSegWithContext::contextElement):
        (WebCore::SVGPathSegWithContext::setContextAndRole):
        (WebCore::SVGPathSegWithContext::commitChange):
        (WebCore::SVGPathSegSingleCoordinate::setY):
        (WebCore::SVGPathSegSingleCoordinate::SVGPathSegSingleCoordinate):
        * svg/properties/SVGPathSegListPropertyTearOff.cpp:
        (WebCore::SVGPathSegListPropertyTearOff::clearContextAndRoles):
        (WebCore::SVGPathSegListPropertyTearOff::replaceItem):
        (WebCore::SVGPathSegListPropertyTearOff::removeItem):

2016-01-13  Andreas Kling  <akling@apple.com>

        Use BumpArena for style sheet object tree.
        <https://webkit.org/b/152696>

        Reviewed by Antti Koivisto.

        Give each StyleSheetContents its own BumpArena, and plumb it down through CSSParser
        to allocate StyleRule, StyleProperties and CSSSelectorList's selector arrays there.

        This basically means that most objects that make up a given style sheet will end up
        in one (or a few) contiguous region(s) of memory, instead of being scattered all
        over the malloc heap.

        In the common case (no CSSOM manipulation), the lifetimes of these objects are very
        predictable: everything tends to die when the StyleSheetContents dies.
        This dramatically improves space-efficiency in those cases, and allows us to return
        contiguous chunks of memory to the system once a style sheet is no longer needed.

        One-off CSS parses that don't work within a StyleSheetContents context will have
        their StyleRules & co allocated out of the global BumpArena.

        Bonus: give SelectorQueryCache a dedicated BumpArena as well, since it has very
        predictable lifetime.

        * css/CSSGrammar.y.in:
        * css/CSSKeyframesRule.h:
        (WebCore::StyleRuleKeyframes::create):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::createStyleProperties):
        (WebCore::CSSParser::createMediaRule):
        (WebCore::CSSParser::createSupportsRule):
        (WebCore::CSSParser::createKeyframesRule):
        (WebCore::CSSParser::setArena):
        (WebCore::CSSParser::arena):
        (WebCore::CSSParser::createStyleRule):
        (WebCore::CSSParser::createFontFaceRule):
        (WebCore::CSSParser::createPageRule):
        (WebCore::CSSParser::createRegionRule):
        (WebCore::CSSParser::createViewportRule):
        * css/CSSParser.h:
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector):
        (WebCore::CSSParserSelector::adoptSelectorVector):
        * css/CSSParserValues.h:
        * css/CSSSelectorList.cpp:
        (WebCore::CSSSelectorList::CSSSelectorList):
        (WebCore::CSSSelectorList::adoptSelectorVector):
        (WebCore::CSSSelectorList::deleteSelectors):
        * css/CSSSelectorList.h:
        * css/StyleProperties.cpp:
        (WebCore::ImmutableStyleProperties::create):
        (WebCore::StyleProperties::immutableCopyIfNeeded):
        * css/StyleProperties.h:
        * css/StyleRule.cpp:
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::splitIntoMultipleRulesWithMaximumSelectorComponentCount):
        (WebCore::StyleRuleRegion::StyleRuleRegion):
        * css/StyleRule.h:
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::parserAdoptSelectorVector):
        (WebCore::StyleRuleFontFace::create):
        (WebCore::StyleRulePage::create):
        (WebCore::StyleRulePage::parserAdoptSelectorVector):
        (WebCore::StyleRuleMedia::create):
        (WebCore::StyleRuleSupports::create):
        (WebCore::StyleRuleRegion::create):
        (WebCore::StyleRuleViewport::create):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::StyleSheetContents):
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        (WebCore::StyleSheetContents::parseStringAtPosition):
        * css/StyleSheetContents.h:
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorQueryCache::SelectorQueryCache):
        (WebCore::SelectorQueryCache::add):
        * dom/SelectorQuery.h:
        * svg/SVGFontFaceElement.cpp:
        (WebCore::SVGFontFaceElement::SVGFontFaceElement):

2016-01-13  YongGeol Jung  <yg48.jung@samsung.com>

        [TexMap] BitmapTextureGL is not released while scene is updated continuously.
        https://bugs.webkit.org/show_bug.cgi?id=152524

        Reviewed by Žan Doberšek.

        This patch fixes two issues.
        First, m_releaseUnusedTexturesTimer is not fired if scene is updated within 0.5s continuously.
        In this case, BitmapTexturePool will not remove texture even if texture is not used for long time.
        Second, m_releaseUnusedTexturesTimer is triggered by acquireTexture function only.
        So, if next scene does not need to use BitmapTexture, remained textures in pool will not removed.

        No new tests needed.

        * platform/graphics/texmap/BitmapTexturePool.cpp:
        (WebCore::BitmapTexturePool::scheduleReleaseUnusedTextures):
        (WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

2016-01-13  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Refactor builtin internals to prepare support for streams API in worker
        https://bugs.webkit.org/show_bug.cgi?id=152535

        Reviewed by Darin Adler.

        Moving the code that links internal functions to the GlobalObject in WebCoreJSBuiltinInternals.cpp.
        This file should be generated by the builtin generator once refactoring is done.
        This code is located in JSBuiltinInternalFunctions::initialize.

        Adding private controller and reader constructors to the JS DOM constructor map so that they do not get garbage collected.

        No change in behavior, except that private builtins are usable in workers (but not actually used).

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        (WebCore::JSDOMGlobalObject::finishCreation):
        (WebCore::JSDOMGlobalObject::visitChildren):
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::finishCreation):
        (WebCore::JSDOMWindowBase::visitChildren):
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/WebCoreJSBuiltinInternals.cpp: Added.
        (WebCore::JSBuiltinInternalFunctions::JSBuiltinInternalFunctions):
        (WebCore::JSBuiltinInternalFunctions::visit):
        (WebCore::JSBuiltinInternalFunctions::initialize):
        * bindings/js/WebCoreJSBuiltinInternals.h:

2016-01-13  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [EFL] Fix wrong return value of paintThemePart in RenderThemeEfl
        https://bugs.webkit.org/show_bug.cgi?id=153058

        Reviewed by Carlos Garcia Campos.

        To return false in paint functions in RenderThemeEfl means that it is supported though,
        paintThemePart has returned false even when failing to get image cache of theme.

        * rendering/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::paintThemePart):

2016-01-12  Andy Estes  <aestes@apple.com>

        [Content Filtering] forEachContentFilterUntilBlocked should accept a lambda by rvalue reference
        https://bugs.webkit.org/show_bug.cgi?id=153057

        Reviewed by Dan Bernstein.

        No new tests. No change in behavior.

        Instead of having ContentFilter::forEachContentFilterUntilBlocked() take a std::function, just have it take an
        rvalue reference to the lambda its passed.

        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::forEachContentFilterUntilBlocked):
        * loader/ContentFilter.h:

2016-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Fix return value of some paint methods in RenderThemeGtk
        https://bugs.webkit.org/show_bug.cgi?id=153015

        Reviewed by Michael Catanzaro.

        The bool value returned by paint methods in RenderTheme means
        whether the appearance is supported or not, so we should return
        true when not supported (so we didn't paint anything) and false
        when supported (so we actually painted the theme part).

        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
        (WebCore::RenderThemeGtk::paintMediaButton):
        (WebCore::RenderThemeGtk::paintMediaMuteButton):
        (WebCore::RenderThemeGtk::paintMediaPlayButton):
        (WebCore::RenderThemeGtk::paintMediaSliderTrack):
        (WebCore::RenderThemeGtk::paintMediaVolumeSliderContainer): Deleted.
        * rendering/RenderThemeGtk.h:

2016-01-12  Andy Estes  <aestes@apple.com>

        [Content Filtering] De-virtualize PlatformContentFilter::{needsMoreData, didBlockData}()
        https://bugs.webkit.org/show_bug.cgi?id=153052

        Reviewed by Andreas Kling.

        No new tests. No change in behavior.

        Instead of having virtual functions that each platform content filter implement in terms of their own state,
        store the state in the base class so that these functions can be non-virtual. Teach each subclass to update the
        base class state appropriately.

        * loader/ContentFilter.h:
        * platform/PlatformContentFilter.h:
        (WebCore::PlatformContentFilter::needsMoreData):
        (WebCore::PlatformContentFilter::didBlockData):
        * platform/cocoa/NetworkExtensionContentFilter.h:
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (WebCore::NetworkExtensionContentFilter::willSendRequest):
        (WebCore::NetworkExtensionContentFilter::responseReceived):
        (WebCore::NetworkExtensionContentFilter::handleDecision):
        (WebCore::NetworkExtensionContentFilter::NetworkExtensionContentFilter): Deleted.
        (WebCore::NetworkExtensionContentFilter::needsMoreData): Deleted.
        (WebCore::NetworkExtensionContentFilter::didBlockData): Deleted.
        * platform/cocoa/ParentalControlsContentFilter.h:
        * platform/cocoa/ParentalControlsContentFilter.mm:
        (WebCore::ParentalControlsContentFilter::responseReceived):
        (WebCore::ParentalControlsContentFilter::updateFilterState):
        (WebCore::ParentalControlsContentFilter::ParentalControlsContentFilter): Deleted.
        (WebCore::ParentalControlsContentFilter::needsMoreData): Deleted.
        (WebCore::ParentalControlsContentFilter::didBlockData): Deleted.
        * platform/spi/cocoa/NEFilterSourceSPI.h:
        * testing/MockContentFilter.cpp:
        (WebCore::MockContentFilter::willSendRequest):
        (WebCore::MockContentFilter::maybeDetermineStatus):
        (WebCore::MockContentFilter::needsMoreData): Deleted.
        (WebCore::MockContentFilter::didBlockData): Deleted.
        * testing/MockContentFilter.h:

2016-01-12  Andy Estes  <aestes@apple.com>

        Address missed review feedback after r194950.

        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (WebCore::NetworkExtensionContentFilter::initialize): Renamed the NetworkExtension dispatch queue.

2016-01-08  Andy Estes  <aestes@apple.com>

        [Content Filtering] Lazily load platform frameworks
        https://bugs.webkit.org/show_bug.cgi?id=152881
        rdar://problem/23270886

        Reviewed by Brady Eidson.

        On Cocoa platforms, ContentFilter soft-links two frameworks that perform the underlying filtering operations.
        There is a one-time cost associated with the soft-linking, and the current design requires all clients to pay
        this cost whether or not they ever load a resource that is subject to filtering.

        Addressed this by deferring the loading of frameworks until it is known that a resource will require filtering.
        It is rather simple to defer the soft-linking at the PlatformContentFilter level, but doing this alone would
        mean that every CachedRawResourceClient callback would be routed through ContentFilter, even in the very common
        case where both platform content filters are disabled. This is because checking if a platform content filter is
        enabled involves loading its framework, so creating a ContentFilter (which DocumentLoader will add as the
        CachedRawResource client in place of itself) cannot be avoided by checking that all its platform content filters
        are disabled.

        Resolved this by inverting the relationship between ContentFilter and DocumentLoader. Instead of ContentFilter
        being the CachedRawResource's client and forwarding callbacks to DocumentLoader when one or more platform
        filters are enabled, DocumentLoader is now always the client and it forwards callbacks to ContentFilter.
        ContentFilter then returns a boolean value indicating whether or not DocumentLoader should proceed with each
        callback.

        New API test: ContentFiltering.LazilyLoadPlatformFrameworks

        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::create): Renamed from createIfEnabled(). Since the enabled check causes frameworks to
        be loaded, the check is skipped here and all types are always created.
        (WebCore::ContentFilter::continueAfterWillSendRequest): Renamed from willSendRequest(). Renamed requestCopy to
        originalRequest, and only created it for logging purposes. Since the copy was only used for logging purposes,
        request is now modified directly. Returned false if request is null.
        (WebCore::ContentFilter::continueAfterResponseReceived): Renamed from responseReceived(). Stopped asserting that
        resource is non-null, since it will be null in the case of substitute data loads. Stopped asserting that m_state
        is not Initialized, since that state was removed and the function can now be called in all states. Only logged
        if m_state is Filtering. Returned false if m_state is Blocked.
        (WebCore::ContentFilter::continueAfterDataReceived): Renamed from dataReceived(). Stopped asserting that
        resource is non-null and that m_state is Initialized, and moved the logging, for the same reasons as above.
        Returned false if m_state is Filtering or Blocked.
        (WebCore::ContentFilter::continueAfterNotifyFinished): Renamed from notifyFinished(). Stopped asserting that
        resource is non-null and that m_state is not Initialized, and moved the logging, for the same reasons as above.
        If m_state is not Blocked at this point, set m_state to Allowed in order for deliverResourceData() to not get
        caught in continueAfterDataReceived(). Returned false if m_state is Blocked or Stopped after delivering data.
        (WebCore::ContentFilter::createIfEnabled): Renamed to create().
        (WebCore::ContentFilter::~ContentFilter): Stopped removing ourself as m_mainResource's client.
        (WebCore::ContentFilter::willSendRequest): Renamed to continueAfterWillSendRequest().
        (WebCore::ContentFilter::startFilteringMainResource): Stopped adding ourself as m_mainResource's client. Stopped
        asserting that m_state is not Initialized and instead returned early if m_state is not Stopped.
        (WebCore::ContentFilter::stopFilteringMainResource): Stopped removing ourself as m_mainResource's client.
        (WebCore::ContentFilter::responseReceived): Renamed to continueAfterResponseReceived().
        (WebCore::ContentFilter::dataReceived): Renamed to continueAfterDataReceived().
        (WebCore::ContentFilter::redirectReceived): Removed. DocumentLoader now calls continueAfterWillSendRequest()
        directly on redirects.
        (WebCore::ContentFilter::notifyFinished): Renamed to continueAfterNotifyFinished().
        (WebCore::ContentFilter::didDecide): Instead of calling DocumentLoader::contentFilterDidDecide(), called
        DocumentLoader::contentFilterDidBlock() when m_state is Blocked.
        (WebCore::ContentFilter::deliverResourceData): Asserted that m_state is Allowed.
        * loader/ContentFilter.h: Stopped inheriting from CachedRawResourceClient. Redeclared the
        CachedRawResourceClient virtual functions as the continue* functions mentioned above. Made State enum private
        and removed Initialized. Initialized m_state to Stopped and removed its getter.
        (WebCore::ContentFilter::type): Returned a ContentFilter::Type that does not include an enabled function.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::notifyFinished): Returned early if ContentFilter::continueAfterNotifyFinished()
        returned false.
        (WebCore::DocumentLoader::willSendRequest): Called ContentFilter::continueAfterWillSendRequest() even for
        redirects, since ContentFilter is no longer a CachedRawResourceClient and so will no longer receive
        redirectReceived(). Returned early if continueAfterWillSendRequest() returns false.
        (WebCore::DocumentLoader::responseReceived): Returned early if ContentFilter::continueAfterResponseReceived()
        returned false.
        (WebCore::DocumentLoader::dataReceived): Ditto for ContentFilter::continueAfterDataReceived().
        (WebCore::DocumentLoader::startLoadingMainResource): Called ContentFilter::create(), not createIfEnabled().
        (WebCore::DocumentLoader::becomeMainResourceClient): Called ContentFilter::startFilteringMainResource() even if
        m_state is not Initialized. Added ourself as a client of m_mainResource unconditionally.
        (WebCore::DocumentLoader::contentFilterDidBlock): Renamed from contentFilterDidDecide. Removed assertions and
        the early return when m_state is Allowed, since the state is guaranteed to be Blocked.
        (WebCore::DocumentLoader::contentFilterDidDecide): Renamed to contentFilterDidBlock.
        * platform/cocoa/NetworkExtensionContentFilter.h: Moved definition of HAVE_NETWORK_EXTENSION to Platform.h so
        that this file doesn't need to become a Private header. Made enabled() private, and declared initialize().
        * platform/cocoa/NetworkExtensionContentFilter.mm:
        (WebCore::NetworkExtensionContentFilter::initialize): Added a function to lazily initialize the object.
        (WebCore::NetworkExtensionContentFilter::willSendRequest): For the modern NEFilterSource, checked if it is
        enabled only after checking if the request is HTTP(S). If both checks pass, then called initialize().
        (WebCore::NetworkExtensionContentFilter::responseReceived): Ditto for the legacy NEFilterSource.
        * platform/cocoa/ParentalControlsContentFilter.h: Made enabled() private.
        * platform/cocoa/ParentalControlsContentFilter.mm:
        (WebCore::ParentalControlsContentFilter::responseReceived): Checked if WebFilterEvaluator is enabled only after
        checking if the response is from a protocol that can be handled.
        * testing/MockContentFilter.cpp:
        (WebCore::MockContentFilter::willSendRequest): Immediately set m_status to Status::Allowed if !enabled().
        * testing/MockContentFilter.h: Made enabled() private.

2016-01-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194926 and r194928.
        https://bugs.webkit.org/show_bug.cgi?id=153048

        This change is causing LayoutTest crashes (Requested by
        ryanhaddad on #webkit).

        Reverted changesets:

        "Avoid downloading the wrong image for <picture> elements."
        https://bugs.webkit.org/show_bug.cgi?id=153027
        http://trac.webkit.org/changeset/194926

        "Avoid downloading the wrong image for <picture> elements."
        https://bugs.webkit.org/show_bug.cgi?id=153027
        http://trac.webkit.org/changeset/194928

2016-01-11  Dean Jackson  <dino@apple.com>

        [iOS] Antialiasing doesn't work in WebGL
        https://bugs.webkit.org/show_bug.cgi?id=153000
        <rdar://problem/9165531>

        Reviewed by Alex Christensen.

        WebGL has supported platform antialiasing since
        the beginning, but we never hooked it up for iOS
        because it used a slightly different extension.

        Test: fast/canvas/webgl/antialiasing-enabled.html

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::endPaint): Resolve the multisampling
        buffer once we're done painting.
        (WebCore::GraphicsContext3D::~GraphicsContext3D): We never created
        the m_compositorTexture RenderBuffer on iOS, so no point deleting
        it.

        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::supportsExtension): The iOS extension
        has a slightly different name.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs): Make sure to create the
        multisample buffer with the correct format.
        (WebCore::GraphicsContext3D::resolveMultisamplingIfNecessary): We
        need to remember what our bound frame buffer is when we
        enter this call, and restore it afterwards. In the middle we can
        discard our multisample read buffer once we have resolved it
        into the normal framebuffer.

2016-01-12  Daniel Bates  <dabates@apple.com>

        XSS Auditor should navigate to empty substitute data on full page block
        https://bugs.webkit.org/show_bug.cgi?id=152868
        <rdar://problem/18658448>

        Reviewed by David Kilzer and Andy Estes.

        Derived from Blink patch (by Tom Sepez <tsepez@chromium.org>):
        <https://src.chromium.org/viewvc/blink?view=rev&revision=179240>

        Test: http/tests/security/xssAuditor/block-does-not-leak-that-page-was-blocked-using-empty-data-url.html

        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::XSSAuditorDelegate::didBlockScript): Modified to call NavigationScheduler::schedulePageBlock().
        * loader/NavigationScheduler.cpp:
        (WebCore::ScheduledPageBlock::ScheduledPageBlock): Added.
        (WebCore::NavigationScheduler::schedulePageBlock): Navigate to empty substitute data with
        the same URL as the originating document.
        * loader/NavigationScheduler.h:

2016-01-12  Dave Hyatt  <hyatt@apple.com>

        Avoid downloading the wrong image for <picture> elements.
        https://bugs.webkit.org/show_bug.cgi?id=153027

        Reviewed by Dean Jackson.

        I was unable to write a reliable test for this feature (I welcome suggestions regarding
        how this could be tested).

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::~HTMLImageElement):
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        (WebCore::HTMLImageElement::insertedInto):
        (WebCore::HTMLImageElement::removedFrom):
        (WebCore::HTMLImageElement::pictureNode):
        (WebCore::HTMLImageElement::setPictureNode):
        * html/HTMLImageElement.h:
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::createHTMLElement):

        Images that are built underneath a <picture> element are now connected
        to that picture element via a setPictureNode call from the parser. This
        ensures that the correct <source> elements are examined before checking the image.

        This connection between images and their picture owners is handled using a static
        HashMap in HTMLImageElement. This connection is made both from the parser and from
        DOM insertions, and the map is queried now instead of looking directly at the
        image's parentNode().

        Also note the change to pass the document element's computed style in for media
        query evaluation. Just as with the preload scanner, the image's style can't be
        used as it has not been determined yet.

2016-01-12  Myles C. Maxfield  <mmaxfield@apple.com>

        Cleanup in font loading code
        https://bugs.webkit.org/show_bug.cgi?id=153023

        Reviewed by Zalan Bujtas.

        See detailed notes below.

        No new tests because there is no behavior change.

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::isLoaded): Deleted. Never called.
        * css/CSSFontFace.h: Ditto.
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font): No need to use a helper
        isLoaded() function.
        (WebCore::CSSFontFaceSource::isLoaded): Deleted. Unnecessary.
        * css/CSSFontFaceSource.h:
        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::cachedFont): Un-indent code.
        * css/CSSFontSelector.cpp:
        (WebCore::registerLocalFontFacesForFamily): constructFamilyFontFaces()
        always returns an empty Vector. Therefore, the function of this function
        is to perform the ancillary processing related to the case where the Faces
        don't already exist. Renames the function and removes the empty vector
        return.
        (WebCore::CSSFontSelector::addFontFaceRule): Update for
        registerLocalFontFacesForFamily().
        (WebCore::FontFaceComparator::FontFaceComparator): Instead of using a static,
        construct a wrapper class around the comparator.
        (WebCore::FontFaceComparator::operator()): Ditto.
        (WebCore::CSSFontSelector::getFontFace): Un-indent code and update to use
        FontFaceComparator.
        (WebCore::CSSFontSelector::fallbackFontAt): Migrate off PassRefPtr.
        (WebCore::constructFamilyFontFaces): Deleted.
        (WebCore::compareFontFaces): Deleted.
        (WebCore::CSSFontSelector::resolvesFamilyFor): Deleted. Never called.
        * css/CSSFontSelector.h:
        * css/CSSSegmentedFontFace.cpp:
        (WebCore::CSSSegmentedFontFace::isValid): Deleted.
        (WebCore::CSSSegmentedFontFace::fontRanges): Cache negative validity results.
        * css/CSSSegmentedFontFace.h:
        * platform/graphics/FontCascade.h:
        (WebCore::FontCascade::fontSelector): Use nullptr.
        * platform/graphics/FontSelector.h:

2016-01-12  Ryosuke Niwa  <rniwa@webkit.org>

        Add a build flag for custom element
        https://bugs.webkit.org/show_bug.cgi?id=153005

        Reviewed by Alex Christensen.

        Added a build flag for enabling custom elements.

        * Configurations/FeatureDefines.xcconfig:

2016-01-12  Adam Bergkvist  <adam.bergkvist@ericsson.com>

        WebRTC: Update RTCPeerConnection.add/removeTrack() and add test
        https://bugs.webkit.org/show_bug.cgi?id=153010

        Reviewed by Eric Carlson.

        RTCPeerConnection.add/removeTrack() are not fully spec compliant yet, since that would
        require support for RTCRtpTransceiver which is a new work-in-progress feature. Use
        Vector, instead of map, for senders and receivers since nothing is removed from these
        sets anymore.

        Test: fast/mediastream/RTCPeerConnection-add-removeTrack.html

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::addTrack):
        (WebCore::RTCPeerConnection::removeTrack):
        (WebCore::RTCPeerConnection::queuedCreateOffer): Deleted.
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/mediastream/RTCRtpSender.cpp:
        (WebCore::RTCRtpSender::RTCRtpSender):
        * Modules/mediastream/RTCRtpSender.h:
        (WebCore::RTCRtpSender::create):
        (WebCore::RTCRtpSender::mediaStreamIds):

2016-01-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: Check in empty SQLite backing store implementation.
        https://bugs.webkit.org/show_bug.cgi?id=153022

        Reviewed by Alex Christensen.

        No new tests (No change in behavior).

        Just to get the implementation files in the tree, this backing store currently does nothing
        other than return errors for every operation.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp: Added.
        (WebCore::IDBServer::SQLiteIDBBackingStore::SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::~SQLiteIDBBackingStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):
        (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::clearObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::SQLiteIDBBackingStore::keyExistsInObjectStore):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteRange):
        (WebCore::IDBServer::SQLiteIDBBackingStore::addRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getIndexRecord):
        (WebCore::IDBServer::SQLiteIDBBackingStore::getCount):
        (WebCore::IDBServer::SQLiteIDBBackingStore::generateKeyNumber):
        (WebCore::IDBServer::SQLiteIDBBackingStore::revertGeneratedKeyNumber):
        (WebCore::IDBServer::SQLiteIDBBackingStore::maybeUpdateKeyGeneratorNumber):
        (WebCore::IDBServer::SQLiteIDBBackingStore::openCursor):
        (WebCore::IDBServer::SQLiteIDBBackingStore::iterateCursor):
        (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):
        * Modules/indexeddb/server/SQLiteIDBBackingStore.h: Added.

2016-01-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/dont-wedge.html is flaky.
        https://bugs.webkit.org/show_bug.cgi?id=152892

        Reviewed by Alex Christensen.

        No new tests (Reenabled existing test).

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::abortOpenAndUpgradeNeeded):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/client/IDBConnectionToServerDelegate.h:

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::requestCompleted): If the database was opened
          or an upgrade transaction was started, but the script execution context is already
          stopped, immediately message back to the server so it doesn't wedge.

        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::abortOpenAndUpgradeNeeded):
        * Modules/indexeddb/server/IDBServer.h:

        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::abortWithoutCallback):
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:

        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

2016-01-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194826.
        https://bugs.webkit.org/show_bug.cgi?id=153020

        Appears to have regressed PLT (Requested by kling on #webkit).

        Reverted changeset:

        "Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL
        cont'd"
        https://bugs.webkit.org/show_bug.cgi?id=152902
        http://trac.webkit.org/changeset/194826

2016-01-12  Antti Koivisto  <antti@apple.com>

        Don't reuse memory cache entries with different charset
        https://bugs.webkit.org/show_bug.cgi?id=110031
        rdar://problem/13666418

        Reviewed by Andreas Kling.

        Test: fast/loader/cache-encoding.html

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        (WebCore::logResourceRevalidationDecision):
        (WebCore::CachedResourceLoader::determineRevalidationPolicy):

            Pass full CachedResourceRequest to the function.
            If charset differs don't reuse the cache entry.

        * loader/cache/CachedResourceLoader.h:

2016-01-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Use a pointer instead of PassRefPtr in AbstractView argument of UIEvent class
        https://bugs.webkit.org/show_bug.cgi?id=152829

        Reviewed by Darin Adler.

        As a step to reduce uses of PassRefPtr, UIEvent class doesn't need to use PassRefPtr for AbstractView argument.
        Nobody hands us ownership when making one of these objects.

        * dom/FocusEvent.cpp:
        (WebCore::FocusEvent::FocusEvent):
        * dom/FocusEvent.h:
        * dom/KeyboardEvent.cpp:
        (WebCore::KeyboardEvent::KeyboardEvent):
        * dom/MouseEvent.cpp:
        (WebCore::MouseEvent::create):
        (WebCore::MouseEvent::MouseEvent):
        (WebCore::MouseEvent::initMouseEvent):
        (WebCore::SimulatedMouseEvent::create):
        (WebCore::SimulatedMouseEvent::SimulatedMouseEvent):
        * dom/MouseEvent.h:
        * dom/MouseRelatedEvent.cpp:
        (WebCore::MouseRelatedEvent::MouseRelatedEvent):
        * dom/MouseRelatedEvent.h:
        * dom/TextEvent.cpp:
        (WebCore::TextEvent::create):
        (WebCore::TextEvent::createForPlainTextPaste):
        (WebCore::TextEvent::createForFragmentPaste):
        (WebCore::TextEvent::createForDrop):
        (WebCore::TextEvent::createForDictation):
        (WebCore::TextEvent::TextEvent):
        (WebCore::TextEvent::initTextEvent):
        * dom/TextEvent.h:
        * dom/TouchEvent.cpp:
        (WebCore::TouchEvent::TouchEvent):
        (WebCore::TouchEvent::initTouchEvent):
        * dom/TouchEvent.h:
        * dom/UIEvent.cpp:
        (WebCore::UIEvent::UIEvent):
        (WebCore::UIEvent::initUIEvent):
        * dom/UIEvent.h:
        (WebCore::UIEvent::create):
        (WebCore::UIEvent::view):
        * dom/UIEventWithKeyState.h:
        (WebCore::UIEventWithKeyState::UIEventWithKeyState):

2016-01-12  Csaba Osztrogonác  <ossy@webkit.org>

        Fix unused-private-field warnings in DisplayListItems.h
        https://bugs.webkit.org/show_bug.cgi?id=153012

        Reviewed by Michael Catanzaro.

        * platform/graphics/displaylists/DisplayListItems.cpp:
        (WebCore::DisplayList::DrawNativeImage::DrawNativeImage):
        * platform/graphics/displaylists/DisplayListItems.h:

2016-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix isRecording condition logic in GraphicsContext::roundToDevicePixels after r194816.

        This looks like a typo introduced in r194816, we want to return early logging
        a message when isRecording() returns true.

        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::roundToDevicePixels):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::roundToDevicePixels):

2016-01-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        Inconsistencies in main resource load delegates when loading from history
        https://bugs.webkit.org/show_bug.cgi?id=150927

        Reviewed by Michael Catanzaro.

        When restoring a page from the page cache, even though there
        isn't an actual load of resources, we are still emitting the load
        delegates to let the API layer know there are contents being
        loaded in the web view. This makes the page cache restoring
        transparent for the API layer. However, when restoring a page from
        the cache, all the delegates are emitted after the load is
        committed. This is not consistent with real loads, where we first
        load the main resource and once we get a response we commit the
        load. This inconsistency is problematic if the API layer expects
        to always have a main resource with a response when the load is
        committed. This is the case of the GTK+ port, for example. So,
        this patch ensures that when a page is restored from the page
        cache, the main resource load delegates that are emitted until a
        response is received in normal loads, are emitted before the load
        is committed.

        Test: http/tests/loading/main-resource-delegates-on-back-navigation.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad): When loading from
        the page cache, send delegate messages up to didReceiveResponse
        for the main resource before the load is committed, and the
        remaining messages afterwards.

2016-01-09  Andy Estes  <aestes@apple.com>

        [Cocoa] Add SPI to opt out a URL scheme from the memory cache
        https://bugs.webkit.org/show_bug.cgi?id=152950
        rdar://problem/24066652

        Reviewed by Tim Horton.

        Added a list of schemes to SchemeRegistry whose resources should always be revalidated. Taught CachedResource to
        return a freshness lifetime of 0 for these resources, unless the scheme is one that should be cached indefinitely.

        New API test: WebKit2.AlwaysRevalidatedURLSchemes

        * loader/cache/CachedResource.cpp:
        (WebCore::shouldCacheSchemeIndefinitely): Moved from SchemeRegistry::shouldCacheResponsesFromURLSchemeIndefinitely().
        (WebCore::CachedResource::freshnessLifetime): For a scheme that should not be cached indefinitely, return 0 if
        that scheme should always be revalidated according to SchemeRegistry.
        * platform/SchemeRegistry.cpp:
        (WebCore::alwaysRevalidatedSchemes):
        (WebCore::SchemeRegistry::registerURLSchemeAsAlwaysRevalidated):
        (WebCore::SchemeRegistry::shouldAlwaysRevalidateURLScheme):
        (WebCore::SchemeRegistry::shouldCacheResponsesFromURLSchemeIndefinitely): Moved to WebCore::shouldCacheSchemeIndefinitely().
        There was no reason for this to be in SchemeRegistry.
        * platform/SchemeRegistry.h:

2016-01-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/index-multientry.html fails under GuardMalloc/ASAN.
        https://bugs.webkit.org/show_bug.cgi?id=152990

        Reviewed by Alex Christensen.

        No new tests (Covered by re-enabling existing test).

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent): Use String::utf8() instead of AtomicString::characters8() for
          the format string, as the latter fails under ASAN.
          
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::removeEntriesWithValueKey): We can't save off pointers to IDBKeyDatas
          used as keys in the map, because the moment we start mutating the map the keys can be rehashed, invalidating
          our pointers. Save off the IDBKeyDatas by value instead.

2016-01-11  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Migrate Page Timeline recording to ScriptProfiler
        https://bugs.webkit.org/show_bug.cgi?id=152727

        Reviewed by Brian Burg.

        Test: inspector/script-profiler/event-type-Other.html

        This now shares the JavaScript profiling code between JSContext and Page
        inspection. It also moves forward splitting the Page's Timeline domain
        into smaller components that can be turned on/off individually.

        * bindings/js/JSCallbackData.cpp:
        (WebCore::JSCallbackData::invokeCallback):
        * bindings/js/JSErrorHandler.cpp:
        (WebCore::JSErrorHandler::handleEvent):
        * bindings/js/JSEventListener.cpp:
        (WebCore::JSEventListener::handleEvent):
        * bindings/js/JSMainThreadExecState.h:
        (WebCore::JSMainThreadExecState::profiledCall):
        (WebCore::JSMainThreadExecState::profiledEvaluate):
        * bindings/js/JSMutationCallback.cpp:
        (WebCore::JSMutationCallback::call):
        * bindings/js/ScheduledAction.cpp:
        (WebCore::ScheduledAction::executeFunctionInContext):
        * bindings/js/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInWorld):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject callWebScriptMethod:withArguments:]):
        (-[WebScriptObject evaluateWebScript:]):
        Identify entry points into JSC that we want to profile for the frontend.
        These were nearly all already classified for the Timeline. We added missing
        support for ErrorHandlers (window.onerror handler functions).

        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::didCallFunction):
        (WebCore::InspectorTimelineAgent::didEvaluateScript):
        (WebCore::startProfiling): Deleted.
        (WebCore::stopProfiling): Deleted.
        (WebCore::InspectorTimelineAgent::willCallFunction): Deleted.
        (WebCore::InspectorTimelineAgent::willEvaluateScript): Deleted.
        * inspector/InspectorTimelineAgent.h:
        TimelineAgent no longer needs to start/stop the Legacy Profiler
        since ScriptProfiler will automatically do that for us. Delete
        all code associated with that. There is still an open question
        regarding `console.profile` and `console.profileEnd` that
        starts/stops the profiler.

2016-01-11  Anders Carlsson  <andersca@apple.com>

        Get rid of CFMakeCollectable, it is a no-op
        https://bugs.webkit.org/show_bug.cgi?id=152988

        Reviewed by Sam Weinig.

        * platform/mac/WebCoreNSURLExtras.mm:
        (WebCore::URLByTruncatingOneCharacterBeforeComponent):
        (WebCore::URLByRemovingComponentAndSubsequentCharacter):

2016-01-11  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194866.
        https://bugs.webkit.org/show_bug.cgi?id=152986

        This change broke the mac build (Requested by ryanhaddad on
        #webkit).

        Reverted changeset:

        "[Cocoa] Add SPI to opt out a URL scheme from the memory
        cache"
        https://bugs.webkit.org/show_bug.cgi?id=152950
        http://trac.webkit.org/changeset/194866

2016-01-11  Zalan Bujtas  <zalan@apple.com>

        Padding added to table-cell element after font-size change.
        https://bugs.webkit.org/show_bug.cgi?id=152796

        Reviewed by David Hyatt.

        Do not include intrinsicPaddingBefore value while figuring out the height of a row.
        In RenderTableSection::calcRowLogicalHeight() we are interested in the height of the content
        without the additional padding (normal padding is included).

        Test: fast/table/table-baseline-grows.html

        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::calcRowLogicalHeight):

2016-01-11  Andy Estes  <aestes@apple.com>

        [Cocoa] Add SPI to opt out a URL scheme from the memory cache
        https://bugs.webkit.org/show_bug.cgi?id=152950
        rdar://problem/24066652

        Reviewed by Tim Horton.

        Added a list of schemes to SchemeRegistry whose resources should always be revalidated. Taught CachedResource to
        return a freshness lifetime of 0 for these resources, unless the scheme is one that should be cached indefinitely.

        New API test: WebKit2.AlwaysRevalidatedURLSchemes

        * loader/cache/CachedResource.cpp:
        (WebCore::shouldCacheSchemeIndefinitely): Moved from SchemeRegistry::shouldCacheResponsesFromURLSchemeIndefinitely().
        (WebCore::CachedResource::freshnessLifetime): For a scheme that should not be cached indefinitely, return 0 if
        that scheme should always be revalidated according to SchemeRegistry.
        * platform/SchemeRegistry.cpp:
        (WebCore::alwaysRevalidatedSchemes):
        (WebCore::SchemeRegistry::registerURLSchemeAsAlwaysRevalidated):
        (WebCore::SchemeRegistry::shouldAlwaysRevalidateURLScheme):
        (WebCore::SchemeRegistry::shouldCacheResponsesFromURLSchemeIndefinitely): Moved to WebCore::shouldCacheSchemeIndefinitely().
        There was no reason for this to be in SchemeRegistry.
        * platform/SchemeRegistry.h:

2016-01-11  Dave Hyatt  <hyatt@apple.com>

        Picture element needs to work with the preload scanner and select the correct
        source element instead of loading the image.
        https://bugs.webkit.org/show_bug.cgi?id=152983

        Reviewed by Dean Jackson.

        Added new tests in http/tests/loading.

        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::tagIdFor):
        (WebCore::TokenPreloadScanner::initiatorFor):
        (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner):
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
        (WebCore::TokenPreloadScanner::StartTagScanner::processImageAndScriptAttribute):
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
        (WebCore::TokenPreloadScanner::StartTagScanner::resourceType):
        (WebCore::TokenPreloadScanner::scan):
        * html/parser/HTMLPreloadScanner.h:
        (WebCore::TokenPreloadScanner::setPredictedBaseElementURL):
        (WebCore::TokenPreloadScanner::inPicture):

2016-01-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/key-generator.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152981

        Reviewed by Alex Christensen.

        No new tests (One failing test now passes, and one test's results get a progression).

        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::generateKeyNumber): Throw an error if the current
          value is already over 2^53.
        (WebCore::IDBServer::MemoryIDBBackingStore::revertGeneratedKeyNumber):
        (WebCore::IDBServer::MemoryIDBBackingStore::maybeUpdateKeyGeneratorNumber): Handle double -> uint64_t
          conversions properly when calculating the next key.
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::ScopeGuard::ScopeGuard): Add this utility class to call a function 
          any time it goes out of scope.
        (WebCore::IDBServer::ScopeGuard::~ScopeGuard):
        (WebCore::IDBServer::ScopeGuard::enable):
        (WebCore::IDBServer::ScopeGuard::disable):
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): Revert the key generator value if
          the put/add operation ends in error.

2016-01-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/lazy-index-population.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152976

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        We were restoring objectstores/indexes incorrectly on transaction abort.

        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::removeObjectStoreForVersionChangeAbort):

2016-01-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: Make MemoryIndex and MemoryObjectStore RefCounted.
        https://bugs.webkit.org/show_bug.cgi?id=152966

        Reviewed by Alex Christensen.

        No new tests (Refactor, no change in behavior)

        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::restoreObjectStoreForVersionChangeAbort):
        (WebCore::IDBServer::MemoryIDBBackingStore::registerObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::takeObjectStoreByName):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryIndex.cpp:
        (WebCore::IDBServer::MemoryIndex::create):
        * Modules/indexeddb/server/MemoryIndex.h:
        
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::create):
        (WebCore::IDBServer::MemoryObjectStore::createIndex):
        (WebCore::IDBServer::MemoryObjectStore::maybeRestoreDeletedIndex):
        (WebCore::IDBServer::MemoryObjectStore::takeIndexByName):
        (WebCore::IDBServer::MemoryObjectStore::deleteIndex):
        (WebCore::IDBServer::MemoryObjectStore::updateIndexesForDeleteRecord):
        (WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord):
        (WebCore::IDBServer::MemoryObjectStore::registerIndex):
        * Modules/indexeddb/server/MemoryObjectStore.h:

2016-01-11  Andreas Kling  <akling@apple.com>

        Fix other builds after my MSVC build fix. :-|

        * css/StyleResolver.cpp:

2016-01-11  Andreas Kling  <akling@apple.com>

        Fix MSVC build after r194848.

        Since MSVC refuses to recognize the friendship between LazyNeverDestroyed
        and some CSS*Value classes, make their constructors public in MSVC builds.

        Added FIXME's to make it look extra gross.

        * css/CSSInheritedValue.h:
        (WebCore::CSSInheritedValue::create): Deleted.
        * css/CSSInitialValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSRevertValue.h:
        (WebCore::CSSRevertValue::create): Deleted.
        * css/CSSUnsetValue.h:
        (WebCore::CSSUnsetValue::create): Deleted.
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::applyProperty):

2016-01-11  Andreas Kling  <akling@apple.com>

        CSSValuePool should use nonfragmented storage for eternal caches.
        <https://webkit.org/b/152960>

        Reviewed by Antti Koivisto.

        Store all of the common cached CSS value objects in contiguous arrays
        instead of lazily allocating them on the heap.

        This reduces heap fragmentation (win) and removes indirection (win)

        * css/CSSInheritedValue.h:
        * css/CSSInitialValue.h:
        * css/CSSPrimitiveValue.h:
        * css/CSSRevertValue.h:
        * css/CSSUnsetValue.h:
        * css/CSSValuePool.cpp:
        (WebCore::CSSValuePool::CSSValuePool):
        (WebCore::CSSValuePool::createIdentifierValue):
        (WebCore::CSSValuePool::createColorValue):
        (WebCore::CSSValuePool::createValue):
        (WebCore::CSSValuePool::drain): Deleted.
        * css/CSSValuePool.h:
        (WebCore::CSSValuePool::createInheritedValue):
        (WebCore::CSSValuePool::createImplicitInitialValue):
        (WebCore::CSSValuePool::createExplicitInitialValue):
        (WebCore::CSSValuePool::createUnsetValue):
        (WebCore::CSSValuePool::createRevertValue):

2016-01-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Cleanup RenderThemeGtk
        https://bugs.webkit.org/show_bug.cgi?id=152888

        Reviewed by Michael Catanzaro.

        Use a common path for GTK+ 3.19 and previous versions, simplifying
        the code and removing a lot of ifdefs.

         - createStyleContext() now receives a theme part enum value, and
           an optional parent GtkStyleContext. It encapsulates all the
           differences between GTK+ 3.19 and previous version leaving the
           rendering code common and free of ifdefs.
         - Stock icons support have been removed, simplifying the code
           that now always renders symbolic icons, updating the colors
           depending on the current state.
         - Media button and colors have been removed, because they are
           unused now that we render the media controls with CSS.
         - ComboBox separators support has also been removed. In GTK+ 3.19
           combo boxes no longer have separators and most of the GTK+
           themes don't use the either, so it's better to simple not render
           them anymore in WebKit either.
         - Code to paint caps lock indicator has been removed too, since
           caps lock indicator is now shadow dom and automatically
           rendered by WebCore.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::createStyleContext):
        (WebCore::loadThemedIcon):
        (WebCore::gtkIconStateFlags):
        (WebCore::RenderThemeGtk::adjustRepaintRect):
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::setCheckboxSize):
        (WebCore::RenderThemeGtk::paintCheckbox):
        (WebCore::RenderThemeGtk::setRadioSize):
        (WebCore::RenderThemeGtk::paintRadio):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::getComboBoxMetrics):
        (WebCore::RenderThemeGtk::popupInternalPaddingLeft):
        (WebCore::RenderThemeGtk::popupInternalPaddingRight):
        (WebCore::RenderThemeGtk::popupInternalPaddingTop):
        (WebCore::RenderThemeGtk::popupInternalPaddingBottom):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::paintTextField):
        (WebCore::adjustSearchFieldIconStyle):
        (WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
        (WebCore::paintIcon):
        (WebCore::paintEntryIcon):
        (WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
        (WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
        (WebCore::RenderThemeGtk::shouldHaveCapsLockIndicator):
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        (WebCore::paintSpinArrowButton):
        (WebCore::RenderThemeGtk::paintInnerSpinButton):
        (WebCore::styleColor):
        (WebCore::RenderThemeGtk::platformActiveSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformInactiveSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformActiveSelectionForegroundColor):
        (WebCore::RenderThemeGtk::platformInactiveSelectionForegroundColor):
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor):
        (WebCore::RenderThemeGtk::platformActiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionForegroundColor):
        (WebCore::RenderThemeGtk::systemColor):
        (WebCore::RenderThemeGtk::paintMediaButton):
        (WebCore::RenderThemeGtk::paintMediaFullscreenButton):
        (WebCore::RenderThemeGtk::paintMediaMuteButton):
        (WebCore::RenderThemeGtk::paintMediaPlayButton):
        (WebCore::RenderThemeGtk::paintMediaSeekBackButton):
        (WebCore::RenderThemeGtk::paintMediaSeekForwardButton):
        (WebCore::RenderThemeGtk::paintMediaToggleClosedCaptionsButton):
        * rendering/RenderThemeGtk.h:

2016-01-11  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Cleanup ScrollbarThemeGtk
        https://bugs.webkit.org/show_bug.cgi?id=152830

        Reviewed by Michael Catanzaro.

        Use a common path for GTK+ 3.19 and previous versions, simplifying
        the code and removing a lot of ifdefs. Use always a new
        GtkStyleContext, but when painting cache the newly created one so
        all paint methods use that one. We were also caching some theme
        properties assuming they don't change unless the theme changes,
        but some of them can have different values depending on the state,
        for example, when hovered or pressed. Those properties are now
        only cached when we create a new GtkStyleContext.
        The method updateScrollbarsFrameThickness() has also been removed,
        since the Scrollbar constructor already initializes the frame rect
        using the scrollbarThickness(). This method was not doing anything
        anyway, since that was called on the constructor of the theme,
        when there were no scrollbars registered. This also means we no
        longer need to track registered/unregistered scrollbars.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::backButtonRect): Use the cached
        GtkStyleContext and properties or create a new.
        (WebCore::ScrollbarThemeGtk::forwardButtonRect): Ditto.
        (WebCore::ScrollbarThemeGtk::trackRect): Ditto.
        (WebCore::orientationStyleClass):
        (WebCore::ScrollbarThemeGtk::getOrCreateStyleContext): Create a
        new GtkStyleContext for the scrollbar if there isn't a cached
        one. Also initialize the properties that depend on the state.
        (WebCore::createChildStyleContext): Create a new GtkStyleContext
        from a parent one.
        (WebCore::ScrollbarThemeGtk::updateThemeProperties): Get the
        properties that can only change when the theme changes.
        (WebCore::ScrollbarThemeGtk::thumbRect): Use the cached
        GtkStyleContext and properties or create a new.
        (WebCore::adjustRectAccordingToMargin): Use always the
        GtkStyleContext state instead of receiving it and setting it again.
        (WebCore::ScrollbarThemeGtk::paintTrackBackground): Get or create
        a GtkStyleContext for the scrollbar and create a child one for the trough.
        (WebCore::ScrollbarThemeGtk::paintScrollbarBackground): Use the
        cached GtkStyleContext or create a new one.
        (WebCore::ScrollbarThemeGtk::paintThumb): Get or create a
        GtkStyleContext for the scrollbar and create a child ones for
        trough and slider.
        (WebCore::ScrollbarThemeGtk::paintButton): Get or create a
        GtkStyleContext for the scrollbar and create a child one for the button.
        (WebCore::ScrollbarThemeGtk::paint): Create a GtkStyleContext and
        cache it temporarily using TemporaryChange until the method finishes.
        (WebCore::ScrollbarThemeGtk::scrollbarThickness): Use the cached
        GtkStyleContext and properties or create a new.
        (WebCore::ScrollbarThemeGtk::buttonSize): Ditto.
        * platform/gtk/ScrollbarThemeGtk.h:

2016-01-10  Myles C. Maxfield  <mmaxfield@apple.com>

        [SVG -> OTF Converter] Parsing failures cause use of incomplete fonts
        https://bugs.webkit.org/show_bug.cgi?id=152772
        <rdar://problem/24043104>

        Reviewed by Simon Fraser.

        Originally, if we fail to parse a glyph, we would simply skip the glyph. However, this means that
        we will create an incomplete font without all the necessary glyphs. This causes very distressing
        text where all the occurances of a particular letter are missing. Instead, we should treat the
        entire font as invalid.

        Test: fast/text/svg-font-invalid-glyph-path-failure.html

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * loader/cache/CachedSVGFont.cpp:
        (WebCore::CachedSVGFont::ensureCustomFontData):
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::error):
        (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        (WebCore::convertSVGToOTFFont):
        * svg/SVGToOTFFontConversion.h:

2016-01-10  Andreas Kling  <akling@apple.com>

        Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL cont'd
        <https://webkit.org/b/152902>

        Reviewed by Andy Estes.

        Convert some more of the remaining clients to use NeverDestroyed.

        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::textTrackCueContainerShadowPseudoId):
        (WebCore::VTTRegion::textTrackRegionShadowPseudoId):
        * svg/properties/SVGAnimatedPropertyMacros.h:

2016-01-09  Simon Fraser  <simon.fraser@apple.com>

        Hook up display-list drawing in GraphicsLayerCA
        https://bugs.webkit.org/show_bug.cgi?id=152946

        Reviewed by Zalan Bujtas.

        Have GraphicsLayerCA hold a DisplayList. If enabled, do a display-list record
        in GraphicsLayerCA::recursiveCommitChanges(), and a playback in GraphicsLayerCA::platformCALayerPaintContents().
        
        GraphicsLayerCA needs to maintain a m_hasEverPainted flag to know to do a full record
        at first paint (when there are no dirty rects).
        
        Plumb 'isUsingDisplayListDrawing' through to TileGrid via PlatformCALayer{Client}
        so that we can decorate the tile paint counters with an outline.
        
        Have RenderLayerCompositor push the displayListDrawingEnabled state down through
        RenderLayerBackings to GraphicsLayers.
        
        Convert RenderLayerCompositor to use initializers.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::GraphicsLayer):
        * platform/graphics/GraphicsLayer.h:
        (WebCore::GraphicsLayer::usesDisplayListDrawing):
        (WebCore::GraphicsLayer::setUsesDisplayListDrawing):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::GraphicsLayerCA):
        (WebCore::GraphicsLayerCA::setUsesDisplayListDrawing):
        (WebCore::GraphicsLayerCA::recursiveCommitChanges):
        (WebCore::GraphicsLayerCA::platformCALayerPaintContents):
        (WebCore::GraphicsLayerCA::updateDrawsContent):
        (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
        * platform/graphics/ca/GraphicsLayerCA.h:
        * platform/graphics/ca/PlatformCALayer.cpp:
        (WebCore::PlatformCALayer::drawRepaintIndicator):
        * platform/graphics/ca/PlatformCALayerClient.h:
        (WebCore::PlatformCALayerClient::isUsingDisplayListDrawing):
        * platform/graphics/ca/TileGrid.cpp:
        (WebCore::TileGrid::platformCALayerShowRepaintCounter):
        (WebCore::TileGrid::isUsingDisplayListDrawing):
        * platform/graphics/ca/TileGrid.h:
        * platform/graphics/displaylists/DisplayList.h: Sadly need to include DisplayListItems.h
        to get things to compile. I wasn't able to avoid this even when making functions non-inline.
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createGraphicsLayer):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::RenderLayerCompositor):
        (WebCore::RenderLayerCompositor::cacheAcceleratedCompositingFlags):
        * rendering/RenderLayerCompositor.h:

2016-01-09  Zalan Bujtas  <zalan@apple.com>

        REGRESSION (r194426): First email field is not autofilled on amazon.com
        https://bugs.webkit.org/show_bug.cgi?id=152945
        <rdar://problem/24082914>

        Reviewed by Simon Fraser.

        r194426 missed marking the m_layoutRoot for layout while converting to full layout (it only marked the new layout root).

        Test: fast/forms/multiple-subtree-layout-failure.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2016-01-09  Dan Bernstein  <mitz@apple.com>

        [Cocoa] Allow overriding the frameworks directory independently of using a staging install path
        https://bugs.webkit.org/show_bug.cgi?id=152926

        Reviewed by Tim Horton.

        Introduce a new build setting, WK_OVERRIDE_FRAMEWORKS_DIR. When not empty, it determines
        where the frameworks are installed. Setting USE_STAGING_INSTALL_PATH to YES sets
        WK_OVERRIDE_FRAMEWORKS_DIR to $(SYSTEM_LIBRARY_DIR)/StagedFrameworks/Safari.

        Account for the possibility of WK_OVERRIDE_FRAMEWORKS_DIR containing spaces.

        * Configurations/WebCore.xcconfig:
        - Replace STAGED_FRAMEWORKS_SEARCH_PATH in FRAMEWORK_SEARCH_PATHS with
          WK_OVERRIDE_FRAMEWORKS_DIR and add quotes to account for spaces.
        - Define WEBCORE_FRAMEWORKS_DIR and PRODUCTION_FRAMEWORKS_DIR based on
          WK_OVERRIDE_FRAMEWORKS_DIR.

        * WebCore.xcodeproj/project.pbxproj: Work around make’s inability to handle spaces in paths
          by creating a symlink to JAVASCRIPTCORE_PRIVATE_HEADERS_DIR under BUILT_PRODUCTS_DIR and
          using the symlink as the value of JavaScriptCore_SCRIPTS_DIR.

2016-01-09  Andreas Kling  <akling@apple.com>

        Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL
        <https://webkit.org/b/152902>

        Reviewed by Anders Carlsson.

        Mostly mechanical conversion to NeverDestroyed throughout WebCore.

        * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.cpp:
        (WebCore::stringForPlaybackTargetAvailability):
        * Modules/indexeddb/IDBCursor.cpp:
        (WebCore::IDBCursor::directionNext):
        (WebCore::IDBCursor::directionNextUnique):
        (WebCore::IDBCursor::directionPrev):
        (WebCore::IDBCursor::directionPrevUnique):
        * Modules/indexeddb/IDBTransaction.cpp:
        (WebCore::IDBTransaction::modeReadOnly):
        (WebCore::IDBTransaction::modeReadWrite):
        (WebCore::IDBTransaction::modeVersionChange):
        (WebCore::IDBTransaction::modeReadOnlyLegacy):
        (WebCore::IDBTransaction::modeReadWriteLegacy):
        * Modules/indexeddb/legacy/LegacyRequest.cpp:
        (WebCore::LegacyRequest::readyState):
        * Modules/mediacontrols/MediaControlsHost.cpp:
        (WebCore::MediaControlsHost::automaticKeyword):
        (WebCore::MediaControlsHost::forcedOnlyKeyword):
        (WebCore::MediaControlsHost::alwaysOnKeyword):
        (WebCore::MediaControlsHost::externalDeviceType):
        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::openKeyword):
        (WebCore::MediaSource::closedKeyword):
        (WebCore::MediaSource::endedKeyword):
        (WebCore::MediaSource::streamEndedWithError):
        * Modules/plugins/QuickTimePluginReplacement.mm:
        (WebCore::quickTimePluginReplacementScript):
        (WebCore::QuickTimePluginReplacement::supportsMimeType):
        (WebCore::QuickTimePluginReplacement::supportsFileExtension):
        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::boundaryEventOccurred):
        * bindings/js/JSCSSStyleDeclarationCustom.cpp:
        (WebCore::cssPropertyIDForJSCSSPropertyName):
        * bridge/c/c_instance.cpp:
        (JSC::Bindings::globalExceptionString):
        * css/MediaList.cpp:
        (WebCore::addResolutionWarningMessageToConsole):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::parseAuthorStyleSheet):
        * dom/ChildListMutationScope.cpp:
        (WebCore::accumulatorMap):
        * dom/DOMImplementation.cpp:
        (WebCore::isSupportedSVG10Feature):
        (WebCore::isSupportedSVG11Feature):
        * dom/Document.cpp:
        (WebCore::Document::readyState):
        * dom/Element.cpp:
        (WebCore::Element::webkitRegionOverset):
        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchSimulatedClick):
        * dom/InlineStyleSheetOwner.cpp:
        (WebCore::isValidCSSContentType):
        * dom/MutationObserver.cpp:
        (WebCore::activeMutationObservers):
        (WebCore::suspendedMutationObservers):
        * dom/MutationRecord.cpp:
        * dom/PseudoElement.cpp:
        (WebCore::pseudoElementTagName):
        (WebCore::PseudoElement::pseudoElementNameForEvents):
        * dom/QualifiedName.cpp:
        (WebCore::qualifiedNameCache):
        (WebCore::nullQName):
        * dom/ScriptElement.cpp:
        (WebCore::isLegacySupportedJavaScriptLanguage):
        (WebCore::ScriptElement::notifyFinished):
        * editing/ApplyStyleCommand.cpp:
        (WebCore::styleSpanClassString):
        * editing/MarkupAccumulator.cpp:
        (WebCore::MarkupAccumulator::shouldAddNamespaceElement):
        * editing/ReplaceSelectionCommand.cpp:
        (WebCore::isInterchangeNewlineNode):
        (WebCore::isInterchangeConvertedSpaceSpan):
        * editing/htmlediting.cpp:
        (WebCore::nonBreakingSpaceString):
        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::styleNodeCloseTag):
        (WebCore::createMarkupInternal):
        * fileapi/Blob.cpp:
        (WebCore::BlobURLRegistry::registry):
        * html/BaseChooserOnlyDateAndTimeInputType.cpp:
        (WebCore::BaseChooserOnlyDateAndTimeInputType::createShadowSubtree):
        * html/DateInputType.cpp:
        (WebCore::DateInputType::createStepRange):
        * html/DateTimeInputType.cpp:
        (WebCore::DateTimeInputType::createStepRange):
        * html/DateTimeLocalInputType.cpp:
        (WebCore::DateTimeLocalInputType::createStepRange):
        * html/EmailInputType.cpp:
        (WebCore::isValidEmailAddress):
        * html/FormController.cpp:
        (WebCore::FormKeyGenerator::formKey):
        (WebCore::formStateSignature):
        * html/HTMLAnchorElement.cpp:
        (WebCore::rootEditableElementMap):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::formControlType):
        * html/HTMLFieldSetElement.cpp:
        (WebCore::HTMLFieldSetElement::formControlType):
        * html/HTMLFrameOwnerElement.h:
        (WebCore::SubframeLoadingDisabler::disabledSubtreeRoots):
        * html/HTMLKeygenElement.cpp:
        (WebCore::HTMLKeygenElement::formControlType):
        * html/HTMLLinkElement.cpp:
        (WebCore::linkLoadEventSender):
        * html/HTMLMediaElement.cpp:
        (WebCore::documentToElementSetMap):
        * html/HTMLObjectElement.cpp:
        (WebCore::isRecognizedTagName):
        * html/HTMLOptGroupElement.cpp:
        (WebCore::HTMLOptGroupElement::formControlType):
        * html/HTMLOutputElement.cpp:
        (WebCore::HTMLOutputElement::formControlType):
        * html/HTMLPlugInElement.cpp:
        (WebCore::registeredPluginReplacements):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::titleText):
        (WebCore::subtitleText):
        (WebCore::HTMLPlugInImageElement::partOfSnapshotOverlay):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::formControlType):
        * html/HTMLStyleElement.cpp:
        (WebCore::styleLoadEventSender):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::formControlType):
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::directionString):
        * html/ImageInputType.cpp:
        (WebCore::ImageInputType::appendFormData):
        * html/InputTypeNames.cpp:
        (WebCore::InputTypeNames::button):
        (WebCore::InputTypeNames::checkbox):
        (WebCore::InputTypeNames::color):
        (WebCore::InputTypeNames::date):
        (WebCore::InputTypeNames::datetime):
        (WebCore::InputTypeNames::datetimelocal):
        (WebCore::InputTypeNames::email):
        (WebCore::InputTypeNames::file):
        (WebCore::InputTypeNames::hidden):
        (WebCore::InputTypeNames::image):
        (WebCore::InputTypeNames::month):
        (WebCore::InputTypeNames::number):
        (WebCore::InputTypeNames::password):
        (WebCore::InputTypeNames::radio):
        (WebCore::InputTypeNames::range):
        (WebCore::InputTypeNames::reset):
        (WebCore::InputTypeNames::search):
        (WebCore::InputTypeNames::submit):
        (WebCore::InputTypeNames::telephone):
        (WebCore::InputTypeNames::text):
        (WebCore::InputTypeNames::time):
        (WebCore::InputTypeNames::url):
        (WebCore::InputTypeNames::week):
        * html/MediaController.cpp:
        (playbackStateWaiting):
        (playbackStatePlaying):
        (playbackStateEnded):
        * html/MonthInputType.cpp:
        (WebCore::MonthInputType::createStepRange):
        * html/NumberInputType.cpp:
        (WebCore::NumberInputType::createStepRange):
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::createStepRange):
        * html/StepRange.cpp:
        (WebCore::StepRange::acceptableError):
        (WebCore::StepRange::alignValueForStep):
        (WebCore::StepRange::stepMismatch):
        * html/TimeInputType.cpp:
        (WebCore::TimeInputType::createStepRange):
        * html/WeekInputType.cpp:
        (WebCore::WeekInputType::createStepRange):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::getImageData):
        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::init):
        (WebCore::XSSAuditor::eraseDangerousAttributesIfInjected):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlClosedCaptionsTrackListElement::updateDisplay):
        (WebCore::getMediaControlTimeRemainingDisplayElementShadowPseudoId):
        (WebCore::getMediaControlCurrentTimeDisplayElementShadowPseudoId):
        * html/shadow/MeterShadowElement.cpp:
        (WebCore::MeterInnerElement::MeterInnerElement):
        (WebCore::MeterValueElement::valuePseudoId):
        * html/shadow/MeterShadowElement.h:
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::sliderThumbShadowPseudoId):
        (WebCore::mediaSliderThumbShadowPseudoId):
        (WebCore::SliderContainerElement::shadowPseudoId):
        * html/track/AudioTrack.cpp:
        (WebCore::AudioTrack::alternativeKeyword):
        (WebCore::AudioTrack::descriptionKeyword):
        (WebCore::AudioTrack::mainKeyword):
        (WebCore::AudioTrack::mainDescKeyword):
        (WebCore::AudioTrack::translationKeyword):
        (WebCore::AudioTrack::commentaryKeyword):
        * html/track/TextTrack.cpp:
        (WebCore::TextTrack::subtitlesKeyword):
        (WebCore::TextTrack::captionsKeyword):
        (WebCore::TextTrack::descriptionsKeyword):
        (WebCore::TextTrack::chaptersKeyword):
        (WebCore::TextTrack::metadataKeyword):
        (WebCore::TextTrack::forcedKeyword):
        (WebCore::TextTrack::disabledKeyword):
        (WebCore::TextTrack::hiddenKeyword):
        (WebCore::TextTrack::showingKeyword):
        * html/track/TextTrackCue.h:
        (WebCore::TextTrackCue::cueShadowPseudoId):
        * html/track/VTTCue.cpp:
        (WebCore::startKeyword):
        (WebCore::middleKeyword):
        (WebCore::endKeyword):
        (WebCore::leftKeyword):
        (WebCore::rightKeyword):
        (WebCore::verticalGrowingLeftKeyword):
        (WebCore::verticalGrowingRightKeyword):
        (WebCore::VTTCueBox::vttCueBoxShadowPseudoId):
        (WebCore::VTTCue::cueBackdropShadowPseudoId):
        (WebCore::VTTCue::determineTextDirection):
        (WebCore::VTTCue::markFutureAndPastNodes):
        * html/track/VTTRegion.cpp:
        (WebCore::VTTRegion::scroll):
        (WebCore::VTTRegion::setScroll):
        (WebCore::VTTRegion::parseSettingValue):
        (WebCore::VTTRegion::textTrackCueContainerScrollingClass):
        * html/track/VideoTrack.cpp:
        (WebCore::VideoTrack::alternativeKeyword):
        (WebCore::VideoTrack::captionsKeyword):
        (WebCore::VideoTrack::mainKeyword):
        (WebCore::VideoTrack::signKeyword):
        (WebCore::VideoTrack::subtitlesKeyword):
        (WebCore::VideoTrack::commentaryKeyword):
        * html/track/WebVTTElement.cpp:
        (WebCore::nodeTypeToTagName):
        * html/track/WebVTTElement.h:
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTParser::collectMetadataHeader):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::computePseudoClassMask):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::sourceMapURLForResource):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::selectorsFromSource):
        * inspector/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::sourceMapURLForScript):
        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::notifyFinished):
        * loader/TextTrackLoader.cpp:
        (WebCore::TextTrackLoader::corsPolicyPreventedLoad):
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::initiatorName):
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::defaultDatabaseFilename):
        * page/CaptionUserPreferences.cpp:
        (WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::captionsBackgroundCSS):
        (WebCore::CaptionUserPreferencesMediaAF::captionsTextEdgeCSS):
        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPDirectiveList::allowJavaScriptURLs):
        (WebCore::CSPDirectiveList::allowInlineEventHandlers):
        (WebCore::CSPDirectiveList::allowInlineScript):
        (WebCore::CSPDirectiveList::allowInlineStyle):
        (WebCore::CSPDirectiveList::allowEval):
        (WebCore::ContentSecurityPolicy::reportUnsupportedDirective):
        * page/DOMWindow.cpp:
        (WebCore::windowsWithUnloadEventListeners):
        (WebCore::windowsWithBeforeUnloadEventListeners):
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dragState):
        (WebCore::focusDirectionForKey):
        * page/Frame.cpp:
        (WebCore::createRegExpForLabels):
        * page/NavigatorBase.cpp:
        (WebCore::NavigatorBase::platform):
        * page/PageVisibilityState.cpp:
        (WebCore::pageVisibilityStateString):
        * page/SecurityPolicy.cpp:
        (WebCore::originAccessMap):
        * page/UserContentURLPattern.cpp:
        (WebCore::UserContentURLPattern::parse):
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::shadowForBlending):
        * page/animation/CompositeAnimation.cpp:
        (WebCore::CompositeAnimation::updateKeyframeAnimations):
        * platform/Cursor.cpp:
        (WebCore::pointerCursor):
        (WebCore::crossCursor):
        (WebCore::handCursor):
        (WebCore::moveCursor):
        (WebCore::verticalTextCursor):
        (WebCore::cellCursor):
        (WebCore::contextMenuCursor):
        (WebCore::aliasCursor):
        (WebCore::zoomInCursor):
        (WebCore::zoomOutCursor):
        (WebCore::copyCursor):
        (WebCore::noneCursor):
        (WebCore::progressCursor):
        (WebCore::noDropCursor):
        (WebCore::notAllowedCursor):
        (WebCore::iBeamCursor):
        (WebCore::waitCursor):
        (WebCore::helpCursor):
        (WebCore::eastResizeCursor):
        (WebCore::northResizeCursor):
        (WebCore::northEastResizeCursor):
        (WebCore::northWestResizeCursor):
        (WebCore::southResizeCursor):
        (WebCore::southEastResizeCursor):
        (WebCore::southWestResizeCursor):
        (WebCore::westResizeCursor):
        (WebCore::northSouthResizeCursor):
        (WebCore::eastWestResizeCursor):
        (WebCore::northEastSouthWestResizeCursor):
        (WebCore::northWestSouthEastResizeCursor):
        (WebCore::columnResizeCursor):
        (WebCore::rowResizeCursor):
        (WebCore::middlePanningCursor):
        (WebCore::eastPanningCursor):
        (WebCore::northPanningCursor):
        (WebCore::northEastPanningCursor):
        (WebCore::northWestPanningCursor):
        (WebCore::southPanningCursor):
        (WebCore::southEastPanningCursor):
        (WebCore::southWestPanningCursor):
        (WebCore::westPanningCursor):
        (WebCore::grabCursor):
        (WebCore::grabbingCursor):
        * platform/Language.cpp:
        (WebCore::preferredLanguagesOverride):
        * platform/LocalizedStrings.cpp:
        (WebCore::truncatedStringForLookupMenuItem):
        * platform/MIMETypeRegistry.cpp:
        (WebCore::mediaMIMETypeMap):
        (WebCore::defaultMIMEType):
        * platform/SchemeRegistry.cpp:
        (WebCore::localURLSchemes):
        (WebCore::displayIsolatedURLSchemes):
        (WebCore::secureSchemes):
        (WebCore::schemesWithUniqueOrigins):
        (WebCore::emptyDocumentSchemes):
        (WebCore::schemesForbiddenFromDomainRelaxation):
        (WebCore::canDisplayOnlyIfCanRequestSchemes):
        (WebCore::notAllowingJavascriptURLsSchemes):
        (WebCore::schemesAllowingLocalStorageAccessInPrivateBrowsing):
        (WebCore::schemesAllowingDatabaseAccessInPrivateBrowsing):
        (WebCore::CORSEnabledSchemes):
        (WebCore::ContentSecurityPolicyBypassingSchemes):
        * platform/ScrollbarTheme.cpp:
        (WebCore::ScrollbarTheme::theme):
        * platform/URL.cpp:
        (WebCore::blankURL):
        * platform/animation/Animation.cpp:
        (WebCore::Animation::initialName):
        * platform/audio/AudioSession.cpp:
        (WebCore::AudioSession::sharedSession):
        * platform/audio/AudioSession.h:
        * platform/audio/HRTFElevation.cpp:
        (WebCore::getConcatenatedImpulseResponsesForSubject):
        * platform/audio/ios/AudioDestinationIOS.cpp:
        (WebCore::audioDestinations):
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::repaintRectMap):
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::transformColorSpace):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::applicationOctetStream):
        (WebCore::textPlain):
        (WebCore::codecs):
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ScratchBuffer::singleton):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::playerToPrivateMap):
        * platform/graphics/filters/SourceAlpha.cpp:
        (WebCore::SourceAlpha::effectName):
        * platform/graphics/filters/SourceGraphic.cpp:
        (WebCore::SourceGraphic::effectName):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::mimeCommonTypesCache):
        (WebCore::mimeModernTypesCache):
        * platform/ios/CursorIOS.cpp:
        (WebCore::cursor):
        * platform/ios/TileControllerMemoryHandlerIOS.cpp:
        (WebCore::tileControllerMemoryHandler):
        * platform/ios/WebCoreMotionManager.mm:
        (+[WebCoreMotionManager sharedManager]):
        * platform/ios/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::updateForEventName):
        * platform/ios/wak/WKContentObservation.cpp:
        (WebThreadGetObservedContentModifiers):
        * platform/mac/DragImageMac.mm:
        (WebCore::fontFromNSFont):
        * platform/mac/ThemeMac.mm:
        (WebCore::platformTheme):
        * platform/mac/ThreadCheck.mm:
        (WebCoreReportThreadViolation):
        * platform/mediastream/mac/AVCaptureDeviceManager.h:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        (WebCore::AVCaptureDeviceManager::singleton):
        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenter::platformCenter):
        * platform/mock/mediasource/MockBox.cpp:
        (WebCore::MockTrackBox::type):
        (WebCore::MockInitializationBox::type):
        (WebCore::MockSampleBox::type):
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseXSSProtectionHeader):
        * platform/network/ResourceHandle.cpp:
        (WebCore::builtinResourceHandleConstructorMap):
        (WebCore::builtinResourceHandleSynchronousLoaderMap):
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::allowsAnyHTTPSCertificateHosts):
        (WebCore::clientCerts):
        * platform/text/AtomicStringKeyedMRUCache.h:
        (WebCore::AtomicStringKeyedMRUCache::get):
        * platform/text/cf/HyphenationCF.cpp:
        (WebCore::cfLocaleCache):
        * rendering/RenderBlock.cpp:
        (WebCore::continuationOutlineTable):
        * rendering/RenderCounter.cpp:
        (WebCore::counterMaps):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::drawPlatformResizerImage):
        * rendering/RenderScrollbarTheme.cpp:
        (WebCore::RenderScrollbarTheme::renderScrollbarTheme):
        * rendering/RenderTheme.cpp:
        (WebCore::customFocusRingColor):
        * rendering/RenderWidget.cpp:
        (WebCore::WidgetHierarchyUpdatesSuspensionScope::widgetNewParentMap):
        * rendering/shapes/ShapeOutsideInfo.h:
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::hyphenString):
        (WebCore::RenderStyle::textEmphasisMarkString):
        (WebCore::RenderStyle::initialDashboardRegions):
        (WebCore::RenderStyle::noneDashboardRegions):
        * rendering/style/RenderStyle.h:
        * rendering/svg/RenderSVGPath.cpp:
        (WebCore::RenderSVGPath::zeroLengthLinecapPath):
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::nonScalingStrokePath):
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::currentContentTransformation):
        * rendering/svg/SVGResources.cpp:
        (WebCore::clipperFilterMaskerTags):
        (WebCore::markerTags):
        (WebCore::fillAndStrokeTags):
        (WebCore::chainableResourceTags):
        * svg/SVGAngle.cpp:
        (WebCore::SVGAngle::valueAsString):
        * svg/SVGAnimateColorElement.cpp:
        (WebCore::attributeValueIsCurrentColor):
        * svg/SVGAnimateMotionElement.cpp:
        (WebCore::SVGAnimateMotionElement::rotateMode):
        * svg/SVGAnimationElement.cpp:
        (WebCore::SVGAnimationElement::setCalcMode):
        (WebCore::SVGAnimationElement::setAttributeType):
        (WebCore::SVGAnimationElement::isAdditive):
        (WebCore::SVGAnimationElement::isAccumulated):
        (WebCore::inheritsFromProperty):
        * svg/SVGFEConvolveMatrixElement.cpp:
        (WebCore::SVGFEConvolveMatrixElement::kernelUnitLengthXIdentifier):
        (WebCore::SVGFEConvolveMatrixElement::kernelUnitLengthYIdentifier):
        (WebCore::SVGFEConvolveMatrixElement::orderXIdentifier):
        (WebCore::SVGFEConvolveMatrixElement::orderYIdentifier):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::kernelUnitLengthXIdentifier):
        (WebCore::SVGFEDiffuseLightingElement::kernelUnitLengthYIdentifier):
        * svg/SVGFEDropShadowElement.cpp:
        (WebCore::SVGFEDropShadowElement::stdDeviationXIdentifier):
        (WebCore::SVGFEDropShadowElement::stdDeviationYIdentifier):
        * svg/SVGFEGaussianBlurElement.cpp:
        (WebCore::SVGFEGaussianBlurElement::stdDeviationXIdentifier):
        (WebCore::SVGFEGaussianBlurElement::stdDeviationYIdentifier):
        * svg/SVGFEMorphologyElement.cpp:
        (WebCore::SVGFEMorphologyElement::radiusXIdentifier):
        (WebCore::SVGFEMorphologyElement::radiusYIdentifier):
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::kernelUnitLengthXIdentifier):
        (WebCore::SVGFESpecularLightingElement::kernelUnitLengthYIdentifier):
        * svg/SVGFETurbulenceElement.cpp:
        (WebCore::SVGFETurbulenceElement::baseFrequencyXIdentifier):
        (WebCore::SVGFETurbulenceElement::baseFrequencyYIdentifier):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::filterResXIdentifier):
        (WebCore::SVGFilterElement::filterResYIdentifier):
        * svg/SVGGlyphMap.h:
        (WebCore::SVGGlyphMap::svgGlyphForGlyph):
        * svg/SVGLangSpace.cpp:
        (WebCore::SVGLangSpace::xmlspace):
        (WebCore::SVGLangSpace::addSupportedAttributes):
        * svg/SVGMarkerElement.cpp:
        (WebCore::SVGMarkerElement::orientTypeIdentifier):
        (WebCore::SVGMarkerElement::orientAngleIdentifier):
        (WebCore::SVGMarkerElement::synchronizeOrientType):
        * svg/SVGStyleElement.cpp:
        (WebCore::SVGStyleElement::type):
        (WebCore::SVGStyleElement::media):
        * svg/SVGTransform.cpp:
        (WebCore::SVGTransform::transformTypePrefixForParsing):
        * svg/SVGViewSpec.cpp:
        (WebCore::SVGViewSpec::viewBoxIdentifier):
        (WebCore::SVGViewSpec::preserveAspectRatioIdentifier):
        (WebCore::SVGViewSpec::transformIdentifier):
        * svg/animation/SVGSMILElement.cpp:
        (WebCore::SVGSMILElement::parseClockValue):
        (WebCore::SVGSMILElement::isSupportedAttribute):
        (WebCore::SVGSMILElement::restart):
        (WebCore::SVGSMILElement::fill):
        (WebCore::SVGSMILElement::repeatCount):
        (WebCore::SVGSMILElement::notifyDependentsIntervalChanged):

2016-01-08  Zalan Bujtas  <zalan@apple.com>

        Absolute positioning -webkit-search-cancel-button crashes Safari.
        https://bugs.webkit.org/show_bug.cgi?id=152847
        <rdar://problem/24112087>

        Reviewed by Simon Fraser.

        Do not call offsetFromContainer while resolving the painting position for the search/cancel button renderer.
        It skips the static positioned parent input renderer, when the search/cancel renderer is absolute positioned.
        This patch also fixes a rendering glitch when the margin-right is > 0.

        Test: fast/forms/absolute-positioned-custom-search-cancel-crash.html

        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::paintSearchFieldCancelButton):
        (WebCore::RenderTheme::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderTheme::paintSearchFieldResultsButton):
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::convertToPaintingPosition):
        (WebCore::RenderThemeMac::paintSearchFieldCancelButton):
        (WebCore::RenderThemeMac::paintSearchFieldResultsDecorationPart):
        (WebCore::RenderThemeMac::paintSearchFieldResultsButton):
        (WebCore::RenderThemeMac::convertToPaintingRect): Deleted.

2016-01-08  Simon Fraser  <simon.fraser@apple.com>

        Add display-list drawing hooks to platform-specific GraphicsContext files
        https://bugs.webkit.org/show_bug.cgi?id=152940

        Reviewed by Zalan Bujtas.

        Call into the display list recorder for top-level entrypoints implemented in platform-specific
        files.
        
        The convention is that if a function begins with "platform", it's not a top-level
        entry point, and should only be called when there's a platform context (i.e. not
        recording, and not paintingDisabled).
        
        A few instances are stubbed out until we have a more complete display list implementation.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawText):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::getCTM):
        (WebCore::GraphicsContext::savePlatformState):
        (WebCore::GraphicsContext::restorePlatformState):
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::drawNativeImage):
        (WebCore::GraphicsContext::drawLine):
        (WebCore::GraphicsContext::drawEllipse):
        (WebCore::GraphicsContext::drawConvexPolygon):
        (WebCore::GraphicsContext::clipConvexPolygon):
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::clip):
        (WebCore::GraphicsContext::clipPath):
        (WebCore::GraphicsContext::clipBounds):
        (WebCore::GraphicsContext::drawLinesForText):
        (WebCore::GraphicsContext::roundToDevicePixels):
        (WebCore::GraphicsContext::translate):
        (WebCore::GraphicsContext::setPlatformStrokeThickness):
        (WebCore::GraphicsContext::setPlatformStrokeStyle):
        (WebCore::GraphicsContext::concatCTM):
        (WebCore::GraphicsContext::setCTM):
        (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
        (WebCore::GraphicsContext::endPlatformTransparencyLayer):
        (WebCore::GraphicsContext::clearRect):
        (WebCore::GraphicsContext::strokeRect):
        (WebCore::GraphicsContext::setLineCap):
        (WebCore::GraphicsContext::setLineDash):
        (WebCore::GraphicsContext::setLineJoin):
        (WebCore::GraphicsContext::clipOut):
        (WebCore::GraphicsContext::rotate):
        (WebCore::GraphicsContext::scale):
        (WebCore::GraphicsContext::platformFillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        (WebCore::GraphicsContext::drawPattern):
        (WebCore::GraphicsContext::setPlatformShouldAntialias):
        (WebCore::GraphicsContext::setPlatformImageInterpolationQuality):
        (WebCore::GraphicsContext::isAcceleratedContext):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::savePlatformState):
        (WebCore::GraphicsContext::restorePlatformState):
        (WebCore::GraphicsContext::drawNativeImage):
        (WebCore::GraphicsContext::drawPattern):
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::drawLine):
        (WebCore::GraphicsContext::drawEllipse):
        (WebCore::GraphicsContext::drawConvexPolygon):
        (WebCore::GraphicsContext::clipConvexPolygon):
        (WebCore::GraphicsContext::applyStrokePattern):
        (WebCore::GraphicsContext::applyFillPattern):
        (WebCore::GraphicsContext::drawPath):
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::platformFillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        (WebCore::GraphicsContext::clip):
        (WebCore::GraphicsContext::clipOut):
        (WebCore::GraphicsContext::clipPath):
        (WebCore::GraphicsContext::clipBounds):
        (WebCore::GraphicsContext::beginPlatformTransparencyLayer):
        (WebCore::GraphicsContext::endPlatformTransparencyLayer):
        (WebCore::GraphicsContext::setPlatformShadow):
        (WebCore::GraphicsContext::setMiterLimit):
        (WebCore::GraphicsContext::clearRect):
        (WebCore::GraphicsContext::strokeRect):
        (WebCore::GraphicsContext::setLineCap):
        (WebCore::GraphicsContext::setLineDash):
        (WebCore::GraphicsContext::setLineJoin):
        (WebCore::GraphicsContext::scale):
        (WebCore::GraphicsContext::rotate):
        (WebCore::GraphicsContext::translate):
        (WebCore::GraphicsContext::concatCTM):
        (WebCore::GraphicsContext::setCTM):
        (WebCore::GraphicsContext::getCTM):
        (WebCore::GraphicsContext::roundToDevicePixels):
        (WebCore::GraphicsContext::drawLinesForText):
        (WebCore::GraphicsContext::setURLForRect):
        (WebCore::GraphicsContext::setIsCALayerContext):
        (WebCore::GraphicsContext::isCALayerContext):
        (WebCore::GraphicsContext::setIsAcceleratedContext):
        (WebCore::GraphicsContext::isAcceleratedContext):
        (WebCore::GraphicsContext::setPlatformTextDrawingMode):
        (WebCore::GraphicsContext::setPlatformStrokeColor):
        (WebCore::GraphicsContext::setPlatformStrokeThickness):
        (WebCore::GraphicsContext::setPlatformFillColor):
        (WebCore::GraphicsContext::setPlatformShouldAntialias):
        (WebCore::GraphicsContext::setPlatformShouldSmoothFonts):
        (WebCore::GraphicsContext::setPlatformAlpha):
        (WebCore::GraphicsContext::setPlatformCompositeOperation):
        (WebCore::GraphicsContext::platformApplyDeviceScaleFactor):
        (WebCore::GraphicsContext::platformFillEllipse):
        (WebCore::GraphicsContext::platformStrokeEllipse):

2016-01-08  Simon Fraser  <simon.fraser@apple.com>

        Add DisplayList hooks into GraphicsContext
        https://bugs.webkit.org/show_bug.cgi?id=152932

        Reviewed by Zalan Bujtas.

        Add the hooks into GraphicsContext that call into the DisplayListRecorder if there
        is one.
        
        Rename size() to something less ambiguous.
        
        Out-of-line some DisplayList functions so that the header doesn't need to see
        DisplayListItems.h.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::save):
        (WebCore::GraphicsContext::restore):
        (WebCore::GraphicsContext::setStrokeThickness):
        (WebCore::GraphicsContext::setStrokeStyle):
        (WebCore::GraphicsContext::setStrokeColor):
        (WebCore::GraphicsContext::setShadow):
        (WebCore::GraphicsContext::setLegacyShadow):
        (WebCore::GraphicsContext::clearShadow):
        (WebCore::GraphicsContext::setFillColor):
        (WebCore::GraphicsContext::setShadowsIgnoreTransforms):
        (WebCore::GraphicsContext::setShouldAntialias):
        (WebCore::GraphicsContext::setShouldSmoothFonts):
        (WebCore::GraphicsContext::setShouldSubpixelQuantizeFonts):
        (WebCore::GraphicsContext::setImageInterpolationQuality):
        (WebCore::GraphicsContext::setAntialiasedFontDilationEnabled):
        (WebCore::GraphicsContext::setStrokePattern):
        (WebCore::GraphicsContext::setFillPattern):
        (WebCore::GraphicsContext::setStrokeGradient):
        (WebCore::GraphicsContext::setFillRule):
        (WebCore::GraphicsContext::setFillGradient):
        (WebCore::GraphicsContext::beginTransparencyLayer):
        (WebCore::GraphicsContext::endTransparencyLayer):
        (WebCore::GraphicsContext::drawGlyphs):
        (WebCore::GraphicsContext::drawImage):
        (WebCore::GraphicsContext::drawTiledImage):
        (WebCore::GraphicsContext::setTextDrawingMode):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::fillRoundedRect):
        (WebCore::GraphicsContext::setAlpha):
        (WebCore::GraphicsContext::setCompositeOperation):
        (WebCore::GraphicsContext::setDrawLuminanceMask):
        (WebCore::GraphicsContext::applyDeviceScaleFactor):
        (WebCore::GraphicsContext::applyState):
        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContext::setDisplayListRecorder):
        (WebCore::GraphicsContext::isRecording):
        (WebCore::GraphicsContext::setFillRule): Deleted.
        (WebCore::GraphicsContext::setShadowsIgnoreTransforms): Deleted.
        (WebCore::GraphicsContext::setShouldSubpixelQuantizeFonts): Deleted.
        (WebCore::GraphicsContext::setDrawLuminanceMask): Deleted.
        * platform/graphics/displaylists/DisplayList.cpp:
        (WebCore::DisplayList::DisplayList::clear):
        (WebCore::DisplayList::DisplayList::removeItemsFromIndex):
        * platform/graphics/displaylists/DisplayList.h:
        (WebCore::DisplayList::DisplayList::itemCount):
        (WebCore::DisplayList::DisplayList::clear): Deleted.
        (WebCore::DisplayList::DisplayList::size): Deleted.
        (WebCore::DisplayList::DisplayList::removeItemsFromIndex): Deleted.
        * platform/graphics/displaylists/DisplayListRecorder.cpp:
        (WebCore::DisplayList::Recorder::save):
        (WebCore::DisplayList::Recorder::restore):
        * platform/graphics/displaylists/DisplayListRecorder.h:
        (WebCore::DisplayList::Recorder::itemCount):
        (WebCore::DisplayList::Recorder::size): Deleted.
        * platform/graphics/displaylists/DisplayListReplayer.cpp:
        (WebCore::DisplayList::Replayer::replay):

2016-01-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: imported/w3c/indexeddb/keyorder.htm times out.
        https://bugs.webkit.org/show_bug.cgi?id=152929

        Reviewed by Alex Christensen.

        No new tests (Existing test now runs in the test harness).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::setGetResult):

2016-01-08  Simon Fraser  <simon.fraser@apple.com>

        Consider painting to be disabled on a GraphicsContext with no platform data, and make updatingControlTints() immutable state
        https://bugs.webkit.org/show_bug.cgi?id=152927

        Reviewed by Tim Horton.

        GraphicsContext had setters for paintingDisabled and updatingControlTints, but neither
        were changed dynamically.
        
        We can eliminate paintingDisabled by simply considering a GraphicsContext that was
        created with no platform context to be paint-disabled.
        
        We make updatingControlTints immutable state by providing a constructor that takes
        a "NonPaintingReasons" enum, and doesn't create platform data.
        
        More functions in platform code were protected by if (paintingDisabled())...

        * page/FrameView.cpp:
        (WebCore::FrameView::paintControlTints):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::GraphicsContext):
        (WebCore::GraphicsContext::fillRoundedRect):
        (WebCore::GraphicsContext::setUpdatingControlTints): Deleted.
        (WebCore::GraphicsContext::clip): Deleted.
        * platform/graphics/GraphicsContext.h:
        (WebCore::GraphicsContext::paintingDisabled):
        (WebCore::GraphicsContext::updatingControlTints):
        (WebCore::GraphicsContextState::GraphicsContextState): Deleted.
        (WebCore::GraphicsContext::setPaintingDisabled): Deleted.
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::GraphicsContext):
        (WebCore::GraphicsContext::platformInit):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::platformInit):
        (WebCore::GraphicsContext::savePlatformState):
        (WebCore::GraphicsContext::restorePlatformState):
        (WebCore::GraphicsContext::drawNativeImage):
        (WebCore::GraphicsContext::drawPattern):
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::applyStrokePattern):
        (WebCore::GraphicsContext::applyFillPattern):
        (WebCore::GraphicsContext::clip):
        (WebCore::GraphicsContext::clipBounds):
        (WebCore::GraphicsContext::setLineDash):
        (WebCore::GraphicsContext::roundToDevicePixels):
        (WebCore::GraphicsContext::setPlatformImageInterpolationQuality):
        (WebCore::GraphicsContext::setIsCALayerContext):
        (WebCore::GraphicsContext::isCALayerContext):
        (WebCore::GraphicsContext::setIsAcceleratedContext):
        (WebCore::GraphicsContext::isAcceleratedContext):
        (WebCore::GraphicsContext::platformApplyDeviceScaleFactor):
        * platform/graphics/win/GraphicsContextCGWin.cpp:
        (WebCore::GraphicsContext::platformInit):
        (WebCore::GraphicsContext::GraphicsContext): Deleted.
        * platform/graphics/win/GraphicsContextCairoWin.cpp:
        (WebCore::GraphicsContext::platformInit):
        (WebCore::GraphicsContext::GraphicsContext): Deleted.

2016-01-08  Anders Carlsson  <andersca@apple.com>

        InputType::findClosestTickMarkValue should return an Optional<Decimal>
        https://bugs.webkit.org/show_bug.cgi?id=152931

        Reviewed by Andreas Kling.

        This will make it possible to get rid of the notion of infinity from Decimal, allowing for more code simplification.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::findClosestTickMarkValue):
        * html/HTMLInputElement.h:
        * html/InputType.cpp:
        (WebCore::InputType::findClosestTickMarkValue):
        * html/InputType.h:
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::findClosestTickMarkValue):
        * html/RangeInputType.h:
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::SliderThumbElement::setPositionFromPoint):

2016-01-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: IDBBindingUtilities chokes on unicode strings for get/set.
        https://bugs.webkit.org/show_bug.cgi?id=152921

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::get): Don't do a potentially lossy utf8() conversion on the string.
        (WebCore::set): Ditto.

2016-01-08  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Support more video formats.
        https://bugs.webkit.org/show_bug.cgi?id=152890

        Reviewed by Alex Christensen.

        Use MediaFoundation api to detect all supported video/audio formats.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::getSupportedTypes):
        (WebCore::MediaPlayerPrivateMediaFoundation::supportsType):

2016-01-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: Blocked event can fire on a delete request even after the last open connection has closed.
        https://bugs.webkit.org/show_bug.cgi?id=152896

        Reviewed by Alex Christensen.

        No new tests (Progression in many tests).

        * Modules/indexeddb/client/IDBFactoryImpl.cpp:
        (WebCore::IDBClient::IDBFactory::deleteDatabase):
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation): Allow for handling 2+ delete operations in a row.
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Ditto.
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient): Call "notifyCurrentRequestConnectionClosedOrFiredVersionChangeEvent"
          after the connection is actually removed from the set of open connections.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-01-08  Zalan Bujtas  <zalan@apple.com>

        Hovering link on http://help.apple.com/appletv/#/ does not show text underline.
        https://bugs.webkit.org/show_bug.cgi?id=152906
        <rdar://problem/23339617>

        Reviewed by Simon Fraser.

        GraphicsContext::computeLineBoundsAndAntialiasingModeForText() always integral ceils the origin y position to offset underline text.
        This additional visual overflow offset is not taken into account by visualOverflowForDecorations().
        Unfortunately we can't compute the exact same offset value while collecting repaint rects, because
        computeLineBoundsAndAntialiasingModeForText() uses CTM scaling before adjusting the offset position.
        Use 1px (css) bottom offset to cover this underling overflow.

        Test: fast/css3-text/css3-text-decoration/text-underline-position/underline-visual-overflow-with-subpixel-position.html

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::computeLineBoundsAndAntialiasingModeForText):
        * rendering/SimpleLineLayoutResolver.cpp: Add visual overflow to simple line layout.
        (WebCore::SimpleLineLayout::RunResolver::Run::rect):
        (WebCore::SimpleLineLayout::RunResolver::RunResolver):
        * rendering/SimpleLineLayoutResolver.h:
        * style/InlineTextBoxStyle.cpp:
        (WebCore::visualOverflowForDecorations):

2016-01-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: imported/w3c/indexeddb/idbobjectstore_createIndex6-event_order.htm fails.
        https://bugs.webkit.org/show_bug.cgi?id=152891

        Reviewed by Alex Christensen.

        No new tests (At least two failing tests now pass).

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent): Whenever we add the IDBTransaction as an event target,
          also add the IDBDatabase.

2016-01-07  Antti Koivisto  <antti@apple.com>

        Enable selector filtering for shadow trees
        https://bugs.webkit.org/show_bug.cgi?id=152831

        Reviewed by Simon Fraser.

        Selector filtering doesn't currently work in shadow trees making style resolve for them slow.
        This is because SelectorFilter is not in "consistent" state.

        This patch moves SelectorFilter ownership from StyleResolver to TreeResolver and guarantees
        it is always upadated consistently. It eliminates a bunch of now unnecessary consistency checks
        and special cases.

        * css/ElementRuleCollector.cpp:
        (WebCore::ElementRuleCollector::ElementRuleCollector):

            Assert for consistency instead of testing for it.

        (WebCore::ElementRuleCollector::matchedResult):
        (WebCore::ElementRuleCollector::collectMatchingRulesForList):

            Selector filter can now be used if it exists.

        * css/ElementRuleCollector.h:
        (WebCore::ElementRuleCollector::ElementRuleCollector): Deleted.
        * css/RuleSet.cpp:
        (WebCore::RuleSet::addRule):

            Disable selector filtering for custom shadow pseudo rules. They are resolved by shadow DOM resolver
            but may contain components matching the normal DOM.

        * css/RuleSet.h:
        (WebCore::RuleData::descendantSelectorIdentifierHashes):
        (WebCore::RuleData::disableSelectorFiltering):
        (WebCore::RuleData::compilationStatus):
        (WebCore::RuleData::compiledSelectorCodeRef):
        * css/SelectorFilter.cpp:
        (WebCore::collectElementIdentifierHashes):
        (WebCore::SelectorFilter::parentStackIsConsistent):

            New consistency conditions. This is now used for asserts only.

        (WebCore::SelectorFilter::pushParentStackFrame):
        (WebCore::SelectorFilter::popParentStackFrame):

            Selector filter only filters the current tree context, replace parentOrShadowHostElement with parentElement.

        (WebCore::SelectorFilter::setupParentStack): Deleted.

            No longer needed.

        (WebCore::SelectorFilter::pushParent):

            Remove consistency check. These cases no longer happen.

        * css/SelectorFilter.h:
        (WebCore::SelectorFilter::popParent):
        (WebCore::SelectorFilter::parentStackIsEmpty):
        (WebCore::SelectorFilter::fastRejectSelector):
        (WebCore::SelectorFilter::parentStackIsConsistent): Deleted.
        * css/StyleInvalidationAnalysis.cpp:
        (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
        (WebCore::StyleInvalidationAnalysis::invalidateStyle):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::appendAuthorStyleSheets):
        (WebCore::StyleResolver::addKeyframeStyle):
        (WebCore::StyleResolver::initElement):
        (WebCore::StyleResolver::State::initForStyleResolve):

            We no longer owner the selector filter. Move it to State.

        (WebCore::StyleResolver::styleSharingCandidateMatchesRuleSet):
        (WebCore::isAtShadowBoundary):
        (WebCore::StyleResolver::styleForElement):
        (WebCore::StyleResolver::pseudoStyleForElement):
        (WebCore::StyleResolver::pseudoStyleRulesForElement):
        (WebCore::StyleResolver::pushParentElement): Deleted.
        (WebCore::StyleResolver::popParentElement): Deleted.

            No need for this logic.

        * css/StyleResolver.h:
        (WebCore::StyleResolver::ruleSets):
        (WebCore::StyleResolver::mediaQueryEvaluator):
        (WebCore::StyleResolver::State::document):
        (WebCore::StyleResolver::State::setAuthorRollback):
        (WebCore::StyleResolver::State::setUserRollback):
        (WebCore::StyleResolver::State::selectorFilter):
        (WebCore::StyleResolver::state):
        (WebCore::checkRegionSelector):
        (WebCore::StyleResolver::selectorFilter): Deleted.
        (WebCore::StyleResolverParentPusher::StyleResolverParentPusher): Deleted.
        (WebCore::StyleResolverParentPusher::push): Deleted.
        (WebCore::StyleResolverParentPusher::~StyleResolverParentPusher): Deleted.
        * style/StyleTreeResolver.cpp:

            This now owns the selector filter for a tree context.

        (WebCore::Style::SelectorFilterPusher::SelectorFilterPusher):
        (WebCore::Style::SelectorFilterPusher::push):
        (WebCore::Style::SelectorFilterPusher::~SelectorFilterPusher):
        (WebCore::Style::TreeResolver::TreeResolver):
        (WebCore::Style::TreeResolver::styleForElement):
        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
        (WebCore::Style::TreeResolver::createRenderTreeRecursively):
        (WebCore::Style::TreeResolver::resolveChildren):
        (WebCore::Style::TreeResolver::resolveRecursively):

            Push the filter in a few more places to keep it consistent in shadow trees.

        * style/StyleTreeResolver.h:

2016-01-07  Zalan Bujtas  <zalan@apple.com>

        Move computeLineBoundsForText from GraphicsContext* to GraphicsContext.
        https://bugs.webkit.org/show_bug.cgi?id=152882

        Reviewed by Simon Fraser.

        There is nothing platform specific about it.

        No change in functionality.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::computeUnderlineBoundsForText): Rename to reflect its usage.
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::computeLineBoundsForText): Deleted.
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawLinesForText):
        (WebCore::GraphicsContext::computeLineBoundsForText): Deleted.
        * rendering/TextDecorationPainter.cpp:
        (WebCore::drawSkipInkUnderline):

2016-01-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: Success-after-open event should only have the IDBOpenDBRequest as its target.
        https://bugs.webkit.org/show_bug.cgi?id=152875

        Reviewed by Alex Christensen.

        No new tests (At least 2 failing tests now pass).

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit):

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent): Only add the transaction and database as potential
          targets for this event if it is *not* the success-after-open event.
        * Modules/indexeddb/client/IDBRequestImpl.h:

2016-01-07  Brent Fulgham  <bfulgham@apple.com>

        Correct missing EXT_sRGB Format Handling
        https://bugs.webkit.org/show_bug.cgi?id=152876
        <rdar://problem/23284389>

        Reviewed by Alex Christensen.

        Tested by WebGL 1.0.4 suite.

        * platform/graphics/GraphicsContext3D.cpp:
        (getDataFormat): Handle missing SRGB and SRGB_ALPHA cases.
        * platform/graphics/GraphicsContext3D.h: Add missing SRGB_ALPHA value from the Khronos standard.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::texImage2D): Add an assertion that we are not being handed
        an internal format to a method that works with normal formats.

2016-01-07  Simon Fraser  <simon.fraser@apple.com>

        Use an appropriate buffer format for swipe snapshots
        https://bugs.webkit.org/show_bug.cgi?id=152880
        rdar://problem/23728299

        Reviewed by Tim Horton.

        Choose an appropriate buffer format for swipe snapshots, and avoid converting
        them to YUV422.

        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::allowConversionFromFormatToFormat):

2016-01-07  Jer Noble  <jer.noble@apple.com>

        [EME] Secure stop information not written to disk
        https://bugs.webkit.org/show_bug.cgi?id=152855

        Reviewed by Eric Carlson.

        Two separate bugs for the two APIs provided by AVFoundation. For the AVStreamSession path,
        we were not calling the lazy-creation function which creates the AVStreamSession, and were
        rather accessing the ivar directly. For the AVContentKeySession, we were not creating the
        intermediate paths containing the secure stop database.

        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::contentKeySession):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setCDMSession):

2016-01-07  Zalan Bujtas  <zalan@apple.com>

        Use wavy offset for decoration painting when line style is TextDecorationStyleWavy.
        https://bugs.webkit.org/show_bug.cgi?id=152856

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::paintTextDecoration):

2016-01-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: Various imported/w3c/indexeddb tests fail due to expecting the wrong exception.
        https://bugs.webkit.org/show_bug.cgi?id=152866

        Reviewed by Alex Christensen.

        No new tests (5 skipped tests now pass).

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putOrAdd): Reorder the exceptions, violating the spec but matching
          a vast majority of browsers.
        (WebCore::IDBClient::IDBObjectStore::deleteFunction): Ditto.
        (WebCore::IDBClient::IDBObjectStore::clear): Ditto.
        (WebCore::IDBClient::IDBObjectStore::doCount): Ditto.

2016-01-07  Zalan Bujtas  <zalan@apple.com>

        Remove unused shouldAntialias parameter from GraphicsContext::computeLineBoundsAndAntialiasingModeForText()
        https://bugs.webkit.org/show_bug.cgi?id=152859

        Reviewed by Simon Fraser.

        No change in functionality.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::computeLineBoundsAndAntialiasingModeForText):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::computeLineBoundsForText):
        (WebCore::GraphicsContext::drawLinesForText):
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::computeLineBoundsForText):
        (WebCore::GraphicsContext::drawLinesForText):

2016-01-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: imported/w3c/indexeddb/idbcursor-continue.htm fails.
        https://bugs.webkit.org/show_bug.cgi?id=152849

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::iterate): Don't allow returning an iterator outside of
          the cursor's assigned range.

2016-01-07  Zalan Bujtas  <zalan@apple.com>

        Incorrect position: fixed; rendering when child of position:relative/sticky.
        https://bugs.webkit.org/show_bug.cgi?id=147284

        Reviewed by Simon Fraser and David Hyatt.

        Computing logical left for positioned objects should take the relative positioned ancestors' offset
        into account.

        Tests: fast/block/positioning/fixed-container-with-relative-parent.html
               fast/block/positioning/fixed-container-with-sticky-parent.html

        * rendering/RenderBox.cpp:
        (WebCore::computeInlineStaticDistance):

2016-01-06  Simon Fraser  <simon.fraser@apple.com>

        Initial implementation files for display-list recording and playback
        https://bugs.webkit.org/show_bug.cgi?id=152816

        Reviewed by Zalan Bujtas.

        Add files for:
        - DisplayList, a class that holds a vector of display items, and in the future will hold metadata
          on the list for optimizations etc.
        - DisplayList::Recorder, the outward-facing recording API which GraphicsContext will
          call into.
        - DisplayList::Replayer, which plays back a DisplayList, possibly applying optimizations.
        - Various DisplayList::Items, one type for each display list operation. They cover most of the
          GraphicsContext functionality, other than clipping to an image buffer. Text drawing is stubbed
          out for now.

        Added a "DisplayLists" log channel.

        Added GraphicsContextState functions for tracking state deltas with change bits. It may
        make sense to combine GraphicsContextStateChange and GraphicsContextState, and use the
        dirty bits in non-display-list drawing as well.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/Logging.h:
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/displaylists/DisplayList.cpp: Added.
        (WebCore::DisplayList::DisplayList::description):
        (WebCore::DisplayList::DisplayList::dump):
        (WebCore::operator<<):
        * platform/graphics/displaylists/DisplayListItems.cpp: Added.
        * platform/graphics/displaylists/DisplayListItems.h: Added.
        * platform/graphics/displaylists/DisplayListRecorder.cpp: Added.
        * platform/graphics/displaylists/DisplayListRecorder.h: Added.
        * platform/graphics/displaylists/DisplayListReplayer.cpp: Added.
        (WebCore::DisplayList::Replayer::Replayer):
        (WebCore::DisplayList::Replayer::~Replayer):
        (WebCore::DisplayList::Replayer::replay):
        * platform/graphics/displaylists/DisplayListReplayer.h: Added.

2016-01-07  Chris Dumez  <cdumez@apple.com>

        Directly-composited animated GIFs never resume once scrolled offscreen
        https://bugs.webkit.org/show_bug.cgi?id=152817
        <rdar://problem/19982020>

        Reviewed by Daniel Bates.

        Directly-composited animated GIFs would never resume once scrolled
        offscreen. This is because calling repaint() in this case would not
        cause BitmapImage::draw() to be called and the animation would thus
        not be resumed. To address the problem,
        repaintForPausedImageAnimationsIfNeeded() now calls
        RenderBoxModelObject::contentChanged(ImageChanged) in addition to
        repaint() to make sure the animation actually gets resumed, even in
        the directly-composited animated GIF case.

        Test: fast/images/composited-animated-gif-outside-viewport.html

        * platform/graphics/BitmapImage.h:
        Make currentFrame() public so it can be exposed via Internals for the
        purpose of testing.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::repaintForPausedImageAnimationsIfNeeded):
        Call RenderBoxModelObject::contentChanged(ImageChanged) in addition to
        calling repaint() to make sure the animation actually gets resumed in
        the directly-composited animated GIFs case.

        * testing/Internals.cpp:
        (WebCore::Internals::imageFrameIndex):
        * testing/Internals.h:
        * testing/Internals.idl:
        Expose new "unsigned long imageFrameIndex(Element)" operation on
        Internals so layout tests can better check if an image is actually
        animating. Previously, we would rely on the output of
        internals.hasPausedImageAnimations(Element) but this is not sufficient
        to cover this bug as our rendering code believed it has resumed the
        animations but the GIF was not actually animating due to it being
        directly-composited.

2016-01-07  Michael Catanzaro  <mcatanzaro@igalia.com>

        [SOUP] Consider reducing max simultaneous connections
        https://bugs.webkit.org/show_bug.cgi?id=137282

        Reviewed by Carlos Garcia Campos.

        Reduce max simultaneous connections from 35 to 17, because (a) all major browsers except
        Chrome use 17, and (b) Chrome uses 10. The only reason we previously used 35 was that other
        browsers were using 35 at the time.

        * platform/network/soup/SoupNetworkSession.cpp:
        (WebCore::SoupNetworkSession::SoupNetworkSession):

2016-01-06  Antti Koivisto  <antti@apple.com>

        Factor free standing tree style resolve functions into a class
        https://bugs.webkit.org/show_bug.cgi?id=152786

        Reviewed by Simon Fraser.

        Factor the free standing tree style resolve functions into a class that can keep state.
        Style::TreeResolver instances resolve a single tree scope. It is instantiated for resolving
        the document style and then recursively for each encountered shadow tree.

        This will enable new features and optimizations later.

        * dom/Document.cpp:
        (WebCore::Document::recalcStyle):

            Move the root style computation code back to Document. It fits better here and avoid some
            awkwardness with style resolver construction order.

        * style/StyleResolveTree.cpp:
        (WebCore::Style::TreeResolver::TreeResolver):

            TreeResolver knows the current tree context and the StyleResolver to use for it.
            Switch the functions to use these instead of recomputing them repeatedly.

        (WebCore::Style::shouldCreateRenderer):
        (WebCore::Style::TreeResolver::styleForElement):
        (WebCore::Style::moveToFlowThreadIfNeeded):
        (WebCore::Style::TreeResolver::createRenderer):
        (WebCore::Style::updateTextRendererAfterContentChange):
        (WebCore::Style::TreeResolver::createRenderTreeForChildren):
        (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
        (WebCore::Style::needsPseudoElement):
        (WebCore::Style::TreeResolver::createRenderTreeForBeforeOrAfterPseudoElement):
        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
        (WebCore::Style::TreeResolver::createRenderTreeRecursively):

            Rename to reduce the use of confusing "attach" terminology.

        (WebCore::Style::pseudoStyleCacheIsInvalid):
        (WebCore::Style::TreeResolver::resolveLocally):
        (WebCore::Style::resolveTextNode):
        (WebCore::Style::TreeResolver::resolveChildAtShadowBoundary):
        (WebCore::Style::TreeResolver::resolveShadowTree):
        (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
        (WebCore::Style::TreeResolver::resolveChildren):
        (WebCore::Style::TreeResolver::resolveSlotAssignees):
        (WebCore::Style::TreeResolver::resolveRecursively):
        (WebCore::Style::TreeResolver::resolve):
        (WebCore::Style::detachRenderTree):
        (WebCore::Style::styleForElement): Deleted.
        (WebCore::Style::createRendererIfNeeded): Deleted.
        (WebCore::Style::attachChildren): Deleted.
        (WebCore::Style::attachShadowRoot): Deleted.
        (WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded): Deleted.
        (WebCore::Style::attachSlotAssignees): Deleted.
        (WebCore::Style::attachRenderTree): Deleted.
        (WebCore::Style::resolveLocal): Deleted.
        (WebCore::Style::resolveChildAtShadowBoundary): Deleted.
        (WebCore::Style::resolveShadowTree): Deleted.
        (WebCore::Style::updateBeforeOrAfterPseudoElement): Deleted.
        (WebCore::Style::resolveChildren): Deleted.
        (WebCore::Style::resolveSlotAssignees): Deleted.
        (WebCore::Style::resolveTree): Deleted.
        * style/StyleResolveTree.h:

2016-01-07  Doug Russell  <d_russell@apple.com>

        AX: AXObjectCacheMac is passing WebCore enum values directly to VoiceOver
        https://bugs.webkit.org/show_bug.cgi?id=151755

        Reviewed by Chris Fleizach.

        No new tests, covered by existing tests.

        * accessibility/mac/AXObjectCacheMac.mm:
        (platformChangeTypeForWebCoreChangeType):
        (platformEditTypeForWebCoreEditType):
        (platformDirectionForWebCoreDirection):
        (platformGranularityForWebCoreGranularity):
        (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
        (WebCore::textReplacementChangeDictionary):
        (WebCore::AXObjectCache::postTextReplacementPlatformNotification):

2016-01-06  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix up IDBDatabaseIdentifier hash issues.
        https://bugs.webkit.org/show_bug.cgi?id=152822

        Reviewed by Alex Christensen.

        No new tests (No explicitly testable behavior change, existing tests pass, flakiness will be reduced).

        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        (WebCore::IDBDatabaseIdentifier::IDBDatabaseIdentifier):
        (WebCore::IDBDatabaseIdentifier::isEmpty):
        (WebCore::IDBDatabaseIdentifierHashTraits::isEmptyValue):
        * page/SecurityOriginData.h:

2016-01-06  Simon Fraser  <simon.fraser@apple.com>

        Sort the project file.

        * WebCore.xcodeproj/project.pbxproj:

2016-01-06  Simon Fraser  <simon.fraser@apple.com>

        Add a setting and preferences to enable display-list drawing. Does nothing yet.
        https://bugs.webkit.org/show_bug.cgi?id=152807

        Reviewed by Zalan Bujtas.

        Setting for display-list drawing.

        * page/Settings.in:

2016-01-06  Eric Carlson  <eric.carlson@apple.com>

        AirPlay route availability event not always sent
        https://bugs.webkit.org/show_bug.cgi?id=152802

        Reviewed by Jer Noble.

        Test: media/airplay-target-availability.html

        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::mediaProducerStateString): Log the new flags.
        (WebCore::WebMediaSessionManager::clientStateDidChange): Schedule a client reconfiguration if
          the 'requires monitoring', 'has listener', or 'has audio or video' flags have changed.
        (WebCore::WebMediaSessionManager::configurePlaybackTargetMonitoring): Start monitoring if
          at least one client has a listener and at least one has audio/video.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaState): Set new flags.
        * html/HTMLMediaElement.h:

        * page/MediaProducer.h: Define new flags. Add new state enum.

        * platform/graphics/MediaPlaybackTargetContext.h: Initial state is "Unknown".

        * platform/mock/MediaPlaybackTargetMock.h:
        * platform/mock/MediaPlaybackTargetPickerMock.cpp:
        (WebCore::MediaPlaybackTargetPickerMock::externalOutputDeviceAvailable): Enums not bitfields.
        (WebCore::MediaPlaybackTargetPickerMock::startingMonitoringPlaybackTargets): Ditto. Don't make
          device change callback if the device state is "Unknown".
        (WebCore::MediaPlaybackTargetPickerMock::setState): Ditto.
        * platform/mock/MediaPlaybackTargetPickerMock.h:

        * testing/Internals.cpp:
        (WebCore::Internals::setMockMediaPlaybackTargetPickerState): Support new state.

2016-01-06  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/odd-strings.html is flaky.
        https://bugs.webkit.org/show_bug.cgi?id=152800

        Reviewed by Alex Christensen.

        No new tests (Existing flaky test is now rock solid and unskipped).

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::IDBDatabase):
        (WebCore::IDBClient::IDBDatabase::maybeCloseInServer): Only refuse to close in the server if there
          are active transactions. In the case of page navigation where stop() has been called on active DOM objects,
          there will never be any active transactions.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):

2016-01-06  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/intversion-gated-on-delete.html is flaky.
        https://bugs.webkit.org/show_bug.cgi?id=152795

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        Change the HashSet of open connection into a ListHashSet.
        
        This enforces a reliable order of event delivery, which this test relies on, 
        and which seems better in general.

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-01-06  Simon Fraser  <simon.fraser@apple.com>

        [iOS] Revert overflow:hidden on the body affecting viewport scale (r186786)
        https://bugs.webkit.org/show_bug.cgi?id=152803
        rdar://problem/22242515

        Reviewed by Tim Horton.

        You can't assume that if an author uses overflow:hidden on the body, they have no
        content outside the body that is important. Sites like Google Translate put
        abspos elements outside the body.
        
        So revert the change.

        * page/FrameView.cpp:
        (WebCore::FrameView::contentsSizeRespectingOverflow): Deleted.
        * page/FrameView.h:

2016-01-06  Brent Fulgham  <bfulgham@apple.com>

        Port blocking bypass issue using 307 redirect
        https://bugs.webkit.org/show_bug.cgi?id=152801
        <rdar://problem/24048554>

        Reviewed by Anders Carlsson.

        Tested by http/tests/security/blocked-on-redirect.html.

        Make sure that 307 redirects check the requested URL via 'portAllowed'. 

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest): Confirm that the requested port
        is valid, and block load if it is not.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::reportBlockedPortFailed): Added.
        (WebCore::FrameLoader::blockedError): Added.
        * loader/FrameLoader.h:

2016-01-06  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Tiny cleanup in FontPlatformData::ctFont()
        https://bugs.webkit.org/show_bug.cgi?id=152793

        Reviewed by Zalan Bujtas.

        No new tests because there is no behavior change.

        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::ctFont):

2016-01-06  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/transaction-scope-sequencing.html fails
        https://bugs.webkit.org/show_bug.cgi?id=152775

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes, plus changes to another existing test).
        
        Any transaction enqueued after a read-write transaction whose scope overlaps with
        that read-write transaction cannot run until after that read-write transaction runs.
        
        Additionally, read-only transactions were actually sometimes running even though their scopes
        overlapped with a running read-write transaction.
        
        This patch fixes both of those issues.
    
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-01-06  Zalan Bujtas  <zalan@apple.com>

        Float with media query positioned incorrectly after window resize.
        https://bugs.webkit.org/show_bug.cgi?id=152558

        Reviewed by Simon Fraser and David Hyatt.

        This patch ensures that when a renderer becomes floated, it is moved
        to the right containing block.
        When this floated renderer's previous sibling is an anonymous block, it needs
        to be reparented so that the float is positioned as if there was no anonymous block at all.

        Test: fast/block/float/float-with-anonymous-previous-sibling.html

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::styleDidChange):

2016-01-06  Zalan Bujtas  <zalan@apple.com>

        isAnonymousInlineBlock() should exclude any ruby content.
        https://bugs.webkit.org/show_bug.cgi?id=152648
        <rdar://problem/23872549>

        Reviewed by David Hyatt.

        isAnonymousInlineBlock is designed for the new Block-Inside-Inline Model
        and all other anonymous inline-block renderers (including Ruby) should bail out of it.
        (see webkit.org/b/143145)

        Test: fast/ruby/ruby-inline-margin-collapse-crash.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::isAnonymousInlineBlock):
        * rendering/RenderObject.h:
        (WebCore::RenderObject::isAnonymousInlineBlock): Deleted.

2016-01-05  Zalan Bujtas  <zalan@apple.com>

        showRenderTree: add inline-block/inline/block column.
        https://bugs.webkit.org/show_bug.cgi?id=152771

        Reviewed by Simon Fraser.

        The name of the renderer (RenderBlock etc) does not always reflect the associated display type.

        No change in functionality.

        * rendering/RenderObject.cpp:
        (WebCore::showRenderTreeLegend):
        (WebCore::RenderObject::showRenderObject):

2016-01-05  Simon Fraser  <simon.fraser@apple.com>

        Move ImageBuffer::clip() code into GraphicsContext
        https://bugs.webkit.org/show_bug.cgi?id=152769

        Reviewed by Zalan Bujtas.

        For CG, GraphicsContext had clipToNativeImage(PassNativeImagePtr...), which
        was ugly and platform-specific.
        
        Fix by moving code from ImageBuffer::clip() for CG and Cairo into the platform-specific
        GraphicsContext implementations. This required some minor refactoring of scaleSizeToUserSpace()
        in ImageBufferCG.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::clipToImageBuffer): Deleted.
        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::sizeForDestinationSize):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::clipToImageBuffer):
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::clip): Deleted.
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::clipToImageBuffer):
        (WebCore::GraphicsContext::clipToNativeImage): Deleted.
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::ImageBuffer):
        (WebCore::ImageBuffer::sizeForDestinationSize):
        (WebCore::ImageBuffer::putByteArray):
        (WebCore::ImageBuffer::toDataURL):
        (WebCore::ImageBuffer::clip): Deleted.

2016-01-05  Simon Fraser  <simon.fraser@apple.com>

        Remove GraphicsContext::drawJoinedLines()
        https://bugs.webkit.org/show_bug.cgi?id=152764

        Reviewed by Zalan Bujtas.

        GraphicsContext::drawJoinedLines() was only used by iOS form-control drawing
        and polluted GraphicsContext with platform-specific types.

        Rewrite RenderThemeIOS::paintCheckboxDecorations() to use the CGContextRef directly.

        * platform/graphics/GraphicsContext.h:
        * platform/graphics/cg/GraphicsContextCG.cpp:
        (WebCore::GraphicsContext::drawJoinedLines): Deleted.
        * rendering/RenderThemeIOS.mm:
        (WebCore::drawJoinedLines):
        (WebCore::RenderThemeIOS::paintCheckboxDecorations):

2016-01-05  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/structured-clone.html crashes.
        https://bugs.webkit.org/show_bug.cgi?id=152763

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).
        
        A lot of SerializedScriptValue code incorrectly assumed the global object is a JSDOMGlobalObject,
        which doesn't have to be true for native Javascript types like typed arrays.
        
        Fixing that fixes the test.

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putOrAdd): If serializing the script value caused an exception,
          clear that exception and return a better IDB specific exception.

        * bindings/js/JSDOMBinding.h:
        (WebCore::toJS): Add a ArrayBufferView specialization for toJS that skips the need for a JSDOMGlobalObject.
        
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readArrayBufferView): Call toJS directly instead of getJSValue, which 
          incorrectly assumes the existence of a JSDOMGlobalObject (vs a JSGlobalObject)
        (WebCore::CloneDeserializer::readTerminal): Instead of getJSValue, call JSArrayBuffer::create directly.

2016-01-05  Pranjal Jumde  <pjumde@apple.com>

        Image should not be re-registered if m_form already exists. This leads to an assertion failure.
        https://bugs.webkit.org/show_bug.cgi?id=152741
        <rdar://problem/24030778>

        Reviewed by Brent Fulgham.

        * Source/WebCore/html/HTMLImageElement.cpp:
          Node::InsertionNotificationRequest HTMLImageElement::insertedInto(ContainerNode& insertionPoint)

2016-01-05  Simon Fraser  <simon.fraser@apple.com>

        Adjust tile coverage with margin tiles, and tidy up the indicator
        https://bugs.webkit.org/show_bug.cgi?id=152742

        Reviewed by Beth Dakin.

        The tile coverage rect was unfeasibly large when margin tiles are present, and
        could be bigger than the layer itself, making the indicator look odd.

        Fix by improving the logic in TileController::adjustTileCoverageRect(): this
        now first extends the visible rect for scrolling, and then constrains it
        within the bounds with margin padding. It also unites with the passed-in
        coverageRect, ensuring that we don't lose information about overhang for
        margin tile coverage.

        Second, update the tiled scrolling indicator when the visible rect changes,
        and coalesce the map updates on a timer.

        * platform/graphics/TiledBacking.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::adjustCoverageRect):
        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::setVisibleRect):
        (WebCore::TileController::setTiledScrollingIndicatorPosition):
        (WebCore::expandRectWithinRect):
        (WebCore::TileController::adjustTileCoverageRect):
        (WebCore::TileController::updateTileCoverageMap):
        (WebCore::TileController::computeTileCoverageRect): Deleted.
        * platform/graphics/ca/TileController.h:
        * platform/graphics/ca/TileCoverageMap.cpp:
        (WebCore::TileCoverageMap::TileCoverageMap):
        (WebCore::TileCoverageMap::setNeedsUpdate):
        (WebCore::TileCoverageMap::updateTimerFired):
        * platform/graphics/ca/TileCoverageMap.h:

2016-01-05  Antti Koivisto  <antti@apple.com>

        Remove selector filter update calls from Element child parsing callbacks
        https://bugs.webkit.org/show_bug.cgi?id=152749

        Reviewed by Andreas Kling.

        We haven't done style resolve during parsing for a while now. These calls do nothing useful.

        * dom/Element.cpp:
        (WebCore::Element::beginParsingChildren):
        (WebCore::Element::finishParsingChildren):

2016-01-05  Brady Eidson  <beidson@apple.com>

        Modern IDB: Error message updates for two failing tests.
        https://bugs.webkit.org/show_bug.cgi?id=152735

        Reviewed by Alex Christensen.

        No new tests (Covered by existing tests).

        Add error messages for various operations on deleted objects.
        
        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::update):
        (WebCore::IDBClient::IDBCursor::advance):
        (WebCore::IDBClient::IDBCursor::continueFunction):
        (WebCore::IDBClient::IDBCursor::deleteFunction):
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::openCursor):
        (WebCore::IDBClient::IDBIndex::doCount):
        (WebCore::IDBClient::IDBIndex::openKeyCursor):
        (WebCore::IDBClient::IDBIndex::doGet):
        (WebCore::IDBClient::IDBIndex::doGetKey):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::openCursor):
        (WebCore::IDBClient::IDBObjectStore::get):
        (WebCore::IDBClient::IDBObjectStore::putOrAdd):
        (WebCore::IDBClient::IDBObjectStore::deleteFunction):
        (WebCore::IDBClient::IDBObjectStore::clear):
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        (WebCore::IDBClient::IDBObjectStore::doCount):

        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::JSIDBObjectStore::createIndex):

2016-01-05  Eric Carlson  <eric.carlson@apple.com>

        Avoid NULL deference in Page::updateIsPlayingMedia
        https://bugs.webkit.org/show_bug.cgi?id=152732

        No new tests, this fixes a rare crash that I am unable to reproduce.

        Reviewed by David Kilzer.

        * page/Page.cpp:
        (WebCore::Page::updateIsPlayingMedia): frame->document() can return NULL.

2016-01-05  Brady Eidson  <beidson@apple.com>

        Modern IDB: Transactions from a previous page can leak forward to the next.
        https://bugs.webkit.org/show_bug.cgi?id=152698

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/transactions-stop-on-navigation.html

        This patch is mostly about actually implementing IDBDatabase::stop and IDBTransaction::stop.
        Most of the rest of the scattered changes are about cleaning up now-incorrect ASSERTs.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::close):
        (WebCore::IDBClient::IDBDatabase::maybeCloseInServer):
        (WebCore::IDBClient::IDBDatabase::stop):
        (WebCore::IDBClient::IDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBClient::IDBDatabase::didAbortTransaction):
        * Modules/indexeddb/client/IDBDatabaseImpl.h:
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::requestCompleted):
        
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::IDBTransaction):
        (WebCore::IDBClient::IDBTransaction::stop):
        (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests):
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformAbortTransaction):

2016-01-05  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed. Attempting to fix the AppleWin build after r194577.

        Add the ClipStack.cpp build target alongside the TextureMapperGL.cpp
        one, since both include GraphicsContext3D.h and ANGLEWebKitBridge.h
        indirectly, the latter requiring specific include flags.

        * CMakeLists.txt:
        * PlatformEfl.cmake:
        * PlatformGTK.cmake:
        * PlatformWinCairo.cmake:

2016-01-05  Antti Koivisto  <antti@apple.com>

        Move StyleChange enum into a separate file
        https://bugs.webkit.org/show_bug.cgi?id=152730

        Reviewed by Andreas Kling.

        Fewer whole-world rebuilds.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/CharacterData.cpp:
        * dom/ContainerNode.cpp:
        * dom/Document.cpp:
        * dom/Document.h:
        * dom/Element.cpp:
        * dom/Element.h:
        * style/StyleChange.h: Added.
        * style/StyleResolveTree.cpp:
        (WebCore::Style::shouldCreateRenderer):
        (WebCore::Style::determineChange): Deleted.
        * style/StyleResolveTree.h:

2016-01-04  Zan Dobersek  <zdobersek@igalia.com>

        [PerformanceTiming] Don't expose the restrictedKeyMap() HashMap
        https://bugs.webkit.org/show_bug.cgi?id=147366

        Reviewed by Sam Weinig.

        Instead of the callers looking up in the HashMap that's returned by restrictedKeyMap(),
        keep the HashMap local in the static restrictedMarkFunction(). This function accepts
        a String reference and performs the lookup, returning the pointer to a PerformanceTiming
        method that corresponds to the passed-in mark or returns nullptr otherwise.

        The HashMap is now wrapped in a NeverDestroyed object and is populated when the first
        mark function is looked for.

        * page/PerformanceUserTiming.cpp:
        (WebCore::UserTiming::mark):
        (WebCore::UserTiming::findExistingMarkStartTime):

2016-01-04  Zan Dobersek  <zdobersek@igalia.com>

        [TextureMapper] Move ClipStack into its own file
        https://bugs.webkit.org/show_bug.cgi?id=152661

        Reviewed by Michael Catanzaro.

        Move TextureMapperGL::ClipStack into its own file and clean it up a bit.
        Move ClipState under the ClipStack class, and simply name it State.

        Move the ClipState methods into a more sensible order. Remove the inline
        specifiers, these aren't really needed for the methods defined in the header.
        apply() and applyIfNeeded() now accept a reference to the GraphicsContext3D
        object, not a pointer.

        Turn YAxisMode enum into an enum class, update the uses to properly specify
        the scope of the enum value.

        Reorder the ClipStack member variables into a more efficient order.

        No new tests -- no change in behavior.

        * CMakeLists.txt:
        * platform/graphics/texmap/BitmapTextureGL.cpp:
        (WebCore::BitmapTextureGL::clearIfNeeded):
        (WebCore::BitmapTextureGL::bindAsSurface):
        * platform/graphics/texmap/BitmapTextureGL.h:
        (WebCore::BitmapTextureGL::clipStack):
        * platform/graphics/texmap/ClipStack.cpp: Added.
        (WebCore::ClipStack::push):
        (WebCore::ClipStack::pop):
        (WebCore::ClipStack::reset):
        (WebCore::ClipStack::intersect):
        (WebCore::ClipStack::setStencilIndex):
        (WebCore::ClipStack::apply):
        (WebCore::ClipStack::applyIfNeeded):
        * platform/graphics/texmap/ClipStack.h: Added.
        (WebCore::ClipStack::State::State):
        (WebCore::ClipStack::current):
        (WebCore::ClipStack::getStencilIndex):
        (WebCore::ClipStack::isCurrentScissorBoxEmpty):
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::clipStack):
        (WebCore::TextureMapperGL::beginPainting):
        (WebCore::TextureMapperGL::bindDefaultSurface):
        (WebCore::TextureMapperGL::beginScissorClip):
        (WebCore::TextureMapperGL::beginClip):
        (WebCore::TextureMapperGL::endClip):
        (WebCore::TextureMapperGL::ClipStack::reset): Deleted.
        (WebCore::TextureMapperGL::ClipStack::intersect): Deleted.
        (WebCore::TextureMapperGL::ClipStack::setStencilIndex): Deleted.
        (WebCore::TextureMapperGL::ClipStack::push): Deleted.
        (WebCore::TextureMapperGL::ClipStack::pop): Deleted.
        (WebCore::TextureMapperGL::ClipStack::apply): Deleted.
        (WebCore::TextureMapperGL::ClipStack::applyIfNeeded): Deleted.
        * platform/graphics/texmap/TextureMapperGL.h:
        (WebCore::TextureMapperGL::ClipState::ClipState): Deleted.
        (WebCore::TextureMapperGL::ClipStack::ClipStack): Deleted.
        (WebCore::TextureMapperGL::ClipStack::current): Deleted.
        (WebCore::TextureMapperGL::ClipStack::getStencilIndex): Deleted.
        (WebCore::TextureMapperGL::ClipStack::isCurrentScissorBoxEmpty): Deleted.

2016-01-04  Zan Dobersek  <zdobersek@igalia.com>

        Shave off a TransformationMatrix copy if RenderLayer's transparencyClipBox()
        https://bugs.webkit.org/show_bug.cgi?id=152119

        Reviewed by Simon Fraser.

        * rendering/RenderLayer.cpp:
        (WebCore::transparencyClipBox): Multiply the transformation matrix returned by
        layer.transform() directly into the transform object, instead of first
        multiplying them and then copying the result back into the transform object.

2016-01-04  Myles C. Maxfield  <mmaxfield@apple.com>

        TextBreakIterator uses an internal implementation detail of NSLocale
        https://bugs.webkit.org/show_bug.cgi?id=152715
        <rdar://problem/23775121>

        Reviewed by Tim Horton.

        Instead of directly querying AppleLanguages, we should use [NSLocale preferredLanguages].

        No new tests because there is no behavior change.

        * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
        (WebCore::topLanguagePreference):

2016-01-04  Joseph Pecoraro  <pecoraro@apple.com>

        JSCustomXPathNSResolver::lookupNamespaceURI Console Message should render with a column number
        https://bugs.webkit.org/show_bug.cgi?id=114312

        Reviewed by Brent Fulgham.

        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI): Deleted.
        This now behaves as expected.

2016-01-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: Memory indexes aren't deleted when their owning memory object stores are deleted.
        https://bugs.webkit.org/show_bug.cgi?id=152717

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/memory-index-not-deleted-with-objectstore.html

        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::deleteAllIndexes):
        * Modules/indexeddb/server/MemoryObjectStore.h:

2016-01-04  Tim Horton  <timothy_horton@apple.com>

        Turn on gesture events when building for Yosemite
        https://bugs.webkit.org/show_bug.cgi?id=152704
        rdar://problem/24042472

        Reviewed by Anders Carlsson.

        * Configurations/FeatureDefines.xcconfig:

2016-01-04  Sergio Villar Senin  <svillar@igalia.com>

        REGRESSION(r194143): Float width incorrectly calculated on Wikipedia
        https://bugs.webkit.org/show_bug.cgi?id=152644

        Reviewed by Myles C. Maxfield.

        The min/max-content contribution computation for non replaced
        blocks changed in r194143. The implementation was actually
        more complex than it should be and actually incomplete as it
        was not considering the case of out of flow elements (because
        it was directly calling computeLogicalWidthInRegion()).

        This new implementation simplifies a lot the code and makes it
        more complete as it relies on min|maxPreferredLogicalWidth()
        calls which already consider all the different types of boxes.

        Test: fast/css-intrinsic-dimensions/inlinesize-contribution-floats.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeBlockPreferredLogicalWidths):

2016-01-04  David Hyatt  <hyatt@apple.com>

        word-wrap: break-word broken inside a flexbox
        https://bugs.webkit.org/show_bug.cgi?id=152321

        Reviewed by Simon Fraser.

        Added fast/text/word-break-on-flexbox-child.html

        * rendering/RenderText.cpp:
        (WebCore::RenderText::computePreferredLogicalWidths):

        At some point word-wrap:break-word was mapped to CSS overflow-wrap, but the code
        in RenderText was never updated to use the breakWords() RenderStyle function that
        checks overflow-wrap's value.

        This means all uses of word-wrap:break-word were broken when measuring the
        intrinsic width of a RenderText.

2016-01-04  John Wilander  <wilander@apple.com>

        webkitGetUserMedia built-in should use @then and not then
        https://bugs.webkit.org/show_bug.cgi?id=152296

        Reviewed by Brent Fulgham.

        Test: streams/webkitGetUserMedia-shadowing-then.html

        * Modules/mediastream/NavigatorUserMedia.js:
        (webkitGetUserMedia): Modified to use @then syntax.

2016-01-04  Myles C. Maxfield  <mmaxfield@apple.com>

        Post-commit update for r193484.
        https://bugs.webkit.org/show_bug.cgi?id=151884

        Unreviwed.

        The same null check needs to be applied in fontHasVerticalGlyphs() as well.

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::fontHasVerticalGlyphs):

2016-01-04  David Hyatt  <hyatt@apple.com>

        Video/audio-related cleanup after changes to the source element for picture support.
        https://bugs.webkit.org/show_bug.cgi?id=152090

        Reviewed by Darin Adler.

         * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::selectNextSourceChild):
        Use the parsed MediaQueryList for video/audio, since we now cache that on the source elements for picture.

        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::insertedInto):
        (WebCore::HTMLSourceElement::removedFrom):
        Add guards to fix the build when video is not enabled.

2016-01-04  Brent Fulgham  <bfulgham@apple.com>

        [Win] Clean up some Windows WebCore files
        https://bugs.webkit.org/show_bug.cgi?id=148275

        Reviewed by Dean Jackson.

        No new tests because there is no behavior change.

        Update a handful of Windows-specific WebCore files to use
        the proper method signatures for our updated interfaces,
        get rid of cruft in the COM bindings, and use proper C++14
        initializers.

        * accessibility/win/AccessibilityObjectWrapperWin.h:
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
        * platform/win/PopupMenuWin.cpp:
        * platform/win/PopupMenuWin.h:
        * platform/win/WCDataObject.cpp:
        * platform/win/WCDataObject.h:

2016-01-04  Andreas Kling  <akling@apple.com>

        Simplify the CachedScript ASCII optimization.
        <https://webkit.org/b/152596>

        Reviewed by Antti Koivisto.

        There's actually no need to keep a non-copying StringImpl around for the
        CachedScript's internal SharedBuffer. Get rid of that so we don't need
        to fidget with that string when the SharedBuffer changes underneath.

        Renamed CachedScript::ASCIIOptimizationState to DecodingState to better
        reflect what it's used for. Also added explicit caching of the string
        hash since we can't rely on a StringImpl to keep that around now.

        Bonus: Implement Darin's suggestion to let TextEncoding answer whether
        an encoding is byte-based and thus eligible for the ASCII optimization.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::tryReplaceEncodedData): Deleted.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::didReplaceSharedBufferContents): Deleted.
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::script):
        (WebCore::CachedScript::scriptHash):
        (WebCore::encodingMayBeAllASCII): Deleted.
        (WebCore::CachedScript::didReplaceSharedBufferContents): Deleted.
        * loader/cache/CachedScript.h:
        * platform/text/TextEncoding.h:
        (WebCore::TextEncoding::isByteBasedEncoding):

2016-01-04  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] A video element isn't drawn onto the canvas.
        https://bugs.webkit.org/show_bug.cgi?id=132671

        Reviewed by Michael Catanzaro.

        When both cairo-gl and gst-gl are available the texture coming
        from glimagesink can be used to create a cairo-gl surface that can
        be used for video rendering within a canvas element.

        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::drawImage): Use NativeImage
        drawing if both cairo-gl and gst-gl are available.
        * platform/graphics/GraphicsContext.h: Implement drawNativeImage
        for Cairo GraphicsContext.
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawNativeImage): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        Implement nativeImageForCurrentTime(), this method is used by the
        canvas rendering context.
        (WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

2016-01-03  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Fix -Wpessimizing-move warnings after switch to WTFMove
        https://bugs.webkit.org/show_bug.cgi?id=152677

        Reviewed by Andy Estes.

        * platform/glib/KeyedDecoderGlib.cpp:
        (WebCore::KeyedDecoderGlib::dictionaryFromGVariant):
        * platform/graphics/egl/GLContextEGL.cpp:
        (WebCore::GLContextEGL::createContext):
        * platform/graphics/glx/GLContextGLX.cpp:
        (WebCore::GLContextGLX::createContext):

2016-01-03  David Kilzer  <ddkilzer@apple.com>

        -[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:] is missing an m_handle->client() NULL check
        <https://webkit.org/b/152673>
        <rdar://problem/23560530>

        Reviewed by Daniel Bates.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        Add NULL check for m_handle->client() so we don't crash due to a
        NULL dereference inside the dispatch_async() block.

2016-01-03  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, turn off temporary scrolling logging on GTK
        https://bugs.webkit.org/show_bug.cgi?id=152649

        * platform/Logging.cpp:
        (WebCore::initializeLoggingChannelsIfNecessary): Deleted.

2016-01-03  Simon Fraser  <simon.fraser@apple.com>

        Fix Windows build after r194515.

        * platform/win/PopupMenuWin.cpp:
        (WebCore::PopupMenuWin::scrollOffset):
        (WebCore::PopupMenuWin::scrollPosition): Renamed.
        * platform/win/PopupMenuWin.h:

2016-01-03  Khem Raj  <raj.khem@gmail.com>

        WebKit fails to build with musl libc library
        https://bugs.webkit.org/show_bug.cgi?id=152625

        Reviewed by Daniel Bates and Alexey Proskuryakov.

        malloc_trim is glibc specific API so guard it with __GLIBC__.

        * platform/linux/MemoryPressureHandlerLinux.cpp:
        (MemoryPressureHandler::platformReleaseMemory): Guard malloc_trim()
        call with __GLIBC_.

2016-01-03  Simon Fraser  <simon.fraser@apple.com>

        Minor cleanup in ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=152656

        Reviewed by Dan Bernstein.

        Hide the fact that ScrollAnimator's m_currentPosX/m_currentPosY is not a FloatPoint
        as much as possible.
        
        Do offset -> position conversion in ScrollAnimator::scrollToOffsetWithoutAnimation().
        This is a behavior change, but I could never hit this code on Mac.

        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::scroll):
        (WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimator::setCurrentPosition):
        (WebCore::ScrollAnimator::updateActiveScrollSnapIndexForOffset):
        (WebCore::ScrollAnimator::notifyPositionChanged):
        (WebCore::ScrollAnimator::immediateScrollOnAxis):
        (WebCore::ScrollAnimator::ScrollAnimator): Deleted.
        (WebCore::ScrollAnimator::currentPosition): Deleted.
        * platform/ScrollAnimator.h:
        (WebCore::ScrollAnimator::ScrollAnimator::currentPosition):
        (WebCore::ScrollAnimator::ScrollAnimator::setCurrentPositionInternal):
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::scroll):
        (WebCore::ScrollAnimatorMac::immediateScrollToPosition):
        (WebCore::ScrollAnimatorMac::immediateScrollBy):

2016-01-03  Simon Fraser  <simon.fraser@apple.com>

        Rename scrollPosition(Scrollbar*) to scrollOffset(ScrollbarOrientation)
        https://bugs.webkit.org/show_bug.cgi?id=152666

        Reviewed by Dan Bernstein.

        Scrollbar values take offsets (zero-based), so rename the accessor used
        by scrollbars to set their value, and pass in an orientation, rather than
        a pointer to the scrollbar.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollOffset): Use scrollOffsetFromPosition rather than
        manually adding scrollOrigin.
        (WebCore::ScrollView::scrollPosition): Renamed.
        * platform/ScrollView.h:
        (WebCore::ScrollView::cachedScrollPosition):
        * platform/ScrollableArea.h:
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::Scrollbar):
        (WebCore::Scrollbar::offsetDidChange):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollOffset):
        (WebCore::RenderLayer::scrollPosition): Renamed.
        * rendering/RenderLayer.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::scrollOffset):
        (WebCore::RenderListBox::scrollPosition): Renamed.
        * rendering/RenderListBox.h:

2016-01-03  Simon Fraser  <simon.fraser@apple.com>

        scrollLeft returns different values for viewport and non-viewport scrolling with rtl
        https://bugs.webkit.org/show_bug.cgi?id=94405
        rdar://problem/21829754

        Reviewed by Zalan Bujtas.
        
        Use scrollPosition for DOM-exposed scroll* values on overflow scroll elements,
        matching the CSS OM View spec, and Gecko behavior.

        Test: fast/scrolling/programmatic-overflow-rtl-scrollIntoView.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::scrollLeft):
        (WebCore::RenderBox::scrollTop):
        (WebCore::RenderBox::setScrollLeft):
        (WebCore::RenderBox::setScrollTop):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollToXPosition):
        (WebCore::RenderLayer::scrollToYPosition):
        * rendering/RenderLayer.h:

2016-01-03  Simon Fraser  <simon.fraser@apple.com>

        Some cleanup in ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=152649

        Try to fix GTK scroll position errors in RTL.
        
        ScrollAnimatorNone::scrollToOffsetWithoutAnimation() was failing to map from
        offset to position.
        
        Also add logging in ScrollableArea::scrollToOffsetWithoutAnimation().

        * platform/ScrollAnimatorNone.cpp:
        (WebCore::ScrollAnimatorNone::scrollToOffsetWithoutAnimation):
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollToOffsetWithoutAnimation):

2016-01-02  Simon Fraser  <simon.fraser@apple.com>

        Temporarily turn on Scrolling logging on GTK, to investigate
        GTK failures from https://bugs.webkit.org/show_bug.cgi?id=152649.
        
        * platform/Logging.cpp:
        (WebCore::initializeLoggingChannelsIfNecessary):

2016-01-02  Simon Fraser  <simon.fraser@apple.com>

        Some cleanup in ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=152649

        Try to fix GTK test failures. ScrollAnimatorNone needs to map correctly between
        min and max scroll positions.

        * platform/ScrollAnimatorNone.cpp:
        (WebCore::ScrollAnimatorNone::PerAxisData::updateDataFromParameters):
        (WebCore::ScrollAnimatorNone::scroll):
        * platform/ScrollAnimatorNone.h:

2016-01-02  Max Stepin  <maxstepin@gmail.com>

        APNG decoder: only decode the frames up to haltAtFrame
        https://bugs.webkit.org/show_bug.cgi?id=146205

        Reviewed by Michael Catanzaro.

        No new tests, already covered by existing tests.

        * platform/image-decoders/png/PNGImageDecoder.cpp:
        (WebCore::PNGImageReader::close):
        (WebCore::PNGImageReader::decode):
        (WebCore::PNGImageDecoder::isSizeAvailable):
        (WebCore::PNGImageDecoder::frameBufferAtIndex):
        (WebCore::PNGImageDecoder::pngComplete):
        (WebCore::PNGImageDecoder::decode):
        * platform/image-decoders/png/PNGImageDecoder.h:
        (WebCore::PNGImageDecoder::isComplete):
        (WebCore::PNGImageDecoder::isCompleteAtIndex):

2016-01-02  Simon Fraser  <simon.fraser@apple.com>

        Some cleanup in ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=152649

        Reviewed by Zalan Bujtas.

        Change ScrollAnimatorMac::adjustScrollPositionIfNecessary() and similar code in
        ScrollingTreeFrameScrollingNodeMac::adjustScrollPositionToBoundsIfNecessary() to
        constrain between minimumScrollPosition() and maximumScrollPosition(), rather than
        rolling their own code.
        
        This revealed several issues. First, RenderLayer::maximumScrollPosition() is
        wrong when the layer has borders, because RenderLayer::visibleContentRectInternal()
        seems to have incorrect logic. However, we can just remove it, and use the ScrollableArea
        implementation.
        
        Second, ScrollAnimatorMac::scrollToOffsetWithoutAnimation() was failing to do a
        position/offset conversion, so do one. We're converting too much, and should probably
        just change ScrollAnimator to do everything in terms of positions.
        
        Third, ScrollAnimator::scroll() was clamping a scroll position as an offset
        (detected by scrollbars/scroll-rtl-or-bt-layer.html), so fix that.
        
        Remove ScrollController::absoluteScrollPosition() and overrides, since this was
        confusingly named, and could just be removed.
        
        Remove ScrollController::m_origOrigin which was assigned to, but never read.

        Test: fast/scrolling/arrow-key-scroll-in-rtl-document.html: new
              fast/dom/horizontal-scrollbar-in-rtl.html: progressed with these changes.

        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::adjustScrollPositionToBoundsIfNecessary):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::absoluteScrollPosition): Deleted.
        * platform/ScrollAnimator.cpp:
        (WebCore::ScrollAnimator::scroll):
        (WebCore::ScrollAnimator::notifyPositionChanged):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::constrainScrollPosition):
        * platform/cocoa/ScrollController.h:
        * platform/cocoa/ScrollController.mm:
        (WebCore::ScrollController::snapRubberBandTimerFired): Deleted.
        (WebCore::ScrollController::snapRubberBand): Deleted.
        * platform/mac/ScrollAnimatorMac.h:
        * platform/mac/ScrollAnimatorMac.mm:
        (-[WebScrollAnimationHelperDelegate _immediateScrollToPoint:]):
        (WebCore::ScrollAnimatorMac::scroll):
        (WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation):
        (WebCore::ScrollAnimatorMac::adjustScrollPositionIfNecessary):
        (WebCore::ScrollAnimatorMac::adjustScrollPositionToBoundsIfNecessary):
        (WebCore::ScrollAnimatorMac::immediateScrollToPosition):
        (WebCore::ScrollAnimatorMac::immediateScrollToPositionForScrollAnimation):
        (WebCore::ScrollAnimatorMac::immediateScrollTo): Deleted.
        (WebCore::ScrollAnimatorMac::immediateScrollToPointForScrollAnimation): Deleted.
        (WebCore::ScrollAnimatorMac::absoluteScrollPosition): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::visibleContentRectInternal):
        (WebCore::RenderLayer::overhangAmount):
        (WebCore::RenderLayer::maximumScrollPosition): Deleted.
        * rendering/RenderLayer.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::minimumScrollPosition):
        (WebCore::RenderListBox::maximumScrollPosition): RenderListBox scrolls by lines,
        so it needs a custom implementation of this.
        * rendering/RenderListBox.h:

2016-01-02  Zalan Bujtas  <zalan@apple.com>

        Simple line layout:: Add text-decoration support.
        https://bugs.webkit.org/show_bug.cgi?id=152623

        Reviewed by Antti Koivisto.

        This patch enables text-decoration for simple line layout.
        -webkit-text-underline-position: under requires normal line layout context, skip it for now.

        Test: fast/css3-text/css3-text-decoration/simple-line-layout-text-decoration.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForStyle):
        (WebCore::SimpleLineLayout::printReason):
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow): In case of multiple RenderText renderers (long text), it's ok
        to pass the first text renderer as they all share the same set of decorations. 

2015-12-31  Andy Estes  <aestes@apple.com>

        Replace WTF::move with WTFMove
        https://bugs.webkit.org/show_bug.cgi?id=152601

        Reviewed by Brady Eidson.

        * Modules/battery/NavigatorBattery.cpp:
        (WebCore::NavigatorBattery::from):
        * Modules/encryptedmedia/CDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::update):
        * Modules/encryptedmedia/MediaKeys.cpp:
        (WebCore::MediaKeys::create):
        (WebCore::MediaKeys::MediaKeys):
        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::from):
        * Modules/gamepad/deprecated/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::from):
        * Modules/geolocation/GeoNotifier.cpp:
        (WebCore::GeoNotifier::GeoNotifier):
        (WebCore::GeoNotifier::setFatalError):
        * Modules/geolocation/GeoNotifier.h:
        (WebCore::GeoNotifier::create):
        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::Watchers::add):
        (WebCore::Geolocation::getCurrentPosition):
        (WebCore::Geolocation::watchPosition):
        * Modules/geolocation/GeolocationController.cpp:
        (WebCore::GeolocationController::viewStateDidChange):
        * Modules/geolocation/Geoposition.h:
        (WebCore::Geoposition::create):
        (WebCore::Geoposition::Geoposition):
        * Modules/geolocation/NavigatorGeolocation.cpp:
        (WebCore::NavigatorGeolocation::from):
        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        (WebCore::DOMWindowIndexedDatabase::from):
        * Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:
        (WebCore::WorkerGlobalScopeIndexedDatabase::from):
        * Modules/indexeddb/client/IDBAnyImpl.cpp:
        (WebCore::IDBClient::IDBAny::IDBAny):
        * Modules/indexeddb/client/IDBAnyImpl.h:
        (WebCore::IDBClient::IDBAny::create):
        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::willCommitTransaction):
        (WebCore::IDBClient::IDBDatabase::willAbortTransaction):
        (WebCore::IDBClient::IDBDatabase::fireVersionChangeEvent):
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::openCursor):
        (WebCore::IDBClient::IDBIndex::openKeyCursor):
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::openCursor):
        (WebCore::IDBClient::IDBObjectStore::get):
        (WebCore::IDBClient::IDBObjectStore::deleteFunction):
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::onSuccess):
        (WebCore::IDBClient::IDBOpenDBRequest::onUpgradeNeeded):
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::enqueueEvent):
        (WebCore::IDBClient::IDBRequest::setResult):
        (WebCore::IDBClient::IDBRequest::setResultToStructuredClone):
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abort):
        (WebCore::IDBClient::IDBTransaction::scheduleOperation):
        (WebCore::IDBClient::IDBTransaction::commit):
        (WebCore::IDBClient::IDBTransaction::enqueueEvent):
        (WebCore::IDBClient::IDBTransaction::createObjectStore):
        (WebCore::IDBClient::IDBTransaction::createIndex):
        (WebCore::IDBClient::IDBTransaction::doRequestOpenCursor):
        (WebCore::IDBClient::IDBTransaction::iterateCursor):
        (WebCore::IDBClient::IDBTransaction::requestGetRecord):
        (WebCore::IDBClient::IDBTransaction::requestIndexRecord):
        (WebCore::IDBClient::IDBTransaction::requestClearObjectStore):
        (WebCore::IDBClient::IDBTransaction::requestPutOrAdd):
        (WebCore::IDBClient::IDBTransaction::deleteObjectStore):
        (WebCore::IDBClient::IDBTransaction::deleteIndex):
        * Modules/indexeddb/legacy/IDBDatabaseBackend.cpp:
        (WebCore::IDBDatabaseBackend::processPendingOpenCalls):
        * Modules/indexeddb/legacy/IDBDatabaseBackend.h:
        (WebCore::IDBDatabaseBackend::setPendingSecondHalfOpen):
        * Modules/indexeddb/legacy/LegacyAny.h:
        (WebCore::LegacyAny::create):
        * Modules/indexeddb/legacy/LegacyDatabase.cpp:
        (WebCore::LegacyDatabase::enqueueEvent):
        * Modules/indexeddb/legacy/LegacyRequest.cpp:
        (WebCore::LegacyRequest::enqueueEvent):
        * Modules/indexeddb/legacy/LegacyTransaction.cpp:
        (WebCore::LegacyTransaction::enqueueEvent):
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::postDatabaseTask):
        (WebCore::IDBServer::IDBServer::postDatabaseTaskReply):
        * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
        (WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreDeleted):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::objectStoreCleared):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::indexCleared):
        (WebCore::IDBServer::MemoryBackingStoreTransaction::abort):
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::MemoryIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::restoreObjectStoreForVersionChangeAbort):
        (WebCore::IDBServer::MemoryIDBBackingStore::registerObjectStore):
        * Modules/indexeddb/server/MemoryIndex.cpp:
        (WebCore::IDBServer::MemoryIndex::objectStoreCleared):
        (WebCore::IDBServer::MemoryIndex::replaceIndexValueStore):
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::createIndex):
        (WebCore::IDBServer::MemoryObjectStore::maybeRestoreDeletedIndex):
        (WebCore::IDBServer::MemoryObjectStore::deleteIndex):
        (WebCore::IDBServer::MemoryObjectStore::clear):
        (WebCore::IDBServer::MemoryObjectStore::replaceKeyValueStore):
        (WebCore::IDBServer::MemoryObjectStore::registerIndex):
        * Modules/indexeddb/server/ServerOpenDBRequest.cpp:
        (WebCore::IDBServer::ServerOpenDBRequest::notifiedConnectionsOfVersionChange):
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeNotifyConnectionsOfVersionChange):
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
        (WebCore::IDBServer::UniqueIDBDatabase::enqueueTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::establishTransaction):
        * Modules/indexeddb/shared/IndexKey.cpp:
        (WebCore::IndexKey::isolatedCopy):
        * Modules/mediasession/WebMediaSessionManager.cpp:
        (WebCore::WebMediaSessionManager::setPlaybackTarget):
        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::setPrivateAndOpen):
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::create):
        (WebCore::SourceBuffer::SourceBuffer):
        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::getUserMedia):
        (WebCore::MediaDevices::enumerateDevices):
        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::create):
        (WebCore::MediaDevicesRequest::MediaDevicesRequest):
        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::create):
        (WebCore::MediaStream::MediaStream):
        (WebCore::MediaStream::addTrack):
        (WebCore::MediaStream::didRemoveTrack):
        (WebCore::MediaStream::internalAddTrack):
        (WebCore::MediaStream::internalRemoveTrack):
        * Modules/mediastream/NavigatorMediaDevices.cpp:
        (WebCore::NavigatorMediaDevices::from):
        * Modules/mediastream/RTCConfiguration.cpp:
        (WebCore::RTCConfiguration::initialize):
        * Modules/mediastream/RTCDTMFSender.cpp:
        (WebCore::RTCDTMFSender::create):
        (WebCore::RTCDTMFSender::RTCDTMFSender):
        (WebCore::RTCDTMFSender::scheduleDispatchEvent):
        * Modules/mediastream/RTCDataChannel.cpp:
        (WebCore::RTCDataChannel::create):
        (WebCore::RTCDataChannel::RTCDataChannel):
        (WebCore::RTCDataChannel::scheduleDispatchEvent):
        * Modules/mediastream/RTCIceCandidateEvent.cpp:
        (WebCore::RTCIceCandidateEvent::create):
        (WebCore::RTCIceCandidateEvent::RTCIceCandidateEvent):
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        (WebCore::RTCPeerConnection::RTCPeerConnection):
        (WebCore::RTCPeerConnection::addTrack):
        (WebCore::RTCPeerConnection::queuedCreateOffer):
        (WebCore::RTCPeerConnection::queuedCreateAnswer):
        (WebCore::RTCPeerConnection::queuedSetLocalDescription):
        (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
        (WebCore::RTCPeerConnection::queuedAddIceCandidate):
        (WebCore::RTCPeerConnection::setConfiguration):
        (WebCore::RTCPeerConnection::privateGetStats):
        * Modules/mediastream/RTCRtpReceiver.cpp:
        (WebCore::RTCRtpReceiver::RTCRtpReceiver):
        * Modules/mediastream/RTCRtpReceiver.h:
        (WebCore::RTCRtpReceiver::create):
        * Modules/mediastream/RTCRtpSender.cpp:
        (WebCore::RTCRtpSender::RTCRtpSender):
        * Modules/mediastream/RTCRtpSender.h:
        (WebCore::RTCRtpSender::create):
        * Modules/mediastream/RTCTrackEvent.cpp:
        (WebCore::RTCTrackEvent::create):
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::start):
        (WebCore::UserMediaRequest::UserMediaRequest):
        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::provideNavigatorContentUtilsTo):
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:
        * Modules/notifications/DOMWindowNotifications.cpp:
        (WebCore::DOMWindowNotifications::from):
        * Modules/notifications/NotificationCenter.cpp:
        (WebCore::NotificationCenter::timerFired):
        * Modules/notifications/WorkerGlobalScopeNotifications.cpp:
        (WebCore::WorkerGlobalScopeNotifications::from):
        * Modules/plugins/QuickTimePluginReplacement.mm:
        (WebCore::QuickTimePluginReplacement::createElementRenderer):
        * Modules/plugins/YouTubePluginReplacement.cpp:
        (WebCore::YouTubePluginReplacement::createElementRenderer):
        (WebCore::YouTubePluginReplacement::installReplacement):
        * Modules/quota/DOMWindowQuota.cpp:
        (WebCore::DOMWindowQuota::from):
        * Modules/quota/NavigatorStorageQuota.cpp:
        (WebCore::NavigatorStorageQuota::from):
        * Modules/quota/WorkerNavigatorStorageQuota.cpp:
        (WebCore::WorkerNavigatorStorageQuota::from):
        * Modules/speech/DOMWindowSpeechSynthesis.cpp:
        (WebCore::DOMWindowSpeechSynthesis::from):
        * Modules/speech/SpeechSynthesis.cpp:
        (WebCore::SpeechSynthesis::setPlatformSynthesizer):
        * Modules/webaudio/AsyncAudioDecoder.cpp:
        (WebCore::AsyncAudioDecoder::decodeAsync):
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::addReaction):
        (WebCore::AudioContext::suspend):
        (WebCore::AudioContext::resume):
        (WebCore::AudioContext::close):
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::addInput):
        (WebCore::AudioNode::addOutput):
        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::addEventListener):
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::setBuffer):
        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
        (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::addEventListener):
        * Modules/webdatabase/Database.cpp:
        (WebCore::Database::openAndVerifyVersion):
        (WebCore::Database::scheduleTransaction):
        (WebCore::Database::scheduleTransactionStep):
        (WebCore::Database::markAsDeletedAndClose):
        (WebCore::Database::runTransaction):
        (WebCore::Database::tableNames):
        * Modules/webdatabase/DatabaseThread.cpp:
        (WebCore::DatabaseThread::scheduleTask):
        (WebCore::DatabaseThread::scheduleImmediateTask):
        * Modules/webdatabase/SQLTransaction.cpp:
        (WebCore::SQLTransaction::create):
        (WebCore::SQLTransaction::SQLTransaction):
        (WebCore::SQLTransaction::executeSQL):
        * Modules/webdatabase/SQLTransactionBackend.cpp:
        (WebCore::SQLTransactionBackend::enqueueStatementBackend):
        (WebCore::SQLTransactionBackend::executeSQL):
        * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
        (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
        (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::didReceiveBinaryData):
        (WebCore::WebSocket::dispatchOrQueueEvent):
        * Modules/websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::processFrame):
        * Modules/websockets/WebSocketExtensionDispatcher.cpp:
        (WebCore::WebSocketExtensionDispatcher::addProcessor):
        * Modules/websockets/WebSocketHandshake.cpp:
        (WebCore::WebSocketHandshake::addExtensionProcessor):
        * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
        (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveBinaryData):
        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::notificationPostTimerFired):
        (WebCore::AXObjectCache::passwordNotificationPostTimerFired):
        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::ariaLabeledByText):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::selectText):
        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityText::AccessibilityText):
        * bindings/gobject/DOMObjectCache.cpp:
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath):
        (WebCore::generateIndexKeyForValue):
        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::createAesCbcParams):
        (WebCore::createAesKeyGenParams):
        (WebCore::createHmacParams):
        (WebCore::createHmacKeyParams):
        (WebCore::createRsaKeyGenParams):
        (WebCore::createRsaOaepParams):
        (WebCore::createRsaSsaParams):
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::createHMACParameters):
        (WebCore::createRSAKeyParametersWithHash):
        (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
        * bindings/js/JSDOMPromise.h:
        (WebCore::DOMPromise::DOMPromise):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setTimeout):
        (WebCore::JSDOMWindow::setInterval):
        * bindings/js/JSDOMWrapper.h:
        (WebCore::JSDOMWrapper::JSDOMWrapper):
        * bindings/js/JSMessageEventCustom.cpp:
        (WebCore::handleInitMessageEvent):
        * bindings/js/JSSubtleCryptoCustom.cpp:
        (WebCore::JSSubtleCrypto::encrypt):
        (WebCore::JSSubtleCrypto::decrypt):
        (WebCore::JSSubtleCrypto::sign):
        (WebCore::JSSubtleCrypto::verify):
        (WebCore::JSSubtleCrypto::digest):
        (WebCore::JSSubtleCrypto::generateKey):
        (WebCore::importKey):
        (WebCore::JSSubtleCrypto::importKey):
        (WebCore::JSSubtleCrypto::exportKey):
        (WebCore::JSSubtleCrypto::wrapKey):
        (WebCore::JSSubtleCrypto::unwrapKey):
        * bindings/js/JSWorkerGlobalScopeCustom.cpp:
        (WebCore::JSWorkerGlobalScope::setTimeout):
        (WebCore::JSWorkerGlobalScope::setInterval):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readRSAKey):
        (WebCore::CloneDeserializer::readTerminal):
        (WebCore::SerializedScriptValue::SerializedScriptValue):
        (WebCore::SerializedScriptValue::create):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::JSTestActiveDOMObject::JSTestActiveDOMObject):
        * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
        (WebCore::JSTestActiveDOMObject::create):
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
        (WebCore::JSTestClassWithJSBuiltinConstructor::JSTestClassWithJSBuiltinConstructor):
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
        (WebCore::JSTestClassWithJSBuiltinConstructor::create):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObject::JSTestCustomConstructorWithNoInterfaceObject):
        * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
        (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
        (WebCore::JSTestCustomNamedGetter::JSTestCustomNamedGetter):
        * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
        (WebCore::JSTestCustomNamedGetter::create):
        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructor::JSTestEventConstructor):
        * bindings/scripts/test/JS/JSTestEventConstructor.h:
        (WebCore::JSTestEventConstructor::create):
        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
        (WebCore::JSTestEventTarget::JSTestEventTarget):
        * bindings/scripts/test/JS/JSTestEventTarget.h:
        (WebCore::JSTestEventTarget::create):
        * bindings/scripts/test/JS/JSTestException.cpp:
        (WebCore::JSTestException::JSTestException):
        * bindings/scripts/test/JS/JSTestException.h:
        (WebCore::JSTestException::create):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
        (WebCore::JSTestGenerateIsReachable::JSTestGenerateIsReachable):
        * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
        (WebCore::JSTestGenerateIsReachable::create):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::JSTestInterface::JSTestInterface):
        * bindings/scripts/test/JS/JSTestInterface.h:
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
        (WebCore::JSTestMediaQueryListListener::JSTestMediaQueryListListener):
        * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
        (WebCore::JSTestMediaQueryListListener::create):
        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
        (WebCore::JSTestNamedConstructor::JSTestNamedConstructor):
        * bindings/scripts/test/JS/JSTestNamedConstructor.h:
        (WebCore::JSTestNamedConstructor::create):
        * bindings/scripts/test/JS/JSTestNode.cpp:
        (WebCore::JSTestNode::JSTestNode):
        * bindings/scripts/test/JS/JSTestNode.h:
        * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
        (WebCore::JSTestNondeterministic::JSTestNondeterministic):
        * bindings/scripts/test/JS/JSTestNondeterministic.h:
        (WebCore::JSTestNondeterministic::create):
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::JSTestObj::JSTestObj):
        * bindings/scripts/test/JS/JSTestObj.h:
        (WebCore::JSTestObj::create):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
        (WebCore::JSTestOverloadedConstructors::JSTestOverloadedConstructors):
        * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
        (WebCore::JSTestOverloadedConstructors::create):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
        (WebCore::JSTestOverrideBuiltins::JSTestOverrideBuiltins):
        * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
        (WebCore::JSTestOverrideBuiltins::create):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
        (WebCore::JSTestSerializedScriptValueInterface::JSTestSerializedScriptValueInterface):
        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
        (WebCore::JSTestSerializedScriptValueInterface::create):
        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
        (WebCore::JSTestTypedefs::JSTestTypedefs):
        * bindings/scripts/test/JS/JSTestTypedefs.h:
        (WebCore::JSTestTypedefs::create):
        * bindings/scripts/test/JS/JSattribute.cpp:
        (WebCore::JSattribute::JSattribute):
        * bindings/scripts/test/JS/JSattribute.h:
        (WebCore::JSattribute::create):
        * bindings/scripts/test/JS/JSreadonly.cpp:
        (WebCore::JSreadonly::JSreadonly):
        * bindings/scripts/test/JS/JSreadonly.h:
        (WebCore::JSreadonly::create):
        * bridge/c/CRuntimeObject.cpp:
        (JSC::Bindings::CRuntimeObject::CRuntimeObject):
        * bridge/c/CRuntimeObject.h:
        (JSC::Bindings::CRuntimeObject::create):
        * bridge/c/c_class.cpp:
        (JSC::Bindings::CClass::methodNamed):
        (JSC::Bindings::CClass::fieldNamed):
        * bridge/c/c_instance.cpp:
        (JSC::Bindings::CInstance::CInstance):
        * bridge/c/c_instance.h:
        (JSC::Bindings::CInstance::create):
        * bridge/jsc/BridgeJSC.cpp:
        (JSC::Bindings::Array::Array):
        (JSC::Bindings::Instance::Instance):
        * bridge/objc/ObjCRuntimeObject.h:
        (JSC::Bindings::ObjCRuntimeObject::create):
        * bridge/objc/objc_class.mm:
        (JSC::Bindings::ObjcClass::methodNamed):
        (JSC::Bindings::ObjcClass::fieldNamed):
        * bridge/objc/objc_instance.mm:
        (ObjcInstance::ObjcInstance):
        (ObjcInstance::create):
        * bridge/objc/objc_runtime.mm:
        (JSC::Bindings::ObjcArray::ObjcArray):
        * bridge/runtime_object.cpp:
        (JSC::Bindings::RuntimeObject::RuntimeObject):
        * bridge/runtime_object.h:
        * contentextensions/CombinedFiltersAlphabet.cpp:
        (WebCore::ContentExtensions::TermCreatorTranslator::translate):
        * contentextensions/CombinedURLFilters.cpp:
        (WebCore::ContentExtensions::ActiveSubtree::ActiveSubtree):
        (WebCore::ContentExtensions::generateSuffixWithReverseSuffixTree):
        (WebCore::ContentExtensions::generateNFAForSubtree):
        (WebCore::ContentExtensions::CombinedURLFilters::processNFAs):
        * contentextensions/ContentExtension.cpp:
        (WebCore::ContentExtensions::ContentExtension::create):
        (WebCore::ContentExtensions::ContentExtension::ContentExtension):
        * contentextensions/ContentExtensionCompiler.cpp:
        (WebCore::ContentExtensions::compileRuleList):
        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::loadEncodedRules):
        * contentextensions/ContentExtensionsBackend.cpp:
        (WebCore::ContentExtensions::ContentExtensionsBackend::addContentExtension):
        * contentextensions/DFACombiner.cpp:
        (WebCore::ContentExtensions::DFACombiner::combineDFAs):
        * contentextensions/DFACombiner.h:
        (WebCore::ContentExtensions::DFACombiner::addDFA):
        * contentextensions/ImmutableNFANodeBuilder.h:
        (WebCore::ContentExtensions::ImmutableNFANodeBuilder::ImmutableNFANodeBuilder):
        (WebCore::ContentExtensions::ImmutableNFANodeBuilder::operator=):
        * contentextensions/MutableRange.h:
        (WebCore::ContentExtensions::MutableRange::MutableRange):
        (WebCore::ContentExtensions::MutableRange::operator=):
        * contentextensions/MutableRangeList.h:
        (WebCore::ContentExtensions::MutableRangeList::extend):
        (WebCore::ContentExtensions::MutableRangeList::insertBetween):
        * contentextensions/Term.h:
        (WebCore::ContentExtensions::Term::Term):
        (WebCore::ContentExtensions::Term::operator=):
        (WebCore::ContentExtensions::Term::generateSubgraphForAtom):
        * crypto/CryptoAlgorithm.cpp:
        (WebCore::CryptoAlgorithm::encryptForWrapKey):
        (WebCore::CryptoAlgorithm::decryptForUnwrapKey):
        * crypto/CryptoKeyPair.cpp:
        (WebCore::CryptoKeyPair::CryptoKeyPair):
        * crypto/CryptoKeyPair.h:
        (WebCore::CryptoKeyPair::create):
        * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::encrypt):
        (WebCore::CryptoAlgorithmAES_CBC::decrypt):
        * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
        (WebCore::CryptoAlgorithmAES_KW::encryptForWrapKey):
        (WebCore::CryptoAlgorithmAES_KW::decryptForUnwrapKey):
        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
        (WebCore::CryptoAlgorithmHMAC::sign):
        (WebCore::CryptoAlgorithmHMAC::verify):
        * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::encrypt):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::decrypt):
        (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::sign):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::verify):
        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::generateKey):
        * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
        (WebCore::CryptoAlgorithmRSA_OAEP::encrypt):
        (WebCore::CryptoAlgorithmRSA_OAEP::decrypt):
        (WebCore::CryptoAlgorithmRSA_OAEP::generateKey):
        * crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:
        (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
        (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
        * crypto/mac/CryptoKeyRSAMac.cpp:
        (WebCore::CryptoKeyRSA::generatePair):
        * css/BasicShapeFunctions.cpp:
        (WebCore::valueForBasicShape):
        (WebCore::basicShapeForValue):
        * css/CSSBasicShapes.cpp:
        (WebCore::CSSBasicShapePath::CSSBasicShapePath):
        * css/CSSBasicShapes.h:
        * css/CSSBorderImage.cpp:
        (WebCore::createBorderImageValue):
        * css/CSSCalculationValue.cpp:
        * css/CSSCalculationValue.h:
        (WebCore::CSSCalcValue::CSSCalcValue):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::valueForNinePieceImageSlice):
        (WebCore::valueForNinePieceImageQuad):
        (WebCore::computedTransform):
        (WebCore::ComputedStyleExtractor::valueForShadow):
        (WebCore::ComputedStyleExtractor::valueForFilter):
        (WebCore::valueForGridTrackList):
        (WebCore::valueForGridPosition):
        (WebCore::scrollSnapPoints):
        (WebCore::scrollSnapCoordinates):
        (WebCore::getWillChangePropertyValue):
        (WebCore::fontVariantLigaturesPropertyValue):
        (WebCore::fontVariantNumericPropertyValue):
        (WebCore::fontVariantEastAsianPropertyValue):
        (WebCore::fillRepeatToCSSValue):
        (WebCore::fillSizeToCSSValue):
        (WebCore::fontVariantFromStyle):
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSCrossfadeValue.cpp:
        (WebCore::CSSCrossfadeValue::blend):
        * css/CSSCursorImageValue.cpp:
        (WebCore::CSSCursorImageValue::CSSCursorImageValue):
        * css/CSSCursorImageValue.h:
        (WebCore::CSSCursorImageValue::create):
        * css/CSSFilterImageValue.cpp:
        (WebCore::CSSFilterImageValue::image):
        * css/CSSFilterImageValue.h:
        (WebCore::CSSFilterImageValue::create):
        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::addSource):
        * css/CSSFontFace.h:
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::insertFeature):
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * css/CSSFontFeatureValue.cpp:
        (WebCore::CSSFontFeatureValue::CSSFontFeatureValue):
        * css/CSSFontFeatureValue.h:
        (WebCore::CSSFontFeatureValue::create):
        * css/CSSFontSelector.cpp:
        (WebCore::createFontFace):
        (WebCore::constructFamilyFontFaces):
        * css/CSSGrammar.y.in:
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::cloneForCSSOM):
        * css/CSSKeyframeRule.cpp:
        (WebCore::StyleKeyframe::StyleKeyframe):
        * css/CSSKeyframeRule.h:
        (WebCore::StyleKeyframe::create):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseFontFaceValue):
        (WebCore::CSSParser::parseMediaQuery):
        (WebCore::CSSParser::parseSizesAttribute):
        (WebCore::CSSParser::SourceSize::SourceSize):
        (WebCore::CSSParser::sourceSize):
        (WebCore::CSSParser::addFillValue):
        (WebCore::CSSParser::addAnimationValue):
        (WebCore::CSSParser::parse4ValuesFillPosition):
        (WebCore::CSSParser::parse3ValuesFillPosition):
        (WebCore::CSSParser::parseFillPosition):
        (WebCore::CSSParser::parseFillSize):
        (WebCore::CSSParser::parseDashboardRegions):
        (WebCore::CSSParser::parseClipShape):
        (WebCore::CSSParser::parseBasicShapePath):
        (WebCore::CSSParser::parseSystemFont):
        (WebCore::CSSParser::parseBorderImageRepeat):
        (WebCore::BorderImageSliceParseContext::commitBorderImageSlice):
        (WebCore::BorderImageQuadParseContext::commitBorderImageQuad):
        (WebCore::CSSParser::parseBuiltinFilterArguments):
        (WebCore::CSSParser::parseFontFeatureTag):
        (WebCore::CSSParser::parseFontVariantLigatures):
        (WebCore::CSSParser::parseFontVariantNumeric):
        (WebCore::CSSParser::parseFontVariantEastAsian):
        (WebCore::CSSParser::createKeyframesRule):
        (WebCore::CSSParser::rewriteSpecifiers):
        (WebCore::CSSParser::createPageRule):
        (WebCore::CSSParser::createSelectorVector):
        (WebCore::CSSParser::recycleSelectorVector):
        * css/CSSParserValues.cpp:
        (WebCore::CSSParserSelector::~CSSParserSelector):
        (WebCore::CSSParserSelector::adoptSelectorVector):
        (WebCore::CSSParserSelector::setLangArgumentList):
        (WebCore::CSSParserSelector::insertTagHistory):
        (WebCore::CSSParserSelector::appendTagHistory):
        (WebCore::CSSParserSelector::prependTagSelector):
        * css/CSSParserValues.h:
        (WebCore::CSSParserSelector::releaseSelector):
        (WebCore::CSSParserSelector::setTagHistory):
        * css/CSSPrimitiveValue.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        * css/CSSProperty.cpp:
        (WebCore::CSSProperty::wrapValueInCommaSeparatedList):
        * css/CSSSegmentedFontFace.cpp:
        (WebCore::CSSSegmentedFontFace::appendFontFace):
        (WebCore::appendFontWithInvalidUnicodeRangeIfLoading):
        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::setLangArgumentList):
        (WebCore::CSSSelector::setSelectorList):
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::create):
        (WebCore::CSSStyleSheet::CSSStyleSheet):
        * css/CSSValueList.h:
        (WebCore::CSSValueList::append):
        (WebCore::CSSValueList::prepend):
        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::initUserStyle):
        * css/FontLoader.cpp:
        (WebCore::FontLoader::scheduleEvent):
        * css/MediaList.cpp:
        (WebCore::MediaQuerySet::parse):
        (WebCore::MediaQuerySet::add):
        (WebCore::MediaQuerySet::addMediaQuery):
        * css/MediaQuery.cpp:
        (WebCore::MediaQuery::MediaQuery):
        * css/Pair.h:
        (WebCore::Pair::create):
        (WebCore::Pair::Pair):
        * css/RuleSet.cpp:
        (WebCore::RuleSet::addRegionRule):
        * css/RuleSet.h:
        (WebCore::RuleSet::RuleSetSelectorPair::RuleSetSelectorPair):
        * css/SVGCSSComputedStyleDeclaration.cpp:
        (WebCore::paintOrder):
        * css/SourceSizeList.cpp:
        (WebCore::match):
        (WebCore::parseSizesAttribute):
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyTextOrBoxShadowValue):
        (WebCore::StyleBuilderCustom::applyValueContent):
        (WebCore::StyleBuilderCustom::applyValueWillChange):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::State::setStyle):
        (WebCore::StyleResolver::addToMatchedPropertiesCache):
        * css/StyleResolver.h:
        (WebCore::StyleResolver::State::setParentStyle):
        (WebCore::StyleResolver::State::setAuthorRollback):
        (WebCore::StyleResolver::State::setUserRollback):
        * css/StyleRule.cpp:
        (WebCore::StyleRule::StyleRule):
        (WebCore::StyleRule::create):
        (WebCore::StyleRulePage::StyleRulePage):
        (WebCore::StyleRuleFontFace::StyleRuleFontFace):
        (WebCore::StyleRuleGroup::wrapperInsertRule):
        (WebCore::StyleRuleViewport::StyleRuleViewport):
        * css/StyleRule.h:
        (WebCore::StyleRule::create):
        (WebCore::StyleRule::wrapperAdoptSelectorList):
        (WebCore::StyleRuleFontFace::create):
        (WebCore::StyleRulePage::create):
        (WebCore::StyleRulePage::wrapperAdoptSelectorList):
        (WebCore::StyleRuleViewport::create):
        * cssjit/SelectorCompiler.cpp:
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorChecker):
        (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatchesSelectorList):
        * dom/ActiveDOMCallbackMicrotask.cpp:
        (WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
        * dom/Attr.cpp:
        (WebCore::Attr::cloneNodeInternal):
        * dom/ChildListMutationScope.cpp:
        (WebCore::ChildListMutationAccumulator::ChildListMutationAccumulator):
        * dom/ContainerNode.cpp:
        (WebCore::ContainerNode::insertBefore):
        (WebCore::ContainerNode::append):
        (WebCore::ContainerNode::prepend):
        * dom/DataTransfer.cpp:
        (WebCore::DataTransfer::DataTransfer):
        * dom/Document.cpp:
        (WebCore::Document::createNodeIterator):
        (WebCore::Document::createTreeWalker):
        (WebCore::Document::logExceptionToConsole):
        (WebCore::Document::cloneNodeInternal):
        (WebCore::Document::enqueueWindowEvent):
        (WebCore::Document::enqueueDocumentEvent):
        (WebCore::Document::enqueueOverflowEvent):
        (WebCore::Document::setTransformSource):
        (WebCore::Document::addMessage):
        (WebCore::Document::postTask):
        (WebCore::Document::pendingTasksTimerFired):
        (WebCore::Document::sendWillRevealEdgeEventsIfNeeded):
        * dom/DocumentEventQueue.cpp:
        (WebCore::DocumentEventQueue::enqueueOrDispatchScrollEvent):
        * dom/DocumentFragment.cpp:
        (WebCore::DocumentFragment::cloneNodeInternal):
        * dom/Element.cpp:
        (WebCore::Element::createElementRenderer):
        (WebCore::Element::addShadowRoot):
        (WebCore::Element::dispatchFocusInEvent):
        (WebCore::Element::dispatchFocusOutEvent):
        (WebCore::Element::dispatchFocusEvent):
        (WebCore::Element::dispatchBlurEvent):
        (WebCore::Element::resolveComputedStyle):
        (WebCore::Element::setBeforePseudoElement):
        (WebCore::Element::setAfterPseudoElement):
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::setShadowRoot):
        (WebCore::ElementRareData::setAttributeMap):
        (WebCore::ElementRareData::setComputedStyle):
        (WebCore::ElementRareData::setClassList):
        (WebCore::ElementRareData::setDataset):
        (WebCore::ElementRareData::setBeforePseudoElement):
        (WebCore::ElementRareData::setAfterPseudoElement):
        * dom/Event.cpp:
        (WebCore::Event::setTarget):
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::addEventListener):
        * dom/ExtensionStyleSheets.cpp:
        (WebCore::ExtensionStyleSheets::addUserStyleSheet):
        (WebCore::ExtensionStyleSheets::addAuthorStyleSheetForTesting):
        * dom/FocusEvent.cpp:
        (WebCore::FocusEvent::FocusEvent):
        * dom/FocusEvent.h:
        * dom/MessageEvent.cpp:
        (WebCore::MessageEvent::MessageEvent):
        (WebCore::MessageEvent::initMessageEvent):
        * dom/MessageEvent.h:
        * dom/MessagePort.cpp:
        (WebCore::MessagePort::postMessage):
        (WebCore::MessagePort::disentangle):
        (WebCore::MessagePort::entangle):
        (WebCore::MessagePort::dispatchMessages):
        (WebCore::MessagePort::disentanglePorts):
        (WebCore::MessagePort::entanglePorts):
        (WebCore::MessagePort::addEventListener):
        * dom/Microtasks.cpp:
        (WebCore::MicrotaskQueue::append):
        (WebCore::MicrotaskQueue::performMicrotaskCheckpoint):
        * dom/MutationObserver.cpp:
        (WebCore::queueMutationObserverCompoundMicrotask):
        * dom/NativeNodeFilter.h:
        * dom/Node.cpp:
        (WebCore::Node::before):
        (WebCore::Node::after):
        (WebCore::Node::replaceWith):
        (WebCore::Document::invalidateNodeListAndCollectionCaches):
        (WebCore::tryAddEventListener):
        (WebCore::Node::addEventListener):
        * dom/NodeIterator.cpp:
        (WebCore::NodeIterator::NodeIterator):
        * dom/NodeIterator.h:
        (WebCore::NodeIterator::create):
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::setCSSStyleSheet):
        * dom/PseudoElement.cpp:
        (WebCore::PseudoElement::didRecalcStyle):
        * dom/ScopedEventQueue.cpp:
        (WebCore::ScopedEventQueue::enqueueEvent):
        (WebCore::ScopedEventQueue::dispatchAllEvents):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::reportException):
        * dom/ScriptExecutionContext.h:
        (WebCore::ScriptExecutionContext::Task::Task):
        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::setSecurityOriginPolicy):
        (WebCore::SecurityContext::setContentSecurityPolicy):
        * dom/SecurityOriginPolicy.cpp:
        (WebCore::SecurityOriginPolicy::create):
        (WebCore::SecurityOriginPolicy::SecurityOriginPolicy):
        * dom/SelectorQuery.cpp:
        (WebCore::SelectorQuery::SelectorQuery):
        (WebCore::SelectorQueryCache::add):
        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::ShadowRoot):
        * dom/ShadowRoot.h:
        * dom/SlotAssignment.cpp:
        (WebCore::SlotAssignment::SlotAssignment):
        * dom/StyledElement.cpp:
        (WebCore::StyledElement::rebuildPresentationAttributeStyle):
        * dom/Text.cpp:
        (WebCore::Text::splitText):
        (WebCore::Text::replaceWholeText):
        * dom/Traversal.cpp:
        (WebCore::NodeIteratorBase::NodeIteratorBase):
        * dom/TreeWalker.cpp:
        (WebCore::TreeWalker::TreeWalker):
        (WebCore::TreeWalker::traverseSiblings):
        * dom/TreeWalker.h:
        (WebCore::TreeWalker::create):
        * dom/TypedElementDescendantIterator.h:
        (WebCore::DoubleTypedElementDescendantIteratorAdapter<ElementType>::DoubleTypedElementDescendantIteratorAdapter):
        (WebCore::DoubleTypedElementDescendantIterator<ElementType>::DoubleTypedElementDescendantIterator):
        * dom/default/PlatformMessagePortChannel.cpp:
        (WebCore::PlatformMessagePortChannel::EventData::EventData):
        (WebCore::MessagePortChannel::createChannel):
        (WebCore::MessagePortChannel::postMessageToRemote):
        * dom/default/PlatformMessagePortChannel.h:
        (WebCore::PlatformMessagePortChannel::EventData::channels):
        (WebCore::PlatformMessagePortChannel::MessagePortQueue::appendAndCheckEmpty):
        * editing/AppendNodeCommand.cpp:
        (WebCore::AppendNodeCommand::AppendNodeCommand):
        * editing/AppendNodeCommand.h:
        (WebCore::AppendNodeCommand::create):
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::replaceTextInNode):
        (WebCore::CompositeEditCommand::moveParagraphs):
        * editing/DeleteFromTextNodeCommand.h:
        (WebCore::DeleteFromTextNodeCommand::create):
        * editing/EditingStyle.cpp:
        (WebCore::applyTextDecorationChangeToValueList):
        (WebCore::EditingStyle::overrideTypingStyleAt):
        (WebCore::EditingStyle::conflictsWithInlineStyleOfElement):
        (WebCore::mergeTextDecorationValues):
        (WebCore::StyleChange::StyleChange):
        * editing/Editor.cpp:
        (WebCore::Editor::insertDictationPhrases):
        (WebCore::Editor::setTextAsChildOfElement):
        (WebCore::Editor::applyStyleToSelection):
        * editing/EditorCommand.cpp:
        (WebCore::applyCommandToFrame):
        (WebCore::executeInsertNode):
        (WebCore::executeInsertHorizontalRule):
        (WebCore::executeInsertImage):
        (WebCore::executeStrikethrough):
        (WebCore::executeUnderline):
        * editing/InsertIntoTextNodeCommand.h:
        (WebCore::InsertIntoTextNodeCommand::create):
        * editing/InsertNodeBeforeCommand.h:
        (WebCore::InsertNodeBeforeCommand::create):
        * editing/MergeIdenticalElementsCommand.cpp:
        (WebCore::MergeIdenticalElementsCommand::doApply):
        (WebCore::MergeIdenticalElementsCommand::doUnapply):
        * editing/MoveSelectionCommand.cpp:
        (WebCore::MoveSelectionCommand::doApply):
        * editing/RemoveNodeCommand.cpp:
        (WebCore::RemoveNodeCommand::RemoveNodeCommand):
        * editing/RemoveNodeCommand.h:
        (WebCore::RemoveNodeCommand::create):
        * editing/ReplaceDeleteFromTextNodeCommand.cpp:
        (WebCore::ReplaceDeleteFromTextNodeCommand::ReplaceDeleteFromTextNodeCommand):
        * editing/ReplaceDeleteFromTextNodeCommand.h:
        * editing/ReplaceInsertIntoTextNodeCommand.cpp:
        (WebCore::ReplaceInsertIntoTextNodeCommand::ReplaceInsertIntoTextNodeCommand):
        * editing/ReplaceInsertIntoTextNodeCommand.h:
        * editing/ReplaceNodeWithSpanCommand.cpp:
        (WebCore::swapInNodePreservingAttributesAndChildren):
        * editing/ReplaceSelectionCommand.h:
        (WebCore::ReplaceSelectionCommand::create):
        * editing/SplitElementCommand.cpp:
        (WebCore::SplitElementCommand::executeApply):
        (WebCore::SplitElementCommand::doUnapply):
        * editing/TextCheckingHelper.cpp:
        (WebCore::findGrammaticalErrors):
        (WebCore::checkTextOfParagraph):
        * editing/TextIterator.cpp:
        (WebCore::TextIteratorCopyableText::set):
        (WebCore::TextIterator::handleReplacedElement):
        (WebCore::TextIterator::emitText):
        (WebCore::SimplifiedBackwardsTextIterator::handleTextNode):
        (WebCore::TextIterator::rangeFromLocationAndLength):
        * editing/WrapContentsInDummySpanCommand.cpp:
        (WebCore::WrapContentsInDummySpanCommand::executeApply):
        (WebCore::WrapContentsInDummySpanCommand::doUnapply):
        * editing/ios/DictationCommandIOS.cpp:
        (WebCore::DictationCommandIOS::DictationCommandIOS):
        * editing/ios/DictationCommandIOS.h:
        (WebCore::DictationCommandIOS::create):
        * editing/ios/EditorIOS.mm:
        (WebCore::Editor::WebContentReader::readURL):
        (WebCore::Editor::createFragmentForImageResourceAndAddResource):
        * editing/mac/EditorMac.mm:
        (WebCore::Editor::WebContentReader::readFilenames):
        (WebCore::Editor::WebContentReader::readURL):
        (WebCore::Editor::createFragmentForImageResourceAndAddResource):
        * editing/markup.cpp:
        (WebCore::fillContainerFromString):
        (WebCore::createFragmentFromText):
        (WebCore::replaceChildrenWithFragment):
        (WebCore::replaceChildrenWithText):
        * fileapi/AsyncFileStream.cpp:
        (WebCore::callOnFileThread):
        * fileapi/Blob.cpp:
        (WebCore::Blob::Blob):
        * fileapi/Blob.h:
        (WebCore::Blob::create):
        * fileapi/FileList.h:
        (WebCore::FileList::create):
        (WebCore::FileList::FileList):
        (WebCore::FileList::append):
        * fileapi/ThreadableBlobRegistry.cpp:
        (WebCore::BlobRegistryContext::BlobRegistryContext):
        (WebCore::ThreadableBlobRegistry::registerBlobURL):
        * fileapi/WebKitBlobBuilder.cpp:
        (WebCore::BlobBuilder::append):
        (WebCore::BlobBuilder::finalize):
        * history/BackForwardController.cpp:
        (WebCore::BackForwardController::BackForwardController):
        (WebCore::BackForwardController::addItem):
        * history/BackForwardList.cpp:
        (WebCore::BackForwardList::addItem):
        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::setCachedFramePlatformData):
        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::setStateObject):
        (WebCore::HistoryItem::addChildItem):
        (WebCore::HistoryItem::setChildItem):
        (WebCore::HistoryItem::setFormData):
        (WebCore::HistoryItem::setRedirectURLs):
        * history/PageCache.cpp:
        (WebCore::PageCache::take):
        * html/BaseButtonInputType.cpp:
        (WebCore::BaseButtonInputType::createInputRenderer):
        * html/BaseChooserOnlyDateAndTimeInputType.cpp:
        (WebCore::BaseChooserOnlyDateAndTimeInputType::createShadowSubtree):
        * html/ColorInputType.cpp:
        (WebCore::ColorInputType::createShadowSubtree):
        * html/FTPDirectoryDocument.cpp:
        (WebCore::FTPDirectoryDocumentParser::appendEntry):
        (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
        (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
        (WebCore::FTPDirectoryDocumentParser::append):
        * html/FileInputType.cpp:
        (WebCore::FileInputType::createInputRenderer):
        (WebCore::FileInputType::createFileList):
        * html/FormController.cpp:
        (WebCore::FormController::formStatesFromStateVector):
        * html/HTMLAppletElement.cpp:
        (WebCore::HTMLAppletElement::createElementRenderer):
        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::createElementRenderer):
        * html/HTMLBRElement.cpp:
        (WebCore::HTMLBRElement::createElementRenderer):
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::collectStyleForPresentationAttribute):
        * html/HTMLButtonElement.cpp:
        (WebCore::HTMLButtonElement::createElementRenderer):
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::createElementRenderer):
        (WebCore::HTMLCanvasElement::setImageBuffer):
        * html/HTMLCollection.cpp:
        (WebCore::HTMLCollection::updateNamedElementCache):
        * html/HTMLCollection.h:
        (WebCore::HTMLCollection::setNamedItemCache):
        * html/HTMLDetailsElement.cpp:
        (WebCore::HTMLDetailsElement::createElementRenderer):
        (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::populateEventHandlerNameMap):
        (WebCore::HTMLElement::setInnerText):
        (WebCore::HTMLElement::createElementRenderer):
        * html/HTMLFieldSetElement.cpp:
        (WebCore::HTMLFieldSetElement::createElementRenderer):
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::dispatchBlurEvent):
        * html/HTMLFormControlsCollection.cpp:
        (WebCore::HTMLFormControlsCollection::updateNamedElementCache):
        * html/HTMLFrameElement.cpp:
        (WebCore::HTMLFrameElement::createElementRenderer):
        * html/HTMLFrameSetElement.cpp:
        (WebCore::HTMLFrameSetElement::createElementRenderer):
        * html/HTMLIFrameElement.cpp:
        (WebCore::HTMLIFrameElement::createElementRenderer):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::createElementRenderer):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateType):
        (WebCore::HTMLInputElement::createElementRenderer):
        * html/HTMLKeygenElement.cpp:
        (WebCore::HTMLKeygenElement::HTMLKeygenElement):
        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::setCSSStyleSheet):
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::createElementRenderer):
        (WebCore::HTMLMediaElement::addEventListener):
        (WebCore::HTMLMediaElement::setWirelessPlaybackTarget):
        (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader):
        * html/HTMLMeterElement.cpp:
        (WebCore::HTMLMeterElement::createElementRenderer):
        (WebCore::HTMLMeterElement::didAddUserAgentShadowRoot):
        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::createForJSConstructor):
        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::createElementRenderer):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::createElementRenderer):
        * html/HTMLProgressElement.cpp:
        (WebCore::HTMLProgressElement::createElementRenderer):
        (WebCore::HTMLProgressElement::didAddUserAgentShadowRoot):
        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::createElementRenderer):
        (WebCore::HTMLSelectElement::dispatchFocusEvent):
        (WebCore::HTMLSelectElement::dispatchBlurEvent):
        * html/HTMLSummaryElement.cpp:
        (WebCore::HTMLSummaryElement::createElementRenderer):
        * html/HTMLTableElement.cpp:
        (WebCore::HTMLTableElement::insertRow):
        * html/HTMLTableRowElement.cpp:
        (WebCore::HTMLTableRowElement::insertCell):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::createElementRenderer):
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::dispatchFocusEvent):
        (WebCore::HTMLTextFormControlElement::dispatchBlurEvent):
        * html/HTMLVideoElement.cpp:
        (WebCore::HTMLVideoElement::createElementRenderer):
        * html/HTMLWBRElement.cpp:
        (WebCore::HTMLWBRElement::createElementRenderer):
        * html/ImageDocument.cpp:
        (WebCore::ImageDocument::createDocumentStructure):
        * html/ImageInputType.cpp:
        (WebCore::ImageInputType::createInputRenderer):
        * html/InputType.cpp:
        (WebCore::InputType::createInputRenderer):
        * html/MediaDocument.cpp:
        (WebCore::MediaDocumentParser::createDocumentStructure):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::setPlaybackTarget):
        * html/PluginDocument.cpp:
        (WebCore::PluginDocumentParser::createDocumentStructure):
        * html/RangeInputType.cpp:
        (WebCore::RangeInputType::createShadowSubtree):
        (WebCore::RangeInputType::createInputRenderer):
        * html/RubyElement.cpp:
        (WebCore::RubyElement::createElementRenderer):
        * html/RubyTextElement.cpp:
        (WebCore::RubyTextElement::createElementRenderer):
        * html/SearchInputType.cpp:
        (WebCore::SearchInputType::createInputRenderer):
        (WebCore::SearchInputType::createShadowSubtree):
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::createInputRenderer):
        * html/ValidationMessage.cpp:
        (WebCore::ValidationMessage::buildBubbleTree):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::createLinearGradient):
        (WebCore::CanvasRenderingContext2D::createRadialGradient):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::LRUImageBufferCache::imageBuffer):
        * html/parser/AtomicHTMLToken.h:
        (WebCore::AtomicHTMLToken::AtomicHTMLToken):
        * html/parser/HTMLConstructionSite.cpp:
        (WebCore::HTMLConstructionSite::executeQueuedTasks):
        (WebCore::HTMLConstructionSite::insertTextNode):
        * html/parser/HTMLDocumentParser.cpp:
        (WebCore::HTMLDocumentParser::append):
        * html/parser/HTMLElementStack.cpp:
        (WebCore::HTMLElementStack::ElementRecord::ElementRecord):
        (WebCore::HTMLElementStack::pushCommon):
        * html/parser/HTMLElementStack.h:
        (WebCore::HTMLElementStack::ElementRecord::releaseNext):
        (WebCore::HTMLElementStack::ElementRecord::setNext):
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::scan):
        (WebCore::HTMLPreloadScanner::scan):
        * html/parser/HTMLResourcePreloader.cpp:
        (WebCore::HTMLResourcePreloader::preload):
        * html/parser/HTMLStackItem.h:
        (WebCore::HTMLStackItem::HTMLStackItem):
        (WebCore::HTMLStackItem::create):
        * html/parser/HTMLToken.h:
        (WebCore::HTMLToken::releaseDoctypeData):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::takeScriptToProcess):
        (WebCore::HTMLTreeBuilder::processFakeStartTag):
        (WebCore::HTMLTreeBuilder::insertPhoneNumberLink):
        * html/parser/TextDocumentParser.cpp:
        (WebCore::TextDocumentParser::append):
        (WebCore::TextDocumentParser::insertFakePreElement):
        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::XSSAuditorDelegate::generateViolationReport):
        * html/shadow/DetailsMarkerControl.cpp:
        (WebCore::DetailsMarkerControl::createElementRenderer):
        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTimelineContainerElement::createElementRenderer):
        (WebCore::MediaControlVolumeSliderContainerElement::createElementRenderer):
        (WebCore::MediaControlClosedCaptionsTrackListElement::rebuildTrackListMenu):
        (WebCore::MediaControlTextTrackContainerElement::createElementRenderer):
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * html/shadow/MediaControls.cpp:
        (WebCore::MediaControls::createTextTrackDisplay):
        * html/shadow/MediaControlsApple.cpp:
        (WebCore::MediaControlsApple::createControls):
        (WebCore::MediaControlsApple::showClosedCaptionTrackList):
        * html/shadow/MeterShadowElement.cpp:
        (WebCore::MeterInnerElement::createElementRenderer):
        * html/shadow/ProgressShadowElement.cpp:
        (WebCore::ProgressInnerElement::createElementRenderer):
        * html/shadow/SliderThumbElement.cpp:
        (WebCore::RenderSliderThumb::RenderSliderThumb):
        (WebCore::SliderThumbElement::createElementRenderer):
        (WebCore::SliderContainerElement::createElementRenderer):
        * html/shadow/TextControlInnerElements.cpp:
        (WebCore::TextControlInnerContainer::createElementRenderer):
        (WebCore::TextControlInnerTextElement::createElementRenderer):
        * html/shadow/mac/ImageControlsButtonElementMac.cpp:
        (WebCore::RenderImageControlsButton::RenderImageControlsButton):
        (WebCore::ImageControlsButtonElementMac::createElementRenderer):
        * html/shadow/mac/ImageControlsRootElementMac.cpp:
        (WebCore::RenderImageControls::RenderImageControls):
        (WebCore::ImageControlsRootElement::maybeCreate):
        (WebCore::ImageControlsRootElementMac::createElementRenderer):
        * html/track/VTTCue.cpp:
        (WebCore::VTTCueBox::createElementRenderer):
        * html/track/WebVTTElement.cpp:
        (WebCore::WebVTTElement::cloneElementWithoutAttributesAndChildren):
        * html/track/WebVTTParser.cpp:
        (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
        * inspector/CommandLineAPIHost.cpp:
        (WebCore::CommandLineAPIHost::inspectImpl):
        (WebCore::CommandLineAPIHost::addInspectedObject):
        * inspector/DOMEditor.cpp:
        (WebCore::DOMEditor::InsertBeforeAction::InsertBeforeAction):
        (WebCore::DOMEditor::ReplaceChildNodeAction::ReplaceChildNodeAction):
        (WebCore::DOMEditor::insertBefore):
        (WebCore::DOMEditor::setOuterHTML):
        (WebCore::DOMEditor::replaceChild):
        * inspector/DOMPatchSupport.cpp:
        (WebCore::DOMPatchSupport::createDigest):
        (WebCore::DOMPatchSupport::removeChildAndMoveToNew):
        * inspector/InspectorApplicationCacheAgent.cpp:
        (WebCore::InspectorApplicationCacheAgent::getFramesWithManifests):
        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
        (WebCore::InspectorCSSAgent::addRule):
        (WebCore::InspectorCSSAgent::getSupportedCSSProperties):
        (WebCore::InspectorCSSAgent::getSupportedSystemFontFamilyNames):
        (WebCore::InspectorCSSAgent::getNamedFlowCollection):
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):
        (WebCore::InspectorCSSAgent::buildArrayForRegions):
        (WebCore::InspectorCSSAgent::buildObjectForNamedFlow):
        * inspector/InspectorConsoleInstrumentation.h:
        (WebCore::InspectorInstrumentation::addMessageToConsole):
        (WebCore::InspectorInstrumentation::consoleCount):
        (WebCore::InspectorInstrumentation::stopConsoleTiming):
        (WebCore::InspectorInstrumentation::consoleTimeStamp):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::pushNodePathToFrontend):
        (WebCore::InspectorDOMAgent::highlightRect):
        (WebCore::InspectorDOMAgent::highlightQuad):
        (WebCore::InspectorDOMAgent::innerHighlightQuad):
        (WebCore::InspectorDOMAgent::highlightSelector):
        (WebCore::InspectorDOMAgent::buildObjectForNode):
        (WebCore::InspectorDOMAgent::buildArrayForPseudoElements):
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):
        (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
        (WebCore::InspectorDOMAgent::didCommitLoad):
        (WebCore::InspectorDOMAgent::didInsertDOMNode):
        (WebCore::InspectorDOMAgent::styleAttributeInvalidated):
        * inspector/InspectorDOMDebuggerAgent.cpp:
        (WebCore::InspectorDOMDebuggerAgent::didInvalidateStyleAttr):
        (WebCore::InspectorDOMDebuggerAgent::willInsertDOMNode):
        (WebCore::InspectorDOMDebuggerAgent::willRemoveDOMNode):
        (WebCore::InspectorDOMDebuggerAgent::willModifyDOMAttr):
        (WebCore::InspectorDOMDebuggerAgent::pauseOnNativeEventIfNeeded):
        (WebCore::InspectorDOMDebuggerAgent::willSendXMLHttpRequest):
        * inspector/InspectorDOMStorageAgent.cpp:
        (WebCore::InspectorDOMStorageAgent::getDOMStorageItems):
        * inspector/InspectorDatabaseAgent.cpp:
        (WebCore::InspectorDatabaseAgent::didOpenDatabase):
        (WebCore::InspectorDatabaseAgent::executeSQL):
        * inspector/InspectorDatabaseResource.cpp:
        (WebCore::InspectorDatabaseResource::create):
        (WebCore::InspectorDatabaseResource::bind):
        * inspector/InspectorDatabaseResource.h:
        (WebCore::InspectorDatabaseResource::setDatabase):
        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::InspectorFrontendClientLocal):
        * inspector/InspectorHistory.cpp:
        (WebCore::InspectorHistory::perform):
        * inspector/InspectorIndexedDBAgent.cpp:
        (WebCore::InspectorIndexedDBAgent::requestDatabaseNames):
        (WebCore::InspectorIndexedDBAgent::requestDatabase):
        (WebCore::InspectorIndexedDBAgent::requestData):
        (WebCore::ClearObjectStoreListener::create):
        (WebCore::ClearObjectStoreListener::ClearObjectStoreListener):
        (WebCore::ClearObjectStore::create):
        (WebCore::ClearObjectStore::ClearObjectStore):
        (WebCore::InspectorIndexedDBAgent::clearObjectStore):
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::addMessageToConsoleImpl):
        (WebCore::InspectorInstrumentation::didOpenDatabaseImpl):
        (WebCore::InspectorInstrumentation::sessionCreatedImpl):
        (WebCore::InspectorInstrumentation::sessionLoadedImpl):
        (WebCore::InspectorInstrumentation::sessionModifiedImpl):
        (WebCore::InspectorInstrumentation::segmentCreatedImpl):
        (WebCore::InspectorInstrumentation::segmentCompletedImpl):
        (WebCore::InspectorInstrumentation::segmentLoadedImpl):
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didOpenDatabase):
        (WebCore::InspectorInstrumentation::sessionCreated):
        (WebCore::InspectorInstrumentation::sessionLoaded):
        (WebCore::InspectorInstrumentation::sessionModified):
        (WebCore::InspectorInstrumentation::segmentCreated):
        (WebCore::InspectorInstrumentation::segmentCompleted):
        (WebCore::InspectorInstrumentation::segmentLoaded):
        * inspector/InspectorLayerTreeAgent.cpp:
        (WebCore::InspectorLayerTreeAgent::reasonsForCompositingLayer):
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::buildObjectForResourceResponse):
        (WebCore::buildObjectForCachedResource):
        (WebCore::InspectorNetworkAgent::buildInitiatorObject):
        (WebCore::InspectorNetworkAgent::willSendWebSocketHandshakeRequest):
        (WebCore::InspectorNetworkAgent::didReceiveWebSocketHandshakeResponse):
        (WebCore::InspectorNetworkAgent::didReceiveWebSocketFrame):
        (WebCore::InspectorNetworkAgent::didSendWebSocketFrame):
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::highlightNodeList):
        (WebCore::InspectorOverlay::highlightQuad):
        (WebCore::buildObjectForHighlight):
        (WebCore::buildObjectForFlowRegions):
        (WebCore::InspectorOverlay::drawPaintRects):
        (WebCore::buildArrayForRendererFragments):
        (WebCore::buildObjectForShapeOutside):
        (WebCore::buildObjectForElementData):
        (WebCore::InspectorOverlay::buildHighlightObjectForNode):
        (WebCore::InspectorOverlay::buildObjectForHighlightedNodes):
        (WebCore::InspectorOverlay::reset):
        (WebCore::InspectorOverlay::evaluateInOverlay):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::buildObjectForFrameTree):
        * inspector/InspectorReplayAgent.cpp:
        (WebCore::buildInspectorObjectForSession):
        (WebCore::SerializeInputToJSONFunctor::operator()):
        (WebCore::SerializeInputToJSONFunctor::returnValue):
        (WebCore::buildInspectorObjectForSegment):
        (WebCore::InspectorReplayAgent::switchSession):
        (WebCore::InspectorReplayAgent::insertSessionSegment):
        (WebCore::InspectorReplayAgent::removeSessionSegment):
        (WebCore::InspectorReplayAgent::getSessionData):
        (WebCore::InspectorReplayAgent::getSegmentData):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::asCSSRuleList):
        (WebCore::InspectorStyle::create):
        (WebCore::InspectorStyle::buildObjectForStyle):
        (WebCore::InspectorStyle::buildArrayForComputedStyle):
        (WebCore::InspectorStyle::styleWithProperties):
        (WebCore::InspectorStyleSheet::create):
        (WebCore::InspectorStyleSheet::InspectorStyleSheet):
        (WebCore::InspectorStyleSheet::buildObjectForStyleSheet):
        (WebCore::buildObjectForSelectorHelper):
        (WebCore::InspectorStyleSheet::buildObjectForRule):
        (WebCore::InspectorStyleSheet::ensureSourceData):
        (WebCore::InspectorStyleSheet::buildArrayForRuleList):
        (WebCore::InspectorStyleSheet::collectFlatRules):
        (WebCore::InspectorStyleSheetForInlineStyle::create):
        (WebCore::InspectorStyleSheetForInlineStyle::InspectorStyleSheetForInlineStyle):
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::startProfiling):
        (WebCore::InspectorTimelineAgent::addRecordToTimeline):
        (WebCore::InspectorTimelineAgent::appendRecord):
        (WebCore::InspectorTimelineAgent::sendEvent):
        (WebCore::InspectorTimelineAgent::createRecordEntry):
        (WebCore::InspectorTimelineAgent::pushCurrentRecord):
        * inspector/InspectorTimelineAgent.h:
        * inspector/NetworkResourcesData.cpp:
        (WebCore::NetworkResourcesData::addResourceSharedBuffer):
        * inspector/NetworkResourcesData.h:
        (WebCore::NetworkResourcesData::ResourceData::setDecoder):
        (WebCore::NetworkResourcesData::ResourceData::setBuffer):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::buildInspectorObject):
        (WebCore::buildProfileInspectorObject):
        * inspector/WebInjectedScriptManager.cpp:
        (WebCore::WebInjectedScriptManager::WebInjectedScriptManager):
        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::createIfEnabled):
        (WebCore::ContentFilter::ContentFilter):
        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCache::appendEntry):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::subresources):
        (WebCore::DocumentLoader::installContentFilterUnblockHandler):
        * loader/DocumentLoader.h:
        (WebCore::DocumentLoader::setQuickLookHandle):
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::didReceiveResponse):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::updateBackForwardListClippedAtTarget):
        (WebCore::HistoryController::pushState):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::MediaResourceLoader):
        * loader/NavigationScheduler.cpp:
        (WebCore::NavigationScheduler::timerFired):
        (WebCore::NavigationScheduler::schedule):
        (WebCore::NavigationScheduler::cancel):
        * loader/NetscapePlugInStreamLoader.cpp:
        (WebCore::NetscapePlugInStreamLoader::willSendRequest):
        * loader/PolicyCallback.cpp:
        (WebCore::PolicyCallback::set):
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNavigationPolicy):
        (WebCore::PolicyChecker::checkNewWindowPolicy):
        (WebCore::PolicyChecker::checkContentPolicy):
        * loader/PolicyChecker.h:
        (WebCore::PolicyChecker::setContentFilterUnblockHandler):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::willSendRequest):
        * loader/ThreadableLoader.cpp:
        (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions):
        (WebCore::ThreadableLoaderOptions::isolatedCopy):
        * loader/appcache/ApplicationCacheGroup.cpp:
        (WebCore::ApplicationCacheGroup::ApplicationCacheGroup):
        * loader/archive/cf/LegacyWebArchive.cpp:
        (WebCore::LegacyWebArchive::create):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::saveParsedStyleSheet):
        * loader/icon/IconDatabase.cpp:
        (WebCore::IconDatabase::syncThreadMainLoop):
        * mathml/MathMLInlineContainerElement.cpp:
        (WebCore::MathMLInlineContainerElement::createElementRenderer):
        * mathml/MathMLMathElement.cpp:
        (WebCore::MathMLMathElement::createElementRenderer):
        * mathml/MathMLMencloseElement.cpp:
        (WebCore::MathMLMencloseElement::createElementRenderer):
        * mathml/MathMLSelectElement.cpp:
        (WebCore::MathMLSelectElement::createElementRenderer):
        * mathml/MathMLTextElement.cpp:
        (WebCore::MathMLTextElement::createElementRenderer):
        * page/CaptionUserPreferences.cpp:
        (WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::DOMTimer):
        (WebCore::DOMTimer::install):
        * page/DOMWindow.cpp:
        (WebCore::PostMessageTimer::PostMessageTimer):
        (WebCore::PostMessageTimer::event):
        (WebCore::DOMWindow::postMessage):
        (WebCore::DOMWindow::setTimeout):
        (WebCore::DOMWindow::setInterval):
        (WebCore::DOMWindow::addEventListener):
        (WebCore::DOMWindow::showModalDialog):
        * page/DebugPageOverlays.cpp:
        (WebCore::MouseWheelRegionOverlay::updateRegion):
        (WebCore::NonFastScrollableRegionOverlay::updateRegion):
        (WebCore::DebugPageOverlays::ensureRegionOverlayForFrame):
        * page/DragController.cpp:
        (WebCore::documentFragmentFromDragData):
        (WebCore::DragController::concludeEditDrag):
        * page/Frame.cpp:
        (WebCore::Frame::setView):
        * page/FrameView.cpp:
        (WebCore::FrameView::sendResizeEventIfNeeded):
        (WebCore::FrameView::updateOverflowStatus):
        * page/Page.cpp:
        (WebCore::Page::Page):
        (WebCore::Page::setSessionStorage):
        (WebCore::Page::setStorageNamespaceProvider):
        (WebCore::Page::setVisitedLinkStore):
        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::addMessage):
        (WebCore::PageConsoleClient::messageWithTypeAndLevel):
        (WebCore::PageConsoleClient::count):
        (WebCore::PageConsoleClient::profileEnd):
        (WebCore::PageConsoleClient::timeEnd):
        (WebCore::PageConsoleClient::timeStamp):
        * page/PageOverlayController.cpp:
        (WebCore::PageOverlayController::installPageOverlay):
        * page/TextIndicator.cpp:
        (WebCore::takeSnapshot):
        * page/UserContentController.cpp:
        (WebCore::UserContentController::addUserScript):
        (WebCore::UserContentController::addUserStyleSheet):
        * page/UserScript.h:
        (WebCore::UserScript::UserScript):
        * page/UserStyleSheet.h:
        (WebCore::UserStyleSheet::UserStyleSheet):
        * page/WheelEventTestTrigger.cpp:
        (WebCore::WheelEventTestTrigger::setTestCallbackAndStartNotificationTimer):
        (WebCore::WheelEventTestTrigger::triggerTestTimerFired):
        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle):
        (WebCore::AnimationControllerPrivate::addElementChangeToDispatch):
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFilter):
        (WebCore::crossfadeBlend):
        (WebCore::PropertyWrapperShadow::blendSimpleOrMatchedShadowLists):
        (WebCore::PropertyWrapperShadow::blendMismatchedShadowLists):
        (WebCore::ShorthandPropertyWrapper::ShorthandPropertyWrapper):
        (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::RingBuffer::append):
        (WebCore::MemoryCategoryInfo::MemoryCategoryInfo):
        * page/mac/TextIndicatorWindow.mm:
        (WebCore::TextIndicatorWindow::clearTextIndicator):
        * page/scrolling/AxisScrollSnapOffsets.cpp:
        (WebCore::updateSnapOffsetsForScrollableArea):
        * page/scrolling/ScrollingStateTree.cpp:
        (WebCore::ScrollingStateTree::setRemovedNodes):
        * page/scrolling/ScrollingThread.cpp:
        (WebCore::ScrollingThread::dispatchBarrier):
        (WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
        * page/scrolling/ThreadedScrollingTree.cpp:
        (WebCore::ThreadedScrollingTree::commitNewTreeState):
        * page/scrolling/ios/ScrollingTreeIOS.cpp:
        (WebCore::ScrollingTreeIOS::commitNewTreeState):
        * page/scrolling/mac/ScrollingCoordinatorMac.mm:
        (WebCore::ScrollingCoordinatorMac::commitTreeState):
        * platform/CalculationValue.cpp:
        (WebCore::CalculationValue::create):
        * platform/CalculationValue.h:
        (WebCore::CalculationValue::CalculationValue):
        (WebCore::CalcExpressionBinaryOperation::CalcExpressionBinaryOperation):
        * platform/DragImage.cpp:
        (WebCore::createDragImageFromSnapshot):
        * platform/KeyedCoding.h:
        (WebCore::KeyedDecoder::decodeObjects):
        * platform/Length.cpp:
        (WebCore::Length::Length):
        (WebCore::Length::blendMixedTypes):
        * platform/LengthSize.h:
        (WebCore::LengthSize::LengthSize):
        (WebCore::LengthSize::setWidth):
        (WebCore::LengthSize::setHeight):
        * platform/MainThreadSharedTimer.cpp:
        (WebCore::MainThreadSharedTimer::setFiredFunction):
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::setHorizontalSnapOffsets):
        (WebCore::ScrollableArea::setVerticalSnapOffsets):
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::SharedBuffer):
        (WebCore::SharedBuffer::createWithContentsOfFile):
        (WebCore::SharedBuffer::maybeTransferMappedFileData):
        * platform/Supplementable.h:
        (WebCore::Supplement::provideTo):
        (WebCore::Supplementable::provideSupplement):
        * platform/Timer.h:
        (WebCore::Timer::Timer):
        (WebCore::DeferrableOneShotTimer::DeferrableOneShotTimer):
        * platform/URL.h:
        (WebCore::URLCapture::releaseURL):
        * platform/audio/AudioBus.cpp:
        (WebCore::AudioBus::AudioBus):
        * platform/audio/HRTFDatabase.cpp:
        (WebCore::HRTFDatabase::HRTFDatabase):
        * platform/audio/HRTFElevation.cpp:
        (WebCore::HRTFElevation::createForSubject):
        (WebCore::HRTFElevation::createByInterpolatingSlices):
        * platform/audio/HRTFElevation.h:
        (WebCore::HRTFElevation::HRTFElevation):
        * platform/audio/HRTFKernel.cpp:
        (WebCore::HRTFKernel::createInterpolatedKernel):
        * platform/audio/HRTFKernel.h:
        (WebCore::HRTFKernel::create):
        (WebCore::HRTFKernel::HRTFKernel):
        * platform/audio/ReverbConvolver.cpp:
        (WebCore::ReverbConvolver::ReverbConvolver):
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (-[WebMediaSessionHelper dealloc]):
        * platform/cf/KeyedDecoderCF.cpp:
        (WebCore::KeyedDecoderCF::KeyedDecoderCF):
        * platform/cocoa/ContentFilterUnblockHandlerCocoa.mm:
        (WebCore::ContentFilterUnblockHandler::ContentFilterUnblockHandler):
        * platform/glib/KeyedDecoderGlib.cpp:
        (WebCore::KeyedDecoderGlib::dictionaryFromGVariant):
        * platform/graphics/FloatPolygon.cpp:
        (WebCore::FloatPolygon::FloatPolygon):
        * platform/graphics/Font.cpp:
        (WebCore::Font::Font):
        (WebCore::createAndFillGlyphPage):
        (WebCore::Font::systemFallbackFontForCharacter):
        * platform/graphics/Font.h:
        (WebCore::Font::create):
        * platform/graphics/FontCache.cpp:
        (WebCore::FontCache::purgeInactiveFontData):
        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascadeCacheEntry::FontCascadeCacheEntry):
        (WebCore::retrieveOrAddCachedFonts):
        (WebCore::FontCascade::update):
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::realizeNextFallback):
        * platform/graphics/FontCascadeFonts.h:
        (WebCore::FontCascadeFonts::create):
        * platform/graphics/FontDescription.h:
        (WebCore::FontDescription::setFeatureSettings):
        * platform/graphics/FontFeatureSettings.cpp:
        (WebCore::FontFeature::FontFeature):
        (WebCore::FontFeatureSettings::insert):
        * platform/graphics/FontRanges.h:
        (WebCore::FontRanges::Range::Range):
        * platform/graphics/GLContext.cpp:
        (WebCore::GLContext::createContextForWindow):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::setStrokePattern):
        (WebCore::GraphicsContext::setFillPattern):
        (WebCore::GraphicsContext::setStrokeGradient):
        (WebCore::GraphicsContext::setFillGradient):
        (WebCore::GraphicsContext::drawConsumingImageBuffer):
        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::KeyframeValueList::insert):
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::setWirelessPlaybackTarget):
        (WebCore::MediaPlayer::createResourceLoader):
        * platform/graphics/PlatformMediaResourceLoader.h:
        (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader):
        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm:
        (WebCore::CDMPrivateMediaSourceAVFObjC::createSession):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setWirelessPlaybackTarget):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setWirelessPlaybackTarget):
        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::setContentsScale):
        * platform/graphics/cg/IOSurfacePool.cpp:
        (WebCore::IOSurfacePool::takeSurface):
        (WebCore::IOSurfacePool::addSurface):
        (WebCore::IOSurfacePool::insertSurfaceIntoPool):
        (WebCore::IOSurfacePool::collectInUseSurfaces):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::copyImage):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::sinkIntoNativeImage):
        (WebCore::ImageBuffer::drawConsuming):
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::moveToPool):
        (IOSurface::createFromImageBuffer):
        (IOSurface::convertToFormat):
        * platform/graphics/efl/CairoUtilitiesEfl.cpp:
        (WebCore::evasObjectFromCairoImageSurface):
        * platform/graphics/efl/GraphicsContext3DEfl.cpp:
        (WebCore::GraphicsContext3D::setContextLostCallback):
        * platform/graphics/efl/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::setContextLostCallback):
        * platform/graphics/egl/GLContextEGL.cpp:
        (WebCore::GLContextEGL::createWindowContext):
        (WebCore::GLContextEGL::createPixmapContext):
        (WebCore::GLContextEGL::createContext):
        (WebCore::GLContextEGL::GLContextEGL):
        * platform/graphics/filters/FETile.cpp:
        (WebCore::FETile::platformApplySoftware):
        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::setSourceImage):
        * platform/graphics/filters/FilterOperation.h:
        * platform/graphics/glx/GLContextGLX.cpp:
        (WebCore::GLContextGLX::createWindowContext):
        (WebCore::GLContextGLX::createPbufferContext):
        (WebCore::GLContextGLX::createPixmapContext):
        (WebCore::GLContextGLX::createContext):
        (WebCore::GLContextGLX::GLContextGLX):
        * platform/graphics/gpu/Texture.cpp:
        (WebCore::Texture::Texture):
        (WebCore::Texture::create):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
        * platform/graphics/gstreamer/MediaPlayerRequestInstallMissingPluginsCallback.h:
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::create):
        (WebCore::MediaPlayerRequestInstallMissingPluginsCallback::MediaPlayerRequestInstallMissingPluginsCallback):
        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (VideoRenderRequestScheduler::render):
        * platform/graphics/mac/MediaPlayerPrivateQTKit.mm:
        (WebCore::MediaPlayerPrivateQTKit::setWirelessPlaybackTarget):
        * platform/graphics/opengl/Extensions3DOpenGLES.cpp:
        (WebCore::Extensions3DOpenGLES::setEXTContextLostCallback):
        * platform/graphics/surfaces/GLTransportSurface.cpp:
        (WebCore::GLTransportSurface::createTransportSurface):
        (WebCore::GLTransportSurfaceClient::createTransportSurfaceClient):
        * platform/graphics/surfaces/egl/EGLSurface.cpp:
        (WebCore::EGLTransportSurface::createTransportSurface):
        (WebCore::EGLTransportSurface::createTransportSurfaceClient):
        * platform/graphics/texmap/BitmapTexturePool.cpp:
        (WebCore::BitmapTexturePool::BitmapTexturePool):
        * platform/graphics/texmap/BitmapTexturePool.h:
        (WebCore::BitmapTexturePool::Entry::Entry):
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::removeAllChildren):
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
        (WebCore::TextureMapperPlatformLayerBuffer::TextureMapperPlatformLayerBuffer):
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
        (WebCore::TextureMapperPlatformLayerBuffer::setUnmanagedBufferDataHolder):
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
        (WebCore::TextureMapperPlatformLayerProxy::pushNextBuffer):
        (WebCore::TextureMapperPlatformLayerProxy::getAvailableBuffer):
        (WebCore::TextureMapperPlatformLayerProxy::releaseUnusedBuffersTimerFired):
        (WebCore::TextureMapperPlatformLayerProxy::swapBuffer):
        (WebCore::TextureMapperPlatformLayerProxy::scheduleUpdateOnCompositorThread):
        (WebCore::TextureMapperPlatformLayerProxy::compositorThreadUpdateTimerFired):
        * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
        (WebCore::CompositingCoordinator::releaseInactiveAtlasesTimerFired):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::adjustContentsScale):
        * platform/graphics/wayland/PlatformDisplayWayland.cpp:
        (WebCore::PlatformDisplayWayland::createSharingGLContext):
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::FontCache::createFontPlatformData):
        * platform/graphics/win/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData):
        * platform/graphics/win/FontPlatformDataCGWin.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        * platform/graphics/win/FontPlatformDataCairoWin.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        * platform/graphics/win/FontPlatformDataWin.cpp:
        (WebCore::FontPlatformData::FontPlatformData):
        * platform/graphics/win/SharedGDIObject.h:
        (WebCore::SharedGDIObject::create):
        (WebCore::SharedGDIObject::SharedGDIObject):
        * platform/graphics/win/SimpleFontDataWin.cpp:
        (WebCore::Font::platformCreateScaledFont):
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::preparedToReturnToInline):
        * platform/mac/HIDGamepadProvider.cpp:
        (WebCore::HIDGamepadProvider::deviceAdded):
        * platform/mac/ThemeMac.mm:
        (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::create):
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::create):
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::currentFrameImage):
        * platform/network/BlobData.h:
        (WebCore::RawData::create):
        (WebCore::RawData::RawData):
        * platform/network/BlobPart.h:
        (WebCore::BlobPart::BlobPart):
        (WebCore::BlobPart::moveData):
        * platform/network/DataURLDecoder.cpp:
        (WebCore::DataURLDecoder::DecodingResultDispatcher::dispatch):
        (WebCore::DataURLDecoder::DecodingResultDispatcher::DecodingResultDispatcher):
        (WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):
        (WebCore::DataURLDecoder::createDecodeTask):
        (WebCore::DataURLDecoder::decode):
        * platform/network/HTTPHeaderMap.cpp:
        (WebCore::HTTPHeaderMap::adopt):
        * platform/network/NetworkStateNotifier.cpp:
        (WebCore::NetworkStateNotifier::addNetworkStateChangeListener):
        * platform/network/ResourceHandle.h:
        (WebCore::ResourceHandle::setQuickLookHandle):
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::adopt):
        (WebCore::ResourceRequestBase::copyData):
        (WebCore::ResourceRequestBase::setHTTPHeaderFields):
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::adopt):
        (WebCore::ResourceResponseBase::copyData):
        * platform/network/cf/FormDataStreamCFNet.cpp:
        (WebCore::advanceCurrentStream):
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::releaseConnectionForDownload):
        * platform/network/curl/CurlCacheManager.cpp:
        (WebCore::CurlCacheManager::loadIndex):
        (WebCore::CurlCacheManager::didReceiveResponse):
        * platform/network/curl/SocketStreamHandle.h:
        (WebCore::SocketStreamHandle::SocketData::SocketData):
        * platform/network/curl/SocketStreamHandleCurl.cpp:
        (WebCore::SocketStreamHandle::platformSend):
        (WebCore::SocketStreamHandle::readData):
        (WebCore::SocketStreamHandle::sendData):
        (WebCore::SocketStreamHandle::didReceiveData):
        (WebCore::SocketStreamHandle::createCopy):
        * platform/network/soup/NetworkStorageSessionSoup.cpp:
        (WebCore::NetworkStorageSession::NetworkStorageSession):
        (WebCore::NetworkStorageSession::setSoupNetworkSession):
        * platform/text/LocaleICU.cpp:
        (WebCore::LocaleICU::createLabelVector):
        (WebCore::createFallbackMonthLabels):
        (WebCore::createFallbackAMPMLabels):
        * platform/win/WCDataObject.cpp:
        (WebCore::WCDataObject::SetData):
        * plugins/DOMMimeType.cpp:
        (WebCore::DOMMimeType::DOMMimeType):
        * plugins/DOMMimeType.h:
        (WebCore::DOMMimeType::create):
        * plugins/DOMPlugin.cpp:
        (WebCore::DOMPlugin::DOMPlugin):
        * plugins/DOMPlugin.h:
        (WebCore::DOMPlugin::create):
        * plugins/PluginData.cpp:
        (WebCore::PluginData::publiclyVisiblePlugins):
        * rendering/ClipPathOperation.h:
        * rendering/FloatingObjects.cpp:
        (WebCore::FloatingObjects::moveAllToFloatInfoMap):
        (WebCore::FloatingObjects::add):
        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::LayoutState):
        * rendering/RenderAttachment.cpp:
        (WebCore::RenderAttachment::RenderAttachment):
        * rendering/RenderBlock.cpp:
        (WebCore::OverflowEventDispatcher::~OverflowEventDispatcher):
        (WebCore::RenderBlock::RenderBlock):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::RenderBlockFlow):
        (WebCore::RenderBlockFlow::layoutLineGridBox):
        (WebCore::RenderBlockFlow::insertFloatingObject):
        * rendering/RenderBlockFlow.h:
        (WebCore::RenderBlockFlow::setLineGridBox):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::createAndAppendRootInlineBox):
        (WebCore::constructBidiRunsForSegment):
        (WebCore::RenderBlockFlow::linkToEndLineIfNeeded):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::RenderBox):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::RenderBoxModelObject):
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::RenderButton):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::RenderDeprecatedFlexibleBox::RenderDeprecatedFlexibleBox):
        * rendering/RenderDetailsMarker.cpp:
        (WebCore::RenderDetailsMarker::RenderDetailsMarker):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        (WebCore::RenderElement::createFor):
        (WebCore::RenderElement::setStyle):
        (WebCore::RenderElement::propagateStyleToAnonymousChildren):
        * rendering/RenderElement.h:
        (WebCore::RenderElement::setStyleInternal):
        (WebCore::RenderElement::setAnimatableStyle):
        * rendering/RenderEmbeddedObject.cpp:
        (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
        (WebCore::RenderEmbeddedObject::createForApplet):
        * rendering/RenderFieldset.cpp:
        (WebCore::RenderFieldset::RenderFieldset):
        * rendering/RenderFileUploadControl.cpp:
        (WebCore::RenderFileUploadControl::RenderFileUploadControl):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::RenderFlexibleBox):
        * rendering/RenderFlowThread.cpp:
        (WebCore::RenderFlowThread::RenderFlowThread):
        * rendering/RenderFrame.cpp:
        (WebCore::RenderFrame::RenderFrame):
        * rendering/RenderFrameBase.cpp:
        (WebCore::RenderFrameBase::RenderFrameBase):
        * rendering/RenderFrameSet.cpp:
        (WebCore::RenderFrameSet::RenderFrameSet):
        * rendering/RenderFullScreen.cpp:
        (WebCore::RenderFullScreen::RenderFullScreen):
        (WebCore::RenderFullScreen::createPlaceholder):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::RenderGrid):
        (WebCore::RenderGrid::computeFlexFactorUnitSize):
        * rendering/RenderHTMLCanvas.cpp:
        (WebCore::RenderHTMLCanvas::RenderHTMLCanvas):
        * rendering/RenderIFrame.cpp:
        (WebCore::RenderIFrame::RenderIFrame):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::RenderImage):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::RenderInline):
        (WebCore::updateStyleOfAnonymousBlockContinuations):
        (WebCore::RenderInline::addChildIgnoringContinuation):
        (WebCore::RenderInline::splitInlines):
        (WebCore::RenderInline::createAndAppendInlineFlowBox):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::registerAllViewportConstrainedLayers):
        * rendering/RenderLayerModelObject.cpp:
        (WebCore::RenderLayerModelObject::RenderLayerModelObject):
        * rendering/RenderLineBreak.cpp:
        (WebCore::RenderLineBreak::RenderLineBreak):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::RenderListBox):
        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::RenderListItem):
        (WebCore::RenderListItem::styleDidChange):
        * rendering/RenderListMarker.cpp:
        (WebCore::RenderListMarker::RenderListMarker):
        * rendering/RenderMedia.cpp:
        (WebCore::RenderMedia::RenderMedia):
        * rendering/RenderMediaControlElements.cpp:
        (WebCore::RenderMediaVolumeSliderContainer::RenderMediaVolumeSliderContainer):
        (WebCore::RenderMediaControlTimelineContainer::RenderMediaControlTimelineContainer):
        (WebCore::RenderTextTrackContainerElement::RenderTextTrackContainerElement):
        * rendering/RenderMenuList.cpp:
        (WebCore::RenderMenuList::RenderMenuList):
        * rendering/RenderMeter.cpp:
        (WebCore::RenderMeter::RenderMeter):
        * rendering/RenderMultiColumnFlowThread.cpp:
        (WebCore::RenderMultiColumnFlowThread::RenderMultiColumnFlowThread):
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::RenderMultiColumnSet):
        * rendering/RenderMultiColumnSpannerPlaceholder.cpp:
        (WebCore::RenderMultiColumnSpannerPlaceholder::RenderMultiColumnSpannerPlaceholder):
        * rendering/RenderNamedFlowFragment.cpp:
        (WebCore::RenderNamedFlowFragment::RenderNamedFlowFragment):
        * rendering/RenderNamedFlowThread.cpp:
        (WebCore::RenderNamedFlowThread::RenderNamedFlowThread):
        (WebCore::RenderNamedFlowThread::updateWritingMode):
        * rendering/RenderProgress.cpp:
        (WebCore::RenderProgress::RenderProgress):
        * rendering/RenderPtr.h:
        * rendering/RenderQuote.cpp:
        (WebCore::RenderQuote::RenderQuote):
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::RenderRegion):
        * rendering/RenderRegionSet.cpp:
        (WebCore::RenderRegionSet::RenderRegionSet):
        * rendering/RenderReplaced.cpp:
        (WebCore::RenderReplaced::RenderReplaced):
        * rendering/RenderReplica.cpp:
        (WebCore::RenderReplica::RenderReplica):
        * rendering/RenderRuby.cpp:
        (WebCore::RenderRubyAsInline::RenderRubyAsInline):
        (WebCore::RenderRubyAsBlock::RenderRubyAsBlock):
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::RenderRubyBase):
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::RenderRubyRun):
        (WebCore::RenderRubyRun::createRubyBase):
        * rendering/RenderRubyText.cpp:
        (WebCore::RenderRubyText::RenderRubyText):
        * rendering/RenderScrollbarPart.cpp:
        (WebCore::RenderScrollbarPart::RenderScrollbarPart):
        * rendering/RenderSearchField.cpp:
        (WebCore::RenderSearchField::RenderSearchField):
        (WebCore::RenderSearchField::updateCancelButtonVisibility):
        * rendering/RenderSlider.cpp:
        (WebCore::RenderSlider::RenderSlider):
        * rendering/RenderSnapshottedPlugIn.cpp:
        (WebCore::RenderSnapshottedPlugIn::RenderSnapshottedPlugIn):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::RenderTable):
        * rendering/RenderTableCaption.cpp:
        (WebCore::RenderTableCaption::RenderTableCaption):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::RenderTableCell):
        * rendering/RenderTableCol.cpp:
        (WebCore::RenderTableCol::RenderTableCol):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::RenderTableRow):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::RenderTableSection):
        * rendering/RenderTextControl.cpp:
        (WebCore::RenderTextControl::RenderTextControl):
        * rendering/RenderTextControl.h:
        * rendering/RenderTextControlMultiLine.cpp:
        (WebCore::RenderTextControlMultiLine::RenderTextControlMultiLine):
        * rendering/RenderTextControlSingleLine.cpp:
        (WebCore::RenderTextControlSingleLine::RenderTextControlSingleLine):
        * rendering/RenderTextControlSingleLine.h:
        * rendering/RenderThemeEfl.cpp:
        (WebCore::RenderThemeEfl::getThemePartFromCache):
        (WebCore::RenderThemeEfl::loadTheme):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):
        * rendering/RenderVTTCue.cpp:
        (WebCore::RenderVTTCue::RenderVTTCue):
        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::RenderVideo):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::RenderView):
        (WebCore::RenderView::updateSelectionForSubtrees):
        (WebCore::RenderView::applySubtreeSelection):
        * rendering/RenderView.h:
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::RenderWidget):
        * rendering/RootInlineBox.cpp:
        (WebCore::RootInlineBox::placeEllipsis):
        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::RenderMathMLBlock::RenderMathMLBlock):
        * rendering/mathml/RenderMathMLBlock.h:
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::RenderMathMLFenced):
        * rendering/mathml/RenderMathMLFraction.cpp:
        (WebCore::RenderMathMLFraction::RenderMathMLFraction):
        * rendering/mathml/RenderMathMLMath.cpp:
        (WebCore::RenderMathMLMath::RenderMathMLMath):
        * rendering/mathml/RenderMathMLMenclose.cpp:
        (WebCore::RenderMathMLMenclose::RenderMathMLMenclose):
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::RenderMathMLOperator):
        (WebCore::RenderMathMLOperator::updateStyle):
        * rendering/mathml/RenderMathMLRadicalOperator.cpp:
        (WebCore::RenderMathMLRadicalOperator::RenderMathMLRadicalOperator):
        * rendering/mathml/RenderMathMLRoot.cpp:
        (WebCore::RenderMathMLRoot::RenderMathMLRoot):
        (WebCore::RenderMathMLRoot::updateStyle):
        * rendering/mathml/RenderMathMLRoot.h:
        * rendering/mathml/RenderMathMLRow.cpp:
        (WebCore::RenderMathMLRow::RenderMathMLRow):
        * rendering/mathml/RenderMathMLScripts.cpp:
        (WebCore::RenderMathMLScripts::RenderMathMLScripts):
        * rendering/mathml/RenderMathMLScripts.h:
        * rendering/mathml/RenderMathMLSpace.cpp:
        (WebCore::RenderMathMLSpace::RenderMathMLSpace):
        * rendering/mathml/RenderMathMLSquareRoot.cpp:
        (WebCore::RenderMathMLSquareRoot::RenderMathMLSquareRoot):
        * rendering/mathml/RenderMathMLToken.cpp:
        (WebCore::RenderMathMLToken::RenderMathMLToken):
        (WebCore::RenderMathMLToken::updateStyle):
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
        * rendering/shapes/PolygonShape.h:
        (WebCore::PolygonShape::PolygonShape):
        * rendering/shapes/RasterShape.h:
        * rendering/shapes/Shape.cpp:
        (WebCore::createPolygonShape):
        (WebCore::Shape::createShape):
        (WebCore::Shape::createRasterShape):
        (WebCore::Shape::createBoxShape):
        * rendering/style/BasicShapes.cpp:
        (WebCore::BasicShapeCenterCoordinate::updateComputedLength):
        (WebCore::BasicShapeCircle::blend):
        (WebCore::BasicShapeEllipse::blend):
        (WebCore::BasicShapePolygon::blend):
        (WebCore::BasicShapePath::BasicShapePath):
        (WebCore::BasicShapePath::blend):
        (WebCore::BasicShapeInset::blend):
        * rendering/style/BasicShapes.h:
        * rendering/style/ContentData.cpp:
        (WebCore::ContentData::clone):
        (WebCore::ImageContentData::createContentRenderer):
        (WebCore::TextContentData::createContentRenderer):
        (WebCore::QuoteContentData::createContentRenderer):
        * rendering/style/ContentData.h:
        (WebCore::ContentData::setNext):
        * rendering/style/DataRef.h:
        (WebCore::DataRef::DataRef):
        * rendering/style/FillLayer.cpp:
        (WebCore::FillLayer::~FillLayer):
        * rendering/style/FillLayer.h:
        (WebCore::FillLayer::setXPosition):
        (WebCore::FillLayer::setYPosition):
        (WebCore::FillLayer::setNext):
        * rendering/style/NinePieceImage.cpp:
        (WebCore::NinePieceImage::NinePieceImage):
        * rendering/style/NinePieceImage.h:
        (WebCore::NinePieceImage::setImageSlices):
        (WebCore::NinePieceImage::setBorderSlices):
        (WebCore::NinePieceImage::setOutset):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::setWillChange):
        (WebCore::RenderStyle::appendContent):
        (WebCore::RenderStyle::setContent):
        (WebCore::RenderStyle::setTextShadow):
        (WebCore::RenderStyle::setBoxShadow):
        (WebCore::RenderStyle::setWordSpacing):
        (WebCore::RenderStyle::setScrollSnapPointsX):
        (WebCore::RenderStyle::setScrollSnapPointsY):
        (WebCore::RenderStyle::setScrollSnapDestination):
        (WebCore::RenderStyle::setScrollSnapCoordinates):
        * rendering/style/RenderStyle.h:
        * rendering/style/SVGRenderStyle.h:
        (WebCore::SVGRenderStyle::setShadow):
        * rendering/style/ShadowData.h:
        (WebCore::ShadowData::setNext):
        * rendering/style/StyleGeneratedImage.cpp:
        (WebCore::StyleGeneratedImage::StyleGeneratedImage):
        * rendering/style/StyleGeneratedImage.h:
        * rendering/style/StyleReflection.h:
        (WebCore::StyleReflection::setOffset):
        * rendering/svg/RenderSVGBlock.cpp:
        (WebCore::RenderSVGBlock::RenderSVGBlock):
        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::RenderSVGContainer):
        * rendering/svg/RenderSVGEllipse.cpp:
        (WebCore::RenderSVGEllipse::RenderSVGEllipse):
        * rendering/svg/RenderSVGForeignObject.cpp:
        (WebCore::RenderSVGForeignObject::RenderSVGForeignObject):
        * rendering/svg/RenderSVGGradientStop.cpp:
        (WebCore::RenderSVGGradientStop::RenderSVGGradientStop):
        * rendering/svg/RenderSVGHiddenContainer.cpp:
        (WebCore::RenderSVGHiddenContainer::RenderSVGHiddenContainer):
        * rendering/svg/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::RenderSVGImage):
        * rendering/svg/RenderSVGInline.cpp:
        (WebCore::RenderSVGInline::RenderSVGInline):
        (WebCore::RenderSVGInline::createInlineFlowBox):
        * rendering/svg/RenderSVGInlineText.cpp:
        (WebCore::RenderSVGInlineText::createTextBox):
        * rendering/svg/RenderSVGModelObject.cpp:
        (WebCore::RenderSVGModelObject::RenderSVGModelObject):
        * rendering/svg/RenderSVGPath.cpp:
        (WebCore::RenderSVGPath::RenderSVGPath):
        * rendering/svg/RenderSVGRect.cpp:
        (WebCore::RenderSVGRect::RenderSVGRect):
        * rendering/svg/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::RenderSVGResourceClipper):
        * rendering/svg/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::RenderSVGResourceContainer):
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::RenderSVGResourceFilter):
        (WebCore::RenderSVGResourceFilter::buildPrimitives):
        (WebCore::RenderSVGResourceFilter::applyResource):
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        * rendering/svg/RenderSVGResourceFilterPrimitive.cpp:
        (WebCore::RenderSVGResourceFilterPrimitive::RenderSVGResourceFilterPrimitive):
        * rendering/svg/RenderSVGResourceGradient.cpp:
        (WebCore::RenderSVGResourceGradient::RenderSVGResourceGradient):
        (WebCore::createMaskAndSwapContextForTextGradient):
        * rendering/svg/RenderSVGResourceLinearGradient.cpp:
        (WebCore::RenderSVGResourceLinearGradient::RenderSVGResourceLinearGradient):
        * rendering/svg/RenderSVGResourceMarker.cpp:
        (WebCore::RenderSVGResourceMarker::RenderSVGResourceMarker):
        * rendering/svg/RenderSVGResourceMasker.cpp:
        (WebCore::RenderSVGResourceMasker::RenderSVGResourceMasker):
        * rendering/svg/RenderSVGResourcePattern.cpp:
        (WebCore::RenderSVGResourcePattern::RenderSVGResourcePattern):
        (WebCore::RenderSVGResourcePattern::buildPattern):
        * rendering/svg/RenderSVGResourceRadialGradient.cpp:
        (WebCore::RenderSVGResourceRadialGradient::RenderSVGResourceRadialGradient):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::RenderSVGRoot):
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::RenderSVGShape):
        * rendering/svg/RenderSVGTSpan.h:
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::RenderSVGText):
        (WebCore::RenderSVGText::createRootInlineBox):
        * rendering/svg/RenderSVGTextPath.cpp:
        (WebCore::RenderSVGTextPath::RenderSVGTextPath):
        * rendering/svg/RenderSVGTransformableContainer.cpp:
        (WebCore::RenderSVGTransformableContainer::RenderSVGTransformableContainer):
        * rendering/svg/RenderSVGViewportContainer.cpp:
        (WebCore::RenderSVGViewportContainer::RenderSVGViewportContainer):
        * rendering/svg/SVGResourcesCache.cpp:
        (WebCore::SVGResourcesCache::addResourcesFromRenderer):
        * replay/CapturingInputCursor.cpp:
        (WebCore::CapturingInputCursor::CapturingInputCursor):
        (WebCore::CapturingInputCursor::create):
        (WebCore::CapturingInputCursor::storeInput):
        * replay/FunctorInputCursor.h:
        (WebCore::FunctorInputCursor::FunctorInputCursor):
        * replay/MemoizedDOMResult.cpp:
        (JSC::InputTraits<MemoizedDOMResultBase>::decode):
        * replay/ReplayController.cpp:
        (WebCore::ReplayController::createSegment):
        * replay/ReplayInputCreationMethods.cpp:
        (WebCore::InitialNavigation::createFromPage):
        * replay/ReplaySession.cpp:
        (WebCore::ReplaySession::appendSegment):
        (WebCore::ReplaySession::insertSegment):
        * replay/ReplayingInputCursor.cpp:
        (WebCore::ReplayingInputCursor::ReplayingInputCursor):
        (WebCore::ReplayingInputCursor::create):
        * replay/SegmentedInputStorage.cpp:
        (WebCore::SegmentedInputStorage::store):
        * replay/SerializationMethods.cpp:
        (JSC::EncodingTraits<NondeterministicInputBase>::decodeValue):
        * replay/UserInputBridge.cpp:
        (WebCore::UserInputBridge::handleMousePressEvent):
        (WebCore::UserInputBridge::handleMouseReleaseEvent):
        (WebCore::UserInputBridge::handleMouseMoveEvent):
        (WebCore::UserInputBridge::handleMouseMoveOnScrollbarEvent):
        (WebCore::UserInputBridge::handleKeyEvent):
        (WebCore::UserInputBridge::handleWheelEvent):
        * storage/Storage.cpp:
        (WebCore::Storage::create):
        (WebCore::Storage::Storage):
        * style/StyleResolveForDocument.cpp:
        (WebCore::Style::resolveForDocument):
        * style/StyleResolveTree.cpp:
        (WebCore::Style::createRendererIfNeeded):
        (WebCore::Style::setBeforeOrAfterPseudoElement):
        (WebCore::Style::resolveTree):
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::createElementRenderer):
        * svg/SVGAltGlyphElement.cpp:
        (WebCore::SVGAltGlyphElement::createElementRenderer):
        * svg/SVGAnimatedPath.cpp:
        (WebCore::SVGAnimatedPathAnimator::constructFromString):
        (WebCore::SVGAnimatedPathAnimator::startAnimValAnimation):
        * svg/SVGAnimatedTypeAnimator.cpp:
        (WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesForAttributeName):
        * svg/SVGCircleElement.cpp:
        (WebCore::SVGCircleElement::createElementRenderer):
        * svg/SVGClipPathElement.cpp:
        (WebCore::SVGClipPathElement::createElementRenderer):
        * svg/SVGDefsElement.cpp:
        (WebCore::SVGDefsElement::createElementRenderer):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::markPendingResourcesForRemoval):
        (WebCore::SVGDocumentExtensions::addElementReferencingTarget):
        (WebCore::SVGDocumentExtensions::rebuildElements):
        * svg/SVGEllipseElement.cpp:
        (WebCore::SVGEllipseElement::createElementRenderer):
        * svg/SVGFilterElement.cpp:
        (WebCore::SVGFilterElement::createElementRenderer):
        * svg/SVGFilterPrimitiveStandardAttributes.cpp:
        (WebCore::SVGFilterPrimitiveStandardAttributes::createElementRenderer):
        * svg/SVGFontElement.cpp:
        (WebCore::SVGKerningMap::insert):
        * svg/SVGForeignObjectElement.cpp:
        (WebCore::SVGForeignObjectElement::createElementRenderer):
        * svg/SVGGElement.cpp:
        (WebCore::SVGGElement::createElementRenderer):
        * svg/SVGGraphicsElement.cpp:
        (WebCore::SVGGraphicsElement::createElementRenderer):
        * svg/SVGImageElement.cpp:
        (WebCore::SVGImageElement::createElementRenderer):
        * svg/SVGLinearGradientElement.cpp:
        (WebCore::SVGLinearGradientElement::createElementRenderer):
        * svg/SVGMarkerElement.cpp:
        (WebCore::SVGMarkerElement::createElementRenderer):
        * svg/SVGMaskElement.cpp:
        (WebCore::SVGMaskElement::createElementRenderer):
        * svg/SVGPathElement.cpp:
        (WebCore::SVGPathElement::createElementRenderer):
        * svg/SVGPathUtilities.cpp:
        (WebCore::appendSVGPathByteStreamFromSVGPathSeg):
        * svg/SVGPatternElement.cpp:
        (WebCore::SVGPatternElement::createElementRenderer):
        * svg/SVGRadialGradientElement.cpp:
        (WebCore::SVGRadialGradientElement::createElementRenderer):
        * svg/SVGRectElement.cpp:
        (WebCore::SVGRectElement::createElementRenderer):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::createElementRenderer):
        * svg/SVGStopElement.cpp:
        (WebCore::SVGStopElement::createElementRenderer):
        * svg/SVGSwitchElement.cpp:
        (WebCore::SVGSwitchElement::createElementRenderer):
        * svg/SVGSymbolElement.cpp:
        (WebCore::SVGSymbolElement::createElementRenderer):
        * svg/SVGTRefElement.cpp:
        (WebCore::SVGTRefTargetEventListener::attach):
        (WebCore::SVGTRefElement::createElementRenderer):
        * svg/SVGTSpanElement.cpp:
        (WebCore::SVGTSpanElement::createElementRenderer):
        * svg/SVGTextElement.cpp:
        (WebCore::SVGTextElement::createElementRenderer):
        * svg/SVGTextPathElement.cpp:
        (WebCore::SVGTextPathElement::createElementRenderer):
        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::releaseResult):
        (WebCore::SVGToOTFFontConverter::appendKERNSubtable):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::createElementRenderer):
        (WebCore::SVGUseElement::cloneTarget):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::~SVGImage):
        (WebCore::SVGImage::drawPatternForContainer):
        * testing/Internals.cpp:
        (WebCore::Internals::insertAuthorCSS):
        (WebCore::Internals::insertUserCSS):
        (WebCore::Internals::queueMicroTask):
        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::postMessage):
        * workers/Worker.cpp:
        (WebCore::Worker::create):
        (WebCore::Worker::postMessage):
        * workers/WorkerEventQueue.cpp:
        (WebCore::WorkerEventQueue::EventDispatcher::EventDispatcher):
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::postTask):
        (WebCore::WorkerGlobalScope::setTimeout):
        (WebCore::WorkerGlobalScope::setInterval):
        (WebCore::WorkerGlobalScope::importScripts):
        (WebCore::WorkerGlobalScope::addMessage):
        (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::postTaskToLoader):
        (WebCore::WorkerMessagingProxy::postTaskForModeToWorkerGlobalScope):
        (WebCore::WorkerMessagingProxy::workerThreadCreated):
        * workers/WorkerRunLoop.cpp:
        (WebCore::WorkerRunLoop::postTask):
        (WebCore::WorkerRunLoop::postTaskAndTerminate):
        (WebCore::WorkerRunLoop::postTaskForMode):
        (WebCore::WorkerRunLoop::Task::Task):
        * xml/DOMParser.cpp:
        (WebCore::DOMParser::parseFromString):
        * xml/NativeXPathNSResolver.cpp:
        (WebCore::NativeXPathNSResolver::NativeXPathNSResolver):
        * xml/NativeXPathNSResolver.h:
        (WebCore::NativeXPathNSResolver::create):
        * xml/XMLErrors.cpp:
        (WebCore::XMLErrors::insertErrorMessageBlock):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::responseBlob):
        * xml/XMLHttpRequestProgressEventThrottle.cpp:
        (WebCore::XMLHttpRequestProgressEventThrottle::flushProgressEvent):
        (WebCore::XMLHttpRequestProgressEventThrottle::dispatchDeferredEvents):
        * xml/XMLTreeViewer.cpp:
        (WebCore::XMLTreeViewer::transformDocumentToTreeView):
        * xml/XPathExpression.cpp:
        (WebCore::XPathExpression::XPathExpression):
        (WebCore::XPathExpression::createExpression):
        * xml/XPathExpressionNode.cpp:
        (WebCore::XPath::Expression::setSubexpressions):
        * xml/XPathExpressionNode.h:
        (WebCore::XPath::Expression::addSubexpression):
        * xml/XPathFunctions.cpp:
        (WebCore::XPath::Function::setArguments):
        (WebCore::XPath::FunId::evaluate):
        (WebCore::XPath::Function::create):
        * xml/XPathGrammar.y:
        * xml/XPathNodeSet.cpp:
        (WebCore::XPath::NodeSet::sort):
        (WebCore::XPath::NodeSet::traversalSort):
        * xml/XPathNodeSet.h:
        (WebCore::XPath::NodeSet::NodeSet):
        (WebCore::XPath::NodeSet::append):
        * xml/XPathParser.cpp:
        (WebCore::XPath::Parser::parseStatement):
        * xml/XPathParser.h:
        (WebCore::XPath::Parser::setParseResult):
        * xml/XPathPath.cpp:
        (WebCore::XPath::Filter::Filter):
        (WebCore::XPath::Filter::evaluate):
        (WebCore::XPath::LocationPath::evaluate):
        (WebCore::XPath::LocationPath::appendStep):
        (WebCore::XPath::LocationPath::prependStep):
        (WebCore::XPath::Path::Path):
        * xml/XPathPredicate.cpp:
        (WebCore::XPath::StringExpression::StringExpression):
        (WebCore::XPath::Negative::Negative):
        (WebCore::XPath::NumericOp::NumericOp):
        (WebCore::XPath::EqTestOp::EqTestOp):
        (WebCore::XPath::LogicalOp::LogicalOp):
        (WebCore::XPath::Union::Union):
        * xml/XPathStep.cpp:
        (WebCore::XPath::Step::Step):
        (WebCore::XPath::Step::optimize):
        (WebCore::XPath::optimizeStepPair):
        (WebCore::XPath::Step::evaluate):
        * xml/XPathStep.h:
        (WebCore::XPath::Step::NodeTest::NodeTest):
        (WebCore::XPath::Step::NodeTest::operator=):
        * xml/XPathValue.h:
        (WebCore::XPath::Value::Value):
        (WebCore::XPath::Value::Data::create):
        (WebCore::XPath::Value::Data::Data):
        * xml/XSLTProcessor.h:
        (WebCore::XSLTProcessor::setXSLStyleSheet):
        (WebCore::XSLTProcessor::importStylesheet):
        * xml/parser/XMLDocumentParser.cpp:
        (WebCore::XMLDocumentParser::append):
        * xml/parser/XMLDocumentParserLibxml2.cpp:
        (WebCore::PendingCallbacks::appendStartElementNSCallback):
        (WebCore::PendingCallbacks::appendCharactersCallback):
        (WebCore::PendingCallbacks::appendProcessingInstructionCallback):
        (WebCore::PendingCallbacks::appendCDATABlockCallback):
        (WebCore::PendingCallbacks::appendCommentCallback):
        (WebCore::PendingCallbacks::appendInternalSubsetCallback):
        (WebCore::PendingCallbacks::appendErrorCallback):
        (WebCore::OffsetBuffer::OffsetBuffer):
        (WebCore::openFunc):
        (WebCore::XMLDocumentParser::cdataBlock):
        (WebCore::XMLDocumentParser::comment):
        (WebCore::parseAttributes):

2016-01-01  Simon Fraser  <simon.fraser@apple.com>

        Fix naming in HistoryItem to refer to scrollPositions
        https://bugs.webkit.org/show_bug.cgi?id=152646

        Reviewed by Zalan Bujtas.

        HistoryItem stores a scrollPosition, so call it that.

        No behavior change.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::HistoryItem):
        (WebCore::HistoryItem::scrollPosition):
        (WebCore::HistoryItem::setScrollPosition):
        (WebCore::HistoryItem::clearScrollPosition):
        (WebCore::HistoryItem::scrollPoint): Deleted.
        (WebCore::HistoryItem::setScrollPoint): Deleted.
        (WebCore::HistoryItem::clearScrollPoint): Deleted.
        * history/HistoryItem.h:
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::saveScrollPositionAndViewStateToItem):
        (WebCore::HistoryController::clearScrollPositionAndViewState):
        (WebCore::HistoryController::restoreScrollPositionAndViewState):
        (WebCore::HistoryController::updateForClientRedirect):

2016-01-01  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Add support for toggling simple line layout from command line.
        https://bugs.webkit.org/show_bug.cgi?id=152636

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        (WebCore::SimpleLineLayout::toggleSimpleLineLayout):

2016-01-01  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/database-deletepending-flag.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152600

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes, and at least 2 crashing tests now timeout).

        * Modules/indexeddb/server/IDBBackingStore.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteBackingStore):
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2016-01-01  Simon Fraser  <simon.fraser@apple.com>

        Fix reload and programmatic scrolling in RTL documents
        https://bugs.webkit.org/show_bug.cgi?id=152639

        Reviewed by Zalan Bujtas.
        
        Reloading a left-scrolled RTL document would cause the content to appear
        at an odd offset, and programmatic sideways scrolls in RTL documents also
        jumped to the wrong location.
        
        Fix by resolving offset/position confusion in ScrollableArea::scrollPositionChanged()
        and the scrolling tree.
        
        ScrollableArea::scrollPositionChanged() was erroneously passing a scrollPosition
        to setScrollOffset(). 
        
        ScrollingTreeFrameScrollingNode* were confused about offsets and positions. It
        turns out that the layer position is just -scrollPosition, but minimumScrollPosition()
        and maximumScrollPosition() need fixing to return positions, not offsets.
        
        ScrollingTreeFrameScrollingNode::viewToContentsOffset() was also doing incorrect
        math with scrollOrigin, which was detected by a failing test.
        
        Add more logging to the Scrolling channel.

        Tests: fast/scrolling/programmatic-document-rtl-scroll.html
               fast/scrolling/programmatic-document-rtl-scrollIntoView.html
               fast/scrolling/scroll-position-on-reload-rtl.html

        * page/FrameView.cpp:
        (WebCore::FrameView::requestScrollPositionUpdate):
        * page/scrolling/ScrollingTree.cpp:
        (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::scrollBy):
        (WebCore::ScrollingTreeFrameScrollingNode::viewToContentsOffset):
        * page/scrolling/ScrollingTreeFrameScrollingNode.h:
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::scrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::setScrollLayerPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::minimumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::maximumScrollPosition):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollBy):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::scrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::minimumScrollPosition):
        (WebCore::ScrollingTreeFrameScrollingNodeMac::maximumScrollPosition):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setScrollOffset):
        (WebCore::ScrollView::scrollTo):
        (WebCore::ScrollView::setScrollPosition):
        (WebCore::ScrollView::updateScrollbars):
        * platform/ScrollView.h:
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollPositionChanged):
        (WebCore::ScrollableArea::setScrollOffsetFromAnimation):
        (WebCore::ScrollableArea::scrollPositionFromOffset):
        (WebCore::ScrollableArea::scrollOffsetFromPosition):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::scrollPositionFromOffset):
        (WebCore::ScrollableArea::scrollOffsetFromPosition):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::setScrollOffset):
        * rendering/RenderListBox.h:

2016-01-01  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r194448): Scrolling overflow:scroll goes too far
        https://bugs.webkit.org/show_bug.cgi?id=152645

        Reviewed by Zalan Bujtas.
        
        Fix a bug introduced in r194448: use the scrollPosition, not the scrollOrigin
        to compute the overhang amount.

        Test: fast/scrolling/overflow-scroll-past-max.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::overhangAmount):

2015-12-22  Brent Fulgham  <bfulgham@apple.com>

        [WebGL] Blacklisted OpenGL contexts are not safe to use
        https://bugs.webkit.org/show_bug.cgi?id=152513
        <rdar://problem/23127838>

        Reviewed by Zalan Bujtas.

        When the GPU has blacklisted an OpenGL context, it is not safe to use -- even to
        attempt to release GL resources. Instead, our only correct behavior is to terminate
        the WebProcess.

        * platform/graphics/mac/GraphicsContext3DMac.mm:
        (WebCore::GraphicsContext3D::checkGPUStatusIfNecessary): If the context was lost
        because the GPU blacklisted it, terminate the process.

2016-01-01  Jeff Miller  <jeffm@apple.com>

        Update user-visible copyright strings to include 2016
        https://bugs.webkit.org/show_bug.cgi?id=152531

        Reviewed by Alexey Proskuryakov.

        * Info.plist:

2015-12-31  Simon Fraser  <simon.fraser@apple.com>

        Change RenderLayer::scrollTo() to take a ScrollPosition
        https://bugs.webkit.org/show_bug.cgi?id=152633

        Reviewed by Zalan Bujtas.
        
        RenderLayer::scrollTo() took x and y offsets. Change this to take a position,
        like ScrollView::scrollTo() and fix the one caller.
        
        Preserve the dubious behavior of the adjustForIOSCaretWhenScrolling() code by converting
        to and from offsets, even though testing suggests that this code can just be removed,
        even with an extra wide caret for testing.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):
        (WebCore::RenderLayer::setScrollOffset):
        * rendering/RenderLayer.h:

2015-12-31  Simon Fraser  <simon.fraser@apple.com>

        Rename documentScrollOffsetRelativeTo* functions
        https://bugs.webkit.org/show_bug.cgi?id=152632

        Reviewed by Zalan Bujtas.

        ScrollView::documentScrollOffsetRelativeTo* functions return scroll positions,
        not offsets, so rename them and fix their return types, and fix callers. Make
        their code more similar.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::documentScrollPositionRelativeToViewOrigin):
        (WebCore::ScrollView::documentScrollPositionRelativeToScrollableAreaOrigin):
        (WebCore::ScrollView::viewToContents):
        (WebCore::ScrollView::contentsToView):
        (WebCore::ScrollView::documentScrollOffsetRelativeToViewOrigin): Deleted.
        (WebCore::ScrollView::documentScrollOffsetRelativeToScrollableAreaOrigin): Deleted.
        * platform/ScrollView.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollRectToVisible):

2015-12-31  Simon Fraser  <simon.fraser@apple.com>

        [iOS WK2] Fix incorrect scrollPosition handling
        https://bugs.webkit.org/show_bug.cgi?id=152630

        Reviewed by Zalan Bujtas.

        WebPage::updateVisibleContentRects() was setting the ScrollView's scroll position
        to a scrollOffset, which was counteracted by ScrollView::unobscuredContentRect()
        adding the scrollOrigin to the scrollPosition, which resulted in the correct
        rects, but an incorrect scrollPosition. Fix.

        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):

2015-12-31  David Kilzer  <ddkilzer@apple.com>

        Fix typo in FIXME comment

        * dom/make_event_factory.pl:
        (generateImplementation): FIXEME => FIXME.

2015-12-31  David Kilzer  <ddkilzer@apple.com>

        Stop using USE(CFNETWORK) path on iOS
        https://bugs.webkit.org/show_bug.cgi?id=142540

        Step 1/2: Do everything but turn off USE(CFNETWORK) internally.

        Original patch by Antti Koivisto <antti@apple.com> on 2015-03-10
        Reviewed by Daniel Bates.

        Unify OS X and iOS code paths.

        This patch just fixes the NSURLConnection code path on iOS. It
        doesn't yet delete any unnecessary code.

        Changes covered by most existing tests.

        * loader/DocumentLoader.h:
        * loader/ResourceLoader.cpp:
        * loader/ResourceLoader.h:
        * loader/mac/DocumentLoaderMac.cpp:
        - Update for iOS to use NSURLConnection loader.

        * page/mac/PageMac.mm:
        (WebCore::Page::platformInitialize): Always use the correct
        runloop on iOS regardless of which thread this was called on.
        (WebCore::Page::addSchedulePair): Update for iOS to use
        NSURLConnection loader.
        (WebCore::Page::removeSchedulePair): Ditto.

        * platform/ios/wak/WebCoreThread.h:
        (WebThreadRunLoop): No longer needs to be exported.
        (WebThreadNSRunLoop): Export for WebKitLegacy.

        * platform/network/ios/QuickLook.mm: Fix header order.
        (WebQuickLookHandleAsDelegate): Make delegate objects implement
        WebCoreResourceLoaderDelegate protocol.  This unifies the
        -clearHandle and -detachHandle methods that were used on iOS and
        OS X, respectively.
        (-[WebQuickLookHandleAsDelegate clearHandle]): Deleted.
        (-[WebQuickLookHandleAsDelegate detachHandle]): Renamed from
        -clearHandle.
        (WebResourceLoaderQuickLookDelegate): Make delegate objects
        implement WebCoreResourceLoaderDelegate protocol.
        (-[WebResourceLoaderQuickLookDelegate clearHandle]): Deleted.
        (-[WebResourceLoaderQuickLookDelegate detachHandle]): Renamed from
        -clearHandle.
        (WebCore::QuickLookHandle::~QuickLookHandle): Call
        -detachHandle instead of -clearHandle.

        * platform/network/mac/ResourceHandleMac.mm:
        - Update for iOS to use NSURLConnection loader.

        * platform/network/mac/WebCoreResourceHandleAsDelegate.h:
        (WebCoreResourceLoaderDelegate): Define new protocol.

        * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
        (-[WebCoreResourceHandleAsDelegate detachHandle]): Gratuitous
        nullptr fix.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
        (WebCoreResourceHandleAsOperationQueueDelegate): Implement
        WebCoreResourceLoaderDelegate protocol.

        * platform/spi/cocoa/NSURLDownloadSPI.h: Declare more
        NSURDownload SPI to clean up other source files and make
        source compile on iOS with NSURLConnection code path.

2015-12-31  Andy Estes  <aestes@apple.com>

        Fix warnings uncovered by migrating to WTF_MOVE
        https://bugs.webkit.org/show_bug.cgi?id=152601

        Reviewed by Daniel Bates.

        * Modules/encryptedmedia/MediaKeys.cpp:
        (WebCore::MediaKeys::createSession): Moving a return value prevented copy elision.

2015-12-31  Brady Eidson  <beidson@apple.com>

        Review feedback followup for:
        Modern IDB: Only fire blocked events after all open connections have handled their versionchange events.
        https://bugs.webkit.org/show_bug.cgi?id=152593

        Suggested by Andy Estes.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::dispatchEvent): Use downcast instead of static_cast.

        Add traits to support downcast<>:
        * Modules/indexeddb/client/IDBVersionChangeEventImpl.h:
        (isType):

2015-12-31  Zalan Bujtas  <zalan@apple.com>

        Move decoration context setup calls to InlineTextBox::paintDecoration.
        https://bugs.webkit.org/show_bug.cgi?id=152622

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::paintDecoration):
        * rendering/InlineTextBox.h:

2015-12-31  Simon Fraser  <simon.fraser@apple.com>

        More scrollOffset/scrollPosition disambiguation, in RenderLayer
        https://bugs.webkit.org/show_bug.cgi?id=152617

        Reviewed by Zalan Bujtas.
        
        Change RenderLayer's m_scrollOffset to be m_scrollPosition, since it stores
        scroll positions (negative in RTL overflow). scrollOffset() was accurately
        named already, but fix the return type, and remove the unnecessary scrollXOffset()/
        scrollYOffset() variants, fixing callers to use .x() and .y().
        
        scrollToOffset() was also accurately named, but fix its argument.
        
        Fix functions related to saving scroll positions on Element to refer to scroll positions.

        No behavior change.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::scrollTo):
        * dom/Element.cpp:
        (WebCore::Element::removedFrom):
        (WebCore::Element::savedLayerScrollPosition):
        (WebCore::Element::setSavedLayerScrollPosition):
        (WebCore::Element::savedLayerScrollOffset): Deleted.
        (WebCore::Element::setSavedLayerScrollOffset): Deleted.
        * dom/Element.h:
        * dom/ElementRareData.h:
        (WebCore::ElementRareData::savedLayerScrollPosition):
        (WebCore::ElementRareData::setSavedLayerScrollPosition):
        (WebCore::ElementRareData::savedLayerScrollOffset): Deleted.
        (WebCore::ElementRareData::setSavedLayerScrollOffset): Deleted.
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::forwardEvent):
        * platform/graphics/IntPoint.h:
        (WebCore::IntPoint::isZero):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::baselinePosition):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::styleDidChange):
        (WebCore::RenderBox::scrollLeft):
        (WebCore::RenderBox::scrollTop):
        (WebCore::RenderBox::scrolledContentOffset):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::~RenderLayer):
        (WebCore::RenderLayer::scrollByRecursively):
        (WebCore::RenderLayer::clampScrollOffset):
        (WebCore::RenderLayer::scrollToOffset):
        (WebCore::RenderLayer::scrollTo):
        (WebCore::RenderLayer::scrollRectToVisible):
        (WebCore::RenderLayer::scrollPosition):
        (WebCore::RenderLayer::maximumScrollPosition):
        (WebCore::RenderLayer::updateScrollInfoAfterLayout):
        * rendering/RenderLayer.h:
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):
        * rendering/RenderMarquee.cpp:
        (WebCore::RenderMarquee::start):
        (WebCore::RenderMarquee::timerFired):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::write):

2015-12-31  Zalan Bujtas  <zalan@apple.com>

        text-decoration: line-through is mispositioned when text has overline/underline too.
        https://bugs.webkit.org/show_bug.cgi?id=152619

        Reviewed by Simon Fraser.

        Line-through painting was mistakenly calling drawLineForText with overline/underline positioning.

        Test: fast/css3-text/css3-text-decoration/text-decoration-line-through-mispositioned.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDecoration): Deleted.
        * rendering/TextDecorationPainter.cpp:
        (WebCore::TextDecorationPainter::paintTextDecoration):

2015-12-31  Simon Fraser  <simon.fraser@apple.com>

        Clarify that scrollPositionChangedViaPlatformWidget takes offsets
        https://bugs.webkit.org/show_bug.cgi?id=152606

        Reviewed by Zalan Bujtas.

        scrollPositionChangedViaPlatformWidget actually gets scroll offsets, since the
        values we get from AppKit are zero-based, so rename to scrollOffsetChangedViaPlatformWidget().
        
        Change ScrollableArea's setScrollPosition() and requestScrollPositionUpdate() to take
        ScrollPositions.
        
        Add a FIXME noting that willRevealEdge events are probably broken in RTL documents.

        * dom/Document.cpp:
        (WebCore::Document::sendWillRevealEdgeEventsIfNeeded):
        * page/FrameView.cpp:
        (WebCore::FrameView::setScrollPosition):
        (WebCore::FrameView::scrollOffsetChangedViaPlatformWidgetImpl):
        (WebCore::FrameView::scrollPositionChanged):
        (WebCore::FrameView::requestScrollPositionUpdate):
        (WebCore::FrameView::scrollPositionChangedViaPlatformWidgetImpl): Deleted.
        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollOffsetChangedViaPlatformWidget):
        (WebCore::ScrollView::handleDeferredScrollUpdateAfterContentSizeChange):
        (WebCore::ScrollView::scrollTo):
        (WebCore::ScrollView::setScrollPosition):
        (WebCore::ScrollView::scrollPositionChangedViaPlatformWidget): Deleted.
        * platform/ScrollView.h:
        (WebCore::ScrollView::scrollOffsetChangedViaPlatformWidgetImpl):
        (WebCore::ScrollView::scrollPositionChangedViaPlatformWidgetImpl): Deleted.
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::notifyScrollPositionChanged):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::requestScrollPositionUpdate):

2015-12-31  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Text with stroke width is not positioned correctly.
        https://bugs.webkit.org/show_bug.cgi?id=152614

        Reviewed by Simon Fraser.

        Visual overflow should not affect text position.

        Test: fast/text/simple-line-layout-text-position-with-stroke.html

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow):

2015-12-31  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Nested block with pseudo first-line parent should bail out of simple line layout.
        https://bugs.webkit.org/show_bug.cgi?id=152599

        Reviewed by Simon Fraser.

        We should bail out of simple line layout if any of the ancestors have pseudo first-line style.
        (see RenderBlock::firstLineBlock()) 

        Test: fast/block/line-layout/first-line-should-bail-out-of-simple-line-layout.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):

2015-12-30  Simon Fraser  <simon.fraser@apple.com>

        Change ScrollView::scrollTo() to take a ScrollPosition
        https://bugs.webkit.org/show_bug.cgi?id=152607

        Reviewed by Zalan Bujtas.

        Make it more explicit that ScrollView::scrollTo() takes a ScrollPosition, and
        change the name and type of the m_scrollOffset member variable.

        * page/FrameView.cpp:
        (WebCore::FrameView::scrollTo):
        (WebCore::FrameView::wheelEvent):
        * page/FrameView.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unobscuredContentRectInternal):
        (WebCore::ScrollView::setScrollOffset):
        (WebCore::ScrollView::scrollTo):
        * platform/ScrollView.h:

2015-12-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Only fire blocked events after all open connections have handled their versionchange events.
        https://bugs.webkit.org/show_bug.cgi?id=152593

        Reviewed by Andy Estes.

        No new tests (At least two previously timing-out tests now pass, others are now closer to passing).

        Before this patch, whenever we sent all open connections the versionchange event, we would immediately 
        fire the blocked event on the request.

        That's not right, as those event handlers can close the connections, rendering the request unblocked.

        So this patch implements the behavior of waiting for each open connection to either close or positively
        message back "I finished firing my versionchange event handler"
        
        This behavior is explicitly denoted in the spec and is covered by existing tests.

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::fireVersionChangeEvent):
        (WebCore::IDBClient::IDBConnectionToServer::didFireVersionChangeEvent):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
        
        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::fireVersionChangeEvent):
        (WebCore::IDBClient::IDBDatabase::dispatchEvent):
        * Modules/indexeddb/client/IDBDatabaseImpl.h:
        
        * Modules/indexeddb/client/IDBVersionChangeEventImpl.cpp:
        (WebCore::IDBClient::IDBVersionChangeEvent::IDBVersionChangeEvent):
        * Modules/indexeddb/client/IDBVersionChangeEventImpl.h:
        
        * Modules/indexeddb/server/IDBConnectionToClient.cpp:
        (WebCore::IDBServer::IDBConnectionToClient::fireVersionChangeEvent):
        * Modules/indexeddb/server/IDBConnectionToClient.h:
        * Modules/indexeddb/server/IDBConnectionToClientDelegate.h:
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::didFireVersionChangeEvent):
        * Modules/indexeddb/server/IDBServer.h:
        
        * Modules/indexeddb/server/ServerOpenDBRequest.cpp:
        (WebCore::IDBServer::ServerOpenDBRequest::notifyRequestBlocked):
        (WebCore::IDBServer::ServerOpenDBRequest::notifiedConnectionsOfVersionChange):
        (WebCore::IDBServer::ServerOpenDBRequest::connectionClosedOrFiredVersionChangeEvent):
        (WebCore::IDBServer::ServerOpenDBRequest::notifyDeleteRequestBlocked): Deleted.
        * Modules/indexeddb/server/ServerOpenDBRequest.h:
        (WebCore::IDBServer::ServerOpenDBRequest::hasNotifiedBlocked):
        (WebCore::IDBServer::ServerOpenDBRequest::hasConnectionsPendingVersionChangeEvent):
        (WebCore::IDBServer::ServerOpenDBRequest::hasNotifiedConnectionsOfVersionChange):
        (WebCore::IDBServer::ServerOpenDBRequest::hasNotifiedDeleteRequestBlocked): Deleted.

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeNotifyConnectionsOfVersionChange):
        (WebCore::IDBServer::UniqueIDBDatabase::notifyCurrentRequestConnectionClosedOrFiredVersionChangeEvent):
        (WebCore::IDBServer::UniqueIDBDatabase::didFireVersionChangeEvent):
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
        (WebCore::IDBServer::UniqueIDBDatabase::notifyConnectionsOfVersionChangeForUpgrade): Deleted.
        (WebCore::IDBServer::UniqueIDBDatabase::notifyConnectionsOfVersionChange): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::connectionClosedFromClient):
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::didFireVersionChangeEvent):
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::fireVersionChangeEvent):
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.h:
        
        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::fireVersionChangeEvent):
        (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
        * Modules/indexeddb/shared/InProcessIDBServer.h:
        
        * dom/Event.h:
        (WebCore::Event::isVersionChangeEvent):

2015-12-30  Simon Fraser  <simon.fraser@apple.com>

        Add explicit conversions between scrollOffset and scrollPostion, and use them in a few places
        https://bugs.webkit.org/show_bug.cgi?id=152594

        Reviewed by Sam Weinig.

        Add functions to ScrollableArea to convert between scrollPosition and scrollOffset,
        and use them in places where code did the math with scrollOrigin.

        * page/FrameView.cpp:
        (WebCore::FrameView::minimumScrollPosition):
        (WebCore::FrameView::maximumScrollPosition): totalContentsSize().width() == contentsWidth(),
        so we can use the base class maximumScrollPosition(), which also clamps.
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::maximumScrollPosition):
        (WebCore::ScrollView::setScrollOffset):
        (WebCore::ScrollView::overhangAmount):
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::calculateOverhangAreasForPainting):
        (WebCore::ScrollView::minimumScrollPosition): Deleted. Can use base class implementation.
        * platform/ScrollView.h:
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::minimumScrollPosition):
        (WebCore::ScrollableArea::maximumScrollPosition):
        (WebCore::ScrollableArea::maximumScrollOffset):
        (WebCore::ScrollableArea::scrollPositionFromOffset):
        (WebCore::ScrollableArea::scrollOffsetFromPosition):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::scrollOrigin):
        (WebCore::ScrollableArea::scrollOriginChanged):
        * platform/ios/ScrollViewIOS.mm:
        (WebCore::ScrollView::unobscuredContentRect):
        * platform/mac/ScrollAnimatorMac.mm:
        (WebCore::ScrollAnimatorMac::pinnedInDirection):
        (WebCore::ScrollAnimatorMac::absoluteScrollPosition):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollPosition):
        (WebCore::RenderLayer::maximumScrollPosition):
        (WebCore::RenderLayer::overhangAmount):
        (WebCore::RenderLayer::minimumScrollPosition): Deleted.
        * rendering/RenderLayer.h:

2015-12-30  Zalan Bujtas  <zalan@apple.com>

        Move InlineTextBox's text decoration painting to its own class.
        https://bugs.webkit.org/show_bug.cgi?id=152587

        Reviewed by Myles C. Maxfield.

        This is in preparation for adding text decoration support for simple line layout.

        No change in functionality.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintDecoration):
        (WebCore::compareTuples): Deleted.
        (WebCore::translateIntersectionPointsToSkipInkBoundaries): Deleted.
        (WebCore::drawSkipInkUnderline): Deleted.
        (WebCore::textDecorationStyleToStrokeStyle): Deleted.
        (WebCore::adjustStepToDecorationLength): Deleted.
        (WebCore::strokeWavyTextDecoration): Deleted.
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::getTextDecorationColorsAndStyles):
        * rendering/RenderObject.h:
        * rendering/RenderingAllInOne.cpp:
        * rendering/TextDecorationPainter.cpp: Added.
        (WebCore::adjustStepToDecorationLength):
        (WebCore::strokeWavyTextDecoration):
        (WebCore::compareTuples):
        (WebCore::translateIntersectionPointsToSkipInkBoundaries):
        (WebCore::drawSkipInkUnderline):
        (WebCore::textDecorationStyleToStrokeStyle):
        (WebCore::TextDecorationPainter::TextDecorationPainter):
        (WebCore::TextDecorationPainter::paintTextDecoration):
        * rendering/TextDecorationPainter.h: Added.
        (WebCore::TextDecorationPainter::setInlineTextBox):
        (WebCore::TextDecorationPainter::setFont):
        (WebCore::TextDecorationPainter::setIsHorizontal):
        (WebCore::TextDecorationPainter::setWidth):
        (WebCore::TextDecorationPainter::setBaseline):
        (WebCore::TextDecorationPainter::addTextShadow):
        * style/InlineTextBoxStyle.cpp:
        (WebCore::computeUnderlineOffset):
        (WebCore::visualOverflowForDecorations):
        * style/InlineTextBoxStyle.h:

2015-12-30  Zan Dobersek  <zdobersek@igalia.com>

        [CoordinatedGraphics] VideoRenderRequestScheduler shouldn't dispatch to main thread in threaded compositor
        https://bugs.webkit.org/show_bug.cgi?id=152584

        Reviewed by Carlos Garcia Campos.

        The VideoRenderRequestScheduler class should only send the repaint-requested
        signal dispatch to the main thread when not using the threaded compositor.
        In case that is used (guarded via WTF_USE_COORDINATED_GRAPHICS_THREADED), the
        signal dispatch can be done on the current thread (normally a GStreamer thread)
        since the actual GL texture update will be then dispatched to the compositor
        thread (unlike when gstreamer-gl is used, when the update can be done on the
        very same thread).

        When that is the case we don't need the RunLoop::Timer, Condition and the
        video sink GRefPtr protector that are otherwise used by this class, so these
        can just be guarded with the USE(...) flag.

        * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
        (VideoRenderRequestScheduler::VideoRenderRequestScheduler):
        (VideoRenderRequestScheduler::stop):
        (VideoRenderRequestScheduler::requestRender):

2015-12-30  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Clean up TextureMapperAnimation, TextureMapperAnimations
        https://bugs.webkit.org/show_bug.cgi?id=152112

        Reviewed by Darin Adler.

        Clean up the TextureMapperAnimation class. Turn AnimationState into an enum
        class. Use references for non-null pointer parameters to one version of the
        constructor and the apply() and applyInternal() methods. Remove unnecessary
        public methods and reorder the remaining ones into something more sensible.
        In terms of the implementation of this class, the methods are moved around to
        follow the order of declarations, along with some small cleanups and improvements
        applied.

        TextureMapperAnimations class is also refreshed. The constructor is defaulted,
        and the method implementations are reordered a bit and also adjusted to use the
        range-based for-loops and some STL utilities.

        Static functions in the implementation file are also updated to use range-based
        for-loops, references and nullptrs where possible.

        There's no change in behavior as this is just a refactoring.

        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayerTextureMapper::addAnimation):
        * platform/graphics/texmap/TextureMapperAnimation.cpp:
        (WebCore::blendFunc):
        (WebCore::applyFilterAnimation):
        (WebCore::shouldReverseAnimationValue):
        (WebCore::applyTransformAnimation):
        (WebCore::TextureMapperAnimation::TextureMapperAnimation):
        (WebCore::TextureMapperAnimation::apply):
        (WebCore::TextureMapperAnimation::pause):
        (WebCore::TextureMapperAnimation::resume):
        (WebCore::TextureMapperAnimation::computeTotalRunningTime):
        (WebCore::TextureMapperAnimation::isActive):
        (WebCore::TextureMapperAnimation::applyInternal):
        (WebCore::TextureMapperAnimations::add):
        (WebCore::TextureMapperAnimations::remove):
        (WebCore::TextureMapperAnimations::pause):
        (WebCore::TextureMapperAnimations::suspend):
        (WebCore::TextureMapperAnimations::resume):
        (WebCore::TextureMapperAnimations::apply):
        (WebCore::TextureMapperAnimations::hasActiveAnimationsOfType):
        (WebCore::TextureMapperAnimations::hasRunningAnimations):
        (WebCore::TextureMapperAnimations::getActiveAnimations):
        * platform/graphics/texmap/TextureMapperAnimation.h:
        (WebCore::TextureMapperAnimation::name):
        (WebCore::TextureMapperAnimation::boxSize):
        (WebCore::TextureMapperAnimation::animation):
        (WebCore::TextureMapperAnimation::startTime):
        (WebCore::TextureMapperAnimation::pauseTime):
        (WebCore::TextureMapperAnimation::state):
        (WebCore::TextureMapperAnimation::setState): Deleted.
        (WebCore::TextureMapperAnimation::property): Deleted.
        (WebCore::TextureMapperAnimations::TextureMapperAnimations): Deleted.
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::syncAnimations):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::addAnimation):

2015-12-29  Simon Fraser  <simon.fraser@apple.com>

        Rename "scrollOffsetForFixedPosition" and related functions to refer to scrollPosition
        https://bugs.webkit.org/show_bug.cgi?id=152590

        Reviewed by Zalan Bujtas.

        FrameView::scrollOffsetForFixedPosition() actually returned a scroll position
        (possibly negative for RTL content), not a scroll offset, so rename it and related
        functions.

        * page/FrameView.cpp:
        (WebCore::FrameView::fixedScrollableAreaBoundsInflatedForScrolling):
        (WebCore::FrameView::scrollPositionRespectingCustomFixedPosition):
        (WebCore::FrameView::viewportConstrainedVisibleContentRect):
        (WebCore::FrameView::scrollPositionForFixedPosition):
        (WebCore::FrameView::scrollOffsetRespectingCustomFixedPosition): Deleted.
        (WebCore::FrameView::scrollOffsetForFixedPosition): Deleted.
        * page/FrameView.h:
        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::timeToNextService):
        * page/animation/AnimationController.cpp:
        (WebCore::AnimationControllerPrivate::scrollWasUpdated):
        * page/scrolling/AsyncScrollingCoordinator.cpp:
        (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
        * page/scrolling/ios/ScrollingTreeFrameScrollingNodeIOS.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeIOS::updateChildNodesAfterScroll):
        * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
        (WebCore::ScrollingTreeFrameScrollingNodeMac::setScrollLayerPosition):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::setSize):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::updateScrollLayerPosition):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::mapLocalToContainer):
        (WebCore::RenderView::pushMappingToContainer):
        (WebCore::RenderView::mapAbsoluteToLocalPoint):
        (WebCore::RenderView::computeRectForRepaint):

2015-12-29  Simon Fraser  <simon.fraser@apple.com>

        Fix the Windows build.

        * page/win/FrameCGWin.cpp:
        (WebCore::drawRectIntoContext):

2015-12-29  Simon Fraser  <simon.fraser@apple.com>

        Remove ScrollView::scrollOffset() in preparation for scrollOffset vs. scrollPosition clarification
        https://bugs.webkit.org/show_bug.cgi?id=152589

        Reviewed by Sam Weinig.

        Current code uses scrollOffset vs. scrollPosition interchangeably, and confusingly.
        Longer term, I plan to make "scrollPosition" be the value that is relative to the 
        contents, i.e. affected by scrollOrigin, and "scrollOffset" be the zero-based value
        that's used to set scrollbar values.
        
        To prepare for this, remove ScrollView::scrollOffset(), which is just the
        scrollPosition as an IntSize.
        
        Add some typedefs in ScrollableArea, which will slowly propagate through the
        code as position vs. offset is clarified.

        * inspector/InspectorOverlay.cpp:
        (WebCore::contentsQuadToCoordinateSystem):
        (WebCore::InspectorOverlay::highlightQuad):
        (WebCore::localPointToRoot):
        * page/FrameView.cpp:
        (WebCore::FrameView::scrollOffsetRespectingCustomFixedPosition):
        (WebCore::FrameView::topContentInsetDidChange):
        (WebCore::FrameView::addTrackedRepaintRect):
        (WebCore::FrameView::scrollTo):
        (WebCore::FrameView::wheelEvent):
        (WebCore::FrameView::setScrollPinningBehavior):
        * page/FrameView.h:
        * page/SpatialNavigation.cpp:
        (WebCore::canScrollInDirection):
        (WebCore::rectToAbsoluteCoordinates):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::setScrollbarModes):
        (WebCore::ScrollView::availableContentSizeChanged):
        (WebCore::ScrollView::setContentsSize):
        (WebCore::ScrollView::maximumScrollPosition):
        (WebCore::ScrollView::minimumScrollPosition):
        (WebCore::ScrollView::adjustScrollPositionWithinRange):
        (WebCore::ScrollView::documentScrollOffsetRelativeToViewOrigin):
        (WebCore::ScrollView::documentScrollOffsetRelativeToScrollableAreaOrigin):
        (WebCore::ScrollView::setScrollPosition):
        (WebCore::ScrollView::updateScrollbars):
        (WebCore::ScrollView::rootViewToTotalContents):
        (WebCore::ScrollView::setFrameRect):
        (WebCore::ScrollView::scrollbarStyleChanged):
        (WebCore::ScrollView::setScrollOrigin):
        * platform/ScrollView.h:
        (WebCore::ScrollView::convertChildToSelf):
        (WebCore::ScrollView::convertSelfToChild):
        (WebCore::ScrollView::scrollOffset): Deleted.
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollbarIntrusion):
        (WebCore::ScrollableArea::scrollPosition):
        (WebCore::ScrollableArea::minimumScrollPosition):
        (WebCore::ScrollableArea::maximumScrollPosition):
        * platform/ScrollableArea.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::calculateAutoscrollDirection):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollPosition):
        (WebCore::RenderLayer::minimumScrollPosition):
        (WebCore::RenderLayer::maximumScrollPosition):
        * rendering/RenderLayer.h:
        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::nodeAtPoint):
        * svg/SVGSVGElement.cpp:
        (WebCore::SVGSVGElement::localCoordinateSpaceTransform):

2015-12-28  Alex Christensen  <achristensen@webkit.org>

        Fix Windows build, ostensibly after r194424.

        * CMakeLists.txt:
        * PlatformWin.cmake:
        ml.exe was given too many unneeded parameters (/Idir1 /Idir2 etc.), and it was failing sometimes with long directories.
        Instead of compiling makesafeseh.asm as a normal source file, we now put only the parameters that are needed to assemble
        the object file, then link with the object file.

2015-12-28  Brady Eidson  <beidson@apple.com>

        Modern IDB: Rename IDBServerOperation to ServerOpenDBRequest.
        https://bugs.webkit.org/show_bug.cgi?id=152577

        Reviewed by Andy Estes.

        No new tests (Refactor, no behavior change)

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/server/ServerOpenDBRequest.cpp: Renamed from Source/WebCore/Modules/indexeddb/server/IDBServerOperation.cpp.
        (WebCore::IDBServer::ServerOpenDBRequest::create):
        (WebCore::IDBServer::ServerOpenDBRequest::ServerOpenDBRequest):
        (WebCore::IDBServer::ServerOpenDBRequest::isOpenRequest):
        (WebCore::IDBServer::ServerOpenDBRequest::isDeleteRequest):
        (WebCore::IDBServer::ServerOpenDBRequest::notifyDeleteRequestBlocked):
        (WebCore::IDBServer::ServerOpenDBRequest::notifyDidDeleteDatabase):
        
        * Modules/indexeddb/server/ServerOpenDBRequest.h: Renamed from Source/WebCore/Modules/indexeddb/server/IDBServerOperation.h.
        (WebCore::IDBServer::ServerOpenDBRequest::connection):
        (WebCore::IDBServer::ServerOpenDBRequest::requestData):
        (WebCore::IDBServer::ServerOpenDBRequest::hasNotifiedDeleteRequestBlocked):
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::notifyConnectionsOfVersionChangeForUpgrade):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
2015-12-28  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [CMake][EFL] Fix build breaks when enabling GAMEPAD
        https://bugs.webkit.org/show_bug.cgi?id=152573

        Reviewed by Alex Christensen.

        When enabling GAMEPAD feature on EFL and GTK, there are build breaks.
        Fixed all.

        * CMakeLists.txt:

2015-12-25  Andy Estes  <aestes@apple.com>

        Stop moving local objects in return statements
        https://bugs.webkit.org/show_bug.cgi?id=152557

        Reviewed by Brady Eidson.

        Calling std::move() on a local object in a return statement prevents the compiler from applying the return value optimization.

        Clang can warn about these mistakes with -Wpessimizing-move, although only when std::move() is called directly.
        I found these issues by temporarily replacing WTF::move with std::move and recompiling.

        * Modules/indexeddb/IDBDatabaseIdentifier.cpp:
        (WebCore::IDBDatabaseIdentifier::isolatedCopy):
        * Modules/indexeddb/IDBKeyData.cpp:
        (WebCore::IDBKeyData::deletedValue):
        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::objectStoreNames):
        (WebCore::IDBClient::IDBDatabase::startVersionChangeTransaction):
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::createObjectStore):
        (WebCore::IDBClient::IDBTransaction::createIndex):
        (WebCore::IDBClient::IDBTransaction::doRequestOpenCursor):
        (WebCore::IDBClient::IDBTransaction::requestGetRecord):
        (WebCore::IDBClient::IDBTransaction::requestIndexRecord):
        (WebCore::IDBClient::IDBTransaction::requestClearObjectStore):
        (WebCore::IDBClient::IDBTransaction::requestPutOrAdd):
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):
        * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
        (WebCore::IDBDatabaseInfo::isolatedCopy):
        (WebCore::IDBDatabaseInfo::objectStoreNames):
        * Modules/indexeddb/shared/IDBResultData.cpp:
        (WebCore::IDBResultData::error):
        (WebCore::IDBResultData::openDatabaseSuccess):
        (WebCore::IDBResultData::openDatabaseUpgradeNeeded):
        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::versionChange):
        (WebCore::IDBTransactionInfo::isolatedCopy):
        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::create):
        * Modules/webaudio/OfflineAudioContext.cpp:
        (WebCore::OfflineAudioContext::create):
        * Modules/webdatabase/DatabaseTracker.cpp:
        (WebCore::DatabaseTracker::originLockFor):
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::create):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::formatNumberValue):
        * dom/NodeOrString.cpp:
        (WebCore::convertNodesOrStringsIntoNode):
        * inspector/InspectorApplicationCacheAgent.cpp:
        (WebCore::InspectorApplicationCacheAgent::buildArrayForApplicationCacheResources):
        * inspector/InspectorDOMAgent.cpp:
        (WebCore::InspectorDOMAgent::buildObjectForNode):
        (WebCore::InspectorDOMAgent::buildArrayForElementAttributes):
        (WebCore::InspectorDOMAgent::buildArrayForContainerChildren):
        (WebCore::InspectorDOMAgent::buildObjectForEventListener):
        * inspector/InspectorIndexedDBAgent.cpp:
        * inspector/InspectorLayerTreeAgent.cpp:
        (WebCore::InspectorLayerTreeAgent::buildObjectForLayer):
        * inspector/InspectorNetworkAgent.cpp:
        (WebCore::buildObjectForHeaders):
        (WebCore::buildObjectForResourceRequest):
        (WebCore::buildObjectForCachedResource):
        * inspector/InspectorOverlay.cpp:
        (WebCore::buildArrayForQuad):
        (WebCore::buildObjectForFlowRegions):
        (WebCore::InspectorOverlay::buildObjectForHighlightedNodes):
        * inspector/InspectorPageAgent.cpp:
        (WebCore::createXHRTextDecoder):
        (WebCore::buildArrayForCookies):
        (WebCore::InspectorPageAgent::buildObjectForFrame):
        * inspector/InspectorStyleSheet.cpp:
        (WebCore::buildMediaObject):
        (WebCore::InspectorStyle::buildArrayForComputedStyle):
        (WebCore::buildObjectForSelectorHelper):
        (WebCore::selectorsFromSource):
        (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
        (WebCore::InspectorStyleSheet::buildObjectForStyle):
        (WebCore::InspectorStyleSheet::buildArrayForRuleList):
        * inspector/InspectorTimelineAgent.cpp:
        (WebCore::InspectorTimelineAgent::stopFromConsole):
        * inspector/TimelineRecordFactory.cpp:
        (WebCore::TimelineRecordFactory::createGenericRecord):
        (WebCore::TimelineRecordFactory::createFunctionCallData):
        (WebCore::TimelineRecordFactory::createConsoleProfileData):
        (WebCore::TimelineRecordFactory::createProbeSampleData):
        (WebCore::TimelineRecordFactory::createEventDispatchData):
        (WebCore::TimelineRecordFactory::createGenericTimerData):
        (WebCore::TimelineRecordFactory::createTimerInstallData):
        (WebCore::TimelineRecordFactory::createEvaluateScriptData):
        (WebCore::TimelineRecordFactory::createTimeStampData):
        (WebCore::TimelineRecordFactory::createAnimationFrameData):
        (WebCore::createQuad):
        (WebCore::TimelineRecordFactory::createPaintData):
        (WebCore::buildInspectorObject):
        * loader/FrameLoader.cpp:
        (WebCore::createWindow):
        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::copyWithShouldOpenExternalURLsPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::createWindow):
        * platform/network/ios/QuickLook.mm:
        (WebCore::QuickLookHandle::create):
        * testing/Internals.cpp:
        (WebCore::Internals::openDummyInspectorFrontend):
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::createResourceRequest):
        * xml/XPathExpression.cpp:
        (WebCore::XPathExpression::evaluate):

2015-12-27  Zalan Bujtas  <zalan@apple.com>

        Should never be reached failure in WebCore::RenderElement::clearLayoutRootIfNeeded
        https://bugs.webkit.org/show_bug.cgi?id=151590

        Reviewed by Simon Fraser.

        We should always set the layoutroot when a new subtree layout is requested (and convert it
        to a full layout when needed). It ensures that renderers are detached cleanly even when
        they are set as layoutroot.

        Test: fast/block/assert-when-layout-root-is-not-cleared.html

        * page/FrameView.cpp:
        (WebCore::FrameView::scheduleRelayoutOfSubtree):

2015-12-26  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        [CMake] Rearrange new gamepad files with deprecated files
        https://bugs.webkit.org/show_bug.cgi?id=152564

        Reviewed by Alex Christensen.

        New gamepad files have been commented out in CMakeLists.txt so far. This patch
        rearrange the files with deprecated files using ENABLE_GAMEPAD.

        * CMakeLists.txt:

2015-12-26  Per Arne Vollan  <peavo@outlook.com>

        [Curl] Compile errors.
        https://bugs.webkit.org/show_bug.cgi?id=152563

        Reviewed by Alex Christensen.

        The ResourceError constructor has changed signature.

        * platform/network/curl/ResourceHandleManager.cpp:
        (WebCore::ResourceHandleManager::downloadTimerCallback):
        (WebCore::ResourceHandleManager::dispatchSynchronousJob):

2015-12-25  Zalan Bujtas  <zalan@apple.com>

        Subpixel rendering: Add subpixel support for outline.
        https://bugs.webkit.org/show_bug.cgi?id=152560

        Reviewed by Simon Fraser.

        This patch adds support for subpixel outline-width/outline-offset.

        Test: fast/borders/hidpi-outline-hairline-painting.html

        * css/CSSPropertyNames.in:
        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/mac/GraphicsContextMac.mm:
        (WebCore::GraphicsContext::drawFocusRing):
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::computeMaxOutlineSize):
        (WebCore::RenderElement::paintOutline):
        * rendering/RenderImage.cpp:
        (WebCore::RenderImage::paintAreaElementFocusRing):
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::paintOutlineForLine):
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::adjustRectForOutlineAndShadow):
        * rendering/RenderView.cpp:
        (WebCore::RenderView::setMaximalOutlineSize):
        * rendering/RenderView.h:
        * rendering/style/OutlineValue.h:
        (WebCore::OutlineValue::offset):
        (WebCore::OutlineValue::OutlineValue): Deleted.
        * rendering/style/RenderStyle.h:

2015-12-25  Alexey Proskuryakov  <ap@apple.com>

        ASSERT(m_nsResponse) in ResourceResponse::platformCertificateInfo() when running tests in iOS simulator
        https://bugs.webkit.org/show_bug.cgi?id=152559

        Reviewed by Andy Estes.

        Fix a regression from r194378.

        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::platformCertificateInfo):

2015-12-25  David Kilzer  <ddkilzer@apple.com>

        ResourceError should store failingURL as URL instead of String to avoid reparsing and to address FIXME comments in ResourceErrorCF.cpp and ResourceErrorMac.mm
        <http://webkit.org/b/146391>

        Reviewed by Antti Koivisto.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::didReceiveResponse):
        (WebCore::DocumentThreadableLoader::preflightFailure):
        * loader/DocumentThreadableLoader.h:
        (WebCore::DocumentThreadableLoader::preflightFailure):
        - Switch type of 'url' argument of preflightFailure() from
          String to URL.
        - Update for type change of 'failingURL' argument to
          ResourceError().

        * loader/EmptyClients.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadResourceSynchronously):
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResourceLoader::responseReceived):
        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::loadDataURL):
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::cancel):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        - Update for type change of 'failingURL' argument to
          ResourceError().

        * page/EventSource.cpp:
        (WebCore::EventSource::didFailAccessControlCheck):
        - Convert failingURL() to String explicitly.

        * platform/efl/ErrorsEfl.cpp:
        (WebCore::cancelledError):
        (WebCore::blockedError):
        (WebCore::blockedByContentBlockerError):
        (WebCore::cannotShowURLError):
        (WebCore::interruptedForPolicyChangeError):
        (WebCore::cannotShowMIMETypeError):
        (WebCore::fileDoesNotExistError):
        (WebCore::pluginWillHandleLoadError):
        (WebCore::downloadCancelledByUserError):
        (WebCore::downloadDestinationError):
        * platform/gtk/ErrorsGtk.cpp:
        (WebCore::cancelledError):
        (WebCore::blockedError):
        (WebCore::blockedByContentBlockerError):
        (WebCore::cannotShowURLError):
        (WebCore::interruptedForPolicyChangeError):
        (WebCore::cannotShowMIMETypeError):
        (WebCore::fileDoesNotExistError):
        (WebCore::pluginWillHandleLoadError):
        (WebCore::downloadCancelledByUserError):
        (WebCore::downloadDestinationError):
        - Update for type change of 'failingURL' argument to
          ResourceError().

        * platform/network/ResourceErrorBase.h:
        (WebCore::ResourceErrorBase::failingURL):
        - Change return type from String to URL.
        (WebCore::ResourceErrorBase::ResourceErrorBase):
        * platform/network/cf/ResourceError.h:
        (WebCore::ResourceError::ResourceError):
        - Change type of 'failingURL' from String to URL.

        * platform/network/cf/ResourceErrorCF.cpp:
        (WebCore::ResourceError::ResourceError):
        - Change type of 'failingURL' from String to URL.
        (WebCore::ResourceError::platformLazyInit):
        - Clean up code and address FIXME by parsing CFURLRef using
          URL() constructor.
        (WebCore::ResourceError::cfError):
        - Clean up code and address FIXME after switching type of
          m_failingURL.

        * platform/network/curl/ResourceError.h:
        (WebCore::ResourceError::ResourceError):
        - Change type of 'failingURL' from String to URL.

        * platform/network/mac/ResourceErrorMac.mm:
        (WebCore::createNSErrorFromResourceErrorBase):
        (WebCore::ResourceError::platformLazyInit):
        - Clean up code and address FIXME after switching type of
          m_failingURL.

        * platform/network/soup/ResourceError.h:
        (WebCore::ResourceError::ResourceError):
        (WebCore::ResourceError::timeoutError):
        * platform/network/soup/ResourceErrorSoup.cpp:
        (WebCore::failingURI):
        (WebCore::ResourceError::timeoutError):
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::timeoutFired):
        - Change type of 'failingURL' from String to URL.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::didFail):
        - Convert failingURL() to String explicitly.
        - Also switch to using makeString().

2015-12-24  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: x2 >= x1 in WebCore::RenderElement::drawLineForBoxSide
        https://bugs.webkit.org/show_bug.cgi?id=151210

        Reviewed by Simon Fraser.

        "IntRect outer = snappedIntRect(inner)" explicitly converts inner to LayoutRect first and
        returns a snapped IntRect. When inner (after the inflate) overflows LayoutUnit,
        the snapped rect might become smaller than the inner rect.

        This patch also enables outline painting on subpixel positions.

        Tests: fast/borders/hidpi-outline-on-subpixel-position.html
               fast/borders/outline-offset-overflow.html

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::paintOutline):

2015-12-24  Simon Fraser  <simon.fraser@apple.com>

        Use an enum for RenderElement's baseTypeFlags
        https://bugs.webkit.org/show_bug.cgi?id=152553

        Reviewed by Zalan Bujtas.

        Use an enum, rather than unsigned, for the BaseTypeFlags bit mask.

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::RenderBlock):
        * rendering/RenderBlock.h:
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::RenderBox):
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::RenderBoxModelObject):
        * rendering/RenderBoxModelObject.h:
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement):
        * rendering/RenderElement.h:
        * rendering/RenderLayerModelObject.cpp:
        (WebCore::RenderLayerModelObject::RenderLayerModelObject):
        * rendering/RenderLayerModelObject.h:

2015-12-24  Simon Fraser  <simon.fraser@apple.com>

        Remove the unused #define _USE_MATH_DEFINES
        https://bugs.webkit.org/show_bug.cgi?id=152034

        Reviewed by Tim Horton.
        
        _USE_MATH_DEFINES was added in r123968 but no longer does anything.

        * platform/graphics/cg/GraphicsContextCG.cpp:
        * platform/graphics/cg/PDFDocumentImage.cpp:
        * rendering/mathml/RenderMathMLMenclose.cpp:
        * rendering/mathml/RenderMathMLOperator.cpp:

2015-12-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: Don't open any new connections until after version change transactions are completely handled.
        https://bugs.webkit.org/show_bug.cgi?id=152441

        Reviewed by Alex Christensen.

        No new tests (At least 4 failing tests now pass).
        
        When a version change transaction is in progress for a database, the server should not open any new connections
        to that database until the version change transaction has been 100% completed.
        
        This means *all* events related to finishing the transaction must fire.
        
        To support this, a new message from client -> server is added.

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::didFinishHandlingVersionChangeTransaction):
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/client/IDBConnectionToServerDelegate.h:
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::dispatchEvent):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/server/IDBServer.cpp:
        (WebCore::IDBServer::IDBServer::didFinishHandlingVersionChangeTransaction):
        * Modules/indexeddb/server/IDBServer.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction): Deleted.
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformAbortTransaction): Deleted.
        (WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseTransaction::didFinishHandlingVersionChange):
        * Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h:
        
        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::loggingString):
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        
        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

2015-12-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/transaction-basics.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152481

        Reviewed by Alex Christensen.

        No new tests (Failing test now passes).

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::transaction): Include the invalid string argument
          in the error message.

2015-12-23  Simon Fraser  <simon.fraser@apple.com>

        Use "constrainedBetween" in more places
        https://bugs.webkit.org/show_bug.cgi?id=152543

        Reviewed by Zalan Bujtas.

        Replace code that contrains points via shrunkTo/expandedTo() with calls
        to constrainedBetween(), and implement constrainedBetween() on IntPoint,
        FloatPoint and LayoutPoint.

        Convert some functions that return points to more modern syntax.

        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::setScrollPosition):
        * page/scrolling/ScrollingTreeScrollingNode.cpp:
        (WebCore::ScrollingTreeScrollingNode::setScrollPosition):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::adjustScrollPositionWithinRange):
        * platform/graphics/FloatPoint.cpp:
        (WebCore::FloatPoint::constrainedBetween):
        * platform/graphics/FloatPoint.h:
        (WebCore::FloatPoint::shrunkTo):
        (WebCore::FloatPoint::expandedTo):
        (WebCore::FloatPoint::transposedPoint):
        * platform/graphics/IntPoint.cpp:
        * platform/graphics/LayoutPoint.cpp:
        (WebCore::LayoutPoint::constrainedBetween):
        * platform/graphics/LayoutPoint.h:
        (WebCore::LayoutPoint::expandedTo):
        (WebCore::LayoutPoint::shrunkTo):
        (WebCore::LayoutPoint::transposedPoint):
        (WebCore::LayoutPoint::fraction):
        (WebCore::LayoutPoint::operator FloatPoint):

2015-12-23  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r187593): Scroll position jumps when selecting text in an iframe
        https://bugs.webkit.org/show_bug.cgi?id=152541
        rdar://problem/23886181

        Reviewed by Tim Horton.
        
        r154382 added code that modifies parentLayer traversal, looking for ancestor
        scrollable layers. However, it confusingly added another code path in which
        the ancestor layer traversal cross a frame boundary, when RenderLayer::scrollRectToVisible()
        already has one. I fixed this new location to adjust the rect coordinates in r187593,
        but then code that hit both crossing points double-mapped the coordinates, causing
        autoscroll jumping.
        
        Fix by reverting r154382 and r187593, going back to doing the ancestor walk in
        one place. Re-fix r154382 by implementing RenderLayer::allowsCurrentScroll(),
        which contains the logic for line clamp, autoscroll and ensuring that overflow:hidden
        can be programmatically scrolled.
        
        Form controls are special; they can have overflow:hidden but still be user-scrollable
        during autoscroll; this is handled via the confusingly-named canBeProgramaticallyScrolled().
        RenderTextControlSingleLine implements this to ensure that readonly text inputs
        autoscroll (which is exercised by a test).
        
        The frame-to-parent-frame rect mapping in RenderLayer::scrollRectToVisible() is
        fixed to use the coordinate mapping functions from Widget/ScrollView, with the
        addition of a new utility function contentsToContainingViewContents().
        
        A "Scrolling" logging channel is added with a few log points.

        Test: fast/events/autoscroll-in-iframe-body.html

        * page/scrolling/ScrollingCoordinator.cpp:
        (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegionForFrame):
        use contentsToContainingViewContents().
        * platform/Logging.h:
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::contentsToContainingViewContents):
        * platform/ScrollView.h:
        * platform/graphics/IntPoint.cpp:
        (WebCore::IntPoint::constrainedBetween): New helper to constrain a point between
        two other points.
        * platform/graphics/IntPoint.h:
        (WebCore::IntPoint::expandedTo):
        (WebCore::IntPoint::shrunkTo):
        * rendering/RenderBox.cpp:
        * rendering/RenderLayer.cpp:
        (WebCore::parentLayerCrossFrame):
        (WebCore::RenderLayer::enclosingScrollableLayer):
        (WebCore::frameElementAndViewPermitScroll):
        (WebCore::RenderLayer::allowsCurrentScroll):
        (WebCore::RenderLayer::scrollRectToVisible):
        * rendering/RenderLayer.h:
        * rendering/RenderTextControlSingleLine.h:

2015-12-22  Simon Fraser  <simon.fraser@apple.com>

        Minor cleanup in RenderBox::canBeProgramaticallyScrolled()
        https://bugs.webkit.org/show_bug.cgi?id=152515

        Reviewed by Tim Horton.

        Remove the scrollsOverflow() check in RenderBox::canBeProgramaticallyScrolled(),
        since if hasScrollableOverflow is true, scrollsOverflow() must also be true.
        
        Factor clientWidth/Height vs. scrollWidth/Height checks into separate functions,
        and call them from two places.
        
        Added a test which is not affected by this particular change, but will verify
        that a later change doesn't break anything.

        Test: fast/overflow/overflow-hidden-scroll-into-view.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::canBeScrolledAndHasScrollableArea):
        (WebCore::RenderBox::canBeProgramaticallyScrolled):
        * rendering/RenderBox.h:
        (WebCore::RenderBox::hasHorizontalOverflow):
        (WebCore::RenderBox::hasVerticalOverflow):
        (WebCore::RenderBox::hasScrollableOverflowX):
        (WebCore::RenderBox::hasScrollableOverflowY):

2015-12-23  Pranjal Jumde  <pjumde@apple.com>

        Avoids stack recursion when indexed propertyNames defined using Object.defineProperty are deleted.
        https://bugs.webkit.org/show_bug.cgi?id=149179
        <rdar://problem/22708019>.

        Reviewed by Filip Pizlo.

        * runtime/JSObject.cpp:
        (JSStorage::deletePropertyByIndex was invoking Base::deleteProperty for indexed propertyNames instead of Base::deletePropertyByIndex leading to a stack recursion)

2015-12-23  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] MediaDeviceInfo.label must be empty in some situations
        https://bugs.webkit.org/show_bug.cgi?id=152000

        Reviewed by Brent Fulgham.

        No new tests, updated fast/mediastream/MediaDevices-enumerateDevices.html.

        * Modules/mediastream/CaptureDeviceManager.cpp:
        (CaptureDeviceManager::getSourcesInfo): TrackSourceInfo constructor takes persistent ID.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::start): If Document had an active stream track, don't bother
          checking for a persistent permission to access devices.
        (WebCore::MediaDevicesRequest::didCompleteCheck): m_hasUserMediaPermission -> m_canShowLabels.
        (WebCore::MediaDevicesRequest::getTrackSources): New, factored out of didCompleteCheck so it
          can be called when we don't need to check permissions.
        (WebCore::MediaDevicesRequest::didCompleteRequest): m_hasUserMediaPermission -> m_canShowLabels.
        * Modules/mediastream/MediaDevicesRequest.h:

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::MediaStream): Call setIsActive. Register new stream with MediaStreamRegistry.
        (WebCore::MediaStream::~MediaStream): Unregister stream with MediaStreamRegistry.
        (WebCore::MediaStream::setIsActive): New. Set m_isActive and call Document if stream is active.
        (WebCore::MediaStream::scheduleActiveStateChange): Call setIsActive.
        (WebCore::MediaStream::registry): MediaStreamRegistry::registry -> MediaStreamRegistry::shared.
        (WebCore::mediaStreams): Deleted. Drive-by cleanup: moved list of all streams to MediaStreamRegistry.
        (WebCore::registerMediaStream): Ditto.
        (WebCore::unRegisterMediaStream): Ditto.
        (WebCore::MediaStream::lookUp): Ditto.
        (WebCore::MediaStream::setRegistry): Ditto.
        * Modules/mediastream/MediaStream.h:

        * Modules/mediastream/MediaStreamRegistry.cpp:
        (WebCore::MediaStreamRegistry::shared): Renamed from "registry".
        (WebCore::MediaStreamRegistry::MediaStreamRegistry):
        (WebCore::MediaStreamRegistry::lookUp): Moved here from MediaStream.
        (WebCore::mediaStreams): Ditto.
        (WebCore::MediaStreamRegistry::registerStream): Ditto.
        (WebCore::MediaStreamRegistry::unregisterStream): Ditto.
        (WebCore::MediaStreamRegistry::registry): Deleted.
        * Modules/mediastream/MediaStreamRegistry.h:

        * dom/Document.h:
        (WebCore::Document::setHasActiveMediaStreamTrack): New, set m_hasHadActiveMediaStreamTrack.
        (WebCore::Document::hasHadActiveMediaStreamTrack): New, return m_hasHadActiveMediaStreamTrack.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::loadResource): MediaStream::lookUp -> MediaStreamRegistry::shared().lookUp.

        * platform/mediastream/MediaStreamTrackSourcesRequestClient.h:
        (WebCore::TrackSourceInfo::create): Take track persistent ID.
        (WebCore::TrackSourceInfo::persistentId): New.
        (WebCore::TrackSourceInfo::TrackSourceInfo): Take track persistent ID.

        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::sourceWithUID): TrackSourceInfo::create takes persistent ID.

        * platform/mock/MockRealtimeMediaSource.cpp:
        (WebCore::MockRealtimeMediaSource::trackSourceWithUID): Ditto.

        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::sourceWithUID): TrackSourceInfo::create takes persistent ID.

2015-12-23  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] In RS during enqueuing error should be reported only if readable
        https://bugs.webkit.org/show_bug.cgi?id=152505

        Reviewed by Youenn Fablet.

        This commit fixes last spec change done in
        https://github.com/whatwg/streams/commit/4ba861e6f60c248060811830e11271c84b439cc3.

        Test: imported/w3c/web-platform-tests/streams-api/readable-streams/bad-strategies.html

        * Modules/streams/ReadableStreamInternals.js:
        (enqueueInReadableStream): Call @errorReadableStream only if state is readable.

2015-12-23  Chris Aljoudi <chris@chrismatic.io> and Alex Christensen <achristensen@webkit.org>

        Content blockers should be able to promote http to https
        https://bugs.webkit.org/show_bug.cgi?id=148966

        Reviewed by Benjamin Poulain.

        Test: http/tests/contentextensions/make-https.html

        * contentextensions/ContentExtensionActions.h:
        * contentextensions/ContentExtensionCompiler.cpp:
        (WebCore::ContentExtensions::serializeActions):
        * contentextensions/ContentExtensionParser.cpp:
        (WebCore::ContentExtensions::loadAction):
        * contentextensions/ContentExtensionRule.cpp:
        (WebCore::ContentExtensions::Action::deserialize):
        (WebCore::ContentExtensions::Action::deserializeType):
        (WebCore::ContentExtensions::Action::serializedLength):
        * contentextensions/ContentExtensionsBackend.cpp:
        (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::requestResource):
        * platform/URL.cpp:
        (WebCore::URL::isBlankURL):
        (WebCore::defaultPortsMap):
        (WebCore::defaultPortForProtocol):
        (WebCore::isDefaultPortForProtocol):
        (WebCore::portAllowed):
        * platform/URL.h:

2015-12-22  Andy Estes  <aestes@apple.com>

        Try to fix the iOS build after r194378

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:

2015-12-22  Andy Estes  <aestes@apple.com>

        [CF] Replace CFNetwork-related WebKitSystemInterface calls with SPI
        https://bugs.webkit.org/show_bug.cgi?id=152463

        Reviewed by Alexey Proskuryakov.

        Replaced WebkitSystemInterface calls that wrapped CFNetwork SPI with direct calls to SPI that is now forward
        declared in CFNetworkSPI.h.

        Also removed some unused declarations and renamed ResourceResponseMac.mm to ResourceResponseCocoa.mm.

        * PlatformMac.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * platform/ios/WebCoreSystemInterfaceIOS.mm:
        * platform/mac/WebCoreSystemInterface.h:
        * platform/mac/WebCoreSystemInterface.mm:
        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/CredentialStorageCFNet.cpp:
        (WebCore::copyCredentialFromProtectionSpace):
        (WebCore::CredentialStorage::getFromPersistentStorage):
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::cookieStorage):
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegate::createResourceRequest):
        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::setStorageSession):
        (WebCore::initializeMaximumHTTPConnectionCountPerHost):
        (WebCore::initializeHTTPConnectionSettingsOnStartup):
        * platform/network/cf/ResourceRequestCFNet.h:
        (WebCore::toResourceLoadPriority):
        (WebCore::toPlatformRequestPriority):
        * platform/network/cf/ResourceResponse.h:
        * platform/network/cf/ResourceResponseCFNet.cpp:
        (WebCore::ResourceResponse::platformCertificateInfo):
        * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
        (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse):
        * platform/network/cocoa/ResourceRequestCocoa.mm:
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        * platform/network/cocoa/ResourceResponseCocoa.mm: Renamed from Source/WebCore/platform/network/mac/ResourceResponseMac.mm.
        (WebCore::ResourceResponse::platformCertificateInfo):
        (WebCore::copyNSURLResponseStatusLine):
        (WebCore::ResourceResponse::platformLazyInit):
        * platform/network/ios/QuickLook.h:
        * platform/network/ios/QuickLook.mm:
        * platform/network/ios/WebCoreURLResponseIOS.mm:
        (WebCore::adjustMIMETypeIfNecessary):
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):
        * platform/network/mac/WebCoreURLResponse.h:
        * platform/network/mac/WebCoreURLResponse.mm:
        (WebCore::adjustMIMETypeIfNecessary):
        * platform/spi/cf/CFNetworkConnectionCacheSPI.h:
        * platform/spi/cf/CFNetworkSPI.h:

2015-12-22  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Everything broken in GTK+ 3.19
        https://bugs.webkit.org/show_bug.cgi?id=150550

        Reviewed by Carlos Garcia Campos.

        Port RenderThemeGtk and ScrollbarThemeGtk to use CSS nodes. This makes it possible to render
        stuff with modern GTK+.

        No new tests. We already have tons of tests for this functionality, but we're running them
        with GTK+ 3.16, so they cannot have detected this breakage. These fixes require unreleased
        GTK+, and GTK+ rendering is currently in a state of flux; once things settle down, we can
        consider upgrading the GTK+ used for our layout tests.

        * platform/gtk/GRefPtrGtk.cpp:
        (WTF::refGPtr):
        (WTF::derefGPtr):
        * platform/gtk/GRefPtrGtk.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::themeChanged):
        (WebCore::ScrollbarThemeGtk::updateThemeProperties):
        (WebCore::orientationStyleClass):
        (WebCore::applyScrollbarStyleContextClasses):
        (WebCore::ScrollbarThemeGtk::paintTrackBackground):
        (WebCore::ScrollbarThemeGtk::paintScrollbarBackground):
        (WebCore::ScrollbarThemeGtk::paintThumb):
        (WebCore::ScrollbarThemeGtk::paintButton):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::createStyleContext):
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::getComboBoxMetrics):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::paintTextField):
        (WebCore::applySliderStyleContextClasses):
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::paintSpinArrowButton):
        (WebCore::styleColor):

2015-12-22  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] MediaStreamTrackPrivate.source should be a reference
        https://bugs.webkit.org/show_bug.cgi?id=152509

        Reviewed by Tim Horton.

        No new tests, no functional change.

        * Modules/mediastream/MediaStream.cpp:
        (WebCore::MediaStream::trackVectorForType):
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/RTCDTMFSender.cpp:
        (WebCore::RTCDTMFSender::create):
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::didCreateStream):
        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::platformLayer):
        (WebCore::MediaStreamPrivate::currentFrameImage):
        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::MediaStreamTrackPrivate):
        * platform/mediastream/MediaStreamTrackPrivate.h:
        (WebCore::MediaStreamTrackPrivate::source):

2015-12-22  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194362.
        https://bugs.webkit.org/show_bug.cgi?id=152508

        crashes release bot (Requested by mcatanzaro on #webkit).

        Reverted changeset:

        "[GTK] Everything broken in GTK+ 3.19"
        https://bugs.webkit.org/show_bug.cgi?id=150550
        http://trac.webkit.org/changeset/194362

2015-12-22  Keith Miller  <keith_miller@apple.com>

        Remove OverridesHasInstance from TypeInfoFlags
        https://bugs.webkit.org/show_bug.cgi?id=152005

        Reviewed by Saam Barati.

        Currently, we have three TypeInfo flags associated with instanceof behavior,
        ImplementsHasInstance, ImplementDefaultHasInstance, and OverridesHasInstance. This patch
        removes the third and moves the first to the out of line flags. In theory, we should only
        need one flag but removing ImplementsHasInstance is more involved and should be done in a
        separate patch.

        * bindings/js/JSDOMBinding.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):

2015-12-22  Brent Fulgham  <bfulgham@apple.com>

        Allow JavaScript to iterate over plugins for local SecurityOrigins
        https://bugs.webkit.org/show_bug.cgi?id=152489

        Reviewed by Alexey Proskuryakov.

        Instead of calling 'isLocalFile' on the URL, we check the Document's SecurityOrigin. If
        no origin exists, we construct a SecurityOrigin from the URL, and check whether it
        satisfies 'isLocal'.

        * page/Page.cpp:
        (WebCore::Page::showAllPlugins): Revised to use SecurityOrigin.

2015-12-22  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Everything broken in GTK+ 3.19
        https://bugs.webkit.org/show_bug.cgi?id=150550

        Reviewed by Carlos Garcia Campos.

        Port RenderThemeGtk and ScrollbarThemeGtk to use CSS nodes. This makes it possible to render
        stuff with modern GTK+.

        No new tests. We already have tons of tests for this functionality, but we're running them
        with GTK+ 3.16, so they cannot have detected this breakage. These fixes require unreleased
        GTK+, and GTK+ rendering is currently in a state of flux; once things settle down, we can
        consider upgrading the GTK+ used for our layout tests.

        * platform/gtk/GRefPtrGtk.cpp:
        (WTF::refGPtr):
        (WTF::derefGPtr):
        * platform/gtk/GRefPtrGtk.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::themeChanged):
        (WebCore::ScrollbarThemeGtk::updateThemeProperties):
        (WebCore::orientationStyleClass):
        (WebCore::applyScrollbarStyleContextClasses):
        (WebCore::ScrollbarThemeGtk::paintTrackBackground):
        (WebCore::ScrollbarThemeGtk::paintScrollbarBackground):
        (WebCore::ScrollbarThemeGtk::paintThumb):
        (WebCore::ScrollbarThemeGtk::paintButton):
        * rendering/RenderThemeGtk.cpp:
        (WebCore::createStyleContext):
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::getComboBoxMetrics):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::paintTextField):
        (WebCore::applySliderStyleContextClasses):
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::paintSpinArrowButton):
        (WebCore::styleColor):

2015-12-20  Jeremy Zerfas  <WebKit@JeremyZerfas.com>

        Don't allocate a NSImage and skip unneeded call to TIFFRepresentation when copying image to clipboard.
        https://bugs.webkit.org/show_bug.cgi?id=152374

        Reviewed by Darin Adler.

        When copying an image to the clipboard, don't bother allocating a
        NSImage and skip the unneeded call to TIFFRepresentation since the data
        from the previous getTIFFRepresentation call can be used instead. This
        considerably reduces the amount of memory and CPU time used for large
        images/animations.

        Test: fast/images/image-copy-memory-usage.html

        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::write):

2015-12-20  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce PassRefPtr uses in dom - 2
        https://bugs.webkit.org/show_bug.cgi?id=151936

        Reviewed by Darin Adler.

        Change PassRefPtr with RefPtr<Foo>&&, WTF::move(), Foo*, and Foo&.

        * dom/ScopedEventQueue.h:
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::registerCallback):
        * dom/ScriptedAnimationController.h:
        * dom/StaticNodeList.h:
        * dom/Traversal.cpp:
        (WebCore::NodeIteratorBase::NodeIteratorBase):
        * dom/Traversal.h:
        * dom/TreeWalker.cpp:
        (WebCore::TreeWalker::TreeWalker):
        (WebCore::TreeWalker::setCurrentNode):
        * dom/TreeWalker.h:
        (WebCore::TreeWalker::create):
        * dom/UserActionElementSet.h:
        * dom/WebKitNamedFlow.cpp:
        (WebCore::WebKitNamedFlow::WebKitNamedFlow):
        (WebCore::WebKitNamedFlow::create):
        (WebCore::WebKitNamedFlow::getRegionsByContent):
        (WebCore::WebKitNamedFlow::getRegions):
        (WebCore::WebKitNamedFlow::getContent):
        * dom/WebKitNamedFlow.h:
        * dom/WheelEvent.cpp:
        (WebCore::WheelEvent::WheelEvent):
        (WebCore::WheelEvent::initWheelEvent):
        (WebCore::WheelEvent::initWebKitWheelEvent):
        * dom/WheelEvent.h:

2015-12-20  Michael Catanzaro  <mcatanzaro@igalia.com>

        [SOUP] Performs DNS prefetch when a proxy is configured (information leak)
        https://bugs.webkit.org/show_bug.cgi?id=145542

        Reviewed by Darin Adler.

        Perform DNS prefetch only when no proxy is configured.

        No new tests. Test this manually with Wireshark. Run the simple-proxy example program found
        in libsoup's examples directory, set that as your system HTTP proxy, and see if DNS queries
        show up in Wireshark when refreshing a page sent over HTTP. They should appear only when the
        proxy is not configured.

        * platform/network/DNSResolveQueue.cpp:
        (WebCore::DNSResolveQueue::DNSResolveQueue):
        (WebCore::DNSResolveQueue::isUsingProxy):
        * platform/network/DNSResolveQueue.h:
        * platform/network/cf/DNSCFNet.cpp:
        (WebCore::DNSResolveQueue::updateIsUsingProxy):
        (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences): Deleted.
        * platform/network/soup/DNSSoup.cpp:
        (WebCore::didResolveProxy):
        (WebCore::proxyResolvedForHttpUriCallback):
        (WebCore::proxyResolvedForHttpsUriCallback):
        (WebCore::DNSResolveQueue::updateIsUsingProxy):
        (WebCore::DNSResolveQueue::platformProxyIsEnabledInSystemPreferences): Deleted.

2015-12-20  Dan Bernstein  <mitz@apple.com>

        Remove unused setToolbarHeight
        https://bugs.webkit.org/show_bug.cgi?id=152466

        Reviewed by Darin Adler.

        * inspector/InspectorFrontendClient.h:
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::setToolbarHeight): Deleted.
        * inspector/InspectorFrontendHost.h:
        * inspector/InspectorFrontendHost.idl:
        * testing/Internals.cpp:

2015-12-20  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194033 and r194267.
        https://bugs.webkit.org/show_bug.cgi?id=152465

        Caused crashes on Mac WK1 bots (Requested by youenn on
        #webkit).

        Reverted changesets:

        "[Streams API] Expose ReadableStream and relatives to Worker"
        https://bugs.webkit.org/show_bug.cgi?id=152066
        http://trac.webkit.org/changeset/194033

        "[Streams API] imported/w3c/web-platform-tests/streams-api
        /readable-streams/cancel.html has a flaky test"
        https://bugs.webkit.org/show_bug.cgi?id=152065
        http://trac.webkit.org/changeset/194267

2015-12-19  Dan Bernstein  <mitz@apple.com>

        [Mac] WebKit contains dead source code for OS X Mavericks and earlier
        https://bugs.webkit.org/show_bug.cgi?id=152462

        Reviewed by Alexey Proskuryakov.

        - Removed build setting definitions for OS X 10.9 and earlier, and simplified defintions
          that became uniform across all OS X versions as a result:

        * Configurations/DebugRelease.xcconfig:
        * Configurations/FeatureDefines.xcconfig:
        * Configurations/Version.xcconfig:

        - Removed support for animating default buttons:

        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::RenderButton): Removed m_default initialization.
        (WebCore::RenderButton::styleDidChange): Removed checking for animating default button and
          starting the animation timer.
        (WebCore::RenderButton::timerFired): Deleted.
        * rendering/RenderButton.h: Removed m_timer and m_default member variables
        * rendering/RenderTheme.h:
        (WebCore::RenderTheme::defaultButtonHasAnimation): Deleted.
        * rendering/RenderThemeMac.h: Deleted override.
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::defaultButtonHasAnimation): Deleted.

        - Simplified expressions involving __MAC_OS_X_VERSION_MIN_REQUIRED and removed code that was
          never getting compiled:

        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        * editing/mac/DictionaryLookup.h:
        * editing/mac/DictionaryLookup.mm:
        * html/canvas/WebGLDrawBuffers.cpp:
        * loader/DocumentLoader.cpp:
        * loader/cache/CachedFont.cpp:
        * loader/cocoa/DiskCacheMonitorCocoa.h:
        * page/cocoa/SettingsCocoa.mm:
        * platform/Scrollbar.cpp:
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        * platform/cocoa/NetworkExtensionContentFilter.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        * platform/graphics/cg/ImageSourceCG.cpp:
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        * platform/graphics/mac/GraphicsContext3DMac.mm:
        * platform/mac/NSScrollerImpDetails.h:
        * platform/mac/ScrollAnimatorMac.mm:
        * platform/mac/ScrollViewMac.mm:
        * platform/mac/ScrollbarThemeMac.mm:
        * platform/mac/ThemeMac.mm:
        * platform/mac/WebCoreFullScreenPlaceholderView.h:
        * platform/mac/WebCoreFullScreenPlaceholderView.mm:
        * platform/network/cf/CookieJarCFNet.cpp:
        * platform/network/cf/ResourceRequest.h:
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cocoa/CoreTextSPI.h:
        * platform/spi/cocoa/NSButtonCellSPI.h:
        * platform/spi/cocoa/NSColorSPI.h:
        * platform/spi/cocoa/QuartzCoreSPI.h:
        * platform/spi/mac/LookupSPI.h:
        * platform/spi/mac/NSFontSPI.h:
        * platform/spi/mac/NSImmediateActionGestureRecognizerSPI.h:
        * platform/spi/mac/NSPopoverSPI.h:
        * platform/spi/mac/NSSharingServicePickerSPI.h:
        * platform/spi/mac/NSSharingServiceSPI.h:
        * platform/spi/mac/TUCallSPI.h:
        * platform/sql/SQLiteDatabase.cpp:

2015-12-18  Antti Koivisto  <antti@apple.com>

        Cache redirects as separate entries
        https://bugs.webkit.org/show_bug.cgi?id=152424

        Reviewed by Alex Christensen.

        Test: http/tests/cache/disk-cache/disk-cache-redirect.html

        * platform/network/ResourceRequestBase.h:

2015-12-18  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Empty context menu item.
        https://bugs.webkit.org/show_bug.cgi?id=152423

        Reviewed by Alex Christensen.

        The context menu contains a submenu item with no text.

        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::populate):

2015-12-18  Michael Catanzaro  <mcatanzaro@igalia.com>

        Avoid triggering clang's -Wundefined-bool-conversion
        https://bugs.webkit.org/show_bug.cgi?id=152408

        Reviewed by Mark Lam.

        Remove use of ASSERT(this).

        * dom/TreeScope.cpp:
        (WebCore::TreeScope::adoptIfNeeded):
        * page/Frame.cpp:
        (WebCore::Frame::createView):

2015-12-18  Simon Fraser  <simon.fraser@apple.com>

        Remove the 'ignoreViewportScalingConstraints' Setting, which was unused
        https://bugs.webkit.org/show_bug.cgi?id=152435

        Reviewed by Tim Horton.

        r177110 added a WebCore setting called ignoreViewportScalingConstraints,
        but it was never used, so remove it.

        * page/Settings.in:

2015-12-18  Brent Fulgham  <bfulgham@apple.com>

        Place an upper bound on canvas pixel count
        https://bugs.webkit.org/show_bug.cgi?id=151825
        <rdar://problem/23324916>

        Reviewed by Simon Fraser (Relanded by Brent Fulgham)

        Malformed JavaScript can attempt to create lots of canvas contexts. Limit the amount of memory
        we will use for this purpose to some percentage of system RAM.

        * html/HTMLCanvasElement.cpp:
        (WebCore::removeFromActivePixelMemory): Added helper function
        (WebCore::HTMLCanvasElement::~HTMLCanvasElement): Call new 'releaseImageBufferAndContext' method
        to ensure ImageBuffer and graphics context state are properly cleaned up.
        (WebCore::maxActivePixels): Use one quarter of the system RAM, or 2 GB (whichever is more) as
        an upper bound on active pixel memory.
        (WebCore::HTMLCanvasElement::getContext): If we are attempting to create a context that will cause
        us to exceed the allowed active pixel count, fail.
        (WebCore::HTMLCanvasElement::releaseImageBufferAndContext): Added helper function
        (WebCore::HTMLCanvasElement::setSurfaceSize): Use the new 'releaseImageBufferAndContext' method
        to handle active pixel memory counts.
        (WebCore::HTMLCanvasElement::createImageBuffer): Refuse to create a backing buffer if it will
        exceed our available pixel memory.

2015-12-18  Olivier Blin  <olivier.blin@softathome.com>

        Fix the !ENABLE(VIDEO) build after r192953 for <picture> element introduction
        https://bugs.webkit.org/show_bug.cgi?id=152431

        Since r192953, HTMLSourceElement is built even if video is disabled,
        since it is used by the picture element.

        But build was broken with -no-video, since HTMLMediaElement usage
        should be guarded by VIDEO guards, and its JS bindings were still
        under a video conditional.

        Reviewed by Alex Christensen.

        No new tests, build fix only.

        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::insertedInto):
        (WebCore::HTMLSourceElement::removedFrom):
        * html/HTMLSourceElement.idl:

2015-12-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Refactor when opening the backing store takes place.
        https://bugs.webkit.org/show_bug.cgi?id=152405

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection): Move the "open backing store" logic
          from here to performCurrentOpenOperation.
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): If the database backing store is
          not open yet, kick off opening it here.
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations): Rework this stuff to be better.

2015-12-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: Refactor open/delete requests to exist in the same queue.
        https://bugs.webkit.org/show_bug.cgi?id=152397

        Reviewed by Alex Christensen.

        No new tests (Refactor, all existing tests continue to pass).

        The order between incoming open and delete requests matters, and each request
        needs to be handled individually.
        
        This patch does the above without changing behavior on existing passing tests,
        while moving many currently skipped tests closer to passing.
    
        * Modules/indexeddb/server/IDBServerOperation.cpp:
        (WebCore::IDBServer::IDBServerOperation::notifyDeleteRequestBlocked):
        (WebCore::IDBServer::IDBServerOperation::notifyDidDeleteDatabase):
        * Modules/indexeddb/server/IDBServerOperation.h:
        (WebCore::IDBServer::IDBServerOperation::hasNotifiedDeleteRequestBlocked):

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabase::isVersionChangeInProgress):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::invokeOperationAndTransactionTimer):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeDeleteDatabase): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-17  Csaba Osztrogonác  <ossy@webkit.org>

        [EFL] edje shouldn't have verbose output
        https://bugs.webkit.org/show_bug.cgi?id=152381

        Reviewed by Gyuyoung Kim.

        * platform/efl/DefaultTheme/CMakeLists.txt:

2015-12-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194241 and r194252.
        https://bugs.webkit.org/show_bug.cgi?id=152415

        Caused crashes on GuardMalloc (Requested by ap on #webkit).

        Reverted changesets:

        "Modern IDB: Refactor open/delete requests to exist in the
        same queue."
        https://bugs.webkit.org/show_bug.cgi?id=152397
        http://trac.webkit.org/changeset/194241

        "Modern IDB: Refactor when opening the backing store takes
        place."
        https://bugs.webkit.org/show_bug.cgi?id=152405
        http://trac.webkit.org/changeset/194252

2015-12-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: Refactor when opening the backing store takes place.
        https://bugs.webkit.org/show_bug.cgi?id=152405

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection): Move the "open backing store" logic
          from here to performCurrentOpenOperation.
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): If the database backing store is
          not open yet, kick off opening it here.
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations): Rework this stuff to be better.

2015-12-16  Simon Fraser  <simon.fraser@apple.com>

        ViewportConfiguration functions should return a bool to say if anything changed
        https://bugs.webkit.org/show_bug.cgi?id=152353

        Reviewed by Tim Horton.

        Rather than callers all checking whether setting ViewportConfiguration values
        changes state, have its functions return a bool if the values change.

        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::setContentsSize):
        (WebCore::ViewportConfiguration::setMinimumLayoutSize):
        (WebCore::ViewportConfiguration::setViewportArguments):
        (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints):
        * page/ViewportConfiguration.h:
        (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints): Deleted.

2015-12-16  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Add JSContext Script Profiling
        https://bugs.webkit.org/show_bug.cgi?id=151899

        Reviewed by Brian Burg.

        Tests: inspector/script-profiler/event-type-API.html
               inspector/script-profiler/event-type-Microtask.html
               inspector/script-profiler/tracking.html

        * ForwardingHeaders/inspector/agents/InspectorScriptProfilerAgent.h: Added.

        * inspector/InspectorController.h:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        Create the new agent, even if we don't use it yet for Page inspection.

        (WebCore::InspectorController::willCallInjectedScriptFunction): Deleted.
        (WebCore::InspectorController::didCallInjectedScriptFunction): Deleted.
        No longer needed, implementation was pushed up into InjectedScriptBase.

        * inspector/InspectorCSSAgent.cpp:
        (WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):
        * inspector/InspectorReplayAgent.cpp:
        (WebCore::buildInspectorObjectForSession):
        Disambiguate types.

2015-12-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: Refactor open/delete requests to exist in the same queue.
        https://bugs.webkit.org/show_bug.cgi?id=152397

        Reviewed by Alex Christensen.

        No new tests (Refactor, all existing tests continue to pass).

        The order between incoming open and delete requests matters, and each request
        needs to be handled individually.
        
        This patch does the above without changing behavior on existing passing tests,
        while moving many currently skipped tests closer to passing.
    
        * Modules/indexeddb/server/IDBServerOperation.cpp:
        (WebCore::IDBServer::IDBServerOperation::notifyDeleteRequestBlocked):
        (WebCore::IDBServer::IDBServerOperation::notifyDidDeleteDatabase):
        * Modules/indexeddb/server/IDBServerOperation.h:
        (WebCore::IDBServer::IDBServerOperation::hasNotifiedDeleteRequestBlocked):

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabase::isVersionChangeInProgress):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::invokeOperationAndTransactionTimer):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::maybeDeleteDatabase): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-17  Brent Fulgham  <bfulgham@apple.com>

        [Win] Prevent flashing/strobing repaints on certain hardware
        https://bugs.webkit.org/show_bug.cgi?id=152394
        <rdar://problem/23875302>

        Reviewed by Simon Fraser.

        This patch reverts a change I made in r192166, where I always set the
        m_viewNeedsUpdate flag to true when a 'flushContext' call was made. Instead,
        we should go back to letting the view decide when it needs to paint.

        * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
        (WebCore::WKCACFViewLayerTreeHost::flushContext): Don't just claim that
        the view needs to be updated any time we are asked to flush. 

2015-12-17  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Release Direct3D swap chain object earlier.
        https://bugs.webkit.org/show_bug.cgi?id=152392

        Reviewed by Alex Christensen.

        Since we don't use the swap chain object to render the video to a window,
        but render frames to Cairo bitmaps, we can let go of the swap chain object
        earlier than we currently do. 

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::clearDesiredSampleTime):
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::createVideoSamples):

2015-12-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r194201.
        https://bugs.webkit.org/show_bug.cgi?id=152391

        Caused crashes with GuardMalloc (Requested by ap|away on
        #webkit).

        Reverted changeset:

        "Reduce PassRefPtr uses in dom - 2"
        https://bugs.webkit.org/show_bug.cgi?id=151936
        http://trac.webkit.org/changeset/194201

2015-12-17  Csaba Osztrogonác  <ossy@webkit.org>

        Fix unused parameter handling in WebGLRenderingContextBase.cp
        https://bugs.webkit.org/show_bug.cgi?id=152387

        Reviewed by Alex Christensen.

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::activeTexture):
        (WebCore::WebGLRenderingContextBase::attachShader):
        (WebCore::WebGLRenderingContextBase::bindAttribLocation):
        (WebCore::WebGLRenderingContextBase::bindBuffer):
        (WebCore::WebGLRenderingContextBase::bindFramebuffer):
        (WebCore::WebGLRenderingContextBase::bindRenderbuffer):
        (WebCore::WebGLRenderingContextBase::bindTexture):
        (WebCore::WebGLRenderingContextBase::bufferData):
        (WebCore::WebGLRenderingContextBase::bufferSubData):
        (WebCore::WebGLRenderingContextBase::compileShader):
        (WebCore::WebGLRenderingContextBase::createShader):
        (WebCore::WebGLRenderingContextBase::detachShader):
        (WebCore::WebGLRenderingContextBase::disableVertexAttribArray):
        (WebCore::WebGLRenderingContextBase::drawArrays):
        (WebCore::WebGLRenderingContextBase::drawElements):
        (WebCore::WebGLRenderingContextBase::enableVertexAttribArray):
        (WebCore::WebGLRenderingContextBase::framebufferRenderbuffer):
        (WebCore::WebGLRenderingContextBase::framebufferTexture2D):
        (WebCore::WebGLRenderingContextBase::getActiveAttrib):
        (WebCore::WebGLRenderingContextBase::getActiveUniform):
        (WebCore::WebGLRenderingContextBase::getAttachedShaders):
        (WebCore::WebGLRenderingContextBase::getBufferParameter):
        (WebCore::WebGLRenderingContextBase::getProgramParameter):
        (WebCore::WebGLRenderingContextBase::getProgramInfoLog):
        (WebCore::WebGLRenderingContextBase::getRenderbufferParameter):
        (WebCore::WebGLRenderingContextBase::getShaderParameter):
        (WebCore::WebGLRenderingContextBase::getShaderInfoLog):
        (WebCore::WebGLRenderingContextBase::getShaderPrecisionFormat):
        (WebCore::WebGLRenderingContextBase::getShaderSource):
        (WebCore::WebGLRenderingContextBase::getTexParameter):
        (WebCore::WebGLRenderingContextBase::getUniform):
        (WebCore::WebGLRenderingContextBase::getUniformLocation):
        (WebCore::WebGLRenderingContextBase::getVertexAttrib):
        (WebCore::WebGLRenderingContextBase::linkProgram):
        (WebCore::WebGLRenderingContextBase::shaderSource):
        (WebCore::WebGLRenderingContextBase::uniform1f):
        (WebCore::WebGLRenderingContextBase::uniform1fv):
        (WebCore::WebGLRenderingContextBase::uniform1i):
        (WebCore::WebGLRenderingContextBase::uniform1iv):
        (WebCore::WebGLRenderingContextBase::uniform2f):
        (WebCore::WebGLRenderingContextBase::uniform2fv):
        (WebCore::WebGLRenderingContextBase::uniform2i):
        (WebCore::WebGLRenderingContextBase::uniform2iv):
        (WebCore::WebGLRenderingContextBase::uniform3f):
        (WebCore::WebGLRenderingContextBase::uniform3fv):
        (WebCore::WebGLRenderingContextBase::uniform3i):
        (WebCore::WebGLRenderingContextBase::uniform3iv):
        (WebCore::WebGLRenderingContextBase::uniform4f):
        (WebCore::WebGLRenderingContextBase::uniform4fv):
        (WebCore::WebGLRenderingContextBase::uniform4i):
        (WebCore::WebGLRenderingContextBase::uniform4iv):
        (WebCore::WebGLRenderingContextBase::uniformMatrix2fv):
        (WebCore::WebGLRenderingContextBase::uniformMatrix3fv):
        (WebCore::WebGLRenderingContextBase::uniformMatrix4fv):
        (WebCore::WebGLRenderingContextBase::useProgram):
        (WebCore::WebGLRenderingContextBase::validateProgram):
        (WebCore::WebGLRenderingContextBase::vertexAttribPointer):

2015-12-16  Alex Christensen  <achristensen@webkit.org>

        Make SessionID use intHash
        https://bugs.webkit.org/show_bug.cgi?id=152356

        Reviewed by Darin Adler.

        * page/SessionID.h:
        (WTF::SessionIDHash::hash):
        (WTF::SessionIDHash::equal):
        (WTF::HashTraits<WebCore::SessionID>::emptyValue):
        (WTF::HashTraits<WebCore::SessionID>::constructDeletedValue):
        (WTF::HashTraits<WebCore::SessionID>::isDeletedValue):
        Use intHash instead of just casting a uint64_t to an unsigned.
        This reduces hash collisions in HashTables that are usually quite small so it isn't much of a problem.
        Also, needsDestruction hasn't been in HashTraits since r156507.

2015-12-16  Simon Fraser  <simon.fraser@apple.com>

        Fix the debug region overlays for RTL documents
        https://bugs.webkit.org/show_bug.cgi?id=152372

        Reviewed by Darin Adler.
        
        Fix document overlays to use document coordinates when painting, which requires
        translating the CTM, and counter-translating the dirtyRect by the scroll origin.
        This is only non-zero for RTL documents.
        
        While doing this, I noticed that the scroll origin was misplaced by the scrollbar
        width when using overlay scrollbars. Fix by using occupiedWidth/Height() in
        ScrollView::updateScrollbars(). I was not able to make a test for this change.

        * page/FrameView.cpp:
        (WebCore::FrameView::adjustViewSize):
        * page/PageOverlay.cpp:
        (WebCore::PageOverlay::drawRect):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::updateScrollbars):

2015-12-16  Andy Estes  <aestes@apple.com>

        [iOS] Block loading external stylesheets in the Content-Disposition: attachment sandbox
        https://bugs.webkit.org/show_bug.cgi?id=152375
        <rdar://problem/22020902>

        Reviewed by Darin Adler.

        Tests: http/tests/contentdispositionattachmentsandbox/at-import-stylesheets-disabled.html
               http/tests/contentdispositionattachmentsandbox/external-stylesheets-disabled.html
               http/tests/contentdispositionattachmentsandbox/xml-stylesheet-processing-instructions-disabled.html

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::canRequest): Moved handling of CachedResource::MainResource to canRequestInContentDispositionAttachmentSandbox().
        (WebCore::CachedResourceLoader::canRequestInContentDispositionAttachmentSandbox): In addition to handling CachedResource::MainResource,
        added handling for CachedResource::CSSStyleSheet. Added a FIXME asking whether we should handle other types of resources, too.
        * loader/cache/CachedResourceLoader.h:

2015-12-16  Simon Fraser  <simon.fraser@apple.com>

        ViewportConfiguration functions should return a bool to say if anything changed
        https://bugs.webkit.org/show_bug.cgi?id=152353

        Reviewed by Tim Horton.

        Rather than callers all checking whether setting ViewportConfiguration values
        changes state, have its functions return a bool if the values change.

        * page/ViewportConfiguration.cpp:
        (WebCore::ViewportConfiguration::setContentsSize):
        (WebCore::ViewportConfiguration::setMinimumLayoutSize):
        (WebCore::ViewportConfiguration::setViewportArguments):
        (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints):
        * page/ViewportConfiguration.h:
        (WebCore::ViewportConfiguration::setCanIgnoreScalingConstraints): Deleted.

2015-12-16  Andreas Kling  <akling@apple.com>

        Give kernel VM some hints about non-live memory-cached resources.
        <https://webkit.org/b/152362>

        Reviewed by Geoffrey Garen.

        When a file-backed CachedResource has no live clients left, and is only being kept alive
        because it's cached in the MemoryCache, give the OS a hint that we probably won't need
        that memory very soon.

        Normally this doesn't do anything, but in case the system comes under memory pressure,
        the kernel can prioritize eviction of such clean-but-unneeded pages, which prevents us
        from throwing other processes under the bus too soon.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::deleteIfPossible):
        * platform/SharedBuffer.cpp:
        (WebCore::SharedBuffer::hintMemoryNotNeededSoon):
        * platform/SharedBuffer.h:
        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::hintMemoryNotNeededSoon):

2015-12-16  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce PassRefPtr uses in dom - 2
        https://bugs.webkit.org/show_bug.cgi?id=151936

        Reviewed by Darin Adler.

        Change PassRefPtr with RefPtr<Foo>&&, WTF::move(), Foo*, and Foo&.

        * dom/ScopedEventQueue.h:
        * dom/ScriptedAnimationController.cpp:
        (WebCore::ScriptedAnimationController::registerCallback):
        * dom/ScriptedAnimationController.h:
        * dom/StaticNodeList.h:
        * dom/Traversal.cpp:
        (WebCore::NodeIteratorBase::NodeIteratorBase):
        * dom/Traversal.h:
        * dom/TreeWalker.cpp:
        (WebCore::TreeWalker::TreeWalker):
        (WebCore::TreeWalker::setCurrentNode):
        * dom/TreeWalker.h:
        (WebCore::TreeWalker::create):
        * dom/UserActionElementSet.h:
        * dom/WebKitNamedFlow.cpp:
        (WebCore::WebKitNamedFlow::WebKitNamedFlow):
        (WebCore::WebKitNamedFlow::create):
        (WebCore::WebKitNamedFlow::getRegionsByContent):
        (WebCore::WebKitNamedFlow::getRegions):
        (WebCore::WebKitNamedFlow::getContent):
        * dom/WebKitNamedFlow.h:
        * dom/WheelEvent.cpp:
        (WebCore::WheelEvent::WheelEvent):
        (WebCore::WheelEvent::initWheelEvent):
        (WebCore::WheelEvent::initWebKitWheelEvent):
        * dom/WheelEvent.h:

2015-12-16  Simon Fraser  <simon.fraser@apple.com>

        Simplify isOverlayScrollbar() logic
        https://bugs.webkit.org/show_bug.cgi?id=152357

        Reviewed by Beth Dakin.

        Replace code that checks for isOverlayScrollbar() explicitly with calls to new
        occupiedWidth()/occupiedHeight() functions on Scrollbar, which do the overlay
        scrollbar check internally.
        
        Add ScrollableArea::scrollbarIntrusion() which returns an IntSize with the occupiedWidth
        and occupiedHeight of any scrollbars, and use it in a few places.

        * page/FrameView.cpp:
        (WebCore::FrameView::autoSizeIfEnabled):
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea):
        (WebCore::ScrollView::calculateOverhangAreasForPainting):
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollbarIntrusion):
        (WebCore::ScrollableArea::visibleContentRectInternal):
        * platform/ScrollableArea.h:
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::occupiedWidth):
        (WebCore::Scrollbar::occupiedHeight):
        * platform/Scrollbar.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::visibleContentRectInternal):
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::verticalScrollbarWidth):

2015-12-16  Alex Christensen  <achristensen@webkit.org>

        Fix internal Windows build
        https://bugs.webkit.org/show_bug.cgi?id=152364
        rdar://problem/23928759

        Reviewed by Tim Horton.

        * WebCore.vcxproj/WebCore.proj:

2015-12-16  Brady Eidson  <beidson@apple.com>

        Modern IDB: Refactor UniqueIDBDatabase in preparation for consolidation open and delete requests.
        https://bugs.webkit.org/show_bug.cgi?id=152355

        Reviewed by Alex Christensen.

        No new tests (Refactor, existing tests pass).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-16  Brady Eidson  <beidson@apple.com>

        Modern IDB: Have IDBServerOperations know whether they represent an open or delete request.
        https://bugs.webkit.org/show_bug.cgi?id=152351

        Reviewed by Alex Christensen.

        No new tests (Refactor, existing tests pass).

        * Modules/indexeddb/IndexedDB.h:
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::createDeleteRequest):
        (WebCore::IDBClient::IDBOpenDBRequest::createOpenRequest):
        (WebCore::IDBClient::IDBOpenDBRequest::IDBOpenDBRequest):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.h:
        (WebCore::IDBClient::IDBRequest::requestType):
        
        * Modules/indexeddb/server/IDBServerOperation.cpp:
        (WebCore::IDBServer::IDBServerOperation::isOpenRequest):
        (WebCore::IDBServer::IDBServerOperation::isDeleteRequest):
        * Modules/indexeddb/server/IDBServerOperation.h:
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::maybeDeleteDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::notifyConnectionsOfVersionChangeForUpgrade):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        
        * Modules/indexeddb/shared/IDBRequestData.cpp:
        (WebCore::IDBRequestData::IDBRequestData):
        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::isOpenRequest):
        (WebCore::IDBRequestData::isDeleteRequest):

2015-12-16  Alex Christensen  <achristensen@webkit.org>

        Build fix after r194156.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):

2015-12-16  Brady Eidson  <beidson@apple.com>

        Modern IDB: Combine handling open requests, delete requests, and transactions into one timer.
        https://bugs.webkit.org/show_bug.cgi?id=152344

        Reviewed by Alex Christensen.

        No new tests (Refactor, existing tests pass).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
        (WebCore::IDBServer::UniqueIDBDatabase::enqueueTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::invokeOperationAndTransactionTimer):
        (WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired):
        (WebCore::IDBServer::UniqueIDBDatabase::didPerformActivateTransactionInBackingStore):
        (WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):
        (WebCore::IDBServer::UniqueIDBDatabase::invokeDeleteOrRunTransactionTimer): Deleted.
        (WebCore::IDBServer::UniqueIDBDatabase::deleteOrRunTransactionsTimerFired): Deleted.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-16  Alex Christensen  <achristensen@webkit.org>

        Build fix after r194156.

        * platform/network/cf/ResourceHandleCFNet.cpp:
        * platform/network/mac/ResourceHandleMac.mm:
        Include definition of _TimingDataOptionsEnableW3CNavigationTiming

2015-12-16  Alex Christensen  <achristensen@webkit.org>

        Implement Web Timing when using NETWORK_SESSION
        https://bugs.webkit.org/show_bug.cgi?id=152285

        Reviewed by Darin Adler.

        Covered by existing tests.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/network/ResourceHandle.h:
        * platform/network/ResourceLoadTiming.h:
        (WebCore::ResourceLoadTiming::encode):
        Moved setCollectsTimingData from ResourceHandle to ResourceLoadTiming.h to be shared 
        with WebKit2 when using NETWORK_SESSION, which does not use ResourceHandle.
        Also moved getConnectionTimingData to copyTimingData in ResourceLoadTiming for the same reason.
        * platform/network/cf/ResourceHandleCFNet.cpp:
        (WebCore::ResourceHandle::createCFURLConnection):
        (WebCore::ResourceHandle::start):
        Use the proper definition of _TimingDataOptionsEnableW3CNavigationTiming.
        * platform/network/cocoa/ResourceLoadTiming.mm: Added.
        (WebCore::timingValue):
        (WebCore::copyTimingData):
        Moved from getConnectionTimingData, and use objectForKey instead of valueForKey,
        and check to see if there is no object in the dictionary with the given key.
        This should never happen with the current CFNetwork implementation, but it's good to check dictionaries.
        (WebCore::setCollectsTimingData):
        Use _collectTimingDataWithOptions, which should be a slight performance improvement on Mavericks
        because we are not collecting unused timing data. Hooray!
        * platform/network/mac/ResourceHandleMac.mm:
        (WebCore::ResourceHandle::createNSURLConnection):
        (WebCore::ResourceHandle::getConnectionTimingData):
        (WebCore::ResourceHandle::setCollectsTimingData): Deleted.
        * platform/spi/cf/CFNetworkSPI.h:
        * platform/spi/cocoa/NSURLConnectionSPI.h:
        Moved definitions of SPI to proper SPI headers.

2015-12-16  Beth Dakin  <bdakin@apple.com>

        Legacy style scrollbars do not change color when you mouse over them if you 
        are scrolled
        https://bugs.webkit.org/show_bug.cgi?id=152319
        -and corresponding-
        rdar://problem/23317668

        Reviewed by Darin Adler.

        The scrollbar’s frameRect is in window coordinates, so we need to compare a 
        point in window coordinates when we test this.

        The call to convertFromContainingWindow does not return a point in view 
        coordinates, so we should not call the variable viewPoint. We do still need 
        to call it for subframes. convertFromContainingWindow doesn’t do anything for 
        the root ScrollView (for Mac WK2 at least).
        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollbarAtPoint):

        HitTestLocation is in contents coordinates. It needs to be converted to 
        window coordinates
        * rendering/RenderView.cpp:
        (WebCore::RenderView::hitTest):

2015-12-08  Sergio Villar Senin  <svillar@igalia.com>

        Fix computation of min|max-content contribution of non-replaced blocks
        https://bugs.webkit.org/show_bug.cgi?id=152004

        Reviewed by Darin Adler.

        WebKit currently always returns the min preferred logical
        width for the min-content contribution (and the max preferred
        logical width for the max-content contribution) for
        non-replaced blocks. That is not correct according to specs
        https://drafts.csswg.org/css-sizing/#block-intrinsic.

        The min-content and max-content contributions actually depend
        on the computed inline size of the block:
        * for min-content,max-content or definite sizes: min-content
        and max-content contributions are the inline size plus border,
        margin and padding.
        * otherwise: min-content contribution is the min-content size
        and max-content contribution is the max-content size (in both
        cases plus border, padding and margin).

        Tests: fast/css-intrinsic-dimensions/auto-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/auto-mincontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/fillavailable-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/fillavailable-mincontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/fitcontent-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/fitcontent-mincontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/fixed-inlinesize-contribution-nonreplaced-blocks-1.html
               fast/css-intrinsic-dimensions/fixed-inlinesize-contribution-nonreplaced-blocks-2.html
               fast/css-intrinsic-dimensions/indefinite-percent-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/indefinite-percent-mincontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/maxcontent-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/maxcontent-mincontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/mincontent-maxcontent-inlinesize-contribution-nonreplaced-blocks.html
               fast/css-intrinsic-dimensions/mincontent-mincontent-inlinesize-contribution-nonreplaced-blocks.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeBlockPreferredLogicalWidths):

2015-12-16  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Fetch API] Add fetch API compile time flag
        https://bugs.webkit.org/show_bug.cgi?id=152254

        Reviewed by Darin Adler.

        * Configurations/FeatureDefines.xcconfig:

2015-12-15  Zalan Bujtas  <zalan@apple.com>

        FontCascade cleanup: Remove ::drawSimpleText and ::drawComplexText.
        https://bugs.webkit.org/show_bug.cgi?id=152323

        Reviewed by Myles C. Maxfield.

        Platform code for ::drawComplexText() is redundant and has 
        no platform dependent logic. Move it all to ::drawText()

        No change in functionality.

        * platform/graphics/FontCascade.cpp:
        (WebCore::FontCascade::glyphBufferForTextRun):
        (WebCore::FontCascade::drawText):
        (WebCore::FontCascade::drawSimpleText): Deleted.
        * platform/graphics/FontCascade.h:
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::FontCascade::drawComplexText): Deleted.
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        (WebCore::FontCascade::drawComplexText): Deleted.
        * platform/graphics/win/FontWin.cpp:
        (WebCore::FontCascade::drawComplexText): Deleted.

2015-12-15  Tim Horton  <timothy_horton@apple.com>

        [Mac] Gesture Events should not have negative scale
        https://bugs.webkit.org/show_bug.cgi?id=151065
        <rdar://problem/23474123>

        Reviewed by Anders Carlsson.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::clear):
        * page/EventHandler.h:
        Make it possible to use m_gestureInitialDiameter for Mac gesture events too.

2015-12-15  Timothy Horton  <timothy_horton@apple.com>

        Try to fix the CMake build

        * CMakeLists.txt:

2015-12-15  Timothy Horton  <timothy_horton@apple.com>

        Try to fix the CMake build

        * CMakeLists.txt:

2015-12-15  Tim Horton  <timothy_horton@apple.com>

        REGRESSION (r191849): There's no yellow bouncy highlight when using Find on Page on iOS
        https://bugs.webkit.org/show_bug.cgi?id=152241
        <rdar://problem/23642574>

        Reviewed by Simon Fraser.

        Tests: pageoverlay/overlay-small-frame-mouse-events.html
               pageoverlay/overlay-small-frame-paints.html

        * page/PageOverlay.cpp:
        (WebCore::PageOverlay::bounds):
        Revert r191849's change that made bounds() actually return the frame()
        if we frame is manually overriden.

        (WebCore::PageOverlay::mouseEvent):
        Convert the mouse event the rest of the way into overlay coordinates (by
        applying the overlay's frame origin) before deciding whether to handle
        the event.

        * page/PageOverlay.h:

        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * testing/Internals.cpp:
        (WebCore::Internals::installMockPageOverlay):
        * testing/Internals.h:
        * testing/Internals.idl:
        * testing/MockPageOverlay.cpp: Added.
        (WebCore::MockPageOverlay::create):
        (WebCore::MockPageOverlay::MockPageOverlay):
        (WebCore::MockPageOverlay::setFrame):
        * testing/MockPageOverlay.h: Added.
        (WebCore::MockPageOverlay::overlay):
        * testing/MockPageOverlay.idl: Added.
        * testing/MockPageOverlayClient.cpp:
        (WebCore::MockPageOverlayClient::installOverlay):
        (WebCore::MockPageOverlayClient::uninstallAllOverlays):
        (WebCore::MockPageOverlayClient::pageOverlayDestroyed):
        (WebCore::MockPageOverlayClient::drawRect):
        (WebCore::MockPageOverlayClient::mouseEvent):
        * testing/MockPageOverlayClient.h:
        Make internals.installMockPageOverlay return a MockPageOverlay object so
        tests can manipulate their overlay. For now, expose setFrame.
        Also, log when MockPageOverlayClient gets asked to paint or receives a mouse event,
        which will show up in test output. Slightly unconventional, but very convenient.

2015-12-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Features] TrueType fonts trigger real features even when synthesis is applied
        https://bugs.webkit.org/show_bug.cgi?id=152287

        Reviewed by Darin Adler.

        When using a font feature that is synthesizable, and synthesis is triggered,
        we should make sure to turn off the original font feature. Otherwise, the
        feature will be applied twice on top of itself.

        This worked for OpenType fonts, but not for TrueType fonts.

        Tests: css3/font-variant-petite-caps-synthesis.html
               css3/font-variant-small-caps-synthesis.html
               css3/font-variant-petite-caps-synthesis-coverage.html
               css3/font-variant-small-caps-synthesis-coverage.html

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::defaultSelectorForTrueTypeFeature):
        (WebCore::removedFeature):
        (WebCore::createCTFontWithoutSynthesizableFeatures):

2015-12-15  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Full screen mode is not supported.
        https://bugs.webkit.org/show_bug.cgi?id=152300

        Reviewed by Darin Adler.

        We need to let WebCore know MediaFoundation supports full screen mode.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::pause):
        (WebCore::MediaPlayerPrivateMediaFoundation::supportsFullscreen):
        (WebCore::MediaPlayerPrivateMediaFoundation::naturalSize):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2015-12-15  Javier Fernandez  <jfernandez@igalia.com>

        [css-align][css-grid] Overflow alignment value 'true' renamed to 'unsafe'
        https://bugs.webkit.org/show_bug.cgi?id=152251

        Reviewed by Darin Adler.

        The 'True' Overflow Alignment keyword is now defined in the Box Alignment
        specification as 'Unsafe'.

        This patch applies the required changes in the CSS parsing logic, as well
        Grid Layout specific codebase, so it complies with the last version of the
        spec.

        No new tests, no change in functionality.

        * css/CSSParser.cpp:
        (WebCore::isAlignmentOverflowKeyword):
        (WebCore::CSSParser::parseItemPositionOverflowPosition):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator OverflowAlignment):
        * css/CSSValueKeywords.in:
        * rendering/RenderGrid.cpp:
        (WebCore::computeOverflowAlignmentOffset):
        * rendering/style/RenderStyleConstants.h:

2015-12-15  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Operate with a reference to the TextureMapper wherever possible
        https://bugs.webkit.org/show_bug.cgi?id=152118

        Reviewed by Martin Robinson.

        In most cases where used, the pointer to the TextureMapper is non-null, so it
        should really be a reference. The pointer is still used for the
        TextureMapperLayer member variable which is null until the TextureMapper object
        is created and set on the root layer.

        * platform/graphics/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::paintToTextureMapper):
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::paintToTextureMapper):
        * platform/graphics/cairo/ImageBufferDataCairo.h:
        * platform/graphics/efl/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::paintToTextureMapper):
        * platform/graphics/efl/GraphicsContext3DPrivate.h:
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/surfaces/GraphicsSurface.cpp:
        (WebCore::GraphicsSurface::paintToTextureMapper):
        * platform/graphics/surfaces/GraphicsSurface.h:
        * platform/graphics/surfaces/efl/GraphicsSurfaceCommon.cpp:
        (WebCore::GraphicsSurface::platformPaintToTextureMapper):
        * platform/graphics/texmap/BitmapTexture.cpp:
        (WebCore::BitmapTexture::updateContents):
        * platform/graphics/texmap/BitmapTexture.h:
        (WebCore::BitmapTexture::applyFilters):
        * platform/graphics/texmap/BitmapTextureGL.cpp:
        (WebCore::BitmapTextureGL::applyFilters):
        * platform/graphics/texmap/BitmapTextureGL.h:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        (WebCore::TextureMapperBackingStore::drawRepaintCounter):
        * platform/graphics/texmap/TextureMapperFPSCounter.cpp:
        (WebCore::TextureMapperFPSCounter::updateFPSAndDisplay):
        * platform/graphics/texmap/TextureMapperFPSCounter.h:
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperPaintOptions::TextureMapperPaintOptions):
        (WebCore::TextureMapperLayer::paint):
        (WebCore::TextureMapperLayer::paintSelf):
        (WebCore::TextureMapperLayer::paintSelfAndChildren):
        (WebCore::TextureMapperLayer::paintUsingOverlapRegions):
        (WebCore::TextureMapperLayer::applyMask):
        (WebCore::TextureMapperLayer::paintIntoSurface):
        (WebCore::commitSurface):
        (WebCore::TextureMapperLayer::paintWithIntermediateSurface):
        * platform/graphics/texmap/TextureMapperPlatformLayer.h:
        (WebCore::TextureMapperPlatformLayer::drawBorder):
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:
        (WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
        * platform/graphics/texmap/TextureMapperSurfaceBackingStore.cpp:
        (WebCore::TextureMapperSurfaceBackingStore::paintToTextureMapper):
        * platform/graphics/texmap/TextureMapperSurfaceBackingStore.h:
        * platform/graphics/texmap/TextureMapperTile.cpp:
        (WebCore::TextureMapperTile::updateContents):
        (WebCore::TextureMapperTile::paint):
        * platform/graphics/texmap/TextureMapperTile.h:
        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):
        (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
        (WebCore::TextureMapperTiledBackingStore::drawBorder):
        (WebCore::TextureMapperTiledBackingStore::drawRepaintCounter):
        (WebCore::TextureMapperTiledBackingStore::updateContents):
        * platform/graphics/texmap/TextureMapperTiledBackingStore.h:

2015-12-15  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        WebIDL generator should support the possibility for C++ classes to have a JS Builtin constructor
        https://bugs.webkit.org/show_bug.cgi?id=152171

        Reviewed by Darin Adler.

        Reintroducing JSBuiltinConstructor keyword as a way to run automatically a JS builtin initialization function
        to process the arguments passed to the DOM C++ constructor.

        Specialized createJSObject for those classes.

        Fixing typo in TestCustomConstructor.idl.

        Covered by binding tests.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorDefinition):
        (IsConstructable):
        (IsJSBuiltinConstructor):
        (AddJSBuiltinIncludesIfNeeded):
        * bindings/scripts/test/GObject/WebKitDOMTestClassWithJSBuiltinConstructor.cpp: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestClassWithJSBuiltinConstructor.h: Added.
        * bindings/scripts/test/GObject/WebKitDOMTestClassWithJSBuiltinConstructorPrivate.h: Added.
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp: Added.
        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h: Added.
        * bindings/scripts/test/ObjC/DOMTestClassWithJSBuiltinConstructor.h: Added.
        * bindings/scripts/test/ObjC/DOMTestClassWithJSBuiltinConstructor.mm: Added.
        * bindings/scripts/test/ObjC/DOMTestClassWithJSBuiltinConstructorInternal.h: Added.
        * bindings/scripts/test/TestClassWithJSBuiltinConstructor.idl: Copied from Source/WebCore/bindings/scripts/test/TestCustomConstructor.idl.
        * bindings/scripts/test/TestCustomConstructor.idl:

2015-12-14  Andreas Kling  <akling@apple.com>

        ResourceUsageOverlay should show GC timers.
        <https://webkit.org/b/152151>

        Reviewed by Darin Adler.

        Add countdowns until next Eden and Full GC to the overlay. It also shows if there
        is no garbage collection scheduled. This will be helpful in understanding why GC
        sometimes takes a very long time to happen.

        * page/ResourceUsageOverlay.h:
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::formatByteNumber): Drive-by silly math fix. :|
        (WebCore::gcTimerString):
        (WebCore::ResourceUsageOverlay::platformDraw):
        (WebCore::nextFireTimeForGCTimer):
        (WebCore::runSamplerThread):

2015-12-14  Chris Fleizach  <cfleizach@apple.com>

        AX: iOS: Text field variations do not have the correct traits
        https://bugs.webkit.org/show_bug.cgi?id=152237

        Reviewed by Mario Sanchez Prada.

        Make search fields and text areas use the appropriate iOS traits to 
        distinguish them.

        Test: accessibility/ios-simulator/textentry-traits.html

        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
        (-[WebAccessibilityObjectWrapper _accessibilityTextEntryTraits]):
        (-[WebAccessibilityObjectWrapper accessibilityTraits]):

2015-12-14  Tim Horton  <timothy_horton@apple.com>

        Remove some Mavericks guards in ServicesOverlayController
        https://bugs.webkit.org/show_bug.cgi?id=152238

        Reviewed by Darin Adler.

        * page/mac/ServicesOverlayController.mm:
        (WebCore::ServicesOverlayController::selectionRectsDidChange): Deleted.
        (WebCore::ServicesOverlayController::selectedTelephoneNumberRangesChanged): Deleted.
        The whole file is already PLATFORM(MAC) guarded, and the 10.9 guards
        are no longer necessary.

2015-12-14  Daniel Bates  <dabates@apple.com>

        [iOS] DOM click event may not be dispatched when page has :active style and <input type="search">
        https://bugs.webkit.org/show_bug.cgi?id=144451
        <rdar://problem/23099482>

        Reviewed by Simon Fraser.

        Fixes an issue where a DOM click event is not dispatched to an element in a subframe on a page
        that has a <input type="search"> and defines a CSS :active pseudo-class for the HTML body element.

        On iOS we only dispatch a DOM click event if the content of the page does not change as part of
        dispatching a DOM mousemove event at the tapped element as a means of providing a good user
        experience on web pages that reveal or hide content based on mouse hover. Currently we consider
        the content of the page to have changed if the visibility of any element on the page changes.
        In particular we consider the content of the page to have changed if the visibility of a user
        agent shadow DOM element changes (e.g. the search field cancel button). Instead we should only
        consider visibility changes to the actual web page content and ignore visibility changes to
        user agent shadow DOM elements.

        Tests: fast/events/can-click-element-on-page-with-active-pseudo-class-and-search-field.html
               fast/forms/search/search-cancel-button-visible-when-input-becomes-disabled.html
               fast/forms/search/search-cancel-button-visible-when-input-becomes-readonly.html
               fast/forms/search/search-cancel-in-formerly-invisible-element.html
               fast/forms/search/search-cancel-toggle-visibility-initially-hidden.html
               fast/forms/search/search-cancel-toggle-visibility-initially-visible.html

        * style/StyleResolveTree.cpp:
        (WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::~CheckForVisibilityChangeOnRecalcStyle):
        Ignore visibility changes to user agent shadow DOM elements.

2015-12-14  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Directly use @then as much as possible
        https://bugs.webkit.org/show_bug.cgi?id=151631

        Reviewed by Darin Adler.

        Moved from @Promise.prototype.@then.@call(promise,...) to promise.@then.(...)
        for promise objects that are not exposed to user scripts.

        Updated promiseInvokeXX stream utility functions to ensure that returned promise always has a @then.
        This allows improving the readability of code calling promiseInvokeXX functions.
        Changed invokeOrNoop to promiseInvokeOrNoopNoCatch as invokeOrNoop
        result is always wrapped as a promise using Promise.resolve.

        No change in behavior.

        * Modules/streams/ReadableStream.js:
        (initializeReadableStream):
        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStream):
        (teeReadableStreamBranch2CancelFunction):
        (cancelReadableStream):
        * Modules/streams/StreamInternals.js:
        (shieldingPromiseResolve): introduced this routine to ensure the returned promise has a @then property.
        (promiseInvokeOrNoopNoCatch):
        (promiseInvokeOrNoop):
        (promiseInvokeOrFallbackOrNoop):
        * Modules/streams/WritableStream.js:
        (initializeWritableStream):
        (abort):
        * Modules/streams/WritableStreamInternals.js:
        (callOrScheduleWritableStreamAdvanceQueue):

2015-12-14  Xabier Rodriguez Calvar  <calvaris@igalia.com> and Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Expose ReadableStream and relatives to Worker
        https://bugs.webkit.org/show_bug.cgi?id=152066

        Reviewed by Darin Adler.

        Moving the code that links internal functions to the GlobalObject in WebCoreJSBuiltinInternals.cpp.
        This file should be generated by the builtin generator once refactoring is done.
        This code is located in JSBuiltinFunctions::initialize.

        Moving ReadableStream private constructors and constants code from JSDOMWindowBase to JSDOMGlobalObject.
        Calling JSBuiltinInternalFunctions::initialize in JSDOMGlobalObject so that internals are also available in Worker.

        Made ReadableStream and relatives exposed in Worker.

        Patch by Youenn Fablet.
        Rebased and fixed style by Xabier Rodriguez Calvar.

        Covered by rebased tests.

        * CMakeLists.txt:
        * Modules/streams/ByteLengthQueuingStrategy.idl:
        * Modules/streams/CountQueuingStrategy.idl:
        * Modules/streams/ReadableStream.idl:
        * Modules/streams/ReadableStreamController.idl:
        * Modules/streams/ReadableStreamReader.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        (WebCore::JSDOMGlobalObject::finishCreation):
        (WebCore::JSDOMGlobalObject::visitChildren):
        * bindings/js/JSDOMGlobalObject.h:
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::finishCreation): Deleted.
        (WebCore::JSDOMWindowBase::visitChildren): Deleted.
        * bindings/js/JSDOMWindowBase.h:
        * bindings/js/WebCoreJSBuiltinInternals.cpp: Added.
        (WebCore::JSBuiltinInternalFunctions::JSBuiltinInternalFunctions):
        (WebCore::JSBuiltinInternalFunctions::visit):
        (WebCore::JSBuiltinInternalFunctions::initialize):
        * bindings/js/WebCoreJSBuiltinInternals.h:
        * bindings/js/WebCoreJSBuiltins.h:

2015-12-14  Frederic Wang  <fred.wang@free.fr>

        Move MathMLOperatorDictionary features into a separate module.
        https://bugs.webkit.org/show_bug.cgi?id=152242

        Reviewed by Martin Robinson.

        The definitions, properties and search of the MathML operator dictionary are really independent of the renderer object for math operators.
        This patch moves them in a separate module/file to make them more manageable and readable.
        No new tests. We already have sufficient test coverage.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/mathml/MathMLOperatorDictionary.cpp:
        (WebCore::ExtractKey):
        (WebCore::ExtractChar):
        (WebCore::ExtractKeyHorizontal):
        (WebCore::MathMLOperatorDictionary::getEntry):
        (WebCore::MathMLOperatorDictionary::isVertical):
        * rendering/mathml/MathMLOperatorDictionary.h: Added.
        * rendering/mathml/RenderMathMLOperator.cpp:
        (WebCore::RenderMathMLOperator::setOperatorProperties):
        (WebCore::MathMLOperatorDictionary::ExtractKey): Deleted.
        (WebCore::MathMLOperatorDictionary::ExtractChar): Deleted.
        (WebCore::MathMLOperatorDictionary::ExtractKeyHorizontal): Deleted.
        * rendering/mathml/RenderMathMLOperator.h:

2015-12-14  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Fix height computation of grid items with borders
        https://bugs.webkit.org/show_bug.cgi?id=151800

        Reviewed by Darin Adler.

        When computing the logical height of grid items for the
        default "min-height: auto;" case we were constraning the
        min-content size using constrainLogicalHeightByMinMax()
        instead of constrainContentLogicalHeightByMinMax(). The
        problem of using the former is that we were adding the borders
        twice.

        Test: fast/css-grid-layout/grid-item-with-border-in-intrinsic.html

        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::computeLogicalHeight):

2015-12-13  Tim Horton  <timothy_horton@apple.com>

        Adopt CGIOSurfaceContextCreateImageReference to avoid unnecessary readback
        https://bugs.webkit.org/show_bug.cgi?id=150988
        <rdar://problem/18993594>

        Reviewed by Darin Adler.

        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::drawConsumingImageBuffer):
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::createBitmapImageAfterScalingIfNeeded):
        (WebCore::ImageBuffer::copyImage):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::sinkIntoNativeImage):
        (WebCore::ImageBuffer::drawConsuming):
        * platform/graphics/cocoa/IOSurface.h:
        * platform/graphics/cocoa/IOSurface.mm:
        (IOSurface::createFromImageBuffer):
        (IOSurface::sinkIntoImage):
        Add sinkIntoImage, sinkIntoNativeImage, and drawConsuming to ImageBuffer,
        which all consume the ImageBuffer and allow us to tell the system to
        make a CGImage that references the IOSurface, which is in many cases
        more efficient than making an image with a "copy" of the IOSurface.
        (The copy is done lazily, but we often hit a corner case that causes
        it to happen unnecessarily.)

        * html/shadow/MediaControlElements.cpp:
        (WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
        * page/TextIndicator.cpp:
        (WebCore::takeSnapshot):
        * platform/DragImage.cpp:
        (WebCore::createDragImageFromSnapshot):
        * platform/graphics/filters/FETile.cpp:
        (WebCore::FETile::platformApplySoftware):
        * platform/mac/ThemeMac.mm:
        (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::currentFrameImage):
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::paintFillLayerExtended):
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::paintProgressBar):
        * rendering/svg/RenderSVGResourcePattern.cpp:
        (WebCore::RenderSVGResourcePattern::buildPattern):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer):
        Adopt sinkIntoImage and drawConsumingImageBuffer in a few places.

2015-12-13  Andreas Kling  <akling@apple.com>

        CachedScript could have a copy-free path for all-ASCII scripts.
        <https://webkit.org/b/152203>

        Reviewed by ANtti Koivisto.

        Many (if not most) of script resources on the web contain nothing but ASCII characters.
        Such resources, when streamed through a text decoder, will yield the exact same byte
        sequence, except in anonymous heap memory instead of delicious file-backed pages.

        Care is taken to ensure that the wrapper StringImpl is updated to target newly cached
        resource data if an asynchronous caching notification comes in.

        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::tryReplaceEncodedData):
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::didReplaceSharedBufferContents):
        * loader/cache/CachedScript.cpp:
        (WebCore::encodingMayBeAllASCII):
        (WebCore::CachedScript::script):
        (WebCore::CachedScript::didReplaceSharedBufferContents):
        * loader/cache/CachedScript.h:
        * platform/SharedBuffer.h:
        * platform/cf/SharedBufferCF.cpp:
        (WebCore::SharedBuffer::tryReplaceContentsWithPlatformBuffer):

2015-12-13  Zalan Bujtas  <zalan@apple.com>

        Clean up absolute positioned map properly.
        https://bugs.webkit.org/show_bug.cgi?id=152219
        rdar://problem/23861165

        Reviewed by Simon Fraser.

        We insert positioned renderers into a static map (RenderBlock::gPositionedDescendantsMap) to keep track of them.
        Since this static map is at block level, (positioned)inline renderers use their containing block to store
        their positioned descendants.
        This patch ensures that when an inline element can no longer hold positioned children, we remove them from
        the inline's containing block's map. -unless the container itself can hold positioned renderers(see RenderElement::canContainAbsolutelyPositionedObjects).

        Test: fast/block/positioning/crash-when-positioned-inline-has-positioned-child.html

        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::styleWillChange):
        * rendering/RenderInline.h:

2015-12-13  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [EFL] Anonymous render block flow elements should be exposed as ATK_ROLE_SECTION; not ATK_ROLE_PANEL
        https://bugs.webkit.org/show_bug.cgi?id=152079

        Reviewed by Chris Fleizach.

        Map the element to WebCore AccessibilityRole DivRole for EFL. As with GTK, this
        is being done in the shared layer rather than in the platform layer because we
        want all subsequent logic to treat anonymous render block flow elements as divs.

        No new tests. We already have sufficient test coverage. The expectations
        been updated accordingly.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):

2015-12-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/index-duplicate-keypaths.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152201

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).
        
        The spec states that if an object store uses a key generator, and then a record is stored whose
        key was an explicitly set number, then the key generator value should be bumped to the next
        integer higher than the explicit number.
        
        We didn't do that.
        
        Now we do.

        * Modules/indexeddb/IndexedDB.h: Add an "OverwriteForCursor" option for overwrite mode.
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putForCursorUpdate): Use the "OverwriteForCursor" mode.
                
        * Modules/indexeddb/server/IDBBackingStore.h: Add maybeUpdateKeyGeneratorNumber

        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::maybeUpdateKeyGeneratorNumber): If the number value
          from the provided key should bump the key generator value, do so now.
        * Modules/indexeddb/server/MemoryIDBBackingStore.h:

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): After successfully adding the new record,
          possibly bump the key generator value.

2015-12-12  Katlyn Graff  <kgraff@apple.com>

        Safari background tabs should be fully suspended where possible.
        https://bugs.webkit.org/show_bug.cgi?id=150515

        Reviewed by Ryosuke Niwa.

        Support for tab suspension for Mac, enabled by defaults writing to WebKitTabSuspension.
        Page-down suspension consolidated with PageCache suspension code in Document::
        suspend and Document::resume. Pages canTabSuspend if cacheable, nonvisible, nonprerender,
        and nonactive.

        * dom/Document.cpp: moved scrollbar handling from setInPageCache to suspend/resume
        (WebCore::Document::suspend): moved scrollbar, dom, animation, timer, and visual update suspending into here
        (WebCore::Document::resume): moved scrollbar, dom, animation, timer, and visual update resuming into here
        * dom/Document.h: added m_isSuspended to prevent repeat calls from PageCache/Tab Suspension contention
        * history/CachedFrame.cpp: moved dom, animation, and timer suspension into Document::suspend
        (WebCore::CachedFrame::CachedFrame):
       * history/PageCache.cpp: Added a few nullchecks to prevent crashes if canCacheFrame is called but document is null
        (WebCore::PageCache::canCacheFrame):
        * page/Page.cpp:
        (WebCore::Page::Page): Added timer to fire delayed suspension
        (WebCore::Page::setPageActivityState): Added a call to schedule tab suspension
        (WebCore::Page::setIsVisibleInternal): Added a call to schedule tab suspension
        (WebCore::Page::canTabSuspend): Added support for suspending if cacheable, nonvisible, nonprerender, and nonactive
        (WebCore::Page::setIsTabSuspended): Added a function to suspend or resume tabs
        (WebCore::Page::setTabSuspensionEnabled): Added support for a defaults write enable
        (WebCore::Page::scheduleTabSuspension): Added ability to schedule the suspension timer to fire or resume
        (WebCore::Page::timerFired): Added a suspension timer
        * page/Page.h:
        * page/PageThrottler.h:
        (WebCore::PageThrottler::activityState): Added access to m_activityState for canTabSuspend

2015-12-11  Simon Fraser  <simon.fraser@apple.com>

        Mousewheel events don't work in iframes in RTL documents
        https://bugs.webkit.org/show_bug.cgi?id=152200

        Reviewed by Beth Dakin.
        
        When dispatching wheel events, the testing of the event point against the
        non-fast scrollable region was broken in an RTL document. Fix by taking
        the scrollOrigin into account in ScrollingTreeFrameScrollingNode::viewToContentsOffset().

        Test: fast/scrolling/rtl-point-in-iframe.html

        * page/scrolling/ScrollingTreeFrameScrollingNode.cpp:
        (WebCore::ScrollingTreeFrameScrollingNode::viewToContentsOffset):

2015-12-11  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !rect.isEmpty() in WebCore::GraphicsContext::drawRect
        https://bugs.webkit.org/show_bug.cgi?id=151201

        Reviewed by Simon Fraser.

        Drawing empty rect is a waste.

        Test: fast/borders/empty-drawrect-assert-after-pixelsnap.html

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::drawLineForBoxSide):

2015-12-11  Jiewen Tan  <jiewen_tan@apple.com>

        Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
        https://bugs.webkit.org/show_bug.cgi?id=152102
        <rdar://problem/22124230>

        Reviewed by Andy Estes.

        Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with
        "Content-Disposition: attachment".

        Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html

        * dom/Document.cpp:
        (WebCore::Document::processReferrerPolicy):
        (WebCore::Document::applyContentDispositionAttachmentSandbox):

2015-12-11  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Add a setting to allow the mock media capture devices to be enabled and disabled
        https://bugs.webkit.org/show_bug.cgi?id=152197

        Reviewed by Dean Jackson.

        Test: fast/mediastream/mock-media-source.html

        * page/Settings.cpp:
        (WebCore::Settings::mockCaptureDevicesEnabled):
        (WebCore::Settings::setMockCaptureDevicesEnabled):
        * page/Settings.h:

        * platform/mediastream/RealtimeMediaSourceCenter.cpp:
        (WebCore::RealtimeMediaSourceCenter::setSharedStreamCenterOverride): Renamed.
        (WebCore::RealtimeMediaSourceCenter::setSharedStreamCenter): Deleted.
        * platform/mediastream/RealtimeMediaSourceCenter.h:

        * platform/mock/MockRealtimeMediaSourceCenter.cpp:
        (WebCore::MockRealtimeMediaSourceCenter::setMockRealtimeMediaSourceCenterEnabled): Renamed. Allow
          it to be enabled and disabled.
        (WebCore::MockRealtimeMediaSourceCenter::registerMockRealtimeMediaSourceCenter): Deleted.
        * platform/mock/MockRealtimeMediaSourceCenter.h:

        * testing/Internals.cpp:
        (WebCore::Internals::Internals):
        (WebCore::Internals::setMockMediaCaptureDevicesEnabled):
        * testing/Internals.h:
        * testing/Internals.idl:

2015-12-11  Jer Noble  <jer.noble@apple.com>

        [EME] Do not pass in the initialization data to AVContentKeyRequest as the contentIdentifier.
        https://bugs.webkit.org/show_bug.cgi?id=152204
        rdar://problem/23867877

        Reviewed by Eric Carlson.

        The AVContentKeyRequest API has been updated to no longer require a contentId parameter if the
        ID can be derived from the initialization data.

        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::update):

2015-12-11  Alexey Proskuryakov  <ap@apple.com>

        Roll out http://trac.webkit.org/r193984, because the new test is timing out.

        Was: Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
        https://bugs.webkit.org/show_bug.cgi?id=152102
        <rdar://problem/22124230>

        * dom/Document.cpp:
        (WebCore::Document::processReferrerPolicy):
        (WebCore::Document::applyContentDispositionAttachmentSandbox):

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/optional-arguments.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152194

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::continueFunction): Allow 'undefined' for the key.
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::add): Ditto.
        (WebCore::IDBClient::IDBObjectStore::put): Ditto.

2015-12-11  Brady Eidson  <beidson@apple.com>

        Followup to:
        Modern IDB: storage/indexeddb/index-count.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152175

        Noticed by Darin Adler.

        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::count): Replace a curly brace to its proper place.

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-continue.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152192

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::continueFunction): Check against the current key, not the current primary key.
        (WebCore::IDBClient::IDBCursor::setGetResult): Also save off the current IDBKeyData.
        * Modules/indexeddb/client/IDBCursorImpl.h:

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/index-basics.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152190

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::JSIDBObjectStore::createIndex): Custom error message for the TypeError

2015-12-11  Jiewen Tan  <jiewen_tan@apple.com>

        Strip out Referer header when requesting subresources or following links for documents with "Content-Disposition: attachment"
        https://bugs.webkit.org/show_bug.cgi?id=152102
        <rdar://problem/22124230>

        Reviewed by Andy Estes.

        Keep the ReferrerPolicy for a document as ReferrerPolicyNever if the document is loaded with
        "Content-Disposition: attachment".

        Test: http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html

        * dom/Document.cpp:
        (WebCore::Document::processReferrerPolicy):
        (WebCore::Document::applyContentDispositionAttachmentSandbox):

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/key-type-array.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152187

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putOrAdd): Perform the correct validity check on array keys.

2015-12-11  Joseph Pecoraro  <pecoraro@apple.com>

        check-for-inappropriate-objc-class-names should check all class names, not just externally visible ones
        https://bugs.webkit.org/show_bug.cgi?id=152156

        Reviewed by Dan Bernstein.

        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm:
        (WebCore::CDMSessionAVContentKeySession::CDMSessionAVContentKeySession):
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
        (WebCore::CDMSessionAVStreamSession::CDMSessionAVStreamSession):
        Rename classes with a "Web" prefix.

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/intversion-abort-in-initial-upgradeneeded.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152177

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::versionChangeTransactionDidFinish): Renamed from below.
        (WebCore::IDBClient::IDBOpenDBRequest::versionChangeTransactionWillFinish): Deleted.
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::setVersionChangeTransaction): OpenDBRequests usually don't have transactions, 
          unless they end up being upgrade requests.
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::IDBTransaction): Call setVersionChangeTransaction on the request if appropriate.
        (WebCore::IDBClient::IDBTransaction::dispatchEvent): Call versionChangeTransactionDidFinish after the 
          abort/complete events fire.
        (WebCore::IDBClient::IDBTransaction::abort): Deleted.
        (WebCore::IDBClient::IDBTransaction::commit): Deleted.

2015-12-11  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/index-count.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152175

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::count): If the passed in IDBKeyRange* is nullptr, use IDBKeyRangeData::allKeys.
        (WebCore::IDBClient::IDBIndex::doCount): Change an isNull check to a more correct !isValid() check.

2015-12-11  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Setting playback rate does not work.
        https://bugs.webkit.org/show_bug.cgi?id=152172

        Reviewed by Brent Fulgham.

        Implement method to set playback rate.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::seekDouble):
        (WebCore::MediaPlayerPrivateMediaFoundation::setRateDouble):
        (WebCore::MediaPlayerPrivateMediaFoundation::durationDouble):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:

2015-12-11  Darin Adler  <darin@apple.com>

        Reduce the number of events that can be created by Document.createEvent
        https://bugs.webkit.org/show_bug.cgi?id=151931

        Reviewed by Alex Christensen.

        Document.createEvent is intended for use only with a certain set of legacy events.
        Ideally it should only be the ones mentioned in the DOM specification.

        For now, at least remove all the events that can't usefully be created and initialized
        this way. Later, we should cut it down even smaller. And stop automatically generating
        this, which was causing everyone who made an event IDL file to get supported here!

        The modern alternative is to use event class constructors instead.

        * CMakeLists.txt: Don't compile EventFactory.cpp. For now, we still generate
        EventFactory.cpp but we do not use it.
        * DerivedSources.make: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto. Also don't include EventFactory.h in the
        project file.

        * dom/DOMImplementation.cpp:
        (WebCore::DOMImplementation::hasFeature): Added a comment about the SVGZoomEvents feature.

        * dom/Document.cpp: Re-sorted includes and added the new ones needed for createEvent.
        (WebCore::Document::createEvent): Moved all the logic here from EventFactory, and
        took a crack at comments that explain what this should and should not be used for.

        * dom/EventFactory.h: Removed.

2015-12-10  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/objectstore-count.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152167

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/IDBKeyRangeData.h:
        (WebCore::IDBKeyRangeData::allKeys):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::count): If the passed in IDBKeyRange* is nullptr, use IDBKeyRangeData::allKeys.
        (WebCore::IDBClient::IDBObjectStore::doCount): Change an isNull check to a more correct !isValid() check.

2015-12-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Binding and builtin generators should lowercase RTCXX as rtcXX and not rTCXX
        https://bugs.webkit.org/show_bug.cgi?id=152121

        Reviewed by Darin Adler.

        No change in behavior.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::finishCreation): Using rtcXX in lieu of rTCXX.
        * bindings/js/WebCoreJSBuiltinInternals.h:
        (WebCore::JSBuiltinInternalFunctions::JSBuiltinInternalFunctions): Ditto.
        (WebCore::JSBuiltinInternalFunctions::rtcPeerConnectionInternals): Added.
        (WebCore::JSBuiltinInternalFunctions::visit): Ditto.
        (WebCore::JSBuiltinInternalFunctions::init): Ditto.
        (WebCore::JSBuiltinInternalFunctions::rTCPeerConnectionInternals): Deleted.
        * bindings/js/WebCoreJSBuiltins.h:
        (WebCore::JSBuiltinFunctions::JSBuiltinFunctions): Using rtcXX in lieu of rTCXX.
        (WebCore::JSBuiltinFunctions::rtcPeerConnectionBuiltins): Added.
        (WebCore::JSBuiltinFunctions::rtcPeerConnectionInternalsBuiltins): Added.
        (WebCore::JSBuiltinFunctions::rTCPeerConnectionBuiltins): Deleted.
        (WebCore::JSBuiltinFunctions::rTCPeerConnectionInternalsBuiltins): Deleted.
        * bindings/scripts/CodeGenerator.pm:
        (WK_lcfirst): Added RTC special rule.

2015-12-10  Zalan Bujtas  <zalan@apple.com>

        ASSERTION FAILED: !simpleLineLayout() in WebCore::RenderText::collectSelectionRectsForLineBoxes
        https://bugs.webkit.org/show_bug.cgi?id=152115

        Reviewed by Simon Fraser.

        document.execCommand("indent") generates a blockquote wrapper and moves the indented content inside.
        If the indented content is already inside a selection, we need to make sure that newly created flow uses
        normal line layout.
        This patch fixes the generic case as re-parenting an already selected renderer is not specific to document.execCommand("indent").

        Test: fast/block/selection-inside-simple-line-layout.html

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForWithReason):
        (WebCore::SimpleLineLayout::printReason):

2015-12-10  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Expose media capture devices persistent permissions to WebCore
        https://bugs.webkit.org/show_bug.cgi?id=152087

        Reviewed by Chris Dumez.

        No new tests, an existing test was updated to test the change.

        * CMakeLists.txt: Add UserMediaPermissionCheck.cpp.

        * Modules/mediastream/MediaDevicesRequest.cpp:
        (WebCore::MediaDevicesRequest::~MediaDevicesRequest): Clear the permission checker client.
        (WebCore::MediaDevicesRequest::contextDestroyed): Ditto.
        (WebCore::MediaDevicesRequest::start): Create a permission checker and start it running.
        (WebCore::MediaDevicesRequest::didCompleteCheck): Start the media source checker.
        (WebCore::MediaDevicesRequest::didCompleteRequest): Only include a track's label if the
          page has permission to use a capture device.
        * Modules/mediastream/MediaDevicesRequest.h:

        * Modules/mediastream/UserMediaClient.h: Include prototypes for permission checker.
        (WebCore::UserMediaClient::~UserMediaClient):
        
        * Modules/mediastream/MediaStreamTrackSourcesRequest.cpp: Removed, not longer used.
        * Modules/mediastream/MediaStreamTrackSourcesRequest.h:

        * Modules/mediastream/UserMediaController.h:
        (WebCore::UserMediaController::checkUserMediaPermission): New.
        (WebCore::UserMediaController::cancelUserMediaPermissionCheck): Ditto.

        * Modules/mediastream/UserMediaPermissionCheck.cpp: Added.
        (WebCore::UserMediaPermissionCheck::create):
        (WebCore::UserMediaPermissionCheck::UserMediaPermissionCheck):
        (WebCore::UserMediaPermissionCheck::~UserMediaPermissionCheck):
        (WebCore::UserMediaPermissionCheck::securityOrigin):
        (WebCore::UserMediaPermissionCheck::contextDestroyed):
        (WebCore::UserMediaPermissionCheck::start):
        (WebCore::UserMediaPermissionCheck::setDeviceAccessMode):
        * Modules/mediastream/UserMediaPermissionCheck.h: Added.
        (WebCore::UserMediaPermissionCheckClient::~UserMediaPermissionCheckClient):
        (WebCore::UserMediaPermissionCheck::setClient):

        * WebCore.xcodeproj/project.pbxproj: Add UserMediaPermissionCheck.cpp|.h

        * platform/mock/UserMediaClientMock.h: Removed, it is no longer used.

        * testing/Internals.cpp: Remove UserMediaClientMock.h include, it is gone.

2015-12-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Build fix

        Unreviewed.

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::smallCapsTrueTypeDictionary):

2015-12-10  Simon Fraser  <simon.fraser@apple.com>

        Mordernize viewport dumping
        https://bugs.webkit.org/show_bug.cgi?id=152159

        Reviewed by Zalan Bujtas.

        Use groupings to simplify the viewport configuration dumping code.

        * page/ViewportConfiguration.cpp:
        (WebCore::operator<<):
        (WebCore::ViewportConfiguration::description):

2015-12-10  Joseph Pecoraro  <pecoraro@apple.com>

        Remote Inspector: Verify the identity of the other side of XPC connections
        https://bugs.webkit.org/show_bug.cgi?id=152153

        Reviewed by Brian Burg.

        * WebCore.xcodeproj/project.pbxproj:
        * platform/network/mac/CertificateInfoMac.mm:
        Use the new header.

2015-12-10  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/delete-in-upgradeneeded-close-in-versionchange.html fails
        https://bugs.webkit.org/show_bug.cgi?id=152144

        Reviewed by Alex Christensen.

        No new tests (At least two failing tests now pass, and other incorrect tests updated to be more correct).

        - An IDBOpenDBRequest resulting in a versionchange transaction should not have the onsuccess event fire if 
          the database connection was closed during the versionchange transaction. onerror should fire instead.
        - When firing an event at an IDBRequest, it should not have the transaction as an additional target if the
          transaction has finished.
        - When firing an event at an IDBRequest, it should not have the database as an additional target if the
          database is closed or is closing.

        * Modules/indexeddb/client/IDBDatabaseImpl.h:
        (WebCore::IDBClient::IDBDatabase::isClosingOrClosed):
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion):
        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeAbort): Deleted.
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent): Don't add finished transactions or closed databases as event targets.
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::notifyDidAbort):
        (WebCore::IDBClient::IDBTransaction::dispatchEvent): If this was a versionchange transaction completing, possibly fire
          the error event on the OpenDBRequest instead of the success event.
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        (WebCore::IDBClient::IDBTransaction::isFinished):

2015-12-10  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Use TextPainter to draw simple line text.
        https://bugs.webkit.org/show_bug.cgi?id=152150

        Reviewed by Simon Fraser.

        No change in functionality.

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow):
        * rendering/TextPainter.h:

2015-12-10  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Features] r193894 introduces leaks
        https://bugs.webkit.org/show_bug.cgi?id=152154

        Reviewed by Joe Pecoraro.

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::smallCapsTrueTypeDictionary):
        (WebCore::createCTFontWithoutSynthesizableFeatures):

2015-12-10  Myles C. Maxfield  <mmaxfield@apple.com>

        Build fix

        Unreviewed.

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::variantCapsSupportsCharacterForSynthesis):

2015-12-10  Zalan Bujtas  <zalan@apple.com>

        TextPainter: Add support for painting multiple text runs.
        https://bugs.webkit.org/show_bug.cgi?id=152148

        Reviewed by Simon Fraser.

        This is in preparation for adding simple line layout as a client.

        No change in functionality.

        * rendering/InlineTextBox.cpp:
        (WebCore::drawSkipInkUnderline): Decouple underline skipping intersection calculation and text painter.
        (WebCore::InlineTextBox::paint):
        (WebCore::InlineTextBox::paintDecoration):
        * rendering/InlineTextBox.h:
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::TextPainter):
        (WebCore::TextPainter::paintTextWithShadows):
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        (WebCore::TextPainter::paintText):
        (WebCore::TextPainter::dashesForIntersectionsWithRect): Deleted.
        * rendering/TextPainter.h:
        (WebCore::TextPainter::setTextPaintStyle):
        (WebCore::TextPainter::setSelectionPaintStyle):
        (WebCore::TextPainter::setIsHorizontal):
        (WebCore::TextPainter::setFont):
        (WebCore::TextPainter::addEmphasis):
        (WebCore::TextPainter::addTextShadow):

2015-12-10  Enrica Casucci  <enrica@apple.com>

        Change skin tone support for two emoji.
        https://bugs.webkit.org/show_bug.cgi?id=152147
        rdar://problem/23716993
        rdar://problem/23716344

        Reviewed by Darin Adler.

        Horse race emoji (1F3C7) should no longer have skin tone variation.
        Sleuth/Spy emoji (!F575) should instead have skin tone variation.

        * platform/text/TextBreakIterator.cpp:
        (WebCore::cursorMovementIterator):

2015-12-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r193500.
        https://bugs.webkit.org/show_bug.cgi?id=152143

        do not want to have to disable canvas-to-large-to-draw test
        (Requested by bfulgham on #webkit).

        Reverted changeset:

        "Place an upper bound on canvas pixel count"
        https://bugs.webkit.org/show_bug.cgi?id=151825
        http://trac.webkit.org/changeset/193500

2015-12-10  Brady Eidson  <beidson@apple.com>

        Followup for:
        Modern IDB: storage/indexeddb/intversion-close-between-events.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152096

        Implementing Darin Adler's review feedback that came after the patch landed.

        * bindings/js/JSIDBDatabaseCustom.cpp:
        (WebCore::JSIDBDatabase::transaction): No need to explicitly cast to Vector<String>.

2015-12-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        JSC Builtins should use safe array methods
        https://bugs.webkit.org/show_bug.cgi?id=151501

        Reviewed by Darin Adler.

        Using @push and @shift in internal arrays in lieu of push and shift.
        This cannot be disrupted by user scripts except if arrays are also made accessible to user scripts.

        Covered by added tests for ReadableStream constructs.

        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (runNext):
        (enqueueOperation):
        * Modules/streams/ReadableStreamInternals.js:
        (enqueueInReadableStream):
        (readFromReadableStreamReader):
        * Modules/streams/StreamInternals.js:
        (dequeueValue):
        (enqueueValueWithSize):

2015-12-10  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] pixel coverage multiplication in TiledBackingStore can overflow
        https://bugs.webkit.org/show_bug.cgi?id=152055

        Reviewed by Carlos Garcia Campos.

        The computation of the pixel coverage in TiledBackingStore can easily overflow
        when the candidate size is relatively large (for instance when the backed
        layer is transformed in a way that increases its perceived size). This can result
        in missing tiles for this specific backing store, at least until the layer in
        question is transformed again into a shape that produces a smaller candidate size.

        To avoid the integer overflow, the multiplication is done in a safe manner,
        defaulting to the max positive value an integer can hold in case the overflow
        is detected.

        * platform/graphics/texmap/coordinated/TiledBackingStore.cpp:
        (WebCore::TiledBackingStore::adjustForContentsRect):

2015-12-10  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Clean up BitmapTexturePool
        https://bugs.webkit.org/show_bug.cgi?id=152073

        Reviewed by Daniel Bates.

        Move BitmapTexturePoolEntry class under the BitmapTexturePool class, renaming
        it to simply Entry and keeping it private. Have the constructor take in an
        rvalue reference to the RefPtr<BitmapTexture> object. Remove the static
        compareTimeLastUsed() function and use a lambda directly in its place.

        Remove the default BitmapTexturePool constructor, which isn't used anywhere.
        Have the constructor and some methods accept or return RefPtr objects, possibly
        via rvalue references. Clean up the header file by removing a few unnecessary
        header includes and using forward declarations where possible.

        In the BitmapTexturePool implementation file, mark the two const variables as
        static. The ::acquireTexture() method now uses the std::find_if() algorithm
        to find a fitting Entry object in the Vector. The same method is also moved
        upwards so we follow the order of declaration in the header. ::createTexture()
        inlines the return of the new expression into the adoptRef() call in the return
        statement.

        TextureMapperGL constructor is updated to pass a copied RefPtr object into the
        BitmapTexturePool constructor.

        * platform/graphics/texmap/BitmapTexturePool.cpp:
        (WebCore::BitmapTexturePool::BitmapTexturePool):
        (WebCore::BitmapTexturePool::acquireTexture):
        (WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):
        (WebCore::BitmapTexturePool::createTexture):
        * platform/graphics/texmap/BitmapTexturePool.h:
        (WebCore::BitmapTexturePool::Entry::Entry):
        (WebCore::BitmapTexturePool::Entry::markUsed):
        (WebCore::BitmapTexturePoolEntry::BitmapTexturePoolEntry): Deleted.
        (WebCore::BitmapTexturePoolEntry::markUsed): Deleted.
        (WebCore::BitmapTexturePoolEntry::compareTimeLastUsed): Deleted.
        * platform/graphics/texmap/TextureMapperGL.cpp:
        (WebCore::TextureMapperGL::TextureMapperGL):

2015-12-10  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor, et. al. should not clobber state of cached GtkStyleContexts
        https://bugs.webkit.org/show_bug.cgi?id=151533

        Reviewed by Carlos Garcia Campos.

        Remove the style context cache to simplify the code, drastically reduce the number of
        expensive save/restore operations performed on style contexts, and avoid unwanted
        side-effects in RenderThemeGtk::styleColor. This is also a speculative fix for improper
        button rendering with certain custom themes, and a simplification that will make it easier
        to fix bug #150550.

        This change does have performance implications, which I intend to check on the perf bot
        after landing to ensure that removing the cache does not have a significant negative impact
        on performance; I have no clue whether this will be a net performance win or loss. However,
        this is a bit tricky, because the bot is running GTK+ 3.16, whereas I expect save/restore
        might be much more expensive in GTK+ 3.20, and I do not want to make performance decisions
        except based on the latest GTK+ due to large changes in the implementation of
        GtkStyleContext.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::createStyleContext):
        (WebCore::getStockIconForWidgetType):
        (WebCore::getStockSymbolicIconForWidgetType):
        (WebCore::RenderThemeGtk::initMediaColors):
        (WebCore::RenderThemeGtk::adjustRepaintRect):
        (WebCore::setToggleSize):
        (WebCore::paintToggle):
        (WebCore::RenderThemeGtk::setCheckboxSize):
        (WebCore::RenderThemeGtk::setRadioSize):
        (WebCore::RenderThemeGtk::paintButton):
        (WebCore::getComboBoxMetrics):
        (WebCore::RenderThemeGtk::paintMenuList):
        (WebCore::RenderThemeGtk::paintTextField):
        (WebCore::RenderThemeGtk::paintSliderTrack):
        (WebCore::RenderThemeGtk::paintSliderThumb):
        (WebCore::RenderThemeGtk::adjustSliderThumbSize):
        (WebCore::RenderThemeGtk::paintProgressBar):
        (WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
        (WebCore::RenderThemeGtk::paintInnerSpinButton):
        (WebCore::styleColor):
        (WebCore::gtkStyleChangedCallback): Deleted.
        (WebCore::styleContextMap): Deleted.
        (WebCore::getStyleContext): Deleted.

2015-12-10  Myles C. Maxfield  <mmaxfield@apple.com>

        font-variant-caps does not work if the font does not support font features
        https://bugs.webkit.org/show_bug.cgi?id=149774

        Reviewed by Antti Koivisto.

        This test implements synthesis for small-caps and all-small-caps. It does so by
        moving font variant selection into a higher level (ComplexTextController).
        In general, the approach is to use the pure font feature until we encounter
        a character which needs to be uppercased, and which the font feature does not
        support uppercasing. In this situation, we try again with synthesis. In this
        case, synthesis means artificially uppercasing letters and rendering them with
        a smaller font.

        We require system support to know which glyphs a particular font feature supports.
        Therefore, on operating systems which do not include this support, we will simply
        say that the font feature does not support any glyphs.

        Test: css3/font-variant-small-caps-synthesis.html
              css3/font-variant-petite-caps-synthesis.html

        * platform/graphics/Font.cpp:
        (WebCore::Font::noSmallCapsFont): Return the same font, but without smcp or c2sc.
        This function utilizes a cache.
        * platform/graphics/Font.h:
        (WebCore::Font::variantFont): Small caps should never go through this function
        anymore.
        * platform/graphics/FontCascade.h: Because we're moving variant selection into
        a higher level, we remove the FontVariant argument from the lower-level call.
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::FontCascadeFonts::glyphDataForVariant): Use early-return style.
        (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto.
        * platform/graphics/cocoa/FontCascadeCocoa.mm:
        (WebCore::FontCascade::fontForCombiningCharacterSequence): Because we're moving
        variant selection into a higher level, we remove the FontVariant argument from
        the lower-level call.
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::smallCapsSupportsCharacter):
        (WebCore::Font::allSmallCapsSupportsCharacter):
        (WebCore::smallCapsOpenTypeDictionary): Helper function for
        smallCapsSupportsCharacter().
        (WebCore::smallCapsTrueTypeDictionary): Ditto.
        (WebCore::unionBitVectors):
        (WebCore::Font::glyphsSupportedBySmallCaps): Compute a bit vector of supported
        glyphs.
        (WebCore::Font::glyphsSupportedByAllSmallCaps): Ditto.
        (WebCore::createDerivativeFont): Moving common code into its own helper function.
        (WebCore::Font::createFontWithoutSmallCaps):
        (WebCore::Font::platformCreateScaledFont): Use the common code.
        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::capitalized): What is the capitalized form of a character?
        (WebCore::ComplexTextController::collectComplexTextRuns): Implement the core
        logic of this patch. This includes the retry when we encounter a character which
        is not supported by the font feature.
        * platform/spi/cocoa/CoreTextSPI.h:

2015-12-10  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] Remove the TEXMAP_OPENGL_ES_2 define
        https://bugs.webkit.org/show_bug.cgi?id=152069

        Reviewed by Alex Christensen.

        Remove the TEXMAP_OPENGL_ES_2 macro define and clean up the code
        that it was (not) guarding.

        * platform/graphics/texmap/BitmapTexture.h:
        * platform/graphics/texmap/BitmapTextureGL.cpp: Remove the TEXMAP_OPENGL_ES_2
        guard. Keep the GL_UNSIGNED_INT_8_8_8_8_REV define for OS(DARWIN), but use
        the GraphicsContext3D constants for other values.
        (WebCore::BitmapTextureGL::updateContentsNoSwizzle):
        (WebCore::BitmapTextureGL::initializeStencil): Remove the TEXMAP_OPENGL_ES_2
        guard and default to calling the renderbufferStorage() function with the
        GraphicsContext3D::STENCIL_INDEX8 argument.
        * platform/graphics/texmap/BitmapTexturePool.h:
        * platform/graphics/texmap/TextureMapper.h:
        * platform/graphics/texmap/TextureMapperGL.cpp: Remove both the TEXMAP_OPENGL_ES_2
        guard and the code it guarded. Because we were defining TEXMAP_OPENGL_ES_2 and not
        USE_TEXMAP_OPENGL_ES_2, the guarded defines were always enforced, but they're never
        actually used in this file anyway.

2015-12-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/objectstore-basics.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152101

        Reviewed by Alex Christensen.

        No new tests (Multiple tests updated to the new error messaging cover it).

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putOrAdd): Add plenty of detailed error messaging.

2015-12-09  Zalan Bujtas  <zalan@apple.com>

        TextPainter: Make before and after selection painting more explicit.
        https://bugs.webkit.org/show_bug.cgi?id=152104

        Reviewed by Myles C. Maxfield.

        Instead of swapping start end end positions and expecting TextPainter::drawTextOrEmphasisMarks()
        to recognize it, we call painting with 0 - startPosition and endPosition - length.

        No change in functionality.

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::drawTextOrEmphasisMarks):
        (WebCore::TextPainter::paintTextAndEmphasisMarksIfNeeded):
        (WebCore::TextPainter::paintText):
        (WebCore::TextPainter::paintEmphasisMarksIfNeeded): Deleted.
        (WebCore::TextPainter::paintTextWithStyle): Deleted.
        * rendering/TextPainter.h:

2015-12-09  Daniel Bates  <dabates@apple.com>

        [iOS] Suspend and resume device motion and device orientation updates when page is hidden and visible, respectively
        https://bugs.webkit.org/show_bug.cgi?id=151840
        <rdar://problem/23753931>

        Reviewed by Simon Fraser.

        * dom/Document.cpp:
        (WebCore::Document::suspendDeviceMotionAndOrientationUpdates): Added.
        (WebCore::Document::resumeDeviceMotionAndOrientationUpdates): Added.
        (WebCore::Document::platformSuspendOrStopActiveDOMObjects): Moved logic to suspend device motion and
        orientation updates from here to Document::suspendDeviceMotionAndOrientationUpdates().
        (WebCore::Document::suspendActiveDOMObjects): Modified to call Document::suspendDeviceMotionAndOrientationUpdates().
        (WebCore::Document::resumeActiveDOMObjects): Modified to call Document::resumeDeviceMotionAndOrientationUpdates().
        * dom/Document.h:
        * page/Page.cpp:
        (WebCore::Page::setIsVisibleInternal): Suspend device motion and orientation updates when the page is hidden and
        resume updates when the page is visible.
        (WebCore::Page::suspendDeviceMotionAndOrientationUpdates): Added.
        (WebCore::Page::resumeDeviceMotionAndOrientationUpdates): Added.
        * page/Page.h:

2015-12-09  Daniel Bates  <dabates@apple.com>

        Unify iOS Frame::setTimersPaused() logic and Frame::{suspend, resume}ActiveDOMObjectsAndAnimations()
        https://bugs.webkit.org/show_bug.cgi?id=152006

        Reviewed by Simon Fraser.

        Currently we have almost identical logic to suspend and resume a web page for iOS and non-iOS ports.
        We should unify this logic instead of duplicating it.

        * dom/ActiveDOMObject.h: Remove iOS-specific enumeration DocumentWillBePaused and standardize on
        enumerator PageWillBeSuspended.
        * dom/Document.cpp:
        (WebCore::Document::didBecomeCurrentDocumentInFrame): Unify iOS and non-iOS-specific code.
        (WebCore::Document::suspendScheduledTasks): Ignore subsequent calls to this function so long as the reason for
        the first invocation was ActiveDOMObject::PageWillBeSuspended. Such a subsequent call may occur as part of
        handling a scroll or zoom gesture.
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::suspendActiveDOMObjects): Ignore subsequent calls to this function
        so long as the reason for the first invocation was ActiveDOMObject::PageWillBeSuspended. Such a subsequent
        call may occur as part of the process of a page being added to the page cache.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::suspend): Remove case for ActiveDOMObject::DocumentWillBePaused as this
        enumerator is being removed.
        * page/DOMTimer.cpp:
        (WebCore::DOMTimer::install): Write logic that used Frame::timersPaused() terms of
        ScriptExecutionContext::activeDOMObjectsAreSuspended() as we are removing Frame::timersPaused().
        (WebCore::DOMTimer::fired): Remove iOS-specific assertion with respect to Frame::timersPaused().
        This function already asserts the equivalent condition that ScriptExecutionContext::activeDOMObjectsAreSuspended()
        evaluates to false. Clean up iOS-specific code that depends on the ScriptExecutionContext being a
        Document object by taking advantage of the fact that this assumption is true when shouldBeginObservingChanges
        evaluates to true.
        * page/Frame.cpp:
        (WebCore::Frame::Frame): Remove instance variable m_timersPausedCount and unify the iOS and non-iOS logic.
        (WebCore::Frame::suspendActiveDOMObjectsAndAnimations): Standardize on the iOS logic for suspending
        DOM objects and animations because it is more comprehensive on what it suspends and works with the deferred
        loading machinery (Page::setDefersLoading() - see remarks in Frame::resumeActiveDOMObjectsAndAnimations() for
        more details). Specifically, make use of Frame::clearTimers() to suspend non-scripted animations (i.e. non-requestAnimationFrame()
        animations), auto-scroll timer, and pending relayouts. And use Document::suspendScheduledTasks() to suspend
        all other tasks, including WebSQL database callbacks, active DOM objects, scripted animations and execution of
        <script async>/<script defer> JavaScript scripts.
        (WebCore::Frame::resumeActiveDOMObjectsAndAnimations): Standardize on the iOS logic for resuming
        DOM objects and animations for symmetry and because it works with the deferred loading machinery. We call
        Document::resumeScheduledTasks() (which calls Document::resumeActiveDOMObjects()) instead of calling
        Document::resumeActiveDOMObjects() directly because the former will ultimately process the queue of pending
        tasks (Document::m_pendingTasks).
        * page/Frame.h: Remove instance variable m_timersPausedCount.
        (WebCore::Frame::timersPaused): Deleted.
        * page/ios/FrameIOS.mm:
        (WebCore::Frame::setTimersPaused): Write this function in terms of Page::{suspend, resume}ActiveDOMObjectsAndAnimations().
        We need to keep this function for Legacy WebKit on iOS.
        (WebCore::Frame::setTimersPausedInternal): Deleted.
        * rendering/RenderElement.cpp:
        (WebCore::shouldRepaintForImageAnimation): Remove iOS-specific code to early return when Frame::timersPaused()
        evaluates to true. This function already has the equivalent code to early return when Document::activeDOMObjectsAreSuspended()
        evaluates to true.

2015-12-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/metadata.html fails
        https://bugs.webkit.org/show_bug.cgi?id=152099

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/abort-objectstore-info.html
              And at least one existing failure now passes.

        We did not properly reset object store info when version change transactions aborted.

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
        (WebCore::IDBClient::IDBObjectStore::rollbackInfoForVersionChangeAbort):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abort):

2015-12-09  Simon Fraser  <simon.fraser@apple.com>

        Adjust layer backing store format
        https://bugs.webkit.org/show_bug.cgi?id=152097
        rdar://problem/23305376

        Reviewed by Tim Horton.
        
        Call setBackingStoreFormat() on UIWebView tile grid layers, and on compositing
        layers which can allocate backing store.

        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        (WebCore::setBackingStoreFormat):
        (PlatformCALayerCocoa::commonInit):
        * platform/ios/LegacyTileGridTile.mm:
        (WebCore::setBackingStoreFormat):
        (WebCore::LegacyTileGridTile::LegacyTileGridTile):

2015-12-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/intversion-close-between-events.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152096

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * bindings/js/JSIDBDatabaseCustom.cpp:
        (WebCore::JSIDBDatabase::transaction): In addition to JSArrays, treat DOMStringLists as a valid string sequence.
    
2015-12-09  Andreas Kling  <akling@apple.com>

        [iOS] ResourceUsageOverlay should work on iOS.
        <https://webkit.org/b/152021>

        Reviewed by Antti Koivisto.

        Make ResourceUsageOverlay work on iOS and on Mac desktops with UI-side compositing.

        * page/ResourceUsageOverlay.cpp:
        (WebCore::ResourceUsageOverlay::initialize): Move the overlay to the top of the view on iOS for now.
        * page/ResourceUsageOverlay.h:
        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::createColor): Make a custom CGColor factory since we can't use CGColorCreateGenericRGB on iOS.
        (WebCore::MemoryCategoryInfo::MemoryCategoryInfo):
        (WebCore::ResourceUsageOverlay::platformInitialize): Put the overlay CALayer into a container layer and
        hook it up with GraphicsLayer::setContentsToPlatformLayer so it works with all compositing modes.
        (WebCore::showText): Move CGContextSaveGState call to the top of the function to preserve everything.
        (WebCore::drawGraphLabel):
        (WebCore::drawCpuHistory):
        (WebCore::drawGCHistory):
        (WebCore::ResourceUsageOverlay::platformDraw): Flip the CGContext if needed.
        (WebCore::runSamplerThread): Update the layer rects on each thread iteration. This shouldn't be
        necessary but it papers over an issue where the containing layer would shrink down to 0x0 and
        disappear. Added a FIXME for this.
        * platform/spi/cocoa/MachVMSPI.h: Add purgeable VM SPI.

2015-12-09  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/database-closepending-flag.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152095

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).
        
        The server-side checks the closepending flag before dispatching the event to the client, 
        but due to the inherent asynchronous race between server and client, the client needs to 
        check its closePending flag as well.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::fireVersionChangeEvent): Don't fire if m_closePending is set.

2015-12-09  David Hyatt  <hyatt@apple.com>

        Picture element needs to respond to dynamic viewport changes.
        https://bugs.webkit.org/show_bug.cgi?id=152013
        <rdar://problem/23766375>

        Reviewed by Dean Jackson.

        Added new tests in fast/picture.

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::evalCheckingViewportDependentResults):
        Add new evaluation method that adds viewport dependent results to a vector. A follow-up patch
        will refactor the style resolver code to use this function instead of the special style resolver one, in order to
        get rid of the code duplication. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152089.

        * css/MediaQueryEvaluator.h:
        (WebCore::MediaQueryResult::MediaQueryResult):
        * css/StyleResolver.h:
        (WebCore::MediaQueryResult::MediaQueryResult): Deleted.
        Move MediaQueryResult into a header since it is used in multiple places now and not just by the style
        resolver.

        * dom/Document.cpp:
        (WebCore::Document::evaluateMediaQueryList):
        (WebCore::Document::checkViewportDependentPictures):
        (WebCore::Document::optimizedStyleSheetUpdateTimerFired):
        (WebCore::Document::applyContentDispositionAttachmentSandbox):
        (WebCore::Document::addViewportDependentPicture):
        (WebCore::Document::removeViewportDependentPicture):
        * dom/Document.h:
        The document now maintains a HashSet of viewport-dependent pictures, and it checks them whenever the
        viewport changes. If their media queries stay the same, then nothing happens. If they change, then
        the <picture> will go back and re-check all its <source> elements to see what the new best candidate is.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        Revised to check for viewport dependencies and to cache viewport-dependent results on the <picture> elements.
        When a <picture> is found to be viewport-dependent (or not) it is also added to or removed from the document's
        set of tracked pictures.

        * html/HTMLPictureElement.cpp:
        (WebCore::HTMLPictureElement::HTMLPictureElement):
        (WebCore::HTMLPictureElement::~HTMLPictureElement):
        (WebCore::HTMLPictureElement::didMoveToNewDocument):
        (WebCore::HTMLPictureElement::create):
        (WebCore::HTMLPictureElement::sourcesChanged):
        (WebCore::HTMLPictureElement::viewportChangeAffectedPicture):
        * html/HTMLPictureElement.h:
        New caching of results and updating of the document HashSet when the picture gets destroyed or moves to
        a different document.

        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::parseAttribute):
        * html/HTMLSourceElement.h:
        Cache the media attribute in a parsed form. A follow-up patch will improve the <video>/<audio>
        code to make use of this parsed result. Tracked by https://bugs.webkit.org/show_bug.cgi?id=152090.

2015-12-09  Zalan Bujtas  <zalan@apple.com>

        TextPainter: Rename start and end position to selectionStart and selectionEnd.
        https://bugs.webkit.org/show_bug.cgi?id=152088

        Reviewed by Myles C. Maxfield.

        They actually mean selection start/end.

        No change in functionality.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paint):
        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::TextPainter):
        (WebCore::TextPainter::paintText):
        * rendering/TextPainter.h:

2015-12-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [GTK] Anonymous render block flow elements should be exposed as ATK_ROLE_SECTION; not ATK_ROLE_PANEL
        https://bugs.webkit.org/show_bug.cgi?id=152070

        Reviewed by Mario Sanchez Prada.

        Map the element to WebCore AccessibilityRole DivRole for GTK. This is being
        done in the shared layer rather than in the platform layer because we want all
        subsequent logic to treat anonymous render block flow elements as divs.

        No new tests. We already have sufficient test coverage. The expectations
        been updated accordingly.

        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::determineAccessibilityRole):

2015-12-09  Keith Rollin  <krollin@apple.com>

        form.elements should reflect the element ordering after the HTML tree builder algorithm
        https://bugs.webkit.org/show_bug.cgi?id=148870
        rdar://problem/22589879

        Reviewed by Ryosuke Niwa.

        form.elements should return form-associated elements in tree order.
        However, when presented with an HTML fragment like the following,
        forms.elements is not built in tree order. Instead, the elements
        appear in forms.element in the same order they appear in the HTML --
        that is in the same order as they are parsed.

        <form id=form>
            <table>
                <tr>
                    <td><input type="radio" name="radio1" id="r1" value=1></td>
                    <td><input type="radio" name="radio2" id="r2" value=2></td>
                    <input type="radio" name="radio0" id="r0" value=0>
                </tr>
            </table>
        </form>

        The reason why elements appear in forms.elements in parse order is
        because they register themselves with the designated form when they
        are created. At this time, they are not in the DOM tree, so the form
        can only assume that the element will be appended to the DOM tree,
        with the result that it records the elements in the HTML fragment
        above as [r1, r2, r0].

        However, it's not always the case that the newly-created element will
        be appended to the current tree. In the HTML fragment above, the r0
        input element is hoised out of the table element. It ends up being the
        preceding sibling of the table element, with the result that the
        actual tree-order of the input elements is [r0, r1, r2].

        Because the problem is due to registering form-associated elements
        with the form *before* the elements are added to the DOM tree, the
        solution is to defer that registration until afterwards. With the new
        element in the tree, the form can now use its current location in the
        tree to correctly place the element in form.elements.

        Existing tests now pass:
        - imported/w3c/web-platform-tests/html/semantics/forms/the-form-element/form-elements-nameditem-02-html

        * html/FormAssociatedElement.cpp:
        (WebCore::FormAssociatedElement::FormAssociatedElement):
        (WebCore::FormAssociatedElement::insertedInto):
        (WebCore::FormAssociatedElement::removedFrom):
        (WebCore::FormAssociatedElement::formRemovedFromTree):
        (WebCore::FormAssociatedElement::formWillBeDestroyed):
        * html/FormAssociatedElement.h:
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::HTMLFormControlElement):
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::HTMLImageElement):
        (WebCore::HTMLImageElement::insertedInto):
        (WebCore::HTMLImageElement::removedFrom):
        * html/HTMLImageElement.h:
        * html/HTMLObjectElement.cpp:
        (WebCore::HTMLObjectElement::HTMLObjectElement):

2015-12-09  Gwang Yoon Hwang  <yoon@igalia.com>

        [ThreadedCompositor] Support HTML5 Video
        https://bugs.webkit.org/show_bug.cgi?id=143301

        Reviewed by Žan Doberšek.

        This patch implements HTML5 Video supports in Threaded Compositor.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
        Added to support GStreamer GL by ensuring unmapping of the swapped
        GstVideoFrame performed at GStreamer GL's gl thread.
        (WebCore::MediaPlayerPrivateGStreamerBase::updateTexture):
        Modified to upload decoded frame to the given texture instead of
        creating a texture itself because we should use a texture from the
        proxy when we are using the threaded compositor.
        (WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
        Implements two ways to send a texture from GStreamer to the compositor.
        1. If we are not using GStreamer GL, we are going to acquire a free texture
        from a TextureMapperPlatformLayerProxy and upload the decoded frame to the
        texture. This should be done at the compositing thread because we
        don't have a Gst's GL thread.
        2. If we are using GStreamer GL, we map a texture for the given frame
        and passes it to the compositing thread. The mapped frame will be
        freed if it is swapped out or the layer is removed.

        (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
        Modified to aquire a new texture itself.

        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
        Adds a way to pass a function to the compositing thread to allocate /
        upload textures at the compositing thread.


2015-12-09  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] pipeThrough test failing
        https://bugs.webkit.org/show_bug.cgi?id=152061

        Reviewed by Youenn Fablet.

        Test: imported/w3c/web-platform-tests/streams-api/readable-streams/pipe-through.html

        * Modules/streams/ReadableStream.js:
        (pipeThrough): Mimic destructuring for the streams parameter.

2015-12-09  Frederic Wang  <fred.wang@free.fr>

        Bad position of large operators inside an munderover element
        https://bugs.webkit.org/show_bug.cgi?id=151916

        Reviewed by Alejandro G. Castro.

        Test: mathml/opentype/large-operators-munderover.html

        * rendering/mathml/RenderMathMLOperator.h:
        (WebCore::RenderMathMLOperator::isVertical): Expose the direction of the operator.
        * rendering/mathml/RenderMathMLUnderOver.cpp:
        (WebCore::RenderMathMLUnderOver::layout): Remove call to horizontal stretching for vertical operators.

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        [TexMap] TextureMapperTiledBackingStore should notify the ImageObserver of the data access
        https://bugs.webkit.org/show_bug.cgi?id=152053

        Reviewed by Martin Robinson.

        TextureMapperTiledBackingStore should call ImageObserver::didDraw() on the Image's
        observer after updating the tile with the Image's data. This way the CachedImage
        (i.e. the observer) can mark the data access with the current timestamp, avoiding
        removing the decoded data in the very near future during a cache purge.

        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        Make MainThreadSharedTimerGtk implementation GLib-specific
        https://bugs.webkit.org/show_bug.cgi?id=152044

        Reviewed by Carlos Garcia Campos.

        MainThreadSharedTimerGtk has implementation that only directly depends
        on GLib, and not GTK+. Because of that it can be moved under
        Source/WebCore/platform/glib and slightly renamed.

        * PlatformGTK.cmake:
        * platform/glib/MainThreadSharedTimerGLib.cpp: Renamed from Source/WebCore/platform/gtk/MainThreadSharedTimerGtk.cpp.
        (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
        (WebCore::MainThreadSharedTimer::setFireInterval):
        (WebCore::MainThreadSharedTimer::stop):
        (WebCore::MainThreadSharedTimer::invalidate):
        * platform/gtk/MainThreadSharedTimerGtk.cpp:
        (WebCore::MainThreadSharedTimer::MainThreadSharedTimer): Deleted.
        (WebCore::MainThreadSharedTimer::setFireInterval): Deleted.
        (WebCore::MainThreadSharedTimer::stop): Deleted.
        (WebCore::MainThreadSharedTimer::invalidate): Deleted.

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        [TextureMapper] TextureMapperShaderProgram::setMatrix() should use TransformationMatrix::FloatMatrix4
        https://bugs.webkit.org/show_bug.cgi?id=152042

        Reviewed by Martin Robinson.

        * platform/graphics/texmap/TextureMapperShaderProgram.cpp:
        (WebCore::TextureMapperShaderProgram::setMatrix): Instead of manually writing out
        the complete matrix in a C array, simply use TransformationMatrix::FloatMatrix4
        and fill that via the TransformationMatrix::toColumnMajorFloatArray() method
        called on the passed-in TransformationMatrix.

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        [Soup] Attach the SocketStreamHandleSoup write-ready source to the thread-default context
        https://bugs.webkit.org/show_bug.cgi?id=152041

        Reviewed by Carlos Garcia Campos.

        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability): Attach the
        write-ready source to the thread-default context, instead of implicitly
        relying on the default context for dispatching.

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        [Soup] SocketStreamHandle should call g_source_destroy() on the write-ready source
        https://bugs.webkit.org/show_bug.cgi?id=152040

        Reviewed by Carlos Garcia Campos.

        * platform/network/soup/SocketStreamHandleSoup.cpp:
        (WebCore::SocketStreamHandle::stopWaitingForSocketWritability): Instead of
        calling the g_source_get_id()-g_source_remove() pair, destroy the source via
        the g_source_destroy() call. Also use nullptr to clear out the pointer
        variable.

2015-12-09  Zan Dobersek  <zdobersek@igalia.com>

        Make AudioBusGtk implementation GLib-specific
        https://bugs.webkit.org/show_bug.cgi?id=152049

        Reviewed by Philippe Normand.

        AudioBusGtk only depends on GLib, so it should be moved to
        Source/WebCore/platform/audio/glib and the implementation file
        renamed to AudioBusGLib.cpp.

        The hard-coded webkitgtk path component can be addressed later.

        * PlatformGTK.cmake: Update the build target.
        * platform/audio/glib/AudioBusGLib.cpp: Renamed from Source/WebCore/platform/audio/gtk/AudioBusGtk.cpp.
        (WebCore::AudioBus::loadPlatformResource):
        * platform/audio/gtk/AudioBusGtk.cpp:
        (WebCore::AudioBus::loadPlatformResource): Deleted.

2015-12-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: [EFL] Consider deferring to WebCore Accessibility for table exposure
        https://bugs.webkit.org/show_bug.cgi?id=144898

        Reviewed by Darin Adler.

        Stop unconditionally exposing all HTMLTableElement nodes as AccessibilityTables
        for WebKitEfl.

        No new tests. Several existing tests already cover table exposure. They have
        been updated accordingly.

        * accessibility/AccessibilityTable.cpp:
        (WebCore::AccessibilityTable::computeIsTableExposableThroughAccessibility):

2015-12-08  Simon Fraser  <simon.fraser@apple.com>

        Convert resetAnimValToBaseVal take a reference to a SVGAnimatedType
        https://bugs.webkit.org/show_bug.cgi?id=152036

        Reviewed by Zalan Bujtas.
        
        Change resetAnimValToBaseVal() to take a reference at the last argument.

        * svg/SVGAnimateElementBase.cpp:
        (WebCore::SVGAnimateElementBase::resetAnimatedType):
        * svg/SVGAnimatedAngle.cpp:
        (WebCore::SVGAnimatedAngleAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedAngle.h:
        * svg/SVGAnimatedBoolean.cpp:
        (WebCore::SVGAnimatedBooleanAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedBoolean.h:
        * svg/SVGAnimatedColor.h:
        * svg/SVGAnimatedEnumeration.cpp:
        (WebCore::SVGAnimatedEnumerationAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedEnumeration.h:
        * svg/SVGAnimatedInteger.cpp:
        (WebCore::SVGAnimatedIntegerAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedInteger.h:
        * svg/SVGAnimatedIntegerOptionalInteger.cpp:
        (WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedIntegerOptionalInteger.h:
        * svg/SVGAnimatedLength.cpp:
        (WebCore::SVGAnimatedLengthAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedLength.h:
        * svg/SVGAnimatedLengthList.cpp:
        (WebCore::SVGAnimatedLengthListAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedLengthList.h:
        * svg/SVGAnimatedNumber.cpp:
        (WebCore::SVGAnimatedNumberAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedNumber.h:
        * svg/SVGAnimatedNumberList.cpp:
        (WebCore::SVGAnimatedNumberListAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedNumberList.h:
        * svg/SVGAnimatedNumberOptionalNumber.cpp:
        (WebCore::SVGAnimatedNumberOptionalNumberAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedNumberOptionalNumber.h:
        * svg/SVGAnimatedPath.cpp:
        (WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedPath.h:
        * svg/SVGAnimatedPointList.cpp:
        (WebCore::SVGAnimatedPointListAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedPointList.h:
        * svg/SVGAnimatedPreserveAspectRatio.cpp:
        (WebCore::SVGAnimatedPreserveAspectRatioAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedPreserveAspectRatio.h:
        * svg/SVGAnimatedRect.cpp:
        (WebCore::SVGAnimatedRectAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedRect.h:
        * svg/SVGAnimatedString.cpp:
        (WebCore::SVGAnimatedStringAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedString.h:
        * svg/SVGAnimatedTransformList.cpp:
        (WebCore::SVGAnimatedTransformListAnimator::resetAnimValToBaseVal):
        * svg/SVGAnimatedTransformList.h:
        * svg/SVGAnimatedTypeAnimator.h:
        (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValue):
        (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues):

2015-12-08  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove Mavericks-specific code from FontCacheMac
        https://bugs.webkit.org/show_bug.cgi?id=152030

        Reviewed by Simon Fraser.

        Mavericks is no longer a supported platform.

        No new tests because there is no behavior change.

        * platform/graphics/mac/FontCacheMac.mm:
        (WebCore::platformLookupFallbackFont):
        (WebCore::platformFontWithFamilySpecialCase): Deleted.

2015-12-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/objectstore-cursor.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=152023

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::MemoryObjectStoreCursor):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setReverseIteratorFromRemainingRange): Make sure the
          found iterator is actually in the target range.

2015-12-08  Jer Noble  <jer.noble@apple.com>

        Changing <video> src during 'ended' event can leave screen sleep disabled
        https://bugs.webkit.org/show_bug.cgi?id=152018

        Reviewed by Eric Carlson.

        Resetting a HTMLMediaElement's src during 'ended' introduces a race condition: whether
        the 'mediaPlayerRateChanged()' notification will fire before createMediaPlayer() destroys
        the old MediaPlayer firing said notification.

        To break the race condition, always update the sleep disabling assertion after destroying
        the media player (by creating a new one).

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::createMediaPlayer):

2015-12-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fire blocked events for delete requests that are blocked.
        https://bugs.webkit.org/show_bug.cgi?id=152015

        Reviewed by Alex Christensen.

        No new tests (Previous failing tests now pass, and previously timing-out tests now complete).

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::maybeDeleteDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::handleDelete):
        (WebCore::IDBServer::UniqueIDBDatabase::deleteOrRunTransactionsTimerFired):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fire blocked events for upgrade requests that are blocked.
        https://bugs.webkit.org/show_bug.cgi?id=152007

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/blocked-open-db-requests.html
              And some that used to fail now pass.
              And some that used to timeout now complete.

        * Modules/indexeddb/client/IDBConnectionToServer.cpp:
        (WebCore::IDBClient::IDBConnectionToServer::notifyOpenDBRequestBlocked):
        * Modules/indexeddb/client/IDBConnectionToServer.h:

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::IDBDatabase):

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::requestBlocked):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent):

        * Modules/indexeddb/server/IDBConnectionToClient.cpp:
        (WebCore::IDBServer::IDBConnectionToClient::notifyOpenDBRequestBlocked):
        * Modules/indexeddb/server/IDBConnectionToClient.h:
        * Modules/indexeddb/server/IDBConnectionToClientDelegate.h:

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations): When a request that would
          result in a version change transaction is blocked by open connections, notify it.

        * Modules/indexeddb/shared/InProcessIDBServer.cpp:
        (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
        * Modules/indexeddb/shared/InProcessIDBServer.h:

2015-12-08  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Compile error.
        https://bugs.webkit.org/show_bug.cgi?id=152008

        Reviewed by Brent Fulgham.

        GLuint is undefined.

        * platform/graphics/GraphicsContext3D.h:

2015-12-08  Zalan Bujtas  <zalan@apple.com>

        Light cleanup in TextPainter.
        https://bugs.webkit.org/show_bug.cgi?id=151994

        Reviewed by Darin Adler.

        No change in functionality.

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::TextPainter):
        * rendering/TextPainter.h: Address post review comment.
        (WebCore::ShadowApplier::isLastShadowIteration):
        (WebCore::ShadowApplier::shadowIsCompletelyCoveredByText):

2015-12-08  Zalan Bujtas  <zalan@apple.com>

        Do not insert positioned renderers to multiple gPositionedDescendantsMap.
        https://bugs.webkit.org/show_bug.cgi?id=151878
        rdar://problem/22229889

        Reviewed by Simon Fraser.

        We insert positioned renderers into a static map (RenderBlock::gPositionedDescendantsMap) to keep track of them.
        This static map is at block level. A particular absolute positioned object is added to its closest ancestor that
        returns true for RenderElement::canContainAbsolutelyPositionedObjects().
        canContainAbsolutelyPositionedObjects() returns true if the ancestor is either positioned or has transform.
        If this container's style changes so that it's no longer positioned and it has no transform anymore,
        we need to clear its static map of positioned objects (they'll get re-inserted to another ancestor at next layout).

        This patch addresses the case when the renderer does not have transforms anymore.

        Test: fast/block/positioning/crash-when-transform-is-removed.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::styleWillChange):

2015-12-08  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Rename UserMediaClient and UserMediaController methods
        https://bugs.webkit.org/show_bug.cgi?id=152001

        Reviewed by Brady Eidson.

        No new tests, no behavior change.

        * Modules/mediastream/UserMediaClient.h:
        (WebCore::UserMediaClient::~UserMediaClient):
        * Modules/mediastream/UserMediaController.h:
        (WebCore::UserMediaController::client):
        (WebCore::UserMediaController::from):
        (WebCore::UserMediaController::requestUserMediaAccess):
        (WebCore::UserMediaController::cancelUserMediaAccessRequest):
        (WebCore::UserMediaController::requestPermission): Deleted.
        (WebCore::UserMediaController::cancelRequest): Deleted.
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::constraintsValidated):
        (WebCore::UserMediaRequest::contextDestroyed):
        * platform/mock/UserMediaClientMock.h:

2015-12-08  Jer Noble  <jer.noble@apple.com>

        [iOS] Do not exit fullscreen mode during auto-PiP.
        https://bugs.webkit.org/show_bug.cgi?id=151889

        Reviewed by Darin Adler.

        When auto-PiPing, do not exit fullscreen mode, as that causes a two-step animation upon returing from auto-PiP.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::applicationDidBecomeActive): Handle the case where we open Safari after an
            auto-PiP by clicking on a link; if so, hide the fullscreen window.
        (WebVideoFullscreenInterfaceAVKit::didStartPictureInPicture): Do not exit fullscreen during auto-PiP.
        (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason): Ditto.

2015-12-08  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Remove unneeded function.
        https://bugs.webkit.org/show_bug.cgi?id=151989

        Reviewed by Brent Fulgham.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::createOptimalVideoType):
        (MFCreateMediaType): Deleted.

2015-12-08  Jer Noble  <jer.noble@apple.com>

        [iOS] Adopt WebFullScreenVideoRootViewController.
        https://bugs.webkit.org/show_bug.cgi?id=151996

        Reviewed by Dan Bernstein.

        Adopt WebFullScreenVideoRootViewController from WebKitAdditions. If it is not available, create and use
        a generic UIViewController subclass.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (createFullScreenVideoRootViewControllerClass):
        (allocWebFullScreenVideoRootViewControllerInstance):
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen):

2015-12-08  Andy Estes  <aestes@apple.com>

        ImmutableNFANodeBuilder's move constructor moves an uninitialized member variable into itself
        https://bugs.webkit.org/show_bug.cgi?id=151982

        Reviewed by Darin Adler.

        * contentextensions/ImmutableNFANodeBuilder.h:
        (WebCore::ContentExtensions::ImmutableNFANodeBuilder::ImmutableNFANodeBuilder):

2015-12-08  Andreas Kling  <akling@apple.com>

        [Cocoa] ResourceUsageOverlay should query kernel for VM page size.
        <https://webkit.org/b/151920>

        Reviewed by Andy Estes.

        Read the vm.pagesize sysctl to find the correct page size for memory usage calculations.
        This fixes broken math on systems that have different hw.pagesize and vm.pagesize.

        * page/cocoa/ResourceUsageOverlayCocoa.mm:
        (WebCore::vmPageSize):
        (WebCore::pagesPerVMTag):
        (WebCore::runSamplerThread):

2015-12-08  Chris Dumez  <cdumez@apple.com>

        Add diagnostic logging to measure speculative revalidation accuracy
        https://bugs.webkit.org/show_bug.cgi?id=151953
        <rdar://problem/23092196>

        Reviewed by Darin Adler.

        Add diagnostic logging to measure speculative revalidation accuracy.

        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::entryRightlyNotWarmedUpKey):
        (WebCore::DiagnosticLoggingKeys::entryWronglyNotWarmedUpKey):
        (WebCore::DiagnosticLoggingKeys::successfulSpeculativeWarmupWithRevalidationKey):
        (WebCore::DiagnosticLoggingKeys::successfulSpeculativeWarmupWithoutRevalidationKey):
        (WebCore::DiagnosticLoggingKeys::unknownEntryRequestKey):
        (WebCore::DiagnosticLoggingKeys::wastedSpeculativeWarmupWithRevalidationKey):
        (WebCore::DiagnosticLoggingKeys::wastedSpeculativeWarmupWithoutRevalidationKey):
        * page/DiagnosticLoggingKeys.h:

2015-12-08  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/index-cursor.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151973

        Reviewed by Darin Adler.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::MemoryIndexCursor): When the initial cursor creation
          generates an iterator outside of the cursor's IDBKeyRange, invalidate the iterator.
          
2015-12-08  Joanmarie Diggs  <jdiggs@igalia.com>

        [EFL] some ax tests have been failed since r186692
        https://bugs.webkit.org/show_bug.cgi?id=146887

        Reviewed by Mario Sanchez Prada.

        The tests were failing because there are now two WebCore accessibility
        roles which need to implement the AtkTable interface: TableRole and
        GridRole. Because the latter was not added in r186692, any tests with
        ARIA role grid that accessed cells via coordinates stopped working.

        No new tests; instead unskipped all the broken table tests which now pass.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (getInterfaceMaskFromObject):

2015-12-08  Gwang Yoon Hwang  <yoon@igalia.com>

        [ThreadedCompositor] Add support for Cairo GL-backed ImageBuffer.
        https://bugs.webkit.org/show_bug.cgi?id=151986

        Reviewed by Žan Doberšek.

        This patch adds a support for accelerated 2d canvas which uses cairo-gl as its
        backend to the threaded compositor. Basically, it applies same way to support
        WebGL for the threaded compositor.

        Unfortunately, we cannot swap the buffer for the accelerated 2d canvas because
        it should preserve the buffer of the previous frame when drawing new contents.
        Because of that, the surface of the accelerated 2d canvas will be copied for
        each frame.

        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBufferData::ImageBufferData):
        (WebCore::ImageBufferData::createCompositorBuffer): Prepare a texture
        surface to push the rendered result to the compositing thread.
        (WebCore::ImageBufferData::swapBuffersIfNeeded): Copies the contents
        of the canvas's surface to the compositing texture.
        (WebCore::ImageBufferData::createCairoGLSurface): Moved to the inside
        of ImageBufferData.

2015-12-08  Joanmarie Diggs  <jdiggs@igalia.com>

        [GTK] 15 accessibility tests fail since r186692.
        https://bugs.webkit.org/show_bug.cgi?id=148938

        Reviewed by Mario Sanchez Prada.

        Failing tests rebaselined.

        * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
        (atkRole): Treat GridCellRole and CellRole the same.
        (roleIsTextType): Treat GridCellRole and CellRole the same.

2015-12-08  Frederic Wang  <fred.wang@free.fr>

        [cairo] Solid stroke of lines with thickness less than 1 pixel broken after r191658
        https://bugs.webkit.org/show_bug.cgi?id=151947

        Reviewed by Martin Robinson.

        Test: mathml/presentation/radical-bar-visibility.html

        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawLine): Force a minimal thickness of 1px

2015-12-08  Gwang Yoon Hwang  <yoon@igalia.com>

        [ThreadedCompositor] Support WebGL for OpenGL.
        https://bugs.webkit.org/show_bug.cgi?id=143300

        Reviewed by Žan Doberšek.

        To remove pixel transfer operation, this patch adds m_compositorFBO which uses same depth and stencil
        buffer with m_fbo but uses m_compositorTexture as a color attachment in GraphicsContext3D.
        Because switching target framebuffer is cheaper than pixel transfer operation and switching color
        attachment of m_fbo. In Threaded Compositor, when WebGL renders a scene, prepareTexture swaps
        m_fbo with m_compositorFBO and send the color attachment to the compositor thread.
        This patch only supports WebGL for OpenGL. OpenGLES will be covered in following-up patches.

        No new tests needed.

        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/GraphicsContext3DPrivate.cpp:
        (WebCore::GraphicsContext3DPrivate::GraphicsContext3DPrivate):
        (WebCore::GraphicsContext3DPrivate::proxy):
        (WebCore::GraphicsContext3DPrivate::swapBuffersIfNeeded):
        Implement interfaces to pass a rendered texture to the compositing
        thread.
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
        (WebCore::GraphicsContext3D::GraphicsContext3D):
        (WebCore::GraphicsContext3D::~GraphicsContext3D):
        Create additional compositing texture and FBO to swaping buffers for
        threaded compositor.
        * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
        (WebCore::GraphicsContext3D::reshapeFBOs):
        (WebCore::GraphicsContext3D::attachDepthAndStencilBufferIfNeeded):
        Split attaching depth and stencil buffer codes from reshapeFBOs
        to make complete framebuffer with not only m_fbo but m_compositorFBO also.
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::prepareTexture):
        If we are in the threaded compositor, we will swap m_fbo with
        m_compositorFBO instead of copying it.

2015-12-07  Zalan Bujtas  <zalan@apple.com>

        Make paintTextWithShadows a member function (TextPainter).
        https://bugs.webkit.org/show_bug.cgi?id=151979

        Reviewed by Simon Fraser.

        This patch also simplifies paintTextWithShadows and
        rearranges some of the functions' arguments. 

        No change in functionality.

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::drawTextOrEmphasisMarks):
        (WebCore::TextPainter::paintTextWithShadows):
        (WebCore::TextPainter::paintEmphasisMarksIfNeeded):
        (WebCore::TextPainter::paintTextWithStyle):
        (WebCore::TextPainter::paintText):
        (WebCore::drawTextOrEmphasisMarks): Deleted.
        (WebCore::paintTextWithShadows): Deleted.
        * rendering/TextPainter.h:

2015-12-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/factory-deletedatabase.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151966

        Reviewed by Sam Weinig.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::onDeleteDatabaseSuccess): The spec says that the result of
          deleteDatabase should be undefined. Without explicitly making it undefined, it's incorrectly null.

2015-12-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-continue-validity.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151961

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        When an index cursor's iterator was invalidated, there were some cases where it did 
        not correctly find the next iterator to pick up where it left off.

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::update):
        (WebCore::IDBClient::IDBCursor::deleteFunction):
        
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::find):
        (WebCore::IDBServer::IndexValueStore::loggingString):
        * Modules/indexeddb/server/IndexValueStore.h:

2015-12-07  Zalan Bujtas  <zalan@apple.com>

        Refactor TextPainter::paintText() into sub methods.
        https://bugs.webkit.org/show_bug.cgi?id=151962

        Reviewed by Myles C. Maxfield.

        No change in functionality.

        * rendering/TextPainter.cpp:
        (WebCore::TextPainter::paintTextWithEmphasisIfNeeded):
        (WebCore::TextPainter::paintTextWithStyle):
        (WebCore::TextPainter::paintText):
        * rendering/TextPainter.h:

2015-12-07  Gwang Yoon Hwang  <yoon@igalia.com>

        [GTK] Clean up virtual functions in MediaPlayerPrivateGStreamerBase
        https://bugs.webkit.org/show_bug.cgi?id=151940

        Reviewed by Carlos Garcia Campos.

        - Using 'override' when appropriate
        - Explicitly marking methods as virtual when they are inherently virtual

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

2015-12-07  Saam barati  <sbarati@apple.com>

        Add op_watchdog opcode that is generated when VM has a watchdog
        https://bugs.webkit.org/show_bug.cgi?id=151954

        Reviewed by Mark Lam.

        No new tests because JSC already has tests for this.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::scheduleExecutionTermination):
        (WebCore::WorkerScriptController::isTerminatingExecution):

2015-12-07  Brian Burg  <bburg@apple.com>

        Web Inspector: Uncaught Exception page should have better styles and handle more error cases
        https://bugs.webkit.org/show_bug.cgi?id=151923

        Reviewed by Timothy Hatcher.

        Add a check for InspectorFrontendAPI before calling it. This can fail
        easily if an uncaught exception stalls initial loading, or whenever
        the Inspector frontend is reloaded.

        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::evaluateOnLoad):

2015-12-07  Beth Dakin  <bdakin@apple.com>

        Hook up request and show for typing candidates in WK1
        https://bugs.webkit.org/show_bug.cgi?id=151831
        -and corresponding-
        <rdar://problem/23751214>

        Reviewed by Enrica Casucci.

        New SPI that is needed.
        * WebCore.xcodeproj/project.pbxproj:
        * platform/spi/mac/NSSpellCheckerSPI.h: Added.

        Request candidates for editable content whenever selection changes.
        * editing/Editor.cpp:
        (WebCore::Editor::respondToChangedSelection):

        Implement requestCandidatesForSelection on the EditorClient.
        * loader/EmptyClients.h:
        * page/EditorClient.h:
        (WebCore::EditorClient::requestCandidatesForSelection):

2015-12-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix "old versions" when upgrading databases.
        https://bugs.webkit.org/show_bug.cgi?id=151948

        Reviewed by Alex Christensen.

        No new tests (5 failing tests now pass, and updated results for a 6th test).

        This includes the old version on the IDBVersionChangeEvent, as well as the version the 
        IDBDatabase is left with if the version change transaction is aborted.

        Primary mechanism of the fix is to include the original IDBDatabaseInfo along with 
        IDBTransactionInfos that represent version change transactions.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::willAbortTransaction):
        (WebCore::IDBClient::IDBDatabase::didAbortTransaction):

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::onUpgradeNeeded):

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::IDBTransaction): Deleted.
        (WebCore::IDBClient::IDBTransaction::finishAbortOrCommit): Deleted.
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        (WebCore::IDBClient::IDBTransaction::info):
        (WebCore::IDBClient::IDBTransaction::originalDatabaseInfo):

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):
        * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
        (WebCore::IDBServer::UniqueIDBDatabaseConnection::createVersionChangeTransaction):

        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::versionChange):
        (WebCore::IDBTransactionInfo::IDBTransactionInfo):
        (WebCore::IDBTransactionInfo::isolatedCopy):
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::originalDatabaseInfo):

2015-12-07  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>

        Update Objective-C code generator to pass a reference to calling object for partial interfaces
        https://bugs.webkit.org/show_bug.cgi?id=151739

        Reviewed by Darin Adler.

        The fix updates the Objective-C code generator to pass a reference to calling object for partial interfaces.
        The change from pass by pointer to pass by reference was introduced in r192849.

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        * bindings/scripts/test/ObjC/DOMTestInterface.mm:
        (-[DOMTestInterface supplementalStr1]):
        (-[DOMTestInterface supplementalStr2]):
        (-[DOMTestInterface setSupplementalStr2:]):
        (-[DOMTestInterface supplementalStr3]):
        (-[DOMTestInterface setSupplementalStr3:]):
        (-[DOMTestInterface supplementalNode]):
        (-[DOMTestInterface setSupplementalNode:]):
        (-[DOMTestInterface builtinAttribute]):
        (-[DOMTestInterface setBuiltinAttribute:]):
        (-[DOMTestInterface supplementalMethod1]):
        (-[DOMTestInterface supplementalMethod2:objArg:]):
        (-[DOMTestInterface supplementalMethod3]):
        (-[DOMTestInterface supplementalMethod4]):
        (-[DOMTestInterface builtinFunction]):

2015-12-07  Chris Dumez  <cdumez@apple.com>

        Crash in MemoryCache::pruneDeadResourcesToSize()
        https://bugs.webkit.org/show_bug.cgi?id=151833
        <rdar://problem/22392235>

        Reviewed by David Kilzer.

        MemoryCache::pruneDeadResourcesToSize() is iterating over m_allResources
        (which is a vector of LRUList). It first destroys decoded data for each
        resource in the LRUList. Then, if it does not suffice to reach the
        target size, and starts actually removing resources from the cache.

        The issue is that this code alters m_allResources (and its LRULists) as
        it is iterating over it. We tried to deal with this in various ways:
        1. Increment the iterator before removing the resource pointed by the
          iterator.
        2. Protect the next resource in the LRUList and abort early if it is no
          longer in the cache.

        This adds code complexity and apparently does not correctly handle all
        the edge cases as we still see crashes in this code. In particular, I
        suspect that 2. may not be sufficient if it is possible for the next
        resource to be moved to another LRUList (in which case, next->inCache()
        would still return true but the iterator would however become invalid).

        To make the code simpler and more robust, this patch copies the LRUList
        (and refs the CachedResources) before iterating over it. This is a lot
        safer and should hopefully fix the crashes we see in this function.

        No new tests, no reproduction case.

        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::pruneDeadResourcesToSize):

2015-12-07  Brady Eidson  <beidson@apple.com>

        Modern IDB: Add some more custom exception messages, passing some more tests..
        https://bugs.webkit.org/show_bug.cgi?id=151912

        Reviewed by Andy Estes.

        No new tests (Covered by existing tests).

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::index):
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::objectStore):

2015-12-07  Gwang Yoon Hwang  <yoon@igalia.com>

        [ThreadedCompositor] Add support for PlatformLayer.
        https://bugs.webkit.org/show_bug.cgi?id=143299

        Reviewed by Žan Doberšek.

        This patch implements TextureMapperPlatformLayerProxy and TextureMapperPlatformLayerBuffer to
        send a texture (actual texture or BitmapTexture) to the compositing thread directly.
        Platform layer renderers should implement TextureMapperPlatformLayerProxyProvider to establish
        a connection to the compositing thread. After the connection has been established, the renderer
        can render its contents to the TextureMapperPlatformLayerBuffer and pass it to the compositing thread
        via TextureMapperPlatformLayer proxy.
        The buffer can be an unmanaged texture (a.k.a. platform texture) or BitmapTexture.
        For the unmanaged texture, the renderer should manage its life cycle itself. For the BitmapTexture,
        it will be managed by TextureMapperPlatformLayerProxy. In that case, used (swapped) buffer will be
        recycled because the renderer will use same size and format until it changes its size.

        No new tests needed.

        * PlatformGTK.cmake:
        Adds TextureMapperPlatformLayerBuffer and TextureMapperPlaytformLayerProxy.

        * platform/graphics/GraphicsContext3DPrivate.cpp:
        * platform/graphics/GraphicsContext3DPrivate.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        * platform/graphics/cairo/ImageBufferDataCairo.h:
        Adds mock implementation.

        * platform/graphics/PlatformLayer.h:
        Adds TextureMapperPlatformLayerProxyProvider as a PlatformLayer for the Threaded Compositor

        * platform/graphics/texmap/BitmapTextureGL.h:
        (WebCore::BitmapTextureGL::internalFormat): Adds a getter to check the
        internal format of texture to check reusability.

        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        * platform/graphics/texmap/GraphicsLayerTextureMapper.h:
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        * platform/graphics/texmap/TextureMapperLayer.h:
        Exclude GraphicsLayerTextureMapper from build when we are using Coordinated Graphics.

        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp: Added.
        * platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h: Added.
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp: Added.
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h: Added.

        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::GraphicsLayer::create):
        Because we removed GraphicsLayerTextureMapper from build, we need to add own factory function.

        (WebCore::CoordinatedGraphicsLayer::setContentsToPlatformLayer):
        (WebCore::CoordinatedGraphicsLayer::syncPlatformLayer):
        (WebCore::CoordinatedGraphicsLayer::platformLayerWillBeDestroyed):
        (WebCore::CoordinatedGraphicsLayer::setPlatformLayerNeedsDisplay):
        Implements sync operations for TextureMapperPlatformLayerProxy

2015-12-07  Gwang Yoon Hwang  <yoon@igalia.com>

        Fix GTK+ build with GStreamer GL
        https://bugs.webkit.org/show_bug.cgi?id=151939

        Reviewed by Žan Doberšek.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        (WebCore::MediaPlayerPrivateGStreamerBase::drawCallback):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

2015-12-06  Simon Fraser  <simon.fraser@apple.com>

        Show more information about SVG renderers in showLayerTree() output
        https://bugs.webkit.org/show_bug.cgi?id=151930

        Reviewed by Zalan Bujtas.
        
        In showLayerTree() output, for SVG renderers show:
        - visual and layout overflow, for boxes
        - frame rect, for boxes
        - layout state
        - class and id

        * rendering/RenderLayer.cpp:
        (WebCore::showLayerTree):
        * rendering/RenderTreeAsText.cpp:
        (WebCore::RenderTreeAsText::writeRenderObject):
        (WebCore::writeDebugInfo): New function to share dumping with svg output.
        (WebCore::write):
        * rendering/RenderTreeAsText.h:
        * rendering/svg/SVGRenderTreeAsText.cpp:
        (WebCore::writePositionAndStyle): Show the frameRect for boxes (e.g. RenderSVGRoot).
        Much more useful that showing the clippedOverflowRect.
        (WebCore::writeStandardPrefix):
        (WebCore::writeChildren):
        (WebCore::writeSVGResourceContainer):
        (WebCore::writeSVGContainer):
        (WebCore::write):
        (WebCore::writeSVGText):
        (WebCore::writeSVGInlineText):
        (WebCore::writeSVGImage):
        (WebCore::writeSVGGradientStop):
        (WebCore::writeResources):
        (WebCore::operator<<): Deleted.
        * rendering/svg/SVGRenderTreeAsText.h:

2015-12-06  Simon Fraser  <simon.fraser@apple.com>

        Clipping along compositing borders in svg-edit
        https://bugs.webkit.org/show_bug.cgi?id=151791

        Reviewed by Zalan Bujtas.
        
        RenderSVGRoot::layout() failed to clear overflow before recomputing
        visual overflow, which could cause it to get stuck with stale overflow.
        This would cause underpainting if its size went from small to large.

        Test: svg/overflow/visual-overflow-change.html

        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::layout):

2015-12-06  Simon Fraser  <simon.fraser@apple.com>

        REGRESSION (r187121): Can't get to the main content of the page at https://theintercept.com/drone-papers/
        https://bugs.webkit.org/show_bug.cgi?id=151849
        rdar://problem/23132828

        Reviewed by Zalan Bujtas.
        
        This page uses a fill-forwards animation where the last keyframe has height: auto.
        After r187121, we tried to blend the height Length value from the last keyframe to the
        first keyframe with progress=0 (which should pick up the 'auto' from the last keyframe).
        
        However, Length::blend() just considered both 0 and 'auto' to be zero, and returned
        the 0 length.
        
        So fix Length::blend() to return the "from" length if progress is zero.

        Test: animations/fill-forwards-auto-height.html

        * page/animation/CSSPropertyAnimation.cpp:
        (WebCore::blendFunc): Length::blend takes a double, so don't narrow to float.
        * page/animation/KeyframeAnimation.cpp:
        (WebCore::KeyframeAnimation::fetchIntervalEndpointsForProperty): Declare two variables
        at first use.
        * platform/Length.h:
        (WebCore::Length::blend):

2015-12-06  Simon Fraser  <simon.fraser@apple.com>

        Give SVGTransformList some inline vector capacity
        https://bugs.webkit.org/show_bug.cgi?id=151644

        Reviewed by Andreas Kling.

        Giving SVGTransformList inline capacity of one drops time under SVGTransformList::parse() by
        about 1% on http://animateplus.com/demos/stress-test/

        * svg/SVGTransformList.h:

2015-12-06  Zalan Bujtas  <zalan@apple.com>

        Addressing post-review comments on r193374.

        Reviewed by Antti Koivisto.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForText):
        (WebCore::SimpleLineLayout::canUseForFontAndText):
        (WebCore::SimpleLineLayout::canUseForStyle):
        (WebCore::SimpleLineLayout::canUseForWithReason):
        (WebCore::SimpleLineLayout::canUseFor):
        (WebCore::SimpleLineLayout::printSimpleLineLayoutBlockList):
        (WebCore::SimpleLineLayout::printSimpleLineLayoutCoverage):

2015-12-04  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove CORETEXT_WEB_FONTS
        https://bugs.webkit.org/show_bug.cgi?id=151891

        Reviewed by Simon Fraser.

        The only platform where this was turned off (Mavericks) is no longer supported.

        No new tests because there is no behavior difference.

        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::Font::platformCreateScaledFont): Deleted.
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm:
        (WebCore::FontPlatformData::registeredFont):
        (WebCore::FontPlatformData::ctFont):
        * platform/graphics/mac/FontCustomPlatformData.cpp:
        (WebCore::FontCustomPlatformData::fontPlatformData): Deleted.
        (WebCore::createFontCustomPlatformData): Deleted.
        * platform/graphics/mac/FontCustomPlatformData.h:
        (WebCore::FontCustomPlatformData::FontCustomPlatformData): Deleted.
        * platform/text/TextFlags.h:

2015-12-04  Zalan Bujtas  <zalan@apple.com>

        Garbage in page tiles when document is too long.
        https://bugs.webkit.org/show_bug.cgi?id=151906
        rdar://problem/23695858

        Reviewed by Simon Fraser.

        This patch partially fixes the broken concept(webkit.org/b/151908) of having a nearlyMax/2 sized rectangle to define infiniteness.
        (see LayoutRect::infiniteRect() and ClipRect::isInfinite())

        Covered by existing test.

        * rendering/ClipRect.h: Branch for infinite clipping.
        (WebCore::ClipRect::intersect):
        (WebCore::ClipRect::intersects):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::clipToRect): Do not clip when clipping is infinite.
        (WebCore::RenderLayer::restoreClip):
        (WebCore::RenderLayer::calculateClipRects):

2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: Add some more custom exception messages, passing some more tests.
        https://bugs.webkit.org/show_bug.cgi?id=151898

        Reviewed by Alex Christensen.

        No new tests (Some failing tests now pass).

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::objectStore):

2015-12-04  Brent Fulgham  <bfulgham@apple.com>

        Place an upper bound on canvas pixel count
        https://bugs.webkit.org/show_bug.cgi?id=151825
        <rdar://problem/23324916>

        Reviewed by Simon Fraser.

        Malformed JavaScript can attempt to create lots of canvas contexts. Limit the amount of memory
        we will use for this purpose to some percentage of system RAM.

        * html/HTMLCanvasElement.cpp:
        (WebCore::removeFromActivePixelMemory): Added helper function
        (WebCore::HTMLCanvasElement::~HTMLCanvasElement): Call new 'releaseImageBufferAndContext' method
        to ensure ImageBuffer and graphics context state are properly cleaned up.
        (WebCore::maxActivePixels): Use one quarter of the system RAM, or 1 GB (whichever is more) as
        an upper bound on active pixel memory.
        (WebCore::HTMLCanvasElement::getContext): If we are attempting to create a context that will cause
        us to exceed the allowed active pixel count, fail.
        (WebCore::HTMLCanvasElement::releaseImageBufferAndContext): Added helper function
        (WebCore::HTMLCanvasElement::setSurfaceSize): Use the new 'releaseImageBufferAndContext' method
        to handle active pixel memory counts.
        (WebCore::HTMLCanvasElement::createImageBuffer): Refuse to create a backing buffer if it will
        exceed our available pixel memory.

2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: Add some more custom exception messages, passing some more tests.
        https://bugs.webkit.org/show_bug.cgi?id=151895

        Reviewed by Alex Christensen.

        No new tests (Some failing tests now pass).

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::transaction):

        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):

2015-12-04  Jonathan Davis  <jond@apple.com>

        Update feature status for up-to-date status information.
        https://bugs.webkit.org/show_bug.cgi?id=151821

        Reviewed by Timothy Hatcher.

        * features.json:

2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: Flip test expectations around so we only list failures.
        https://bugs.webkit.org/show_bug.cgi?id=151880

        Reviewed by Alex Christensen.

        No new tests (Covered by all existing tests).

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::stop):
        (WebCore::IDBClient::IDBRequest::enqueueEvent):
        (WebCore::IDBClient::IDBRequest::dispatchEvent):
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abortDueToFailedRequest):
        (WebCore::IDBClient::IDBTransaction::hasPendingActivity):
        (WebCore::IDBClient::IDBTransaction::stop):
        (WebCore::IDBClient::IDBTransaction::enqueueEvent):
        (WebCore::IDBClient::IDBTransaction::dispatchEvent):
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::idbKeyToScriptValue): Protection against a ScriptExecutionContext that no longer has an ExecState.
          A full reworking on the binding utilities to prevent this through is covered by b/151890

2015-12-04  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Some fonts cause CTFontCopyAvailableTables() to return nullptr
        https://bugs.webkit.org/show_bug.cgi?id=151884
        <rdar://problem/23752253>

        Reviewed by Brian Burg.

        No new tests.

        * platform/graphics/opentype/OpenTypeCG.cpp:
        (WebCore::OpenType::fontHasMathTable):

2015-12-04  Jer Noble  <jer.noble@apple.com>

        Unreviewed build-fix; Add new parameter to overloaded createSession() method in MediaPlayerPrivateAVFoundationCF.

        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.cpp:
        (WebCore::CDMSessionAVFoundationCF::CDMSessionAVFoundationCF):
        * platform/graphics/avfoundation/cf/CDMSessionAVFoundationCF.h:
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
        (WebCore::MediaPlayerPrivateAVFoundationCF::createSession):
        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:

2015-12-01  Jer Noble  <jer.noble@apple.com>

        Adopt AVContentKeySession
        https://bugs.webkit.org/show_bug.cgi?id=151221

        Reviewed by Eric Carlson.

        Adopt a new API for managing key state, AVContentKeySession. Because this necessitates a change
        in both the initialization data returned by the needkey event, and passed into the createSession()
        method, bump the protocol version number (to 3), and keep supporting the old key management API
        for legacy content.

        To do so, move most of the implementation of CDMPrivateMediaSourceAVFObjC into a new subclass,
        CDMSessionAVStreamSession, and add a new subclass, CDMSessionAVContentKeySession, to support the
        new API.

        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.h:
        (WebCore::CDMPrivateMediaSourceAVFObjC::CDMPrivateMediaSourceAVFObjC): Moved to implementation file.
        * platform/graphics/avfoundation/CDMPrivateMediaSourceAVFObjC.mm:
        (WebCore::validKeySystemRE): Support "com.apple.fps.3_x".
        (WebCore::CDMPrivateMediaSourceAVFObjC::~CDMPrivateMediaSourceAVFObjC): Invalidate all outstanding sessions.
        (WebCore::CDMPrivateMediaSourceAVFObjC::supportsKeySystem): Only support "com.apple.fps.3_x" if the AVContentKeySession class is available.
        (WebCore::CDMPrivateMediaSourceAVFObjC::createSession): Create an instance of CDMSessionAVContentKeySession if "com.apple.fps.3_x" is specified and AVContentKeySession is available.
        (WebCore::CDMPrivateMediaSourceAVFObjC::invalidateSession): Remove session from the list of outstanding sessions.
        (WebCore::CDMPrivateMediaSourceAVFObjC::supportsMIMEType): Deleted.
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.h: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h.
        (WebCore::CDMSessionAVContentKeySession::hasContentKeySession): Simple accessor.
        (WebCore::toCDMSessionAVContentKeySession): Safe casting.
        * platform/graphics/avfoundation/objc/CDMSessionAVContentKeySession.mm: Added.
        (-[CDMSessionAVContentKeySessionDelegate initWithParent:]): Simple constructor.
        (-[CDMSessionAVContentKeySessionDelegate invalidate]): Remove reference to parent.
        (-[CDMSessionAVContentKeySessionDelegate contentKeySession:willProvideKeyRequestInitializationDataForTrackID:]): Pass to parent.
        (-[CDMSessionAVContentKeySessionDelegate contentKeySession:didProvideKeyRequestInitializationData:requestHandling:]): Ditto.
        (-[CDMSessionAVContentKeySessionDelegate contentKeySessionContentProtectionSessionIdentifierDidChange:]): Ditto.
        (WebCore::CDMSessionAVContentKeySession::CDMSessionAVContentKeySession): Create the delegate.
        (WebCore::CDMSessionAVContentKeySession::~CDMSessionAVContentKeySession): Invalidate the delegate and remove all parsers.
        (WebCore::CDMSessionAVContentKeySession::isAvailable): Return true if AVContentKeySession class is available.
        (WebCore::CDMSessionAVContentKeySession::generateKeyRequest): Support "keyrelease" message, setting of the certificate, and creating key request object. 
        (WebCore::CDMSessionAVContentKeySession::releaseKeys): Retrieve keys from storage location.
        (WebCore::isEqual): Compares a Uint8Array to a char*.
        (WebCore::CDMSessionAVContentKeySession::update): Support "acknowledged" message, "renew" message, and key addition.
        (WebCore::CDMSessionAVContentKeySession::addParser): Add the parser to the AVContentKeySession.
        (WebCore::CDMSessionAVContentKeySession::removeParser): Remove parser from same.
        (WebCore::CDMSessionAVContentKeySession::generateKeyReleaseMessage): Retrieve key release message from AVContentKeySession.
        (WebCore::CDMSessionAVContentKeySession::didProvideContentKeyRequest): Simple setter.
        (WebCore::CDMSessionAVContentKeySession::contentKeySession): Lazily create the AVContentKeySession.
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:
        (WebCore::CDMSessionAVFoundationObjC::CDMSessionAVFoundationObjC):
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.h: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h.
        (WebCore::toCDMSessionAVStreamSession):
        * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm: Copied from Source/WebCore/platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm.
        (-[CDMSessionAVStreamSessionObserver initWithParent:]): Moved from CDMSessionMediaSourceAVFObjcObserver.
        (-[CDMSessionAVStreamSessionObserver contentProtectionSessionIdentifierChanged:]): Ditto.
        (WebCore::CDMSessionAVStreamSession::CDMSessionAVStreamSession): Ditto.
        (WebCore::CDMSessionAVStreamSession::~CDMSessionAVStreamSession): Ditto.
        (WebCore::CDMSessionAVStreamSession::generateKeyRequest): Ditto.
        (WebCore::CDMSessionAVStreamSession::releaseKeys): Ditto.
        (WebCore::isEqual): Ditto.
        (WebCore::CDMSessionAVStreamSession::update): Ditto.
        (WebCore::CDMSessionAVStreamSession::setStreamSession): Ditto.
        (WebCore::CDMSessionAVStreamSession::addParser): Ditto.
        (WebCore::CDMSessionAVStreamSession::removeParser): Ditto.
        (WebCore::CDMSessionAVStreamSession::generateKeyReleaseMessage): Ditto.
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.h:
        (WebCore::CDMSessionMediaSourceAVFObjC::invalidateCDM): Clear the m_cdm.
        (WebCore::toCDMSessionMediaSourceAVFObjC):
        * platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:
        (WebCore::CDMSessionMediaSourceAVFObjC::CDMSessionMediaSourceAVFObjC):
        (WebCore::CDMSessionMediaSourceAVFObjC::~CDMSessionMediaSourceAVFObjC): Instruct our CDM to invalidate their references to us.
        (WebCore::CDMSessionMediaSourceAVFObjC::addSourceBuffer): Call addParser().
        (WebCore::CDMSessionMediaSourceAVFObjC::removeSourceBuffer): Call removeParser().
        (WebCore::CDMSessionMediaSourceAVFObjC::layerDidReceiveError): Deleted.
        (WebCore::CDMSessionMediaSourceAVFObjC::rendererDidReceiveError): Deleted.
        
        To give us a chance to create a CDMPrivate before we continue decoding media data, "block" further decoding
        on the background thread by creating a semaphore and passing it to the main thread, to be triggered when
        a CDM is created and attached to this source buffer.

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
        (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
        (WebCore::SourceBufferPrivateAVFObjC::willProvideContentKeyRequestInitializationDataForTrackID):
        (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID):
        (WebCore::SourceBufferPrivateAVFObjC::setCDMSession):
        (-[WebAVStreamDataParserListener streamDataParserWillProvideContentKeyRequestInitializationData:forTrackID:]): Deleted.
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

        Drive-by fix: Only throw an error from keyRequestTimerFired() if the underlying call to
        generateKeyRequest() returned an error, rather than just failed to create a message.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::keyRequestTimerFired):

        Drive-by fix: Pass the CDMSessionClient into CDM::createSession() so that it is immediately available
        in the CDMSessionPrivate constructor, rather than setting the client immediately after construction.

        * Modules/encryptedmedia/CDM.cpp:
        (WebCore::CDM::createSession):
        * Modules/encryptedmedia/CDM.h:
        * Modules/encryptedmedia/CDMPrivate.h:
        * Modules/encryptedmedia/CDMPrivateClearKey.cpp:
        (WebCore::CDMPrivateClearKey::createSession):
        * Modules/encryptedmedia/CDMPrivateClearKey.h:
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.cpp:
        (WebCore::CDMPrivateMediaPlayer::createSession):
        * Modules/encryptedmedia/CDMPrivateMediaPlayer.h:
        * Modules/encryptedmedia/CDMSessionClearKey.cpp:
        (WebCore::CDMSessionClearKey::CDMSessionClearKey):
        * Modules/encryptedmedia/CDMSessionClearKey.h:
        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::MediaKeySession):
        * platform/graphics/CDMSession.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::createSession):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::createSession):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createSession):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::cdmSession):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setCDMSession):
        (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::keyNeeded): Deleted.
        * testing/MockCDM.cpp:
        (WebCore::MockCDM::createSession):
        (WebCore::MockCDMSession::MockCDMSession):
        * testing/MockCDM.h:

        Add new files to the project:

        * WebCore.xcodeproj/project.pbxproj:


2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-update.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151879

        Reviewed by Oliver Hunt.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::IDBRequest):

2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/version-change-exclusive.html fails
        https://bugs.webkit.org/show_bug.cgi?id=151870

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/double-open.html
              storage/indexeddb/version-change-exclusive.html

        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection): Delay handling open operations
          while the first is still in progress.
        (WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-12-04  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/exceptions.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151732

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        - Lots of customized exception messages for IDB code to match the text expectations.
        - Updates to the test expectations where we can't/won't match them exactly.
        - And a couple of little required behavior changes exposed by the test

        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBCursor.idl:
        * Modules/indexeddb/IDBDatabase.h:
        * Modules/indexeddb/IDBDatabase.idl:
        * Modules/indexeddb/IDBDatabaseException.cpp:
        (WebCore::IDBDatabaseException::initializeDescription):
        * Modules/indexeddb/IDBFactory.h:
        * Modules/indexeddb/IDBFactory.idl:
        * Modules/indexeddb/IDBIndex.h:
        * Modules/indexeddb/IDBIndex.idl:
        * Modules/indexeddb/IDBObjectStore.h:
        * Modules/indexeddb/IDBObjectStore.idl:
        * Modules/indexeddb/IDBRequest.h:
        * Modules/indexeddb/IDBRequest.idl:
        * Modules/indexeddb/IDBTransaction.h:
        * Modules/indexeddb/IDBTransaction.idl:
        
        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::update):
        (WebCore::IDBClient::IDBCursor::advance):
        (WebCore::IDBClient::IDBCursor::continueFunction):
        (WebCore::IDBClient::IDBCursor::deleteFunction):
        * Modules/indexeddb/client/IDBCursorImpl.h:
        
        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::createObjectStore):
        (WebCore::IDBClient::IDBDatabase::transaction):
        (WebCore::IDBClient::IDBDatabase::deleteObjectStore):
        * Modules/indexeddb/client/IDBDatabaseImpl.h:
        
        * Modules/indexeddb/client/IDBFactoryImpl.cpp:
        (WebCore::IDBClient::IDBFactory::cmp):
        * Modules/indexeddb/client/IDBFactoryImpl.h:
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::openCursor):
        (WebCore::IDBClient::IDBIndex::count):
        (WebCore::IDBClient::IDBIndex::doCount):
        (WebCore::IDBClient::IDBIndex::openKeyCursor):
        (WebCore::IDBClient::IDBIndex::get):
        (WebCore::IDBClient::IDBIndex::doGet):
        (WebCore::IDBClient::IDBIndex::getKey):
        (WebCore::IDBClient::IDBIndex::doGetKey):
        * Modules/indexeddb/client/IDBIndexImpl.h:
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::openCursor):
        (WebCore::IDBClient::IDBObjectStore::get):
        (WebCore::IDBClient::IDBObjectStore::add):
        (WebCore::IDBClient::IDBObjectStore::put):
        (WebCore::IDBClient::IDBObjectStore::putForCursorUpdate):
        (WebCore::IDBClient::IDBObjectStore::putOrAdd):
        (WebCore::IDBClient::IDBObjectStore::deleteFunction):
        (WebCore::IDBClient::IDBObjectStore::clear):
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        (WebCore::IDBClient::IDBObjectStore::count):
        (WebCore::IDBClient::IDBObjectStore::doCount):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::result):
        (WebCore::IDBClient::IDBRequest::error):
        * Modules/indexeddb/client/IDBRequestImpl.h:

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::objectStore):
        (WebCore::IDBClient::IDBTransaction::abortDueToFailedRequest):
        (WebCore::IDBClient::IDBTransaction::abort):
        * Modules/indexeddb/client/IDBTransactionImpl.h:

        * Modules/indexeddb/legacy/LegacyCursor.cpp:
        (WebCore::LegacyCursor::update):
        (WebCore::LegacyCursor::continueFunction):
        (WebCore::LegacyCursor::deleteFunction):
        * Modules/indexeddb/legacy/LegacyCursor.h:

        * Modules/indexeddb/legacy/LegacyDatabase.cpp:
        (WebCore::LegacyDatabase::createObjectStore):
        (WebCore::LegacyDatabase::deleteObjectStore):
        (WebCore::LegacyDatabase::transaction):
        (WebCore::LegacyDatabase::forceClose):
        * Modules/indexeddb/legacy/LegacyDatabase.h:

        * Modules/indexeddb/legacy/LegacyFactory.cpp:
        (WebCore::LegacyFactory::cmp):
        * Modules/indexeddb/legacy/LegacyFactory.h:

        * Modules/indexeddb/legacy/LegacyIndex.cpp:
        (WebCore::LegacyIndex::openCursor):
        (WebCore::LegacyIndex::count):
        (WebCore::LegacyIndex::openKeyCursor):
        (WebCore::LegacyIndex::get):
        (WebCore::LegacyIndex::getKey):
        * Modules/indexeddb/legacy/LegacyIndex.h:

        * Modules/indexeddb/legacy/LegacyObjectStore.cpp:
        (WebCore::LegacyObjectStore::get):
        (WebCore::LegacyObjectStore::add):
        (WebCore::LegacyObjectStore::put):
        (WebCore::LegacyObjectStore::deleteFunction):
        (WebCore::LegacyObjectStore::clear):
        (WebCore::LegacyObjectStore::createIndex):
        (WebCore::LegacyObjectStore::index):
        (WebCore::LegacyObjectStore::deleteIndex):
        (WebCore::LegacyObjectStore::openCursor):
        (WebCore::LegacyObjectStore::count):
        * Modules/indexeddb/legacy/LegacyObjectStore.h:
        (WebCore::LegacyObjectStore::createIndex):
        (WebCore::LegacyObjectStore::count):

        * Modules/indexeddb/legacy/LegacyRequest.cpp:
        (WebCore::LegacyRequest::result):
        (WebCore::LegacyRequest::error):
        (WebCore::LegacyRequest::dispatchEvent):
        (WebCore::LegacyRequest::uncaughtExceptionInEventHandler):
        * Modules/indexeddb/legacy/LegacyRequest.h:

        * Modules/indexeddb/legacy/LegacyTransaction.cpp:
        (WebCore::LegacyTransaction::objectStore):
        (WebCore::LegacyTransaction::abort):
        (WebCore::LegacyTransaction::stop):
        * Modules/indexeddb/legacy/LegacyTransaction.h:

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::createDOMException): For IDBDatabase exceptions, use createWithDescriptionAsMessage

        * bindings/js/JSIDBDatabaseCustom.cpp:
        (WebCore::JSIDBDatabase::createObjectStore):
        (WebCore::JSIDBDatabase::transaction):

        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::putOrAdd):
        (WebCore::JSIDBObjectStore::createIndex):

        * dom/DOMCoreException.h:
        (WebCore::DOMCoreException::createWithDescriptionAsMessage): Create an exception whose message
          is the description.
        (WebCore::DOMCoreException::DOMCoreException):

        * dom/ExceptionBase.cpp:
        (WebCore::ExceptionBase::ExceptionBase): Add a flag to determine where the message comes from
        * dom/ExceptionBase.h:

        * dom/make_dom_exceptions.pl:
        (generateHeader): Add an IDBDatabaseException type

        * inspector/InspectorIndexedDBAgent.cpp:

2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove untested and unused Worker inspection
        https://bugs.webkit.org/show_bug.cgi?id=151848

        Reviewed by Brian Burg.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSBindingsAllInOne.cpp:
        * bindings/js/WorkerScriptController.cpp:
        * bindings/js/WorkerScriptDebugServer.cpp: Removed.
        * bindings/js/WorkerScriptDebugServer.h: Removed.
        * inspector/InspectorAllInOne.cpp:
        * inspector/InspectorConsoleInstrumentation.h:
        (WebCore::InspectorInstrumentation::addMessageToConsole):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController): Deleted.
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::shouldPauseDedicatedWorkerOnStartImpl): Deleted.
        (WebCore::InspectorInstrumentation::didStartWorkerGlobalScopeImpl): Deleted.
        (WebCore::InspectorInstrumentation::willEvaluateWorkerScript): Deleted.
        (WebCore::InspectorInstrumentation::workerGlobalScopeTerminatedImpl): Deleted.
        (WebCore::InspectorInstrumentation::instrumentingAgentsForWorkerGlobalScope): Deleted.
        (WebCore::InspectorInstrumentation::instrumentingAgentsForNonDocumentContext): Deleted.
        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::instrumentingAgentsForContext):
        (WebCore::InspectorInstrumentation::shouldPauseDedicatedWorkerOnStart): Deleted.
        (WebCore::InspectorInstrumentation::didStartWorkerGlobalScope): Deleted.
        (WebCore::InspectorInstrumentation::workerGlobalScopeTerminated): Deleted.
        * inspector/InspectorTimelineAgent.h:
        * inspector/InspectorWebAgentBase.h:
        (WebCore::WorkerAgentContext::WorkerAgentContext): Deleted.
        * inspector/InspectorWorkerAgent.cpp: Removed.
        * inspector/InspectorWorkerAgent.h: Removed.
        * inspector/InspectorWorkerResource.h: Removed.
        * inspector/InstrumentingAgents.cpp:
        (WebCore::InstrumentingAgents::reset): Deleted.
        * inspector/InstrumentingAgents.h:
        (WebCore::InstrumentingAgents::workerRuntimeAgent): Deleted.
        (WebCore::InstrumentingAgents::setWorkerRuntimeAgent): Deleted.
        (WebCore::InstrumentingAgents::inspectorWorkerAgent): Deleted.
        (WebCore::InstrumentingAgents::setInspectorWorkerAgent): Deleted.
        * inspector/PageConsoleAgent.h:
        * inspector/PageScriptDebugServer.cpp:
        (WebCore::PageScriptDebugServer::PageScriptDebugServer):
        * inspector/WorkerConsoleAgent.cpp: Removed.
        * inspector/WorkerConsoleAgent.h: Removed.
        * inspector/WorkerDebuggerAgent.cpp: Removed.
        * inspector/WorkerDebuggerAgent.h: Removed.
        * inspector/WorkerInspectorController.cpp: Removed.
        * inspector/WorkerInspectorController.h: Removed.
        * inspector/WorkerRuntimeAgent.cpp: Removed.
        * inspector/WorkerRuntimeAgent.h: Removed.
        * workers/Worker.cpp:
        (WebCore::Worker::notifyFinished): Deleted.
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Deleted.
        (WebCore::WorkerGlobalScope::~WorkerGlobalScope): Deleted.
        * workers/WorkerGlobalScope.h:
        (WebCore::WorkerGlobalScope::workerInspectorController): Deleted.
        * workers/WorkerGlobalScopeProxy.h:
        (WebCore::WorkerGlobalScopeProxy::PageInspector::~PageInspector): Deleted.
        (WebCore::WorkerGlobalScopeProxy::connectToInspector): Deleted.
        (WebCore::WorkerGlobalScopeProxy::disconnectFromInspector): Deleted.
        (WebCore::WorkerGlobalScopeProxy::sendMessageToInspector): Deleted.
        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::WorkerMessagingProxy): Deleted.
        (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Deleted.
        (WebCore::WorkerMessagingProxy::connectToInspector): Deleted.
        (WebCore::WorkerMessagingProxy::disconnectFromInspector): Deleted.
        (WebCore::WorkerMessagingProxy::sendMessageToInspector): Deleted.
        (WebCore::WorkerMessagingProxy::workerGlobalScopeDestroyedInternal): Deleted.
        (WebCore::WorkerMessagingProxy::terminateWorkerGlobalScope): Deleted.
        (WebCore::WorkerMessagingProxy::postMessageToPageInspector): Deleted.
        * workers/WorkerMessagingProxy.h:
        * workers/WorkerReportingProxy.h:
        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::workerThread): Deleted.

2015-12-03  Sergio Villar Senin  <svillar@igalia.com>

        [css-grid] Fix height computation of grid items with borders inside fr tracks
        https://bugs.webkit.org/show_bug.cgi?id=151798

        Reviewed by Zalan Bujtas.

        Since r192154 we run a second pass of the track sizing
        algorithm whenever the height of the grid is indefinite in
        order to properly compute row sizes. The available space
        passed to the track sizing algorithm must not contain neither
        borders nor paddings, otherwise it will think that it has more
        space available than the existing one. We should use the
        height of the content box instead.

        Test: fast/css-grid-layout/grid-item-with-border-in-fr.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutBlock):

2015-12-03  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-index-delete.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151847

        Reviewed by Andy Estes.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::MemoryIndexCursor):
        (WebCore::IDBServer::MemoryIndexCursor::currentData):

2015-12-03  Gyuyoung Kim  <gyuyoung.kim@webkit.org>

        Reduce uses of PassRefPtr in DOM - 1
        https://bugs.webkit.org/show_bug.cgi?id=149788

        Reviewed by Darin Adler.

        As a step to purge PassRefPtr, this patch reduces the uses in WebCore/dom.

        * dom/ChildListMutationScope.cpp:
        (WebCore::ChildListMutationAccumulator::getOrCreate):
        * dom/ChildListMutationScope.h:
        * dom/ClipboardEvent.cpp:
        (WebCore::ClipboardEvent::ClipboardEvent):
        * dom/ClipboardEvent.h:
        * dom/CompositionEvent.cpp:
        (WebCore::CompositionEvent::CompositionEvent):
        (WebCore::CompositionEvent::initCompositionEvent):
        * dom/CompositionEvent.h:
        * dom/DOMNamedFlowCollection.cpp:
        (WebCore::DOMNamedFlowCollection::item):
        * dom/DOMNamedFlowCollection.h:
        * dom/DOMStringList.h:
        * dom/DeviceMotionController.cpp:
        (WebCore::DeviceMotionController::getLastEvent):
        * dom/DeviceMotionController.h:
        * dom/DeviceOrientationController.cpp:
        (WebCore::DeviceOrientationController::getLastEvent):
        * dom/DeviceOrientationController.h:
        * editing/Editor.cpp:
        (WebCore::Editor::dispatchCPPEvent):
        * page/DeviceController.h:
        (WebCore::DeviceController::getLastEvent):

2015-12-03  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Remove the use of GraphicsContextStateSaver from RenderLayer::paintLayerByApplyingTransform
        https://bugs.webkit.org/show_bug.cgi?id=151829

        Reviewed by Simon Fraser.

        Set the CTM of the GraphicsContext to its original value before changing
        it. This is a lot cheaper than using GraphicsContextStateSaver to save the
        whole state of the GraphicsContext and restore it back;

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):

2015-12-03  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Update MediaStreamTrack.getCapabilities
        https://bugs.webkit.org/show_bug.cgi?id=151728

        Reviewed by Jer Noble.

        Test: fast/mediastream/MediaStreamTrack-getCapabilities.html

        * CMakeLists.txt: Remove files deleted from the repository.

        * DerivedSources.make: Ditto.

        * Modules/mediastream/AllAudioCapabilities.h: Removed.
        * Modules/mediastream/AllAudioCapabilities.idl: Removed.
        * Modules/mediastream/AllVideoCapabilities.h: Removed.
        * Modules/mediastream/AllVideoCapabilities.idl: Removed.
        * Modules/mediastream/CapabilityRange.cpp: Removed.
        * Modules/mediastream/CapabilityRange.h: Removed.
        * Modules/mediastream/CapabilityRange.idl: Removed.

        * Modules/mediastream/MediaSourceSettings.h:
        (WebCore::MediaSourceSettings::supportsVolume): Volume is a double.
        (WebCore::MediaSourceSettings::volume): Double.

        * Modules/mediastream/MediaStreamCapabilities.cpp: Removed.
        * Modules/mediastream/MediaStreamCapabilities.h: Removed.
        * Modules/mediastream/MediaStreamCapabilities.idl: Removed.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getCapabilities): MediaStreamCapabilities is gone, return a RealtimeMediaSourceCapabilities.
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/MediaStreamTrack.idl:

        * WebCore.xcodeproj/project.pbxproj: Remove files deleted from the repository.
        * bindings/js/JSMediaStreamTrackCustom.cpp:
        (WebCore::capabilityValue):
        (WebCore::JSMediaStreamTrack::getCapabilities): Create and return a dictionary of capatilities.

        * platform/mediastream/RealtimeMediaSourceCapabilities.h:
        (WebCore::CapabilityValueOrRange::type):
        (WebCore::CapabilityValueOrRange::CapabilityValueOrRange):
        (WebCore::CapabilityValueOrRange::rangeMin):
        (WebCore::CapabilityValueOrRange::rangeMax):
        (WebCore::CapabilityValueOrRange::value):
        (WebCore::RealtimeMediaSourceCapabilities::create):
        (WebCore::RealtimeMediaSourceCapabilities::~RealtimeMediaSourceCapabilities):
        (WebCore::RealtimeMediaSourceCapabilities::supportsWidth):
        (WebCore::RealtimeMediaSourceCapabilities::width):
        (WebCore::RealtimeMediaSourceCapabilities::setWidth):
        (WebCore::RealtimeMediaSourceCapabilities::supportsHeight):
        (WebCore::RealtimeMediaSourceCapabilities::height):
        (WebCore::RealtimeMediaSourceCapabilities::setHeight):
        (WebCore::RealtimeMediaSourceCapabilities::supportsFrameRate):
        (WebCore::RealtimeMediaSourceCapabilities::frameRate):
        (WebCore::RealtimeMediaSourceCapabilities::setFrameRate):
        (WebCore::RealtimeMediaSourceCapabilities::supportsFacingMode):
        (WebCore::RealtimeMediaSourceCapabilities::facingMode):
        (WebCore::RealtimeMediaSourceCapabilities::addFacingMode):
        (WebCore::RealtimeMediaSourceCapabilities::supportsAspectRatio):
        (WebCore::RealtimeMediaSourceCapabilities::aspectRatio):
        (WebCore::RealtimeMediaSourceCapabilities::setAspectRatio):
        (WebCore::RealtimeMediaSourceCapabilities::supportsVolume):
        (WebCore::RealtimeMediaSourceCapabilities::volume):
        (WebCore::RealtimeMediaSourceCapabilities::setVolume):
        (WebCore::RealtimeMediaSourceCapabilities::supportsSampleRate):
        (WebCore::RealtimeMediaSourceCapabilities::sampleRate):
        (WebCore::RealtimeMediaSourceCapabilities::setSampleRate):
        (WebCore::RealtimeMediaSourceCapabilities::supportsSampleSize):
        (WebCore::RealtimeMediaSourceCapabilities::sampleSize):
        (WebCore::RealtimeMediaSourceCapabilities::setSampleSize):
        (WebCore::RealtimeMediaSourceCapabilities::supportsEchoCancellation):
        (WebCore::RealtimeMediaSourceCapabilities::echoCancellation):
        (WebCore::RealtimeMediaSourceCapabilities::setEchoCancellation):
        (WebCore::RealtimeMediaSourceCapabilities::supportsDeviceId):
        (WebCore::RealtimeMediaSourceCapabilities::deviceId):
        (WebCore::RealtimeMediaSourceCapabilities::setDeviceId):
        (WebCore::RealtimeMediaSourceCapabilities::supportsGroupId):
        (WebCore::RealtimeMediaSourceCapabilities::groupId):
        (WebCore::RealtimeMediaSourceCapabilities::setGroupId):
        (WebCore::RealtimeMediaSourceCapabilities::RealtimeMediaSourceCapabilities):
        (WebCore::RealtimeMediaSourceCapabilityRange::RealtimeMediaSourceCapabilityRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilityRange::min): Deleted.
        (WebCore::RealtimeMediaSourceCapabilityRange::max): Deleted.
        (WebCore::RealtimeMediaSourceCapabilityRange::type): Deleted.
        (WebCore::RealtimeMediaSourceCapabilityRange::supported): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::sourceId): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setSourceId): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::facingModes): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setWidthRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setHeightRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setFrameRateRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setAspectRatioRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setVolumeRange): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::hasVideoSource): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setHasVideoSource): Deleted.

        * platform/mediastream/RealtimeMediaSourceSettings.h:
        (WebCore::RealtimeMediaSourceSettings::volume): Volume is a double.
        (WebCore::RealtimeMediaSourceSettings::setVolume): Ditt.

        * platform/mediastream/mac/AVAudioCaptureSource.mm:
        (WebCore::AVAudioCaptureSource::initializeCapabilities): Initialize volume capability.

        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::capabilities): RealtimeMediaSourceCapabilities constructor takes
          supportedConstraints. sourceId -> deviceId.

        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::initializeCapabilities): DeviceId is set by the base class.

        * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm: Drive-by cleanup, remove unused code.

        * platform/mock/MockRealtimeAudioSource.cpp:
        (WebCore::MockRealtimeAudioSource::initializeCapabilities): Updated.
        (WebCore::MockRealtimeAudioSource::initializeSupportedConstraints): Ditto.

        * platform/mock/MockRealtimeMediaSource.cpp:
        (WebCore::MockRealtimeMediaSource::capabilities): sourceId -> deviceId.

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::initializeCapabilities): Updated.
        (WebCore::MockRealtimeVideoSource::initializeSupportedConstraints): Ditto.

2015-12-03  Simon Fraser  <simon.fraser@apple.com>

        Have layer memory use consult the backing store format
        https://bugs.webkit.org/show_bug.cgi?id=151827
        rdar://problem/23746497

        Reviewed by Dean Jackson.
        
        When computing the backing store memory size, take the pixel format into account,
        rather than assuming 4 bytes per pixel.

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        * platform/graphics/ca/PlatformCALayer.h:

2015-12-03  Anders Carlsson  <andersca@apple.com>

        Remove Objective-C GC support
        https://bugs.webkit.org/show_bug.cgi?id=151819
        rdar://problem/23746991

        Reviewed by Dan Bernstein.

        * Configurations/Base.xcconfig:
        * bindings/objc/WebScriptObject.mm:
        (+[WebScriptObject initialize]): Deleted.
        (-[WebScriptObject finalize]): Deleted.
        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        * bindings/scripts/test/ObjC/DOMTestActiveDOMObject.mm:
        (-[DOMTestActiveDOMObject finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestCallback.mm:
        (-[DOMTestCallback finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestCallbackFunction.mm:
        (-[DOMTestCallbackFunction finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestCustomConstructorWithNoInterfaceObject.mm:
        (-[DOMTestCustomConstructorWithNoInterfaceObject finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestCustomNamedGetter.mm:
        (-[DOMTestCustomNamedGetter finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestEventConstructor.mm:
        (-[DOMTestEventConstructor finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestEventTarget.mm:
        (-[DOMTestEventTarget finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestException.mm:
        (-[DOMTestException finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestGenerateIsReachable.mm:
        (-[DOMTestGenerateIsReachable finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestInterface.mm:
        (-[DOMTestInterface finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestJSBuiltinConstructor.mm:
        (-[DOMTestJSBuiltinConstructor finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestMediaQueryListListener.mm:
        (-[DOMTestMediaQueryListListener finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestNamedConstructor.mm:
        (-[DOMTestNamedConstructor finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestNondeterministic.mm:
        (-[DOMTestNondeterministic finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestOverloadedConstructors.mm:
        (-[DOMTestOverloadedConstructors finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestOverrideBuiltins.mm:
        (-[DOMTestOverrideBuiltins finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestSerializedScriptValueInterface.mm:
        (-[DOMTestSerializedScriptValueInterface finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMTestTypedefs.mm:
        (-[DOMTestTypedefs finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMattribute.mm:
        (-[DOMattribute finalize]): Deleted.
        * bindings/scripts/test/ObjC/DOMreadonly.mm:
        (-[DOMreadonly finalize]): Deleted.
        * bridge/objc/objc_instance.mm:
        (ObjcInstance::virtualBegin):
        (allocateAutoReleasePool): Deleted.
        * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
        * platform/mac/SharedBufferMac.mm:
        (+[WebCoreSharedBufferData initialize]): Deleted.
        (-[WebCoreSharedBufferData finalize]): Deleted.
        * platform/mac/WebCoreObjCExtras.h:
        (WebCoreObjCFinalizeOnMainThread): Deleted.

2015-12-03  Zalan Bujtas  <zalan@apple.com>

        Simple line layout: Print out simple line layout statistics for the current page from command line.
        https://bugs.webkit.org/show_bug.cgi?id=151806

        Reviewed Simon Fraser.

        com.apple.WebKit.showSimpleLineLayoutCoverage prints out a coverage summary of the current page,
        while com.apple.WebKit.showSimpleLineLayoutReasons lists the non-simple line layout blocks including the reasons why
        they are not covered.

        No change in functionality.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::canUseForText):
        (WebCore::SimpleLineLayout::canUseForFontAndText):
        (WebCore::SimpleLineLayout::canUseForStyle):
        (WebCore::SimpleLineLayout::canUseForWithReason):
        (WebCore::SimpleLineLayout::canUseFor):
        (WebCore::SimpleLineLayout::printReason):
        (WebCore::SimpleLineLayout::printReasons):
        (WebCore::SimpleLineLayout::printTextForSubtree):
        (WebCore::SimpleLineLayout::textLengthForSubtree):
        (WebCore::SimpleLineLayout::collectNonEmptyLeafRenderBlockFlows):
        (WebCore::SimpleLineLayout::collectNonEmptyLeafRenderBlockFlowsForCurrentPage):
        (WebCore::SimpleLineLayout::printSimpleLineLayoutBlockList):
        (WebCore::SimpleLineLayout::printSimpleLineLayoutCoverage):

2015-12-03  Jonathan Davis  <jond@apple.com>

        Add WebCrypto to status page
        https://bugs.webkit.org/show_bug.cgi?id=151760

        Reviewed by Timothy Hatcher.

        * features.json:

2015-12-03  Keith Rollin  <krollin@apple.com>

        [Win] fast/forms/HTMLOptionElement_label03.html failing on win7
        https://bugs.webkit.org/show_bug.cgi?id=150909
        rdar://problem/23539673

        Reviewed by Darin Adler.

        When returning text to be displayed, an <option> element will return
        the value of a label attribute if it exists, or the text content as a
        fallback. The failing test concerned the display of a <select>
        element when it contained a sole <option> element that had a label
        attribute set to a single space. When displayed, various
        platform-specific bits of code will strip off the leading and trailing
        whitespace. However, when WebKit would use this text to measure how
        wide the <select> popup menu button should be, it would not strip off
        spaces, leading to the calculated width being wider than necessary.
        The approach taken to fix this is to strip whitespace in the label
        attribute before it is returned from the <option> element.

        No new tests. fast/forms/HTMLOptionElement_label03.html had been
        marked as being expected to fail in TestExpectations; that test now
        succeeds.

        * html/HTMLOptionElement.cpp:
        (WebCore::HTMLOptionElement::label):

2015-12-03  Sam Weinig  <sam@webkit.org>

        Try to fix the Windows build.

        * bindings/js/JSWorkerGlobalScopeBase.cpp:
        (WebCore::JSWorkerGlobalScopeBase::javaScriptRuntimeFlags):
        (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):

2015-12-03  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-advance.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151731

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/IDBCursor.h:
        * Modules/indexeddb/IDBCursor.idl:
        
        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::advance): Return a custom exception message for TypeError.
        * Modules/indexeddb/client/IDBCursorImpl.h:
        
        * Modules/indexeddb/legacy/LegacyCursor.cpp:
        (WebCore::LegacyCursor::advance):
        * Modules/indexeddb/legacy/LegacyCursor.h:
        
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::createDOMException):
        (WebCore::setDOMException):
        * bindings/js/JSDOMBinding.h:
        
        * bindings/scripts/IDLAttributes.txt:
        
        * inspector/InspectorIndexedDBAgent.cpp:

2015-12-03  Brent Fulgham  <bfulgham@apple.com>

        Allow JavaScript to iterate over plugins for local files
        https://bugs.webkit.org/show_bug.cgi?id=151783
        <rdar://problem/23692113>

        Reviewed by Alexey Proskuryakov.

        Test: http/tests/plugins/plugin-javascript-access.html
              plugins/plugin-javascript-access.html

        * page/Page.cpp:
        (WebCore::Page::showAllPlugins): True if we set the debugging flag to show
        all plugins, or if the document's origin is from a local file.
        * page/Page.h:

2015-12-03  Jer Noble  <jer.noble@apple.com>

        Unreviewed build-fix; missing include.

        * html/HTMLVideoElement.cpp:

2015-12-03  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/cursor-skip-deleted.html crashes.
        https://bugs.webkit.org/show_bug.cgi?id=151794

        Reviewed by Alex Christensen.

        STL reverse_iterators are a tricky beast.
        
        They are implemented in terms of a normal forward iterator (called the "base" iterator),
        and they decrement a copy of that iterator when dereferenced.
            
        So when monitoring deletes from  a std::set to check if we should invalidate our current 
        reverse_iterator, we were incorrectly comparing the deleted key to the value pointed by the
        reverse_iterator instead of its base iterator.
        
        Since the iterators in question are bidirectional, anyways, we can just use a single iterator
        and either increment or decrement it as needed.
        
        No new tests (At least one failing (crashing) test now passes).

        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::objectStoreCleared):
        (WebCore::IDBServer::MemoryObjectStoreCursor::keyDeleted):
        (WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setFirstInRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setForwardIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::setReverseIteratorFromRemainingRange):
        (WebCore::IDBServer::MemoryObjectStoreCursor::currentData):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementForwardIterator):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):
        (WebCore::IDBServer::MemoryObjectStoreCursor::iterate):
        (WebCore::IDBServer::MemoryObjectStoreCursor::firstForwardIteratorInRemainingRange): Deleted.
        (WebCore::IDBServer::MemoryObjectStoreCursor::firstReverseIteratorInRemainingRange): Deleted.
        (WebCore::IDBServer::MemoryObjectStoreCursor::hasIterators): Deleted.
        (WebCore::IDBServer::MemoryObjectStoreCursor::hasValidPosition): Deleted.
        (WebCore::IDBServer::MemoryObjectStoreCursor::clearIterators): Deleted.
        * Modules/indexeddb/server/MemoryObjectStoreCursor.h:

2015-12-03  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Main thread can block when session is destroyed.
        https://bugs.webkit.org/show_bug.cgi?id=151803

        Reviewed by Alex Christensen.

        Set flag to make sure that the scheduler thread stops when the session ends.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::VideoScheduler::stopScheduler):
        (WebCore::MediaPlayerPrivateMediaFoundation::VideoScheduler::processSamplesInQueue):
        (WebCore::MediaPlayerPrivateMediaFoundation::VideoScheduler::schedulerThreadProcPrivate):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
        (WebCore::MediaPlayerPrivateMediaFoundation::VideoScheduler::stopThread):

2015-12-03  Jer Noble  <jer.noble@apple.com>

        [iOS] Fullscreen -> PiP should resume to Fullscreen, not inline
        https://bugs.webkit.org/show_bug.cgi?id=150906

        Reviewed by Simon Fraser.

        When restoring the user interface when exiting PiP, we should return to Fullscreen if that
        is where fullscreen was initiated from. Additionally, when we "auto-PiP" by backgrounding the
        app in Fullscreen mode, we should "auto-un-PiP" when restoring the application to foreground.

        Rather than have a separate method to request exiting fullscreen, entering standard fullscreen,
        and switching to & from PiP, add a new method setFullscreenMode() which does all three.

        * html/HTMLVideoElement.cpp:
        (WebCore::presentationModeToFullscreenMode):
        (WebCore::HTMLVideoElement::webkitSetPresentationMode):
        (WebCore::HTMLVideoElement::setFullscreenMode):
        * html/HTMLVideoElement.h:

        Add methods to for clients to request a specific fullscreen mode, and to query whether
        the page is currently visible.

        * platform/ios/WebVideoFullscreenControllerAVKit.mm:
        (WebVideoFullscreenControllerContext::requestFullscreenMode):
        (WebVideoFullscreenControllerContext::isVisible):
        (WebVideoFullscreenControllerContext::requestExitFullscreen): Deleted.
        * platform/ios/WebVideoFullscreenModel.h:
        * platform/ios/WebVideoFullscreenModelVideoElement.h:
        * platform/ios/WebVideoFullscreenModelVideoElement.mm:
        (WebVideoFullscreenModelVideoElement::requestFullscreenMode):
        (WebVideoFullscreenModelVideoElement::isVisible):
        (WebVideoFullscreenModelVideoElement::requestExitFullscreen): Deleted.

        Track whether returning from PiP should enter fullscreen, or whether foregrounding the app
        should cause PiP to return to fullscreen.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.h:
        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (-[WebAVPlayerLayer layoutSublayers]): Renamed from -setBounds:. -layoutSublayers is called
            more consistently than -setBounds:, including when a sublayer is added to the layer.
        (WebAVPlayerLayerView_stopRoutingVideoToPictureInPicturePlayerLayerView): The PiP WebAVPlayerLayer's
            modelVideoLayerFrame property may have been modified, so pass it back up to the fullscreen
            layer when exiting PiP.
        (WebVideoFullscreenInterfaceAVKit::applicationDidBecomeActive): Request fullscreen if we auto-PiPed.
        (WebVideoFullscreenInterfaceAVKit::setupFullscreen): Only recreate owned objects if they did not already exist.
        (WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): If we are in PiP mode, enter fullscreen by stopping PiP.
        (WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): requestExitFullscreen() -> requestFullscreenMode().
        (WebVideoFullscreenInterfaceAVKit::willStartPictureInPicture): Animate out the fullscreen window, if exiting Fullscreen -> PiP.
        (WebVideoFullscreenInterfaceAVKit::didStartPictureInPicture): Set m_shouldReturnToFullscreenAfterEnteringForeground if we auto-PiPed.
        (WebVideoFullscreenInterfaceAVKit::failedToStartPictureInPicture): requestExitFullscreen() -> requestFullscreenMode().
        (WebVideoFullscreenInterfaceAVKit::willStopPictureInPicture): If we are returning from PiP -> Fullscreen, do not hide the fullscreen window.
        (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture): If we are returning from PiP -> Fullscreen, show the controls and notify clients.
        (WebVideoFullscreenInterfaceAVKit::prepareForPictureInPictureStopWithCompletionHandler): Animate in the fullscreen window, if returning from PiP -> Fullscreen.
        (WebVideoFullscreenInterfaceAVKit::shouldExitFullscreenWithReason): Set m_shouldReturnToFullscreenWhenStoppingPiP if we are entering PiP from Fullscreen.
        * platform/spi/cocoa/AVKitSPI.h:

2015-12-02  Sam Weinig  <sam@webkit.org>

        Promise callbacks should be called at microtask checkpoints
        https://bugs.webkit.org/show_bug.cgi?id=147933

        Reviewed by Chris Dumez.

        - Re-names MicroTaskQueue and MicroTask to MicrotaskQueue and Microtask to match the spec language.
        - Re-implements MicrotaskQueue and Microtask support suspended Microtasks (via the new KeepInQueue
          result value a Microtask can have when running) and correct behavior when Microtasks are added to
          the queue during a Microtask checkpoint.
        - MicrotaskQueue now has a mainThreadQueue() static function, replacing the old singleton() function,
          which can be used for the Document (non-Worker) Microtasks. For Workers, the a MicrotaskQueue 
          can be separately allocated for each WorkerGlobalScope (though this was not done in this change).
        - Adds a helper subclass of Microtask, ActiveDOMCallbackMicrotask, for Microtasks that are
          per-ScriptExecutationContext, and need to act as ActiveDOMCallbacks.
        - Re-implement Document (non-Worker) Promises on top of ActiveDOMCallbackMicrotask.
        - Re-implement MutationObserver delivery on top of Microtask.

        Layout Test:
            fast/dom/microtask-promise-mutation-observer-order.html

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/DOMAllInOne.cpp:
        Add new files.

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
        Switch to using ActiveDOMCallbackMicrotask/MicrotaskQueue rather than ScriptExecutionContext's Task mechanism
        for JavaScriptCore tasks.

        * bindings/js/JSMainThreadExecState.cpp:
        (WebCore::JSMainThreadExecState::didLeaveScriptContext):
        Perform a microtask checkpoint rather than calling MutationObserver code explicitly now that mutation observers
        use microtasks.

        * dom/ActiveDOMCallbackMicrotask.cpp: Added.
        (WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
        (WebCore::ActiveDOMCallbackMicrotask::~ActiveDOMCallbackMicrotask):
        (WebCore::ActiveDOMCallbackMicrotask::run):
        (WebCore::ActiveDOMCallbackMicrotask::contextDestroyed):
        * dom/ActiveDOMCallbackMicrotask.h: Added.
        Add a helper subclass of Microtask which behaves like a ActiveDOMCallback (e.g. supports suspension
        and context destruction).

        * dom/MicroTask.cpp: Renamed to Microtasks.cpp.
        * dom/MicroTask.h: Renamed to Microtasks.h.
        * dom/Microtasks.cpp: Renamed from Source/WebCore/dom/MicroTask.cpp.
        (WebCore::Microtask::removeSelfFromQueue):
        (WebCore::MicrotaskQueue::mainThreadQueue):
        (WebCore::MicrotaskQueue::append):
        (WebCore::MicrotaskQueue::remove):
        (WebCore::MicrotaskQueue::performMicrotaskCheckpoint):
        (WebCore::MicroTaskQueue::singleton): Deleted.
        (WebCore::MicroTaskQueue::queueMicroTask): Deleted.
        (WebCore::MicroTaskQueue::runMicroTasks): Deleted.
        * dom/Microtasks.h: Renamed from Source/WebCore/dom/MicroTask.h.
        (WebCore::Microtask::~Microtask):
        (WebCore::MicrotaskQueue::MicrotaskQueue):
        (WebCore::MicrotaskQueue::~MicrotaskQueue):
        (WebCore::MicroTask::~MicroTask): Deleted.
        (WebCore::MicroTaskQueue::~MicroTaskQueue): Deleted.
        (WebCore::MicroTaskQueue::MicroTaskQueue): Deleted.
        Re-implement MicrotaskQueue and Microtask to support Microtask suspension (via the KeepInQueue result
        value) and correct behavior when Microtasks are queued during checkpoints.

        * dom/MutationObserver.cpp:
        (WebCore::suspendedMutationObservers):
        (WebCore::MutationObserverMicrotask::MutationObserverMicrotask):
        (WebCore::MutationObserverMicrotask::~MutationObserverMicrotask):
        (WebCore::MutationObserverMicrotask::run):
        (WebCore::queueMutationObserverCompoundMicrotask):
        (WebCore::MutationObserver::enqueueMutationRecord):
        (WebCore::MutationObserver::setHasTransientRegistration):
        * dom/MutationObserver.h:
        Re-implement MutationObserver delivery on top of Microtasks.

        * dom/ScriptRunner.cpp:
        (WebCore::ScriptRunner::timerFired):
        Remove unnecessary call to runMicroTasks().

        * html/parser/HTMLScriptRunner.cpp:
        (WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
        (WebCore::HTMLScriptRunner::runScript):
        Remove calls to MutationObserver::deliverAllMutations() now that the MicrotaskQueue will take care of it.

        (WebCore::HTMLScriptRunner::executeScriptsWaitingForParsing):
        Remove unnecessary call to runMicroTasks().

        * testing/Internals.cpp:
        (WebCore::Internals::queueMicroTask):
        Use ActiveDOMCallbackMicrotask rather than a custom test subclass.

        * testing/MicroTaskTest.cpp: Removed.
        * testing/MicroTaskTest.h: Removed.
        Remove custom test subclass of Microtask, just use ActiveDOMCallbackMicrotask directly.

2015-12-03  Brady Eidson  <beidson@apple.com>

        Add GetterRaisesExceptionWithMessage and SetterRaisesExceptionWithMessage to the code generator.
        https://bugs.webkit.org/show_bug.cgi?id=151807

        Reviewed by Alex Christensen.

        No new tests (Covered by changes to existing bindings tests).

        While we're at it, rework the existing 'RaisesExceptionWithMessage' concept to use a struct instead of
        two separate variables to reduce complexity.
        
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateImplementationFunctionCall):
        (GenerateConstructorDefinition):
        (GenerateParametersCheck): Deleted.
        (GenerateReturnParameters): Deleted.
        
        * bindings/scripts/IDLAttributes.txt:
        
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_set_property):
        (webkit_dom_test_obj_get_property):
        (webkit_dom_test_obj_class_init):
        (webkit_dom_test_obj_get_attr_with_getter_exception_with_message):
        (webkit_dom_test_obj_set_attr_with_getter_exception_with_message):
        (webkit_dom_test_obj_get_attr_with_setter_exception_with_message):
        (webkit_dom_test_obj_set_attr_with_setter_exception_with_message):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjAttrWithGetterExceptionWithMessage):
        (WebCore::jsTestObjAttrWithSetterExceptionWithMessage):
        (WebCore::setJSTestObjAttrWithGetterExceptionWithMessage):
        (WebCore::setJSTestObjAttrWithSetterExceptionWithMessage):
        (WebCore::jsTestObjPrototypeFunctionMethodWithExceptionWithMessage):
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj attrWithGetterExceptionWithMessage]):
        (-[DOMTestObj setAttrWithGetterExceptionWithMessage:]):
        (-[DOMTestObj attrWithSetterExceptionWithMessage]):
        (-[DOMTestObj setAttrWithSetterExceptionWithMessage:]):
        
        * bindings/scripts/test/TestObj.idl:
        
        * dom/ExceptionCode.h:

2015-12-03  Javier Fernandez  <jfernandez@igalia.com>

        [css-grid] margin-left:auto and margin-top:auto discards the margin on opposite side
        https://bugs.webkit.org/show_bug.cgi?id=151802

        Reviewed by Sergio Villar Senin.

        When resolving auto margins so that they use the available space, in the
        corresponding axis, we must consider that there might be other specified
        margins. Such margins must account to determine the actual available space.

        Test: fast/css-grid-layout/grid-item-auto-margins-must-respect-specified-margins.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::updateAutoMarginsInRowAxisIfNeeded):
        (WebCore::RenderGrid::updateAutoMarginsInColumnAxisIfNeeded):

2015-12-02  Antti Koivisto  <antti@apple.com>

        Move ResourceLoadScheduler to WebKit1
        https://bugs.webkit.org/show_bug.cgi?id=151743

        Reviewed by Alex Christensen.

        It is no longer used by WebKit2. Simplify the WebKit/WebCore interface.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/ContainerNode.cpp:
        * dom/Document.cpp:
        (WebCore::Document::styleForElementIgnoringPendingStylesheets):
        * dom/Document.h:
        * loader/DocumentLoader.h:
        * loader/LoaderStrategy.cpp:
        (WebCore::LoaderStrategy::~LoaderStrategy):
        (WebCore::ResourceLoadSuspender::ResourceLoadSuspender):
        (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender):
        (WebCore::LoaderStrategy::resourceLoadScheduler): Deleted.
        (WebCore::LoaderStrategy::loadResourceSynchronously): Deleted.
        (WebCore::LoaderStrategy::createBlobRegistry): Deleted.
        (WebCore::LoaderStrategy::createPingHandle): Deleted.
        * loader/LoaderStrategy.h:

            Loading functions implemented on WebKit side move to pure virtual LoaderStrategy.

        * loader/ResourceLoadScheduler.cpp: Removed.
        * loader/ResourceLoadScheduler.h: Removed.

            ResourceLoadScheduler moves to WebKit1 as WebResourceLoadScheduler.

        * loader/ResourceLoader.cpp:
        (WebCore::ResourceLoader::finishNetworkLoad):
        (WebCore::ResourceLoader::setDefersLoading):
        (WebCore::ResourceLoader::frameLoader):
        (WebCore::ResourceLoader::willSwitchToSubstituteResource):
        (WebCore::ResourceLoader::willSendRequestInternal):
        * loader/archive/ArchiveResourceCollection.h:
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::load):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::performPostLoadActions):
        (WebCore::CachedResourceLoader::incrementRequestCount):
        * platform/PlatformStrategies.h:
        (WebCore::PlatformStrategies::pluginStrategy):
        (WebCore::PlatformStrategies::blobRegistry):

            Move BlobRegistry factory function here from LoaderStrategy as this allows network process to have null loaderStrategy.
            (it could be renamed BlobStrategy for consistency later).

        (WebCore::PlatformStrategies::PlatformStrategies):
        * platform/network/BlobRegistry.cpp:
        (WebCore::blobRegistry):
        (WebCore::BlobRegistry::~BlobRegistry):
        * platform/network/ResourceRequestBase.h:
        * style/StyleResolveTree.cpp:
        (WebCore::Style::PostResolutionCallbackDisabler::PostResolutionCallbackDisabler):
        (WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler):

2015-12-02  Myles C. Maxfield  <mmaxfield@apple.com>

        Unify font-variant-* with font-variant shorthand
        https://bugs.webkit.org/show_bug.cgi?id=149773

        Reviewed by Darin Adler.

        This patch makes font-variant a shorthand for the following properties:
        font-variant-ligatures
        font-variant-position
        font-variant-caps
        font-variant-numeric
        font-variant-alternates
        font-variant-east-asian

        This is consistent with the CSS Fonts Level 3 spec.

        This patch also migrates the "font" longhand to use the font-variant-caps
        property.

        Test: fast/text/font-variant-shorthand.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::fontVariantEastAsianPropertyValue): Rename FontVariantEastAsian values.
        (WebCore::fontVariantFromStyle): We must consult with the longhand properties to determine
        font-variant computed style.
        (WebCore::ComputedStyleExtractor::propertyValue): Don't put any-old font-variant-caps inside
        the font shorthand.
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::addFontFaceRule): Guard against incorrect downcasts (due to inherit
        of the new shorthand property).
        * css/CSSParser.cpp: Parse font-variant as a shorthand. Also implement its "normal" and "none" values.
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseFont):
        (WebCore::CSSParser::parseSystemFont):
        (WebCore::CSSParser::parseFontVariantLigatures):
        (WebCore::CSSParser::parseFontVariantNumeric):
        (WebCore::CSSParser::parseFontVariantEastAsian):
        (WebCore::CSSParser::parseFontVariant):
        (WebCore::isValidKeywordPropertyAndValue): Deleted.
        (WebCore::isKeywordPropertyID): Deleted.
        * css/CSSParser.h:
        * css/CSSPropertyNames.in: Turn font-variant into a shorthand property.
        * css/FontVariantBuilder.h: Guard against incorrect downcasts. Also update for renamed
        FontVariantEastAsian type.
        (WebCore::applyValueFontVariantLigatures):
        (WebCore::applyValueFontVariantNumeric):
        (WebCore::applyValueFontVariantEastAsian):
        * css/StyleProperties.cpp: Update to use the more specific property.
        (WebCore::StyleProperties::appendFontLonghandValueIfExplicit):
        (WebCore::StyleProperties::fontValue):
        (WebCore::StyleProperties::asText):
        * css/StyleResolver.cpp: Ditto.
        (WebCore::StyleResolver::isValidCueStyleProperty):
        * editing/EditingStyle.cpp: Ditto.
        * editing/cocoa/HTMLConverter.mm: Ditto.
        (HTMLConverterCaches::propertyValueForNode):
        (HTMLConverter::computedAttributesForElement):
        * editing/ios/EditorIOS.mm: Ditto.
        (WebCore::Editor::removeUnchangeableStyles):
        * html/canvas/CanvasRenderingContext2D.cpp: Ditto.
        (WebCore::CanvasRenderingContext2D::font):
        (WebCore::CanvasRenderingContext2D::setFont):
        * platform/graphics/FontCache.h: Removing duplicate cache key value.
        (WebCore::FontDescriptionKey::makeFlagsKey):
        * platform/graphics/FontCascade.cpp: Migrate to the new font-variant-caps from the old member variable.
        (WebCore::FontCascade::glyphDataForCharacter):
        * platform/graphics/FontCascade.h: Ditto.
        (WebCore::FontCascade::isSmallCaps):
        * platform/graphics/FontDescription.cpp: Ditto.
        (WebCore::FontDescription::FontDescription):
        * platform/graphics/FontDescription.h: Ditto.
        (WebCore::FontCascadeDescription::equalForTextAutoSizing):
        (WebCore::FontDescription::smallCaps): Deleted.
        (WebCore::FontDescription::setSmallCaps): Deleted.
        (WebCore::FontDescription::setIsSmallCaps): Deleted.
        (WebCore::FontDescription::operator==): Deleted.
        * platform/graphics/cocoa/FontCacheCoreText.cpp: Rename FontVariantEastAsianWidth.
        (WebCore::computeFeatureSettingsFromVariants):
        * platform/text/TextFlags.h: Ditto.
        (WebCore::FontVariantSettings::operator==):
        * rendering/RenderText.cpp: Migrage to the new font-variant-caps from the old member variable.
        (WebCore::RenderText::widthFromCache):

2015-12-02  Alex Christensen  <achristensen@webkit.org>

        Reduce size of ScriptElement
        https://bugs.webkit.org/show_bug.cgi?id=151786

        Reviewed by Andreas Kling.

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::ScriptElement):
        (WebCore::ScriptElement::requestScript):
        * dom/ScriptElement.h:
        Use callOnMainThread instead of a Timer to save memory on a timer that is rarely used.
        Use bit fields for the boolean values to save another 8 bytes per ScriptElement.
        This reduces sizeof(ScriptElement) from 168 to 48 bytes.

2015-12-02  Alex Christensen  <achristensen@webkit.org>

        Asynchronously call onerror when a content blocker blocks ascript element's load
        https://bugs.webkit.org/show_bug.cgi?id=151649

        Reviewed by Brady Eidson.

        Test: http/tests/contentextensions/script-onerror.html

        * dom/ScriptElement.cpp:
        (WebCore::ScriptElement::ScriptElement):
        (WebCore::ScriptElement::requestScript):
        * dom/ScriptElement.h:

2015-12-02  Jer Noble  <jer.noble@apple.com>

        [iOS] Abrupt transition between Fullscreen -> PiP
        https://bugs.webkit.org/show_bug.cgi?id=151719

        Reviewed by Eric Carlson.

        Follow-up to r192922: When moving from inline -> PiP, don't forget to hide the fullscreen
        window once the PiP transition completes.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::didStartPictureInPicture):

2015-12-02  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r192955.
        https://bugs.webkit.org/show_bug.cgi?id=151776

        A large number of the tests added with this change are failing
        on Windows (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "[css border] border-image doesn't honor border-style"
        https://bugs.webkit.org/show_bug.cgi?id=99922
        http://trac.webkit.org/changeset/192955

2015-12-02  Yoav Weiss  <yoav@yoav.ws>

        Fix preloader issue with srcdoc documents.
        https://bugs.webkit.org/show_bug.cgi?id=151744

        Reviewed by Ryosuke Niwa.

        Make sure that PreloadRequest is resolving URLs based on the document's
        baseURL() rather than using url() as the base URL, which is not how URLs
        are resolved by the parser, and fails when document->url() diverges from
        the document's base URL (e.g. in the case of srcdoc based documents).

        Test: fast/preloader/iframe-srcdoc.html

        * html/parser/HTMLResourcePreloader.cpp:
        (WebCore::PreloadRequest::completeURL):

2015-12-02  Jer Noble  <jer.noble@apple.com>

        Add a setting and restriction which will pause invisible autoplaying video
        https://bugs.webkit.org/show_bug.cgi?id=151412

        Reviewed by Eric Carlson.

        Test: media/video-restricted-invisible-autoplay-not-allowed.html

        Drive-by fix: m_autoplaying is reset in many places by calling pause() or play(), where those
        calls did not originate from an explicit request to pause or play, e.g., during an interruption.
        This causes m_autoplaying to be set to false, thus breaking resumption of autoplaying when the
        interruption ends. Update PlatformMediaSession to remember its client's "autoplaying" state and
        restore it when an interruption ends.

        Add a means to register for viewport visibility notifications to FrameView, RenderView,
        and RenderElement. Elements who wish to recieve these notifications must do so through their
        renderer, and thus will have to re-register whenever a new renderer is attached.

        Add a restriction to HTMLMediaElement which will pause autoplaying video when that video scrolls
        out of the viewport, or is hidden with CSS.

        Add a setting which controls whether that new restriction is set.

        * dom/Element.h:
        (WebCore::Element::isVisibleInViewportChanged): Add default empty virtual method.
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::didMoveToNewDocument):
        (WebCore::HTMLMediaElement::documentDidResumeFromPageCache):
        (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture):
        (WebCore::HTMLMediaElement::resumeAutoplaying):
        (WebCore::mediaElementIsAllowedToAutoplay):
        (WebCore::HTMLMediaElement::isVisibleInViewportChanged):
        (WebCore::HTMLMediaElement::updateShouldAutoplay):
        (WebCore::HTMLMediaElement::HTMLMediaElement): Set the new restriction based on the current Settings.
        (WebCore::HTMLMediaElement::resumeAutoplaying): Continue autoplay, or begin playback.
        (WebCore::HTMLMediaElement::didMoveToNewDocument): Update our autoplay state.
        (WebCore::HTMLMediaElement::documentDidResumeFromPageCache): Ditto.
        (WebCore::HTMLMediaElement::removedFrom): Ditto.
        (WebCore::HTMLMediaElement::didAttachRenderers): Ditto.
        (WebCore::HTMLMediaElement::didDetachRenderers): Ditto.
        (WebCore::HTMLMediaElement::visibilityDidChange): Ditto.
        (WebCore::HTMLMediaElement::willDetachRenderers): Unregister for visibility callbacks.
        (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Clear new restriction.
        (WebCore::mediaElementIsAllowedToAutoplay): Check for autoplay requirements.
        (WebCore::HTMLMediaElement::isVisibleInViewportChanged): Added, update our autoplay state.
        (WebCore::HTMLMediaElement::updateShouldAutoplay): Set interruption if necessary, clear otherwise.
        * html/HTMLMediaElement.h:
        * html/MediaElementSession.cpp:
        (WebCore::restrictionName): Added support for new restriction.
        * html/MediaElementSession.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::viewportContentsChanged): Update clients of viewport visibility.
        * page/Settings.in:
        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::stateName): Add new "Autoplay" state.
        (WebCore::interruptionName): Added new interruption type.
        (WebCore::PlatformMediaSession::beginInterruption): Set the m_interruptionType.
        (WebCore::PlatformMediaSession::clientWillBeginAutoplaying): Set the m_state to Autoplaying.
        * platform/audio/PlatformMediaSession.h:
        (WebCore::PlatformMediaSession::interruptionType): Added getter.
        (WebCore::PlatformMediaSessionClient::resumeAutoplaying): Added default.
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::sessionWillBeginPlayback): Only pause session if its state is playing.
        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::RenderElement): Set new ivars.
        (WebCore::RenderElement::~RenderElement): Unregister for callbacks if necessary.
        (WebCore::RenderElement::registerForVisibleInViewportCallback): Register for callbacks from RenderView.
        (WebCore::RenderElement::unregisterForVisibleInViewportCallback): Unregister from same.
        (WebCore::RenderElement::visibleInViewportStateChanged): Notify Element if value has changed.
        * rendering/RenderElement.h:
        * rendering/RenderView.cpp:
        (WebCore::RenderView::registerForVisibleInViewportCallback): Add renderer to list of callbacks.
        (WebCore::RenderView::unregisterForVisibleInViewportCallback): Remove renderer from same.
        (WebCore::RenderView::updateVisibleViewportRect): Walk renderers setting their visiblility based on the viewport visible rect.
        * rendering/RenderView.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setMediaElementRestrictions): Support new restriction.

2015-12-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: IDBTransaction::error is not exposed.
        https://bugs.webkit.org/show_bug.cgi?id=151752

        Reviewed by Alex Christensen.

        No new tests (At least 3 failing tests now pass, plus changes to other faulty tests).

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent):
        (WebCore::IDBClient::IDBRequest::uncaughtExceptionInEventHandler):
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::error):
        (WebCore::IDBClient::IDBTransaction::abortDueToFailedRequest):
        (WebCore::IDBClient::IDBTransaction::abort):
        (WebCore::IDBClient::IDBTransaction::didCreateIndexOnServer):
        * Modules/indexeddb/client/IDBTransactionImpl.h:

2015-12-02  Adenilson Cavalcanti  <cavalcantii@gmail.com>

        [css border] border-image doesn't honor border-style
        https://bugs.webkit.org/show_bug.cgi?id=99922

        Reviewed by Simon Fraser.

        Ensure that WebKit will be compliant to css-backgrounds spec where a
        border with an image will only be rendered if there is a style defined.

        Quote: "None: No border. Color and width are ignored (i.e., the border has width 0)".
        Reference: http://www.w3.org/TR/css3-background/#border-style

        From W3C discussion: "The fact that these properties set the style of the border is
        normative". Reference: https://lists.w3.org/Archives/Public/www-style/2015Nov/0260.html

        Test: fast/borders/border-image-should-not-display.html

        * rendering/style/BorderData.h:
        (WebCore::BorderData::hasBorder):
        (WebCore::BorderData::borderLeftWidth):
        (WebCore::BorderData::borderRightWidth):
        (WebCore::BorderData::borderTopWidth):
        (WebCore::BorderData::borderBottomWidth):
        * rendering/style/BorderValue.h:
        (WebCore::BorderValue::nonZero):
        (WebCore::BorderValue::isVisible):

2015-12-02  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Implement MediaStreamTrack.getSettings()
        https://bugs.webkit.org/show_bug.cgi?id=151727

        Reviewed by Jer Noble.

        MediaStreamTrack.getStates has been replaced by MediaStreamTrack.getSettings. 

        Test: fast/mediastream/MediaStreamTrack-getSettings.html

        * CMakeLists.txt: MediaSourceStates.* -> MediaSourceSettings.*.
        * DerivedSources.make: No more MediaSourceStates.idl.
        * Modules/mediastream/CapabilityRange.cpp: MediaSourceStates.* -> MediaSourceSettings.*.
        * Modules/mediastream/MediaSourceSettings.cpp: Copied from Source/WebCore/Modules/mediastream/MediaSourceStates.cpp.
        (WebCore::MediaSourceSettings::create):
        (WebCore::MediaSourceSettings::MediaSourceSettings):
        (WebCore::MediaSourceSettings::facingMode):
        (WebCore::MediaSourceStates::create): Deleted.
        (WebCore::MediaSourceStates::MediaSourceStates): Deleted.
        (WebCore::MediaSourceStates::sourceType): Deleted.
        (WebCore::MediaSourceStates::facingMode): Deleted.
        * Modules/mediastream/MediaSourceSettings.h: Copied from Source/WebCore/Modules/mediastream/MediaSourceStates.h.

        MediaSourceStates.* renamed to MediaSourceSettings.* and updated to new API.
        * Modules/mediastream/MediaSourceStates.cpp: Removed.
        * Modules/mediastream/MediaSourceStates.h: Removed.
        * Modules/mediastream/MediaSourceStates.idl: Removed.

        * Modules/mediastream/MediaStreamCapabilities.cpp:
        (WebCore::MediaStreamCapabilities::sourceType): Return an empty vector for now, will be fixed
          by the changes for https://bugs.webkit.org/show_bug.cgi?id=151728.
        (WebCore::MediaStreamCapabilities::sourceId): RealtimeMediaSourceStates -> MediaSourceSettings.
        (WebCore::MediaStreamCapabilities::facingMode): Ditto.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getSettings): New.
        (WebCore::MediaStreamTrack::getCapabilities): Don't modify states, just pass through whatever
          private track returns.
        (WebCore::MediaStreamTrack::trackSettingsChanged):
        (WebCore::MediaStreamTrack::states): Deleted.
        (WebCore::MediaStreamTrack::trackStatesChanged): Deleted.
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/MediaStreamTrack.idl: MediaSourceStates -> MediaSourceSettings.

        * Modules/webaudio/MediaStreamAudioSource.cpp:
        (WebCore::MediaStreamAudioSource::settings):
        (WebCore::MediaStreamAudioSource::states): Deleted.
        * Modules/webaudio/MediaStreamAudioSource.h: MediaSourceStates -> MediaSourceSettings.

        * WebCore.xcodeproj/project.pbxproj: MediaSourceStates.* -> MediaSourceSettings.*.

        * bindings/js/JSMediaSourceStatesCustom.cpp: Removed.
        * bindings/js/JSMediaStreamTrackCustom.cpp: Added.
        (WebCore::JSMediaStreamTrack::getSettings): MediaSourceSettings is a generic dictionary so 
          it has to be generated manually.

        * platform/mediastream/MediaStreamPrivate.cpp:
        (WebCore::MediaStreamPrivate::intrinsicSize): states -> settings.
        (WebCore::MediaStreamPrivate::trackStatesChanged): Deleted.
        * platform/mediastream/MediaStreamPrivate.h:

        * platform/mediastream/MediaStreamTrackPrivate.cpp:
        (WebCore::MediaStreamTrackPrivate::settings):
        (WebCore::MediaStreamTrackPrivate::sourceSettingsChanged):
        (WebCore::MediaStreamTrackPrivate::states): Deleted.
        (WebCore::MediaStreamTrackPrivate::sourceStatesChanged): Deleted.
        * platform/mediastream/MediaStreamTrackPrivate.h:

        * platform/mediastream/RealtimeMediaSource.cpp:
        (WebCore::RealtimeMediaSource::settingsDidChanged):
        (WebCore::RealtimeMediaSource::statesDidChanged): Deleted.
        * platform/mediastream/RealtimeMediaSource.h:

        * platform/mediastream/RealtimeMediaSourceCapabilities.h:
        (WebCore::RealtimeMediaSourceCapabilities::facingModes): States -> Settings.
        (WebCore::RealtimeMediaSourceCapabilities::addFacingMode): Ditto.
        (WebCore::RealtimeMediaSourceCapabilities::sourceTypes): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::setSourceType): Deleted.
        (WebCore::RealtimeMediaSourceCapabilities::addSourceType): Deleted.

        * platform/mediastream/RealtimeMediaSourceCenter.h: States -> Settings.
        * platform/mediastream/RealtimeMediaSourceSettings.cpp: Copied from Source/WebCore/platform/mediastream/RealtimeMediaSourceStates.cpp.
        (WebCore::RealtimeMediaSourceSettings::facingMode):
        (WebCore::RealtimeMediaSourceStates::facingMode): Deleted.
        (WebCore::RealtimeMediaSourceStates::sourceType): Deleted.

        * platform/mediastream/RealtimeMediaSourceSettings.h: Copied from Source/WebCore/platform/mediastream/RealtimeMediaSourceStates.h.
        * platform/mediastream/RealtimeMediaSourceStates.cpp: Removed.

        * platform/mediastream/RealtimeMediaSourceStates.h: Removed.
        * platform/mediastream/mac/AVAudioCaptureSource.h:
        * platform/mediastream/mac/AVAudioCaptureSource.mm:
        (WebCore::AVAudioCaptureSource::updateStates): Deleted.

        * platform/mediastream/mac/AVCaptureDeviceManager.h:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:

        * platform/mediastream/mac/AVMediaCaptureSource.h:
        * platform/mediastream/mac/AVMediaCaptureSource.mm:
        (WebCore::AVMediaCaptureSource::states): Deleted.

        * platform/mediastream/mac/AVVideoCaptureSource.h:
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::updateStates): Deleted.

        * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:

        * platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h:

        * platform/mock/MockRealtimeAudioSource.cpp:
        (WebCore::MockRealtimeAudioSource::initializeSupportedConstraints):
        (WebCore::MockRealtimeAudioSource::updateStates): Deleted.
        * platform/mock/MockRealtimeAudioSource.h:

        * platform/mock/MockRealtimeMediaSource.cpp:
        (WebCore::MockRealtimeMediaSource::capabilities): Minor cleanup.
        (WebCore::MockRealtimeMediaSource::settings):
        (WebCore::MockRealtimeMediaSource::supportedConstraints):
        (WebCore::MockRealtimeMediaSource::states): Deleted.
        * platform/mock/MockRealtimeMediaSource.h:
        (WebCore::MockRealtimeMediaSource::constraints):
        (WebCore::MockRealtimeMediaSource::currentStates): Deleted.

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::updateSettings):
        (WebCore::MockRealtimeVideoSource::initializeCapabilities):
        (WebCore::MockRealtimeVideoSource::initializeSupportedConstraints):
        (WebCore::MockRealtimeVideoSource::setFrameRate): states -> settings.
        (WebCore::MockRealtimeVideoSource::setSize): Ditto.
        (WebCore::MockRealtimeVideoSource::drawAnimation): Ditto.
        (WebCore::MockRealtimeVideoSource::drawText): Ditto.
        (WebCore::MockRealtimeVideoSource::updateStates): Deleted.
        (WebCore::MockRealtimeVideoSource::setFacingMode): Deleted.
        * platform/mock/MockRealtimeVideoSource.h:

2015-11-30  David Hyatt  <hyatt@apple.com>

        Implement the picture element.
        https://bugs.webkit.org/show_bug.cgi?id=116963

        Reviewed by Dean Jackson.

        Added fast/picture tests.

        * WebCore.xcodeproj/project.pbxproj:
        Add HTMLPictureElement.* to the project.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
        Remove the CURRENT_SRC ifdef.

        (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
        New helper function that checks the <source> elements of a <picture> parent
        for the best match.

        (WebCore::HTMLImageElement::selectImageSource):
        Pull out the process of image selection into its own function so that this can
        be called from many places (to ensure that dynamic changes are reflected as elements
        get changed, added or removed).

        (WebCore::HTMLImageElement::parseAttribute):
        Call selectImageSource when attributes change.

        (WebCore::HTMLImageElement::insertedInto):
        If inserted into a picture element, make sure to update the source.

        * html/HTMLImageElement.h:
        (WebCore::HTMLImageElement::currentSrc):
        Remove the CURRENT_SRC ifdef.

        * html/HTMLImageElement.idl:
        Remove the CURRENT_SRC ifdef.

        * html/HTMLPictureElement.cpp: Added.
        (WebCore::HTMLPictureElement::HTMLPictureElement):
        (WebCore::HTMLPictureElement::create):
        (WebCore::HTMLPictureElement::sourcesChanged):
        * html/HTMLPictureElement.h: Added.
        The new picture element. Has a sourcesChanged() function that is invoked whenever anything
        about the <source> elements changes.

        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::insertedInto):
        (WebCore::HTMLSourceElement::removedFrom):
        (WebCore::HTMLSourceElement::parseAttribute):
        Make sure to call sourcesChanged when new sources come and go or when attributes on
        source elements change.

        * html/HTMLSourceElement.h:
        Added parseAttribute function so we can see when attributes change that force us to
        do a dynamic update.

        * html/HTMLTagNames.in:
        Add the picture element.

        * html/parser/HTMLSrcsetParser.h:
        (WebCore::ImageCandidate::srcOrigin):
        (WebCore::ImageCandidate::isEmpty):
        Some helpers for picture parsing.

2015-12-02  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Video is not rendered correctly on some graphics cards.
        https://bugs.webkit.org/show_bug.cgi?id=151757

        Reviewed by Alex Christensen.

        We need to make sure we use the same bitmap format as in the Direct3D surface
        in video memory when copying surface data and rendering with Cairo.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::presentSample):
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):

2015-12-02  Brady Eidson  <beidson@apple.com>

        Modern IDB: Get rid of IDBExceptionCode.
        https://bugs.webkit.org/show_bug.cgi?id=151753

        Reviewed by Alex Christensen.

        No new tests (No change in behavior).

        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::count):
        (WebCore::IDBClient::IDBIndex::doCount):
        (WebCore::IDBClient::IDBIndex::get):
        (WebCore::IDBClient::IDBIndex::doGet):
        (WebCore::IDBClient::IDBIndex::getKey):
        (WebCore::IDBClient::IDBIndex::doGetKey):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::get):
        (WebCore::IDBClient::IDBObjectStore::deleteFunction):
        (WebCore::IDBClient::IDBObjectStore::clear):
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        (WebCore::IDBClient::IDBObjectStore::count):
        (WebCore::IDBClient::IDBObjectStore::doCount):
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeAbort):
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests):
        
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::addRecord):
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::beginTransaction):
        (WebCore::IDBServer::MemoryIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::MemoryIDBBackingStore::commitTransaction):
        (WebCore::IDBServer::MemoryIDBBackingStore::createObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::clearObjectStore):
        (WebCore::IDBServer::MemoryIDBBackingStore::createIndex):
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteIndex):
        (WebCore::IDBServer::MemoryIDBBackingStore::deleteRange):
        (WebCore::IDBServer::MemoryIDBBackingStore::addRecord):
        (WebCore::IDBServer::MemoryIDBBackingStore::getRecord):
        (WebCore::IDBServer::MemoryIDBBackingStore::getIndexRecord):
        (WebCore::IDBServer::MemoryIDBBackingStore::getCount):
        (WebCore::IDBServer::MemoryIDBBackingStore::openCursor):
        (WebCore::IDBServer::MemoryIDBBackingStore::iterateCursor):
        
        * Modules/indexeddb/server/MemoryIndex.cpp:
        (WebCore::IDBServer::MemoryIndex::putIndexKey):
        
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::createIndex):
        (WebCore::IDBServer::MemoryObjectStore::deleteIndex):
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd):
        
        * Modules/indexeddb/shared/IDBError.cpp:
        (WebCore::IDBError::IDBError):
        (WebCore::IDBError::name):
        (WebCore::IDBError::message):
        (WebCore::idbErrorName): Deleted.
        (WebCore::idbErrorDescription): Deleted.
        
        * Modules/indexeddb/shared/IDBError.h:
        (WebCore::IDBError::code):
        (WebCore::IDBError::isNull):

2015-12-02  Jiewen Tan  <jiewen_tan@apple.com>

        Null dereference loading Blink layout test fast/loader/unload-mutation-crash.html
        https://bugs.webkit.org/show_bug.cgi?id=149305
        <rdar://problem/22747892>

        Reviewed by Brent Fulgham.

        Add an extra guard to replaceDocument() against rude JS in unload event handlers.

        Test: fast/loader/unload-mutation-crash.html

        * loader/DocumentWriter.cpp:
        (WebCore::DocumentWriter::replaceDocument):
        (WebCore::DocumentWriter::begin):

2015-12-02  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo] Compile error.
        https://bugs.webkit.org/show_bug.cgi?id=151742

        Reviewed by Csaba Osztrogonác.

        System font flag has moved from Font class to FontData class.

        * platform/graphics/win/SimpleFontDataCairoWin.cpp:
        (WebCore::Font::platformInit):

2015-12-01  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r192894 and r192904.
        https://bugs.webkit.org/show_bug.cgi?id=151738

        Crashes sometimes on Windows (Requested by litherum on
        #webkit).

        Reverted changesets:

        "[Win] Web fonts with small caps have excess whitespace with
        the complex text codepath"
        https://bugs.webkit.org/show_bug.cgi?id=151698
        http://trac.webkit.org/changeset/192894

        "Test gardening after r192894"
        http://trac.webkit.org/changeset/192904

2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>

        [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
        https://bugs.webkit.org/show_bug.cgi?id=150792

        Reviewed by Saam Barati.

        * Configurations/FeatureDefines.xcconfig:

2015-12-01  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r192914.
        https://bugs.webkit.org/show_bug.cgi?id=151734

        JSC tests for this change are failing on 32 and 64-bit bots
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "[ES6] Implement LLInt/Baseline Support for ES6 Generators and
        enable this feature"
        https://bugs.webkit.org/show_bug.cgi?id=150792
        http://trac.webkit.org/changeset/192914

2015-12-01  Myles C. Maxfield  <mmaxfield@apple.com>

        [SVG -> OTF Converter] Force UnitsPerEm to 1000
        https://bugs.webkit.org/show_bug.cgi?id=151650

        Reviewed by Antti Koivisto.

        According to the Adobe Type 1 Font Format:

        "Type 1 font programs generally use a 1000 to 1 scaling matrix
        for the definition of the relationship of character space unites
        to user space units."

        Windows actually disregards the "unitsPerEm" value in the "head"
        table for some calculations, and hardcodes 1000 instead. In order
        to have consistent renderings on Windows and OS X, this patch
        forces all generated fonts to have a unitsPerEm of 1000, and
        appropriately scales all necessary values.

        Test: svg/W3C-SVG-1.1/fonts-elem-03-b.svg

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::scaleUnitsPerEm):
        (WebCore::SVGToOTFFontConverter::appendHEADTable):
        (WebCore::SVGToOTFFontConverter::appendOS2Table):
        (WebCore::SVGToOTFFontConverter::appendVORGTable):
        (WebCore::SVGToOTFFontConverter::appendVHEATable):
        (WebCore::SVGToOTFFontConverter::appendVMTXTable):
        (WebCore::SVGToOTFFontConverter::addKerningPair):
        (WebCore::CFFBuilder::CFFBuilder):
        (WebCore::CFFBuilder::boundingBox):
        (WebCore::CFFBuilder::updateBoundingBox):
        (WebCore::CFFBuilder::unscaledLineTo):
        (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        (WebCore::SVGToOTFFontConverter::appendLigatureGlyphs):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

2015-12-01  Brady Eidson  <beidson@apple.com>

        Give a more detailed message for TypeErrors that result from EnforceRange.
        https://bugs.webkit.org/show_bug.cgi?id=151725

        Reviewed by Tim Horton.

        No new tests (Covered by changes to existing tests).

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::rangeErrorString):
        (WebCore::enforceRange):

2015-12-01  Jer Noble  <jer.noble@apple.com>

        [iOS] Abrupt transition between Fullscreen -> PiP
        https://bugs.webkit.org/show_bug.cgi?id=151719

        Reviewed by Eric Carlson.

        Rather than abruptly hiding the fullscreen window, explicitly exit fullscreen mode upon entering PiP.

        * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
        (WebVideoFullscreenInterfaceAVKit::didStartPictureInPicture):

2015-12-01  Myles C. Maxfield  <mmaxfield@apple.com>

        Give String and AtomicString an existingHash() function
        https://bugs.webkit.org/show_bug.cgi?id=151717

        Reviewed by Andreas Kling.

        No new tests because there is no behavior change.

        * platform/graphics/Font.cpp:
        (WebCore::CharacterFallbackMapKeyHash::hash):

2015-12-01  Myles C. Maxfield  <mmaxfield@apple.com>

        [Win] Build fix after r192895

        Unreviewed.

        * platform/graphics/FontPlatformData.h:
        (WebCore::FontPlatformData::isSystemFont):
        (WebCore::FontPlatformData::setIsSystemFont):
        * platform/graphics/win/SimpleFontDataCGWin.cpp:
        (WebCore::Font::platformInit):
        (WebCore::Font::platformWidthForGlyph):

2015-12-01  Alexey Proskuryakov  <ap@apple.com>

        Update bindings test results after r192903.

        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
        (WebCore::JSTestEventConstructorConstructor::construct):

2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>

        [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
        https://bugs.webkit.org/show_bug.cgi?id=150792

        Reviewed by Saam Barati.

        * Configurations/FeatureDefines.xcconfig:

2015-12-01  Brady Eidson  <beidson@apple.com>

        Add "RaisesExceptionWithMessage" IDL attribute.
        https://bugs.webkit.org/show_bug.cgi?id=151720

        Reviewed by Alex Christensen.

        No new tests (Covered by changes to existing bindings tests).

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateParametersCheck):
        (GenerateReturnParameters):
        (GenerateImplementationFunctionCall):
        (GenerateConstructorDefinition):
        
        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        (webkit_dom_test_obj_method_with_exception_with_message):
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        
        * bindings/scripts/test/JS/JSTestObj.cpp:
        (WebCore::jsTestObjPrototypeFunctionMethodWithExceptionWithMessage):
        
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        (-[DOMTestObj methodWithExceptionWithMessage]):
        
        * bindings/scripts/test/TestObj.idl:

2015-12-01  Darin Adler  <darin@apple.com>

        Fix anomaly where isMouseEvent returns false for wheel events
        https://bugs.webkit.org/show_bug.cgi?id=151685

        Reviewed by Alexey Proskuryakov.

        Back three years ago when we made WheelEvent inherit from MouseEvent,
        someone decided that isMouseEvent should return false for the wheel events.
        An audit of all the callers of isMouseEvent indicated that in almost every
        case, it's better to return true, so this patch does that.

        All the other call sites that were checking isMouseEvent, here and in the
        higher levels of WebKit, benefit from getting true even for wheel events.

        * bindings/objc/DOMEvents.mm:
        (kitClass): Use eventInterface instead of isMouseEvent to create the appropriate
        wrapper class.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateConstructorDefinition): Eliminated a peculiar search and replace
        mistake; "stateution" instead of "execution".

        * dom/Node.cpp:
        (WebCore::Node::handleLocalEvents): Add an isWheelEvent check here so that we
        will not ignore wheel events. This preserves behavior. A FIXME questions whether
        that is the behavior we want.

        * dom/WheelEvent.cpp:
        (WebCore::WheelEvent::isMouseEvent): Deleted. No need to override and return false.
        * dom/WheelEvent.h: Ditto.

        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::defaultEventHandler): Removed unneeded checks for
        drag events and wheel events; both are types of mouse event, and so a single
        isMouseEvent check takes care of all three of these.
        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::forwardEvent): Ditto.

2015-12-01  Alex Christensen  <achristensen@webkit.org>

        Use Optional for matrix inverses
        https://bugs.webkit.org/show_bug.cgi?id=151575

        Reviewed by Myles C. Maxfield.

        This patch should have no change in behavior.  Some unnecessary checks are removed.
        There are a few places where we are no longer multiplying by the identity matrix.
        This should remind future coders that not all matrices are invertible.

        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::inverse):
        (WebCore::WebKitCSSMatrix::translate):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::restore):
        (WebCore::CanvasRenderingContext2D::scale):
        (WebCore::CanvasRenderingContext2D::rotate):
        (WebCore::CanvasRenderingContext2D::translate):
        (WebCore::CanvasRenderingContext2D::transform):
        (WebCore::CanvasRenderingContext2D::setTransform):
        (WebCore::CanvasRenderingContext2D::isPointInPathInternal):
        (WebCore::CanvasRenderingContext2D::isPointInStrokeInternal):
        * platform/graphics/GraphicsContext.cpp:
        (WebCore::GraphicsContext::computeLineBoundsAndAntialiasingModeForText):
        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::calculateLayerBoundingRect):
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::putByteArray):
        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::setFilterScale):
        (WebCore::Filter::absoluteTransform):
        (WebCore::Filter::mapAbsolutePointToLocalPoint):
        (WebCore::Filter::renderingMode):
        (WebCore::Filter::setRenderingMode):
        * platform/graphics/texmap/TextureMapperLayer.cpp:
        (WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica):
        (WebCore::TextureMapperLayer::replicaTransform):
        (WebCore::TextureMapperLayer::setAnimatedFilters):
        (WebCore::TextureMapperLayer::mapScrollOffset):
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
        (WebCore::CoordinatedGraphicsLayer::transformedVisibleRect):
        (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
        * platform/graphics/transforms/AffineTransform.cpp:
        (WebCore::AffineTransform::yScale):
        (WebCore::det):
        (WebCore::AffineTransform::isInvertible):
        (WebCore::AffineTransform::inverse):
        (WebCore::AffineTransform::det): Deleted.
        * platform/graphics/transforms/AffineTransform.h:
        * platform/graphics/transforms/TransformState.cpp:
        (WebCore::TransformState::mappedPoint):
        (WebCore::TransformState::mappedQuad):
        (WebCore::TransformState::mapQuad):
        (WebCore::TransformState::flattenWithTransform):
        * platform/graphics/transforms/TransformationMatrix.cpp:
        (WebCore::TransformationMatrix::isInvertible):
        (WebCore::TransformationMatrix::inverse):
        * platform/graphics/transforms/TransformationMatrix.h:
        * rendering/HitTestingTransformState.cpp:
        (WebCore::HitTestingTransformState::flattenWithTransform):
        (WebCore::HitTestingTransformState::mappedPoint):
        (WebCore::HitTestingTransformState::mappedQuad):
        (WebCore::HitTestingTransformState::mappedArea):
        (WebCore::HitTestingTransformState::boundsOfMappedArea):
        * rendering/PaintInfo.h:
        (WebCore::PaintInfo::applyTransform):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerByApplyingTransform):
        (WebCore::RenderLayer::hitTestLayer):
        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::nodeAtFloatPoint):
        * rendering/svg/RenderSVGForeignObject.cpp:
        (WebCore::RenderSVGForeignObject::nodeAtFloatPoint):
        * rendering/svg/RenderSVGImage.cpp:
        (WebCore::RenderSVGImage::nodeAtFloatPoint):
        * rendering/svg/RenderSVGResourceClipper.cpp:
        (WebCore::RenderSVGResourceClipper::hitTestClipContent):
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::postApplyResource):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::nodeAtPoint):
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::setupNonScalingStrokeContext):
        (WebCore::RenderSVGShape::nodeAtFloatPoint):
        (WebCore::RenderSVGShape::calculateStrokeBoundingBox):
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::nodeAtFloatPoint):
        * rendering/svg/SVGRenderSupport.cpp:
        (WebCore::SVGRenderSupport::intersectRepaintRectWithShadows):
        * rendering/svg/SVGRenderingContext.cpp:
        (WebCore::SVGRenderingContext::clipToImageBuffer):
        * svg/SVGLocatable.cpp:
        (WebCore::SVGLocatable::getTransformToElement):
        * svg/SVGMatrix.h:
        (WebCore::SVGMatrix::inverse):
        (WebCore::SVGMatrix::rotateFromVector):

2015-12-01  Tim Horton  <timothy_horton@apple.com>

        Remove swipe snapshot before main document load if scroll position is already restored
        https://bugs.webkit.org/show_bug.cgi?id=151224

        Reviewed by Darin Adler.

        * loader/FrameLoaderClient.h:
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::restoreScrollPositionAndViewState):
        Each time we try to restore the scroll position, see if the requested
        scroll position is something we can scroll to by going through ScrollView's
        scroll position constraint logic. If we can scroll there, tell our client
        (and eventually ViewGestureController) that we successfully restored the
        scroll position!

2015-12-01  Myles C. Maxfield  <mmaxfield@apple.com>

        [iOS] Adjacent emoji overlap each other
        https://bugs.webkit.org/show_bug.cgi?id=151690
        <rdar://problem/23430453>

        Reviewed by Simon Fraser.

        This is a partial revert of r188737. It turns out that only CoreText gives correct
        glyph advances for emoji. In r188737, I reverted the special iOS emoji processing,
        but also removed the logic of using CoreText for emoji advances. This patch adds
        the m_isEmoji boolean back, so we can tell if we need to force
        platformWidthForGlyph() to use CoreText.

        This patch also performs a little bit of cleanup by moving Font's m_isSystemFont
        to FontPlatformData where it belongs.

        Test: fast/text/emoji-overlap.html

        * platform/graphics/Font.cpp:
        (WebCore::fillGlyphPage): Removed unnecessary argument.
        (WebCore::Font::Font): Deleted.
        * platform/graphics/Font.h: Moved getters and booleans to FontPlatformData.
        (WebCore::Font::hasCustomTracking): Deleted.
        (WebCore::Font::isSystemFont): Deleted.
        * platform/graphics/FontPlatformData.cpp:
        (WebCore::FontPlatformData::FontPlatformData): Initialize new booleans.
        (WebCore::FontPlatformData::operator=): Ditto.
        * platform/graphics/FontPlatformData.h: Getters for new booleans.
        (WebCore::FontPlatformData::isSystemFont):
        (WebCore::FontPlatformData::hasCustomTracking):
        (WebCore::FontPlatformData::isEmoji):
        * platform/graphics/GlyphPage.h: Remove unnecessary argument.
        * platform/graphics/cocoa/FontCocoa.mm:
        (WebCore::advanceForColorBitmapFont): Return an Optional instead of using an out
        argument.
        (WebCore::canUseFastGlyphAdvanceGetter): Make sure that we use CoreText if we are
        using the Emoji font.
        (WebCore::Font::platformWidthForGlyph):
        (WebCore::Font::platformInit): Deleted.
        * platform/graphics/cocoa/FontPlatformDataCocoa.mm: Deal with the new booleans.
        (WebCore::FontPlatformData::FontPlatformData):
        (WebCore::FontPlatformData::platformDataInit):
        (WebCore::FontPlatformData::platformDataAssign):
        (WebCore::FontPlatformData::setFont):
        * platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp:
        (WebCore::GlyphPage::fill): Removed unnecessary argument.
        * platform/graphics/mac/GlyphPageMac.cpp:
        (WebCore::shouldUseCoreText): Use a reference instead of a pointer.
        (WebCore::GlyphPage::fill): Removed unnecessary argument.
        * platform/graphics/win/FontCGWin.cpp:
        (WebCore::FontCascade::drawGlyphs): Update for new location of booleans.
        * platform/graphics/win/GlyphPageTreeNodeCGWin.cpp:
        (WebCore::GlyphPage::fill): Removed unnecessary argument.
        * platform/graphics/win/GlyphPageTreeNodeCairoWin.cpp:
        (WebCore::GlyphPage::fill): Removed unnecessary argument.
        * platform/graphics/win/UniscribeController.cpp:
        (WebCore::UniscribeController::shapeAndPlaceItem): Update for new location of
        booleans.

2015-12-01  Myles C. Maxfield  <mmaxfield@apple.com>

        [Win] Web fonts with small caps have excess whitespace with the complex text codepath
        https://bugs.webkit.org/show_bug.cgi?id=151698

        Reviewed by Darin Adler.

        When performing small-caps on OS X, we bake in the smaller font size into the platform's native font
        object. On Windows, we currently don't do that; instead, we just change some ancillary data inside
        the FontPlatformData, and our advance & drawing calculations are sensitive to this ancillary data.
        However, in the complex text codepath, Uniscribe only takes the native font object as input, and
        therefore operates with the wrong font size.

        The solution is to bake the smaller font size into the native platform font on Windows, similar to
        OS X. It isn't clear why we didn't do this previously, but it seems like we weren't sure that
        Windows would select the correct font when we provide new selection criteria. However, for web fonts,
        we already use the same mechanism (CreateFontIndirect()) when we create the font in the first place;
        therefore, this scaled font request will always work as well.

        Test: fast/text/small-caps-complex.html

        * platform/graphics/win/SimpleFontDataWin.cpp:
        (WebCore::Font::platformCreateScaledFont): Deleted.

2015-12-01  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/create-and-remove-object-store.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151704

        Reviewed by Alex Christensen.

        No new tests (At least one previously failing test now passes).

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::deleteObjectStore):

2015-12-01  Brady Eidson  <beidson@apple.com>

        Modern IDB: storage/indexeddb/basics.html fails.
        https://bugs.webkit.org/show_bug.cgi?id=151694

        Reviewed by Alex Christensen.

        No new tests (At least one failing test now passes, and covered by changes to 3 previously incorrect tests).

        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::versionChangeTransactionWillFinish): Set the flag determining whether
          or not the request's transaction should be exposed to the DOM.
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::result): Throw an exception if the request is not done.
        (WebCore::IDBClient::IDBRequest::error): Ditto.
        (WebCore::IDBClient::IDBRequest::transaction): Only return the transaction to the DOM if the flag says so.
        * Modules/indexeddb/client/IDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abort):
        (WebCore::IDBClient::IDBTransaction::commit):

2015-12-01  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] ASSERTION FAILED: m_table running /webkit2/BackForwardList/navigation in Debug build
        https://bugs.webkit.org/show_bug.cgi?id=151700

        Reviewed by Martin Robinson.

        This happens when the frame notifies its observers that the page
        will be detached. The m_table that asserts is the
        FrameDestructionObserver HashSet. It happens when clearing the
        GObject DOM cache wrappers during frame destruction, and there's a
        Document object wrapped whose last reference is held by the DOM
        wrapper. In that case, the Document object is destroyed while the
        frame is being destroyed. Deleting the wrapper objects after the
        frame destruction fixes the crash.

        * bindings/gobject/DOMObjectCache.cpp:

2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] pull function of tee should call readFromReadableStreamReader directly
        https://bugs.webkit.org/show_bug.cgi?id=151497

        Reviewed by Darin Adler.

        Covered by added test.

        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStreamPullFunction): directly calling readFromReadableStreamReader.

2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Clean-up JS built-in code using arrow functions
        https://bugs.webkit.org/show_bug.cgi?id=151489

        Reviewed by Darin Adler.

        Using arrow functions to remove need for _this.
        Made errorWritableStream take two parameters to simplify code and align it with the spec.

        No change in behavior.

        * Modules/streams/ReadableStream.js:
        (initializeReadableStream):
        * Modules/streams/WritableStream.js:
        (initializeWritableStream):
        (abort):
        (write):
        * Modules/streams/WritableStreamInternals.js:
        (errorWritableStream):
        (writableStreamAdvanceQueue):
        (closeWritableStream):

2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] teeReadableStream should not directly use stream.getReader()
        https://bugs.webkit.org/show_bug.cgi?id=151487

        Reviewed by Darin Adler.

        Covered by added test.

        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStream): Create a @ReadableStreamReader instead of calling getReader() which may be disrupted by user scripts.

2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] streams should not directly use Number and related methods
        https://bugs.webkit.org/show_bug.cgi?id=151499

        Reviewed by Darin Adler.

        Covered by updated test.

        Using @Number, @isFinite and @isNaN in place of Number, Number.isFinite and Number.isNaN.

        * Modules/streams/ReadableStreamInternals.js:
        (enqueueInReadableStream):
        * Modules/streams/StreamInternals.js:
        (validateAndNormalizeQueuingStrategy):
        (enqueueValueWithSize):

2015-12-01  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GTK+ build after r192849.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction):
        * bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
        (webkit_dom_test_interface_supplemental_method1):
        (webkit_dom_test_interface_supplemental_method2):
        (webkit_dom_test_interface_set_supplemental_str2):
        (webkit_dom_test_interface_get_supplemental_node):
        (webkit_dom_test_interface_set_supplemental_node):

2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        [Streams API] Remove use of @catch for exposed promises
        https://bugs.webkit.org/show_bug.cgi?id=151625

        Reviewed by Darin Adler.

        Promise @catch is calling "then" which may be controlled by user scripts.
        This patch simply replaces @catch by calling @then directly.

        Covered by modified tests.

        * Modules/streams/ReadableStream.js:
        (pipeTo):
        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStream):

2015-11-30  Jaehun Lim  <ljaehun.lim@samsung.com>

        Unreviewed, fix build after r192848 and r192849

        - Rename canSuspendForPageCache to canSuspendForDocumentSuspension
        - Use references instead of pointers

        * Modules/battery/BatteryManager.cpp:
        (WebCore::BatteryManager::canSuspendForDocumentSuspension):
        (WebCore::BatteryManager::canSuspendForPageCache): Deleted.
        * Modules/battery/BatteryManager.h:
        * Modules/battery/NavigatorBattery.cpp:
        (WebCore::NavigatorBattery::webkitBattery):
        * Modules/battery/NavigatorBattery.h:
        * Modules/gamepad/deprecated/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::webkitGetGamepads):
        * Modules/gamepad/deprecated/NavigatorGamepad.h:
        * Modules/navigatorcontentutils/NavigatorContentUtils.cpp:
        (WebCore::NavigatorContentUtils::registerProtocolHandler):
        (WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):
        (WebCore::NavigatorContentUtils::unregisterProtocolHandler):
        * Modules/navigatorcontentutils/NavigatorContentUtils.h:
        * Modules/vibration/NavigatorVibration.cpp:
        (WebCore::NavigatorVibration::vibrate):
        * Modules/vibration/NavigatorVibration.h:

2015-11-30  Jiewen Tan  <jiewen_tan@apple.com>

        Amazon.com Additional Information links aren't clickable
        https://bugs.webkit.org/show_bug.cgi?id=151401
        <rdar://problem/23454261>

        Reviewed by Darin Adler.

        The cause of this issue is that the painting order is different from the hittest order so we can end up
        with visible but unreachable content. To fix this, the executation flow of hittest has been reordered.
        According to the paint system, which renders the webpage from the bottom RenderLayer to the top, contents
        are rendered before floats. Hence, for the hittest, which determines the hitted location from top RenderLayer
        to the bottom, should do it reversedly. Now, hittest will first test floats then contents.

        Test: fast/block/float/hit-test-on-overlapping-floats.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::nodeAtPoint):

2015-11-30  Simon Fraser  <simon.fraser@apple.com>

        Fix possible crash with animated layers in reflections
        https://bugs.webkit.org/show_bug.cgi?id=151689
        rdar://problem/23018612

        Reviewed by Darin Adler.

        Reflections create additional PlatformCALayers whose owner is set to the GraphicsLayerCA.
        Those PlatformCALayers need their owner pointer cleared out when the GraphicsLayerCA
        is destroyed.
        
        Tested by compositing/reflections/nested-reflection-transition.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        * platform/graphics/ca/GraphicsLayerCA.h:

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Iterating index cursors to a specific key is busted.
        https://bugs.webkit.org/show_bug.cgi?id=151684

        Reviewed by Darin Adler.

        No new tests (At least one failing test now passes).

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::iterate):

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: ObjectStore cursors should not be able to iterate out of their range.
        https://bugs.webkit.org/show_bug.cgi?id=151683

        Reviewed by Darin Adler.

        No new tests (Covered by at least one failing test that now passes).

        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementForwardIterator):
        (WebCore::IDBServer::MemoryObjectStoreCursor::incrementReverseIterator):

2015-11-30  Anders Carlsson  <andersca@apple.com>

        CTTE autogenerated bindings code
        https://bugs.webkit.org/show_bug.cgi?id=151682

        Reviewed by Darin Adler.

        Make sure that JS bindings pass a reference to the object when calling static member functions.

        * Modules/gamepad/NavigatorGamepad.cpp:
        (WebCore::NavigatorGamepad::getGamepads):
        * Modules/gamepad/NavigatorGamepad.h:
        * Modules/geolocation/NavigatorGeolocation.cpp:
        (WebCore::NavigatorGeolocation::geolocation):
        * Modules/geolocation/NavigatorGeolocation.h:
        * Modules/mediasource/AudioTrackMediaSource.h:
        (WebCore::AudioTrackMediaSource::sourceBuffer):
        * Modules/mediasource/TextTrackMediaSource.h:
        (WebCore::TextTrackMediaSource::sourceBuffer):
        * Modules/mediasource/VideoTrackMediaSource.h:
        (WebCore::VideoTrackMediaSource::sourceBuffer):
        * Modules/mediastream/HTMLMediaElementMediaStream.cpp:
        (WebCore::HTMLMediaElementMediaStream::srcObject):
        (WebCore::HTMLMediaElementMediaStream::setSrcObject):
        * Modules/mediastream/HTMLMediaElementMediaStream.h:
        * Modules/mediastream/NavigatorMediaDevices.cpp:
        (WebCore::NavigatorMediaDevices::mediaDevices):
        * Modules/mediastream/NavigatorMediaDevices.h:
        * Modules/notifications/DOMWindowNotifications.cpp:
        (WebCore::DOMWindowNotifications::webkitNotifications):
        * Modules/notifications/DOMWindowNotifications.h:
        * Modules/notifications/Notification.cpp:
        (WebCore::Notification::Notification):
        * Modules/notifications/WorkerGlobalScopeNotifications.cpp:
        (WebCore::WorkerGlobalScopeNotifications::webkitNotifications):
        * Modules/notifications/WorkerGlobalScopeNotifications.h:
        * Modules/speech/DOMWindowSpeechSynthesis.cpp:
        (WebCore::DOMWindowSpeechSynthesis::speechSynthesis):
        * Modules/speech/DOMWindowSpeechSynthesis.h:
        * Modules/webdatabase/DOMWindowWebDatabase.cpp:
        (WebCore::DOMWindowWebDatabase::openDatabase):
        * Modules/webdatabase/DOMWindowWebDatabase.h:
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation):
        (GenerateParametersCheck):
        * testing/Internals.cpp:
        (WebCore::Internals::enableMockSpeechSynthesizer):

2015-11-30  Katlyn Graff  <kgraff@apple.com>

        Rename ActiveDOMObject/DOMWindow PageCacheSuspension code to support more reasons for suspension
        https://bugs.webkit.org/show_bug.cgi?id=151677

        Reviewed by Ryosuke Niwa.

        Simply a refactoring patch, so no new tests.

        * Modules/encryptedmedia/MediaKeySession.cpp:
        (WebCore::MediaKeySession::canSuspendForDocumentSuspension):
        (WebCore::MediaKeySession::canSuspendForPageCache): Deleted.
        * Modules/encryptedmedia/MediaKeySession.h:
        * Modules/geolocation/Geolocation.cpp:
        (WebCore::Geolocation::canSuspendForDocumentSuspension):
        (WebCore::Geolocation::canSuspendForPageCache): Deleted.
        * Modules/geolocation/Geolocation.h:
        * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
        (WebCore::DOMWindowIndexedDatabase::disconnectFrameForDocumentSuspension):
        (WebCore::DOMWindowIndexedDatabase::reconnectFrameFromDocumentSuspension):
        (WebCore::DOMWindowIndexedDatabase::disconnectFrameForPageCache): Deleted.
        (WebCore::DOMWindowIndexedDatabase::reconnectFrameFromPageCache): Deleted.
        * Modules/indexeddb/DOMWindowIndexedDatabase.h:
        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBDatabase::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/client/IDBDatabaseImpl.h:
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBRequest::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/client/IDBRequestImpl.h:
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBTransaction::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        * Modules/indexeddb/legacy/LegacyDatabase.cpp:
        (WebCore::LegacyDatabase::canSuspendForDocumentSuspension):
        (WebCore::LegacyDatabase::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/legacy/LegacyDatabase.h:
        * Modules/indexeddb/legacy/LegacyRequest.cpp:
        (WebCore::LegacyRequest::canSuspendForDocumentSuspension):
        (WebCore::LegacyRequest::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/legacy/LegacyRequest.h:
        * Modules/indexeddb/legacy/LegacyTransaction.cpp:
        (WebCore::LegacyTransaction::canSuspendForDocumentSuspension):
        (WebCore::LegacyTransaction::canSuspendForPageCache): Deleted.
        * Modules/indexeddb/legacy/LegacyTransaction.h:
        * Modules/mediasource/MediaSource.cpp:
        (WebCore::MediaSource::canSuspendForDocumentSuspension):
        (WebCore::MediaSource::canSuspendForPageCache): Deleted.
        * Modules/mediasource/MediaSource.h:
        * Modules/mediasource/SourceBuffer.cpp:
        (WebCore::SourceBuffer::canSuspendForDocumentSuspension):
        (WebCore::SourceBuffer::canSuspendForPageCache): Deleted.
        * Modules/mediasource/SourceBuffer.h:
        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::canSuspendForDocumentSuspension):
        (WebCore::MediaStreamTrack::canSuspendForPageCache): Deleted.
        * Modules/mediastream/MediaStreamTrack.h:
        * Modules/mediastream/RTCDTMFSender.cpp:
        (WebCore::RTCDTMFSender::canSuspendForDocumentSuspension):
        (WebCore::RTCDTMFSender::canSuspendForPageCache): Deleted.
        * Modules/mediastream/RTCDTMFSender.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::canSuspendForDocumentSuspension):
        (WebCore::RTCPeerConnection::canSuspendForPageCache): Deleted.
        * Modules/mediastream/RTCPeerConnection.h:
        * Modules/notifications/DOMWindowNotifications.cpp:
        (WebCore::DOMWindowNotifications::disconnectFrameForDocumentSuspension):
        (WebCore::DOMWindowNotifications::reconnectFrameFromDocumentSuspension):
        (WebCore::DOMWindowNotifications::disconnectFrameForPageCache): Deleted.
        (WebCore::DOMWindowNotifications::reconnectFrameFromPageCache): Deleted.
        * Modules/notifications/DOMWindowNotifications.h:
        * Modules/notifications/Notification.cpp:
        (WebCore::Notification::canSuspendForDocumentSuspension):
        (WebCore::Notification::canSuspendForPageCache): Deleted.
        * Modules/notifications/Notification.h:
        * Modules/notifications/NotificationCenter.cpp:
        (WebCore::NotificationCenter::canSuspendForDocumentSuspension):
        (WebCore::NotificationCenter::canSuspendForPageCache): Deleted.
        * Modules/notifications/NotificationCenter.h:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::canSuspendForDocumentSuspension):
        (WebCore::AudioContext::canSuspendForPageCache): Deleted.
        * Modules/webaudio/AudioContext.h:
        * Modules/webdatabase/DatabaseContext.cpp:
        (WebCore::DatabaseContext::canSuspendForDocumentSuspension):
        (WebCore::DatabaseContext::canSuspendForPageCache): Deleted.
        * Modules/webdatabase/DatabaseContext.h:
        * Modules/websockets/WebSocket.cpp:
        (WebCore::WebSocket::canSuspendForDocumentSuspension):
        (WebCore::WebSocket::canSuspendForPageCache): Deleted.
        * Modules/websockets/WebSocket.h:
        * css/FontLoader.cpp:
        (WebCore::FontLoader::canSuspendForDocumentSuspension):
        (WebCore::FontLoader::canSuspendForPageCache): Deleted.
        * css/FontLoader.h:
        * dom/ActiveDOMObject.cpp:
        (WebCore::ActiveDOMObject::canSuspendForDocumentSuspension):
        (WebCore::ActiveDOMObject::canSuspendForPageCache): Deleted.
        * dom/ActiveDOMObject.h:
        * dom/Document.cpp:
        (WebCore::Document::~Document):
        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjectsForTabSuspension):
        (WebCore::ScriptExecutionContext::canSuspendActiveDOMObjectsForPageCache): Deleted.
        * dom/ScriptExecutionContext.h:
        * fileapi/FileReader.cpp:
        (WebCore::FileReader::canSuspendForDocumentSuspension):
        (WebCore::FileReader::canSuspendForPageCache): Deleted.
        * fileapi/FileReader.h:
        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        * history/PageCache.cpp:
        (WebCore::canCacheFrame):
        * html/HTMLMarqueeElement.cpp:
        (WebCore::HTMLMarqueeElement::canSuspendForDocumentSuspension):
        (WebCore::HTMLMarqueeElement::canSuspendForPageCache): Deleted.
        * html/HTMLMarqueeElement.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::canSuspendForDocumentSuspension):
        (WebCore::HTMLMediaElement::canSuspendForPageCache): Deleted.
        * html/HTMLMediaElement.h:
        * html/HTMLSourceElement.cpp:
        (WebCore::HTMLSourceElement::canSuspendForDocumentSuspension):
        (WebCore::HTMLSourceElement::canSuspendForPageCache): Deleted.
        * html/HTMLSourceElement.h:
        * html/PublicURLManager.cpp:
        (WebCore::PublicURLManager::canSuspendForDocumentSuspension):
        (WebCore::PublicURLManager::canSuspendForPageCache): Deleted.
        * html/PublicURLManager.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::canSuspendForDocumentSuspension):
        (WebCore::WebGLRenderingContextBase::canSuspendForPageCache): Deleted.
        * html/canvas/WebGLRenderingContextBase.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::clear):
        (WebCore::FrameLoader::open):
        * loader/appcache/DOMApplicationCache.cpp:
        (WebCore::DOMApplicationCache::disconnectFrameForDocumentSuspension):
        (WebCore::DOMApplicationCache::reconnectFrameFromDocumentSuspension):
        (WebCore::DOMApplicationCache::disconnectFrameForPageCache): Deleted.
        (WebCore::DOMApplicationCache::reconnectFrameFromPageCache): Deleted.
        * loader/appcache/DOMApplicationCache.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::DOMWindow):
        (WebCore::DOMWindow::~DOMWindow):
        (WebCore::DOMWindow::resetUnlessSuspendedForDocumentSuspension):
        (WebCore::DOMWindow::suspendForDocumentSuspension):
        (WebCore::DOMWindow::resumeFromDocumentSuspension):
        (WebCore::DOMWindow::disconnectDOMWindowProperties):
        (WebCore::DOMWindow::reconnectDOMWindowProperties):
        (WebCore::DOMWindow::resetUnlessSuspendedForPageCache): Deleted.
        (WebCore::DOMWindow::suspendForPageCache): Deleted.
        (WebCore::DOMWindow::resumeFromPageCache): Deleted.
        * page/DOMWindow.h:
        * page/DOMWindowExtension.cpp:
        (WebCore::DOMWindowExtension::disconnectFrameForDocumentSuspension):
        (WebCore::DOMWindowExtension::reconnectFrameFromDocumentSuspension):
        (WebCore::DOMWindowExtension::disconnectFrameForPageCache): Deleted.
        (WebCore::DOMWindowExtension::reconnectFrameFromPageCache): Deleted.
        * page/DOMWindowExtension.h:
        * page/DOMWindowProperty.cpp:
        (WebCore::DOMWindowProperty::disconnectFrameForDocumentSuspension):
        (WebCore::DOMWindowProperty::reconnectFrameFromDocumentSuspension):
        (WebCore::DOMWindowProperty::disconnectFrameForPageCache): Deleted.
        (WebCore::DOMWindowProperty::reconnectFrameFromPageCache): Deleted.
        * page/DOMWindowProperty.h:
        * page/EventSource.cpp:
        (WebCore::EventSource::canSuspendForDocumentSuspension):
        (WebCore::EventSource::canSuspendForPageCache): Deleted.
        * page/EventSource.h:
        * page/SuspendableTimer.cpp:
        (WebCore::SuspendableTimer::canSuspendForDocumentSuspension):
        (WebCore::SuspendableTimer::canSuspendForPageCache): Deleted.
        * page/SuspendableTimer.h:
        * workers/Worker.cpp:
        (WebCore::Worker::canSuspendForDocumentSuspension):
        (WebCore::Worker::canSuspendForPageCache): Deleted.
        * workers/Worker.h:
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::canSuspendForDocumentSuspension):
        (WebCore::XMLHttpRequest::canSuspendForPageCache): Deleted.
        * xml/XMLHttpRequest.h:

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: "prevunique" cursors should point at the lowest primary key that matches, not the highest.
        https://bugs.webkit.org/show_bug.cgi?id=151675.

        Reviewed by Darin Adler.

        No new tests (Covered by at least one failing test that now passes, and updates to previously incorrect tests).

        * Modules/indexeddb/server/IndexValueEntry.cpp:
        (WebCore::IDBServer::IndexValueEntry::reverseBegin): If CursorDuplicity is NoDuplicates, start at the lowest
          entry instead of the highest.
        (WebCore::IDBServer::IndexValueEntry::reverseFind):
        * Modules/indexeddb/server/IndexValueEntry.h:
        
        * Modules/indexeddb/server/IndexValueStore.cpp:
        (WebCore::IDBServer::IndexValueStore::reverseFind):
        (WebCore::IDBServer::IndexValueStore::Iterator::Iterator):
        (WebCore::IDBServer::IndexValueStore::Iterator::nextIndexEntry):
        * Modules/indexeddb/server/IndexValueStore.h:
        
        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::MemoryIndexCursor):
        (WebCore::IDBServer::MemoryIndexCursor::iterate):
        
        * Modules/indexeddb/shared/IDBCursorInfo.cpp:
        (WebCore::IDBCursorInfo::duplicity):
        (WebCore::IDBCursorInfo::isDirectionNoDuplicate): Deleted.
        * Modules/indexeddb/shared/IDBCursorInfo.h:

2015-11-30  Jiewen Tan  <jiewen_tan@apple.com>

        Null dereference loading Blink layout test http/tests/misc/detach-during-notifyDone.html
        https://bugs.webkit.org/show_bug.cgi?id=149309
        <rdar://problem/22748363>

        Reviewed by Brent Fulgham.

        A weird order of event execution introduced by the test case will kill the webpage in a
        subframe of the page while executing its |frame.loader().checkLoadCompleteForThisFrame()|.
        Therefore, any frames comes after the failing subframe will have no page. Check it before
        calling to those frames' |frame.loader().checkLoadCompleteForThisFrame()|, otherwise the
        assertion in |frame.loader().checkLoadCompleteForThisFrame()| will fail.

        Test: http/tests/misc/detach-during-notifyDone.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkLoadComplete):

2015-11-30  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r192819.
        https://bugs.webkit.org/show_bug.cgi?id=151681

        This change broke existing layout tests on Windows (Requested
        by ryanhaddad on #webkit).

        Reverted changeset:

        "Unify font-variant-* with font-variant shorthand"
        https://bugs.webkit.org/show_bug.cgi?id=149773
        http://trac.webkit.org/changeset/192819

2015-11-30  Darin Adler  <darin@apple.com>

        Use Optional instead of isNull out argument for nullable getters
        https://bugs.webkit.org/show_bug.cgi?id=151676

        Reviewed by Anders Carlsson.

        No behavior change, just cleaner code.

        * Modules/geolocation/Coordinates.cpp:
        (WebCore::Coordinates::altitude): Return an Optional.
        (WebCore::Coordinates::altitudeAccuracy): Ditto.
        (WebCore::Coordinates::heading): Ditto.
        (WebCore::Coordinates::speed): Ditto.
        * Modules/geolocation/Coordinates.h: Ditto.

        * Modules/indexeddb/IDBVersionChangeEvent.cpp:
        (WebCore::IDBVersionChangeEvent::create): Added. The code before was calling
        through to Event::create, which is clearly not what was wanted. Also removed
        unneeded explicit destructor.
        * Modules/indexeddb/IDBVersionChangeEvent.h: Changed return type of newVersion
        to Optional and updated for above change.

        * Modules/indexeddb/client/IDBVersionChangeEventImpl.cpp:
        (WebCore::IDBClient::IDBVersionChangeEvent::newVersion): Changed to return
        an Optional.
        * Modules/indexeddb/client/IDBVersionChangeEventImpl.h: Removed unused
        default argument values; the event type one, at least, was clearly incorrect.
        Made more things private, got rid of unneeded destructor, marked class final
        instead of marking all functions final.

        * Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp:
        (WebCore::LegacyVersionChangeEvent::newVersion): Same as above.
        * Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Ditto.

        * Modules/mediastream/MediaTrackConstraints.cpp:
        (WebCore::MediaTrackConstraints::optional): Removed bogus bool value. If we
        come back to finish later we will have to implement optional return values
        for arrays in the JavaScript bindings generator, which should be straightforward.
        * Modules/mediastream/MediaTrackConstraints.h: Ditto.

        * bindings/js/JSDOMBinding.h:
        (WebCore::toNullableJSNumber): Added. This function template is used for
        return values that are nullable numbers.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateFunction): Replaced some existing bogus code to handle nullables with
        new equally-bogus code that should be no worse and will compile.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateImplementation): Removed old support for nullables.
        (NativeToJSValue): Added new support for nullable numbers.

        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation): Removed support for nullables. We almost certainly
        won't need it for Objective-C bindings.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp: Updated.
        * bindings/scripts/test/JS/JSTestObj.cpp: Updated.
        * bindings/scripts/test/ObjC/DOMTestObj.mm: Updated.

2015-11-30  Wenson Hsieh  <wenson_hsieh@apple.com>

        Split platform-independent logic in AVCaptureDeviceManager out into a new class
        https://bugs.webkit.org/show_bug.cgi?id=151388
        <rdar://problem/23593980>

        Reviewed by Eric Carlson.

        To prepare for creating a MockCaptureDeviceManager to be able to test
        MediaDevices.getUserMedia, we create a platform-independent capture device manager
        which all platforms should extend and add platform-specific logic to.

        The methods CaptureDeviceManager::createMediaSourceForCaptureDeviceWithConstraints and
        CaptureDeviceManager::captureDeviceList should be overridden by each platform
        CaptureDeviceManager to respectively create a RealtimeMediaSource and return a list of
        capture devices. createMediaSourceForCaptureDeviceWithConstraints attempts to create
        a media source for a given device with some constraints; if the contraints cannot be
        satisfied, this returns null.

        The refactored capture device manager also introduces the notion of a platform-
        independent capture session which may be extended by platform device managers for
        determining whether a given constraint name, value and media type is valid.

        A platform-independent CaptureDeviceInfo now represents either the video or audio
        component of a capture device, but not both at once. This means a capture device that
        supports both video and audio will emit two separate capture devices.

        No new tests, since there should be no behavior change.

        * Modules/mediastream/CaptureDeviceInfo.h: Added.
        (WebCore::CaptureSessionInfo::~CaptureSessionInfo):
        (WebCore::CaptureSessionInfo::supportsVideoSize):
        (WebCore::CaptureSessionInfo::bestSessionPresetForVideoDimensions):
        * Modules/mediastream/CaptureDeviceManager.cpp: Added.
        (CaptureDeviceManager::~CaptureDeviceManager):
        (CaptureDeviceManager::getSourcesInfo):
        (CaptureDeviceManager::captureDeviceFromDeviceID):
        (CaptureDeviceManager::verifyConstraintsForMediaType):
        (CaptureDeviceManager::bestSourcesForTypeAndConstraints):
        (CaptureDeviceManager::sourceWithUID):
        (CaptureDeviceManager::bestDeviceForFacingMode):
        (facingModeFromString):
        (CaptureDeviceManager::sessionSupportsConstraint):
        (CaptureDeviceManager::isSupportedFrameRate):
        * Modules/mediastream/CaptureDeviceManager.h: Added.
        (WebCore::CaptureDeviceManager::refreshCaptureDeviceList):
        (WebCore::CaptureDeviceManager::defaultCaptureSession):
        * WebCore.xcodeproj/project.pbxproj:
        * platform/mediastream/RealtimeMediaSourceSupportedConstraints.cpp: Added.
        (WebCore::RealtimeMediaSourceSupportedConstraints::nameForConstraint):
        (WebCore::RealtimeMediaSourceSupportedConstraints::constraintFromName):
        (WebCore::RealtimeMediaSourceSupportedConstraints::supportsConstraint):
        * platform/mediastream/RealtimeMediaSourceSupportedConstraints.h:
        * platform/mediastream/mac/AVCaptureDeviceManager.h:
        * platform/mediastream/mac/AVCaptureDeviceManager.mm:
        (WebCore::AVCaptureSessionInfo::AVCaptureSessionInfo):
        (WebCore::AVCaptureSessionInfo::supportsVideoSize):
        (WebCore::AVCaptureSessionInfo::bestSessionPresetForVideoDimensions):
        (WebCore::AVCaptureDeviceManager::captureDeviceList):
        (WebCore::shouldConsiderDeviceInDeviceList):
        (WebCore::AVCaptureDeviceManager::refreshCaptureDeviceList):
        (WebCore::AVCaptureDeviceManager::AVCaptureDeviceManager):
        (WebCore::AVCaptureDeviceManager::bestSourcesForTypeAndConstraints):
        (WebCore::AVCaptureDeviceManager::sourceWithUID):
        (WebCore::AVCaptureDeviceManager::getSourcesInfo):
        (WebCore::AVCaptureDeviceManager::verifyConstraintsForMediaType):
        (WebCore::AVCaptureDeviceManager::defaultCaptureSession):
        (WebCore::AVCaptureDeviceManager::sessionSupportsConstraint):
        (WebCore::AVCaptureDeviceManager::createMediaSourceForCaptureDeviceWithConstraints):
        (WebCore::AVCaptureDeviceManager::deviceDisconnected):
        (WebCore::AVCaptureDeviceManager::isSupportedFrameRate):
        (WebCore::CaptureDevice:::m_enabled): Deleted.
        (WebCore::captureDeviceList): Deleted.
        (WebCore::captureDeviceFromDeviceID): Deleted.
        (WebCore::refreshCaptureDeviceList): Deleted.
        (WebCore::AVCaptureDeviceManager::bestSessionPresetForVideoSize): Deleted.
        (WebCore::AVCaptureDeviceManager::deviceSupportsFacingMode): Deleted.
        (WebCore::AVCaptureDeviceManager::bestDeviceForFacingMode): Deleted.
        (WebCore::AVCaptureDeviceManager::isValidConstraint): Deleted.
        (WebCore::AVCaptureDeviceManager::validConstraintNames): Deleted.
        (WebCore::AVCaptureDeviceManager::validFacingModes): Deleted.
        * platform/mediastream/mac/AVVideoCaptureSource.mm:
        (WebCore::AVVideoCaptureSource::applyConstraints):
        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::validateRequestConstraints):
        (WebCore::RealtimeMediaSourceCenterMac::createMediaStream):

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Set the correct source on the IDBRequest for cursor updates
        https://bugs.webkit.org/show_bug.cgi?id=151665

        Reviewed by Andy Estes.

        No new tests (At least one existing failing test now passes).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::update):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putForCursorUpdate):
        (WebCore::IDBClient::IDBObjectStore::putOrAdd):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::IDBRequest):
        (WebCore::IDBClient::IDBRequest::setSource):
        * Modules/indexeddb/client/IDBRequestImpl.h:

2015-11-30  Tim Horton  <timothy_horton@apple.com>

        Get rid of the legacy TextIndicatorWindow style
        https://bugs.webkit.org/show_bug.cgi?id=151674

        Reviewed by Anders Carlsson.

        * page/TextIndicator.h:
        * page/mac/TextIndicatorWindow.mm:
        (-[WebTextIndicatorView initWithFrame:textIndicator:margin:offset:]): Deleted.

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Correct handling of cursors finishing iteration.
        https://bugs.webkit.org/show_bug.cgi?id=151664

        Reviewed by Andy Estes.

        No new tests (At least one previously failing test now passes).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::setGetResult):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::putOrAdd):

2015-11-30  Myles C. Maxfield  <mmaxfield@apple.com>

        Unify font-variant-* with font-variant shorthand
        https://bugs.webkit.org/show_bug.cgi?id=149773

        Reviewed by Darin Adler.

        This patch makes font-variant a shorthand for the following properties:
        font-variant-ligatures
        font-variant-position
        font-variant-caps
        font-variant-numeric
        font-variant-alternates
        font-variant-east-asian

        This is consistent with the CSS Fonts Level 3 spec.

        This patch also migrates the "font" longhand to use the font-variant-caps
        property.

        Test: fast/text/font-variant-shorthand.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::fontVariantEastAsianPropertyValue): Rename FontVariantEastAsian values.
        (WebCore::fontVariantFromStyle): We must consult with the longhand properties to determine
        font-variant computed style.
        (WebCore::ComputedStyleExtractor::propertyValue): Don't put any-old font-variant-caps inside
        the font shorthand.
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::addFontFaceRule): Guard against incorrect downcasts (due to inherit
        of the new shorthand property).
        * css/CSSParser.cpp: Parse font-variant as a shorthand. Also implement its "normal" and "none" values.
        (WebCore::CSSParser::parseValue):
        (WebCore::CSSParser::parseFont):
        (WebCore::CSSParser::parseSystemFont):
        (WebCore::CSSParser::parseFontVariantLigatures):
        (WebCore::CSSParser::parseFontVariantNumeric):
        (WebCore::CSSParser::parseFontVariantEastAsian):
        (WebCore::CSSParser::parseFontVariant):
        (WebCore::isValidKeywordPropertyAndValue): Deleted.
        (WebCore::isKeywordPropertyID): Deleted.
        * css/CSSParser.h:
        * css/CSSPropertyNames.in: Turn font-variant into a shorthand property.
        * css/FontVariantBuilder.h: Guard against incorrect downcasts. Also update for renamed
        FontVariantEastAsian type.
        (WebCore::applyValueFontVariantLigatures):
        (WebCore::applyValueFontVariantNumeric):
        (WebCore::applyValueFontVariantEastAsian):
        * css/StyleProperties.cpp: Update to use the more specific property.
        (WebCore::StyleProperties::appendFontLonghandValueIfExplicit):
        (WebCore::StyleProperties::fontValue):
        (WebCore::StyleProperties::asText):
        * css/StyleResolver.cpp: Ditto.
        (WebCore::StyleResolver::isValidCueStyleProperty):
        * editing/EditingStyle.cpp: Ditto.
        * editing/cocoa/HTMLConverter.mm: Ditto.
        (HTMLConverterCaches::propertyValueForNode):
        (HTMLConverter::computedAttributesForElement):
        * editing/ios/EditorIOS.mm: Ditto.
        (WebCore::Editor::removeUnchangeableStyles):
        * html/canvas/CanvasRenderingContext2D.cpp: Ditto.
        (WebCore::CanvasRenderingContext2D::font):
        (WebCore::CanvasRenderingContext2D::setFont):
        * platform/graphics/FontCache.h: Removing duplicate cache key value.
        (WebCore::FontDescriptionKey::makeFlagsKey):
        * platform/graphics/FontCascade.cpp: Migrate to the new font-variant-caps from the old member variable.
        (WebCore::FontCascade::glyphDataForCharacter):
        * platform/graphics/FontCascade.h: Ditto.
        (WebCore::FontCascade::isSmallCaps):
        * platform/graphics/FontDescription.cpp: Ditto.
        (WebCore::FontDescription::FontDescription):
        * platform/graphics/FontDescription.h: Ditto.
        (WebCore::FontCascadeDescription::equalForTextAutoSizing):
        (WebCore::FontDescription::smallCaps): Deleted.
        (WebCore::FontDescription::setSmallCaps): Deleted.
        (WebCore::FontDescription::setIsSmallCaps): Deleted.
        (WebCore::FontDescription::operator==): Deleted.
        * platform/graphics/cocoa/FontCacheCoreText.cpp: Rename FontVariantEastAsianWidth.
        (WebCore::computeFeatureSettingsFromVariants):
        * platform/text/TextFlags.h: Ditto.
        (WebCore::FontVariantSettings::operator==):
        * rendering/RenderText.cpp: Migrage to the new font-variant-caps from the old member variable.
        (WebCore::RenderText::widthFromCache):

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: After versionchange transactions abort, fire onerror on the original IDBOpenDBRequest.
        https://bugs.webkit.org/show_bug.cgi?id=151648

        Reviewed by Andy Estes.

        No new tests. Covered by at least one existing failing test which now passes, and many
        other tests updated to fix their incorrect behavior.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::transaction):
        (WebCore::IDBClient::IDBDatabase::willAbortTransaction):
        (WebCore::IDBClient::IDBDatabase::didAbortTransaction):
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeAbort):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::notifyDidAbort):
        (WebCore::IDBClient::IDBTransaction::didAbort):
        (WebCore::IDBClient::IDBTransaction::didCommit):
        * Modules/indexeddb/client/IDBTransactionImpl.h:

2015-11-30  Chris Dumez  <cdumez@apple.com>

        location.origin is undefined in a web worker
        https://bugs.webkit.org/show_bug.cgi?id=151614

        Reviewed by Darin Adler.

        Expose location.origin to web workers, as per:
        https://html.spec.whatwg.org/multipage/workers.html#workerlocation

        This behavior is consistent with the behavior of Firefox and Chrome.

        Test: fast/workers/worker-location.html

        * workers/WorkerLocation.cpp:
        (WebCore::WorkerLocation::origin):
        * workers/WorkerLocation.h:
        * workers/WorkerLocation.idl:

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Support updating cursor values when the object store uses inline keys.
        https://bugs.webkit.org/show_bug.cgi?id=151647

        Reviewed by Andy Estes.

        No new tests (At least two previously failing tests now pass and are unskipped).

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::update): Use putForCursorUpdate() instead of put()
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::add):
        (WebCore::IDBClient::IDBObjectStore::put):
        (WebCore::IDBClient::IDBObjectStore::putForCursorUpdate): Use the flag to skip the inline-key check.
        (WebCore::IDBClient::IDBObjectStore::putOrAdd): Add a flag to skip the inline-key check.
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Resolve flaky GC-vs-wrapper issue with IDBOpenDBRequest.
        https://bugs.webkit.org/show_bug.cgi?id=151645

        Reviewed by Andy Estes.

        No new tests (Resolves flakiness with hundreds of existing IDB tests).

        Do to improper management of the m_hasPendingActivity flag on IDBRequestImpl,
        the request wrapper for an IDBOpenDBRequest might be garbage collected in between the
        onUpgradeNeeded event and onSuccess event.
        
        This manifested as flakiness in many tests, some more than others.
        
        I tried to write a targeted 100% reproducible case manually forcing GC, but could not get
        the timing right.
        
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit):
        * Modules/indexeddb/client/IDBOpenDBRequestImpl.h:
        
        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::dispatchEvent):
        (WebCore::IDBClient::IDBRequest::willIterateCursor):
        * Modules/indexeddb/client/IDBRequestImpl.h:
        (WebCore::IDBClient::IDBRequest::isOpenDBRequest):

2015-11-30  Per Arne Vollan  <peavo@outlook.com>

        [WinCairo][MediaFoundation] Implement seek.
        https://bugs.webkit.org/show_bug.cgi?id=151609

        Reviewed by Alex Christensen.

        The methods maxTimeSeekable() and buffered() needs to be implemented.

        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::seekDouble):
        (WebCore::MediaPlayerPrivateMediaFoundation::durationDouble):
        (WebCore::MediaPlayerPrivateMediaFoundation::readyState):
        (WebCore::MediaPlayerPrivateMediaFoundation::maxTimeSeekable):
        (WebCore::MediaPlayerPrivateMediaFoundation::buffered):
        (WebCore::MediaPlayerPrivateMediaFoundation::didLoadingProgress):
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::currentTime):
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::isActive):
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
        (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::maxTimeLoaded):

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: openCursor() fix resulting in at least 4 more passing tests.
        https://bugs.webkit.org/show_bug.cgi?id=151630

        Reviewed by Andy Estes.

        No new tests (At least 4 failing tests now pass, and 9 other incorrect tests updated).

        * Modules/indexeddb/IDBGetResult.cpp:
        (WebCore::IDBGetResult::isolatedCopy):
        * Modules/indexeddb/IDBGetResult.h:
        (WebCore::IDBGetResult::IDBGetResult):
        (WebCore::IDBGetResult::isDefined):

        * Modules/indexeddb/client/IDBRequestImpl.cpp:
        (WebCore::IDBClient::IDBRequest::didOpenOrIterateCursor): If the IDBGetResult is undefined,
          do not expose the cursor as the result property of the IDBRequest.

2015-11-30  Brady Eidson  <beidson@apple.com>

        Modern IDB: Support keyPath injection into object store records.
        https://bugs.webkit.org/show_bug.cgi?id=151640

        Reviewed by Andy Estes.

        No new tests (At least one existing failure now passes and is unskipped,
        while many other existing failures are now closer to passing).

        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord): Use the new UniqueIDBDatabase VM/ExecState.
        (WebCore::IDBServer::MemoryObjectStore::populateIndexWithExistingRecords): Ditto
        (WebCore::IDBServer::indexVM): Deleted.
        (WebCore::IDBServer::indexGlobalExec): Deleted.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadVM):
        (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadExecState):
        (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): If appropriate, inject the key that will be used into
          the value before storing the record.
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

        Add modern JSValue/ExecState& version of some binding utilities, for use today and in preparation of getting 
        rid of the DOMRequestState and Deprecated::ScriptValue versions later:
        * bindings/js/IDBBindingUtilities.cpp:
        (WebCore::idbKeyToJSValue):
        (WebCore::injectIDBKeyIntoScriptValue):
        (WebCore::deserializeIDBValueData):
        (WebCore::deserializeIDBValueDataToJSValue):
        * bindings/js/IDBBindingUtilities.h:

2015-11-25  Andy Estes  <aestes@apple.com>

        [Content Filtering] Avoid creating a ContentFilter when loading the empty document
        https://bugs.webkit.org/show_bug.cgi?id=151615

        Reviewed by Daniel Bates.

        It's expensive to create the first ContentFilter since two frameworks must be soft-linked. There's no reason to
        pay this cost if we're just loading the empty document.

        No new tests. It's not possible to write a test that would fail without this change since ContentFilter is not
        notified of empty document loads.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource): Don't initialize m_contentFilter until we know we aren't
        loading the empty document.
        (WebCore::DocumentLoader::DocumentLoader):

2015-11-29  Antoine Quint  <graouts@apple.com>

        Browser does not fall back to SVG attribute value when CSS style value is invalid or not supported
        https://bugs.webkit.org/show_bug.cgi?id=147932

        Reviewed by Dean Jackson.

        Instead of returning an SVGPaint object of type SVG_PAINTTYPE_UNKNOWN when we encounter an SVG paint
        value that cannot be parsed, we now return `nullptr` which will cause that value to be ignored and
        let another paint value in the cascade be used instead. This is the same approach used for SVGColor.
        Since we're removing the only call site for `SVGPaint::createUnknown()`, we remove that function entirely.

        Tests: svg/css/invalid-color-cascade.svg
               svg/css/invalid-paint-cascade.svg

        * css/SVGCSSParser.cpp:
        (WebCore::CSSParser::parseSVGPaint):
        * svg/SVGPaint.h:
        (WebCore::SVGPaint::createUnknown): Deleted.

2015-11-29  Simon Fraser  <simon.fraser@apple.com>

        Use SVGTransform::SVGTransformType instead of an unsigned short
        https://bugs.webkit.org/show_bug.cgi?id=151637

        Reviewed by Brady Eidson.

        Make 'type' more strongly typed.

        * svg/SVGTransformable.cpp:
        (WebCore::SVGTransformable::parseTransformValue):
        (WebCore::parseAndSkipType):
        (WebCore::SVGTransformable::parseTransformType):
        (WebCore::SVGTransformable::parseTransformAttribute):
        * svg/SVGTransformable.h:

2015-11-27  Brady Eidson  <beidson@apple.com>

        Modern IDB: Class-ify IDBGetResult making it impossible to get the data members wrong.
        https://bugs.webkit.org/show_bug.cgi?id=151627

        Reviewed by Alexey Proskuryakov.

        No new tests (No change in behavior).

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBGetResult.cpp: Added.
        (WebCore::IDBGetResult::dataFromBuffer):
        (WebCore::IDBGetResult::isolatedCopy):
        * Modules/indexeddb/IDBGetResult.h:
        (WebCore::IDBGetResult::IDBGetResult):
        (WebCore::IDBGetResult::valueBuffer):
        (WebCore::IDBGetResult::keyData):
        (WebCore::IDBGetResult::primaryKeyData):
        (WebCore::IDBGetResult::keyPath):
        (WebCore::IDBGetResult::setValueBuffer):
        (WebCore::IDBGetResult::setKeyData):
        (WebCore::IDBGetResult::setPrimaryKeyData):
        (WebCore::IDBGetResult::setKeyPath):
        (WebCore::IDBGetResult::dataFromBuffer): Deleted.
        (WebCore::IDBGetResult::isolatedCopy): Deleted.

        * Modules/indexeddb/client/IDBCursorImpl.cpp:
        (WebCore::IDBClient::IDBCursor::setGetResult):
        * Modules/indexeddb/client/IDBCursorImpl.h:

        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::didGetRecordOnServer):

        * Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:
        (WebCore::GetOperation::perform):

        * Modules/indexeddb/server/IDBBackingStore.h:

        * Modules/indexeddb/server/MemoryCursor.h:

        * Modules/indexeddb/server/MemoryIndexCursor.cpp:
        (WebCore::IDBServer::MemoryIndexCursor::currentData):

        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::currentData):

        * platform/CrossThreadCopier.h:

2015-11-27  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Do not use the WebCore garbage collector timer
        https://bugs.webkit.org/show_bug.cgi?id=151623

        Reviewed by Martin Robinson.

        Now that garbage collector timers have been implemented in
        JavaScriptCore for glib, we don't need to use another Timer in WebCore.

        * bindings/js/GCController.cpp:
        (WebCore::GCController::garbageCollectSoon):
        (WebCore::GCController::garbageCollectNowIfNotDoneRecently):

2015-11-18  Andy Estes  <aestes@apple.com>

        [Content Filtering] Crash in DocumentLoader::notifyFinished() when allowing a media document to load
        https://bugs.webkit.org/show_bug.cgi?id=151433
        rdar://problem/23506594

        Reviewed by Alexey Proskuryakov.

        When the main resource of a media document commits, WebKit cancels its load since the plug-in or media engine
        will do its own loading. If content filtering is enabled, and the filter waits allow the load until the entire
        resource is downloaded, then ContentFilter will attempt to call DocumentLoader::notifyFinished() immediately
        after delivering the buffered resource data to DocumentLoader. However, delivering the data will have nulled out
        DocumentLoader's m_mainResource when the load was cancelled, leading to a crash in notifyFinished().

        To resolve this, add a new Stopped state to ContentFilter. Set this state if DocumentLoader clears its main
        resource or detaches from its frame. If ContentFilter is in the Stopped state after calling
        DocumentLoader::dataReceived(), do not proceed to call DocumentLoader::notifyFinished().

        Test: contentfiltering/allow-media-document.html

        * loader/ContentFilter.cpp:
        (WebCore::ContentFilter::stopFilteringMainResource): Set m_state to Stopped. If m_mainResource is non-null,
        removed ContentFilter as a client and set m_mainResource to null.
        (WebCore::ContentFilter::notifyFinished): Stopped calling DocumentLoader::notifyFinished() if m_state is Stopped
        after calling DocumentLoader::dataReceived().
        * loader/ContentFilter.h:
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::detachFromFrame): Called ContentFilter::stopFilteringMainResource() instead of setting
        m_contentFilter to null.
        (WebCore::DocumentLoader::clearMainResource): Ditto.

2015-11-25  Pranjal Jumde  <pjumde@apple.com>

        Checks for buffer-overflows when reading characters from textRun
        https://bugs.webkit.org/show_bug.cgi?id=151055
        <rdar://problem/23251789>

        Reviewed by Myles C. Maxfield.

        Prevents an off by one error when adding the last font data to the GlyphBuffer.

        * Source/WebCore/platform/graphics/WidthIterator.cpp:
        * Source/WebCore/platform/graphics/FontCascade.cpp:

2015-11-24  Xabier Rodriguez Calvar  <calvaris@igalia.com>

        [Streams API] Implement pipeTo method in readable Stream
        https://bugs.webkit.org/show_bug.cgi?id=151588

        Reviewed by Darin Adler.

        Implemented pipeTo method according to the reference implementation in the spec as the spec is not written
        yet. It can be found at https://github.com/whatwg/streams/blob/632b26a05f3106650b1ec91239ad5b012e6c64af/reference-implementation/lib/readable-stream.js#L75.

        Tests: streams/pipe-to.html
               streams/reference-implementation/brand-checks.html
               streams/reference-implementation/pipe-through.html
               streams/reference-implementation/pipe-to.html
               streams/reference-implementation/pipe-to-options.html
               streams/reference-implementation/readable-stream-templated

        * Modules/streams/ReadableStream.js:
        (doPipe): Internal function of pipeTo.
        (closeDest): Internal function of pipeTo.
        (abortDest): Internal function of pipeTo.
        (pipeTo): Implemented as per spec with some other internal functions as helpers.

2015-11-24  Antti Koivisto  <antti@apple.com>

        REGRESSION (r190983): Non-element, non-text nodes should not be distributed to slots
        https://bugs.webkit.org/show_bug.cgi?id=151566
        rdar://problem/23430177

        Reviewed by Zalan Bujtas.

        We don't invalidate slot assignments except for text or element children. Fix by not
        not assigning other nodes to slots as it is not useful.

        Test: fast/html/details-comment-crash.html

        * dom/SlotAssignment.cpp:
        (WebCore::slotNameFromSlotAttribute):
        (WebCore::SlotAssignment::findAssignedSlot):
        (WebCore::SlotAssignment::assignSlots):

2015-11-23  David Kilzer  <ddkilzer@apple.com>

        Hardening against CSSSelector double frees
        <http://webkit.org/b/56124>
        <rdar://problem/9119036>

        Reviewed by Antti Koivisto.

        Add some security assertions to catch this issue if it ever
        happens in Debug builds, and make changes in
        CSSSelector::~CSSSelector() and
        CSSSelectorList::deleteSelectors() to prevent obvious issues if
        they're ever called twice in Release builds.

        No new tests because we don't know how to reproduce this.

        * css/CSSSelector.cpp:
        (WebCore::CSSSelector::CSSSelector): Initialize
        m_destructorHasBeenCalled.
        * css/CSSSelector.h:
        (WebCore::CSSSelector::m_destructorHasBeenCalled): Add bitfield.
        (WebCore::CSSSelector::CSSSelector): Initialize
        m_destructorHasBeenCalled.
        (WebCore::CSSSelector::~CSSSelector): Add security assertion
        that this is never called twice.  Clear out any fields that
        would have caused us to dereference an object twice.

        * css/CSSSelectorList.cpp:
        (WebCore::CSSSelectorList::deleteSelectors): Clear
        m_selectorArray when freeing the memory to which it was
        pointing.  This prevents re-entrancy issues or calling this
        method twice on the same thread.  Also restructure the for()
        loop to prevent calling CSSSelector::isLastInSelectorList()
        after CSSSelector::~CSSSelector() has been called (via CRBug
        241892).

2015-11-23  Brian Burg  <bburg@apple.com>

        Web Inspector: inspector settings should not be shared between different inspection levels
        https://bugs.webkit.org/show_bug.cgi?id=151151

        Reviewed by Timothy Hatcher.

        InspectorController and InspectorFrontendClient should know how to compute their
        inspection levels, so that this level can be exposed to the Inspector frontend for
        preference disambiguation by inspection level.

         - A Page with normal web content has an inspection level of 0.
         - The first Web Inspector has an inspection level of 1.
         - The second Web Inspector that inspects the Inspector has an inspection level of 2.
         - And so forth...

        For local frontend clients (WK1 and the ProtocolTestStub), the inspection level of
        a Page computed as follows:

        - If the page's inspector controller has no frontend client, then the Page
        is normal web content (level 0).
        - If the page's inspector controller has a frontend client, ask for its inspection level.
        A frontend client looks at the inspection level reported by inspected page's inspector
        controller and increments by one to account for the crossed inspection boundary.

        No new tests, this is blocked by test infrastructure fixes (https://webkit.org/b/151573).

        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::inspectionLevel): Added.
        (WebCore::InspectorController::hasInspectorFrontendClient): Deleted.
        * inspector/InspectorController.h:
        * inspector/InspectorFrontendClient.h:
        * inspector/InspectorFrontendClientLocal.cpp:
        (WebCore::InspectorFrontendClientLocal::canAttachWindow): Check inspectionLevel().
        (WebCore::InspectorFrontendClientLocal::inspectionLevel): Added.
        * inspector/InspectorFrontendClientLocal.h:
        * inspector/InspectorFrontendHost.cpp:
        (WebCore::InspectorFrontendHost::inspectionLevel): Added.
        * inspector/InspectorFrontendHost.h:
        * inspector/InspectorFrontendHost.idl:
        * page/ContextMenuController.cpp:
        (WebCore::ContextMenuController::populate): Check inspectionLevel().

2015-11-20  Brian Burg  <bburg@apple.com>

        Web Inspector: RemoteInspector should track targets and connections for remote automation
        https://bugs.webkit.org/show_bug.cgi?id=151042

        Reviewed by Joseph Pecoraro.

        Use the new RemoteControllableTarget API method names.

        No new tests, no behavior change.

        * page/PageDebuggable.cpp:
        (WebCore::PageDebuggable::connect):
        (WebCore::PageDebuggable::dispatchMessageFromRemote):
        (WebCore::PageDebuggable::dispatchMessageFromRemoteFrontend): Deleted.
        * page/PageDebuggable.h:

2015-11-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: Unskip all indexeddb/mozilla tests that pass.
        https://bugs.webkit.org/show_bug.cgi?id=151568
        
        Reviewed by Alex Christensen.

        No new tests (Lots of skipped existing tests now pass).

        * Modules/indexeddb/shared/IDBError.h:

2015-11-23  Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au>

        Add WebCore namespace for generated bindings for supplemental method calls
        https://bugs.webkit.org/show_bug.cgi?id=151431

        Reviewed by Alex Christensen.

        Address build failures for generated supplemental method calls which are in the WebCore namespace. 
        The bindings are outside the WebCore namespace - so add WebCore namespace specifier where required.

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateImplementation):
        (GenerateParametersCheck):
        * bindings/scripts/CodeGeneratorObjC.pm:
        (GenerateImplementation):
        * bindings/scripts/test/JS/JSTestInterface.cpp:
        (WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
        (WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
        (WebCore::jsTestInterfaceSupplementalStr1):
        (WebCore::jsTestInterfaceSupplementalStr2):
        (WebCore::jsTestInterfaceSupplementalNode):
        (WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
        (WebCore::setJSTestInterfaceSupplementalStr2):
        (WebCore::setJSTestInterfaceSupplementalNode):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
        (WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
        (WebCore::jsTestInterfaceConstructorFunctionSupplementalMethod4):
        * bindings/scripts/test/ObjC/DOMTestInterface.mm:
        (-[DOMTestInterface supplementalStr1]):
        (-[DOMTestInterface supplementalStr2]):
        (-[DOMTestInterface setSupplementalStr2:]):
        (-[DOMTestInterface supplementalStr3]):
        (-[DOMTestInterface setSupplementalStr3:]):
        (-[DOMTestInterface supplementalNode]):
        (-[DOMTestInterface setSupplementalNode:]):
        (-[DOMTestInterface builtinAttribute]):
        (-[DOMTestInterface setBuiltinAttribute:]):
        (-[DOMTestInterface supplementalMethod1]):
        (-[DOMTestInterface supplementalMethod2:objArg:]):
        (-[DOMTestInterface supplementalMethod3]):
        (-[DOMTestInterface supplementalMethod4]):
        (-[DOMTestInterface builtinFunction]):

2015-11-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: When a transaction is aborted, call onerror handlers for all in-progress requests.
        https://bugs.webkit.org/show_bug.cgi?id=151550

        Reviewed by Alex Christensen.

        Test: storage/indexeddb/modern/abort-requests-cancelled.html
              storage/indexeddb/modern/idbtransaction-objectstore-failures.html (with changes)
              storage/indexeddb/modern/index-5.html (with changes)
              Various (currently skipped) legacy IDB tests.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::transaction):
        (WebCore::IDBClient::IDBDatabase::startVersionChangeTransaction):
        (WebCore::IDBClient::IDBDatabase::didStartTransaction):
        (WebCore::IDBClient::IDBDatabase::willCommitTransaction):
        (WebCore::IDBClient::IDBDatabase::didCommitTransaction):
        (WebCore::IDBClient::IDBDatabase::willAbortTransaction):
        (WebCore::IDBClient::IDBDatabase::didAbortTransaction):
        (WebCore::IDBClient::IDBDatabase::didCommitOrAbortTransaction):
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::abort):
        (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests):
        (WebCore::IDBClient::IDBTransaction::didCreateObjectStoreOnServer):
        (WebCore::IDBClient::IDBTransaction::didCreateIndexOnServer):
        (WebCore::IDBClient::IDBTransaction::didGetRecordOnServer):
        (WebCore::IDBClient::IDBTransaction::didDeleteObjectStoreOnServer):
        (WebCore::IDBClient::IDBTransaction::didDeleteIndexOnServer):
        (WebCore::IDBClient::IDBTransaction::immediateAbort): Deleted.
        (WebCore::IDBClient::IDBTransaction::abortOnServer): Deleted.
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        
        * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
        (WebCore::IDBServer::MemoryIDBBackingStore::abortTransaction):
        (WebCore::IDBServer::MemoryIDBBackingStore::commitTransaction):
        
        * Modules/indexeddb/shared/IDBError.cpp:
        (WebCore::idbErrorName):
        (WebCore::idbErrorDescription):
        * Modules/indexeddb/shared/IDBError.h:
        
        * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
        (WebCore::IDBResourceIdentifier::loggingString):
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:

2015-11-23  Brady Eidson  <beidson@apple.com>

        Modern IDB: Unskip storage/indexeddb/mozilla/global-data.html.
        https://bugs.webkit.org/show_bug.cgi?id=151557

        Reviewed by Alex Christensen.

        No new tests (Unskipping existing test storage/indexeddb/mozilla/global-data.html).

        - Reworking some invalid ASSERTS
        - Actually opening pending open-database-requests after a version change transaction completes
        - Allow starting new transactions when the version change transaction has *started* finishing, 
          but before it finishes finishing.

        * Modules/indexeddb/client/IDBDatabaseImpl.cpp:
        (WebCore::IDBClient::IDBDatabase::transaction):
        
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        
        * Modules/indexeddb/server/MemoryObjectStore.cpp:
        (WebCore::IDBServer::MemoryObjectStore::~MemoryObjectStore):
        
        * Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
        (WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded): Deleted.
        
        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
        (WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
        (WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations):
        (WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):
        * Modules/indexeddb/server/UniqueIDBDatabase.h:

2015-11-23  Youenn Fablet  <youenn.fablet@crf.canon.fr>

        Remove DOMPromiseWithCallback
        https://bugs.webkit.org/show_bug.cgi?id=151565

        Reviewed by Eric Carlson.

        DOMPromiseWithCallback is no longer used as WebCore JS built-ins are used to the cases where DOMPromiseWithCallback made sense.

        No change in behavior.

        * Modules/mediastream/MediaDevices.h: Moved from DOMPromiseWithCallback to DOMPromise since the API is now called by JS built-ins.
        * bindings/js/JSDOMPromise.h:
        (WebCore::DOMPromiseWithCallback::DOMPromiseWithCallback): Deleted.
        (WebCore::DOMPromiseIteratorWithCallback::DOMPromiseIteratorWithCallback): Deleted.
        (WebCore::Error>::resolve): Deleted.
        (WebCore::Error>::reject): Deleted.
        (WebCore::Error>::resolveEnd): Deleted.

2015-11-23  Brian Burg  <bburg@apple.com>

        Web Inspector: when inspecting the inspector, add the inspection level to the title bar
        https://bugs.webkit.org/show_bug.cgi?id=151555

        Reviewed by Timothy Hatcher.

        * English.lproj/Localizable.strings: add new localized string for alternate inspector title.

2015-11-23  Zan Dobersek  <zdobersek@igalia.com>

        [GStreamer] No need to assert the pipeline's bus presence in MediaPlayerPrivateGStreamerBase dtor
        https://bugs.webkit.org/show_bug.cgi?id=151558

        Reviewed by Carlos Garcia Campos.

        In the MediaPlayerPrivateGStreamerBase destructor, there's some leftover code
        that acquires a reference to the GStreamer pipeline's bus object and then
        just asserts that it's not null. Not very useful, so remove it.

        Also use nullptr to null out the m_player member.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):

2015-11-17  Sergio Villar Senin  <svillar@igalia.com>

        ASSERTION FAILED: freeSpace >= 0 in WebCore::RenderGrid::computeTrackSizesForDirection
        https://bugs.webkit.org/show_bug.cgi?id=151254

        Reviewed by Darin Adler.

        When in quirks mode, abnormally huge margins could lead to
        negative computations of available logical sizes. We could add
        an !document.inQuirksMode() check in the assertion but since
        negative freeSpace values are valid (i.e. the condition is not
        really part of the contract and everything will work as
        expected) I've decided to simply remove it.

        Test: fast/css-grid-layout/grid-quirks-mode-huge-margin-crash.html

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::computeTrackSizesForDirection): Deleted.

2015-11-22  Myles C. Maxfield  <mmaxfield@apple.com>

        Font selection should not consult font-variant property
        https://bugs.webkit.org/show_bug.cgi?id=151537

        Reviewed by Simon Fraser.

        In section 4.7 of the CSS Fonts Level 3 spec, it says "[The font-variant and
        font-feature-settings] do not affect font selection."

        All the other browsers (Chrome, Firefox, and Edge) all obey the spec here. We
        are the only one who misbehaves. This patch aligns our behavior with the other
        browsers.

        Test: fast/text/font-selection-font-variant.html

        * css/CSSFontSelector.cpp:
        (WebCore::computeTraitsMask): Deleted.
        (WebCore::compareFontFaces): Deleted.
        (WebCore::CSSFontSelector::getFontFace): Deleted.
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::createFontFaceRule):
        (WebCore::CSSParser::CSSParser): Deleted.
        (WebCore::CSSParser::parseValue): Deleted.
        (WebCore::CSSParser::parseDeclaration): Deleted.
        (WebCore::CSSParser::clearProperties): Deleted.
        (WebCore::CSSParser::parseFontVariant): Deleted.
        (WebCore::CSSParser::createStyleRule): Deleted.
        (WebCore::CSSParser::deleteFontFaceOnlyValues): Deleted.
        * css/CSSParser.h:
        * platform/graphics/FontDescription.cpp:
        (WebCore::FontDescription::traitsMask): Deleted.
        * platform/graphics/win/FontCacheWin.cpp:
        (WebCore::traitsInFamilyEnumProc):
        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (WebCore::toTraitsMask):
        * platform/text/TextFlags.h:

2015-11-22  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed, rolling out r192727.

        It made the selections transparent again and broke
        /webkit2/WebKitWebView/snapshot

        Reverted changeset:

        "[GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor,
        et. al. should not clobber state of cached GtkStyleContexts"
        https://bugs.webkit.org/show_bug.cgi?id=151533
        http://trac.webkit.org/changeset/192727

2015-11-22  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor, et. al. should not clobber state of cached GtkStyleContexts
        https://bugs.webkit.org/show_bug.cgi?id=151533

        Reviewed by Carlos Garcia Campos.

        platformActiveSelectionBackgroundColor(), platformInactiveSelectionBackgroundColor(), etc.
        are const functions intended only to return a color used for painting, but since r174929
        they also change the state of the cached style contexts we use for GTK_TYPE_ENTRY and
        GTK_TYPE_TREE_VIEW. That's wrong; those style contexts should not have any state set. This
        could cause theme colors returned by those GtkStyleContexts to change unexpectedly,
        depending on whether the state is explicitly set before each use, or whether the theme
        actually uses the states.

        This didn't cause any regression only because every place using these style contexts
        explicitly sets the state of the style contexts before use. In fact, the GtkTreeView style
        context is not used anywhere else, and the GtkEntry style context is only used in
        paintTextField, which does set the state before use (and then reverts it using
        save/restore), so this cannot have broken anything in practice. But it's a landmine waiting
        for the next programmer to trip it.

        Fix this with a gtk_style_context_save()/gtk_style_context_restore() pair.

        * rendering/RenderThemeGtk.cpp:
        (WebCore::styleColor):

2015-11-21  Myles C. Maxfield  <mmaxfield@apple.com>

        Tiny cleanup in ComplexTextController::collectComplexTextRuns()
        https://bugs.webkit.org/show_bug.cgi?id=151534

        Reviewed by Zalan Bujtas.

        The isMissingGlyph boolean is completely unnecessary. Its entire
        responsiblity is duplicated by the "font" pointer.

        No new tests because there is no behavior change.

        * platform/graphics/mac/ComplexTextController.cpp:
        (WebCore::ComplexTextController::collectComplexTextRuns):

== Rolled over to ChangeLog-2015-11-21 ==
