2012-08-04 Dan Bernstein REGRESSION (tiled drawing): Page’s scroll bars flash with each character you type in a textarea (affects Wikipedia and YouTube) https://bugs.webkit.org/show_bug.cgi?id=91348 Reviewed by Andy Estes. * platform/ScrollableArea.cpp: (WebCore::ScrollableArea::scrollPositionChanged): Changed to call notifyContentAreaScrolled() only if the scroll position after the change differs from what it was before the change. * rendering/RenderListBox.cpp: (WebCore::RenderListBox::scrollPosition): Added an override of this ScrollableArea function. * rendering/RenderListBox.h: 2012-08-04 Ami Fischman HTMLMediaElement may fire the seeked event before currentTime reaches the seek time https://bugs.webkit.org/show_bug.cgi?id=92881 Reviewed by Eric Carlson. Testing provided by media/video-seek-past-end-paused.html, hopefully demonstrating lack of redness on all ports/bots this time. * html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): don't finishSeek() until the media player is no longer seeking. 2012-08-04 Dan Bernstein Tried to fix the Qt Windows build after r124654. * platform/graphics/SimpleFontData.cpp: (WebCore::SimpleFontData::glyphForCharacter): Enclosed this function in #if !(PLATFORM(QT) && !HAVE(QRAWFONT)). 2012-08-04 Mike West Refactor SubframeLoader::requestPlugin/loadPlugin for clarity. https://bugs.webkit.org/show_bug.cgi?id=93138 Reviewed by Adam Barth. SubframeLoader::requestPlugin and SubframeLoader::loadPlugin both do a variety of checks to determine whether or not a specific resource ought to instantiate a plugin in a specific context. r124636[1] moved one of those checks, but there doesn't seem to be a clear way to determine which checks should be performed where. This patch refactors the checks out of those two methods for clarity, moving them all into a new method: SubframeLoader::pluginIsLoadable. That method requires the resource URL and MIME type, as well as the `object` or `embed` element that owns this bit of rendering. The URL and type are used directly to determine availability, while the element is currently used only to create a renderer on which setPluginUnavailabilityReason can be called if the plugin is blocked by Content Security Policy. This patch introduces no new tests, as it shouldn't change the code's behavior: it should be a straightforward refactoring without web-visible side-effects. [1]: http://trac.webkit.org/changeset/124636 * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::pluginIsLoadable): A new method that extracts the various 'Should we allow this plugin in this context?' checks from requestPlugin and loadPlugin into ine location, rather than spreading them across both. (WebCore): (WebCore::SubframeLoader::requestPlugin): (WebCore::SubframeLoader::loadPlugin): * loader/SubframeLoader.h: (SubframeLoader): 2012-08-04 John J. Barton Web Inspector: filteredItemSelectionDialog.css has wrong selector for highlights https://bugs.webkit.org/show_bug.cgi?id=93168 Reviewed by Pavel Feldman. Selector required span to be a child, but highlights are themselves span. Used descendent selector. No new tests: I'll make one next week, to go with bug 93166 * inspector/front-end/filteredItemSelectionDialog.css: (.js-outline-dialog > .container > div.item span.highlight): 2012-08-03 Robert Hogan CSS 2.1 failure: overflow-applies-to-001 fails https://bugs.webkit.org/show_bug.cgi?id=93148 Reviewed by Eric Seidel. Overflow no longer applies to table-rows or table-row-groups, it only applies to block containers: http://www.w3.org/TR/CSS21/visufx.html#overflow Tests: css2.1/20110323/overflow-applies-to-001.htm css2.1/20110323/overflow-applies-to-002.htm css2.1/20110323/overflow-applies-to-003.htm css2.1/20110323/overflow-applies-to-004.htm css2.1/20110323/overflow-applies-to-005.htm css2.1/20110323/overflow-applies-to-006.htm css2.1/20110323/overflow-applies-to-007.htm css2.1/20110323/overflow-applies-to-008.htm css2.1/20110323/overflow-applies-to-009.htm css2.1/20110323/overflow-applies-to-010.htm css2.1/20110323/overflow-applies-to-012.htm css2.1/20110323/overflow-applies-to-013.htm css2.1/20110323/overflow-applies-to-014.htm css2.1/20110323/overflow-applies-to-015.htm * rendering/RenderBox.cpp: (WebCore::RenderBox::updateBoxModelInfoFromStyle): 2012-08-04 Adam Barth BindingSecurity::shouldAllowAccessToNode shouldn't detour through Frame to find the node's document https://bugs.webkit.org/show_bug.cgi?id=93140 Reviewed by Eric Seidel. Previously, shouldAllowAccessToNode took a detour through the Frame to find the Document associated with a given Node. That's crazy! Nodes already know their documents. This patch removes the detour. It's theoretically possible that this patch changes behavior in the case where the Frame is 0, but I couldn't find any situations in which we call this function on nodes in inactive documents because the typical way you find a node worth checking security on is via a JavaScript window object. * bindings/generic/BindingSecurity.cpp: (WebCore::canAccessDocument): (WebCore::BindingSecurity::shouldAllowAccessToNode): (WebCore::BindingSecurity::allowSettingFrameSrcToJavascriptUrl): 2012-08-04 Adam Barth [V8] Re-wire "target" half of the same-origin security check through Document rather than DOMWindow https://bugs.webkit.org/show_bug.cgi?id=93079 Reviewed by Eric Seidel. Before this patch, we were traversing from Nodes to Frames to DOMWindows to SecurityOrigins when determing the "target" of an operation for the same-origin policy security check. Rather than detouring through DOMWindow, these security checks should operate in terms of ScriptExecutionContexts (aka Documents) because that's the canonical place we store SecurityOrigin objects. A future patch will re-wire the "active" part of the security check to use ScriptExecutionContexts as well and we'll be able to remove the extra copy of SecurityOrigin that we keep in DOMWindow. * bindings/generic/BindingSecurity.cpp: (WebCore::canAccessDocument): (WebCore::BindingSecurity::canAccessFrame): (WebCore::BindingSecurity::shouldAllowAccessToNode): * bindings/v8/BindingState.cpp: (WebCore::immediatelyReportUnsafeAccessTo): * bindings/v8/BindingState.h: (WebCore): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::reportUnsafeJavaScriptAccess): * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::reportUnsafeAccessTo): * bindings/v8/V8Proxy.h: (V8Proxy): 2012-08-03 Adam Barth Disabling eval changes the timing of DidCreateScriptContext https://bugs.webkit.org/show_bug.cgi?id=92189 Reviewed by Eric Seidel. When we implemented Content-Security-Policy, we added the ability to disable eval in the JavaScript engine. However, when we process the Content-Security-Policy header, we might not have initialized the script context for the given frame. Previously, we would initialize the context, but that generates a DidCreateScriptContext callback to the embedder earlier in the Document's lifetime that before. A natural thing to do in this callback is to run script to customize the script context, but Document isn't fully initialized yet, which leads to odd bugs and general confusion. In this patch, we delay actually disabling eval until we would have created the scripting context previously. From the perspective of the web platform, this has the same behavior. The only difference is that now the DidCreateScriptContext notification occurs at the same time regardless of whether Content-Security-Policy disables eval. I tried to write a test for this change, but it was unclear to me how to write a good test. I tried writing a Chromium WebKit unit test to no avail. The good news is that this patch will be covered by the PlatformAppBrowserTest.Iframes test in Chromium once https://bugs.webkit.org/show_bug.cgi?id=93079 lands. That's not the best way to test this change, but it might be sufficient. * bindings/js/ScriptController.cpp: (WebCore::ScriptController::initScript): (WebCore::ScriptController::disableEval): * bindings/v8/ScriptController.cpp: (WebCore::ScriptController::enableEval): (WebCore::ScriptController::disableEval): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::V8DOMWindowShell::initContextIfNeeded): 2012-08-03 James Robinson [chromium] Stop relying on implicit WebFoo <-> WebCore conversion operators in compositor https://bugs.webkit.org/show_bug.cgi?id=93169 Reviewed by Adrienne Walker. This removes the compositor's reliance on implicit conversion operators from Web* types to WebKit-internal types, specifically WebRect <-> WebCore::IntRect and WebString <-> WTF::String. * platform/graphics/chromium/CanvasLayerTextureUpdater.cpp: (WebCore::CanvasLayerTextureUpdater::paintContents): * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.cpp: (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::updateTextureRect): * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererChromium::getFramebufferPixels): * platform/graphics/chromium/ScrollbarLayerChromium.cpp: (WebCore::ScrollbarLayerChromium::setTexturePriorities): (WebCore::ScrollbarLayerChromium::update): * platform/graphics/chromium/cc/CCFontAtlas.cpp: (WebCore::CCFontAtlas::drawOneLineOfTextInternal): * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.cpp: (WebCore::CCHeadsUpDisplayLayerImpl::drawFPSCounter): (WebCore::CCHeadsUpDisplayLayerImpl::drawDebugRects): * platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp: (WebCore::toUVRect): (WebCore::CCScrollbarLayerImpl::appendQuads): (WebCore::CCScrollbarLayerImpl::CCScrollbar::size): 2012-08-03 Michael Nordman [Chromium] Cross-thread-copy a couple more recently added ResourceResponse data members, apparently these got missed when they were added. And fix a bug with how the m_remoteIPAddress data member is handled, an isolatedCopy() is needed for thread safety. https://bugs.webkit.org/show_bug.cgi?id=93158 Reviewed by David Levin. No new tests, minor cleanup. * platform/network/chromium/ResourceResponse.cpp: (WebCore::ResourceResponse::doPlatformCopyData): make deep copies (WebCore::ResourceResponse::doPlatformAdopt): take ownership of them * platform/network/chromium/ResourceResponse.h: (ResourceResponse): (CrossThreadResourceResponseData): 2012-08-03 Florin Malita [SVG] Tref target event listener cleanup https://bugs.webkit.org/show_bug.cgi?id=93004 Reviewed by Abhishek Arya. Currently SVGTRefElement allocates event listeners dynamically as it attaches to its targets. Synchronizing the lifetime of the target listener vs. the tref element is error prone, as various events can stack and trigger nested handlers. In order to reduce complexity and address a couple of outstanding issues, this patch changes the way event listeners are allocated: only one target listener is created for the lifetime of the SVGTRefElement, and gets reused if the target element changes. Test: svg/custom/tref-nested-events-crash.svg * dom/EventListener.h: Added new target event listener type. * svg/SVGTRefElement.cpp: (WebCore): (WebCore::SVGTRefTargetEventListener::create): (WebCore::SVGTRefTargetEventListener::cast): (SVGTRefTargetEventListener): (WebCore::SVGTRefTargetEventListener::isAttached): (WebCore::SVGTRefTargetEventListener::SVGTRefTargetEventListener): (WebCore::SVGTRefTargetEventListener::attach): (WebCore::SVGTRefTargetEventListener::detach): (WebCore::SVGTRefTargetEventListener::operator==): (WebCore::SVGTRefTargetEventListener::handleEvent): No need to check m_trefElement anymore - the listener is allocated for the whole element lifetime, detached when the element is removed and deallocated when the element is destroyed. (WebCore::SVGTRefElement::SVGTRefElement): Allocate one target listener per element, at construction time. (WebCore::SVGTRefElement::~SVGTRefElement): Detach the listener if necessary. (WebCore::SVGTRefElement::detachTarget): Check whether the element is still in document after updating the text (may have been removed by event handlers). (WebCore::SVGTRefElement::buildPendingResource): Attach the event listener before updating the text content to avoid racing with event handlers (which can remove the element). (WebCore::SVGTRefElement::removedFrom): * svg/SVGTRefElement.h: (WebCore): (SVGTRefElement): 2012-08-03 Michael Saboff Convert HTML parser to handle 8-bit resources without converting to UChar* https://bugs.webkit.org/show_bug.cgi?id=90321 Reviewed by Adam Barth. No new tests, no new functionality therefore covered by existing tests. Changed the parsing of HTML to handle 8-bit strings without converting the whole string to 16-bits. Primary change was to use the appropriate character pointer type (LChar* or UChar*) depending on the source string. This access is abstracted in SegmentedSubstring by getCurrentChar{8,16} and incrementAndGetCurrentChar{8,16} methods. In SegmentedString, the advance() and advanceAndUpdateLineNumber() methods have been refactored into a state machine managed pair of function pointers. The possible functions have not only the 8 and 16 bitness factored out, they also have the "exclude line numbers" logic factored out for advanceAndUpdateLineNumber(). This change also has improvements over http://trac.webkit.org/changeset/123679. The most prominent change was to inline the 8 bit paths for both advance() and advanceAndUpdateLineNumber(). This provides a net speed-up even with the 8/16 bit testing. Other changes involve using String methods to access and compare with the source data. * html/FTPDirectoryDocument.cpp: (WebCore::FTPDirectoryDocumentParser::append): Changed to use currentChar() instead of SegmentedString '*' operator. * html/parser/HTMLEntityParser.cpp: Changed to use currentChar() instead of SegmentedString '*' operator. * html/parser/HTMLParserIdioms.cpp: (WebCore::stripLeadingAndTrailingHTMLSpaces): Added 8-bit fast path. * html/parser/HTMLSourceTracker.cpp: (WebCore::HTMLSourceTracker::sourceForToken): Changed to use currentChar() instead of SegmentedString '*' operator. * loader/cache/CachedScript.cpp: (WebCore::CachedScript::script): Updated to use new String::dataSize() method. * platform/text/SegmentedString.cpp: (WebCore::SegmentedString::SegmentedString): (WebCore::SegmentedString::operator=): (WebCore::SegmentedString::clear): (WebCore::SegmentedString::append): (WebCore::SegmentedString::prepend): (WebCore::SegmentedString::advanceSubstring): (WebCore::SegmentedString::advance): (WebCore::SegmentedString::advance8): Fast path advance function for 8 bit data. (WebCore::SegmentedString::advance16): Fast path advance function for 16 bit data. (WebCore::SegmentedString::advanceAndUpdateLineNumber8): Fast path advanceAndUpdateLineNumber for 8 bit data when we need to update the line number. (WebCore::SegmentedString::advanceAndUpdateLineNumber16): Fast path advanceAndUpdateLineNumber for 16 bit data when we need to update the line number. (WebCore::SegmentedString::advanceSlowCase): Slow case advance function for both 8 and 16 bit advance. (WebCore::SegmentedString::advanceAndUpdateLineNumberSlowCase): Slow case advanceAndUpdateLineNumber function for both 8 and 16 bit data. (WebCore::SegmentedString::advanceEmpty): Advance function when input has been exhausted. (WebCore::SegmentedString::updateSlowCaseFunctionPointers): Set advance function pointers to slow case functions. * platform/text/SegmentedString.h: (WebCore::SegmentedSubstring::SegmentedSubstring): (WebCore::SegmentedSubstring::clear): (SegmentedSubstring): (WebCore::SegmentedSubstring::is8Bit): New getter. (WebCore::SegmentedSubstring::appendTo): (WebCore::SegmentedSubstring::getCurrentChar8): New getter for the 8 bit case. (WebCore::SegmentedSubstring::getCurrentChar16): New getter for the 16 bit case. (WebCore::SegmentedSubstring::incrementAndGetCurrentChar8): New wrapper functions that pre-increments the 8 bit pointer and returns the next character. (WebCore::SegmentedSubstring::incrementAndGetCurrentChar16): New wrapper functions that pre-increments the 16 bit pointer and returns the next character. (WebCore::SegmentedSubstring::currentSubString): (WebCore::SegmentedSubstring::getCurrentChar): (WebCore::SegmentedSubstring::incrementAndGetCurrentChar): (WebCore::SegmentedString::SegmentedString): (WebCore::SegmentedString::push): (WebCore::SegmentedString::isEmpty): (WebCore::SegmentedString::lookAhead): (WebCore::SegmentedString::lookAheadIgnoringCase): (WebCore::SegmentedString::advance): Wrapper that contains 8 bit fast path or calls via member function point to approriate advance() flavor. (WebCore::SegmentedString::advanceAndUpdateLineNumber): Wrapper that contains 8 bit fast path or calls via member function point to approriate advance() flavor. (WebCore::SegmentedString::advanceAndASSERT): (WebCore::SegmentedString::advanceAndASSERTIgnoringCase): (WebCore::SegmentedString::advancePastNonNewline): (WebCore::SegmentedString::advancePastNewlineAndUpdateLineNumber): (WebCore::SegmentedString::currentChar): (WebCore::SegmentedString::decrementAndCheckLength): Decrement substring length and change to slow case functions when only one character left. (WebCore::SegmentedString::updateAdvanceFunctionPointers): Select appropriate advance functions based on current substring. (WebCore::SegmentedString::lookAheadInline): Changed to use String::startsWith(). (WebCore::SegmentedString::lookAheadSlowCase): * xml/parser/CharacterReferenceParserInlineMethods.h: (WebCore::consumeCharacterReference): Changed to use currentChar() instead of SegmentedString '*' operator. * xml/parser/MarkupTokenizerBase.h: (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::nextInputCharacter): (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::peek): Changed to use currentChar() instead of SegmentedString '*' operator. (WebCore::MarkupTokenizerBase::InputStreamPreprocessor::advance): 2012-08-03 Arnaud Renevier Update TypedArrays to throw RangeError or similar instead of INDEX_SIZE_ERR https://bugs.webkit.org/show_bug.cgi?id=45118 Reviewed by Kenneth Russell. Update TypedArrays to raise JavaScript RangeError instead of dom INDEX_SIZE_ERR exceptions. Also, update TypedArrays to raise TypeError instead of JavaScript SyntaxError or dom exceptions SYNTAX_ERR when calling set method with invalid arguments. Specification does not define the type of exceptions to raise, but other browsers raise JavaScript errors, so those changes will improve compatibility. New Test: fast/canvas/webgl/array-set-invalid-arguments.html Updated Tests expectations: fast/canvas/webgl/array-set-out-of-bounds.html fast/canvas/webgl/data-view-crash.html fast/canvas/webgl/data-view-test.html * bindings/js/JSArrayBufferViewHelper.h: (WebCore): (WebCore::setWebGLArrayWithTypedArrayArgument): (WebCore::setWebGLArrayHelper): (WebCore::constructArrayBufferViewWithTypedArrayArgument): (WebCore::constructArrayBufferViewWithArrayBufferArgument): (WebCore::constructArrayBufferView): * bindings/v8/custom/V8ArrayBufferViewCustom.h: (WebCore): (WebCore::constructWebGLArrayWithArrayBufferArgument): (WebCore::setWebGLArrayHelper): 2012-08-03 Dave Tu [chromium] Fix Renderer4.CompositorThreadImplDrawDelay histogram. https://bugs.webkit.org/show_bug.cgi?id=93159 Reviewed by Adrienne Walker. The histogram is using the frame number instead of the frame time by mistake. * platform/graphics/chromium/cc/CCFrameRateCounter.cpp: (WebCore::CCFrameRateCounter::markBeginningOfFrame): 2012-08-03 David Grogan IndexedDB: Core upgradeneeded logic https://bugs.webkit.org/show_bug.cgi?id=92558 Reviewed by Ojan Vafai. This is the backend webkit logic needed for integer versions. The rest is in https://bugs.webkit.org/show_bug.cgi?id=89505. I tried to make use of the existing processPendingCalls and added two more queues, pendingOpenWithVersionCalls and pendingSecondHalfOpenWithVersionCalls. The "second half" refers to how there are two events that need to be fired in response to an open-with-version call. The "second half" queue holds the open requests that should immediately follow the caller's upgradeneeded handler. No new tests, there are so many they are in their own patch: https://bugs.webkit.org/show_bug.cgi?id=92560 Though this patch doesn't change any expected behavior anyway, lack of regressions is what we're hoping for here. * Modules/indexeddb/IDBBackingStore.h: (IDBBackingStore): * Modules/indexeddb/IDBCallbacks.h: (WebCore::IDBCallbacks::onBlocked): (WebCore::IDBCallbacks::onUpgradeNeeded): * Modules/indexeddb/IDBDatabaseBackendImpl.cpp: (IDBDatabaseBackendImpl::PendingOpenCall): (IDBDatabaseBackendImpl::PendingOpenWithVersionCall): (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::create): (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::callbacks): (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::version): (WebCore::IDBDatabaseBackendImpl::PendingOpenWithVersionCall::PendingOpenWithVersionCall): (WebCore): (WebCore::IDBDatabaseBackendImpl::IDBDatabaseBackendImpl): (WebCore::IDBDatabaseBackendImpl::openInternal): (WebCore::IDBDatabaseBackendImpl::metadata): (WebCore::IDBDatabaseBackendImpl::setVersion): (WebCore::IDBDatabaseBackendImpl::setIntVersionInternal): (WebCore::IDBDatabaseBackendImpl::transactionFinished): (WebCore::IDBDatabaseBackendImpl::transactionFinishedAndEventsFired): When an upgradeneeded event is fired in response to an open-with-version call, the version change transaction must receive its complete event before processPendingCalls fires a success event at IDBOpenDBRequest. In the future this should probably be changed instead to transactionFinishedAndAbortFired and transactionFinishedAndCompleteFired so that we'll know to fire a success or error event at IDBOpenDBRequest. Currently, instead of firing error when there's an abort, we don't fire anything. (WebCore::IDBDatabaseBackendImpl::processPendingCalls): Now that this is called after a connection is opened, we unfortunately lose the invariant that there is only one existing connection when this is called, but nothing inside this function actually relied on that. Additionally, the secondHalfOpen calls only ever need to be serviced in one place: right after a version change transaction completes, so it could be moved out of here. (WebCore::IDBDatabaseBackendImpl::registerFrontendCallbacks): Now that setVersion and deleteDatabase calls are queued up behind secondHalfOpen calls, we have to service those queues when secondHalfOpen calls complete, which is here. So call processPendingCalls(). (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction): (WebCore::IDBDatabaseBackendImpl::openConnectionWithVersion): (WebCore::IDBDatabaseBackendImpl::deleteDatabase): (WebCore::IDBDatabaseBackendImpl::close): * Modules/indexeddb/IDBDatabaseBackendImpl.h: (IDBDatabaseBackendImpl): * Modules/indexeddb/IDBDatabaseCallbacks.h: (WebCore::IDBDatabaseCallbacks::onVersionChange): * Modules/indexeddb/IDBFactoryBackendImpl.cpp: (WebCore::IDBFactoryBackendImpl::open): This is refactored some so that the call to openConection{WithVersion} happens once, at the end. * Modules/indexeddb/IDBLevelDBBackingStore.cpp: (WebCore::IDBLevelDBBackingStore::getIDBDatabaseMetaData): (WebCore::IDBLevelDBBackingStore::createIDBDatabaseMetaData): (WebCore::IDBLevelDBBackingStore::updateIDBDatabaseIntVersion): (WebCore): (WebCore::IDBLevelDBBackingStore::deleteDatabase): * Modules/indexeddb/IDBLevelDBBackingStore.h: (IDBLevelDBBackingStore): * Modules/indexeddb/IDBTransactionBackendImpl.cpp: (WebCore::IDBTransactionBackendImpl::commit): See above comments about transactionFinishedAndEventsFired. I tried moving the call to transactionFinished after the events were fired but that failed some asserts. But changing those asserts is still an alternative to splitting up transactionFinished as is done here. 2012-08-03 Rick Byers Double tap gesture should send dblclick event https://bugs.webkit.org/show_bug.cgi?id=92412 Reviewed by Adam Barth. Propagate the tap count from PlatformGestureEvent in the derived mouse events. Also fixes a crash with unexpected GestureDoubleTap events by just supressing them early. They will probably be removed soon anyway. Test: fast/events/touch/gesture/gesture-dblclick.html * page/EventHandler.cpp: (WebCore::EventHandler::handleGestureEvent): (WebCore::EventHandler::handleGestureTap): 2012-08-03 Sheriff Bot Unreviewed, rolling out r124668. http://trac.webkit.org/changeset/124668 https://bugs.webkit.org/show_bug.cgi?id=93167 Broke Mac build (Requested by kbr_google on #webkit). * bindings/js/JSArrayBufferViewHelper.h: (WebCore::setWebGLArrayWithTypedArrayArgument): (WebCore::setWebGLArrayHelper): (WebCore::constructArrayBufferViewWithTypedArrayArgument): (WebCore::constructArrayBufferViewWithArrayBufferArgument): (WebCore::constructArrayBufferView): * bindings/v8/custom/V8ArrayBufferViewCustom.h: (WebCore::constructWebGLArrayWithArrayBufferArgument): (WebCore): (WebCore::constructWebGLArray): (WebCore::setWebGLArrayHelper): 2012-08-03 Julien Chaffraix Implement computePreferredLogicalWidths on RenderGrid https://bugs.webkit.org/show_bug.cgi?id=92908 Reviewed by Ojan Vafai. This functions implements a primitive computePreferredLogicalWidths so that we properly handle vertical writing modes. Covered by fast/css-grid-layout/place-cell-by-index.html. * rendering/RenderGrid.cpp: (WebCore::RenderGrid::computePreferredLogicalWidths): * rendering/RenderGrid.h: Added computePreferredLogicalWidths. 2012-08-03 Arnaud Renevier Update TypedArrays to throw RangeError or similar instead of INDEX_SIZE_ERR https://bugs.webkit.org/show_bug.cgi?id=45118 Reviewed by Kenneth Russell. Update TypedArrays to raise JavaScript RangeError instead of dom INDEX_SIZE_ERR exceptions. Also, update TypedArrays to raise TypeError instead of JavaScript SyntaxError or dom exceptions SYNTAX_ERR when calling set method with invalid arguments. Specification does not define the type of exceptions to raise, but other browsers raise JavaScript errors, so those changes will improve compatibility. New Test: fast/canvas/webgl/array-set-invalid-arguments.html Updated Tests expectations: fast/canvas/webgl/array-set-out-of-bounds.html fast/canvas/webgl/data-view-crash.html fast/canvas/webgl/data-view-test.html * bindings/js/JSArrayBufferViewHelper.h: (WebCore): (WebCore::setWebGLArrayWithTypedArrayArgument): (WebCore::setWebGLArrayHelper): (WebCore::constructArrayBufferViewWithTypedArrayArgument): (WebCore::constructArrayBufferViewWithArrayBufferArgument): (WebCore::constructArrayBufferView): * bindings/v8/custom/V8ArrayBufferViewCustom.h: (WebCore): (WebCore::constructWebGLArrayWithArrayBufferArgument): (WebCore::setWebGLArrayHelper): 2012-08-03 Levi Weintraub Switch mapLocalToContainer to use a flag instead of boolean parameters https://bugs.webkit.org/show_bug.cgi?id=92927 Reviewed by Dirk Schulze. Changing mapLocalToContainer to use a uint flag to set the mode of operation. This removes simplifies the contract, removes boolean arguments and paves the way for an additional mode for sub-pixel layout support. See https://bugs.webkit.org/show_bug.cgi?id=89238 for the sub-pixel use case. Other than the new MapLocalToContainerMode enum and MapLocalToContainerFlags typedef, this change is purely mechanical. No new tests as this doesn't change current behavior. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::selectionGapRectsForRepaint): * rendering/RenderBox.cpp: (WebCore::RenderBox::mapLocalToContainer): * rendering/RenderBox.h: (RenderBox): * rendering/RenderGeometryMap.cpp: (WebCore::RenderGeometryMap::mapToAbsolute): * rendering/RenderInline.cpp: (WebCore::RenderInline::mapLocalToContainer): * rendering/RenderInline.h: (RenderInline): * rendering/RenderObject.cpp: (WebCore::RenderObject::localToAbsolute): (WebCore::RenderObject::mapLocalToContainer): (WebCore::RenderObject::localToContainerQuad): (WebCore::RenderObject::localToContainerPoint): * rendering/RenderObject.h: (RenderObject): Adding the MapLocalToContainerMode enum and MapLocalToContainerFlags unsigned int, and removing the old ApplyContainerFlipOrNot enum. * rendering/RenderView.cpp: (WebCore::RenderView::mapLocalToContainer): * rendering/RenderView.h: (RenderView): * rendering/svg/RenderSVGForeignObject.cpp: (WebCore::RenderSVGForeignObject::mapLocalToContainer): * rendering/svg/RenderSVGForeignObject.h: (RenderSVGForeignObject): * rendering/svg/RenderSVGInline.cpp: (WebCore::RenderSVGInline::mapLocalToContainer): * rendering/svg/RenderSVGInline.h: (RenderSVGInline): * rendering/svg/RenderSVGModelObject.cpp: (WebCore::RenderSVGModelObject::mapLocalToContainer): * rendering/svg/RenderSVGModelObject.h: (RenderSVGModelObject): * rendering/svg/RenderSVGRoot.cpp: (WebCore::RenderSVGRoot::mapLocalToContainer): * rendering/svg/RenderSVGRoot.h: (RenderSVGRoot): * rendering/svg/RenderSVGText.cpp: (WebCore::RenderSVGText::mapLocalToContainer): * rendering/svg/RenderSVGText.h: (RenderSVGText): * rendering/svg/SVGRenderSupport.cpp: (WebCore::SVGRenderSupport::mapLocalToContainer): 2012-08-03 Emil A Eklund Remove dependency on LayoutTypes.h from transformation code https://bugs.webkit.org/show_bug.cgi?id=93037 Reviewed by Levi Weintraub. TransformationMatrix and HitTestingTransformState includes LayoutTypes.h which is in rendering. This is a layering violation. Remove this dependency as it is no longer needed. No new tests, no change in functionality. * rendering/LayoutTypes.h: Remove clampToLayoutUnit * platform/FractionalLayoutUnit.h: (WebCore::FractionalLayoutUnit::clamp): Add FractionalLayoutUnit::clamp method that clamps a double to a FractionalLayoutUnit. * platform/graphics/transforms/TransformationMatrix.cpp: (WebCore::clampEdgeValue): (WebCore::TransformationMatrix::clampedBoundsOfProjectedQuad): Use clamp/max/min from FractionalLayoutUnit instead of going through LayoutUnit abstraction. * platform/graphics/transforms/TransformationMatrix.h: * rendering/HitTestingTransformState.cpp: * rendering/HitTestingTransformState.h: Replace use of LayoutRect with FractionalLayoutRect as LayoutRect maps to FractionalLayoutRect on all platforms. 2012-08-03 Dan Bernstein REGRESSION (Safari 5.1 - 6): Cannot correctly display Traditional Mongolian Script https://bugs.webkit.org/show_bug.cgi?id=92864 Reviewed by Sam Weinig. Test: platform/mac/fast/text/combining-character-sequence-vertical.html * platform/graphics/SimpleFontData.cpp: (WebCore::SimpleFontData::glyphForCharacter): Added this helper function. * platform/graphics/SimpleFontData.h: (SimpleFontData): Declared glyphDataForCharacter. * platform/graphics/mac/FontComplexTextMac.cpp: (WebCore::Font::fontDataForCombiningCharacterSequence): Added logic to use the appropriate variant of each font in the fallback list, which mimcs the equivalent logic in glyphDataAndPageForCharacter(). 2012-08-03 Kenneth Russell [Chromium] Web Inspector: Win Dbg tests timing out (r123556 or r123560?) https://bugs.webkit.org/show_bug.cgi?id=92570 Reviewed by Pavel Feldman. Try restricting the use of the GC hint for canvas contexts to only WebGL contexts, where it is most needed, to see whether this clears up the timeouts. * bindings/v8/custom/V8HTMLCanvasElementCustom.cpp: (WebCore::V8HTMLCanvasElement::getContextCallback): 2012-08-02 Jeffrey Pfau Add API for enabling blanket third-party data blocking https://bugs.webkit.org/show_bug.cgi?id=93022 Reviewed by Anders Carlsson. Added API for enabling third-party storage blocking. * page/Settings.cpp: (WebCore::Settings::Settings): * page/Settings.h: (WebCore::Settings::setThirdPartyStorageBlockingEnabled): (WebCore::Settings::thirdPartyStorageBlockingEnabled): (Settings): 2012-08-03 Anna Cavender Negative timestamps for TextTrackCues should not be allowed. https://bugs.webkit.org/show_bug.cgi?id=92939 Reviewed by Eric Carlson. Make sure cues added in JavaScript are not allowed negative timestamps. Attempting to add a cue with a negative timestamp is not successful and setting a timestamp to a negative value has no effect. Test: media/track/track-cue-negative-timestamp.html * html/track/TextTrack.cpp: (WebCore::TextTrack::addCue): If the cue's startTime or endTime is negative, do not add the cue. * html/track/TextTrackCue.cpp: (WebCore::TextTrackCue::setStartTime): Ignore negative values. (WebCore::TextTrackCue::setEndTime): Ignore negative values. * html/track/TextTrackCueList.cpp: (WebCore::TextTrackCueList::add): Add ASSERTs to check startTime and endTime are positive. 2012-08-03 Sheriff Bot Unreviewed, rolling out r124594. http://trac.webkit.org/changeset/124594 https://bugs.webkit.org/show_bug.cgi?id=93152 Broke PlatformAppBrowserTest.Iframes browser_test on Chromium bots (Requested by dimich on #webkit). * bindings/generic/BindingSecurity.cpp: (WebCore::canAccess): (WebCore::BindingSecurity::canAccessFrame): (WebCore::BindingSecurity::shouldAllowAccessToNode): * bindings/v8/BindingState.cpp: (WebCore::immediatelyReportUnsafeAccessTo): * bindings/v8/BindingState.h: (WebCore): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::reportUnsafeJavaScriptAccess): * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::reportUnsafeAccessTo): * bindings/v8/V8Proxy.h: (V8Proxy): 2012-08-03 Terry Anderson Apply target fuzzing when sending a context menu event https://bugs.webkit.org/show_bug.cgi?id=92914 Reviewed by Antonio Gomes. If TOUCH_ADJUSTMENT is enabled, use bestClickableNodeForTouchPoint to possibly adjust the location of a context menu event. This change uses the same set of candidates for touch adjustment as is used for a GestureTap event (which admittedly is a simplifying assumption). Test: touchadjustment/touch-links-longpress.html * page/EventHandler.cpp: (WebCore::EventHandler::handleGestureTap): Some code moved to the new function adjustGesturePosition. (WebCore): (WebCore::EventHandler::adjustGesturePosition): Added this function to avoid repeated code in handleGestureTap and sendContextMenuEventForGesture. (WebCore::EventHandler::sendContextMenuEventForGesture): Try to adjust the location of |mouseEvent| to correspond to the most probable gesture target. If no such target exists, the location of |mouseEvent| is unchanged. * page/EventHandler.h: (EventHandler): 2012-08-03 Sheriff Bot Unreviewed, rolling out r124475 and r124496. http://trac.webkit.org/changeset/124475 http://trac.webkit.org/changeset/124496 https://bugs.webkit.org/show_bug.cgi?id=93151 Causing assertion failures in table-section-node-at-point- crash.html (Requested by inferno-sec on #webkit). * rendering/RenderTableSection.cpp: (WebCore::RenderTableSection::paint): 2012-08-03 Jan Keromnes Web Inspector: Create and interface for TextEditor https://bugs.webkit.org/show_bug.cgi?id=93126 Reviewed by Pavel Feldman. For more extensibility, TextEditor needs to be an interface that other classes can implement, e.g. the new class DefaultTextEditor. * WebCore.gypi: * WebCore.vcproj/WebCore.vcproj: * inspector/compile-front-end.py: * inspector/front-end/SourceFrame.js: (WebInspector.SourceFrame): * inspector/front-end/TextEditor.js: (WebInspector.TextEditor): (WebInspector.TextEditor.prototype.set mimeType): (WebInspector.TextEditor.prototype.setReadOnly): (WebInspector.TextEditor.prototype.readOnly): (WebInspector.TextEditor.prototype.defaultFocusedElement): (WebInspector.TextEditor.prototype.revealLine): (WebInspector.TextEditor.prototype.addDecoration): (WebInspector.TextEditor.prototype.removeDecoration): (WebInspector.TextEditor.prototype.markAndRevealRange): (WebInspector.TextEditor.prototype.highlightLine): (WebInspector.TextEditor.prototype.clearLineHighlight): (WebInspector.TextEditor.prototype.freeCachedElements): (WebInspector.TextEditor.prototype.elementsToRestoreScrollPositionsFor): (WebInspector.TextEditor.prototype.inheritScrollPositions): (WebInspector.TextEditor.prototype.beginUpdates): (WebInspector.TextEditor.prototype.endUpdates): (WebInspector.TextEditor.prototype.onResize): (WebInspector.TextEditor.prototype._textChanged): (WebInspector.TextEditor.prototype.editRange): (WebInspector.TextEditor.prototype.scrollToLine): (WebInspector.TextEditor.prototype.selection): (WebInspector.TextEditor.prototype.lastSelection): (WebInspector.TextEditor.prototype.setSelection): (WebInspector.TextEditor.prototype.setText): (WebInspector.TextEditor.prototype.text): (WebInspector.TextEditor.prototype.range): (WebInspector.TextEditor.prototype.line): (WebInspector.TextEditor.prototype.get linesCount): (WebInspector.TextEditor.prototype.setAttribute): (WebInspector.TextEditor.prototype.getAttribute): (WebInspector.TextEditor.prototype.removeAttribute): (WebInspector.TextEditor.prototype.wasShown): (WebInspector.TextEditor.prototype._handleFocused): (WebInspector.TextEditor.prototype.willHide): * inspector/front-end/WebKit.qrc: * inspector/front-end/inspector.html: 2012-08-03 Mike West Blocking a plugin via CSP should result in one (and only one) console message. https://bugs.webkit.org/show_bug.cgi?id=92649 Reviewed by Adam Barth. Currently, blocking a plugin via Content Security Policy results in some leakage of console log messages between tests. I'm unclear as to the root cause, but the symptoms exhibited include `SubframeLoader::requestPlugin` being called multiple times for a single element, which in turn causes multiple console logs to be sent. These messages tend to appear in the subsequent test, making the `http/test/security/contentSecurityPolicy/object-src-*` set of tests flakey indeed. This patch addresses the issue by marking elements' plugins as unavailable when they're blocked by CSP. No new tests have been added: this patch should simply make the current tests actually pass. * loader/SubframeLoader.cpp: (WebCore::SubframeLoader::requestPlugin): We check the CSP status in `SubframeLoader::loadPlugin`, which is called at the end of this function. Checking CSP status in both locations is redundant. (WebCore::SubframeLoader::loadPlugin): If the plugin is blocked by CSP, tell the element's embedded object renderer that the plugin is unavailable. * platform/LocalizedStrings.cpp: (WebCore::blockedPluginByContentSecurityPolicyText): (WebCore): * platform/LocalizedStrings.h: (WebCore): * platform/blackberry/LocalizedStringsBlackBerry.cpp: (WebCore::blockedPluginByContentSecurityPolicyText): (WebCore): * platform/efl/LocalizedStringsEfl.cpp: (WebCore::blockedPluginByContentSecurityPolicyText): (WebCore): * platform/gtk/LocalizedStringsGtk.cpp: (WebCore::blockedPluginByContentSecurityPolicyText): (WebCore): * platform/qt/LocalizedStringsQt.cpp: (WebCore::blockedPluginByContentSecurityPolicyText): (WebCore): * rendering/RenderEmbeddedObject.cpp: (WebCore::unavailablePluginReplacementText): * rendering/RenderEmbeddedObject.h: Return appropriate text when the plugin is blocked by CSP. 2012-08-03 Kentaro Hara [V8] Add an IsExecutionTerminating() check to setDOMException() https://bugs.webkit.org/show_bug.cgi?id=93101 Reviewed by Adam Barth. In preparation for moving exception related code from V8Proxy to V8Binding, I am going to remove throwError(ExceptionCode, v8::Isolate*) from V8Proxy. throwError(ExceptionCode, v8::Isolate*) will be replaced with setDOMException(ExceptionCode, v8::Isolate*). By this refactoring, the way to throw JavaScript errors and DOM exceptions becomes simple: "Throw JavaScript errors by throwError(). Throw DOM exceptions by setDOMException()". (Currently some DOM exceptions are being thrown by throwError().) To keep the current behavior of throwError(ExceptionCode, v8::Isolate*), before the replacement, we need to insert the IsExecutionTerminating() check to setDOMException(). This will add an extra check to the current setDOMException(), but I don't think it's a problem. No tests. No change in behavior. * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::setDOMException): 2012-08-03 Sadrul Habib Chowdhury Avoid dispatching gesture events of unknown types https://bugs.webkit.org/show_bug.cgi?id=93060 Reviewed by Adam Barth. WebCore gesture events do not always correspond 1-to-1 to the Platform gesture events. So avoid dispatching the unknown gesture events to nodes. * dom/GestureEvent.cpp: (WebCore::GestureEvent::create): * dom/Node.cpp: (WebCore::Node::dispatchGestureEvent): 2012-08-03 Stephen Chenney Crash when a clip path referencing a clip path changes documents https://bugs.webkit.org/show_bug.cgi?id=93023 Reviewed by Dirk Schulze. The SVGClipPathElement is set to not need pending resource handling, when in fact it can have pending resources. The result is a crash when the element is moved to a new document (which deletes all resources and leaves them pending) and then immediately deleted (which asserts that there are no pending resources). There is code to remove pending resources upon deletion and removal from the DOM, but it was not executing for clips because of the aforementioned code claiming that clips don't require such handling. The assertion that there be no pending resources is necessary to prevent caches of pending resources from trying to access the deleted element. This change removes the check for needsPendingResourceHandling in SVGStyledElement upon deletion and removal from the DOM. Pending resources will always be checked in such cases to ensure we do not introduce security issues. Test: svg/custom/clip-path-document-change-assert.html * svg/SVGStyledElement.cpp: (WebCore::SVGStyledElement::~SVGStyledElement): Removed needsPendingResourceHandling in the conditional to clean up resources. (WebCore::SVGStyledElement::removedFrom): Removed needsPendingResourceHandling in the conditional to clean up resources. 2012-08-03 Kentaro Hara [V8] Remove unused methods in V8Proxy https://bugs.webkit.org/show_bug.cgi?id=93106 Reviewed by Adam Barth. In preparation for removing V8Proxy, we can remove unused methods in V8Proxy. No tests. No change in behavior. * bindings/v8/V8Proxy.h: (V8Proxy): 2012-08-03 Kentaro Hara [V8] Implement v8Undefined() https://bugs.webkit.org/show_bug.cgi?id=93093 Reviewed by Adam Barth. There are a couple of equivalent ways to create an undefined value, e.g. v8::Undefined(), v8::Undefined(isolate), v8::Handle(), etc. We should implement v8Undefined() and use it everywhere. In this bug, we implement v8Undefined() and use it in CodeGeneratorV8.pm. We can implement v8Undefined() like this: v8::Handle v8Undefined() { v8::Handle(); } This is based on the following performance results: // 14.5 ns v8::Handle xxxAttrGetter(..., info) { return v8::Undefined(); } // 8.24 ns (This cannot be used where isolate can be 0.) v8::Handle xxxAttrGetter(..., info) { return v8::Undefined(info.GetIsolate()); } // 8.54 ns v8::Handle xxxAttrGetter(..., info) { v8::Isolate* isolate = info.GetIsolate(); return isolate ? v8::Handle(v8::Undefined(isolate)) : v8::Handle(); } // 8.52 ns v8::Handle xxxAttrGetter(..., info) { return v8::Handle(); } No tests. No change in behavior. * bindings/scripts/CodeGeneratorV8.pm: (GenerateConstructorGetter): (GenerateNormalAttrGetter): (GenerateNewFunctionTemplate): (GenerateEventListenerCallback): (GenerateFunctionCallback): (GenerateCallWith): (GenerateParametersCheck): (GenerateEventConstructorCallback): (GenerateNonStandardFunction): (GenerateImplementation): (NativeToJSValue): * bindings/scripts/test/V8/V8Float64Array.cpp: (WebCore::ConfigureV8Float64ArrayTemplate): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback): (WebCore::TestActiveDOMObjectV8Internal::postMessageCallback): (WebCore::TestActiveDOMObjectV8Internal::postMessageAttrGetter): (WebCore::ConfigureV8TestActiveDOMObjectTemplate): (WebCore::V8TestActiveDOMObject::wrapSlow): * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp: (WebCore::TestCustomNamedGetterV8Internal::anotherFunctionCallback): * bindings/scripts/test/V8/V8TestEventConstructor.cpp: (WebCore::V8TestEventConstructor::constructorCallback): * bindings/scripts/test/V8/V8TestEventTarget.cpp: (WebCore::TestEventTargetV8Internal::addEventListenerCallback): (WebCore::TestEventTargetV8Internal::removeEventListenerCallback): (WebCore::ConfigureV8TestEventTargetTemplate): * bindings/scripts/test/V8/V8TestInterface.cpp: (WebCore::TestInterfaceV8Internal::supplementalMethod1Callback): (WebCore::TestInterfaceV8Internal::supplementalMethod2Callback): (WebCore::TestInterfaceV8Internal::supplementalMethod4Callback): (WebCore::ConfigureV8TestInterfaceTemplate): * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp: (WebCore::TestMediaQueryListListenerV8Internal::methodCallback): * bindings/scripts/test/V8/V8TestObj.cpp: (WebCore::TestObjV8Internal::readOnlyTestObjAttrAttrGetter): (WebCore::TestObjV8Internal::withScriptStateAttributeAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeAttrGetter): (WebCore::TestObjV8Internal::withScriptStateAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateAttributeRaisesAttrGetter): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateWithSpacesAttributeAttrGetter): (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackAttributeAttrGetter): (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackAttributeAttrSetter): (WebCore::TestObjV8Internal::cachedAttribute1AttrGetter): (WebCore::TestObjV8Internal::cachedAttribute2AttrGetter): (WebCore::TestObjV8Internal::TestObjConstructorGetter): (WebCore::TestObjV8Internal::voidMethodCallback): (WebCore::TestObjV8Internal::voidMethodWithArgsCallback): (WebCore::TestObjV8Internal::methodWithSequenceArgCallback): (WebCore::TestObjV8Internal::serializedValueCallback): (WebCore::TestObjV8Internal::idbKeyCallback): (WebCore::TestObjV8Internal::optionsObjectCallback): (WebCore::TestObjV8Internal::methodWithExceptionCallback): (WebCore::TestObjV8Internal::addEventListenerCallback): (WebCore::TestObjV8Internal::removeEventListenerCallback): (WebCore::TestObjV8Internal::withScriptStateVoidCallback): (WebCore::TestObjV8Internal::withScriptStateVoidExceptionCallback): (WebCore::TestObjV8Internal::withScriptExecutionContextCallback): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateCallback): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateObjExceptionCallback): (WebCore::TestObjV8Internal::withScriptExecutionContextAndScriptStateWithSpacesCallback): (WebCore::TestObjV8Internal::withScriptArgumentsAndCallStackCallback): (WebCore::TestObjV8Internal::methodWithOptionalArgCallback): (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndOptionalArgCallback): (WebCore::TestObjV8Internal::methodWithNonOptionalArgAndTwoOptionalArgsCallback): (WebCore::TestObjV8Internal::methodWithOptionalStringCallback): (WebCore::TestObjV8Internal::methodWithOptionalStringIsUndefinedCallback): (WebCore::TestObjV8Internal::methodWithOptionalStringIsNullStringCallback): (WebCore::TestObjV8Internal::methodWithCallbackArgCallback): (WebCore::TestObjV8Internal::methodWithNonCallbackArgAndCallbackArgCallback): (WebCore::TestObjV8Internal::methodWithCallbackAndOptionalArgCallback): (WebCore::TestObjV8Internal::conditionalMethod2Callback): (WebCore::TestObjV8Internal::conditionalMethod3Callback): (WebCore::TestObjV8Internal::overloadedMethod1Callback): (WebCore::TestObjV8Internal::overloadedMethod2Callback): (WebCore::TestObjV8Internal::overloadedMethod3Callback): (WebCore::TestObjV8Internal::overloadedMethod4Callback): (WebCore::TestObjV8Internal::overloadedMethod5Callback): (WebCore::TestObjV8Internal::overloadedMethod6Callback): (WebCore::TestObjV8Internal::overloadedMethod7Callback): (WebCore::TestObjV8Internal::overloadedMethod8Callback): (WebCore::TestObjV8Internal::overloadedMethod9Callback): (WebCore::TestObjV8Internal::overloadedMethod10Callback): (WebCore::TestObjV8Internal::classMethodCallback): (WebCore::TestObjV8Internal::overloadedMethod11Callback): (WebCore::TestObjV8Internal::overloadedMethod12Callback): (WebCore::TestObjV8Internal::classMethodWithClampCallback): (WebCore::TestObjV8Internal::enabledAtRuntimeMethod1Callback): (WebCore::TestObjV8Internal::enabledAtRuntimeMethod2Callback): (WebCore::TestObjV8Internal::enabledPerContextMethod1Callback): (WebCore::TestObjV8Internal::enabledPerContextMethod2Callback): (WebCore::TestObjV8Internal::convert1Callback): (WebCore::TestObjV8Internal::convert2Callback): (WebCore::TestObjV8Internal::convert3Callback): (WebCore::TestObjV8Internal::convert4Callback): (WebCore::TestObjV8Internal::convert5Callback): (WebCore::TestObjV8Internal::orangeCallback): (WebCore::ConfigureV8TestObjTemplate): (WebCore::V8TestObj::installPerContextProperties): * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp: (WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback): (WebCore::TestSerializedScriptValueInterfaceV8Internal::multiTransferListCallback): (WebCore::V8TestSerializedScriptValueInterface::constructorCallback): * bindings/v8/V8Binding.h: (WebCore::v8Undefined): (WebCore): 2012-08-03 Kentaro Hara [V8] Remove v8StringToWebCoreString() https://bugs.webkit.org/show_bug.cgi?id=93087 Reviewed by Adam Barth. There should be only one API that converts V8 String to WebCore String. v8ValueToWebCoreString() does it. We can remove v8StringToWebCoreString(). No tests. No change in behavior. * bindings/v8/ScriptDebugServer.cpp: (WebCore::ScriptDebugServer::setBreakpoint): * bindings/v8/V8Binding.cpp: (WebCore::v8ValueToWebCoreString): * bindings/v8/V8Binding.h: (WebCore): 2012-07-20 Jon Lee Crash in Notification when setting a non-object as an event listener (91881) https://bugs.webkit.org/show_bug.cgi?id=91881 Reviewed by Oliver Hunt. Check to make sure that the value being retrieved is an object. This is similar to the isObject() check done in the bindings code. Test: fast/notifications/notifications-event-listener-crash.html * bindings/js/Dictionary.h: (WebCore::Dictionary::getEventListener): 2012-08-03 Kentaro Hara [V8] Remove v8StringToAtomicWebCoreString() https://bugs.webkit.org/show_bug.cgi?id=93086 Reviewed by Dimitri Glazkov. There should be only one API that converts V8 String to AtomicString. v8ValueToAtomicWebCoreString() does it. We can remove v8StringToAtomicWebCoreString(). No tests. No change in behavior. * bindings/v8/V8Binding.cpp: (WebCore::v8ValueToAtomicWebCoreString): * bindings/v8/V8Binding.h: (WebCore): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::getter): * bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::V8DOMWindow::namedPropertyGetter): * bindings/v8/custom/V8HTMLAllCollectionCustom.cpp: (WebCore::V8HTMLAllCollection::namedPropertyGetter): * bindings/v8/custom/V8HTMLCollectionCustom.cpp: (WebCore::V8HTMLCollection::namedPropertyGetter): * bindings/v8/custom/V8HTMLFormElementCustom.cpp: (WebCore::V8HTMLFormElement::namedPropertyGetter): * bindings/v8/custom/V8HTMLFrameSetElementCustom.cpp: (WebCore::V8HTMLFrameSetElement::namedPropertyGetter): 2012-08-03 Ilya Tikhonovsky Web Inspector: eliminate visitBaseClass method from NMI. It introduces unnecessary complexity. https://bugs.webkit.org/show_bug.cgi?id=93129 Reviewed by Yury Semikhatsky. * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage): (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage): * dom/CharacterData.cpp: (WebCore::CharacterData::reportMemoryUsage): * dom/ContainerNode.h: (WebCore::ContainerNode::reportMemoryUsage): * dom/Document.cpp: (WebCore::Document::reportMemoryUsage): * dom/Element.h: (WebCore::Element::reportMemoryUsage): * dom/MemoryInstrumentation.h: * dom/Node.cpp: (WebCore::Node::reportMemoryUsage): 2012-08-03 Alexandre Elias [chromium] Move ubercomp quads back into CC https://bugs.webkit.org/show_bug.cgi?id=93062 Reviewed by James Robinson. Because GTFO is almost done, we can move back the quad types to CC and pickle them there. This patch moves everything back to where it was before and changes types like WebRect to IntRect. As a bonus, I also added CCRenderPassDrawQuad and CCYUVVideoDrawQuad (which had been left in the CC files) to CCDrawQuad::size(), so now every quad type is ready for serialization. No new tests (no-op refactoring). * WebCore.gypi: * platform/chromium/support/WebCompositorStreamVideoQuad.cpp: Removed. * platform/graphics/chromium/LayerRendererChromium.cpp: (WebCore::LayerRendererChromium::drawQuad): * platform/graphics/chromium/cc/CCCheckerboardDrawQuad.cpp: Copied from Source/WebCore/platform/graphics/chromium/cc/CCQuadSink.h. (WebCore): (WebCore::CCCheckerboardDrawQuad::create): (WebCore::CCCheckerboardDrawQuad::CCCheckerboardDrawQuad): (WebCore::CCCheckerboardDrawQuad::materialCast): * platform/graphics/chromium/cc/CCCheckerboardDrawQuad.h: (WebCore): (CCCheckerboardDrawQuad): * platform/graphics/chromium/cc/CCDebugBorderDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorDebugBorderQuad.cpp. (WebCore): (WebCore::CCDebugBorderDrawQuad::create): (WebCore::CCDebugBorderDrawQuad::CCDebugBorderDrawQuad): (WebCore::CCDebugBorderDrawQuad::materialCast): * platform/graphics/chromium/cc/CCDebugBorderDrawQuad.h: (WebCore): (CCDebugBorderDrawQuad): (WebCore::CCDebugBorderDrawQuad::color): (WebCore::CCDebugBorderDrawQuad::width): * platform/graphics/chromium/cc/CCDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorQuad.cpp. (WebCore): (WebCore::CCDrawQuad::CCDrawQuad): (WebCore::CCDrawQuad::opaqueRect): (WebCore::CCDrawQuad::setQuadVisibleRect): (WebCore::CCDrawQuad::size): (WebCore::CCDrawQuad::setSharedQuadState): * platform/graphics/chromium/cc/CCDrawQuad.h: (WebCore): (CCDrawQuad): (WebCore::CCDrawQuad::quadRect): (WebCore::CCDrawQuad::quadTransform): (WebCore::CCDrawQuad::visibleContentRect): (WebCore::CCDrawQuad::scissorRect): (WebCore::CCDrawQuad::opacity): (WebCore::CCDrawQuad::needsBlending): (WebCore::CCDrawQuad::isLayerAxisAlignedIntRect): (WebCore::CCDrawQuad::quadVisibleRect): (WebCore::CCDrawQuad::isDebugQuad): (WebCore::CCDrawQuad::material): (WebCore::CCDrawQuad::sharedQuadState): (WebCore::CCDrawQuad::sharedQuadStateId): * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.cpp: (WebCore::CCHeadsUpDisplayLayerImpl::appendQuads): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorIOSurfaceQuad.cpp. (WebCore): (WebCore::CCIOSurfaceDrawQuad::create): (WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad): (WebCore::CCIOSurfaceDrawQuad::materialCast): * platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h: (WebCore): (CCIOSurfaceDrawQuad): (WebCore::CCIOSurfaceDrawQuad::ioSurfaceSize): (WebCore::CCIOSurfaceDrawQuad::ioSurfaceTextureId): (WebCore::CCIOSurfaceDrawQuad::orientation): * platform/graphics/chromium/cc/CCQuadCuller.h: (CCQuadCuller): * platform/graphics/chromium/cc/CCQuadSink.h: (WebCore): (CCQuadSink): * platform/graphics/chromium/cc/CCRenderPassDrawQuad.cpp: (WebCore::CCRenderPassDrawQuad::create): (WebCore::CCRenderPassDrawQuad::CCRenderPassDrawQuad): (WebCore::CCRenderPassDrawQuad::materialCast): * platform/graphics/chromium/cc/CCRenderPassDrawQuad.h: (CCRenderPassDrawQuad): * platform/graphics/chromium/cc/CCSharedQuadState.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorSharedQuadState.cpp. (WebCore): (WebCore::CCSharedQuadState::CCSharedQuadState): (WebCore::CCSharedQuadState::create): (WebCore::CCSharedQuadState::isLayerAxisAlignedIntRect): * platform/graphics/chromium/cc/CCSharedQuadState.h: (WebCore): (CCSharedQuadState): * platform/graphics/chromium/cc/CCSolidColorDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorSolidColorQuad.cpp. (WebCore): (WebCore::CCSolidColorDrawQuad::create): (WebCore::CCSolidColorDrawQuad::CCSolidColorDrawQuad): (WebCore::CCSolidColorDrawQuad::materialCast): * platform/graphics/chromium/cc/CCSolidColorDrawQuad.h: (WebCore): (CCSolidColorDrawQuad): (WebCore::CCSolidColorDrawQuad::color): * platform/graphics/chromium/cc/CCStreamVideoDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorCheckerboardQuad.cpp. (WebCore): (WebCore::CCStreamVideoDrawQuad::create): (WebCore::CCStreamVideoDrawQuad::CCStreamVideoDrawQuad): (WebCore::CCStreamVideoDrawQuad::materialCast): * platform/graphics/chromium/cc/CCStreamVideoDrawQuad.h: (WebCore): (CCStreamVideoDrawQuad): (WebCore::CCStreamVideoDrawQuad::textureId): (WebCore::CCStreamVideoDrawQuad::matrix): * platform/graphics/chromium/cc/CCTextureDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorTextureQuad.cpp. (WebCore): (WebCore::CCTextureDrawQuad::create): (WebCore::CCTextureDrawQuad::CCTextureDrawQuad): (WebCore::CCTextureDrawQuad::setNeedsBlending): (WebCore::CCTextureDrawQuad::materialCast): * platform/graphics/chromium/cc/CCTextureDrawQuad.h: (WebCore): (CCTextureDrawQuad): (WebCore::CCTextureDrawQuad::uvRect): (WebCore::CCTextureDrawQuad::resourceId): (WebCore::CCTextureDrawQuad::premultipliedAlpha): (WebCore::CCTextureDrawQuad::flipped): * platform/graphics/chromium/cc/CCTileDrawQuad.cpp: Renamed from Source/WebCore/platform/chromium/support/WebCompositorTileQuad.cpp. (WebCore): (WebCore::CCTileDrawQuad::create): (WebCore::CCTileDrawQuad::CCTileDrawQuad): (WebCore::CCTileDrawQuad::materialCast): * platform/graphics/chromium/cc/CCTileDrawQuad.h: (WebCore): (CCTileDrawQuad): (WebCore::CCTileDrawQuad::resourceId): (WebCore::CCTileDrawQuad::textureOffset): (WebCore::CCTileDrawQuad::textureSize): (WebCore::CCTileDrawQuad::textureFilter): (WebCore::CCTileDrawQuad::swizzleContents): (WebCore::CCTileDrawQuad::leftEdgeAA): (WebCore::CCTileDrawQuad::topEdgeAA): (WebCore::CCTileDrawQuad::rightEdgeAA): (WebCore::CCTileDrawQuad::bottomEdgeAA): (WebCore::CCTileDrawQuad::isAntialiased): * platform/graphics/chromium/cc/CCYUVVideoDrawQuad.cpp: (WebCore::CCYUVVideoDrawQuad::create): (WebCore::CCYUVVideoDrawQuad::CCYUVVideoDrawQuad): (WebCore::CCYUVVideoDrawQuad::materialCast): * platform/graphics/chromium/cc/CCYUVVideoDrawQuad.h: (CCYUVVideoDrawQuad): 2012-08-03 Alexander Pavlov Unreviewed, restore Web Inspector JS frontend compilability after r124484 (fix JSDoc annotations). * inspector/front-end/Settings.js: * inspector/front-end/SettingsScreen.js: * inspector/front-end/UserAgentSupport.js: (WebInspector.UserAgentSupport.DeviceOrientation): 2012-08-03 Philippe Normand Unreviewed, rolling out r124614. http://trac.webkit.org/changeset/124614 https://bugs.webkit.org/show_bug.cgi?id=91727 gstreamer core .po files mess up the build again * platform/graphics/gstreamer/GRefPtrGStreamer.cpp: (WTF::adoptGRef): * platform/graphics/gstreamer/GStreamerVersioning.cpp: (setGstElementClassMetadata): * platform/graphics/gstreamer/GStreamerVersioning.h: * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp: (StreamingClient::didReceiveResponse): 2012-08-03 Benjamin Poulain Initialize the Event Names' string from read only memory https://bugs.webkit.org/show_bug.cgi?id=92435 Reviewed by Anders Carlsson. Similarily to r123689, we can initialize the event names' string from memory without copying the data. This saves us memory and initialization time. * dom/EventNames.cpp: (WebCore): 2012-08-03 Philippe Normand [GTK][jhbuild] Switch to GStreamer 0.11 build https://bugs.webkit.org/show_bug.cgi?id=91727 Reviewed by Gustavo Noronha Silva. Add a new function to encapsulate the GStreamer API removal of GST_OBJECT_IS_FLOATING in the upcoming 1.0 release. Use of this macro can now be replaced by calling the g_object_is_floating function. * platform/graphics/gstreamer/GRefPtrGStreamer.cpp: (WTF::adoptGRef): * platform/graphics/gstreamer/GStreamerVersioning.cpp: (gstObjectIsFloating): * platform/graphics/gstreamer/GStreamerVersioning.h: 2012-08-03 George Staikos [BlackBerry] Add a null check for media implementation to fix a crash. https://bugs.webkit.org/show_bug.cgi?id=93107 Reviewed by Rob Buis. Fixes media/video-size.html. * platform/blackberry/RenderThemeBlackBerry.cpp: (WebCore::RenderThemeBlackBerry::paintMediaSliderTrack): Add null check. 2012-08-03 Yury Semikhatsky Unreviewed. Fixed WinCE compilation after r124589. * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage): (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage): 2012-08-03 Keishi Hattori Add keyboard support for color suggestion popup https://bugs.webkit.org/show_bug.cgi?id=93069 Reviewed by Kent Tamura. This adds support for keyboard inside the color suggestion popup. Tab or arrow keys to move around. Return or space to select the color. Escape closes the popup. No new tests. Covered in platform/chromium/fast/forms/color/color-suggestion-picker-appearance.html. * Resources/colorSuggestionPicker.css: (.color-swatch): (.color-swatch:focus): * Resources/colorSuggestionPicker.js: (ColorPicker): (ColorPicker.prototype._layout): (ColorPicker.prototype.selectColorAtIndex): Selects color at index. (ColorPicker.prototype._handleMouseMove): Set focus to the swatch under the mouse cursor. (ColorPicker.prototype._handleKeyDown): Move focused element on arrow keys. (ColorPicker.prototype._handleMouseDown): Prevents blur on click. 2012-08-03 Tor Arne Vestbø Add missing include to build on Mac OS 10.8 Reviewed by Ossy. * platform/graphics/surfaces/mac/GraphicsSurfaceMac.cpp: 2012-08-03 Adam Barth [V8] Re-wire "target" half of the same-origin security check through Document rather than DOMWindow https://bugs.webkit.org/show_bug.cgi?id=93079 Reviewed by Eric Seidel. Before this patch, we were traversing from Nodes to Frames to DOMWindows to SecurityOrigins when determing the "target" of an operation for the same-origin policy security check. Rather than detouring through DOMWindow, these security checks should operate in terms of ScriptExecutionContexts (aka Documents) because that's the canonical place we store SecurityOrigin objects. A future patch will re-wire the "active" part of the security check to use ScriptExecutionContexts as well and we'll be able to remove the extra copy of SecurityOrigin that we keep in DOMWindow. * bindings/generic/BindingSecurity.cpp: (WebCore::canAccessDocument): (WebCore::BindingSecurity::canAccessFrame): (WebCore::BindingSecurity::shouldAllowAccessToNode): * bindings/v8/BindingState.cpp: (WebCore::immediatelyReportUnsafeAccessTo): * bindings/v8/BindingState.h: (WebCore): * bindings/v8/V8DOMWindowShell.cpp: (WebCore::reportUnsafeJavaScriptAccess): * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::reportUnsafeAccessTo): * bindings/v8/V8Proxy.h: (V8Proxy): 2012-08-03 Keishi Hattori ColorSuggestionPicker popup's height doesn't get smaller than 100 px https://bugs.webkit.org/show_bug.cgi?id=92945 Reviewed by Kent Tamura. A window cannot be resized to be smaller than 100x100 pixels so this adjust the color suggestion popup UI to look better when there are only a few suggestions. Tests: platform/chromium/fast/forms/color/color-suggestion-picker-one-row-appearance.html platform/chromium/fast/forms/color/color-suggestion-picker-two-row-appearance.html * Resources/colorSuggestionPicker.css: (.color-swatch-container): Vertically center the swatches. 2012-08-03 Alexander Pavlov Web Inspector: Remove InspectorCSSAgent from InstrumentingAgents on clearFrontend() https://bugs.webkit.org/show_bug.cgi?id=93082 Reviewed by Yury Semikhatsky. * inspector/InspectorCSSAgent.cpp: (WebCore::InspectorCSSAgent::InspectorCSSAgent): (WebCore::InspectorCSSAgent::~InspectorCSSAgent): (WebCore::InspectorCSSAgent::setFrontend): (WebCore::InspectorCSSAgent::clearFrontend): 2012-08-03 Eugene Klyuchnikov Web Inspector: Profiles: extract save to file / load from code https://bugs.webkit.org/show_bug.cgi?id=92348 Reviewed by Yury Semikhatsky. Motivation: extract reusable code for timeline load/save. FileUtils.js will contain common code. Not all code moved to FileUtils to make review easier. This code will be moved in next patch. Core abstractions: OutputStream and OutputStreamDelegate. OutputStream is interface that is used to transfer entity divded to chunks. Transfer process is explicitly initialized (startTransfer) and finalized (finishTrnsfer). OutputStreamDelegate is interface to receive notifications about transfer process: onTransferStarted, onChunkTransferred, onTransferFinished. ChunkedFileReader: utility class that loads file by chunks of specified size and notifies given delegate. OutputStream is supplied as a parameter of method "start". ChunkedFileWriter: implementation of OutputStream that saves data to file specified by file name and notifies given delegate. * WebCore.gypi: Added 'FileUtils.js'. * WebCore.vcproj/WebCore.vcproj: Added 'FileUtils.js'. * inspector/compile-front-end.py: Added 'FileUtils.js'. * inspector/front-end/FileUtils.js: Added. (WebInspector.OutputStreamDelegate): Added. (WebInspector.ChunkedFileReader): Added. (WebInspector.createFileSelectorElement): Added utility method to construct hidden input element to select file. * inspector/front-end/HeapSnapshotLoader.js: Adopted new API. * inspector/front-end/HeapSnapshotProxy.js: Adopted new API. * inspector/front-end/HeapSnapshotView.js: Adopted new API. (WebInspector.HeapSnapshotLoadFromFileDelegate): Extracted from existing code. (WebInspector.ChunkedFileWriter): Renamed and refactored. (WebInspector.HeapSnapshotSaveToFileDelegate): Extracted from existing code. * inspector/front-end/ProfilesPanel.js: Adopted new API. 2012-08-03 Alexander Pavlov Web Inspector: Incorrect blob url href when inspecting https://bugs.webkit.org/show_bug.cgi?id=93076 Reviewed by Vsevolod Vlasov. Special-cased the "blob" scheme to return the original URL intact on completion. * inspector/front-end/ResourceUtils.js: (WebInspector.completeURL): 2012-08-03 Yury Semikhatsky Web Inspector: add CSSRule memory instrumentation https://bugs.webkit.org/show_bug.cgi?id=92962 Reviewed by Pavel Feldman. Added memory footprint reporting method to CSSRule and its descendants. * css/CSSCharsetRule.cpp: (WebCore::CSSCharsetRule::reportDescendantMemoryUsage): (WebCore): * css/CSSCharsetRule.h: (CSSCharsetRule): * css/CSSComputedStyleDeclaration.cpp: (WebCore::CSSComputedStyleDeclaration::reportMemoryUsage): (WebCore): * css/CSSComputedStyleDeclaration.h: (CSSComputedStyleDeclaration): * css/CSSFontFaceRule.cpp: (WebCore::CSSFontFaceRule::reportDescendantMemoryUsage): (WebCore): * css/CSSFontFaceRule.h: (CSSFontFaceRule): * css/CSSImportRule.cpp: (WebCore::CSSImportRule::reportDescendantMemoryUsage): (WebCore): * css/CSSImportRule.h: (CSSImportRule): * css/CSSMediaRule.cpp: (WebCore::CSSMediaRule::reportDescendantMemoryUsage): (WebCore): * css/CSSMediaRule.h: (CSSMediaRule): * css/CSSPageRule.cpp: (WebCore::CSSPageRule::reportDescendantMemoryUsage): (WebCore): * css/CSSPageRule.h: (CSSPageRule): * css/CSSRule.cpp: (WebCore::CSSRule::reportMemoryUsage): we manually implement polymorphic call here to avoid adding vtable pointer to all CSSRule objects. Descendants are expected to report their memory via reportDescendantMemoryUsage. The name is intentionally different from reportMemoryUsage to avoid accidential infitite recursion: if the descendants overrode non-virtual CSSRule::reportMemoryUsage, it would be easy to add a new descendant type to the switch in CSSRule::reportMemoryUsage without providing proper override for reportMemoryUsage and CSSRule::reportMemoryUsage would end up calling itself. (WebCore): (WebCore::CSSRule::reportBaseClassMemoryUsage): again we cannot use MemoryClassInfo::visitBaseClass like we do for virtual methods because it would lead to a recursive call of CSSRule::reportMemoryUsage. This is why we use reportBaseClassMemoryUsage to allow descendants to report objects referenced from their base class. * css/CSSRule.h: (WebCore): (CSSRule): * css/CSSRuleList.cpp: (WebCore::StaticCSSRuleList::reportMemoryUsage): (WebCore): * css/CSSRuleList.h: (WebCore): (CSSRuleList): (StaticCSSRuleList): (LiveCSSRuleList): * css/CSSStyleDeclaration.h: (WebCore): (CSSStyleDeclaration): * css/CSSStyleRule.cpp: (WebCore::CSSStyleRule::reportDescendantMemoryUsage): (WebCore): * css/CSSStyleRule.h: (CSSStyleRule): * css/CSSStyleSheet.cpp: (StyleSheetCSSRuleList): (WebCore::CSSStyleSheet::reportMemoryUsage): * css/CSSUnknownRule.h: (CSSUnknownRule): (WebCore::CSSUnknownRule::reportDescendantMemoryUsage): * css/PropertySetCSSStyleDeclaration.cpp: (WebCore::PropertySetCSSStyleDeclaration::reportMemoryUsage): (WebCore): (WebCore::StyleRuleCSSStyleDeclaration::reportMemoryUsage): (WebCore::InlineCSSStyleDeclaration::reportMemoryUsage): * css/PropertySetCSSStyleDeclaration.h: (PropertySetCSSStyleDeclaration): (StyleRuleCSSStyleDeclaration): (InlineCSSStyleDeclaration): * css/WebKitCSSKeyframeRule.cpp: (WebCore::WebKitCSSKeyframeRule::reportDescendantMemoryUsage): (WebCore): * css/WebKitCSSKeyframeRule.h: (WebKitCSSKeyframeRule): * css/WebKitCSSKeyframesRule.cpp: (WebCore::WebKitCSSKeyframesRule::reportDescendantMemoryUsage): (WebCore): * css/WebKitCSSKeyframesRule.h: (WebKitCSSKeyframesRule): * css/WebKitCSSRegionRule.cpp: (WebCore::WebKitCSSRegionRule::reportDescendantMemoryUsage): (WebCore): * css/WebKitCSSRegionRule.h: (WebKitCSSRegionRule): 2012-08-03 Adam Barth WebCore::DragController::cleanupAfterSystemDrag should null-check page https://bugs.webkit.org/show_bug.cgi?id=61815 Reviewed by Eric Seidel. * page/DragController.cpp: (WebCore::DragController::dragEnteredOrUpdated): (WebCore::DragController::doSystemDrag): 2012-08-03 Sergio Carlos Morales Angeles Delete text from password does nothing. https://bugs.webkit.org/show_bug.cgi?id=92040 Reviewed by Ryosuke Niwa. Use Editor::canDelete() to determine if field is editable or not. Added password-delete-contents test. Test: editing/deleting/password-delete-contents.html * editing/EditorCommand.cpp: (WebCore::enabledDelete): 2012-08-03 Jan Keromnes Web Inspector: Make textModel private to textEditor https://bugs.webkit.org/show_bug.cgi?id=92999 Reviewed by Pavel Feldman. Making textModel private to the textEditor ensures that it is accessed only through the textEditor, making the latter more modular. Tests were changed accordingly. * inspector/front-end/JavaScriptSourceFrame.js: (WebInspector.JavaScriptSourceFrame.prototype.afterTextChanged): (WebInspector.JavaScriptSourceFrame.prototype._restoreBreakpointsAfterEditing): (WebInspector.JavaScriptSourceFrame.prototype._addBreakpointDecoration): (WebInspector.JavaScriptSourceFrame.prototype._removeBreakpointDecoration): (WebInspector.JavaScriptSourceFrame.prototype._lineNumberAfterEditing): * inspector/front-end/SourceFrame.js: (WebInspector.SourceFrame): (WebInspector.SourceFrame.prototype.setContent): (WebInspector.SourceFrame.prototype.replaceAllWith): (WebInspector.SourceFrame.prototype._collectRegexMatches): (WebInspector.SourceFrame.prototype.addMessageToSource): (WebInspector.SourceFrame.prototype.removeMessageFromSource): (WebInspector.TextEditorDelegateForSourceFrame.prototype.commitEditing): * inspector/front-end/TextEditor.js: (WebInspector.TextEditor.prototype.setText): (WebInspector.TextEditor.prototype.text): (WebInspector.TextEditor.prototype.range): (WebInspector.TextEditor.prototype.line): (WebInspector.TextEditor.prototype.get linesCount): (WebInspector.TextEditor.prototype.setAttribute): (WebInspector.TextEditor.prototype.getAttribute): (WebInspector.TextEditor.prototype.removeAttribute): * inspector/front-end/UISourceCodeFrame.js: (WebInspector.UISourceCodeFrame.prototype.afterTextChanged): 2012-08-03 Adam Barth V8Proxy::retrieve(*) leads to really obfuscated code and should be removed https://bugs.webkit.org/show_bug.cgi?id=93072 Reviewed by Eric Seidel. Once upon a time, V8Proxy::retrieve did a bunch of checks before returning the V8Proxy object (such as checking whether script was enabled). Over time, we've removed all of these checks in order to fix various bugs. Now all it does is check whether the Frame is 0. However, because the function ends up returning 0 when its argument is 0, the caller sill needs to have a null check. This patch deletes all the variations of V8Proxy::retrieve(*) and inlines them into their callers. In several cases, inlining the function call showed that we were testing the Frame for 0 twice, and I've removed the redundant null checks. In other cases, I've uncontorted the callers to make the code more readable. * bindings/scripts/CodeGeneratorV8.pm: (GenerateToV8Converters): * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp: (WebCore::V8TestActiveDOMObject::wrapSlow): * bindings/scripts/test/V8/V8TestNamedConstructor.cpp: (WebCore::V8TestNamedConstructorConstructorCallback): * bindings/scripts/test/V8/V8TestNode.cpp: (WebCore::V8TestNode::wrapSlow): * bindings/v8/PageScriptDebugServer.cpp: (WebCore::PageScriptDebugServer::addListener): * bindings/v8/ScheduledAction.cpp: (WebCore::ScheduledAction::execute): * bindings/v8/ScriptController.h: (WebCore::ScriptController::windowShell): * bindings/v8/V8DOMWrapper.cpp: (WebCore::V8DOMWrapper::instantiateV8Object): * bindings/v8/V8EventListener.cpp: (WebCore::V8EventListener::callListenerFunction): * bindings/v8/V8Helpers.cpp: (WebCore::toV8Proxy): * bindings/v8/V8LazyEventListener.cpp: (WebCore::V8LazyEventListener::callListenerFunction): (WebCore::V8LazyEventListener::prepareListenerObject): * bindings/v8/V8Proxy.cpp: (WebCore::V8Proxy::handleOutOfMemory): (WebCore::V8Proxy::retrievePerContextData): (WebCore::V8Proxy::mainWorldContext): (WebCore::toV8Context): * bindings/v8/V8Proxy.h: (V8Proxy): * bindings/v8/custom/V8DOMWindowCustom.cpp: (WebCore::V8DOMWindow::addEventListenerCallback): (WebCore::V8DOMWindow::removeEventListenerCallback): * bindings/v8/custom/V8DocumentCustom.cpp: (WebCore::toV8): * bindings/v8/custom/V8HTMLDocumentCustom.cpp: (WebCore::V8HTMLDocument::openCallback): (WebCore::toV8): * bindings/v8/custom/V8SVGDocumentCustom.cpp: (WebCore::toV8): 2012-08-03 Gyuyoung Kim Add *explicit* keyword to constructors in WebCore/accessibility https://bugs.webkit.org/show_bug.cgi?id=93067 Reviewed by Kentaro Hara. As a step to add *explicit* keyword to constructors which have a parameter, *explicit* keyword is added to Source/WebCore/accessibility in order to avoid implicit type conversion. No new tests. Covered by existing tests. * accessibility/AXObjectCache.h: (AXObjectCache): * accessibility/AccessibilityARIAGrid.h: (AccessibilityARIAGrid): * accessibility/AccessibilityARIAGridCell.h: (AccessibilityARIAGridCell): * accessibility/AccessibilityARIAGridRow.h: (AccessibilityARIAGridRow): * accessibility/AccessibilityList.h: (AccessibilityList): * accessibility/AccessibilityListBox.h: (AccessibilityListBox): * accessibility/AccessibilityMediaControls.h: (AccessibilityMediaControl): (AccessibilityMediaTimeline): (AccessibilityMediaControlsContainer): (AccessibilityMediaTimeDisplay): * accessibility/AccessibilityMenuList.h: (AccessibilityMenuList): * accessibility/AccessibilityNodeObject.h: (AccessibilityNodeObject): * accessibility/AccessibilityProgressIndicator.h: (AccessibilityProgressIndicator): * accessibility/AccessibilityRenderObject.h: (AccessibilityRenderObject): * accessibility/AccessibilityScrollView.h: (AccessibilityScrollView): * accessibility/AccessibilityScrollbar.h: (AccessibilityScrollbar): * accessibility/AccessibilitySlider.h: (AccessibilitySlider): * accessibility/AccessibilityTable.h: (AccessibilityTable): * accessibility/AccessibilityTableCell.h: (AccessibilityTableCell): * accessibility/AccessibilityTableRow.h: (AccessibilityTableRow): 2012-08-03 Abhishek Arya Regression(r124564): Wrong inlineChildrenBlock->hasLayer() computed in RenderBlock::removeChild. https://bugs.webkit.org/show_bug.cgi?id=90800 Reviewed by Eric Seidel. r124564 reversed the sequence of setStyle and removeChildNode calls, but failed to cache the value of inlineChildrenBlock->hasLayer(). So, it will be null when the layer is removed from parent in setStyle. Fixed by the caching the bool value. Covered by existing test fast/block/layer-not-removed-from-parent-crash.html. * rendering/RenderBlock.cpp: (WebCore::RenderBlock::removeChild): 2012-08-03 Mario Sanchez Prada [GTK] Add a new and reusable enchant-based spellchecker in WebCore https://bugs.webkit.org/show_bug.cgi?id=90269 Reviewed by Martin Robinson. Move enchant specific code down to WebCore, into a new class TextCheckerEnchant, that we can use from WK1 and WK2. * GNUmakefile.am: Add flags to handle the SPELLCHECK feature. * GNUmakefile.list.am: Added new files. * platform/text/gtk/TextCheckerEnchant.cpp: Added. (getAvailableDictionariesCallback): (TextCheckerEnchant::TextCheckerEnchant): (TextCheckerEnchant::~TextCheckerEnchant): (TextCheckerEnchant::ignoreWord): (TextCheckerEnchant::learnWord): (TextCheckerEnchant::checkSpellingOfString): (TextCheckerEnchant::getGuessesForWord): (TextCheckerEnchant::updateSpellCheckingLanguages): (TextCheckerEnchant::freeEnchantBrokerDictionaries): * platform/text/gtk/TextCheckerEnchant.h: Added. (WebCore): (TextCheckerEnchant): (WebCore::TextCheckerEnchant::create): 2012-08-03 Kwang Yul Seo Unreviewed r124536 followup, fix the assertion error on Chromium. * html/parser/HTMLTreeBuilder.cpp: (WebCore::HTMLTreeBuilder::callTheAdoptionAgency): 2012-08-03 Ilya Tikhonovsky Web Inspector: simple replace objectType with ownerObjectType in NMI code. https://bugs.webkit.org/show_bug.cgi?id=93001 Reviewed by Yury Semikhatsky. In all the cases when we are visiting members, objectType field is actually the object type of the member's owner object. * dom/MemoryInstrumentation.h: (WebCore::MemoryInstrumentation::InstrumentedPointer::InstrumentedPointer): (InstrumentedPointer): (WebCore::MemoryInstrumentation::addObject): (WebCore::MemoryInstrumentation::addInstrumentedObject): (WebCore::MemoryInstrumentation::addRawBuffer): (WebCore::MemoryInstrumentation::OwningTraits::addInstrumentedObject): (WebCore::MemoryInstrumentation::OwningTraits::addObject): (WebCore::MemoryObjectInfo::MemoryObjectInfo): (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl): (WebCore::MemoryInstrumentation::addObjectImpl): (WebCore::MemoryInstrumentation::addHashMap): (WebCore::MemoryInstrumentation::addHashSet): (WebCore::MemoryInstrumentation::addInstrumentedCollection): (WebCore::MemoryInstrumentation::addListHashSet): (WebCore::MemoryInstrumentation::addVector): (WebCore::::process): 2012-08-02 Ilya Tikhonovsky Web Inspector: extend test coverage for nmi code and fix 2 bugs. https://bugs.webkit.org/show_bug.cgi?id=92994 Reviewed by Yury Semikhatsky. 1) owner object type propagation. If a class with object-type DOM has an instrumented member with object-type Other then it has to be recorded as DOM. Sample: We have SharedBuffer class and we don't know the object-type for it but we know that it is owned by an object with object-type CachedResourceImage. 2) the first member of an instrumented non virtual class was skipped even if it was reported properly. it happened because the first member has the same address as it's owner * dom/MemoryInstrumentation.h: (WebCore::MemoryInstrumentation::addRootObject): (WebCore::MemoryInstrumentation::InstrumentedPointer::InstrumentedPointer): (InstrumentedPointer): (WebCore::MemoryInstrumentation::addInstrumentedObject): (MemoryInstrumentation): (WebCore::MemoryInstrumentation::OwningTraits::addInstrumentedObject): (WebCore::MemoryObjectInfo::MemoryObjectInfo): (WebCore::MemoryObjectInfo::reportObjectInfo): (WebCore::MemoryClassInfo::addInstrumentedMember): (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl): (WebCore::MemoryInstrumentation::addObjectImpl): (WebCore::MemoryInstrumentation::addInstrumentedCollection): (WebCore::::process): 2012-08-03 Kentaro Hara [V8] Make v8NonStringValueToWebCoreString a static method https://bugs.webkit.org/show_bug.cgi?id=93066 Reviewed by Adam Barth. v8NonStringValueToWebCoreString() and v8NonStringValueToAtomicWebCoreString() are not intended to be used from outside V8Binding.cpp. They should be static methods. No tests. No change in behavior. * bindings/v8/V8Binding.cpp: (WebCore::v8NonStringValueToWebCoreString): (WebCore): (WebCore::v8NonStringValueToAtomicWebCoreString): * bindings/v8/V8Binding.h: (WebCore::v8StringToWebCoreString): (WebCore::v8StringToAtomicWebCoreString): 2012-08-02 Abhishek Arya Crash due to layer not removed from parent for anonymous block. https://bugs.webkit.org/show_bug.cgi?id=90800 Reviewed by Kent Tamura. Reverse the order of setStyle and removeChildNode calls. This ensures that setting the style properly removes its layer from the parent in RenderBoxModelObject::styleDidChange. Calling removeChildNode before calling setStyle is problematic since the parent layer never gets notified. Test: fast/block/layer-not-removed-from-parent-crash.html * rendering/RenderBlock.cpp: (WebCore::RenderBlock::removeChild): 2012-08-02 Adam Barth V8Proxy::retrieveFrameFor*Context are used only by BindingState and should be removed as separate functions https://bugs.webkit.org/show_bug.cgi?id=93049 Reviewed by Eric Seidel. No one calls these functions directly anymore. This patch removes them from V8Proxy and inlines their logic into BindingState.cpp. * bindings/v8/BindingState.cpp: (WebCore::activeContext): (WebCore): (WebCore::activeWindow): (WebCore::activeFrame): (WebCore::firstFrame): (WebCore::currentFrame): * bindings/v8/V8Proxy.cpp: * bindings/v8/V8Proxy.h: (V8Proxy): 2012-08-02 Yoshifumi Inoue Make order of attribute/method in HTMLTrackElement.idl as same as specification https://bugs.webkit.org/show_bug.cgi?id=80102 Reviewed by Kentaro Hara. No new tests. This patch doesn't change behavior. * html/HTMLTrackElement.idl: Reorder attribute/method position. 2012-08-02 Kent Tamura Fix crashes for and