1. 18 May, 2017 5 commits
  2. 28 Mar, 2017 1 commit
  3. 27 Mar, 2017 1 commit
  4. 22 Mar, 2017 1 commit
  5. 17 Nov, 2016 1 commit
  6. 01 Nov, 2016 1 commit
  7. 28 Oct, 2016 1 commit
  8. 27 Oct, 2016 29 commits
    • carlosgc@webkit.org's avatar
      Merge r207848 - REGRESSION (r178265): XSS Auditor fails to block document.write() of incomplete tag · 43929dfd
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163978
      <rdar://problem/25962131>
      
      Reviewed by Darin Adler.
      
      Source/WebCore:
      
      During the tokenization process of an HTML tag the start and end positions of each of its
      attributes is tracked so that the XSS Auditor can request a snippet around a suspected
      injected attribute. We need to take care to consider document.write() boundaries when
      tracking the start and end positions of each HTML tag and attribute so that the XSS Auditor
      receives the correct snippet. Following r178265 we no longer consider document.write()
      boundaries when tracking the start and end positions of attributes. So, the substring
      represented by the start and end positions of an attribute may correspond to some other
      attribute in the tag. Therefore the XSS Auditor may fail to block an injection because the
      snippet it requested may not be the snippet that it intended to request.
      
      Tests: http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror.html
             http/tests/security/xssAuditor/dom-write-location-open-img-onerror.html
             http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror.html
      
      * html/parser/HTMLSourceTracker.cpp:
      (WebCore::HTMLSourceTracker::startToken): Set the attribute base offset to be the token
      start position.
      (WebCore::HTMLSourceTracker::source): Use the specified attribute start position as-is. We no
      longer adjust it here because it was adjusted with respect to the attribute base offset, which
      takes into account document.write() boundaries.
      * html/parser/HTMLToken.h:
      (WebCore::HTMLToken::setAttributeBaseOffset): Added.
      (WebCore::HTMLToken::beginAttribute): Subtract attribute base offset from the specified offset.
      (WebCore::HTMLToken::endAttribute): Ditto.
      * html/parser/HTMLTokenizer.h:
      (WebCore::HTMLTokenizer::setTokenAttributeBaseOffset): Added.
      
      LayoutTests:
      
      Add tests to ensure that the XSS Auditor blocks a document.write() of an incomplete HTML image tag.
      
      * http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror-expected.txt: Added.
      * http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror.html: Added.
      * http/tests/security/xssAuditor/dom-write-location-open-img-onerror-expected.txt: Added.
      * http/tests/security/xssAuditor/dom-write-location-open-img-onerror.html: Added.
      * http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror-expected.txt: Added.
      * http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror.html: Added.
      * http/tests/security/xssAuditor/resources/echo-nested-dom-write-location.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207987 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      43929dfd
    • carlosgc@webkit.org's avatar
      Merge r207842 - jsc.cpp is leaking memory allocated by readline in runInteractive · 84f796ac
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163958
      
      According to http://web.mit.edu/gnu/doc/html/rlman_2.html,
      "The line readline returns is allocated with malloc ();
      you should free () the line when you are done with it."
      The memory allocated by readline is not being freed when it should.
      
      Patch by Christopher Reid <Christopher.Reid@am.sony.com> on 2016-10-25
      Reviewed by Mark Lam.
      
      * jsc.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207986 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      84f796ac
    • carlosgc@webkit.org's avatar
      Merge r207804 - Do not update selection rect on dirty lineboxes. · 51f253d4
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163862
      <rdar://problem/28813156>
      
      Reviewed by Simon Fraser.
      
      Source/WebCore:
      
      In certain cases RenderBlock::updateFirstLetter() triggers
      unwanted render tree mutation while the caller assumes intact renderers.
      This patch ensures that no renderers gets destroyed while computing the preferred widths
      when we are outside of layout context.
      
      Test: fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html
      
      * rendering/RenderBlock.cpp:
      (WebCore::RenderBlock::computePreferredLogicalWidths):
      (WebCore::RenderBlock::updateFirstLetter):
      * rendering/RenderBlock.h:
      * rendering/RenderListItem.cpp:
      (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):
      * rendering/RenderRubyRun.cpp:
      (WebCore::RenderRubyRun::updateFirstLetter):
      * rendering/RenderRubyRun.h:
      * rendering/RenderTable.cpp:
      (WebCore::RenderTable::updateFirstLetter):
      * rendering/RenderTable.h:
      * rendering/svg/RenderSVGText.cpp:
      (WebCore::RenderSVGText::updateFirstLetter):
      * rendering/svg/RenderSVGText.h:
      
      LayoutTests:
      
      * fast/css-generated-content/dynamic-first-letter-selection-clear-crash-expected.txt: Added.
      * fast/css-generated-content/dynamic-first-letter-selection-clear-crash.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207985 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      51f253d4
    • carlosgc@webkit.org's avatar
      Merge r207683 - Do not mutate the render tree while collecting selection repaint rects. · b1a3062f
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163800
      <rdar://problem/28806886>
      
      Reviewed by David Hyatt.
      
      Source/WebCore:
      
      RenderListItem not only mutates the tree while in layout but it also uses
      the old descendant context to find the insertion point.
      This patch strictly ensures that we only do it while in layout and never
      in other cases such as collecting repaint rects.
      This gets redundant when webkit.org/b/163789 is fixed.
      
      Test: fast/lists/crash-when-list-marker-is-moved-during-selection.html
      
      * rendering/RenderListItem.cpp:
      (WebCore::RenderListItem::insertOrMoveMarkerRendererIfNeeded):
      
      LayoutTests:
      
      * fast/lists/crash-when-list-marker-is-moved-during-selection-expected.txt: Added.
      * fast/lists/crash-when-list-marker-is-moved-during-selection.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207984 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b1a3062f
    • carlosgc@webkit.org's avatar
      Merge r207659 - Fix JSC cast-align compiler warnings on ARMv7 · 2709e3b2
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163744
      
      Reviewed by Mark Lam.
      
      Use the reinterpret_cast_ptr workaround in a few places where
      the cast alignment warning is being thrown by the GCC compiler
      when compiling for the ARMv7 architecture.
      
      * heap/Heap.cpp:
      (JSC::Zombify::visit):
      * heap/HeapCell.h:
      (JSC::HeapCell::zap):
      (JSC::HeapCell::isZapped):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::Handle::specializedSweep):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207983 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2709e3b2
    • carlosgc@webkit.org's avatar
      Merge r207658 - [GTK] Configures but fails to link with ENABLE_OPENGL=OFF · ea8c51ce
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163449
      
      Reviewed by Michael Catanzaro.
      
      .:
      
      Remove wrong dependency of Wayland on OpenGL introduced in r190615, it should be possible to build for Wayland
      without GL.
      
      * Source/cmake/OptionsGTK.cmake:
      
      Source/WebCore:
      
      Only define sharingGLContext in PlatformDisplay if EGL or GLX are enabled.
      
      * platform/graphics/PlatformDisplay.cpp:
      * platform/graphics/PlatformDisplay.h:
      * platform/graphics/wayland/PlatformDisplayWayland.cpp:
      (WebCore::PlatformDisplayWayland::initialize):
      * platform/graphics/x11/PlatformDisplayX11.cpp:
      (WebCore::PlatformDisplayX11::~PlatformDisplayX11):
      
      Source/WebKit2:
      
      * UIProcess/API/gtk/WebKitWebViewBase.cpp:
      (webkitWebViewBaseRealize): Check TEXTURE_MAPPER_GL instead of TEXTURE_MAPPER and also ensure the current
      display is X11.
      (webkitWebViewBaseUnrealize): Ditto.
      (webkitWebViewBaseDidRelaunchWebProcess): Check TEXTURE_MAPPER_GL instead of TEXTURE_MAPPER.
      (webkitWebViewBasePageClosed): Ditto.
      * UIProcess/AcceleratedDrawingAreaProxy.cpp:
      (WebKit::AcceleratedDrawingAreaProxy::didUpdateBackingStoreState): Ditto.
      (WebKit::AcceleratedDrawingAreaProxy::waitForAndDispatchDidUpdateBackingStoreState): Check EGL is enabled before
      trying to use the WaylandCompositor.
      * UIProcess/AcceleratedDrawingAreaProxy.h:
      * UIProcess/WebProcessPool.cpp:
      (WebKit::WebProcessPool::createNewWebProcess): Ditto.
      * UIProcess/gtk/AcceleratedBackingStore.cpp:
      (WebKit::AcceleratedBackingStore::create): Ditto.
      * UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:
      * UIProcess/gtk/WaylandCompositor.cpp:
      * UIProcess/gtk/WaylandCompositor.h:
      * WebProcess/WebPage/AcceleratedDrawingArea.cpp:
      (WebKit::AcceleratedDrawingArea::enterAcceleratedCompositingMode): Check TEXTURE_MAPPER_GL instead of TEXTURE_MAPPER.
      * WebProcess/WebPage/AcceleratedDrawingArea.h:
      * WebProcess/WebPage/DrawingArea.h:
      * WebProcess/WebPage/DrawingArea.messages.in:
      * WebProcess/WebPage/LayerTreeHost.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207982 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea8c51ce
    • carlosgc@webkit.org's avatar
      Merge r207646 - bmalloc api should crash on failure to allocate when !isBmallocEnabled. · 55945402
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163766
      
      Reviewed by Keith Miller and Filip Pizlo.
      
      We want to crash in bmalloc on failure to allocate even when !isBmallocEnabled.
      This is so that failures to allocate memory will manifest as crashes with a
      unique signature (i.e. as a SIGTRAP on release builds, or as a write to illegal
      address 0xbbadbeef on debug builds) and the crash will manifest inside bmalloc.
      This distinguishes allocation failures from other crashing bugs that manifest as
      SIGSEGVs due to random pointer dereferences in the clients of bmalloc.
      
      * bmalloc/Allocator.cpp:
      (bmalloc::Allocator::allocateImpl):
      (bmalloc::Allocator::reallocate):
      (bmalloc::Allocator::allocateSlowCase):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207981 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      55945402
    • carlosgc@webkit.org's avatar
      Merge r207631 - Stop searching for first-letter containers at multi-column boundary. · 4cd5a6c5
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163739
      <rdar://problem/28810750>
      
      Source/WebCore:
      
      We should not cross the multi-column boundary while searching for the first-letter container.
      While moving first-letter renderers to a multi-column parent, it could result in finding the wrong
      container and end up adding a new wrapper under the original container (from where we are moving the renderers).
      
      Reviewed by David Hyatt.
      
      Test: fast/css-generated-content/first-letter-move-to-multicolumn-crash.html
      
      * rendering/RenderBoxModelObject.cpp:
      (WebCore::RenderBoxModelObject::moveChildrenTo):
      * rendering/RenderTextFragment.cpp:
      (WebCore::RenderTextFragment::blockForAccompanyingFirstLetter):
      
      LayoutTests:
      
      Reviewed by David Hyatt.
      
      * fast/css-generated-content/first-letter-move-to-multicolumn-crash-expected.txt: Added.
      * fast/css-generated-content/first-letter-move-to-multicolumn-crash.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207980 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4cd5a6c5
    • carlosgc@webkit.org's avatar
      Merge r207619 - [GTK] Build fix after r207616 · df27a3ef
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163333
      
      Reviewed by Carlos Garcia Campos.
      
      EGL_PLATFORM_X11_KHR and EGL_PLATFORM_WAYLAND_KHR are not defined
      on the EGL headers shipped by Mesa 10.3 (shipped by Debian 8)
      
      * platform/graphics/wayland/PlatformDisplayWayland.cpp:
      (WebCore::PlatformDisplayWayland::initialize):
      * platform/graphics/x11/PlatformDisplayX11.cpp:
      (WebCore::PlatformDisplayX11::initializeEGLDisplay):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207979 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      df27a3ef
    • carlosgc@webkit.org's avatar
      Merge r207616 - Prefer eglGetPlatformDisplay to eglGetDisplay · a039fdf6
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163333
      
      Patch by Adam Jackson <ajax@redhat.com> on 2016-10-20
      Reviewed by Carlos Garcia Campos.
      
      eglGetDisplay forces the implementation to guess what kind of void* it's been handed. Different implementations
      do different things, in particular glvnd and Mesa behave differently. Fortunately there exists API to tell EGL
      what kind of display it is, so let's use it.
      
      * platform/graphics/wayland/PlatformDisplayWayland.cpp:
      (WebCore::PlatformDisplayWayland::initialize):
      * platform/graphics/x11/PlatformDisplayX11.cpp:
      (WebCore::PlatformDisplayX11::initializeEGLDisplay):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207978 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a039fdf6
    • carlosgc@webkit.org's avatar
      Merge r207615 - [GTK] Avoid including egl.h headers in internal headers · 5ed1464c
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163722
      
      Reviewed by Žan Doberšek.
      
      egl.h includes eglplatform.h that decides the native types for the platform at compile time. However, we support
      to build with X11 and Wayland at the same time and decide what to use at runtime. Currently GLContext.h includes
      eglplatform.h after wayland-egl.h if Wayland is enabled. That means that the wayland native types are used by
      default from all cpp files including GLContext.h. It currently works in X11 because we cast the value anyway and
      for example EGLNativeWindowType is a pointer in Wayland that can be casted to unsigned long in X11 to represent
      the X Window. This is very fragile in any case, we should avoid adding egl headers in our headers and only
      include it in cpp files. But we also need to ensure we don't use X11 and Wayland in the same cpp file.
      
      * PlatformGTK.cmake:
      * platform/graphics/GLContext.cpp:
      (WebCore::GLContext::createContextForWindow):
      * platform/graphics/GLContext.h:
      * platform/graphics/egl/GLContextEGL.cpp:
      (WebCore::GLContextEGL::createWindowContext):
      (WebCore::GLContextEGL::createContext):
      (WebCore::GLContextEGL::~GLContextEGL):
      * platform/graphics/egl/GLContextEGL.h:
      * platform/graphics/egl/GLContextEGLWayland.cpp: Added.
      (WebCore::GLContextEGL::GLContextEGL):
      (WebCore::GLContextEGL::createWindowSurfaceWayland):
      (WebCore::GLContextEGL::createWaylandContext):
      (WebCore::GLContextEGL::destroyWaylandWindow):
      * platform/graphics/egl/GLContextEGLX11.cpp: Added.
      (WebCore::GLContextEGL::GLContextEGL):
      (WebCore::GLContextEGL::createWindowSurfaceX11):
      (WebCore::GLContextEGL::createPixmapContext):
      * platform/graphics/glx/GLContextGLX.cpp:
      (WebCore::GLContextGLX::createWindowContext):
      (WebCore::GLContextGLX::createContext):
      (WebCore::GLContextGLX::GLContextGLX):
      * platform/graphics/glx/GLContextGLX.h:
      * platform/graphics/wayland/PlatformDisplayWayland.cpp:
      * platform/graphics/x11/PlatformDisplayX11.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207977 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5ed1464c
    • carlosgc@webkit.org's avatar
      Merge r207614 - [GTK] Avoid strstr() when checking (E)GL extensions · 49fc205d
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=161958
      
      Reviewed by Žan Doberšek.
      
      Source/WebCore:
      
      Add static method GLContext::isExtensionSupported() to properly search extenstions in the given extension
      list, and use it instead of strstr().
      
      * platform/graphics/GLContext.cpp:
      (WebCore::GLContext::isExtensionSupported):
      * platform/graphics/GLContext.h:
      * platform/graphics/egl/GLContextEGL.cpp:
      (WebCore::GLContextEGL::createSurfacelessContext):
      * platform/graphics/glx/GLContextGLX.cpp:
      (WebCore::hasSGISwapControlExtension):
      
      Source/WebKit2:
      
      Use GLContext::isExtensionSupported() instead of strstr().
      
      * UIProcess/gtk/WaylandCompositor.cpp:
      (WebKit::WaylandCompositor::initializeEGL):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207976 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      49fc205d
    • carlosgc@webkit.org's avatar
      Merge r207590 - Wrong use of EGL_DEPTH_SIZE · aeec6440
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=155536
      
      Reviewed by Michael Catanzaro.
      
      Source/WebCore:
      
      What happens here is that the driver doesn't implement EGL_DEPTH_SIZE and the default value, which is 0, is
      returned. Then XCreatePixmap fails because 0 is not a valid depth. The thing is that even if EGL_DEPTH_SIZE or
      EGL_BUFFER_SIZE returned a valid depth, it still might not be supported by the default screen and XCreatePixmap
      can fail. What we need to ensure is that the depth we pass is compatible with the X display, not only with the
      EGL config, to avoid failures when creating the pixmap. So, we can use EGL_NATIVE_VISUAL_ID instead, and
      then ask X for the visual info for that id. If it isn't found then we just return before creating the pixmap,
      but if the visual is found then we can be sure that the depth of the visual will not make the pixmap creation
      fail. However, with the driver I'm using it doesn't matter how we create the pixmap that eglCreatePixmapSurface
      always fails, again with X errors that are fatal by default. Since the driver is not free, I assume it doesn't
      support eglCreatePixmapSurface or it's just buggy, so the only option we have here is trap the x errors and
      ignore them. It turns out that the X errors are not fatal in this case, because eglCreatePixmapSurface ends up
      returning a surface, and since these are offscreen contexts, it doesn't really matter if they contain an
      invalid pixmap, because we never do swap buffer on them, so just ignoring the X errors fixes the crashes and
      makes everythig work. This patch adds a helper class XErrorTrapper that allows to trap XErrors and decide what
      to do with them (ignore, warn or crash) or even not consider a particular set of errors as errors.
      
      * PlatformEfl.cmake: Add new file to compilation.
      * PlatformGTK.cmake: Ditto.
      * platform/graphics/egl/GLContextEGL.cpp:
      (WebCore::GLContextEGL::createPixmapContext): Use EGL_NATIVE_VISUAL_ID instead of EGL_DEPTH_SIZE to figure out
      the depth to be passed to XCreatePixmap. Also use the XErrorTrapper class to ignore all BadDrawable errors
      produced by eglCreatePixmapSurface() and only show a warning about all other X errors.
      * platform/graphics/x11/XErrorTrapper.cpp: Added.
      (WebCore::xErrorTrappersMap):
      (WebCore::XErrorTrapper::XErrorTrapper):
      (WebCore::XErrorTrapper::~XErrorTrapper):
      (WebCore::XErrorTrapper::errorCode):
      (WebCore::XErrorTrapper::errorEvent):
      * platform/graphics/x11/XErrorTrapper.h: Added.
      (WebCore::XErrorTrapper::XErrorTrapper):
      
      Source/WebKit2:
      
      Use XErrorTrapper class instead of the custom XErrorHandler.
      
      * PluginProcess/unix/PluginProcessMainUnix.cpp:
      (WebKit::PluginProcessMainUnix):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207975 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      aeec6440
    • carlosgc@webkit.org's avatar
      Merge r207547 - Use anonymous table row for new child at RenderTableRow::addChild() if available. · 0ff59b67
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163651
      <rdar://problem/28705022>
      
      Reviewed by David Hyatt.
      
      Source/WebCore:
      
      We should try to prevent the continuation siblings from getting separated and inserted into
      wrapper renderers. It makes finding these continuation siblings difficult.
      This patch adds a checks for anonymous table rows so that we could find a closer common ancestor of
      beforeChild/new child.
      
      Test: fast/table/crash-when-table-has-continuation-and-content-inserted.html
      
      * rendering/RenderObject.cpp:
      (WebCore::RenderObject::showRenderObject): Add continuation information.
      * rendering/RenderTableRow.cpp:
      (WebCore::RenderTableRow::addChild):
      
      LayoutTests:
      
      * fast/table/crash-when-table-has-continuation-and-content-inserted-expected.txt: Added.
      * fast/table/crash-when-table-has-continuation-and-content-inserted.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0ff59b67
    • carlosgc@webkit.org's avatar
      Merge r207534 - [GTK] [L10n] Updated Hungarian translation · 73972aa8
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163650
      
      Patch by Gabor Kelemen <kelemeng@ubuntu.com> on 2016-10-19
      Rubber-stamped by Michael Catanzaro.
      
      * hu.po:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207973 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      73972aa8
    • carlosgc@webkit.org's avatar
      Merge r207477 - Correct Document::removeAllEventListeners · 9efa0cbf
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163558
      <rdar://problem/28716840>
      
      Reviewed by Chris Dumez.
      
      Tested by fast/dom/node-move-to-new-document-crash-main.html.
      
      * dom/Document.cpp:
      (WebCore::Document::removeAllEventListeners): Clear out the wheel and
      touch event targets when clearing all data.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207972 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9efa0cbf
    • carlosgc@webkit.org's avatar
      Merge r207471 - SVGCSSParser: m_implicitShorthand value is not reset after... · 5d8ee15a
      carlosgc@webkit.org authored
      Merge r207471 - SVGCSSParser: m_implicitShorthand value is not reset after adding the shorthand property
      https://bugs.webkit.org/show_bug.cgi?id=116470
      
      Reviewed by Simon Fraser.
      
      Source/WebCore:
      
      When we encounter a shorthand css property, we set m_implicitShorthand
      to true to tell addProperty() later that the individual properties are
      all set through a short hand one. We need to make sure that setting
      m_implicitShorthand to true will not be leaked after finishing parsing
      the short hand property.
      
      Test: fast/css/implicit-property-restore.html
      
      * css/parser/CSSParser.cpp:
      (WebCore::CSSParser::parseValue):
      (WebCore::CSSParser::parseFillShorthand):
      (WebCore::CSSParser::parseShorthand):
      (WebCore::CSSParser::parse4Values):
      (WebCore::CSSParser::parseBorderRadius):
      (WTF::ImplicitScope::ImplicitScope): Deleted.
      (WTF::ImplicitScope::~ImplicitScope): Deleted.
      Get rid of ImplicitScope and replace its calls by TemporaryChange<bool>.
      
      * css/parser/SVGCSSParser.cpp:
      (WebCore::CSSParser::parseSVGValue):
      Restore m_implicitShorthand value after setting it temporarily to true.
      
      Source/WTF:
      
      * wtf/TemporaryChange.h:
      (WTF::TemporaryChange::TemporaryChange):
      Add a new constructor to make TemporaryChange work as a restorer. The
      temporary change will happen after we construct the object.
      
      LayoutTests:
      
      * fast/css/implicit-property-restore-expected.txt: Added.
      * fast/css/implicit-property-restore.html: Added.
      
      * fast/css/remove-shorthand-expected.txt:
      Rebase-line the test expected results because of fixing the leak of
      m_implicitShorthand. The bug was happening because "background: ..." property
      comes immediately before the "list-style: ...." property.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207971 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5d8ee15a
    • carlosgc@webkit.org's avatar
      Merge r207441 - [WK2][NetworkCache] PendingFrameLoad objects are sometimes leaked · 6e23bc47
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163569
      <rdar://problem/28810836>
      
      Reviewed by Antti Koivisto.
      
      PendingFrameLoad objects are created to track frame loads and added to
      the m_pendingFrameLoads hash map. These objects are supposed to remove
      themselves from the hash map once they detect that the page load has
      finished by calling PendingFrameLoad::m_loadCompletionHandler().
      
      PendingFrameLoad::m_loadCompletionHandler() is called from
      markLoadAsCompleted() when we detect that the page load has finished
      via the m_loadHysteresisActivity HysteresisActivity. We call impulse()
      on the HysteresisActivity every time a subresource is loaded in the
      frame. The issue is that if no subresource is ever loaded, then we
      never call impulse() on the HysteresisActivity, which is therefore
      never started. If it nevers starts, then it nevers stops and never
      calls markLoadAsCompleted(). To address the problem, we now call
      impulse() on the HysteresisActivity as soon as we construct it.
      
      * NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207970 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6e23bc47
    • carlosgc@webkit.org's avatar
      Merge r207403 - [GTK] gobject-introspection on package build with webkit2gtk... · 4b6c0298
      carlosgc@webkit.org authored
      Merge r207403 - [GTK] gobject-introspection on package build with webkit2gtk fails without active X session
      https://bugs.webkit.org/show_bug.cgi?id=163105
      
      Reviewed by Carlos Garcia Campos.
      
      Don't call XCompositeQueryExtension() or XDamageQueryExtension()
      if m_display is NULL.
      
      * platform/graphics/x11/PlatformDisplayX11.cpp:
      (WebCore::PlatformDisplayX11::supportsXComposite):
      (WebCore::PlatformDisplayX11::supportsXDamage):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207969 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4b6c0298
    • carlosgc@webkit.org's avatar
      Merge r207402 - [css-grid] Disable CSS Grid Layout runtime flag by default · 9f0b20cc
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163432
      
      Reviewed by Darin Adler.
      
      It was enabled in r201042, but now Safari Technology Preview
      has a UI to switch runtime flags so it doesn't need to be enabled
      by default anymore.
      
      * Shared/WebPreferencesDefinitions.h: Disable grid layout runtime flag
      by default.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207968 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9f0b20cc
    • carlosgc@webkit.org's avatar
      Merge r207391 - [GTK] Default WebKitWebsiteDataManager is always leaked in WebKitWebContext · 96393d57
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163443
      
      Reviewed by Michael Catanzaro.
      
      Adopt the reference returned by webkitWebsiteDataManagerCreate().
      
      * UIProcess/API/gtk/WebKitWebContext.cpp:
      (webkitWebContextConstructed):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207966 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      96393d57
    • carlosgc@webkit.org's avatar
      Merge r207389 - [GTK] WebKitWebPage URI not updated after URI is modified by... · ebc6c4ae
      carlosgc@webkit.org authored
      Merge r207389 - [GTK] WebKitWebPage URI not updated after URI is modified by InjectedBundlePageResourceLoadClient::willSendRequestForFrame
      https://bugs.webkit.org/show_bug.cgi?id=163389
      
      Reviewed by Michael Catanzaro.
      
      Source/WebKit2:
      
      Update the page URI also when the load is committed.
      
      * WebProcess/InjectedBundle/API/gtk/WebKitWebPage.cpp:
      (getDocumentLoaderURL):
      (didStartProvisionalLoadForFrame):
      (didReceiveServerRedirectForProvisionalLoadForFrame):
      (didCommitLoadForFrame):
      (webkitWebPageCreate):
      (getProvisionalURLForFrame): Deleted.
      
      Tools:
      
      Update /webkit2/WebKitWebPage/get-uri test to check that web view and page uri always match even when request is
      modified by WebKitWebPage::send-request signal.
      
      * TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:
      (testWebPageURI):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207965 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ebc6c4ae
    • carlosgc@webkit.org's avatar
      Merge r207388 - Document request not updated after willSendRequest is called for a redirect · 93874f31
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163436
      
      Reviewed by Michael Catanzaro.
      
      Source/WebCore:
      
      The first willSendRequest happens before DocumentLoader::startLoadingMainResource(), that calls setRequest, but
      the second one happens after DocumentLoader::redirectReceived() and then the request is never updated again.
      
      Covered by GTK+ unit tests.
      
      * loader/DocumentLoader.cpp:
      (WebCore::DocumentLoader::willContinueMainResourceLoadAfterRedirect): Set the new request.
      * loader/DocumentLoader.h:
      * loader/SubresourceLoader.cpp:
      (WebCore::SubresourceLoader::willSendRequestInternal): Notify the document loader when loading the main resource
      and called for a redirection.
      
      Tools:
      
      Update /webkit2/WebKitWebView/active-uri test to check the active URI also when modified by
      WebKitPage::send-request signal in a web extension.
      
      * TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:
      (testWebViewActiveURI):
      (serverCallback):
      * TestWebKitAPI/Tests/WebKit2Gtk/WebExtensionTest.cpp:
      (sendRequestCallback):
      * TestWebKitAPI/gtk/WebKit2Gtk/LoadTrackingTest.cpp:
      (loadChangedCallback):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207964 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      93874f31
    • carlosgc@webkit.org's avatar
      Merge r207376 - [GTK] Restore user agent quirk for Yahoo · 8f4c2a99
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163481
      
      Reviewed by Carlos Garcia Campos.
      
      finance.yahoo.com is sending a mobile version in response to our standard user agent.
      
      * platform/gtk/UserAgentGtk.cpp:
      (WebCore::urlRequiresMacintoshPlatform):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207963 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8f4c2a99
    • carlosgc@webkit.org's avatar
      Merge r207374 - CounterNode::resetRenderers is so inefficient. · 50bf615a
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163480
      
      Reviewed by Simon Fraser.
      
      CounterNode::resetRenderers() removes all the associated renderers from this CounterNode
      and sets the dirty bit on them.
      This patch does all that in a loop, instead of traversing the linked tree on each removal.
      
      No change in functionality.
      
      * rendering/CounterNode.cpp:
      (WebCore::CounterNode::CounterNode):
      (WebCore::CounterNode::~CounterNode):
      (WebCore::CounterNode::nextInPreOrderAfterChildren):
      (WebCore::CounterNode::lastDescendant):
      (WebCore::CounterNode::addRenderer): These assertions do not seem super useful.
      (WebCore::CounterNode::removeRenderer):
      (WebCore::CounterNode::resetRenderers):
      (WebCore::CounterNode::insertAfter):
      (WebCore::CounterNode::removeChild):
      * rendering/CounterNode.h:
      * rendering/RenderCounter.cpp:
      (WebCore::makeCounterNode):
      (WebCore::RenderCounter::RenderCounter):
      (WebCore::RenderCounter::~RenderCounter):
      (WebCore::RenderCounter::originalText):
      (WebCore::updateCounters):
      (WebCore::RenderCounter::invalidate): Deleted.
      * rendering/RenderCounter.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207962 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      50bf615a
    • carlosgc@webkit.org's avatar
      Merge r207372 - 100% CPU on homedepot.com page · c4c1c7a7
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163452
      <rdar://problem/28730708>
      
      Reviewed by Simon Fraser.
      
      Source/WebCore:
      
      The site has a keyframe animation on body. Currently this causes the animation to invalidate the
      style of the entire document.
      
      Animations use SyntheticStyleChange to invalidate elements when animation progresses and currently
      that causes full subtree invalidation. However animation only ever affect individual elements and
      the normal style resolution mechanism should be able to deal with things like inheritance as needed.
      
      Test: fast/animation/animation-style-update-size.html
      
      * dom/Document.cpp:
      (WebCore::Document::recalcStyle):
      * dom/Document.h:
      (WebCore::Document::lastStyleUpdateSizeForTesting):
      
          Testing support.
      
      * style/StyleTreeResolver.cpp:
      (WebCore::Style::TreeResolver::resolveElement):
      
          Don't force subtree style resolution for SyntheticStyleChange.
      
      * style/StyleUpdate.h:
      (WebCore::Style::Update::size):
      * testing/Internals.cpp:
      (WebCore::Internals::lastStyleUpdateSize):
      * testing/Internals.h:
      * testing/Internals.idl:
      
      LayoutTests:
      
      * fast/animation/animation-style-update-size-expected.txt: Added.
      * fast/animation/animation-style-update-size.html: Added.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207961 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c4c1c7a7
    • carlosgc@webkit.org's avatar
      Merge r207351 - [CMake] Private/unsupported build options should be marked as advanced · ac269089
      carlosgc@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=163451
      
      Reviewed by Carlos Garcia Campos.
      
      When checking to decide whether to mark an option as advanced, the conditional checks
      whether _WEBKIT_AVAILABLE_OPTIONS_IS_PUBLIC_${_name} is defined. It is always defined. We
      need to check its value instead.
      
      * Source/cmake/WebKitFeatures.cmake:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207959 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ac269089
    • carlosgc@webkit.org's avatar
      Merge r207325 - WebView and WebPage URLs not updated after URL is modified by... · a2ee67fa
      carlosgc@webkit.org authored
      Merge r207325 - WebView and WebPage URLs not updated after URL is modified by InjectedBundlePageResourceLoadClient::willSendRequestForFrame
      https://bugs.webkit.org/show_bug.cgi?id=146306
      
      Reviewed by Darin Adler.
      
      Source/WebCore:
      
      Notify about the provisional URL change when new request set for main resource load in DocumentLoader has a
      different URL than the previous one.
      
      * loader/DocumentLoader.cpp:
      (WebCore::DocumentLoader::setRequest):
      
      Tools:
      
      Add unit test to check that the committed URL is updated when changed in willSendRequest callback.
      
      * TestWebKitAPI/CMakeLists.txt:
      * TestWebKitAPI/PlatformEfl.cmake:
      * TestWebKitAPI/PlatformGTK.cmake:
      * TestWebKitAPI/Tests/WebKit2/ProvisionalURLAfterWillSendRequestCallback.cpp: Added.
      (TestWebKitAPI::didCommitLoadForFrame):
      (TestWebKitAPI::TEST):
      * TestWebKitAPI/Tests/WebKit2/ProvisionalURLAfterWillSendRequestCallback_Bundle.cpp: Added.
      (TestWebKitAPI::ProvisionalURLAfterWillSendRequestCallbackTest::ProvisionalURLAfterWillSendRequestCallbackTest):
      (TestWebKitAPI::ProvisionalURLAfterWillSendRequestCallbackTest::willSendRequestForFrame):
      (TestWebKitAPI::ProvisionalURLAfterWillSendRequestCallbackTest::didCommitLoadForFrame):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a2ee67fa
    • carlosgc@webkit.org's avatar
      Merge r207310 - [Clean RenderTree]... · e8671e09
      carlosgc@webkit.org authored
      Merge r207310 - [Clean RenderTree] LayoutTests/imported/blink/fast/table/crash-bad-child-table-continuation.html fails.
      https://bugs.webkit.org/show_bug.cgi?id=163399
      
      Reviewed by David Hyatt.
      
      When we try to insert a renderer before a child whose direct parent is a (anonymus) RenderTable, continuation logic
      should dismiss the RenderTable as the parent and find a more appropriate ancestor.
      RenderTables assumes a certain descendant tree structure which might not be available in the continuation.
      
      Will be testable with webkit.org/b/162834
      
      * rendering/RenderInline.cpp:
      (WebCore::canUseAsParentForContinuation):
      (WebCore::RenderInline::addChildToContinuation):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.14@207957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8671e09