Google Git
Sign in
webkit / WebKit / ae7e434a51302160c194c47a55fdd13a6f83bb70 / . / Source / WebCore / ChangeLog
blob: 3393da7e4d0ed1a2971327528432f9fde4979c7e [file] [log] [blame]
2015-11-18 Andy Estes <aestes@apple.com>
[Content Filtering] Crash in DocumentLoader::notifyFinished() when allowing a media document to load
https://bugs.webkit.org/show_bug.cgi?id=151433
rdar://problem/23506594
Reviewed by Alexey Proskuryakov.
When the main resource of a media document commits, WebKit cancels its load since the plug-in or media engine
will do its own loading. If content filtering is enabled, and the filter waits allow the load until the entire
resource is downloaded, then ContentFilter will attempt to call DocumentLoader::notifyFinished() immediately
after delivering the buffered resource data to DocumentLoader. However, delivering the data will have nulled out
DocumentLoader's m_mainResource when the load was cancelled, leading to a crash in notifyFinished().
To resolve this, add a new Stopped state to ContentFilter. Set this state if DocumentLoader clears its main
resource or detaches from its frame. If ContentFilter is in the Stopped state after calling
DocumentLoader::dataReceived(), do not proceed to call DocumentLoader::notifyFinished().
Test: contentfiltering/allow-media-document.html
* loader/ContentFilter.cpp:
(WebCore::ContentFilter::stopFilteringMainResource): Set m_state to Stopped. If m_mainResource is non-null,
removed ContentFilter as a client and set m_mainResource to null.
(WebCore::ContentFilter::notifyFinished): Stopped calling DocumentLoader::notifyFinished() if m_state is Stopped
after calling DocumentLoader::dataReceived().
* loader/ContentFilter.h:
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::detachFromFrame): Called ContentFilter::stopFilteringMainResource() instead of setting
m_contentFilter to null.
(WebCore::DocumentLoader::clearMainResource): Ditto.
2015-11-25 Pranjal Jumde <pjumde@apple.com>
Checks for buffer-overflows when reading characters from textRun
https://bugs.webkit.org/show_bug.cgi?id=151055
<rdar://problem/23251789>
Reviewed by Myles C. Maxfield.
Prevents an off by one error when adding the last font data to the GlyphBuffer.
* Source/WebCore/platform/graphics/WidthIterator.cpp:
* Source/WebCore/platform/graphics/FontCascade.cpp:
2015-11-22 Andy Estes <aestes@apple.com>
Teach MiniBrowser how to enable the mock content filter
https://bugs.webkit.org/show_bug.cgi?id=151540
Reviewed by Andreas Kling.
Moved the implementation of MockContentFilterEnabler from TestWebKitAPI to here, renamed it to
WebMockContentFilterEnabler, and made it compatible with the legacy Objective-C runtime. Renamed Decision and
DecisionPoint to WebMockContentFilterDecision and WebMockContentFilterDecisionPoint, and changed them from enum
classes to CF_ENUMs so that they can be used by both C++ and Objective-C source files.
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSMockContentFilterSettingsCustom.cpp:
(WebCore::JSMockContentFilterSettings::decisionPoint):
(WebCore::JSMockContentFilterSettings::setDecisionPoint):
(WebCore::toDecision):
(WebCore::JSMockContentFilterSettings::decision):
(WebCore::JSMockContentFilterSettings::setDecision):
(WebCore::JSMockContentFilterSettings::unblockRequestDecision):
(WebCore::JSMockContentFilterSettings::setUnblockRequestDecision):
(WebCore::toJSValue): Deleted.
* testing/MockContentFilter.cpp:
(WebCore::MockContentFilter::willSendRequest):
(WebCore::MockContentFilter::responseReceived):
(WebCore::MockContentFilter::addData):
(WebCore::MockContentFilter::finishedAddingData):
(WebCore::MockContentFilter::unblockHandler):
(WebCore::MockContentFilter::maybeDetermineStatus):
* testing/MockContentFilter.h:
* testing/MockContentFilterEnabler.h: Added.
* testing/MockContentFilterEnabler.mm: Added.
(-[WebMockContentFilterEnabler initWithDecision:decisionPoint:blockedString:]):
(-[WebMockContentFilterEnabler initWithCoder:]):
(-[WebMockContentFilterEnabler encodeWithCoder:]):
(-[WebMockContentFilterEnabler enable]):
(-[WebMockContentFilterEnabler dealloc]):
(+[WebMockContentFilterEnabler supportsSecureCoding]):
(-[WebMockContentFilterEnabler copyWithZone:]):
* testing/MockContentFilterSettings.h:
(WebCore::MockContentFilterSettings::decisionPoint):
(WebCore::MockContentFilterSettings::setDecisionPoint):
(WebCore::MockContentFilterSettings::decision):
(WebCore::MockContentFilterSettings::setDecision):
(WebCore::MockContentFilterSettings::unblockRequestDecision):
(WebCore::MockContentFilterSettings::setUnblockRequestDecision):
2015-11-24 Xabier Rodriguez Calvar <calvaris@igalia.com>
[Streams API] Implement pipeTo method in readable Stream
https://bugs.webkit.org/show_bug.cgi?id=151588
Reviewed by Darin Adler.
Implemented pipeTo method according to the reference implementation in the spec as the spec is not written
yet. It can be found at https://github.com/whatwg/streams/blob/632b26a05f3106650b1ec91239ad5b012e6c64af/reference-implementation/lib/readable-stream.js#L75.
Tests: streams/pipe-to.html
streams/reference-implementation/brand-checks.html
streams/reference-implementation/pipe-through.html
streams/reference-implementation/pipe-to.html
streams/reference-implementation/pipe-to-options.html
streams/reference-implementation/readable-stream-templated
* Modules/streams/ReadableStream.js:
(doPipe): Internal function of pipeTo.
(closeDest): Internal function of pipeTo.
(abortDest): Internal function of pipeTo.
(pipeTo): Implemented as per spec with some other internal functions as helpers.
2015-11-24 Antti Koivisto <antti@apple.com>
REGRESSION (r190983): Non-element, non-text nodes should not be distributed to slots
https://bugs.webkit.org/show_bug.cgi?id=151566
rdar://problem/23430177
Reviewed by Zalan Bujtas.
We don't invalidate slot assignments except for text or element children. Fix by not
not assigning other nodes to slots as it is not useful.
Test: fast/html/details-comment-crash.html
* dom/SlotAssignment.cpp:
(WebCore::slotNameFromSlotAttribute):
(WebCore::SlotAssignment::findAssignedSlot):
(WebCore::SlotAssignment::assignSlots):
2015-11-23 David Kilzer <ddkilzer@apple.com>
Hardening against CSSSelector double frees
<http://webkit.org/b/56124>
<rdar://problem/9119036>
Reviewed by Antti Koivisto.
Add some security assertions to catch this issue if it ever
happens in Debug builds, and make changes in
CSSSelector::~CSSSelector() and
CSSSelectorList::deleteSelectors() to prevent obvious issues if
they're ever called twice in Release builds.
No new tests because we don't know how to reproduce this.
* css/CSSSelector.cpp:
(WebCore::CSSSelector::CSSSelector): Initialize
m_destructorHasBeenCalled.
* css/CSSSelector.h:
(WebCore::CSSSelector::m_destructorHasBeenCalled): Add bitfield.
(WebCore::CSSSelector::CSSSelector): Initialize
m_destructorHasBeenCalled.
(WebCore::CSSSelector::~CSSSelector): Add security assertion
that this is never called twice. Clear out any fields that
would have caused us to dereference an object twice.
* css/CSSSelectorList.cpp:
(WebCore::CSSSelectorList::deleteSelectors): Clear
m_selectorArray when freeing the memory to which it was
pointing. This prevents re-entrancy issues or calling this
method twice on the same thread. Also restructure the for()
loop to prevent calling CSSSelector::isLastInSelectorList()
after CSSSelector::~CSSSelector() has been called (via CRBug
241892).
2015-11-23 Brian Burg <bburg@apple.com>
Web Inspector: inspector settings should not be shared between different inspection levels
https://bugs.webkit.org/show_bug.cgi?id=151151
Reviewed by Timothy Hatcher.
InspectorController and InspectorFrontendClient should know how to compute their
inspection levels, so that this level can be exposed to the Inspector frontend for
preference disambiguation by inspection level.
- A Page with normal web content has an inspection level of 0.
- The first Web Inspector has an inspection level of 1.
- The second Web Inspector that inspects the Inspector has an inspection level of 2.
- And so forth...
For local frontend clients (WK1 and the ProtocolTestStub), the inspection level of
a Page computed as follows:
- If the page's inspector controller has no frontend client, then the Page
is normal web content (level 0).
- If the page's inspector controller has a frontend client, ask for its inspection level.
A frontend client looks at the inspection level reported by inspected page's inspector
controller and increments by one to account for the crossed inspection boundary.
No new tests, this is blocked by test infrastructure fixes (https://webkit.org/b/151573).
* inspector/InspectorController.cpp:
(WebCore::InspectorController::inspectionLevel): Added.
(WebCore::InspectorController::hasInspectorFrontendClient): Deleted.
* inspector/InspectorController.h:
* inspector/InspectorFrontendClient.h:
* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::canAttachWindow): Check inspectionLevel().
(WebCore::InspectorFrontendClientLocal::inspectionLevel): Added.
* inspector/InspectorFrontendClientLocal.h:
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::inspectionLevel): Added.
* inspector/InspectorFrontendHost.h:
* inspector/InspectorFrontendHost.idl:
* page/ContextMenuController.cpp:
(WebCore::ContextMenuController::populate): Check inspectionLevel().
2015-11-20 Brian Burg <bburg@apple.com>
Web Inspector: RemoteInspector should track targets and connections for remote automation
https://bugs.webkit.org/show_bug.cgi?id=151042
Reviewed by Joseph Pecoraro.
Use the new RemoteControllableTarget API method names.
No new tests, no behavior change.
* page/PageDebuggable.cpp:
(WebCore::PageDebuggable::connect):
(WebCore::PageDebuggable::dispatchMessageFromRemote):
(WebCore::PageDebuggable::dispatchMessageFromRemoteFrontend): Deleted.
* page/PageDebuggable.h:
2015-11-23 Brady Eidson <beidson@apple.com>
Modern IDB: Unskip all indexeddb/mozilla tests that pass.
https://bugs.webkit.org/show_bug.cgi?id=151568
Reviewed by Alex Christensen.
No new tests (Lots of skipped existing tests now pass).
* Modules/indexeddb/shared/IDBError.h:
2015-11-23 Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au>
Add WebCore namespace for generated bindings for supplemental method calls
https://bugs.webkit.org/show_bug.cgi?id=151431
Reviewed by Alex Christensen.
Address build failures for generated supplemental method calls which are in the WebCore namespace.
The bindings are outside the WebCore namespace - so add WebCore namespace specifier where required.
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GenerateParametersCheck):
* bindings/scripts/CodeGeneratorObjC.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::jsTestInterfaceSupplementalStr1):
(WebCore::jsTestInterfaceSupplementalStr2):
(WebCore::jsTestInterfaceSupplementalNode):
(WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::setJSTestInterfaceSupplementalStr2):
(WebCore::setJSTestInterfaceSupplementalNode):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod1):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
(WebCore::jsTestInterfaceConstructorFunctionSupplementalMethod4):
* bindings/scripts/test/ObjC/DOMTestInterface.mm:
(-[DOMTestInterface supplementalStr1]):
(-[DOMTestInterface supplementalStr2]):
(-[DOMTestInterface setSupplementalStr2:]):
(-[DOMTestInterface supplementalStr3]):
(-[DOMTestInterface setSupplementalStr3:]):
(-[DOMTestInterface supplementalNode]):
(-[DOMTestInterface setSupplementalNode:]):
(-[DOMTestInterface builtinAttribute]):
(-[DOMTestInterface setBuiltinAttribute:]):
(-[DOMTestInterface supplementalMethod1]):
(-[DOMTestInterface supplementalMethod2:objArg:]):
(-[DOMTestInterface supplementalMethod3]):
(-[DOMTestInterface supplementalMethod4]):
(-[DOMTestInterface builtinFunction]):
2015-11-23 Brady Eidson <beidson@apple.com>
Modern IDB: When a transaction is aborted, call onerror handlers for all in-progress requests.
https://bugs.webkit.org/show_bug.cgi?id=151550
Reviewed by Alex Christensen.
Test: storage/indexeddb/modern/abort-requests-cancelled.html
storage/indexeddb/modern/idbtransaction-objectstore-failures.html (with changes)
storage/indexeddb/modern/index-5.html (with changes)
Various (currently skipped) legacy IDB tests.
* Modules/indexeddb/client/IDBDatabaseImpl.cpp:
(WebCore::IDBClient::IDBDatabase::transaction):
(WebCore::IDBClient::IDBDatabase::startVersionChangeTransaction):
(WebCore::IDBClient::IDBDatabase::didStartTransaction):
(WebCore::IDBClient::IDBDatabase::willCommitTransaction):
(WebCore::IDBClient::IDBDatabase::didCommitTransaction):
(WebCore::IDBClient::IDBDatabase::willAbortTransaction):
(WebCore::IDBClient::IDBDatabase::didAbortTransaction):
(WebCore::IDBClient::IDBDatabase::didCommitOrAbortTransaction):
* Modules/indexeddb/client/IDBTransactionImpl.cpp:
(WebCore::IDBClient::IDBTransaction::abort):
(WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests):
(WebCore::IDBClient::IDBTransaction::didCreateObjectStoreOnServer):
(WebCore::IDBClient::IDBTransaction::didCreateIndexOnServer):
(WebCore::IDBClient::IDBTransaction::didGetRecordOnServer):
(WebCore::IDBClient::IDBTransaction::didDeleteObjectStoreOnServer):
(WebCore::IDBClient::IDBTransaction::didDeleteIndexOnServer):
(WebCore::IDBClient::IDBTransaction::immediateAbort): Deleted.
(WebCore::IDBClient::IDBTransaction::abortOnServer): Deleted.
* Modules/indexeddb/client/IDBTransactionImpl.h:
* Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
(WebCore::IDBServer::MemoryIDBBackingStore::abortTransaction):
(WebCore::IDBServer::MemoryIDBBackingStore::commitTransaction):
* Modules/indexeddb/shared/IDBError.cpp:
(WebCore::idbErrorName):
(WebCore::idbErrorDescription):
* Modules/indexeddb/shared/IDBError.h:
* Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
(WebCore::IDBResourceIdentifier::loggingString):
* Modules/indexeddb/shared/IDBResourceIdentifier.h:
2015-11-23 Brady Eidson <beidson@apple.com>
Modern IDB: Unskip storage/indexeddb/mozilla/global-data.html.
https://bugs.webkit.org/show_bug.cgi?id=151557
Reviewed by Alex Christensen.
No new tests (Unskipping existing test storage/indexeddb/mozilla/global-data.html).
- Reworking some invalid ASSERTS
- Actually opening pending open-database-requests after a version change transaction completes
- Allow starting new transactions when the version change transaction has *started* finishing,
but before it finishes finishing.
* Modules/indexeddb/client/IDBDatabaseImpl.cpp:
(WebCore::IDBClient::IDBDatabase::transaction):
* Modules/indexeddb/client/IDBTransactionImpl.h:
* Modules/indexeddb/server/MemoryObjectStore.cpp:
(WebCore::IDBServer::MemoryObjectStore::~MemoryObjectStore):
* Modules/indexeddb/server/MemoryObjectStoreCursor.cpp:
(WebCore::IDBServer::MemoryObjectStoreCursor::keyAdded): Deleted.
* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::handleOpenDatabaseOperations):
(WebCore::IDBServer::UniqueIDBDatabase::commitTransaction):
* Modules/indexeddb/server/UniqueIDBDatabase.h:
2015-11-23 Youenn Fablet <youenn.fablet@crf.canon.fr>
Remove DOMPromiseWithCallback
https://bugs.webkit.org/show_bug.cgi?id=151565
Reviewed by Eric Carlson.
DOMPromiseWithCallback is no longer used as WebCore JS built-ins are used to the cases where DOMPromiseWithCallback made sense.
No change in behavior.
* Modules/mediastream/MediaDevices.h: Moved from DOMPromiseWithCallback to DOMPromise since the API is now called by JS built-ins.
* bindings/js/JSDOMPromise.h:
(WebCore::DOMPromiseWithCallback::DOMPromiseWithCallback): Deleted.
(WebCore::DOMPromiseIteratorWithCallback::DOMPromiseIteratorWithCallback): Deleted.
(WebCore::Error>::resolve): Deleted.
(WebCore::Error>::reject): Deleted.
(WebCore::Error>::resolveEnd): Deleted.
2015-11-23 Brian Burg <bburg@apple.com>
Web Inspector: when inspecting the inspector, add the inspection level to the title bar
https://bugs.webkit.org/show_bug.cgi?id=151555
Reviewed by Timothy Hatcher.
* English.lproj/Localizable.strings: add new localized string for alternate inspector title.
2015-11-23 Zan Dobersek <zdobersek@igalia.com>
[GStreamer] No need to assert the pipeline's bus presence in MediaPlayerPrivateGStreamerBase dtor
https://bugs.webkit.org/show_bug.cgi?id=151558
Reviewed by Carlos Garcia Campos.
In the MediaPlayerPrivateGStreamerBase destructor, there's some leftover code
that acquires a reference to the GStreamer pipeline's bus object and then
just asserts that it's not null. Not very useful, so remove it.
Also use nullptr to null out the m_player member.
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
2015-11-17 Sergio Villar Senin <svillar@igalia.com>
ASSERTION FAILED: freeSpace >= 0 in WebCore::RenderGrid::computeTrackSizesForDirection
https://bugs.webkit.org/show_bug.cgi?id=151254
Reviewed by Darin Adler.
When in quirks mode, abnormally huge margins could lead to
negative computations of available logical sizes. We could add
an !document.inQuirksMode() check in the assertion but since
negative freeSpace values are valid (i.e. the condition is not
really part of the contract and everything will work as
expected) I've decided to simply remove it.
Test: fast/css-grid-layout/grid-quirks-mode-huge-margin-crash.html
* rendering/RenderGrid.cpp:
(WebCore::RenderGrid::computeTrackSizesForDirection): Deleted.
2015-11-22 Myles C. Maxfield <mmaxfield@apple.com>
Font selection should not consult font-variant property
https://bugs.webkit.org/show_bug.cgi?id=151537
Reviewed by Simon Fraser.
In section 4.7 of the CSS Fonts Level 3 spec, it says "[The font-variant and
font-feature-settings] do not affect font selection."
All the other browsers (Chrome, Firefox, and Edge) all obey the spec here. We
are the only one who misbehaves. This patch aligns our behavior with the other
browsers.
Test: fast/text/font-selection-font-variant.html
* css/CSSFontSelector.cpp:
(WebCore::computeTraitsMask): Deleted.
(WebCore::compareFontFaces): Deleted.
(WebCore::CSSFontSelector::getFontFace): Deleted.
* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::createFontFaceRule):
(WebCore::CSSParser::CSSParser): Deleted.
(WebCore::CSSParser::parseValue): Deleted.
(WebCore::CSSParser::parseDeclaration): Deleted.
(WebCore::CSSParser::clearProperties): Deleted.
(WebCore::CSSParser::parseFontVariant): Deleted.
(WebCore::CSSParser::createStyleRule): Deleted.
(WebCore::CSSParser::deleteFontFaceOnlyValues): Deleted.
* css/CSSParser.h:
* platform/graphics/FontDescription.cpp:
(WebCore::FontDescription::traitsMask): Deleted.
* platform/graphics/win/FontCacheWin.cpp:
(WebCore::traitsInFamilyEnumProc):
* platform/graphics/cocoa/FontCacheCoreText.cpp:
(WebCore::toTraitsMask):
* platform/text/TextFlags.h:
2015-11-22 Carlos Garcia Campos <cgarcia@igalia.com>
Unreviewed, rolling out r192727.
It made the selections transparent again and broke
/webkit2/WebKitWebView/snapshot
Reverted changeset:
"[GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor,
et. al. should not clobber state of cached GtkStyleContexts"
https://bugs.webkit.org/show_bug.cgi?id=151533
http://trac.webkit.org/changeset/192727
2015-11-22 Michael Catanzaro <mcatanzaro@igalia.com>
[GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor, et. al. should not clobber state of cached GtkStyleContexts
https://bugs.webkit.org/show_bug.cgi?id=151533
Reviewed by Carlos Garcia Campos.
platformActiveSelectionBackgroundColor(), platformInactiveSelectionBackgroundColor(), etc.
are const functions intended only to return a color used for painting, but since r174929
they also change the state of the cached style contexts we use for GTK_TYPE_ENTRY and
GTK_TYPE_TREE_VIEW. That's wrong; those style contexts should not have any state set. This
could cause theme colors returned by those GtkStyleContexts to change unexpectedly,
depending on whether the state is explicitly set before each use, or whether the theme
actually uses the states.
This didn't cause any regression only because every place using these style contexts
explicitly sets the state of the style contexts before use. In fact, the GtkTreeView style
context is not used anywhere else, and the GtkEntry style context is only used in
paintTextField, which does set the state before use (and then reverts it using
save/restore), so this cannot have broken anything in practice. But it's a landmine waiting
for the next programmer to trip it.
Fix this with a gtk_style_context_save()/gtk_style_context_restore() pair.
* rendering/RenderThemeGtk.cpp:
(WebCore::styleColor):
2015-11-21 Myles C. Maxfield <mmaxfield@apple.com>
Tiny cleanup in ComplexTextController::collectComplexTextRuns()
https://bugs.webkit.org/show_bug.cgi?id=151534
Reviewed by Zalan Bujtas.
The isMissingGlyph boolean is completely unnecessary. Its entire
responsiblity is duplicated by the "font" pointer.
No new tests because there is no behavior change.
* platform/graphics/mac/ComplexTextController.cpp:
(WebCore::ComplexTextController::collectComplexTextRuns):
== Rolled over to ChangeLog-2015-11-21 ==