2010-09-24 Romain Pokrzywka Reviewed by Simon Hausmann. [Qt] Fix the Wince build. * WebCore.pro: Apply msvc flags to wince, too. 2010-09-24 Anders Bakken Reviewed by Simon Hausmann. [Qt] Enable building Qt/Webkit with debug symbols With this patch one can configure with -webkit-debug to build Webkit with debug symbols without having to manually edit WebCore.pro. * WebCore.pro: 2010-09-16 Thomas Zander Reviewed by Andreas Kling. https://bugs.webkit.org/show_bug.cgi?id=45878 [Qt] Fixed incorrect Symbian scoping. The missing install functionality is only true for mmp based systems. * WebCore.pro: limit functionality to mmp systems. 2010-09-09 Kristian Amlie Reviewed by Andreas Kling. [Qt] Fixed incorrect Symbian scoping. The missing install functionality is only true for mmp based systems. https://bugs.webkit.org/show_bug.cgi?id=45268 * WebCore.pro: 2010-09-12 Oswald Buddenhagen Reviewed by Simon Hausmann. [Qt] fix qt_webkit_version.pri install for in-Qt builds Always add the target, even if building inside Qt - as opposed to the headers and libraries, there are no rules for that coming from qbase.pri. Task-number: QTBUG-13306 * WebCore.pro: 2010-09-12 Oswald Buddenhagen Reviewed by Simon Hausmann. [Qt] Let QtWebKit inject itself into the qt configuration i.e., don't explicitly deal with qt_webkit_version.pri outside of the webkit source directory. Task-number: QTBUG-12379 * WebCore.pro: 2010-08-20 Girish Ramakrishnan Reviewed by Ariya Hidayat. [Qt] When using the raster graphics system on Maemo5, allow Flash to render directly into the raster window surface. wmode=transparent is now supported as a result of this change. https://bugs.webkit.org/show_bug.cgi?id=44043 * plugins/qt/PluginViewQt.cpp: (WebCore::PluginView::paintUsingImageSurfaceExtension): 2010-08-18 Girish Ramakrishnan Reviewed by Kenneth Rohde Christiansen. [Qt] Implement Maemo5 local rendering NPAPI extension. See https://wiki.mozilla.org/Plugins:NokiaMaemoImageSurface for details. With the local rendering extension, Flash will paint into a 16-bit surface. For wmode=transparent, Flash expects the surface to contain the contents beneath it. As it is tricky to implement the content propagation across all graphics systems, transparent Flash is not supported. We just fill the surface with white and wmode=transparent behaves the same as wmode=opaque with a white background. https://bugs.webkit.org/show_bug.cgi?id=44043 * WebCore.pro: * plugins/PluginView.cpp: (WebCore::PluginView::setValue): (WebCore::PluginView::PluginView): * plugins/PluginView.h: * plugins/qt/PluginViewQt.cpp: (WebCore::PluginView::updatePluginWidget): (WebCore::PluginView::paintUsingImageSurfaceExtension): (WebCore::PluginView::paint): (WebCore::PluginView::platformGetValueStatic): 2010-08-17 Girish Ramakrishnan Reviewed by Antonio Gomes. [Qt] On Maemo5, there is no libgdk-x11-2.0.so symlink. Look for libgdk-x11-2.0.so.0 instead on X11 and Maemo5. https://bugs.webkit.org/show_bug.cgi?id=44043 * plugins/qt/PluginViewQt.cpp: (WebCore::getPluginDisplay): 2010-08-17 Girish Ramakrishnan Reviewed by Kenneth Rohde Christiansen. Set PluginQuirkRequiresDefaultScreenDepth for all Flash versions and not just Flash 10. https://bugs.webkit.org/show_bug.cgi?id=44043 * plugins/PluginPackage.cpp: (WebCore::PluginPackage::determineQuirks): 2010-08-10 Tor Arne Vestbø Reviewed by Simon Hausmann. Make sure NPAPI plugins get an initial setNPWindow on Mac https://bugs.webkit.org/show_bug.cgi?id=43782 * plugins/mac/PluginViewMac.mm: 2010-06-14 Andreas Kling Reviewed by Tor Arne Vestbø. [Qt] Stack overflow when converting navigator object to QVariant https://bugs.webkit.org/show_bug.cgi?id=40572 Protect against infinite recursion in JSValue->QVariant conversion. This fixes a crash when trying to convert MimeType objects (they recurse infinitely and on-the-fly via the enabledPlugin property.) * bridge/qt/qt_runtime.cpp: (JSC::Bindings::convertValueToQVariant): 2010-03-30 Kent Tamura Reviewed by Brady Eidson. REGRESSION (r56439) - Crash when a renderer for a file upload control with a selected file is recreated https://bugs.webkit.org/show_bug.cgi?id=36723 RenderFileUploadControl::chooseIconForFiles was called before m_fileChooser was initialized. * platform/FileChooser.cpp: (WebCore::FileChooser::FileChooser): Introduce m_isInitializing flag to avoid FileChooserClient::repaint() call. (WebCore::FileChooser::loadIcon): (WebCore::FileChooser::iconLoaded): * platform/FileChooser.h: Add a FielChooser parameter to FileChooserClient::chooseIconForFiles(). * rendering/RenderFileUploadControl.cpp: (WebCore::RenderFileUploadControl::chooseIconForFiles): (WebCore::RenderFileUploadControl::paintObject): Add an assertion. * rendering/RenderFileUploadControl.h: 2010-07-06 Nikolas Zimmermann Reviewed by Dirk Schulze. on causes crashes, if SVGUseElement gets detached https://bugs.webkit.org/show_bug.cgi?id=41621 Do not call removeFromMappedElementSheet() from the SVGFontFaceElement destructor, as that can potentially cause the element to be reattached while destructing. In order to fix the crash in the testcase, the order of calling the base-class detach method in SVGUseElement and the instance/shadow tree destruction has to be reversed, matching the order in removedFromDocument(). Test: svg/custom/use-font-face-crash.svg * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::~SVGFontFaceElement): Remove removeFromMappedElementSheet() call. * svg/SVGUseElement.cpp: (WebCore::SVGUseElement::detach): Reverse order of calling base-class detach method and instance/shadow tree destruction. 2010-07-06 Nikolas Zimmermann Reviewed by Darin Adler. on causes crashes, if SVGUseElement gets detached https://bugs.webkit.org/show_bug.cgi?id=41621 Do not call removeFromMappedElementSheet() from the destructor, as the call to document()->updateStyleSelector() that can potentially cause the element to be reattached while destructing. It's not needed at all, because removedFromDocument() is called before destruction, which already calls removeFromMappedElementSheet() - at this point it's still safe to update the style selector. The crash is reproducable when using on . Test: svg/custom/use-font-face-crash.svg * svg/SVGFontFaceElement.cpp: (WebCore::SVGFontFaceElement::~SVGFontFaceElement): 2010-07-05 Nikolas Zimmermann Reviewed by Darin Adler. Memory corruption with SVG element https://bugs.webkit.org/show_bug.cgi?id=40994 Fix race condition in svgAttributeChanged. Never call svgAttributeChanged() from attributeChanged() when we're synchronizing SVG attributes. It leads to either unnecessary extra work being done or crashes. Especially together with / which always synchronize the SVGAnimatedPoints datastructure with the points attribute, no matter if there are changes are not. This should be furhter optimized, but this fix is sane and fixes the root of the evil races. Test: svg/custom/use-property-synchronization-crash.svg * svg/SVGElement.cpp: (WebCore::SVGElement::attributeChanged): 2010-06-11 Abhishek Arya Reviewed by David Hyatt. Don't process floats if parent node is not a RenderBlock. https://bugs.webkit.org/show_bug.cgi?id=40033 Test: svg/text/clear-floats-crash.svg * rendering/RenderBlock.cpp: (WebCore::RenderBlock::clearFloats): 2010-06-23 Nikolas Zimmermann Reviewed by Eric Seidel. Reproducible crash in com.apple.WebCore 0x01ed3784 WebCore::RenderLineBoxList::appendLineBox(WebCore::InlineFlowBox*) + 36 https://bugs.webkit.org/show_bug.cgi?id=40953 REGRESSION (r58209-58231): Memory corruption with invalid SVG https://bugs.webkit.org/show_bug.cgi?id=40173 Fix several crashes, all related to and/or invalid SVG documents. - Only allow nodes, as direct children of a , not any other "partial" SVG content. - Assure to create RenderSVGRoot objects for nodes in , treat them as "outermost SVG elements". - Never allow any partial SVG content to appear in any document. Only elements are allowed. Tests: svg/custom/bug45331.svg svg/foreignObject/disallowed-svg-nodes-as-direct-children.svg svg/foreignObject/no-crash-with-svg-content-in-html-document.svg svg/foreignObject/svg-document-as-direct-child.svg svg/foreignObject/svg-document-in-html-document.svg svg/foreignObject/text-tref-02-b.svg * dom/Element.cpp: Added childShouldCreateRenderer, with ENABLE(SVG) guards. (WebCore::Element::childShouldCreateRenderer): Only create a renderer for a SVG child, if we're a SVG element, or if the child is a element. * dom/Element.h: Added childShouldCreateRenderer, with ENABLE(SVG) guards. * svg/SVGForeignObjectElement.cpp: (WebCore::SVGForeignObjectElement::childShouldCreateRenderer): Disallow arbitary SVG content, only elements are allowed as direct children of a * svg/SVGSVGElement.cpp: (WebCore::SVGSVGElement::isOutermostSVG): Be sure to create RenderSVGRoot objects for elements inside 2010-06-10 Abhishek Arya Reviewed by Dave Hyatt. Do not render CSS Styles :first-letter and :first-line in a SVG text element context. https://bugs.webkit.org/show_bug.cgi?id=40031 Test: svg/text/text-style-invalid.svg * rendering/RenderSVGText.cpp: (WebCore::RenderSVGText::firstLineBlock): (WebCore::RenderSVGText::updateFirstLetter): * rendering/RenderSVGText.h: 2010-07-01 Justin Schuh Reviewed by Dan Bernstein. Prevent crash on counter destruction https://bugs.webkit.org/show_bug.cgi?id=40032 Added counter destruction to RenderWidget::destroy() Test: fast/css/counters/destroy-counter-crash.html * rendering/RenderWidget.cpp: (WebCore::RenderWidget::destroy): 2010-06-29 Dan Bernstein Reviewed by Darin Adler. Certain text is repeated after using splitText() Tests: fast/text/setData-dirty-lines.html fast/text/splitText-dirty-lines.html * dom/CharacterData.cpp: (WebCore::CharacterData::setData): Call RenderText::setTextWithOffset() rather than setText(), because only the former correctly dirties line boxes. * dom/Text.cpp: (WebCore::Text::splitText): Ditto. 2010-06-25 Dan Bernstein Reviewed by Sam Weinig. Certain text is repeated before and after a line break Test: fast/text/bidi-explicit-embedding-past-end.html * platform/text/BidiResolver.h: (WebCore::::createBidiRunsForLine): Committing explicit embedding past the end of the range creates BidiRuns up to the end of the range, so at that point, we can stop iterating. 2010-06-10 Tony Chang Reviewed by Kent Tamura. crash when focus is changed while trying to focus next element https://bugs.webkit.org/show_bug.cgi?id=40407 Test: fast/events/focus-change-crash.html * dom/Element.cpp: (WebCore::Element::focus): 2010-07-01 Andreas Kling Reviewed by Tor Arne Vestbø. [Qt] Clamp color stops passed to QGradient to 1.0 [https://bugs.webkit.org/show_bug.cgi?id=41484 Fixes an issue where color stops would be silently dropped from radial gradients. * platform/graphics/qt/GradientQt.cpp: (WebCore::Gradient::platformGradient): 2010-07-07 Tor Arne Vestbø Reviewed by Darin Adler. Prevent assertion/duplicate loads for non-deferred subtitute-data loads https://bugs.webkit.org/show_bug.cgi?id=30879 MainResourceLoader uses the member m_initialRequest to store requests for future deferred loads. When doing the actual load in handleDataLoadNow(), we therefore have to clear this request so that subsequent entries into the loader will not start yet another load. This can happen as a result of a PageGroupLoadDeferrer going out of scope when returning from Chrome::runJavaScriptAlert(), which calls setDeferredLoading(false), but only in the case of using both substitute-data and non-deferred main resource load together. That's why two new DRT functions were added: * queueLoadHTMLString() * setDeferMainResourceLoad() The change adds DRT hooks for Mac, Win and Qt for these two functions. For Mac and Win the hook uses new SPI in WebDataSource. For Qt a new static member was added to the FrameLoaderClientQt and accessed though DumpRenderTreeSupportQt. Test: fast/loader/non-deferred-substitute-load.html * loader/MainResourceLoader.cpp: (WebCore::MainResourceLoader::handleDataLoadNow): 2010-07-16 Antonio Gomes Reviewed by Simon Fraser. Spatial navigation: do not consider outline for focusable element boundaries https://bugs.webkit.org/show_bug.cgi?id=42474 Test: fast/events/spatial-navigation/snav-zero-margin-content.html Currently in WebCore::renderRectRelativeToRootDocument function, we are calling RenderObject::absoluteClippedOverflowRect to obtain the rect boundary of a given renderer/element. This method deals with outline, which is out of elements boundary. It makes spatial navigation to fail on common sites like google.gom: "Web, Images, Map, etc" are inaccessible. Patch replaces RenderObject::absoluteClippedOverflowRect by Node::getRect, which returns only the absolute bounding box rect of the Element. * page/SpatialNavigation.cpp: (WebCore::renderRectRelativeToRootDocument): (WebCore::checkNegativeCoordsForNode): 2010-07-21 Kristian Amlie Reviewed by Kenneth Rohde Christiansen. Added automatic sqlite extraction for Symbian to QtWebKit. Also added sqlite detection in case sqlite is not present in the SDK. This is possible if WebKit is compiled standalone. The inclusion part is a consequence of commit c578c6c1d6d in the Qt repository. It will not work on Qt versions < 4.7.1, but that is ok, since the only build system it will affect is marked as experimental in the whole 4.7 series. * WebCore.pro: 2010-05-14 Abhishek Arya Reviewed by David Hyatt. Move the m_width(Length) and m_columns(RenderTable::ColumnStruct) vector out-of-bounds check out of the ASSERT into the main code. https://bugs.webkit.org/show_bug.cgi?id=38261 Test: fast/table/fixed-table-layout-large-colspan-crash.html * rendering/FixedTableLayout.cpp: (WebCore::FixedTableLayout::calcWidthArray): 2010-05-21 Beth Dakin Reviewed by Darin Adler. Fix for Crash in WebCore::toAlphabetic() while running MangleMe -and corresponding- https://bugs.webkit.org/show_bug.cgi?id=39508 The math was slightly off here, and we wound up trying to access an array at index -1 in some cases. We need to decrement numberShadow rather than subtracting one from the result of the modulo operation. * rendering/RenderListMarker.cpp: (WebCore::toAlphabeticOrNumeric): 2010-05-20 Dan Bernstein Reviewed by Dave Hyatt. Textarea using custom font appears blank Test: fast/css/font-face-in-shadow-DOM.html When a remote font is loaded, CSSFontSelector forces a style recalc, which replaces all RenderSyles that have FontFallbackLists referencing the placeholder font with fresh RenderStyles. However, it does not descend into shadow DOM trees, so those may end up with styles that still reference the placeholder font. The fix is to add RenderObject::requiresForcedStyleRecalcPropagation() and have it return true from renderers that maintain shadow DOM trees or otherwise keep their own RenderStyles. * dom/Element.cpp: (WebCore::Element::recalcStyle): Check if forced style recalc needs to propagated. * rendering/RenderButton.h: (WebCore::RenderButton::requiresForcedStyleRecalcPropagation): * rendering/RenderDataGrid.h: (WebCore::RenderDataGrid::requiresForcedStyleRecalcPropagation): * rendering/RenderFileUploadControl.h: (WebCore::RenderFileUploadControl::requiresForcedStyleRecalcPropagation): * rendering/RenderListItem.h: (WebCore::RenderListItem::requiresForcedStyleRecalcPropagation): * rendering/RenderMedia.h: (WebCore::RenderMedia::requiresForcedStyleRecalcPropagation): * rendering/RenderMenuList.h: (WebCore::RenderMenuList::RenderMenuList::requiresForcedStyleRecalcPropagation): * rendering/RenderObject.h: (WebCore::RenderObject::requiresForcedStyleRecalcPropagation): * rendering/RenderProgress.h: (WebCore::RenderProgress::requiresForcedStyleRecalcPropagation): * rendering/RenderSlider.h: (WebCore::RenderSlider::requiresForcedStyleRecalcPropagation): * rendering/RenderTextControl.h: (WebCore::RenderTextControl::requiresForcedStyleRecalcPropagation): 2010-04-02 Justin Schuh Reviewed by Alexey Proskuryakov. XHR allows arbitrary XSRF across domains https://bugs.webkit.org/show_bug.cgi?id=36843 Added a one-line change to prevent bypassing the XDC check on synchronous preflighted requests. Added layout tests to cover variations of this problem. Tests: http/tests/xmlhttprequest/access-control-preflight-async-header-denied.html http/tests/xmlhttprequest/access-control-preflight-async-method-denied.html http/tests/xmlhttprequest/access-control-preflight-sync-header-denied.html http/tests/xmlhttprequest/access-control-preflight-sync-method-denied.html * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::preflightFailure): 2010-04-28 Julien Chaffraix Reviewed by Alexey Proskuryakov. [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR https://bugs.webkit.org/show_bug.cgi?id=37781 Tests: http/tests/xmlhttprequest/access-control-preflight-credential-async.html http/tests/xmlhttprequest/access-control-preflight-credential-sync.html Rolling the patch in as I could not reproduce Qt results locally. * loader/DocumentThreadableLoader.cpp: (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Now we remove the credential from the request here to avoid forgetting to do so in the different code path. (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Just add the "Origin" header. (WebCore::DocumentThreadableLoader::loadRequest): Check here the the credential have been removed so that we don't leak them. Also tweaked a comment to make it clear that the URL check has issue when credential is involved. 2010-04-21 Alexey Proskuryakov Reviewed by Adam Roben. Windows build fix. * platform/network/cf/ResourceHandleCFNet.cpp: Declare CFURLConnectionCreateWithProperties for now, as it's mistakenly missing from WebKitSupportLibrary headers. 2010-05-19 Abhishek Arya Reviewed by David Hyatt. Check that the node is a text node before doing a static cast to a Text class pointer. https://bugs.webkit.org/show_bug.cgi?id=38626 Test: fast/text/text-transform-nontext-node-crash.xhtml * rendering/RenderText.cpp: (WebCore::RenderText::originalText): * rendering/RenderTextFragment.cpp: (WebCore::RenderTextFragment::originalText): (WebCore::RenderTextFragment::previousCharacter): 2010-05-12 Abhishek Arya Reviewed by Darin Adler. HTML Entity Escape the contents of a textarea node when accessed via the innerHTML and outerHTML node properties. https://bugs.webkit.org/show_bug.cgi?id=38922 Test: fast/innerHTML/innerHTML-special-elements.html * editing/markup.cpp: (WebCore::appendStartMarkup): 2010-05-12 James Robinson Patch by Dan Bernstein. Reviewed by David Hyatt. Fix marking the layout root's parent as needing layout https://bugs.webkit.org/show_bug.cgi?id=37760 If an element gets marked as needing layout due to the recalcStyle() call in FrameView::layout(), the m_layoutSchedulingEnabled flag will be set to false. It's possible at this point that a parent of the existing FrameView::m_layoutRoot will be marked as needing layout. This patch updates FrameView::scheduleRelayoutOfSubtree to account for this case. Manual test only due to subtle timing issues. * manual-tests/layoutroot_detach.xml: Added. * page/FrameView.cpp: (WebCore::FrameView::scheduleRelayoutOfSubtree): 2010-05-10 Sam Weinig Reviewed by Darin Adler. Fix for https://bugs.webkit.org/show_bug.cgi?id=38583 Crash in Element::normalizeAttributes. Test: fast/dom/Element/normalize-crash.html * dom/Element.cpp: (WebCore::Element::normalizeAttributes): Copy attributes to a vector before iterating. * dom/NamedAttrMap.cpp: (WebCore::NamedNodeMap::copyAttributesToVector): Added. * dom/NamedAttrMap.h: 2010-05-10 Alexey Proskuryakov Reviewed by Darin Adler. Based on a patch by Eric Seidel. https://bugs.webkit.org/show_bug.cgi?id=28697 WebKit crash on WebCore::Node::nodeIndex() It's not OK to call ContainerNode::willRemoveChild() in a loop, because Range code assumes that it can adjust start and end position to any node except for the one being removed - so these notifications cannot be batched. Test: fast/dom/Range/remove-all-children-crash.html * dom/ContainerNode.cpp: (WebCore::willRemoveChild): Removed unused ExceptionCode. (WebCore::willRemoveChildren): New function, used in removeChildren() case. (WebCore::ContainerNode::removeChild): ExceptionCode return was always 0, don't bother with it. (WebCore::ContainerNode::removeChildren): Call willRemoveChildrenFromNode. (WebCore::dispatchChildRemovalEvents): Moved some logic out into willRemoveChildrenFromNode and willRemoveChild. * dom/Document.cpp: (WebCore::Document::nodeChildrenWillBeRemoved): New function, used in removeChildren() case. * dom/Document.h: (WebCore::Document::nodeChildrenWillBeRemoved): New function, used in removeChildren() case. * dom/Range.h: * dom/Range.cpp: (WebCore::boundaryNodeChildrenWillBeRemoved): New function, used in removeChildren() case. (WebCore::Range::nodeChildrenWillBeRemoved): Ditto. 2010-05-03 Alexey Proskuryakov Reviewed by Adam Barth. https://bugs.webkit.org/show_bug.cgi?id=38497 Make sure that http URLs always have a host in SecurityOrigin This is a hardening fix, and behavior really depends on what an underlying networking layer does. So, no test. * page/SecurityOrigin.cpp: (WebCore::schemeRequiresAuthority): List schemes that need an authority for successful loading. (WebCore::SecurityOrigin::SecurityOrigin): Never let e.g. http origins with empty authorities have the same security origin. 2010-05-03 Abhishek Arya Reviewed by Adam Barth. Add support for controlling clipboard access from javascript. Clipboard access from javascript is disabled by default. https://bugs.webkit.org/show_bug.cgi?id=27751 Test: editing/execCommand/clipboard-access.html * WebCore.base.exp: * editing/EditorCommand.cpp: (WebCore::supportedCopyCut): (WebCore::supportedPaste): (WebCore::createCommandMap): * page/Settings.cpp: (WebCore::Settings::Settings): (WebCore::Settings::setJavaScriptCanAccessClipboard): * page/Settings.h: (WebCore::Settings::javaScriptCanAccessClipboard): 2010-04-30 Abhishek Arya Reviewed by David Kilzer. Convert m_documentUnderMouse, m_dragInitiator to RefPtr. Eliminated unused m_dragInitiator accessor to prevent dereferencing. https://bugs.webkit.org/show_bug.cgi?id=37618 Test: editing/pasteboard/drag-drop-iframe-refresh-crash.html * page/DragController.cpp: (WebCore::DragController::tryDocumentDrag): (WebCore::DragController::concludeEditDrag): * page/DragController.h: (WebCore::DragController::draggingImageURL): (WebCore::DragController::documentUnderMouse): 2010-04-14 Justin Schuh Reviewed by Adam Barth. Javascript URL can be set as iframe.src via multiple DOM aliases https://bugs.webkit.org/show_bug.cgi?id=37031 Moved frame/iframe checks from Attr to Node on inherited members. Node child manipulation methods now return NOT_SUPPORTED_ERR if used on a frame/iframe src attribute. NamedNodeMap set methods now perform frame/iframe src checks. Moved allowSettingSrcToJavascriptURL static helper function from JSElementCustom.cpp to exported function in JSDOMBinding.h. * bindings/js/JSAttrCustom.cpp: (WebCore::JSAttr::setValue): * bindings/js/JSDOMBinding.cpp: (WebCore::allowSettingSrcToJavascriptURL): * bindings/js/JSDOMBinding.h: * bindings/js/JSElementCustom.cpp: * bindings/js/JSNamedNodeMapCustom.cpp: (WebCore::JSNamedNodeMap::setNamedItem): (WebCore::JSNamedNodeMap::setNamedItemNS): * bindings/js/JSNodeCustom.cpp: (WebCore::isAttrFrameSrc): (WebCore::JSNode::setNodeValue): (WebCore::JSNode::setTextContent): (WebCore::JSNode::insertBefore): (WebCore::JSNode::replaceChild): (WebCore::JSNode::removeChild): (WebCore::JSNode::appendChild): * bindings/v8/custom/V8AttrCustom.cpp: * bindings/v8/custom/V8NamedNodeMapCustom.cpp: (WebCore::V8NamedNodeMap::setNamedItemNSCallback): (WebCore::V8NamedNodeMap::setNamedItemCallback): (WebCore::toV8): * bindings/v8/custom/V8NodeCustom.cpp: (WebCore::isFrameSrc): (WebCore::V8Node::textContentAccessorSetter): (WebCore::V8Node::nodeValueAccessorSetter): (WebCore::V8Node::insertBeforeCallback): (WebCore::V8Node::replaceChildCallback): (WebCore::V8Node::removeChildCallback): (WebCore::V8Node::appendChildCallback): * dom/Attr.idl: * dom/NamedNodeMap.idl: * dom/Node.idl: 2010-03-26 Justin Schuh Reviewed by Adam Barth. Security: iFrame.src accepts JavaScript URL via nodeValue or textContent https://bugs.webkit.org/show_bug.cgi?id=36502 Overrode inherited nodeValue and textContent in Attr.idl so they proxy to value, which performs a security check. Test: http/tests/security/xss-DENIED-iframe-src-alias.html * bindings/js/JSAttrCustom.cpp: (WebCore::JSAttr::nodeValue): (WebCore::JSAttr::setNodeValue): (WebCore::JSAttr::textContent): (WebCore::JSAttr::setTextContent): * bindings/v8/custom/V8AttrCustom.cpp: (WebCore::V8Attr::nodeValueAccessorSetter): (WebCore::V8Attr::nodeValueAccessorGetter): (WebCore::V8Attr::textContentAccessorSetter): (WebCore::V8Attr::textContentAccessorGetter): * dom/Attr.idl: 2010-05-05 Alexey Proskuryakov Reviewed by Darin Adler. https://bugs.webkit.org/show_bug.cgi?id=38260 Fix whitespace removing in deprecatedParseURL(). Broken all the way since r4 (yes, that's a revision number). Test: http/tests/security/xss-DENIED-javascript-with-spaces.html * css/CSSHelper.cpp: (WebCore::deprecatedParseURL): Fixed loop conditions for remaining length. 2010-04-23 Dan Bernstein Reviewed by Simon Fraser. :after content is duplicated Test: fast/css-generated-content/after-duplicated-after-split.html * rendering/RenderInline.cpp: (WebCore::RenderInline::splitInlines): Pass the correct owner of the child list. 2010-03-30 Chris Evans Reviewed by Adam Barth. Taint the canvas if an SVG-derived pattern is rendered into it. https://bugs.webkit.org/show_bug.cgi?id=36838 Test: fast/canvas/svg-taint.html * html/canvas/CanvasRenderingContext2D.cpp: (WebCore::CanvasRenderingContext2D::createPattern): Take into account the image's hasSingleSecurityOrigin() property. 2010-04-07 Alexey Proskuryakov Reviewed by Darinn Adler. https://bugs.webkit.org/show_bug.cgi?id=37230 REGRESSION (4.0.5): Safari asks for credentials all the time when authenticating to Windows IIS Server * platform/network/ProtectionSpace.h: (WebCore::ProtectionSpaceAuthenticationScheme): Added a constant for ProtectionSpaceAuthenticationSchemeUnknown. * platform/network/cf/AuthenticationCF.cpp: (WebCore::core): * platform/network/cf/SocketStreamHandleCFNet.cpp: (WebCore::authenticationSchemeFromAuthenticationMethod): Return ProtectionSpaceAuthenticationSchemeUnknown for unknown scheme. * platform/network/mac/AuthenticationMac.mm: (WebCore::mac): Support NTLM on systems older than 10.6. We actually get this string from NSURLConnection, even though there was no public constant. (WebCore::core): Return ProtectionSpaceAuthenticationSchemeUnknown for unknown scheme. 2010-04-19 Dan Bernstein Reviewed by Darin Adler. Make the fix for from r57759 more robust. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateHoverActiveState): Use RefPtrs for the Nodes. 2010-04-16 Dan Bernstein Reviewed by Simon Fraser. Crash when updating hover state Test: fast/dynamic/hover-style-recalc-crash.html Updating the hover state of an element caused the document to need style recalc, and then updating the hover state of a link caused style recalc, which changed the render tree while updateHoverActiveState() was iterating over it, leading to a crash. * rendering/RenderLayer.cpp: (WebCore::RenderLayer::updateHoverActiveState): Collect the nodes to be updated into vectors, then update their active and hover states. 2010-03-31 Mark Rowe Reviewed by Darin Adler. REGRESSION: Trailing colon on hostnames (with no port specified) causes "Not allowed to use restricted network port" * platform/KURL.cpp: (WebCore::KURL::port): Explicitly handle the case of a colon being present in the URL after the host name but with no port number before the path. This is handled in the same manner as the colon and port being omitted completely. 2010-03-24 Mark Rowe Revert the portion of r56489 that dealt with port zero as it introduced some test failures. * platform/KURL.cpp: (WebCore::KURL::port): Use the "ok" argument to charactersToUIntStrict to determine whether it was able to successfully parse the string as an unsigned integer, rather than relying on the fact it returned zero when it failed. 2010-03-24 Mark Rowe Reviewed by Darin Adler. WebKit should treat port numbers outside the valid range as being blacklisted / * platform/KURL.cpp: (WebCore::KURL::port): Map invalid port numbers to invalidPortNumber. (WebCore::portAllowed): Add invalidPortNumber to the blacklist. * platform/KURLGoogle.cpp: invalid port numbers to invalidPortNumber. (WebCore::KURL::port): Add invalidPortNumber to the blacklist. Also bring this in to sync with KURL. Having this identical code in two places is stupid. 2010-05-05 Alexey Proskuryakov Reviewed by Adele Peterson. https://bugs.webkit.org/show_bug.cgi?id=26824 EventHandler can operate on a wrong frame if focus changes during keyboard event dispatch. EventHandler object is tied to a frame, so it's wrong for it to continue processing a keyboard event if focused frame changes between keydown and keypress. * manual-tests/focus-change-between-key-events.html: Added. * page/EventHandler.cpp: (WebCore::EventHandler::keyEvent): Bail out early if focused frame changes while dispatching keydown. Also made similar changes for Windows to maintain matching behavior, even though EventHandler was re-entered anyway due to WM_KEYDOWN and WM_CHAR being separate events. 2010-07-02 Tor Arne Vestbø Reviewed by Simon Hausmann. [Qt] Canvas arcTo() should draw straight line to p1 if p0, p1 and p2 are collinear The implementation of PathQt's addArcTo() was not float-safe and also had a case where it drew an 'infinite' line, which is not part of the spec. http://www.whatwg.org/specs/web-apps/current-work/#dom-context-2d-arcto We now use qFuzzyCompare() in both cases. The method isPointOnPathBorder() also had the same problem, and was refactored a bit in the process of fixing the bug. Initial patch by Andreas Kling. https://bugs.webkit.org/show_bug.cgi?id=41412 * platform/graphics/qt/PathQt.cpp: 2010-03-26 Shu Chang Reviewed by Eric Seidel. [Qt] Prevent referring d->m_job in the future because calling abort() deletes the instance itself. https://bugs.webkit.org/show_bug.cgi?id=36618 Test: http/tests/appcache/fallback.html * platform/network/qt/ResourceHandleQt.cpp: (WebCore::ResourceHandle::cancel): 2010-06-28 Sam Magnuson Reviewed by Kenneth Rohde Christiansen. [Qt] GraphicsLayerQt delay seems unnecessary. https://bugs.webkit.org/show_bug.cgi?id=40846 Test: compositing/animation/busy-indicator.html * platform/graphics/qt/GraphicsLayerQt.cpp: (WebCore::GraphicsLayerQtImpl::recache): (WebCore::GraphicsLayerQtImpl::flushChanges): (WebCore::GraphicsLayerQt::setContentsToImage): (WebCore::GraphicsLayerQt::addAnimation): 2010-06-25 Sam Magnuson Reviewed by Kenneth Rohde Christiansen. [Qt] When any geometry change happens to a node it will resize the backing cache https://bugs.webkit.org/show_bug.cgi?id=40378 Continue to grow the cache, but never toss it. When the pixmap cache gets too big it will be lost and created at the right size next time. No new tests: this is an optimization. * platform/graphics/qt/GraphicsLayerQt.cpp: (WebCore::GraphicsLayerQtImpl::recache): (WebCore::GraphicsLayerQtImpl::paint): (WebCore::GraphicsLayerQtImpl::flushChanges): 2010-06-30 Antonio Gomes Reviewed by Simon Fraser. Spatial Navigation: make elements in inner frames nested more than 1 level deep focusable https://bugs.webkit.org/show_bug.cgi?id=41160 Patch addresses the problem of spatial navigation not work properly with nested inner frames by adding the isNodeDeepDescendantOfDocument method. It recursively checks if a give node is descendant of a given document or any parent of it. Test: fast/events/spatial-navigation/snav-iframe-nested.html * page/FocusController.cpp: (WebCore::FocusController::deepFindFocusableNodeInDirection): * page/SpatialNavigation.cpp: (WebCore::isNodeDeepDescendantOfDocument): * page/SpatialNavigation.h: 2010-06-30 Andreas Kling Reviewed by Kenneth Rohde Christiansen. [Qt] Crash when uploading document to Google Docs https://bugs.webkit.org/show_bug.cgi?id=40795 Fix bug where the local file wasn't opened (for POSTing) if it were the first element in the form. * platform/network/qt/QNetworkReplyHandler.cpp: (WebCore::FormDataIODevice::FormDataIODevice): (WebCore::FormDataIODevice::moveToNextElement): (WebCore::FormDataIODevice::openFileForCurrentElement): * platform/network/qt/QNetworkReplyHandler.h: 2010-06-29 Abhinav Mithal Reviewed by Laszlo Gombos. [Qt] [Symbian] Fix doube-deallocation while destroying PluginContainerSymbian https://bugs.webkit.org/show_bug.cgi?id=37303 * plugins/symbian/PluginViewSymbian.cpp: (WebCore::PluginView::platformDestroy): 2010-06-29 Kristian Amlie Reviewed by Simon Hausmann. [Qt/Symbian] Fixed deployment paths for WebKit declarative plugin. * WebCore.pro: 2010-06-28 Andreas Kling Reviewed by Simon Hausmann. [Qt] Replace single treat-as-space characters with normal space https://bugs.webkit.org/show_bug.cgi?id=41278 This keeps Qt from attempting glyph substitution and loading a bunch of extra fonts when encountering   entities. * platform/graphics/qt/FontQt.cpp: (WebCore::Font::floatWidthForComplexText): 2010-06-24 Simon Hausmann Unreviewed Symbian build fix. The QML WebKit integration needs to be part of QtWebKit.sis * WebCore.pro: Deploy qmlwebkitplugin.dll. 2010-06-23 Benjamin Poulain Reviewed by Kenneth Rohde Christiansen. Do not render the full frame when there is some elements with fixed positioning https://bugs.webkit.org/show_bug.cgi?id=33150 Do not render the full frame when there is some elements with fixed positioning https://bugs.webkit.org/show_bug.cgi?id=33150 The frame view take into acount the list of fixed object when scrolling the view. If the number of object is lower than a certain threshold, the pixel are blitted, and the invalidated area updated. * page/FrameView.cpp: (WebCore::FrameView::addFixedObject): (WebCore::FrameView::removeFixedObject): (WebCore::FrameView::scrollContentsFastPath): * page/FrameView.h: * platform/ScrollView.cpp: (WebCore::ScrollView::scrollContents): (WebCore::ScrollView::scrollContentsFastPath): * platform/ScrollView.h: * rendering/RenderLayer.cpp: (WebCore::RenderLayer::repaintRectIncludingDescendants): * rendering/RenderLayer.h: * rendering/RenderObject.cpp: (WebCore::RenderObject::styleWillChange): 2010-05-18 Anders Carlsson Reviewed by Sam Weinig. Allocate the m_preloads list hash set dynamically and free it when done. https://bugs.webkit.org/show_bug.cgi?id=39309 This saves about 6000 bytes on a fully loaded document. * loader/DocLoader.cpp: (WebCore::DocLoader::requestPreload): (WebCore::DocLoader::clearPreloads): * loader/DocLoader.h: 2010-05-18 Anders Carlsson Revert unintended indentation and unnecessary nested name specifier. * rendering/RenderBlock.cpp: (WebCore::clipOutPositionedObjects): (WebCore::RenderBlock::insertPositionedObject): 2010-05-18 Anders Carlsson Reviewed by Sam Weinig. Add an inlineCapacity template parameter to ListHashSet and use it to shrink the positioned object list hash set. https://bugs.webkit.org/show_bug.cgi?id=39304 Set the inlineCapacity for the positionedObjects ListHashSet to 4 instead of 256. Since a RenderBlock usually has few positioned objects, this saves memory. * WebCore.base.exp: * rendering/RenderBlock.cpp: (WebCore::clipOutPositionedObjects): (WebCore::RenderBlock::insertPositionedObject): * rendering/RenderBlock.h: (WebCore::RenderBlock::positionedObjects): 2010-06-22 Simon Hausmann Unreviewed Qt/Symbian build fix. Fix "make clean" to not try to execute clean commands for the extra targets we use to simulate "make install". * WebCore.pro: Use no_clean in CONFIG of extra compilers. 2010-06-21 Balazs Kelemen Reviewed by Simon Hausmann. [Qt] Avoid unnecessary image conversion in RGBA32Buffer::zeroFill() https://bugs.webkit.org/show_bug.cgi?id=40910 * platform/image-decoders/qt/RGBA32BufferQt.cpp: (WebCore::RGBA32Buffer::zeroFill): 2010-05-31 Jocelyn Turcotte Reviewed by Simon Hausmann. [Qt] Implement the simple text code path. https://bugs.webkit.org/show_bug.cgi?id=40077 Remove the FONT_FAST_PATH macro and use the Qt's fast text implementation instead of the one of WebKit. The Qt::TextBypassShaping flag is used to tell Qt to only use the glyph advances. Qt 4.7 is needed to get this flag thus the complex path is always used if QtWebKit is compiled against an earlier version. Contrary to the WebKit's implementation, the complex code path is taken if the text is RightToLeft, justified or is formatted with non-zero letter or word spacing. * platform/graphics/Font.cpp: (WebCore::Font::drawText): (WebCore::Font::floatWidth): (WebCore::Font::selectionRectForText): (WebCore::Font::offsetForPosition): * platform/graphics/Font.h: (WebCore::Font::isRoundingHackCharacter): * platform/graphics/qt/FontQt.cpp: (WebCore::fromRawDataWithoutRef): (WebCore::needComplexCodePath): (WebCore::setupPlatformContext): (WebCore::Font::canReturnFallbackFontsForComplexText): (WebCore::Font::drawSimpleText): (WebCore::Font::drawComplexText): (WebCore::Font::floatWidthForSimpleText): (WebCore::Font::offsetForPositionForSimpleText): (WebCore::Font::selectionRectForSimpleText): 2010-06-03 Jocelyn Turcotte Reviewed by Simon Hausmann. Move the text code path detection code from FontFastPath.cpp to Font.cpp. https://bugs.webkit.org/show_bug.cgi?id=40077 This is a patch preliminary to the implementation of the simple font code path for the Qt port. * platform/graphics/Font.cpp: (WebCore::Font::setCodePath): (WebCore::Font::codePath): * platform/graphics/Font.h: * platform/graphics/FontFastPath.cpp: 2010-04-30 Dan Bernstein Reviewed by Adele Peterson. Part of Text repainting does not account for glyphs which draw outside the typographic bounds of the font https://bugs.webkit.org/show_bug.cgi?id=6274 Account for glyph overflow of characters in the range U+1E00..U+2000, but without sending them through the complex text code path. Instead, introduce a variant of the fast path that tracks glyph overflow. * platform/graphics/Font.cpp: (WebCore::Font::drawText): Use codePath(). (WebCore::Font::floatWidth): Use codePath(). Pass the GlyphOverflow pointer through to floatWidthForSimpleText() if the code path is SimpleWithGlyphOverflow. (WebCore::Font::selectionRectForText): Use codePath(). (WebCore::Font::offsetForPosition): Ditto. * platform/graphics/Font.h: Replaced canUseGlyphCache() with codePath(). Added a GlyphOverflow parameter to floatWidthForSimpleText(). * platform/graphics/FontFastPath.cpp: Removed ROMAN_AND_GREEK_DIACRITICS_CAN_USE_GLYPH_CACHE. (WebCore::Font::codePath): Renamed canUseGlyphCache() to this. Where it used to return false, it now returns Complex. Where it used to return true, it now returns Simple, except for the range U+1E00..U+2000, where it now returns SimpleWithGlyphOverflow. (WebCore::Font::floatWidthForSimpleText): Added a GlyphOverflow parameter. If not 0, have the width iterator account for glyph bounds, then update the GlyphOverflow accordingly. * platform/graphics/WidthIterator.cpp: (WebCore::WidthIterator::WidthIterator): Added boolean parameter telling the width iterator whether to account for glyph bounds. Initialize m_accountForGlyphBounds accordingly. Initialize m_maxGlyphBoundingBoxY, m_minGlyphBoundingBoxY, m_firstGlyphOverflow and m_lastGlyphOverflow. (WebCore::WidthIterator::advance): If accounting for glyph bounds, update the above member variables. * platform/graphics/WidthIterator.h: (WebCore::WidthIterator::maxGlyphBoundingBoxY): Added this accessor. (WebCore::WidthIterator::minGlyphBoundingBoxY): Ditto. (WebCore::WidthIterator::firstGlyphOverflow): Ditto. (WebCore::WidthIterator::lastGlyphOverflow): Ditto. 2010-04-21 Ojan Vafai Reviewed by Adele Peterson. http://trac.webkit.org/changeset/57215 caused perf/memory regressions https://bugs.webkit.org/show_bug.cgi?id=37292 #if out the canUseGlyphCache Changes from r57215 as they caused a 8% perf regression on Chromium's international page load tests so that the perf regression can be fixed properly without being left in the tree. * platform/graphics/FontFastPath.cpp: (WebCore::Font::canUseGlyphCache): 2010-04-07 Enrica Casucci Reviewed by Dave Hyatt. Text repainting does not account for glyphs which draw outside the typographic bounds of the font (6274). In order to be able to handle successfully this case, it is necessary to change the glyph width cache to store the bounding box for the glyph instead of the simply caching the glyph width. Retrieving the bounding box for the glyph is expensive, therefore we do it only when we are rendering text using the complex text path to minimize the performance impact. To support characters with stacked diacritics, the method canUseGlyphCache has been modified to return false for the range of characters with stacked diacritics. The glyph cache has been also updated to allow storing the glyph bounding box together with the horizontal width. The bounding box is populated only for complex text. The original version of this patch has been written by Dan Bernstein. Test: fast/repaint/stacked-diacritics.html * Android.mk: File name change. * GNUmakefile.am: File name change. * WebCore.base.exp: Added parameter in exported function. * WebCore.gypi: File name change. * WebCore.vcproj/WebCore.vcproj: File name change. * WebCore.xcodeproj/project.pbxproj: File name change. * platform/graphics/Font.cpp: (WebCore::Font::floatWidth): Added glyphOverflow parameter. * platform/graphics/Font.h: (WebCore::GlyphOverflow::GlyphOverflow): Added. (WebCore::Font::width): Added glyphOverflow parameter. * platform/graphics/FontFastPath.cpp: (WebCore::Font::canUseGlyphCache): Modified to render characters with stacked diacritics with complex text path. * platform/graphics/GlyphMetricsMap.cpp: Copied from WebCore/platform/graphics/GlyphWidthMap.cpp. (WebCore::GlyphMetricsMap::locatePageSlowCase): Class name changed to reflect new semantics. * platform/graphics/GlyphMetricsMap.h: Copied from WebCore/platform/graphics/GlyphWidthMap.h. (WebCore::GlyphMetricsMap::GlyphMetricsMap): (WebCore::GlyphMetricsMap::~GlyphMetricsMap): (WebCore::GlyphMetricsMap::metricsForGlyph): (WebCore::GlyphMetricsMap::widthForGlyph): (WebCore::GlyphMetricsMap::setMetricsForGlyph): (WebCore::GlyphMetricsMap::GlyphMetricsPage::metricsForGlyph): (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForGlyph): (WebCore::GlyphMetricsMap::GlyphMetricsPage::setMetricsForIndex): (WebCore::GlyphMetricsMap::locatePage): * platform/graphics/GlyphWidthMap.cpp: Removed. * platform/graphics/GlyphWidthMap.h: Removed. * platform/graphics/SimpleFontData.cpp: (WebCore::SimpleFontData::platformGlyphInit): * platform/graphics/SimpleFontData.h: (WebCore::): (WebCore::SimpleFontData::widthForGlyph): (WebCore::SimpleFontData::metricsForGlyph): * platform/graphics/cairo/SimpleFontDataCairo.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/chromium/FontChromiumWin.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/chromium/FontLinux.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/chromium/SimpleFontDataChromiumWin.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/chromium/SimpleFontDataLinux.cpp: (WebCore::SimpleFontData::platformWidthForGlyph): Name and signature vachange * platform/graphics/efl/FontEfl.cpp: (WebCore::Font::floatWidthForComplexText): Name and signature change. * platform/graphics/gtk/SimpleFontDataPango.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/haiku/FontHaiku.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/haiku/SimpleFontDataHaiku.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/mac/ComplexTextController.cpp: (WebCore::ComplexTextController::ComplexTextController): (WebCore::ComplexTextController::adjustGlyphsAndAdvances): * platform/graphics/mac/ComplexTextController.h: (WebCore::ComplexTextController::minGlyphBoundingBoxX): (WebCore::ComplexTextController::maxGlyphBoundingBoxX): (WebCore::ComplexTextController::minGlyphBoundingBoxY): (WebCore::ComplexTextController::maxGlyphBoundingBoxY): * platform/graphics/mac/FontComplexTextMac.cpp: (WebCore::Font::floatWidthForComplexText): Added paramter. * platform/graphics/mac/SimpleFontDataMac.mm: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/qt/FontQt.cpp: (WebCore::Font::floatWidthForComplexText): Added paramter. * platform/graphics/win/FontWin.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/win/SimpleFontDataCGWin.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * platform/graphics/win/SimpleFontDataWin.cpp: (WebCore::SimpleFontData::metricsForGDIGlyph): * platform/graphics/win/UniscribeController.cpp: (WebCore::UniscribeController::UniscribeController): (WebCore::UniscribeController::shapeAndPlaceItem): * platform/graphics/win/UniscribeController.h: (WebCore::UniscribeController::minGlyphBoundingBoxX): (WebCore::UniscribeController::maxGlyphBoundingBoxX): (WebCore::UniscribeController::minGlyphBoundingBoxY): (WebCore::UniscribeController::maxGlyphBoundingBoxY): * platform/graphics/wince/FontWince.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/wx/FontWx.cpp: (WebCore::Font::floatWidthForComplexText): Added parameter. * platform/graphics/wx/SimpleFontDataWx.cpp: (WebCore::SimpleFontData::platformMetricsForGlyph): Name and signature change. * rendering/InlineFlowBox.cpp: (WebCore::InlineFlowBox::placeBoxesHorizontally): (WebCore::InlineFlowBox::computeLogicalBoxHeights): (WebCore::InlineFlowBox::computeVerticalOverflow): * rendering/InlineTextBox.cpp: (WebCore::InlineTextBox::setFallbackFonts): (WebCore::InlineTextBox::fallbackFonts): (WebCore::InlineTextBox::setGlyphOverflow): (WebCore::InlineTextBox::glyphOverflow): * rendering/InlineTextBox.h: (WebCore::InlineTextBox::clearGlyphOverflowAndFallbackFontMap): Added. * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlock::computeHorizontalPositionsForLine): (WebCore::RenderBlock::layoutInlineChildren): * rendering/RenderText.cpp: (WebCore::RenderText::RenderText): (WebCore::RenderText::styleDidChange): (WebCore::RenderText::widthFromCache): (WebCore::RenderText::trimmedPrefWidths): (WebCore::RenderText::calcPrefWidths): (WebCore::RenderText::setText): (WebCore::RenderText::width): * rendering/RenderText.h: 2010-03-23 Evan Martin Reviewed by Dmitry Titov. [chromium] use integral glyph widths https://bugs.webkit.org/show_bug.cgi?id=36510 Despite WebKit (and Skia, to an extent) supporting non-integral glyph widths, the font code path we hit in Skia only supports integral glyph positions. This means that we would accumulate offsets when drawing a sequence up non-integer-width glyphs which would cause gaps when snapped to the pixel grid when drawing. * platform/graphics/chromium/SimpleFontDataLinux.cpp: (WebCore::SimpleFontData::platformWidthForGlyph): round glyph widths to integers. 2010-06-21 Benjamin Poulain Reviewed by Kenneth Rohde Christiansen. [Qt] Decode images directly to QPixmap https://bugs.webkit.org/show_bug.cgi?id=40797 Decode images to QPixmap directly instead of QImage when possible. RGBA32Buffer transforms the pixmap back to image if necessary. This improve the performance with certain graphic system, and can reduce memory usage. * platform/graphics/qt/ImageDecoderQt.cpp: (WebCore::ImageDecoderQt::setData): (WebCore::ImageDecoderQt::internalHandleCurrentImage): * platform/image-decoders/ImageDecoder.h: (WebCore::RGBA32Buffer::getAddr): * platform/image-decoders/qt/RGBA32BufferQt.cpp: (WebCore::RGBA32Buffer::clear): (WebCore::RGBA32Buffer::zeroFill): (WebCore::RGBA32Buffer::copyBitmapData): (WebCore::RGBA32Buffer::setSize): (WebCore::RGBA32Buffer::asNewNativeImage): (WebCore::RGBA32Buffer::setPixmap): 2010-06-17 Benjamin Poulain Reviewed by Simon Hausmann. [Qt] Get rid of the the unused imageSize of ImageDecoderQt::internalHandleCurrentImage() https://bugs.webkit.org/show_bug.cgi?id=40620 Remove an unused variable. * platform/graphics/qt/ImageDecoderQt.cpp: (WebCore::ImageDecoderQt::internalHandleCurrentImage): 2010-06-18 Ananth Jasty Reviewed by Simon Hausmann. [Qt] Text spacing miscalculation when using wordSpacing. https://bugs.webkit.org/show_bug.cgi?id=40483 Removed wordSpacing compensation in FontQt whitespace width calculation. The QFontMetrics::width() overload that takes a character does not take QFont's word spacing into account. * platform/graphics/qt/FontQt.cpp: (WebCore::Font::floatWidthForComplexText): 2010-06-13 Robert Hogan Reviewed by Kenneth Rohde Christiansen. WebCore EventHandler needs to take account of onLoad events fired before layout() complete https://bugs.webkit.org/show_bug.cgi?id=40102 WebCore 'cheats' by firing onLoad events before the frame's layout has been performed. This can result in event listeners performing operations that depend on the document's final layout, such as scrolling operations. When scrolling a frameview in eventhandler ensure the layout is complete. * page/EventHandler.cpp: (WebCore::EventHandler::scrollRecursively): 2010-06-10 Raine Makelainen Reviewed by Kenneth Rohde Christiansen. Impossible to set input method hints based HTML5 input types https://bugs.webkit.org/show_bug.cgi?id=40107 Helper methods for checking "tel", "number", "email", and "url" input element types. * html/HTMLInputElement.h: (WebCore::HTMLInputElement::isTelephoneField): (WebCore::HTMLInputElement::isNumberField): (WebCore::HTMLInputElement::isEmailField): (WebCore::HTMLInputElement::isUrlField): 2010-06-17 Mark Brand Reviewed by Simon Hausmann. [Qt] use "win32-g++*" scope to match all MinGW makespecs The scope "win32-g++" comes from the name of the makespec. However, it is frequently used to check for MinGW. This works fine as long as win32-g++ is the only makespec for MinGW. Now we need the wildcard to cover "win32-g++-cross" as well. * WebCore.pro: 2010-06-16 Antonio Gomes Reviewed by Kenneth Christiansen. Spatial Navigation: using offset{Left,Top} is not enough to get the proper inner frames position https://bugs.webkit.org/show_bug.cgi?id=39439 As pointed out by Darin Adler in https://bugs.webkit.org/show_bug.cgi?id=18662#c20, "It's not correct to use the offsetLeft and offsetTop of the frame owner element's renderer because that's just the distance from the offsetParent, not the absolute position". Patch fixes that behavior by now considering the offsetTop and offsetLeft the offsetParent recursively, starting from the HtmlFrameOwnerElement. Previously, only calling offsetTop and offsetLeft works because all tests were done in htmls where the {i}frame element was a directly a child of the body, e.g. ...